From 64006238a50671576fe03c51ebf63733c0eff64f Mon Sep 17 00:00:00 2001
From: alexhigh <alex@artica.es>
Date: Wed, 9 Apr 2014 13:14:15 +0000
Subject: [PATCH] 2014-04-09  Alejandro Gallardo <alejandro.gallardo@artica.es>

	* extensions/files_repo/files_repo_get_file.php: Added file
	to download files from files_repo extension via public links.

	* extensions/files_repo/sql/files_repo.sql,
	  extensions/files_repo/sql/files_repo.oracle.sql,
	  extensions/files_repo/sql/files_repo.postgreSQL.sql: Added
	the new column 'hash'.

	* extensions/files_repo/functions_files_repo.php,
	  extensions/files_repo/files_repo_list.php,
	  extensions/files_repo/files_repo_form.php,
	  extensions/files_repo.php: Now an user can make the files
	public and get the public download links. Error fixes.


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@9745 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                     | 16 +++++
 pandora_console/extensions/files_repo.php     | 16 +++--
 .../extensions/files_repo/files_repo_form.php | 60 +++++++++++++---
 .../files_repo/files_repo_get_file.php        | 72 +++++++++++++++++++
 .../extensions/files_repo/files_repo_list.php | 25 +++++--
 .../files_repo/functions_files_repo.php       | 30 ++++++--
 .../files_repo/sql/files_repo.oracle.sql      |  2 +-
 .../files_repo/sql/files_repo.postgreSQL.sql  |  4 +-
 .../extensions/files_repo/sql/files_repo.sql  |  2 +-
 9 files changed, 199 insertions(+), 28 deletions(-)
 create mode 100644 pandora_console/extensions/files_repo/files_repo_get_file.php

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 8ffa25c926..3bf8fb4816 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,19 @@
+2014-04-09  Alejandro Gallardo <alejandro.gallardo@artica.es>
+	
+	* extensions/files_repo/files_repo_get_file.php: Added file
+	to download files from files_repo extension via public links.
+
+	* extensions/files_repo/sql/files_repo.sql,
+	  extensions/files_repo/sql/files_repo.oracle.sql,
+	  extensions/files_repo/sql/files_repo.postgreSQL.sql: Added
+	the new column 'hash'.
+
+	* extensions/files_repo/functions_files_repo.php,
+	  extensions/files_repo/files_repo_list.php,
+	  extensions/files_repo/files_repo_form.php,
+	  extensions/files_repo.php: Now an user can make the files
+	public and get the public download links. Error fixes.
+
 2014-04-08  Alejandro Gallardo <alejandro.gallardo@artica.es>
 	
 	* include/functions.php: Added the functions
diff --git a/pandora_console/extensions/files_repo.php b/pandora_console/extensions/files_repo.php
index c174a2dfb6..9f1d9837f0 100644
--- a/pandora_console/extensions/files_repo.php
+++ b/pandora_console/extensions/files_repo.php
@@ -63,19 +63,25 @@ function pandora_files_repo_uninstall () {
 		case "mysql":
 			db_process_sql ('DROP TABLE `tfiles_repo_group`');
 			db_process_sql ('DROP TABLE `tfiles_repo`');
+			db_process_sql ('DELETE FROM `tconfig`
+							 WHERE `token` LIKE "files_repo_%"');
 			break;
 		case "postgresql":
 			db_process_sql ('DROP TABLE `tfiles_repo_group`');
 			db_process_sql ('DROP TABLE `tfiles_repo`');
+			db_process_sql ('DELETE FROM "tconfig"
+							 WHERE "token" LIKE \'files_repo_%\'');
 			break;
 		case "oracle":
 			db_process_sql ('DROP TABLE `tfiles_repo_group`');
 			db_process_sql ('DROP TABLE `tfiles_repo`');
+			db_process_sql ('DELETE FROM tconfig
+							 WHERE token LIKE \'files_repo_%\'');
 			break;
 	}
 
-	$full_extensions_dir = $config['homedir'].DIRECTORY_SEPARATOR.EXTENSIONS_DIR.DIRECTORY_SEPARATOR;
-	delete_dir($full_extensions_dir."files_repo");
+	if (!empty($config['attachment_store']))
+		delete_dir($config['attachment_store'].DIRECTORY_SEPARATOR."files_repo");
 }
 
 function pandora_files_repo_godmode () {
@@ -126,6 +132,7 @@ function pandora_files_repo_godmode () {
 	// File add or update
 	if ( $add_file || ($update_file && $file_id > 0) ) {
 		$groups = get_parameter ("groups", array());
+		$public = (bool) get_parameter ("public");
 		$description = io_safe_output((string) get_parameter ("description"));
 		if (mb_strlen($description, "UTF-8") > 200) {
 			$description = mb_substr($description, 0, 200, "UTF-8");
@@ -133,9 +140,9 @@ function pandora_files_repo_godmode () {
 		$description = io_safe_input($description);
 
 		if ($add_file) {
-			$result = files_repo_add_file("upfile", $description, $groups);
+			$result = files_repo_add_file("upfile", $description, $groups, $public);
 		} elseif ($update_file) {
-			$result = files_repo_update_file($file_id, $description, $groups);
+			$result = files_repo_update_file($file_id, $description, $groups, $public);
 			$file_id = 0;
 		}
 		if ($result['status'] == false) {
@@ -200,6 +207,7 @@ extensions_add_main_function('pandora_files_repo_operation');
 extensions_add_godmode_menu_option(__('Files repository manager'), 'PM', null, null, "v1r1");
 extensions_add_godmode_function('pandora_files_repo_godmode');
 
+//pandora_files_repo_uninstall();
 pandora_files_repo_install();
 
 ?>
diff --git a/pandora_console/extensions/files_repo/files_repo_form.php b/pandora_console/extensions/files_repo/files_repo_form.php
index 004c34e372..ed5ec2ce5c 100644
--- a/pandora_console/extensions/files_repo/files_repo_form.php
+++ b/pandora_console/extensions/files_repo/files_repo_form.php
@@ -14,6 +14,7 @@
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 // GNU General Public License for more details.
 
+
 global $config;
 
 $full_extensions_dir = $config['homedir'].DIRECTORY_SEPARATOR.EXTENSIONS_DIR.DIRECTORY_SEPARATOR;
@@ -22,6 +23,7 @@ require_once ($full_extensions_dir."files_repo".DIRECTORY_SEPARATOR."functions_f
 $file = array();
 $file['name'] = '';
 $file['description'] = '';
+$file['hash'] = '';
 $file['groups'] = array();
 if (isset($file_id) && $file_id > 0) {
 	$file = files_repo_get_files(array('id' => $file_id));
@@ -46,17 +48,23 @@ $groups = groups_get_all();
 // Use this instead array_unshift to keep the array keys
 $groups = array(0 => __('All')) + $groups;
 $html = "";
-$style = "style=\"vertical-align: middle; min-width: 60px;\"";
+$style = "style=\"padding: 2px 10px; display: inline-block;\"";
 foreach ($groups as $id => $name) {
 	$checked = in_array($id, $file['groups']);
-	$checkbox = html_print_checkbox_extended ('groups[]', $id, $checked, false, '', 'class="chkb_group"', true);
-	$html .= "<span $style>$name&nbsp;$checkbox</span>&nbsp;&nbsp;&nbsp;";
+	$all_checked = false;
+	if ($id === 0) {
+		$checkbox = html_print_checkbox_extended ('groups[]', $id, $checked, false, '', 'class="chkb_all"', true);
+		$all_checked = $checked;
+	} else {
+		$checkbox = html_print_checkbox_extended ('groups[]', $id, $checked, $all_checked, '', 'class="chkb_group"', true);
+	}
+	$html .= "<div $style>$name&nbsp;$checkbox</div>";
 }
 $row = array();
 $row[0] = __('Groups');
 $row[1] = $html;
 $table->data[] = $row;
-$table->colspan[][1] = 2;
+$table->colspan[][1] = 3;
 
 // DESCRIPTION
 $row = array();
@@ -64,20 +72,26 @@ $row[0] = __('Description');
 $row[0] .= ui_print_help_tip(__('Only 200 characters are permitted'), true);
 $row[1] = html_print_textarea('description', 3, 20, $file['description'], 'style="min-height: 40px; max-height: 40px; width: 98%;"', true);
 $table->data[] = $row;
-$table->colspan[][1] = 2;
+$table->colspan[][1] = 3;
 
 // FILE and SUBMIT BUTTON
 $row = array();
+// Public checkbox
+$checkbox = html_print_checkbox('public', 1, (bool)!empty($file['hash']), true);
+$style = "style=\"padding: 2px 10px; display: inline-block;\"";
+
 $row[0] = __('File');
 if ($file_id > 0) {
 	$row[1] = $file['name'];
-	$row[2] = html_print_submit_button(__('Update'), 'submit', false, 'class="sub upd"', true);
-	$row[2] .= html_print_input_hidden('update_file', 1, true);
-	$row[2] .= html_print_input_hidden('file_id', $file_id, true);
+	$row[2] = "<div $style>".__('Public link')."&nbsp;$checkbox</div>";
+	$row[3] = html_print_submit_button(__('Update'), 'submit', false, 'class="sub upd"', true);
+	$row[3] .= html_print_input_hidden('update_file', 1, true);
+	$row[3] .= html_print_input_hidden('file_id', $file_id, true);
 } else {
 	$row[1] = html_print_input_file('upfile', true);
-	$row[2] = html_print_submit_button(__('Add'), 'submit', false, 'class="sub add"', true);
-	$row[2] .= html_print_input_hidden('add_file', 1, true);
+	$row[2] = "<div $style>".__('Public link')."&nbsp;$checkbox</div>";
+	$row[3] = html_print_submit_button(__('Add'), 'submit', false, 'class="sub add"', true);
+	$row[3] .= html_print_input_hidden('add_file', 1, true);
 }
 $table->data[] = $row;
 $table->colspan[][1] = 1;
@@ -87,4 +101,28 @@ echo "<form method='post' action='$url' enctype='multipart/form-data'>";
 html_print_table($table);
 echo "</form>";
 
-?>
\ No newline at end of file
+?>
+
+<script language="javascript" type="text/javascript">
+
+	$(document).ready (function () {
+
+		var all_enabled = $(".chkb_all").prop("checked");
+		if (all_enabled) {
+			$(".chkb_group").prop("checked", false);
+			$(".chkb_group").prop("disabled", true);
+		}
+
+		$(".chkb_all").click(function () {
+			all_enabled = $(".chkb_all").prop("checked");
+			if (all_enabled) {
+				$(".chkb_group").prop("checked", false);
+				$(".chkb_group").prop("disabled", true);
+			} else {
+				$(".chkb_group").prop("disabled", false);
+			}
+		});
+
+	});
+
+</script>
\ No newline at end of file
diff --git a/pandora_console/extensions/files_repo/files_repo_get_file.php b/pandora_console/extensions/files_repo/files_repo_get_file.php
new file mode 100644
index 0000000000..c80b585cb1
--- /dev/null
+++ b/pandora_console/extensions/files_repo/files_repo_get_file.php
@@ -0,0 +1,72 @@
+<?php
+
+// Pandora FMS - http://pandorafms.com
+// ==================================================
+// Copyright (c) 2005-2010 Artica Soluciones Tecnologicas
+// Please see http://pandorafms.org for full contribution list
+
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the  GNU Lesser General Public License
+// as published by the Free Software Foundation; version 2
+
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+
+$ds = DIRECTORY_SEPARATOR;
+require_once ("..".$ds."..".$ds."include".$ds."config.php");
+
+$file_hash = (string) get_parameter('file');
+
+// Only allow 1 parameter in the request
+$check_request = (count($_REQUEST) === 1) ? true : false;
+$check_get = (count($_GET) === 1) ? true : false;
+$check_post = (count($_POST) === 0) ? true : false;
+// Only allow the parameter 'file'
+$check_parameter = (!empty($file_hash)) ? true : false;
+$check_string = (preg_match("/^[0-9a-zA-Z]{8}$/", $file_hash) === 1) ? true : false;
+
+$checks = ($check_request && $check_get && $check_post && $check_parameter && $check_string);
+if (!$checks) {
+	throw_error(15); // ERROR
+}
+
+// Get the db file row
+$file = db_get_row_filter("tfiles_repo", array('hash' => $file_hash));
+if (!$file) {
+	throw_error(10); // ERROR
+}
+// Case sensitive check
+$check_hash = ($file['hash'] == $file_hash) ? true : false;
+if (!$check_hash) {
+	throw_error(10); // ERROR
+}
+
+// Get the location
+$files_repo_path = $config['attachment_store'].$ds."files_repo";
+$location = $files_repo_path.$ds.$file['id']."_".$file['name'];
+if (!file_exists($location) || !is_readable($location) || !is_file($location)) {
+	throw_error(5); // ERROR
+}
+
+// All checks are fine. Download the file!
+header('Content-type: aplication/octet-stream;');
+header('Content-type: ' . mime_content_type($location) . ';');
+header("Content-Length: " . filesize($location));
+header('Content-Disposition: attachment; filename="' . $file['name'] . '"');
+readfile($location);
+///
+
+function throw_error ($time = 15) {
+	sleep ($time);
+
+	$styleError = "background:url(\"../images/err.png\") no-repeat scroll 0 0 transparent; padding:4px 1px 6px 30px; color:#CC0000;";
+	echo "<h3 style='" . $styleError . "'>" .
+			__('Unreliable petition') . ". " . __('Please contact the administrator') .
+		"</h3>";
+	exit;
+}
+
+?>
\ No newline at end of file
diff --git a/pandora_console/extensions/files_repo/files_repo_list.php b/pandora_console/extensions/files_repo/files_repo_list.php
index 70cbc668cc..7a3a9551a8 100644
--- a/pandora_console/extensions/files_repo/files_repo_list.php
+++ b/pandora_console/extensions/files_repo/files_repo_list.php
@@ -14,6 +14,7 @@
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 // GNU General Public License for more details.
 
+
 global $config;
 
 $full_extensions_dir = $config['homedir'].DIRECTORY_SEPARATOR.EXTENSIONS_DIR.DIRECTORY_SEPARATOR;
@@ -67,16 +68,30 @@ if (!empty($files)) {
 		$data[1] = $file['description']; // Description
 		$data[2] = ui_format_filesize($file['size']); // Size
 		$data[3] = date('F j, Y - H:m', $file['mtime']); // Last modification
-		$data[4] = "<a href=\"$url\" target=\"_blank\">";
+
+		// Public URL
+		if (!empty($file['hash'])) {
+			$public_url = ui_get_full_url(EXTENSIONS_DIR . "/files_repo/files_repo_get_file.php?file=" . $file['hash']);
+			$message = __('Copy to clipboard') . ": Ctrl+C -> Enter";
+			$action = "window.prompt('$message', '$public_url');";
+			$data[4] .= "<a href=\"javascript:;\" onclick=\"$action\">";
+			$data[4] .= html_print_image('images/world.png', true, array('title' => __('Public link'))); // Public link image
+			$data[4] .= "</a> ";
+		}
+
+		$data[4] .= "<a href=\"$url\" target=\"_blank\">";
 		$data[4] .= html_print_image('images/download.png', true, array('title' => __('Download'))); // Download image
 		$data[4] .= "</a>";
+
 		if ($manage) {
-			$url = ui_get_full_url("index.php?sec=gextensions&sec2=extensions/files_repo&file_id=$file_id");
-			$data[4] .= " <a href=\"$url\">";
+
+			$config_url = ui_get_full_url("index.php?sec=gextensions&sec2=extensions/files_repo&file_id=$file_id");
+			$data[4] .= " <a href=\"$config_url\">";
 			$data[4] .= html_print_image('images/config.png', true, array('title' => __('Edit'))); // Edit image
 			$data[4] .= "</a>";
-			$url = ui_get_full_url("index.php?sec=gextensions&sec2=extensions/files_repo&delete=1&file_id=$file_id");
-			$data[4] .= " <a href=\"$url\" onClick=\"if (!confirm('".__('Are you sure?')."')) return false;\">";
+
+			$delete_url = ui_get_full_url("index.php?sec=gextensions&sec2=extensions/files_repo&delete=1&file_id=$file_id");
+			$data[4] .= " <a href=\"$delete_url\" onClick=\"if (!confirm('".__('Are you sure?')."')) return false;\">";
 			$data[4] .= html_print_image('images/cross.png', true, array('title' => __('Delete'))); // Delete image
 			$data[4] .= "</a>";
 		}
diff --git a/pandora_console/extensions/files_repo/functions_files_repo.php b/pandora_console/extensions/files_repo/functions_files_repo.php
index d621694a6b..e02d8f7595 100644
--- a/pandora_console/extensions/files_repo/functions_files_repo.php
+++ b/pandora_console/extensions/files_repo/functions_files_repo.php
@@ -70,6 +70,11 @@ function files_repo_check_file_acl ($file_id, $user_id = false, $file_groups = f
 			$file_groups = array();
 		}
 	}
+
+	if (in_array(0, $file_groups)) {
+		return true;
+	}
+
 	if (!$user_groups) {
 		$user_groups = users_get_groups ($user_id, false, true);
 		if (empty($user_groups)) {
@@ -150,6 +155,7 @@ function files_repo_get_files ($filter = false, $count = false) {
 		// Last modification time in unix timestamp
 		$data['mtime'] = filemtime($data['location']);
 		$data['groups'] = $file_groups;
+		$data['hash'] = $file['hash'];
 		$files_data[$file['id']] = $data;
 	}
 
@@ -160,7 +166,7 @@ function files_repo_get_files ($filter = false, $count = false) {
 	return $files_data;
 }
 
-function files_repo_add_file ($file_input_name = "upfile", $description = "", $groups = array()) {
+function files_repo_add_file ($file_input_name = "upfile", $description = "", $groups = array(), $public = false) {
 	global $config;
 
 	$attachment_path = realpath($config['attachment_store']);
@@ -183,9 +189,16 @@ function files_repo_add_file ($file_input_name = "upfile", $description = "", $g
 			$filename = mb_substr($filename, 0, 200, "UTF-8");
 		}
 
+		$hash = "";
+		if ($public) {
+			$hash = md5(time() . $config['dbpass']);
+			$hash = mb_substr($hash, 0, 8, "UTF-8");
+		}
+
 		$values = array(
 				'name' => $filename,
-				'description' => $description
+				'description' => $description,
+				'hash' => $hash
 			);
 		$file_id = db_process_sql_insert('tfiles_repo', $values);
 
@@ -224,14 +237,23 @@ function files_repo_add_file ($file_input_name = "upfile", $description = "", $g
 	return $result;
 }
 
-function files_repo_update_file ($file_id, $description = "", $groups = array()) {
+function files_repo_update_file ($file_id, $description = "", $groups = array(), $public = false) {
 	global $config;
 
 	$result = array();
 	$result["status"] = false;
 	$result["message"] = "";
 
-	$values = array('description' => $description);
+	$hash = "";
+	if ($public) {
+		$hash = md5(time() . $config['dbpass']);
+		$hash = mb_substr($hash, 0, 8, "UTF-8");
+	}
+
+	$values = array(
+			'description' => $description,
+			'hash' => $hash
+		);
 	$filter = array('id' => $file_id);
 	$res = db_process_sql_update('tfiles_repo', $values, $filter);
 	if ($res !== false) {
diff --git a/pandora_console/extensions/files_repo/sql/files_repo.oracle.sql b/pandora_console/extensions/files_repo/sql/files_repo.oracle.sql
index a3bab6f01d..d1c44fa533 100644
--- a/pandora_console/extensions/files_repo/sql/files_repo.oracle.sql
+++ b/pandora_console/extensions/files_repo/sql/files_repo.oracle.sql
@@ -1,4 +1,4 @@
-CREATE TABLE IF NOT EXISTS tfiles_repo (id NUMBER(5, 0) NOT NULL PRIMARY KEY, name VARCHAR(255) NOT NULL, description VARCHAR(500) default '');
+CREATE TABLE IF NOT EXISTS tfiles_repo (id NUMBER(5, 0) NOT NULL PRIMARY KEY, name VARCHAR(255) NOT NULL, description VARCHAR(500) NULL default '', hash VARCHAR(8) NULL default '');
 CREATE SEQUENCE tfiles_repo_s INCREMENT BY 1 START WITH 1;
 CREATE OR REPLACE TRIGGER tfiles_repo_inc BEFORE INSERT ON tfiles_repo REFERENCING NEW AS NEW FOR EACH ROW BEGIN SELECT tfiles_repo_s.nextval INTO :NEW.ID FROM dual; END;;
 CREATE TABLE IF NOT EXISTS tfiles_repo_group (id NUMBER(10, 0) NOT NULL PRIMARY KEY, id_file NUMBER(5, 0) NOT NULL REFERENCES tfiles_repo(id) ON DELETE CASCADE, id_group NUMBER(4, 0) NOT NULL);
diff --git a/pandora_console/extensions/files_repo/sql/files_repo.postgreSQL.sql b/pandora_console/extensions/files_repo/sql/files_repo.postgreSQL.sql
index 5255a55d82..080a7ebe65 100644
--- a/pandora_console/extensions/files_repo/sql/files_repo.postgreSQL.sql
+++ b/pandora_console/extensions/files_repo/sql/files_repo.postgreSQL.sql
@@ -1,2 +1,2 @@
-CREATE TABLE IF NOT EXISTS "tfiles_repo" ("id" SERIAL NOT NULL PRIMARY KEY, "name" VARCHAR(255) NOT NULL, "description" VARCHAR(500) NULL default '');
-CREATE TABLE IF NOT EXISTS "tfiles_repo_group" ("id" SERIAL NOT NULL PRIMARY KEY, "id_file" INTEGER NOT NULL REFERENCES tfiles_repo("id") ON DELETE CASCADE, "id_group" INTEGER NOT NULL);
\ No newline at end of file
+CREATE TABLE IF NOT EXISTS "tfiles_repo" ("id" SERIAL NOT NULL PRIMARY KEY, "name" VARCHAR(255) NOT NULL, "description" VARCHAR(500) NULL default '', "hash" VARCHAR(8) NULL default '');
+CREATE TABLE IF NOT EXISTS "tfiles_repo_group" ("id" SERIAL NOT NULL PRIMARY KEY, "id_file" INTEGER NOT NULL REFERENCES tfiles_repo("id") ON DELETE CASCADE, "id_group" INTEGER NOT NULL);
diff --git a/pandora_console/extensions/files_repo/sql/files_repo.sql b/pandora_console/extensions/files_repo/sql/files_repo.sql
index 29b7a6ef8d..fbcf3abdc4 100644
--- a/pandora_console/extensions/files_repo/sql/files_repo.sql
+++ b/pandora_console/extensions/files_repo/sql/files_repo.sql
@@ -1,2 +1,2 @@
-CREATE TABLE IF NOT EXISTS `tfiles_repo` (`id` int(5) unsigned NOT NULL auto_increment, `name` varchar(255) NOT NULL, `description` varchar(500) NULL default '', PRIMARY KEY (`id`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+CREATE TABLE IF NOT EXISTS `tfiles_repo` (`id` int(5) unsigned NOT NULL auto_increment, `name` varchar(255) NOT NULL, `description` varchar(500) NULL default '', `hash` varchar(8) NULL default '', PRIMARY KEY (`id`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE IF NOT EXISTS `tfiles_repo_group` (`id` int(10) unsigned NOT NULL auto_increment, `id_file` int(5) unsigned NOT NULL, `id_group` int(4) unsigned NOT NULL, PRIMARY KEY (`id`), FOREIGN KEY (`id_file`) REFERENCES tfiles_repo(`id`) ON DELETE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=utf8;
\ No newline at end of file