wrote this file. As long as you retain this notice * you can do whatever you want with this stuff. If we meet some day, and you * think this stuff is worth it, you can buy me a Tschunk in return. * ---------------------------------------------------------------------------*/ header('Content-type: text/plain; charset=utf8', true); function check_header($k, $v = false) { if (!isset($_SERVER[$k])) return false; if ($v && $_SERVER[$k] !== $v) return false; return true; } # validate the headers if (!check_header('HTTP_USER_AGENT', 'ESP8266-http-Update') || !check_header('HTTP_X_ESP8266_STA_MAC') || !check_header('HTTP_X_ESP8266_AP_MAC') || !check_header('HTTP_X_ESP8266_FREE_SPACE') || !check_header('HTTP_X_ESP8266_SKETCH_SIZE') || !check_header('HTTP_X_ESP8266_SKETCH_MD5') || !check_header('HTTP_X_ESP8266_CHIP_SIZE') || !check_header('HTTP_X_ESP8266_SDK_VERSION') ) { header($_SERVER["SERVER_PROTOCOL"].' 403 Forbidden', true, 403); exit(); } # sanitize inputs $room = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_GET['room']); $device = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_GET['device']); $version = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_SERVER['HTTP_X_ESP8266_VERSION']); $filenames = glob("./arduino-images/$room/$device/*.bin"); $path = false; if (is_array($filenames)) { $num = count($filenames); if ($num >= 1) { $newest = $filenames[$num - 1]; if (preg_match('/\/(\d+).bin$/', $newest, $matches)) { $server_version = $matches[1]; if ((int) $server_version > (int) $version) { $path = $newest; } } } } if ($path) { header($_SERVER["SERVER_PROTOCOL"].' 200 OK', true, 200); header('Content-Type: application/octet-stream', true); header('Content-Disposition: attachment; filename='.basename($path)); header('Content-Length: '.filesize($path), true); header('x-MD5: '.md5_file($path), true); readfile($path); } else { header($_SERVER["SERVER_PROTOCOL"].' 304 Not Modified', true, 304); } ?>