tyler/SimpleFileRepository
1
0
Fork 0
mirror of https://github.com/Clortox/SimpleFileRepository.git synced 2025-01-10 02:47:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1 from Clortox/private_folder

Browse Source 
Private folder
This commit is contained in:
Clortox 2021-03-08 15:20:29 -05:00 committed by GitHub
commit a463c1c706
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 249 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
TODO Normal file
View File

@ -0,0 +1,3 @@
Check if paramters exist before accessing them
Make the CSS pretty

124
hiddenlisting.php Normal file
View File

@ -0,0 +1,124 @@
<html>
<head>
<?php
session_start();
//css, js, and other includes
include 'www/include.php';
include 'helpers/files.php';
//if debug is enabled
if($isDebug){
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
}
?>
<title><?php echo $site_name ?></title>
<link rel="icon" href"<?php echo $site_image ?>">
</head>
<body style="background-color: black" class="">
<?php
include 'www/header.php';
?>
<?php
$dir = $_GET['folder'];
$exists = false;
foreach($hid_dir_names as $hid_dir_index=>$dir_){
if($dir_ == $dir){
$exists = true;
break;
}
}
$psk = $_GET['psk'];
$psk_correct = false;
if($hid_dir_psk[$hid_dir_index] == $psk){
$psk_correct = true;
}
if(!$exists || !$psk_correct){
echo <<< errorblock
<div class="card-header">
<h2><b>INCORRECT FOLDER OR PASSKEY, PLEASE CONTACT THE SYSTEM ADMINISTRATOR</b></h2>
</div>
errorblock;
exit();
}
if(!array_key_exists('path', $_GET)){
$path = '/';
} else {
$path = $_GET['path'];
}
$elements = [];
if($handle = opendir($hid_dir_dirs[$hid_dir_index] . $path)){
while(false !== ($entry = readdir($handle))){
//exclude . and ..
if($entry != '.' && $entry != '..'){
$elements[] = $entry;
}
}
} else {
echo <<< erroropendir
<div class="card-header">
<h2><b>ERROR OPENING DIRECTORY, PLEASE RELOAD THE PAGE</b></h2>
<h2><b>IF THE ISSUE PERSISTS, PLEASE CONTACT YOUR SYSTEM ADMINISTRATOR</b></h2>
</div>
erroropendir;
exit();
}
?>
<div class="card bg-dark text-white ml-4 mr-4">
<div class="card-header">
<h2><?php echo $dir ?></h2>
</div>
<div class="card-body">
<p>Select a file to download, or a folder to view its contents</p>
<table id="catTable" class="display table text-white">
<thead>
<tr>
<th>File Name</th>
<th>Link</th>
<th>Size</th>
</tr>
</thead>
<tbody>
<?php
if(count($elements) == 0){
echo <<< emptylisting
<tr>
<td>Oops! This folder is empty...</td>
<td></td>
<td>0</td>
</tr>
emptylisting;
}
foreach($elements as $i=>$currentfile){
echo "<tr>";
echo "<td>" . $currentfile . "</td>";
$fulldir = $hid_dir_dirs[$hid_dir_index] . $path . "/" . $currentfile;
if(is_dir($fulldir)){
echo "<td><a href=\"hiddenlisting.php?folder=" . $dir
. "&psk=" . $psk
. "&path=" . $path . "/" . $currentfile
. "\">View Directory</a></td>";
echo "<td>" . foldersize($fulldir) . "</td>";
} else {
echo "<td><a href=\"" . $fulldir . "\">Download</a></td>";
echo "<td>" . listingsize($fulldir) . "</td>";
}
echo "<tr>";
}
?>
</tbody>
</table>
</div>
</div>
</body>
</html>

69
index.php
View File

@ -2,25 +2,36 @@
<head> <head>
<?php <?php
session_start(); session_start();
//if this is a session inside the local connection
if(strpos($_SERVER['REMOTE_ADDR'],"192.168.1.")){ //css, js, and other includes
include 'www/include.php';
include 'helpers/files.php';
//if debug is enabled
if($isDebug){
ini_set('display_errors',1); ini_set('display_errors',1);
ini_set('display_startup_errors',1); ini_set('display_startup_errors',1);
error_reporting(E_ALL); error_reporting(E_ALL);
} }
ini_set('display_errors',1);
ini_set('display_startup_errors',1);
error_reporting(E_ALL);
//css, js, and other includes
include 'www/include.php';
include 'helpers/files.php';
?> ?>
<title><?php echo $site_name ?></title> <title><?php echo $site_name ?></title>
<link rel="icon" href="<?php echo $site_image ?>"> <link rel="icon" href="<?php echo $site_image ?>">
<script type="text/javascript">
<!-- add onclick function -->
function makeLink(){
var host = "<?php echo $_SERVER['HTTP_HOST'] ?>";
var folder = document.getElementById("folderName").value;
var password = document.getElementById("password").value;
var link = "/hiddenlisting.php?folder=" + folder +"&psk=" + password;
open(link);
};
</script>
</head> </head>
<body style="background-color: black"> <body style="background-color: black">
<?php <?php
@ -67,6 +78,7 @@
<?php <?php
if($isTree){ if($isTree){
echo <<< cardHead echo <<< cardHead
<br />
<div class="card bg-dark text-white ml-4 mr-4"> <div class="card bg-dark text-white ml-4 mr-4">
<div class="card-header"> <div class="card-header">
cardHead; cardHead;
@ -96,6 +108,43 @@
echo '</div>'; echo '</div>';
} }
?> ?>
<?php
if($isHidden){
echo <<< cardtop
<br />
<div class="card bg-dark text-white ml-4 mr-4">
<div class="card-header">
<h2>Access Hidden Directories</h2>
</div>
<div class="card-body">
cardtop;
if($useJavascript){
echo <<< javascriptbox
<p>The server admin has enabled javascript. Type the name and password and click Goto Folder!</p>
<div class="form-group">
<span>Folder Name:&nbsp;</span><input type="text" id="folderName">
<span>Password :&nbsp;</span><input type="text" id="password">
<button onclick="makeLink();">Goto Folder</button>
</div>
javascriptbox;
} else {
echo '<p>The server admin has disabled javascript, therefore this is not dynamic. Please type the link in the URL and replace &lt;name&gt; with the directory name, and &lt;password&gt; with the password</p>';
echo '<p>The link to copy is:</p>';
echo $_SERVER['HTTP_HOST'] . "/hiddenlisting.php?folder=&lt;name&gt;&psk=&lt;password&gt;";
}
echo <<< cardbottom
</div>
</div>
cardbottom;
}
?>
<br />
</body> </body>
</html> </html>

16
listing.php
View File

@ -2,20 +2,18 @@
<head> <head>
<?php <?php
session_start(); session_start();
//if this is a session inside the local connection
if(strpos($_SERVER['REMOTE_ADDR'],"192.168.1.")){ //css, js, and other includes
include 'www/include.php';
include 'helpers/files.php';
//if debug is enabled
if($isDebug){
ini_set('display_errors',1); ini_set('display_errors',1);
ini_set('display_startup_errors',1); ini_set('display_startup_errors',1);
error_reporting(E_ALL); error_reporting(E_ALL);
} }
ini_set('display_errors',1);
ini_set('display_startup_errors',1);
error_reporting(E_ALL);
//css, js, and other includes
include 'www/include.php';
include 'helpers/files.php';
?> ?>
<title><?php echo $site_name ?></title> <title><?php echo $site_name ?></title>
<link rel="icon" href="<?php echo $site_image ?>"> <link rel="icon" href="<?php echo $site_image ?>">

57
var/config.def.php
View File

@ -40,7 +40,7 @@
* *
* Each variable in $dir_dirs will be a listing * Each variable in $dir_dirs will be a listing
* on the main page under "folders" * on the main page under "folders"
* I recomend making a folder of symlinks to where the downloadable files are * I recommend making a folder of symlinks to where the downloadable files are
* *
* Each variable in $dir_names will be the title of the listing * Each variable in $dir_names will be the title of the listing
* These will appear on the left hand side and will be the name of the * These will appear on the left hand side and will be the name of the
@ -68,6 +68,51 @@
'dir/books', 'dir/books',
); );
/* Hidden Directory Variables
*
* WARNING: I can't promise this is 100% secure against something like a brute
* force attack. PLEASE use secure passwords that are a decent length. The
* brute force speed is only limited by your keyspace, and there is no upper
* limit for the size of key that can be used.
*
* All Dirs here will not be available, and will require the user to know
* both the name of the folder, as well as the password. This does not use
* any databases
*
* If you would like to enable the use of javascript for dynamic links, change
* $useJavascript to yes, else keep it disabled. If you keep it disabled,
* users will have to type the url themselves. This keeps the application light,
* but removes some useability.
*
* Each variable in $hid_dir_names will be a folder that will be hidden
* This will need to be known in order to access the folder
*
* Each variable in $hid_dir_dirs is the location of the files for the
* corresponding $hid_dir_names entry. I recommend making sym links to the
* directories
*
* Each variable in $hid_dir_psk is the password for the corresponding
* $hid_dir_names entry. This will need to be know in order to access the folder
*
*/
$isHidden = false;
$useJavascript = false;
$hid_dir_names = array(
'Root Directory',
);
$hid_dir_dirs = array(
'dir/system_root',
);
$hid_dir_psk = array(
'$ecr3t',
);
/* Link Tree /* Link Tree
* *
* My use case for this program is to be a NAS/Portal Page for my network, * My use case for this program is to be a NAS/Portal Page for my network,
@ -127,6 +172,16 @@
' is asking for help with their homework from ', ' is asking for help with their homework from ',
); );
/* Debug
*
* This is not recomneded for production enviroments. This will display
* information that could be useful to an attacker. Only use this
* if you are developing anything!
*
*/
$isDebug = false;
//Be safe, check arrays //Be safe, check arrays
if(empty($nav_names) or empty($nav_links)){ if(empty($nav_names) or empty($nav_links)){
$isNav = false; $isNav = false;