138 lines
4.8 KiB
PHP
138 lines
4.8 KiB
PHP
<?php
|
|
|
|
define("CONF", parse_ini_file(__DIR__ . "/config.ini", true, INI_SCANNER_TYPED));
|
|
|
|
foreach (array_diff(scandir(CONF['common']['root_path'] . "/fn"), array('..', '.')) as $file)
|
|
require CONF['common']['root_path'] . '/fn/' . $file;
|
|
|
|
define("DB_PATH", CONF['common']['root_path'] . "/db/niver.db");
|
|
|
|
define("PLACEHOLDER_DOMAIN", "example"); // From RFC2606: Reserved Top Level DNS Names > 2. TLDs for Testing, & Documentation Examples
|
|
define("PLACEHOLDER_IPV6", "2001:db8::3"); // From RFC3849: IPv6 Address Prefix Reserved for Documentation
|
|
define("PLACEHOLDER_IPV4", "203.0.113.42"); // From RFC5737: IPv4 Address Blocks Reserved for Documentation
|
|
|
|
if ($_SERVER['REQUEST_URI'] === '/sftpgo-auth.php')
|
|
return;
|
|
|
|
$pageAddress = substr($_SERVER['REQUEST_URI'], strlen(CONF['common']['prefix']) + 1);
|
|
if (strpos($pageAddress, "?") !== false) {
|
|
parse_str(substr($pageAddress, strpos($pageAddress, "?") + 1), $_GET);
|
|
$pageAddress = substr($pageAddress, 0, strpos($pageAddress, "?"));
|
|
}
|
|
|
|
define("PAGE_URL", $pageAddress);
|
|
define("PAGE_ADDRESS", $pageAddress . ((substr($pageAddress, -1) === '/' OR $pageAddress === '') ? 'index' : ''));
|
|
define("PAGE_LINEAGE", explode('/', PAGE_ADDRESS));
|
|
define("SERVICE", dirname(PAGE_ADDRESS));
|
|
define("PAGE", basename(PAGE_ADDRESS, '.php'));
|
|
|
|
require "pages.php";
|
|
|
|
if (PAGE !== 'index') {
|
|
if (!isset(TITLES[SERVICE][PAGE])) {
|
|
http_response_code(404);
|
|
exit('Page not found.');
|
|
}
|
|
if (SERVICE !== '.') {
|
|
if (!isset(TITLES[SERVICE]['index'])) {
|
|
http_response_code(404);
|
|
exit('Page not found.');
|
|
}
|
|
}
|
|
}
|
|
|
|
function getTitlesLineage($titles, $pageElements) {
|
|
if (!isset($titles['index']) OR $pageElements[0] === 'index')
|
|
return [$titles[$pageElements[0]]];
|
|
$result = $titles['index'];
|
|
if (!isset($pageElements[1]))
|
|
unset($titles['index']);
|
|
else
|
|
$titles = $titles[array_shift($pageElements)];
|
|
$results = getTitlesLineage($titles, $pageElements);
|
|
$results[] = $result;
|
|
return $results;
|
|
}
|
|
define('TITLES_LINEAGE', array_reverse(getTitlesLineage(TITLES, PAGE_LINEAGE)));
|
|
|
|
if (
|
|
isset($_COOKIE['niver-session-key']) // Resume session
|
|
OR
|
|
(SERVICE === "auth" // Create new session
|
|
AND (PAGE === "login" OR PAGE === "register")
|
|
AND isset($_POST['username']))
|
|
) {
|
|
session_start([
|
|
'name' => 'niver-session-key',
|
|
'sid_length' => 64,
|
|
'sid_bits_per_character' => 6,
|
|
'cookie_secure' => true,
|
|
'cookie_httponly' => true,
|
|
'cookie_samesite' => 'Strict',
|
|
'cookie_path' => CONF['common']['prefix'] . '/',
|
|
'cookie_lifetime' => 432000, // = 60*60*24*5 = 5 days
|
|
'gc_maxlifetime' => 10800,
|
|
'use_strict_mode' => true,
|
|
'use_cookies' => true,
|
|
'use_only_cookies' => true,
|
|
]);
|
|
}
|
|
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html lang="fr"<?php if (!empty(SERVICE)) echo ' class="' . SERVICE . '"'; ?>>
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title><?php
|
|
foreach(array_reverse(TITLES_LINEAGE) as $id => $title)
|
|
echo strip_tags($title) . (array_key_last(TITLES_LINEAGE) === $id ? '' : ' < ');
|
|
?></title>
|
|
<?php
|
|
foreach (array_diff(scandir(CONF['common']['root_path'] . "/css"), array('..', '.')) as $cssPath)
|
|
echo ' <link type="text/css" rel="stylesheet" media="screen" href="' . CONF['common']['prefix'] . '/css/' . $cssPath . '">' . "\n";
|
|
?>
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
</head>
|
|
<body>
|
|
<header>
|
|
<p>
|
|
<?php if (isset($_SESSION['username'])) { ?>
|
|
🆔 <strong><?= $_SESSION['username'] ?></strong> <a class='auth' href='<?= CONF['common']['prefix'] ?>/auth/logout'>Se déconnecter</a>
|
|
<?php } else { ?>
|
|
<span aria-hidden="true">👻 </span><em>Anonyme</em> <a class="auth" href="<?= redirUrl('auth/login') ?>">Se connecter</a>
|
|
<?php } ?>
|
|
</p>
|
|
<nav>
|
|
<?php
|
|
foreach (TITLES_LINEAGE as $id => $title) {
|
|
$lastTitle = (TITLES_LINEAGE[array_key_last(TITLES_LINEAGE)] === $title);
|
|
echo '<ul><li>' . ($lastTitle ? '<h1>' : '') . '<a' . (($id === 0) ? ' class="niver"' : '') . ' href="' . CONF['common']['prefix'] . ($lastTitle ? '/' . PAGE_URL : '/' . implode('/', array_slice(PAGE_LINEAGE, 0, $id)) . (($lastTitle OR $id === 0) ? '' : '/')) . '">' . $title . '</a>' . ($lastTitle ? '</h1>' : '') . "\n";
|
|
}
|
|
echo str_repeat('</li></ul>', count(TITLES_LINEAGE));
|
|
?>
|
|
|
|
</nav>
|
|
</header>
|
|
<main>
|
|
<?php
|
|
|
|
if (in_array(SERVICE, ['reg', 'ns', 'ht']) AND CONF[SERVICE]['enabled'] !== true)
|
|
userError("Ce service est désactivé.");
|
|
|
|
// Protect against cross-site request forgery if a POST request is received
|
|
if (empty($_POST) === false AND (isset($_SERVER['HTTP_SEC_FETCH_SITE']) !== true OR $_SERVER['HTTP_SEC_FETCH_SITE'] !== "same-origin"))
|
|
userError("Anti-<abbr title='Cross-Site Request Forgery'>CSRF</abbr> verification failed ! (Wrong or unset <code>Sec-Fetch-Site</code> HTTP header)");
|
|
|
|
function executePage() {
|
|
require "pages/" . PAGE_ADDRESS . ".php";
|
|
|
|
global $final_message;
|
|
echo $final_message ?? '';
|
|
?>
|
|
</main>
|
|
</body>
|
|
</html>
|
|
<?php
|
|
exit();
|
|
}
|
|
executePage();
|