speedie/curload
1
0
Fork 0
Code Issues 4 Pull requests Packages Projects Releases Wiki Activity

Move over from keys to proper user accounts

Browse source
This commit is contained in:
Jacob 2023-10-07 00:25:10 +02:00
parent 7377c9e245
commit 507680a339
13 changed files with 253 additions and 226 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
about.php
View file

@ -1,6 +1,6 @@
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Simple file uploading using POST requests
* Licensed under the GNU Affero General Public License version 3.0
*/

103
admin.php
View file

@ -1,6 +1,6 @@
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Simple file uploading using POST requests
* Licensed under the GNU Affero General Public License version 3.0
*/
@ -13,7 +13,7 @@ $Primary = 0;
$filterID = -1;
$Error = "";
if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
header('Location: login.php?redir=admin');
die();
} else if ($_SESSION['type'] != 2) { // not allowed
@ -39,17 +39,11 @@ if (!isset($_REQUEST['e'])) {
$Error = $_REQUEST['e'];
}
// in case admin keys are disabled
if (!$enableAdminKeys || $enableAdminKeys == "false") {
header('Location: /');
die();
}
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM keys');
$DatabaseQuery = $Database->query('SELECT * FROM users');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $line['key'] != "" && $line['keytype'] == 2 && ($enableKeys || $enableKeys == "true")) {
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $_SESSION['password'] != "" && $line['usertype'] == 2) {
$Authorized = 1;
$Primary = $line['primaryadmin'];
break;
@ -75,10 +69,10 @@ if ($Action == "files") {
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=files\">Files</a>\n";
}
if ($Action == "keys") {
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=keys\" id='sel'>Keys</a>\n";
if ($Action == "users") {
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=users\" id='sel'>Users</a>\n";
} else {
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=keys\">Keys</a>\n";
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=users\">Users</a>\n";
}
if ($Action == "create") {
@ -98,31 +92,31 @@ if ($Action == "files") {
$html .= "\t\t\t\t\t\t<th class=\"adminID\">ID</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminFilename\">Filename</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminUploadDate\">Upload date</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminKeyID\">Key ID</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminKeyType\">Key type</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminUploader\">Uploader</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminuserType\">User type</th>\n";
$html .= "\t\t\t\t\t</tr>\n";
while ($line = $DatabaseQuery->fetchArray()) {
$ID = $line['id'];
$Filename = $line['file'];
$uploadDate = $line['uploaddate'];
$keyID = $line['keyid'];
$keytypeID = $line['keytype'];
$Username = $line['username'];
$usertypeID = $line['usertype'];
if ($line['keytype'] == 1) {
$keyType = "Key";
} else if ($line['keytype'] == 2) {
$keyType = "Administrator";
if ($line['usertype'] == 1) {
$userType = "User";
} else if ($line['usertype'] == 2) {
$userType = "Administrator";
} else {
$keyType = "Unknown";
$userType = "Unknown";
}
$html .= "\t\t\t\t\t<tr class=\"adminFileView\">\n";
$html .= "\t\t\t\t\t\t<td class=\"adminID\" id=\"adminID-$ID\">$ID</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminFilename\"><a href=\"$Filename\">$Filename</a></td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminUploadDate\">$uploadDate</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminKeyID\"><a href=\"admin.php?action=keys#id-$keytypeID-$keyID\">$keyID</a></td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminUsername\"><a href=\"admin.php?action=users#id-$usertypeID-$Username\">$Username</a></td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminuserType\">$userType</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove.php?redir=admin&id=$ID\">Remove</a></td>\n";
$html .= "\t\t\t\t\t</tr>\n";
@ -131,65 +125,70 @@ if ($Action == "files") {
$html .= "\t\t\t\t</table>\n";
} else if ($Action == "create") {
$html .= "\t\t\t\t<form class=\"adminCreateForm\" action=\"create.php?redir=admin\" method=\"post\">\n";
$html .= "\t\t\t\t\t<label for=\"type\">Type</label>\n";
$html .= "\t\t\t\t\t<label for=\"type\">User type</label>\n";
$html .= "\t\t\t\t\t<select name=\"type\" required>\n";
if ($Primary == 1) {
$html .= "\t\t\t\t\t\t<option value=\"Admin\">Administrator</option>\n";
}
$html .= "\t\t\t\t\t\t<option value=\"Key\" selected=\"selected\">Key</option>\n";
$html .= "\t\t\t\t\t\t<option value=\"Temporary\">Temporary Key</option>\n";
$html .= "\t\t\t\t\t\t<option value=\"User\" selected=\"selected\">User</option>\n";
$html .= "\t\t\t\t\t\t<option value=\"Temporary\">Temporary User</option>\n";
$html .= "\t\t\t\t\t</select>\n";
$html .= "\t\t\t\t\t<label for=\"data\">Key</label>\n";
$html .= "\t\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"Key\">\n";
$html .= "\t\t\t\t\t<label for=\"username\">Username</label>\n";
$html .= "\t\t\t\t\t<input type=\"text\" name=\"username\" placeholder=\"Username\">\n";
$html .= "\t\t\t\t\t<label for=\"password\">Password</label>\n";
$html .= "\t\t\t\t\t<input type=\"text\" name=\"password\" placeholder=\"Password\">\n";
$html .= "\t\t\t\t\t<br><br>\n";
$html .= "\t\t\t\t\t<label for=\"uploadsleft\">Number</label>\n";
$html .= "\t\t\t\t\t<input type=\"number\" name=\"uploadsleft\" min=\"1\" value=\"1\">\n";
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Create key\" name=\"create\">\n";
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Create user\" name=\"create\">\n";
$html .= "\t\t\t\t</form>\n";
// handle errors
if ($Error == "data") {
$html .= "\t\t\t\t<p class=\"adminError\">Invalid key.</p>\n";
$html .= "\t\t\t\t<p class=\"adminError\">Invalid user.</p>\n";
} else if ($Error == "type") {
$html .= "\t\t\t\t<p class=\"adminError\">Invalid type.</p>\n";
} else if ($Error == "denied") {
$html .= "\t\t\t\t<p class=\"adminError\">You don't have permission to create a key of this type.</p>\n";
$html .= "\t\t\t\t<p class=\"adminError\">You don't have permission to create a user of this type.</p>\n";
} else if ($Error == "exists") {
$html .= "\t\t\t\t<p class=\"adminError\">This key already exists.</p>\n";
$html .= "\t\t\t\t<p class=\"adminError\">This user already exists.</p>\n";
} else if ($Error == "uploads") {
$html .= "\t\t\t\t<p class=\"adminError\">Invalid amount of uploads.</p>\n";
} else if ($Error == "username") {
$html .= "\t\t\t\t<p class=\"adminError\">You must specify a username.</p>\n";
}
} else if ($Action == "keys") {
} else if ($Action == "users") {
if ($Primary != 1) {
$html .= "\t\t\t\t<p class=\"adminWarning\">Administrator keys are not visible.</p>\n";
$html .= "\t\t\t\t<p class=\"adminWarning\">Administrator users are not visible.</p>\n";
}
$html .= "\t\t\t\t<table class=\"adminKeyView\">\n";
$html .= "\t\t\t\t\t<tr class=\"adminKeyView\">\n";
$html .= "\t\t\t\t<table class=\"adminUserView\">\n";
$html .= "\t\t\t\t\t<tr class=\"adminUserView\">\n";
$html .= "\t\t\t\t\t\t<th class=\"adminID\">ID</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminKey\">Key</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminUser\">User</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminNumberOfUploads\">Uploads</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminUploadsLeft\">Uploads left</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminLastUsed\">Last used</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminIssued\">Issued</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminIP\">IP</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminUserAgent\">User agent</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminKeyType\">Key type</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminuserType\">User type</th>\n";
$html .= "\t\t\t\t\t</tr>\n";
$DatabaseQuery = $Database->query('SELECT * FROM keys');
$DatabaseQuery = $Database->query('SELECT * FROM users');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['id'] != $filterID && $filterID != -1) {
continue;
}
if ($line['keytype'] == 2 && $Primary != 1) {
if ($line['usertype'] == 2 && $Primary != 1) {
continue;
}
$ID = $line['id'];
$Key = $line['key'];
$Username = $line['username'];
$NumberOfUploads = $line['numberofuploads'];
$UploadsLeft = "";
$LastUsed = $line['lastused'];
@ -197,34 +196,34 @@ if ($Action == "files") {
$IP = $line['ip'];
$UserAgent = $line['useragent'];
$keyType = "Temporary";
$userType = "Temporary";
$UploadsLeft = $line['uploadsleft'];
if ($line['uploadsleft'] == -1) {
$UploadsLeft = "";
$keyType = "Key";
$userType = "User";
}
if ($line['keytype'] == 2) {
$keyType = "Administrator";
if ($line['usertype'] == 2) {
$userType = "Administrator";
if ($line['primaryadmin'] == 1) {
$keyType = "Primary Administrator";
$userType = "Primary Administrator";
}
}
$html .= "\t\t\t\t\t<tr class=\"adminKeyView\">\n";
$html .= "\t\t\t\t\t\t<td class=\"adminID\" id=\"id-1-$ID\">$ID</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminKey\">$Key</td>\n";
$html .= "\t\t\t\t\t<tr class=\"adminUserView\">\n";
$html .= "\t\t\t\t\t\t<td class=\"adminID\" id=\"id-1-$Username\">$ID</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminUser\">$Username</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminNumberOfUploads\"><a href=\"admin.php?action=files&id=$ID\">$NumberOfUploads</a></td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminUploadsLeft\">$UploadsLeft</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminLastUsed\">$LastUsed</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminIssued\">$Issued</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminIP\">$IP</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminUserAgent\">$UserAgent</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminuserType\">$userType</td>\n";
if ($Primary == 1 && $line['primaryadmin'] != 1) { // primary admins cannot be removed
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-key.php?redir=admin&id=$ID&type=2\">Remove</a></td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-user.php?redir=admin&id=$ID&type=2\">Remove</a></td>\n";
}
$html .= "\t\t\t\t\t</tr>\n";

47
config.def.ini
View file

@ -1,38 +1,35 @@
# curload default configuration file
[html]
instance_name = curload
instance_description = curload is a simple file uploading site allowing users to upload files by authenticating using a key.
footer_text = Licensed under the GNU Affero General Public License version 3.0.<br><br>Made in Sweden
css = index.css
javascript = index.js
logo = logo.svg
favicon = favicon.svg
instance_name = curload
instance_description = curload is a simple file uploading site allowing users to upload files
footer_text = Licensed under the GNU Affero General Public License version 3.0.<br><br>Made in Sweden
css = index.css
javascript = index.js
logo = logo.svg
favicon = favicon.svg
[header]
logo_header_size = 16
logo_header_size = 16
[upload]
upload_dir = uploads/
public_uploading = false
rename_duplicates = true
replace_original = false
max_size = 100
enable_upload_removal = true
enable_key_upload_removal = false
upload_dir = uploads/
public_uploading = false
rename_duplicates = true
replace_original = false
max_size = 100
enable_upload_removal = true
enable_user_upload_removal = false
[credentials]
sqldb = curload.sql
enable_keys = true
enable_temporary_keys = true
enable_admin_keys = true
sqldb = curload.sql
[logging]
store_ip = true
store_user_agent = true
store_issued = true
store_last_usage = true
store_number_of_uploads = true
store_ip = true
store_user_agent = true
store_issued = true
store_last_usage = true
store_number_of_uploads = true
[format]
date_format = Y/m/d
date_format = Y/m/d

14
config.php
View file

@ -1,6 +1,6 @@
<?php
/* curload
* Simple file uploading using POST requests and temporary keys
* Simple file uploading using POST requests
* Licensed under the GNU Affero General Public License version 3.0
*/
@ -22,13 +22,10 @@ $replaceOriginal = false;
$logoHeaderSize = 16;
$dateFormat = "Y/m/d";
$instanceName = "curload";
$instanceDescription = "curload is a simple file uploading site allowing users to upload files by authenticating using a key.";
$instanceDescription = "curload is a simple file uploading site allowing users to upload files.";
$footerText = "Licensed under the GNU Affero General Public License version 3.0.";
$enableKeys = true;
$enableAdminKeys = true;
$enableTemporaryKeys = true;
$enableUploadRemoval = true;
$enableKeyUploadRemoval = false;
$enableUserUploadRemoval = false;
$configFile = "";
@ -65,10 +62,7 @@ $footerText = $configEntries['footer_text'];
$publicUploading = $configEntries['public_uploading'];
$renameDuplicates = $configEntries['rename_duplicates'];
$replaceOriginal = $configEntries['replace_original'];
$enableKeys = $configEntries['enable_keys'];
$enableAdminKeys = $configEntries['enable_admin_keys'];
$enableTemporaryKeys = $configEntries['enable_temporary_keys'];
$enableUploadRemoval = $configEntries['enable_upload_removal'];
$enableKeyUploadRemoval = $configEntries['enable_key_upload_removal'];
$enableUserUploadRemoval = $configEntries['enable_user_upload_removal'];
$javaScript = $configEntries['javascript'];
?>

31
core.php
View file

@ -1,16 +1,17 @@
<?php
/* curload
* Simple file uploading using POST requests and temporary keys
* Simple file uploading using POST requests
* Licensed under the GNU Affero General Public License version 3.0
*/
function createTables($sqlDB) {
$Database = new SQLite3($sqlDB);
/* keys table
/* users table
* id (INTEGER PRIMARY KEY)
* key (TEXT)
* keytype (INT)
* username (TEXT)
* password (TEXT)
* usertype (INT)
* primaryadmin (INT)
* numberofuploads (INT)
* uploadsleft (INT)
@ -19,16 +20,16 @@ function createTables($sqlDB) {
* ip (TEXT)
* useragent (TEXT)
*/
$Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, keytype INT, primaryadmin INT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
$Database->exec("CREATE TABLE IF NOT EXISTS users(id INTEGER PRIMARY KEY, username TEXT, password TEXT, usertype INT, primaryadmin INT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
/* uploads table
* id (INTEGER PRIMARY KEY)
* file (TEXT)
* uploaddate (TEXT)
* keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE)
* keytype (INT)
*usernameeyusername (INT)
* usertype (INT)
*/
$Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, keytype INT)");
$Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, username TEXT, usertype INT)");
return $Database;
}
@ -51,7 +52,7 @@ function printHeader($html) {
$html .= "\t\t\t<span id='titleSpan' class='title'>\n";
if (file_exists($Logo)) $html .= "\t\t\t\t<img src=\"$Logo\" id=\"titleLogo\" class=\"title\" width=\"$logoHeaderSize\" height=\"$logoHeaderSize\">\n";
$html .= "\t\t\t\t<small id='title'><a id='title' href=\"/\">$instanceName</a></small>\n";
if (isset($_SESSION['key'])) $html .= "\t\t\t\t<small id='files'><a id='files' href=\"files.php\">Your files</a></small>\n";
if (isset($_SESSION['type'])) $html .= "\t\t\t\t<small id='files'><a id='files' href=\"files.php\">Your files</a></small>\n";
foreach (glob('*.php') as $file) {
if (!file_exists("$file".".name")) {
@ -63,7 +64,7 @@ function printHeader($html) {
$html .= "\t\t\t\t<small id='$name'><a id='$name' href=\"$file\">$name</a></small>\n";
}
if (!isset($_SESSION['key'])) {
if (!isset($_SESSION['type'])) {
$html .= "\t\t\t\t<small id='login'><a id='login' href=\"login.php\">Log in</a></small>\n";
} else {
$html .= "\t\t\t\t<small id='logout'><a id='logout' href=\"login.php?logout=true\">Log out</a></small>\n";
@ -113,7 +114,7 @@ function printFileUploadForm($html, $Error) {
$html .= "\t\t\t<p class=\"error\">No file specified.</p>\n";
} else if ($Error == "size") {
$html .= "\t\t\t<p class=\"error\">File is too big.</p>\n";
} else if ($Error == "key") {
} else if ($Error == "user") {
$html .= "\t\t\t<p class=\"error\">File upload failed: No uploads left.</p>\n";
} else if ($Error == "wtf") {
$html .= "\t\t\t<p class=\"error\">WTF? Try again.</p>\n";
@ -129,11 +130,11 @@ function checkIfAdminExists() {
$adminExists = 0;
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM keys');
$DatabaseQuery = $Database->query('SELECT * FROM users');
$adminExists = 0;
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['keytype'] == 2) {
if ($line['usertype'] == 2) {
$adminExists = 1;
break;
}
@ -156,4 +157,8 @@ function getUserAgent() {
return $_SERVER['HTTP_USER_AGENT'];
}
function generatePassword($pwd) {
return password_hash($pwd, PASSWORD_DEFAULT);
}
?>

75
create.php
View file

@ -1,35 +1,39 @@
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Simple file uploading using POST requests
* Licensed under the GNU Affero General Public License version 3.0
*/
include "core.php";
include "config.php";
$Redirect = "";
$uploadsLeft = 1;
$AuthorizedCreation = 0;
$AdminIsPrimary = 0;
$firstKey = 0;
$typeNum = 1;
$numberOfUploads = 0;
// fields
$Username = "";
$Password = "";
$lastUsed = "";
$Issued = "";
$ip = "";
$userAgent = "";
$Redirect = "";
$uploadsLeft = 1;
$AuthorizedCreation = 0;
$AdminIsPrimary = 0;
$firstUser = 0;
$typeNum = 1;
$numberOfUploads = 0;
if (isset($_REQUEST['redir'])) {
$Redirect = $_REQUEST['redir'];
}
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM keys');
$DatabaseQuery = $Database->query('SELECT * FROM users');
if (!checkIfAdminExists()) {
$firstKey = 1;
$firstUser = 1;
} else {
if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
header('Location: login.php?redir=admin');
die();
} else if ($_SESSION['type'] != 2) { // not allowed
@ -37,12 +41,12 @@ if (!checkIfAdminExists()) {
die();
}
$firstKey = 0;
$firstUser = 0;
}
$DatabaseQuery = $Database->query('SELECT * FROM keys');
$DatabaseQuery = $Database->query('SELECT * FROM users');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password']) {
$AuthorizedCreation = 1;
$AdminIsPrimary = $line['primaryadmin'];
break;
@ -50,19 +54,34 @@ while ($line = $DatabaseQuery->fetchArray()) {
}
// not authorized
if ($AuthorizedCreation != 1 && $firstKey != 1) {
if ($AuthorizedCreation != 1 && $firstUser != 1) {
header('Location: /');
die();
}
// data must be specified
if (isset($_REQUEST['data']) && $_REQUEST['data'] != "") {
$Data = $_REQUEST['data'];
// username must be specified
if (isset($_REQUEST['username']) && $_REQUEST['username'] != "") {
$Username = $_REQUEST['username'];
} else {
if ($Redirect == "admin") {
header("Location: admin.php?action=create&e=data");
header("Location: admin.php?action=create&e=username");
} else if ($Redirect == "setup") {
header("Location: setup.php?e=data");
header("Location: setup.php?e=username");
} else {
header("Location: /");
}
die();
}
// password must be specified
if (isset($_REQUEST['password']) && ($_REQUEST['password'] != "" && $firstUser == 1 || $firstUser != 1)) {
$Password = generatePassword($_REQUEST['password']);
} else {
if ($Redirect == "admin") {
header("Location: admin.php?action=create&e=password");
} else if ($Redirect == "setup") {
header("Location: setup.php?e=password");
} else {
header("Location: /");
}
@ -85,7 +104,7 @@ if (isset($_REQUEST['type']) && $_REQUEST['type'] != "") {
die();
}
// uploads left must be specified for temp keys
// uploads left must be specified for temp users
if (isset($_REQUEST['uploadsleft']) && $Type == "Temporary") {
$uploadsLeft = $_REQUEST['uploadsleft'];
@ -104,8 +123,8 @@ if (isset($_REQUEST['uploadsleft']) && $Type == "Temporary") {
$uploadsLeft = -1;
}
// only primary admins may create admin keys
if ($AdminIsPrimary != 1 && $firstKey != 1 && $Type == "Admin") {
// only primary admins may create admin users
if ($AdminIsPrimary != 1 && $firstUser != 1 && $Type == "Admin") {
if ($Redirect == "admin") {
header("Location: admin.php?action=create&e=denied");
} else if ($Redirect == "setup") {
@ -117,10 +136,10 @@ if ($AdminIsPrimary != 1 && $firstKey != 1 && $Type == "Admin") {
die();
}
// check if a key by the same name already exists
$DatabaseQuery = $Database->query('SELECT * FROM keys');
// check if a user by the same name already exists
$DatabaseQuery = $Database->query('SELECT * FROM users');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == "$Data" && $Data != "" && $line['key'] != "") {
if ($line['username'] == "$Username" && $Username != "" && $line['username'] != "") {
if ($Redirect == "admin") {
header("Location: admin.php?action=create&e=exists");
} else if ($Redirect == "setup") {
@ -144,10 +163,10 @@ if ($Type == "Admin") {
$typeNum = 1;
}
$Database->exec("INSERT INTO keys(key, keytype, primaryadmin, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Data', '$typeNum', '$firstKey', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')");
$Database->exec("INSERT INTO users(username, password, usertype, primaryadmin, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Username', '$Password', '$typeNum', '$firstUser', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')");
if ($Redirect == "admin") {
header("Location: admin.php?action=keys");
header("Location: admin.php?action=users");
} else {
header("Location: /");
}

24
files.php
View file

@ -1,6 +1,6 @@
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Simple file uploading using POST requests
* Licensed under the GNU Affero General Public License version 3.0
*/
@ -14,7 +14,7 @@ if (isset($_REQUEST['e'])) $Error = $_REQUEST['e'];
$html = printHeader($html);
$html .= "\t\t\t<h1>Your files</h1>\n";
$html .= "\t\t\t\t<p>These are the files you have uploaded using this key.</p>\n";
$html .= "\t\t\t\t<p>These are the files you have uploaded using this account.</p>\n";
// If logged in ...
if (isset($_SESSION['type']) && (!$publicUploading || $publicUploading == "false")) {
@ -32,21 +32,21 @@ if (isset($_SESSION['type']) && (!$publicUploading || $publicUploading == "false
$ID = $line['id'];
$Filename = $line['file'];
$uploadDate = $line['uploaddate'];
$keyID = $line['keyid'];
$keytypeID = $line['keytype'];
$Username = $line['username'];
$usertypeID = $line['usertype'];
$CorrectFile = 0;
if ($line['keytype'] == 1) {
$keyType = "Key";
} else if ($line['keytype'] == 2) {
$keyType = "Administrator";
if ($line['usertype'] == 1) {
$userType = "User";
} else if ($line['usertype'] == 2) {
$userType = "Administrator";
} else {
$keyType = "Unknown";
$userType = "Unknown";
}
$UserDatabaseQuery = $Database->query('SELECT * FROM keys');
$UserDatabaseQuery = $Database->query('SELECT * FROM users');
while ($uline = $UserDatabaseQuery->fetchArray()) {
if ($uline['id'] == $keyID && $_SESSION['key'] == $uline['key']) {
if ($uline['username'] == $Username && $_SESSION['username'] == $uline['username']) {
$CorrectFile = 1;
break;
}
@ -62,7 +62,7 @@ if (isset($_SESSION['type']) && (!$publicUploading || $publicUploading == "false
$html .= "\t\t\t\t\t\t<td class=\"fileFilename\"><a href=\"$Filename\">$Filename</a></td>\n";
$html .= "\t\t\t\t\t\t<td class=\"fileUploadDate\">$uploadDate</td>\n";
if (($enableKeyUploadRemoval || $enableKeyUploadRemoval == "true") || $keytypeID == 2) {
if (($enableUserUploadRemoval || $enableUserUploadRemoval == "true") || $usertypeID == 2) {
$html .= "\t\t\t\t\t\t<td class=\"fileRemove\"><a href=\"/remove.php?redir=files&id=$ID\">Remove</a></td>\n";
}

6
index.php
View file

@ -1,6 +1,6 @@
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Simple file uploading using POST requests
* Licensed under the GNU Affero General Public License version 3.0
*/
@ -32,10 +32,10 @@ $html .= "\t\t\t\t<p>$instanceDescription</p>\n";
if (isset($_SESSION['type']) || ($publicUploading || $publicUploading == "true")) {
$html = printFileUploadForm($html, $Error);
} else {
$html .= "\t\t\t\t<p>To upload a file, <a href=\"login.php\">log in using your key</a> and select a file to upload. After uploading, you will receive a link to the file stored on the servers.</p>\n";
$html .= "\t\t\t\t<p>To upload a file, <a href=\"login.php\">log in using your username and password</a> and select a file to upload. After uploading, you will receive a link to the file stored on the servers.</p>\n";
}
$html .= "\t\t\t\t<p>You can also upload a file using <code>curl</code> (or any POST request):<br><br><code>curl -F \"file=@myfile\" -F \"key=mykey\" \"https://dl.speedie.site/upload.php\"</code>.</p>\n";
$html .= "\t\t\t\t<p>You can also upload a file using <code>curl</code> (or any POST request):<br><br><code>curl -F \"file=@myfile\" -F \"username=myusername\" -F \"password=mypassword\" \"https://dl.speedie.site/upload.php\"</code>.</p>\n";
// End the content div and print footer
$html = printFooter($html);

58
login.php
View file

@ -1,6 +1,6 @@
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Simple file uploading using POST requests
* Licensed under the GNU Affero General Public License version 3.0
*/
@ -8,23 +8,23 @@ include "config.php";
include "core.php";
$Authorized = 0;
$KeyType = 0;
$userType = 0;
$Redirect = "";
if (isset($_REQUEST['redir'])) {
$Redirect = $_REQUEST['redir'];
}
if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "true") {
session_unset();
session_destroy();
header('Location: login.php');
die();
}
// if a session exists, redirect the user there instead
if (isset($_SESSION['key'])) {
if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "true") {
session_unset();
session_destroy();
header('Location: login.php');
die();
}
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
if ($Redirect == "index" || ($Redirect == "admin" && $_SESSION['type'] != 2) || $Redirect == "") {
header('Location: /');
die();
@ -34,37 +34,38 @@ if (isset($_SESSION['key'])) {
}
}
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
// check the validity of the key
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM keys');
$DatabaseQuery = $Database->query('SELECT * FROM users');
$Username = "";
$Password = "";
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
if ($line['username'] == $_REQUEST['username'] && $_REQUEST['username'] != "" && password_verify($_REQUEST['password'], $line['password'])) {
$Username = $line['username'];
$Password = $line['password'];
$id = $line['id'];
// update last usage
if ($storeLastUsage || $storeLastUsage == "true") {
$lastUsed = date($dateFormat);
$Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
$Database->exec("UPDATE users SET lastused='$lastUsed' WHERE id='$id'");
}
// update IP address
if ($storeIP || $storeIP == "true") {
$ip = getIPAddress();
$Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
$Database->exec("UPDATE users SET ip='$ip' WHERE id='$id'");
}
// update user agent
if ($storeAgent || $storeAgent == "true") {
$userAgent = getUserAgent();
$Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
$Database->exec("UPDATE users SET useragent='$userAgent' WHERE id='$id'");
}
$Authorized = 1;
$KeyType = $line['keytype'];
$userType = $line['usertype'];
break;
}
@ -79,8 +80,9 @@ if (isset($_REQUEST['key'])) {
die();
}
$_SESSION['key'] = $Key;
$_SESSION['type'] = $KeyType;
$_SESSION['type'] = $userType;
$_SESSION['username'] = $Username;
$_SESSION['password'] = $Password;
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
header("Location: login.php?e=true&redir=$Redirect");
@ -95,15 +97,19 @@ if (isset($_REQUEST['key'])) {
$html = printHeader($html);
$html .= "\t\t\t<h1 id='loginHeader'>Login</h1>\n";
$html .= "\t\t\t\t<p>Enter your login key to continue.</p>\n";
$html .= "\t\t\t\t<p>Enter your username and password to continue.</p>\n";
$html .= "\t\t\t\t<form action=\"login.php\">\n";
$html .= "\t\t\t\t\t<input type=\"password\" name=\"key\" placeholder=\"Login key\">\n";
$html .= "\t\t\t\t\t<input type=\"text\" name=\"username\" placeholder=\"Username\">\n";
$html .= "\t\t\t\t\t<input type=\"password\" name=\"password\" placeholder=\"Password\">\n";
if (isset($Redirect)) $html .= "\t\t\t\t\t<input type=\"hidden\" name=\"redir\" value=\"$Redirect\">\n";
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Login\">\n";
$html .= "\t\t\t\t</form>\n";
if (isset($_REQUEST['e']) && $_REQUEST['e'] == "true") {
$html .= "\t\t\t\t<p class=\"error\">Invalid key.</p>\n";
session_unset();
session_destroy();
$html .= "\t\t\t\t<p class=\"error\">Invalid username or password.</p>\n";
}
$html = printFooter($html);

18
remove-key.php → remove-user.php
View file

@ -1,13 +1,13 @@
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Simple file uploading using POST requests
* Licensed under the GNU Affero General Public License version 3.0
*/
include "config.php";
include "core.php";
if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
header('Location: login.php?redir=admin');
die();
} else if ($_SESSION['type'] != 2) { // not allowed
@ -16,7 +16,7 @@ if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
}
$AdminIsPrimary = 0;
$KeyIsPrimary = 0;
$UserIsPrimary = 0;
$AuthorizedRemoval = 0;
$Removed = 0;
$Redirect = "";
@ -42,10 +42,10 @@ if (isset($_REQUEST['redir'])) {
}
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM keys');
$DatabaseQuery = $Database->query('SELECT * FROM users');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['keytype'] == 2 && $line['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
if ($line['usertype'] == 2 && $line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $_SESSION['password'] != "") {
$AuthorizedRemoval = 1;
$AdminIsPrimary = $line['primaryadmin'];
break;
@ -58,11 +58,11 @@ if ($AuthorizedRemoval != 1) {
die();
}
$DatabaseQuery = $Database->query('SELECT * FROM keys');
$DatabaseQuery = $Database->query('SELECT * FROM users');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1 && $line['primaryadmin'] != 1) { // passed ID is a key that exists
if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1 && $line['primaryadmin'] != 1) {
if ($AuthorizedRemoval == 1 && (($AdminIsPrimary == 1 && $line['id'] == 2) || $line['id'] != 2)) {
$Database->exec("DELETE FROM keys WHERE id='$id'");
$Database->exec("DELETE FROM users WHERE id='$id'");
$Removed = 1;
} else {
print "You aren't authorized to perform this action.";
@ -74,7 +74,7 @@ while ($line = $DatabaseQuery->fetchArray()) {
}
if ($Redirect == "admin") {
header("Location: admin.php?action=keys");
header("Location: admin.php?action=users");
} else {
header("Location: /");
}

30
remove.php
View file

@ -1,16 +1,16 @@
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Simple file uploading using POST requests
* Licensed under the GNU Affero General Public License version 3.0
*/
include "config.php";
include "core.php";
if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
header('Location: login.php');
die();
} else if ($_SESSION['type'] != 2 && (!$enableKeyUploadRemoval || $enableKeyUploadRemoval == "false")) { // not allowed
} else if ($_SESSION['type'] != 2 && (!$enableUserUploadRemoval || $enableUserUploadRemoval == "false")) { // not allowed
header('Location: /');
die();
}
@ -42,32 +42,32 @@ $DatabaseQuery = $Database->query('SELECT * FROM uploads');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['id'] == $fileID) { // passed ID is a file that exists
// check if our key is authorized to remove the file
if (($enableKeys || $enableKeys == "true") && ($enableKeyUploadRemoval || $enableKeyUploadRemoval == "true")) {
$keyDatabaseQuery = $Database->query('SELECT * FROM keys');
// check if our user is authorized to remove the file
if ($enableUserUploadRemoval || $enableUserUploadRemoval == "true") {
$userDatabaseQuery = $Database->query('SELECT * FROM users');
while ($kline = $keyDatabaseQuery->fetchArray()) {
if ($line['keyid'] == $kline['id']) {
while ($kline = $userDatabaseQuery->fetchArray()) {
if ($line['username'] == $kline['username'] && $_SESSION['username'] == $kline['username'] && $_SESSION['password'] == $kline['password']) {
$AuthorizedRemoval = 1;
break;
}
}
}
// check if the key is an admin key, automatically making it authorized to remove the file provided it wasn't uploaded by a primary admin
// check if the user is an admin, automatically making it authorized to remove the file provided it wasn't uploaded by a primary admin
if ($AuthorizedRemoval != 1 && ($enableUploadRemoval || $enableUploadRemoval == "true")) {
$keyDatabaseQuery = $Database->query('SELECT * FROM keys');
$userDatabaseQuery = $Database->query('SELECT * FROM users');
// check if the file was uploaded by a primary admin
while ($kline = $keyDatabaseQuery->fetchArray()) {
if ($kline['key'] == $line['keyid']) {
while ($kline = $userDatabaseQuery->fetchArray()) {
if ($kline['username'] == $line['username']) {
$fileUploadedByPrimary = $kline['primaryadmin'];
}
}
while ($kline = $keyDatabaseQuery->fetchArray()) {
if ($kline['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $kline['key'] != "" && $kline['keytype'] == 2) { // key = passed key
if (($fileUploadedByPrimary == 1 && $kline['primaryadmin'] == 1) || ($fileUploadedByPrimary == 0)) { // primary key passed and primary file OR non primary file
while ($kline = $userDatabaseQuery->fetchArray()) {
if ($kline['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $kline['password'] == $_SESSION['password'] && $kline['usertype'] == 2) {
if (($fileUploadedByPrimary == 1 && $kline['primaryadmin'] == 1) || ($fileUploadedByPrimary == 0)) {
$AuthorizedRemoval = 1;
break;
}

23
setup.php
View file

@ -1,6 +1,6 @@
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Simple file uploading using POST requests
* Licensed under the GNU Affero General Public License version 3.0
*/
@ -19,25 +19,26 @@ if (checkIfAdminExists()) {
$html = printHeader($html);
$html .= "\t\t\t<h1>Welcome</h1>\n";
$html .= "\t\t\t\t<p>Before curload can be used, a primary administrator must be created.</p>\n";
$html .= "\t\t\t\t<p class='error'>Please note that the primary administrator key cannot trivially be changed later.</p>\n";
$html .= "\t\t\t\t<p>Before curload can be used, a primary administrator user must be created.</p>\n";
$html .= "\t\t\t\t<form class=\"adminCreateForm\" action=\"create.php?redir=setup\" method=\"post\">\n";
$html .= "\t\t\t\t\t<label for=\"data\">Key</label>\n";
$html .= "\t\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"Key\">\n";
$html .= "\t\t\t\t\t<label for=\"username\">Username</label>\n";
$html .= "\t\t\t\t\t<input type=\"text\" name=\"username\" placeholder=\"Username\">\n";
$html .= "\t\t\t\t\t<label for=\"password\">Password</label>\n";
$html .= "\t\t\t\t\t<input type=\"password\" name=\"password\" placeholder=\"Password\">\n";
$html .= "\t\t\t\t\t<input type=\"hidden\" name=\"type\" value=\"Admin\">\n";
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Create key\" name=\"create\">\n";
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Create user\" name=\"create\">\n";
$html .= "\t\t\t\t</form>\n";
// handle errors
if ($Error == "data") {
$html .= "\t\t\t\t<p class=\"adminError\">Invalid key.</p>\n";
if ($Error == "password" || $Error == "username") {
$html .= "\t\t\t\t<p class=\"adminError\">Invalid username or password.</p>\n";
} else if ($Error == "type") {
$html .= "\t\t\t\t<p class=\"adminError\">Invalid type.</p>\n";
} else if ($Error == "denied") {
$html .= "\t\t\t\t<p class=\"adminError\">You don't have permission to create a key of this type.</p>\n";
} else if ($Error == "exists") {
$html .= "\t\t\t\t<p class=\"adminError\">This key already exists.</p>\n";
$html .= "\t\t\t\t<p class=\"adminError\">You don't have permission to create a user of this type.</p>\n";
} else if ($Error == "exists") { // i mean, how the fuck would this happen anyway?
$html .= "\t\t\t\t<p class=\"adminError\">This user already exists.</p>\n";
} else if ($Error == "uploads") {
$html .= "\t\t\t\t<p class=\"adminError\">Invalid amount of uploads.</p>\n";
}

48
upload.php
View file

@ -1,6 +1,6 @@
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Simple file uploading using POST requests
* Licensed under the GNU Affero General Public License version 3.0
*/
@ -9,22 +9,27 @@ include "core.php";
$WebInterface = 1;
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
$Username = "";
$Password = "";
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
$Username = $_REQUEST['username'];
$Password = $_REQUEST['password'];
$WebInterface = 0;
} else if (isset($_SESSION['key'])) {
$Key = $_SESSION['key'];
} else if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
$Username = $_SESSION['username'];
$Password = $_SESSION['password'];
$WebInterface = 1;
} else if (!$publicUploading || $publicUploading == "false") {
print "No key specified.";
print "Username and password must be specified.";
die();
}
$Status = 0;
$Authorized = 0;
$keyType = 1;
$userType = 1;
$uploadLimit = $maxFileSize * 1000000;
$keyID = 0;
$Username = "";
if (!isset($_FILES['file']['name']) || $_FILES['file']['name'] == "") {
if ($WebInterface == 0) {
@ -40,51 +45,52 @@ $Database = createTables($sqlDB);
// init database
if (!$publicUploading || $publicUploading == "false") {
$DatabaseQuery = $Database->query('SELECT * FROM keys');
$DatabaseQuery = $Database->query('SELECT * FROM users');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0 && ($enableKeys || $enableKeys == "true")) {
if ($line['username'] == $Username && $Username != "" && $line['password'] != "" && $Password == $line['password'] && $line['uploadsleft'] != 0) {
$id = $line['id'];
$keyID = $id;
$Username = $line['username'];
// decrease uploads left if temporary
if ($line['uploadsleft'] != -1) {
$uploadsLeft = $line['uploadsleft'] - 1;
$Database->exec("UPDATE keys SET uploadsleft='$uploadsLeft' WHERE id='$id'");
$Database->exec("UPDATE users SET uploadsleft='$uploadsLeft' WHERE id='$id'");
}
if ($storeLastUsage || $storeLastUsage == "true") {
$lastUsed = date($dateFormat);
$Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
$Database->exec("UPDATE users SET lastused='$lastUsed' WHERE id='$id'");
}
if ($storeUploads || $storeUploads == "true") {
$numberOfUploads = $line['numberofuploads'] + 1;
$Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
$Database->exec("UPDATE users SET numberofuploads='$numberOfUploads' WHERE id='$id'");
}
if ($storeIP || $storeIP == "true") {
$ip = getIPAddress();
$Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
$Database->exec("UPDATE users SET ip='$ip' WHERE id='$id'");
}
if ($storeAgent || $storeAgent == "true") {
$userAgent = getUserAgent();
$Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
$Database->exec("UPDATE users SET useragent='$userAgent' WHERE id='$id'");
}
$Authorized = 1;
$keyType = $line['keytype'];
$userType = $line['usertype'];
break;
}
}
// Not an authorized key
// Not authorized
if ($Authorized == 0) {
if ($WebInterface == 0) {
print "Not authorized: Your key is invalid.";
print "Not authorized: Your username or password is invalid.";
die();
} else {
header("Location: /?e=key");
header("Location: /?e=user");
die();
}
}
@ -136,7 +142,7 @@ if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
$lastUsed = date($dateFormat);
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
$Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')");
$Database->exec("INSERT INTO uploads(file, uploaddate, username, usertype) VALUES('$uploadedFile', '$lastUsed', '$Username', '$userType')");
if ($WebInterface == 0) {
print "$uploadedFile";