From 3d26fd63c379f1543f35ded4687ed69a948c64a3 Mon Sep 17 00:00:00 2001
From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com>
Date: Wed, 1 Jan 2020 13:39:07 +0800
Subject: [PATCH] Update index.php
---
index.php | 201 ++++++++++++++++++++++++++++++++++++++----------------
1 file changed, 143 insertions(+), 58 deletions(-)
diff --git a/index.php b/index.php
index 65bf2af..93c3b6f 100644
--- a/index.php
+++ b/index.php
@@ -1,73 +1,158 @@
' . json_encode($_SERVER, JSON_PRETTY_PRINT) . '';
+//echo ''. json_encode($_SERVER, JSON_PRETTY_PRINT).'
';
+//echo ''. json_encode($_GET, JSON_PRETTY_PRINT).'
';
if (!isset($_SERVER['REDIRECT_URL'])) $_SERVER['REDIRECT_URL'] = '/index.php';
-if ($_SERVER['REDIRECT_URL']=='') $_SERVER['REDIRECT_URL']='/';
$path = $_SERVER['REDIRECT_URL'];
-//echo 'path:'.$path;
+//echo 'path:'. $path;
$_GET = getGET();
+//echo ''. json_encode($_GET, JSON_PRETTY_PRINT).'
';
-function getGET()
-{
-$getstr = substr(urldecode($_SERVER['REQUEST_URI']), strlen(urldecode($_SERVER['REDIRECT_URL'])));
- while (substr($getstr,0,1)=='/' || substr($getstr,0,1)=='?') $getstr = substr($getstr,1);
- $getstrarr = explode("&",$getstr);
- foreach ($getstrarr as $getvalues) if ($getvalues!='') {
- $pos = strpos($getvalues,"=");
- //echo $pos;
- if ($pos>0) {
- $getarry[urldecode(substr($getvalues,0,$pos))] = urldecode(substr($getvalues,$pos+1));
- } else $getarry[urldecode($getvalues)] = true;
- }
- if (isset($getarry)) {
- return $getarry;
- } else return '';
-}
- //echo '' . json_encode($_GET, JSON_PRETTY_PRINT) . '
';
-function getconfig($str)
-{
- $envs = json_decode(file_get_contents('config.json'));
- return $envs[$str];
+$re = main();
+$sendHeaders = array();
+foreach ($re['headers'] as $headerName => $headerVal) {
+ header($headerName . ': ' . $headerVal, true);
}
+http_response_code($re['statusCode']);
+echo $re['body'];
-config_oauth();
-function config_oauth()
+function main()
{
+ global $exts;
global $constStr;
- $constStr['language'] = $_COOKIE['language'];
- if ($constStr['language']=='') $constStr['language'] = getconfig('language');
- if ($constStr['language']=='') $constStr['language'] = 'en-us';
- $_SERVER['sitename'] = getconfig('sitename');
- if (empty($_SERVER['sitename'])) $_SERVER['sitename'] = $constStr['defaultSitename'][$constStr['language']];
- $_SERVER['redirect_uri'] = 'https://scfonedrive.github.io';
- if (getconfig('Onedrive_ver')=='MS') {
- // MS
- // https://portal.azure.com
- $_SERVER['client_id'] = '4da3e7f2-bf6d-467c-aaf0-578078f0bf7c';
- $_SERVER['client_secret'] = '7/+ykq2xkfx:.DWjacuIRojIaaWL0QI6';
- $_SERVER['oauth_url'] = 'https://login.microsoftonline.com/common/oauth2/v2.0/';
- $_SERVER['api_url'] = 'https://graph.microsoft.com/v1.0/me/drive/root';
- $_SERVER['scope'] = 'https://graph.microsoft.com/Files.ReadWrite.All offline_access';
+ config_oauth();
+ $_SERVER['list_path'] = getListpath($_SERVER['HTTP_HOST']);
+ if ($_SERVER['list_path']=='') $_SERVER['list_path'] = '/';
+ $_SERVER['is_guestup_path'] = is_guestup_path($path);
+ $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
+ $_SERVER['ajax']=0;
+ if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])) if ($_SERVER['HTTP_X_REQUESTED_WITH']=='XMLHttpRequest') $_SERVER['ajax']=1;
+
+ $refresh_token = getConfig('refresh_token');
+ if (!$refresh_token) return get_refresh_token();
+
+ if (getConfig('adminloginpage')=='') {
+ $adminloginpage = 'admin';
+ } else {
+ $adminloginpage = getConfig('adminloginpage');
}
- if (getenv('Onedrive_ver')=='CN') {
- // CN
- // https://portal.azure.cn
- $_SERVER['client_id'] = '04c3ca0b-8d07-4773-85ad-98b037d25631';
- $_SERVER['client_secret'] = 'h8@B7kFVOmj0+8HKBWeNTgl@pU/z4yLB';
- $_SERVER['oauth_url'] = 'https://login.partner.microsoftonline.cn/common/oauth2/v2.0/';
- $_SERVER['api_url'] = 'https://microsoftgraph.chinacloudapi.cn/v1.0/me/drive/root';
- $_SERVER['scope'] = 'https://microsoftgraph.chinacloudapi.cn/Files.ReadWrite.All offline_access';
+ if ($_GET[$adminloginpage]) {
+ if ($_GET['preview']) {
+ $url = $_SERVER['PHP_SELF'] . '?preview';
+ } else {
+ $url = path_format($_SERVER['PHP_SELF'] . '/');
+ }
+ if (getConfig('admin')!='') {
+ if ($_POST['password1']==getConfig('admin')) {
+ return adminform($_SERVER['function_name'].'admin',md5($_POST['password1']),$url);
+ } else return adminform();
+ } else {
+ return output('', 302, [ 'Location' => $url ]);
+ }
}
- if (getenv('Onedrive_ver')=='MSC') {
- // MS Customer
- // https://portal.azure.com
- $_SERVER['client_id'] = getconfig('client_id');
- $_SERVER['client_secret'] = getconfig('client_secret');
- $_SERVER['oauth_url'] = 'https://login.microsoftonline.com/common/oauth2/v2.0/';
- $_SERVER['api_url'] = 'https://graph.microsoft.com/v1.0/me/drive/root';
- $_SERVER['scope'] = 'https://graph.microsoft.com/Files.ReadWrite.All offline_access';
+ if (getConfig('admin')!='')
+ if ($_COOKIE['admin']==md5(getConfig('admin')) || $_POST['password1']==getConfig('admin') ) {
+ $_SERVER['admin']=1;
+ $_SERVER['needUpdate'] = needUpdate();
+ } else {
+ $_SERVER['admin']=0;
+ }
+ if ($_GET['setup'])
+ if ($_SERVER['admin']) {
+ // setup Environments. 设置,对环境变量操作
+ return EnvOpt($_SERVER['function_name'], $_SERVER['needUpdate']);
+ } else {
+ $url = path_format($_SERVER['PHP_SELF'] . '/');
+ return output('', 302, [ 'Location' => $url ]);
+ }
+ $_SERVER['retry'] = 0;
+ $cache = null;
+ $cache = new \Doctrine\Common\Cache\FilesystemCache(sys_get_temp_dir(), '.Onedrive');
+ if (!($_SERVER['access_token'] = $cache->fetch('access_token'))) {
+ $ret = json_decode(curl_request(
+ $_SERVER['oauth_url'] . 'token',
+ 'client_id='. $_SERVER['client_id'] .'&client_secret='. $_SERVER['client_secret'] .'&grant_type=refresh_token&requested_token_use=on_behalf_of&refresh_token=' . $refresh_token
+ ), true);
+ if (!isset($ret['access_token'])) {
+ error_log('failed to get access_token. response' . json_encode($ret));
+ throw new Exception('failed to get access_token.');
+ }
+ $_SERVER['access_token'] = $ret['access_token'];
+ $cache->save('access_token', $_SERVER['access_token'], $ret['expires_in'] - 60);
+ }
+
+ if ($_SERVER['ajax']) {
+ if ($_GET['action']=='del_upload_cache'&&substr($_GET['filename'],-4)=='.tmp') {
+ // del '.tmp' without login. 无需登录即可删除.tmp后缀文件
+ $tmp = MSAPI('DELETE',path_format(path_format($_SERVER['list_path'] . path_format($path)) . '/' . spurlencode($_GET['filename']) ),'',$_SERVER['access_token']);
+ return output($tmp['body'],$tmp['stat']);
+ }
+ if ($_GET['action']=='uploaded_rename') {
+ // rename .scfupload file without login.
+ // 无需登录即可重命名.scfupload后缀文件,filemd5为用户提交,可被构造,问题不大,以后处理
+ $oldname = spurlencode($_GET['filename']);
+ $pos = strrpos($oldname, '.');
+ if ($pos>0) $ext = strtolower(substr($oldname, $pos));
+ $oldname = path_format(path_format($_SERVER['list_path'] . path_format($path)) . '/' . $oldname . '.scfupload' );
+ $data = '{"name":"' . $_GET['filemd5'] . $ext . '"}';
+ //echo $oldname .'
'. $data;
+ $tmp = MSAPI('PATCH',$oldname,$data,$_SERVER['access_token']);
+ if ($tmp['stat']==409) MSAPI('DELETE',$oldname,'',$_SERVER['access_token'])['body'];
+ return output($tmp['body'],$tmp['stat']);
+ }
+ if ($_GET['action']=='upbigfile') return bigfileupload($path);
+ }
+ if ($_SERVER['admin']) {
+ $tmp = adminoperate($path);
+ if ($tmp['statusCode'] > 0) {
+ $path1 = path_format($_SERVER['list_path'] . path_format($path));
+ $cache->save('path_' . $path1, json_decode('{}',true), 1);
+ return $tmp;
+ }
+ } else {
+ if ($_SERVER['ajax']) return output($constStr['RefleshtoLogin'][$constStr['language']],401);
+ }
+ $_SERVER['ishidden'] = passhidden($path);
+ if ($_GET['thumbnails']) {
+ if ($_SERVER['ishidden']<4) {
+ if (in_array(strtolower(substr($path, strrpos($path, '.') + 1)), $exts['img'])) {
+ return get_thumbnails_url($path);
+ } else return output(json_encode($exts['img']),400);
+ } else return output('',401);
+ }
+ $files = list_files($path);
+ if (isset($files['file']) && !$_GET['preview']) {
+ // is file && not preview mode
+ if ($_SERVER['ishidden']<4) return output('', 302, [ 'Location' => $files['@microsoft.graph.downloadUrl'] ]);
+ }
+ if ( isset($files['folder']) || isset($files['file']) ) {
+ return render_list($path, $files);
+ } else {
+ return output('' . $files['error']['message'] . '
', 404);
}
- $_SERVER['client_secret'] = urlencode($_SERVER['client_secret']);
- $_SERVER['scope'] = urlencode($_SERVER['scope']);
}
+
+function list_files($path)
+{
+ $path = path_format($path);
+ if ($_SERVER['is_guestup_path']&&!$_SERVER['admin']) {
+ $files = json_decode('{"folder":{}}', true);
+ } elseif ($_SERVER['ishidden']==4) {
+ $files = json_decode('{"folder":{}}', true);
+ } else {
+ $files = fetch_files($path);
+ }
+ if ( isset($files['folder']) || isset($files['file']) || isset($files['error']) ) {
+ return $files;
+ } else {
+ echo 'Error $files' . json_encode($files, JSON_PRETTY_PRINT);
+ $_SERVER['retry']++;
+ if ($_SERVER['retry'] < 3) {
+ return list_files($path);
+ } else return '';
+ }
+}
+?>