[rapidleech][u] GenericXFSHost.inc.php

<?php
/*
    /hosts/upload/GenericXFSHost.inc.php

        Do not edit this file directly
        as it's used by many plugins.
        - Th3-822
*/
if (!defined('RAPIDLEECH')) exit;

// Check include
if (!isset($_T8) || !is_array($_T8) || empty($_T8['domain']) || $_T8['domain'] == 'domain.tld' || empty($_T8['v'])) {
    if (strtolower(basename(__FILE__)) == strtolower($page_upload[$_REQUEST['uploaded']])) html_error('This plugin can\'t be called directly.');
    html_error('Error: Called from non configured plugin "' . htmlentities($page_upload[$_REQUEST['uploaded']]) . '".');
}
if ($_T8['v'] > 9) html_error('Error: '.basename(__FILE__).' is outdated, please install last version from: http://rapidleech.com/forum/viewtopic.php?f=17&t=80 or http://pastebin.com/E0z7qMU1 ');

/* # Default Settings # */
$default = array();
$default['port'] = 80; // Server's port, default: 80 | 443 = https.
$default['path'] = '/'; // URL path to XFS script, default: '/'
$default['xfsFree'] = false; // Change to true if the host is using XFS free.
$default['sslLogin'] = false; // Force https on login.
$default['opUploadName'] = 'upload'; // Custom ?op=value for checking upload page, default: 'upload'
$default['anonUploadDisable'] = false; // Disallow non registered users upload. (XFS Pro)
$default['anonUploadLimit'] = 0; // File-size limit for non registered users (MB) - 0 = Plugin's limit | (XFS Pro)
$default['flashUpload'] = false; // Forces the use of flash upload method... Also filename for .cgi if it's a non empty string. (XFS Pro)

$_T8 = array_merge($default, array_filter($_T8)); // Merge default settings with loader's settings

$_GET['proxy'] = isset($_GET['proxy']) ? $_GET['proxy'] : '';
$not_done = true;

if (!$_T8['xfsFree'] && !empty($upload_acc[$acc_key_name]['user']) && !empty($upload_acc[$acc_key_name]['pass'])) {
    $_REQUEST['up_login'] = $upload_acc[$acc_key_name]['user'];
    $_REQUEST['up_pass'] = $upload_acc[$acc_key_name]['pass'];
    $_REQUEST['action'] = 'FORM';
    echo "<b><center>Using Default Login.</center></b>\n";
}

if (!$_T8['xfsFree'] && (empty($_REQUEST['action']) || $_REQUEST['action'] != 'FORM')) {
    echo "<table border='0' style='width:270px;' cellspacing='0' align='center'>\n<form method='POST'>\n\t<input type='hidden' name='action' value='FORM' />\n\t<tr><td style='white-space:nowrap;'>&nbsp;Username*</td><td>&nbsp;<input type='text' name='up_login' value='' style='width:160px;' /></td></tr>\n\t<tr><td style='white-space:nowrap;'>&nbsp;Password*</td><td>&nbsp;<input type='password' name='up_pass' value='' style='width:160px;' /></td></tr>\n";
    echo "\t<tr><td colspan='2' align='center'><br /><input type='submit' value='Upload' /></td></tr>\n";
    echo "\t<tr><td colspan='2' align='center'><small>*You can set it as default in <b>".$page_upload[$_REQUEST['uploaded']]."</b></small></td></tr>\n";
    echo "</form>\n</table>\n";
} else {
    $not_done = false;
    if (substr($_T8['path'], 0, 1) != '/') $_T8['path'] = '/'.$_T8['path'];
    if (substr($_T8['path'], -1) != '/') $_T8['path'] .= '/';
    $_T8['port'] = (!empty($_T8['port']) && $_T8['port'] > 0 && $_T8['port'] < 65536) ? (int)$_T8['port'] : 80;
    $scheme = ($_T8['port'] == 443) ? 'https' : 'http';
    $referer = $scheme.'://'.$_T8['domain'].$_T8['path'];

    // Login
    echo "<table style='width:600px;margin:auto;'>\n<tr><td align='center'>\n<div id='login' width='100%' align='center'>Login to ".str_ireplace('www.', '', $_T8['domain'])."</div>\n";

    $cookie = (!empty($cookie)) ? (is_array($cookie) ? $cookie : StrToCookies($cookie)) : array();
    $cookie['lang'] = 'english';
    if ($_T8['xfsFree']) $login = false;
    elseif (!empty($_REQUEST['up_login']) && !empty($_REQUEST['up_pass'])) {
        $post = array();
        $post['op'] = 'login';
        $post['redirect'] = '';
        $post['login'] = urlencode($_REQUEST['up_login']);
        $post['password'] = urlencode($_REQUEST['up_pass']);

        if (empty($_T8['fw_sendLogin']) || !is_callable($_T8['fw_sendLogin'])) {
            $page = geturl($_T8['domain'], $_T8['port'], $_T8['path'].'?op=login', $referer, $cookie, $post, 0, $_GET['proxy'], $pauth, 0, ($_T8['sslLogin'] ? 'https' : $scheme));is_page($page);
        } else $page = call_user_func($_T8['fw_sendLogin'], $post);
        $header = substr($page, 0, strpos($page, "\r\n\r\n"));
        if (stripos($header, "\nLocation: ") !== false && preg_match('@\nLocation: (https?://[^\r\n]+)@i', $header, $redir) && 'www.' . strtolower($_T8['domain']) == strtolower(parse_url($redir[1], PHP_URL_HOST))) html_error("Please set \$_T8['domain'] to 'www.{$_T8['domain']}'.");
        if (preg_match('@Incorrect ((Username)|(Login)) or Password@i', $page)) html_error('Login failed: User/Password incorrect.');
        is_present($page, 'op=resend_activation', 'Login failed: Your account isn\'t confirmed yet.');
        is_present($page, 'Please%20enter%20your%20e-mail', "Login failed: Missing account's email, login at site and set the email.");
        $cookie = GetCookiesArr($header, $cookie);
        if (empty($cookie['xfss']) && empty($cookie['login'])) html_error('Error: Login cookies not found.');
        $cookie['lang'] = 'english';
        $login = true;
    } else {
        if ($_T8['anonUploadDisable']) html_error('Login failed: User/Password empty.');
        echo "<b><center>Login not found or empty, using non member upload.</center></b>\n";
        if ($_T8['anonUploadLimit'] > 0 && $fsize > $_T8['anonUploadLimit']*1024*1024) html_error('File is too big for anon upload');
        $login = false;
    }

    // Retrive upload ID
    echo "<script type='text/javascript'>document.getElementById('login').style.display='none';</script>\n<div id='info' width='100%' align='center'>Retrive upload ID</div>\n";

    $page = geturl($_T8['domain'], $_T8['port'], $_T8['path'].'?op='.(empty($_T8['opUploadName']) ? 'upload' : $_T8['opUploadName']), $referer, $cookie, 0, 0, $_GET['proxy'], $pauth, 0, $scheme);is_page($page);
    if (substr($page, 9, 3) != '200') {
        $page = geturl($_T8['domain'], $_T8['port'], $_T8['path'], $referer, $cookie, 0, 0, $_GET['proxy'], $pauth, 0, $scheme);is_page($page);
    }
    $header = substr($page, 0, strpos($page, "\r\n\r\n"));
    if (!$login && stripos($header, "\nLocation: ") !== false && preg_match('@\nLocation: (https?://[^\r\n]+)@i', $header, $redir) && 'www.' . strtolower($_T8['domain']) == strtolower(parse_url($redir[1], PHP_URL_HOST))) html_error("Please set \$_T8['domain'] to 'www.{$_T8['domain']}'.");

    if (preg_match('@var[\s\t]+max_upload_filesize[\s\t]*=[\s\t]*[\'\"]?(\d+)[\'\"]?[\s\t]*;@i', $page, $fzlimit) && $fzlimit[1] > 0 && $fsize > $fzlimit[1]*1024*1024) html_error('Error: '.lang(66)); // Max upload filesize test

    if (!preg_match('@action=["\']((https?://[^/"\']+)?/(?:[^\?"\'/]+/)*[\w\-]+(?:\.cgi)?)\?(?:\w+=\w+&)*(?:upload_id=|upload_type=file)@i', $page, $up) && (empty($_T8['flashUpload']) || !preg_match('@[\'"]?uploader[\'"]?\s*:\s*[\'"]((https?://[^/"\']+)?/(?:[^\?"\'/]+/)*'.preg_quote((is_string($_T8['flashUpload']) ? $_T8['flashUpload'] :'up_flash.cgi'), '@').')[\'"]@i', $page, $up))) {
        is_present($page, 'We\'re sorry, there are no servers available for upload at the moment.', 'Site isn\'t accepting uploads.');
        is_present($page, 'Uploads are disabled for your country:', 'Site isn\'t accepting uploads from your server\'s country.');
        is_present($page, 'Uploads are disabled for your user type', 'Uploads are disabled for your account type.');
        if (!$login) {
            if (stripos($header, "\nLocation: ") !== false) is_present(cut_str($header, "\nLocation: ", "\n"), '?op=login', 'Please set '.($_T8['xfsFree'] ? '$_T8[\'xfsFree\'] to false and ' : '').'$_T8[\'anonUploadDisable\'] to true.');
            is_present($page, '>Register on site to be able to upload files<', 'Please set '.($_T8['xfsFree'] ? '$_T8[\'xfsFree\'] to false and ' : '').'$_T8[\'anonUploadDisable\'] to true.');
        }
        html_error('Error: Cannot find upload server.');
    }
    $up_url = (empty($up[2])) ? $scheme.'://'.$_T8['domain'].$up[1] : $up[1];

    // File-ext checks
    if (preg_match('@var[\s\t]+ext_allowed[\s\t]*=[\s\t]*[\'\"]\|?(\w+(?:\|\w+)*)\|?[\'\"][\s\t]*;@i', $page, $allowedExts) || preg_match('@var[\s\t]+ext_not_allowed[\s\t]*=[\s\t]*[\'\"]\|?(\w+(?:\|\w+)*)\|?[\'\"][\s\t]*;@i', $page, $notAllowedExts)) {
        $fExt = (strpos($lname, '.') !== false) ? strtolower(substr(strrchr($lname, '.'), 1)) : '';
        if (!empty($allowedExts[1])) {
            $allowedExts = array_map('strtolower', array_filter(explode('|', $allowedExts[1])));
            if (!in_array($fExt, $allowedExts)) html_error('Server doesn\'t allow upload of files with this ext: "'.htmlentities($fExt).'".');
        }
        if (!empty($notAllowedExts[1])) {
            $notAllowedExts = array_map('strtolower', array_filter(explode('|', $notAllowedExts[1])));
            if (in_array($fExt, $notAllowedExts)) html_error('Server doesn\'t allow upload of files with this ext: "'.htmlentities($fExt).'".');
        }
    }

    $post = array();
    if (empty($_T8['flashUpload'])) {
        $post['upload_type'] = 'file';
        $post['sess_id'] = !empty($cookie['xfss']) ? $cookie['xfss'] : cut_str($page, 'name="sess_id" value="', '"');
        foreach (array('srv_tmp_url', 'utype', 'srv_id', 'disk_id') as $tmpName) {
            if (stripos($page, "name=\"$tmpName\" value=\"") !== false && ($tmp = cut_str($page, "name=\"$tmpName\" value=\"", '"'))) $post["$tmpName"] = $tmp;
        }
        $post['link_pass'] = $post['link_rcpt'] = '';
        $post['file_descr'] = 'Uploaded with Rapidleech.';
        $post['file_public'] = '1';
        $post['tos'] = '1';
        $post['submit_btn'] = ' Upload! ';

        $up_url .= '?upload_id=';
        for ($i = 0; $i < 12; $i++) $up_url .= mt_rand(0,9);
        $up_url .= '&js_on=1';
        if (!$_T8['xfsFree']) {
            if (empty($post['utype']) && ($tmp = cut_str($page, "var utype='", "'"))) $up_url .= "&utype=$tmp";
            $up_url .= '&upload_type=file'.(!empty($post['disk_id']) ? '&disk_id=' . urlencode($post['disk_id']) : '');
        }
    } else {
        $post['Filename'] = $lname;
        if ($login) if (!($post['sess_id'] = cut_str($page, 'name="sess_id" value="', '"'))) {
            if (!empty($cookie['xfss'])) $post['sess_id'] = $cookie['xfss'];
            elseif (preg_match('@["\']sess_id["\']\s*:\s*["\'](\w+)["\']@i', $page, $sid)) $post['sess_id'] = $sid[1];
            else html_error('Flash upload session key not found.');
        }
        $post['Upload'] = 'Submit Query';
    }

    // Uploading
    echo "<script type='text/javascript'>document.getElementById('info').style.display='none';</script>\n";

    $url = parse_url($up_url);
    if (!empty($_T8['flashUpload'])) $url['path'] = substr($url['path'], 0, strrpos($url['path'], '/') + 1).(is_string($_T8['flashUpload']) ? $_T8['flashUpload'] : 'up_flash.cgi');
    $upfiles = upfile($url['host'], defport($url), $url['path'].(!empty($url['query']) ? '?'.$url['query'] : ''), 0, $cookie, $post, $lfile, $lname,
    (empty($_T8['flashUpload']) ? 'file' : 'Filedata'), '', $_GET['proxy'], $pauth, 0, $url['scheme']);

    // Upload Finished
    echo "<script type='text/javascript'>document.getElementById('progressblock').style.display='none';</script>\n";

    is_page($upfiles);

    if (!$login && stripos($page, 'Uploads not enabled for this type of users') !== false) html_error('Please set '.($_T8['xfsFree'] ? '$_T8[\'xfsFree\'] to false and ' : '').'$_T8[\'anonUploadDisable\'] to true.');

    $statuscode = intval(substr($upfiles, 9, 3));
    if ($statuscode >= 400 || preg_match('@<body><b>([^<>]+)</b></body></html>@i', $upfiles, $err)) html_error("Upload server isn't working or has failed (HTTP $statuscode)".(!empty($err[1]) ? ', response: ' . htmlspecialchars($err[1]) : '.'));

    $page = (empty($_T8['flashUpload']) ? cut_str($upfiles, '<Form name=\'F1\'', '</Form>') : false);
    if (!empty($page)) {
        // Normal Upload (F1 Form)
        if (!preg_match_all('@<textarea [^<>]*name=\'([^\']+)\'[^<>]*>([^>]*)</textarea>@i', $page, $textareas)) html_error('Error: upload_result data not found.');
        $post = array_map('urlencode', array_map('html_entity_decode', array_combine(array_map('trim', $textareas[1]), array_map('trim', $textareas[2]))));
        if (empty($post['op']) || strtolower(urldecode($post['op'])) != 'upload_result') html_error('Error: "upload_result" value not found.');
        if (empty($post['fn'])) html_error('Error: "fn" input not found.');
        if (strtolower($post['st']) != 'ok') html_error('Upload failed, response: '.htmlspecialchars(urldecode($post['st'])));
    } else if (!empty($_T8['flashUpload'])) {
        // Flash Upload (EOL?)
        $body = trim(substr($upfiles, strpos($upfiles, "\r\n\r\n") + 4));
        if (strpos($body, ':') === false || !($reply = explode(':', $body, 6)) || strlen($reply[0]) != 12) html_error('Bad response from flash uploader, response: ' . htmlspecialchars($body));
        //$download_link = $referer.$reply[0];
        //return;
        $post = array('op' => 'upload_result', 'fn' => urlencode($reply[0]), 'st' => 'OK');
    } elseif (preg_match('@"file_status"\s*:\s*"([^\"\'\]\}]+)"@', $upfiles, $reply) && (strtolower($reply[1]) != 'ok' || preg_match('@"file_code"\s*:\s*"(\w{12})"@', $upfiles, $fileid))) {
        // New JSON response.
        if (empty($fileid)) html_error('Upload failed, json response: '.htmlspecialchars($reply[1]));
        $post = array('op' => 'upload_result', 'fn' => urlencode($fileid[1]), 'st' => urlencode($reply[1]));
    } else html_error('Error: upload_result form/json not found.');

    $page = geturl($_T8['domain'], $_T8['port'], $_T8['path'], $up_url, $cookie, $post, 0, $_GET['proxy'], $pauth, 0, $scheme);is_page($page);

    $host_rexexp = 'https?://(?:www\.)?'.preg_quote(str_ireplace('www.', '', $_T8['domain']).$_T8['path'], '@');
    if (preg_match('@('.$host_rexexp.'\w{12}(?:/[^\?/<>\"\'\r\n]+)?(?:\.html?)?)\?killcode=\w+@i', $page, $lnk)) {
        $download_link = $lnk[1];
        $delete_link = $lnk[0];
    } elseif (preg_match('@'.$host_rexexp.'del-(\w{12})-\w+/([^<>\"\'\r\n]+)@i', $page, $lnk)) {
        $download_link = substr($lnk[0], 0, (stripos($lnk[0], '/del-') + 1)) . $lnk[2] . '/' . $lnk[3];
        $delete_link = $lnk[0];
    } elseif (preg_match('@'.$host_rexexp.'\w{12}(?:/[^\?/<>\"\'\r\n]+)?(?:\.html?)?(?=[\r\n\t\s\'\"<>])@i', $page, $lnk)) $download_link = $lnk[0];
    else html_error('Download link not found.');
}

//[17-8-2012] Written by Th3-822
//[30-9-2012] Using ?op=upload for some sites that need it. - Th3-822
//[17-10-2012] Added "domain requires the www." check. - Th3-822
//[08-11-2012] Added XFS Free support. - Th3-822
//[16-3-2013] Some updates, it should support more sites now & Added more error msgs. - Th3-822
//[05-8-2013] Plugin rewritten for making it a include (for saving space) & Added file-ext check & Small edits. - Th3-822
//[21-9-2013] Fixed upload url regexp (Now it will work on hosts that change upload.cgi filename/path) & Edits for allow extra cookies & Added support for XFS's flash upload. - Th3-822
//[22-1-2014] Added support for custom port and https on whole site, login or upload. - Th3-822
//[21-4-2014] Added urlencode on login $post. - Th3-822
//[29-10-2015] Fixed upload server regexp & added callback for login post & fixed upload response. - Th3-822

?>