66 lines
2.1 KiB
PHP
66 lines
2.1 KiB
PHP
<?php
|
|
|
|
/* ----------------------------------------------------------------------------
|
|
* "THE TSCHUNK LICENSE" (Revision 42):
|
|
* <christian@staudte.it> wrote this file. As long as you retain this notice
|
|
* you can do whatever you want with this stuff. If we meet some day, and you
|
|
* think this stuff is worth it, you can buy me a Tschunk in return.
|
|
* ---------------------------------------------------------------------------*/
|
|
|
|
header('Content-type: text/plain; charset=utf8', true);
|
|
|
|
function check_header($k, $v = false) {
|
|
if (!isset($_SERVER[$k]))
|
|
return false;
|
|
if ($v && $_SERVER[$k] !== $v)
|
|
return false;
|
|
return true;
|
|
}
|
|
|
|
# validate the headers
|
|
if (!check_header('HTTP_USER_AGENT', 'ESP8266-http-Update') ||
|
|
!check_header('HTTP_X_ESP8266_STA_MAC') ||
|
|
!check_header('HTTP_X_ESP8266_AP_MAC') ||
|
|
!check_header('HTTP_X_ESP8266_FREE_SPACE') ||
|
|
!check_header('HTTP_X_ESP8266_SKETCH_SIZE') ||
|
|
!check_header('HTTP_X_ESP8266_SKETCH_MD5') ||
|
|
!check_header('HTTP_X_ESP8266_CHIP_SIZE') ||
|
|
!check_header('HTTP_X_ESP8266_SDK_VERSION')
|
|
) {
|
|
header($_SERVER["SERVER_PROTOCOL"].' 403 Forbidden', true, 403);
|
|
exit();
|
|
}
|
|
|
|
# sanitize inputs
|
|
$room = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_GET['room']);
|
|
$device = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_GET['device']);
|
|
$version = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_SERVER['HTTP_X_ESP8266_VERSION']);
|
|
$filenames = glob("./arduino-images/$room/$device/*.bin");
|
|
|
|
$path = false;
|
|
|
|
if (is_array($filenames)) {
|
|
$num = count($filenames);
|
|
if ($num >= 1) {
|
|
$newest = $filenames[$num - 1];
|
|
if (preg_match('/\/(\d+).bin$/', $newest, $matches)) {
|
|
$server_version = $matches[1];
|
|
if ((int) $server_version > (int) $version) {
|
|
$path = $newest;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($path) {
|
|
header($_SERVER["SERVER_PROTOCOL"].' 200 OK', true, 200);
|
|
header('Content-Type: application/octet-stream', true);
|
|
header('Content-Disposition: attachment; filename='.basename($path));
|
|
header('Content-Length: '.filesize($path), true);
|
|
header('x-MD5: '.md5_file($path), true);
|
|
readfile($path);
|
|
} else {
|
|
header($_SERVER["SERVER_PROTOCOL"].' 304 Not Modified', true, 304);
|
|
}
|
|
|
|
?>
|