add php files

2020-05-06 21:24:25 +02:00 · 2020-05-06 21:24:25 +02:00 · 2574e7a91c
commit 2574e7a91c
parent eab3fc37e9
2 changed files with 112 additions and 0 deletions
--- a/arduino-download.php
+++ b/arduino-download.php
@ -0,0 +1,59 @@
+<?php
+
+header('Content-type: text/plain; charset=utf8', true);
+
+function check_header($k, $v = false) {
+	if (!isset($_SERVER[$k]))
+		return false;
+	if ($v && $_SERVER[$k] !== $v)
+		return false;
+	return true;
+}
+
+# validate the headers
+if (!check_header('HTTP_USER_AGENT', 'ESP8266-http-Update') ||
+	!check_header('HTTP_X_ESP8266_STA_MAC') ||
+	!check_header('HTTP_X_ESP8266_AP_MAC') ||
+	!check_header('HTTP_X_ESP8266_FREE_SPACE') ||
+	!check_header('HTTP_X_ESP8266_SKETCH_SIZE') ||
+	!check_header('HTTP_X_ESP8266_SKETCH_MD5') ||
+	!check_header('HTTP_X_ESP8266_CHIP_SIZE') ||
+	!check_header('HTTP_X_ESP8266_SDK_VERSION')
+) {
+	header($_SERVER["SERVER_PROTOCOL"].' 403 Forbidden', true, 403);
+	exit();
+}
+
+# sanitize inputs
+$room    = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_GET['room']);
+$device  = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_GET['device']);
+$version = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_SERVER['HTTP_X_ESP8266_VERSION']);
+$filenames = glob("./arduino-images/$room/$device/*.bin");
+
+$path = false;
+
+if (is_array($filenames)) {
+	$num = count($filenames);
+	if ($num >= 1) {
+		$newest = $filenames[$num - 1];
+		if (preg_match('/\/(\d+).bin$/', $newest, $matches)) {
+			$server_version = $matches[1];
+			if ((int) $server_version > (int) $version) {
+				$path = $newest;
+			}
+		}
+	}
+}
+
+if ($path) {
+	header($_SERVER["SERVER_PROTOCOL"].' 200 OK', true, 200);
+	header('Content-Type: application/octet-stream', true);
+	header('Content-Disposition: attachment; filename='.basename($path));
+	header('Content-Length: '.filesize($path), true);
+	header('x-MD5: '.md5_file($path), true);
+	readfile($path);
+} else {
+	header($_SERVER["SERVER_PROTOCOL"].' 304 Not Modified', true, 304);
+}
+
+?>
--- a/arduino-upload.php
+++ b/arduino-upload.php
@ -0,0 +1,53 @@
+<?php
+
+# make sure that the webserver can write to this directory, e.g.
+# chown -R www-data:www-data /var/www/html
+
+# set this to the upl_token value in platformio.ini
+$token = '';
+
+function check_header($k, $v = false) {
+	if (!isset($_SERVER[$k]))
+		return false;
+	if ($v && $_SERVER[$k] !== $v)
+		return false;
+	return true;
+}
+
+# validate the headers
+if (!check_header('REQUEST_METHOD', 'PUT') ||
+	!check_header('HTTP_X_ROOM') ||
+	!check_header('HTTP_X_DEVICE') ||
+	!check_header('HTTP_X_VERSION') ||
+	!check_header('HTTP_X_TOKEN', $token)
+) {
+	header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden', true, 403);
+	exit();
+}
+
+# sanitize inputs
+$room    = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_SERVER['HTTP_X_ROOM']);
+$device  = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_SERVER['HTTP_X_DEVICE']);
+$version = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_SERVER['HTTP_X_VERSION']);
+$filename = "./arduino-images/$room/$device/$version.bin";
+
+# make sure the directory exists
+@mkdir("./arduino-images/$room/$device/", 0775, true);
+
+# open files, copy data, close files
+$in  = fopen('php://input', 'r');
+$out = fopen($filename, 'w');
+
+if ($out === false) {
+	header($_SERVER['SERVER_PROTOCOL'].' 500 Internal Server Error', true, 500);
+	exit();
+}
+
+while ($data = fread($in, 1024))
+	fwrite($out, $data);
+
+fclose($in);
+fclose($out);
+
+
+?>