<?php

$package_dir = "/var/packages/commercial";
$vendor = "dochost";
$secret_key = "0123456789";

function urlsafe_b64encode($string) {
    return str_replace(array('+','/','='), array('-','_',''), base64_encode($string));
}

function cydia_($url, $dict, $key) {
    ksort($dict);
    $query = http_build_query($dict);
    $response = file_get_contents("$url?$query&signature=" . urlsafe_b64encode(hash_hmac("sha1", $query, $key, true)));
    $values = array(); 
    parse_str($response, $values);
    return values();
}

function cydia_check($vendor, $package, $version, $device, $host, $mode, $key) {
    return cydia_("http://cydia.saurik.com/api/check", array('device' => $device, 'package' => $package, 'vendor' => $vendor, 'version' => $version, 'mode' => $mode, 'host' => $host, 'nonce' => uniqid(), 'timestamp' => time()), $key);
}

$name = explode("_", basename($_SERVER['PATH_INFO'], ".deb"));

if ($_SERVER['PATH_INFO'] == $_SERVER['REDIRECT_URL']) {
    header("Status: 400 No path specified");
} elseif ($_SERVER['PATH_INFO'] == "/") {
    /* You may want to replace this with something that actually provides
    a directory listing. */
    header("Status: 403 Directory index not implemented :-(");
} elseif (strpos($_SERVER['PATH_INFO'], "..") !== false) {
    header("Status: 403 Directory ascent not allowed");
} elseif (!file_exists($package_dir . $_SERVER['PATH_INFO'])) {
    header("Status: 404 File not found");
} elseif (sizeof($name) != 3) {
    header("Status: 400 Malformed package name");
} elseif (!isset($_SERVER['HTTP_X_UNIQUE_ID'])) {
    header("Status: 403 Unique device identifier not provided");
} else {
    $response = cydia_check($vendor, $name[0], $name[1], $_SERVER['HTTP_X_UNIQUE_ID'], $_SERVER['REMOTE_ADDR'], "local", $secret_key);
    if (!isset($response['state']) or $response['state'] != 'completed') {
        header("Status: 403 Payment required");
    } else {
        // 200
        header("Content-Type: application/octet-stream");
        $f = fopen($package_dir . $_SERVER['PATH_INFO'], 'r');
        if ($f) {
            set_time_limit(0);
            /* Sigh: There are so many things wrong here, I don't even
            know where to begin. For starters, we don't even really want
            to be sending the file ourselves -- it's inefficient and at
            best it would require us to support HTTP features like
            content-range manually, which we're not even doing here. We
            would actually like to be able to anti-delegate handling of
            this request back to the web server, but PHP doesn't seem to
            give us a way of doing that.

            Then there's the timing watchdog. We have no idea how long it
            will take to send the file, so we pretty much have to disable
            it here. We could read the file block-by-block and reset the
            timer on each loop, but that would drastically slow down the
            (hopefully vast majority of) transfers that were not taking
            too long. Anyway, we would at least like to reset it to the
            formerly remaining amount of script time after the file has
            been sent, but PHP gives us no way of doing that and no good
            cross platform -- or really platform-specific -- workaround
            exists.

            I suppose that at least this should be expanded to manually
            support the content-range header, but that seems error prone
            and verbose. At least this mostly works and is succinct. */
            fpassthru($f);
            fclose($f);
        } else {
            die("Couildn't read file.");
        }
    }
}

?>