Move over from keys to proper user accounts
This commit is contained in:
parent
7377c9e245
commit
507680a339
|
@ -1,6 +1,6 @@
|
|||
<?php session_start();
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
|
|
103
admin.php
103
admin.php
|
@ -1,6 +1,6 @@
|
|||
<?php session_start();
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
|
@ -13,7 +13,7 @@ $Primary = 0;
|
|||
$filterID = -1;
|
||||
$Error = "";
|
||||
|
||||
if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
|
||||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php?redir=admin');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2) { // not allowed
|
||||
|
@ -39,17 +39,11 @@ if (!isset($_REQUEST['e'])) {
|
|||
$Error = $_REQUEST['e'];
|
||||
}
|
||||
|
||||
// in case admin keys are disabled
|
||||
if (!$enableAdminKeys || $enableAdminKeys == "false") {
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $line['key'] != "" && $line['keytype'] == 2 && ($enableKeys || $enableKeys == "true")) {
|
||||
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $_SESSION['password'] != "" && $line['usertype'] == 2) {
|
||||
$Authorized = 1;
|
||||
$Primary = $line['primaryadmin'];
|
||||
break;
|
||||
|
@ -75,10 +69,10 @@ if ($Action == "files") {
|
|||
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=files\">Files</a>\n";
|
||||
}
|
||||
|
||||
if ($Action == "keys") {
|
||||
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=keys\" id='sel'>Keys</a>\n";
|
||||
if ($Action == "users") {
|
||||
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=users\" id='sel'>Users</a>\n";
|
||||
} else {
|
||||
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=keys\">Keys</a>\n";
|
||||
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=users\">Users</a>\n";
|
||||
}
|
||||
|
||||
if ($Action == "create") {
|
||||
|
@ -98,31 +92,31 @@ if ($Action == "files") {
|
|||
$html .= "\t\t\t\t\t\t<th class=\"adminID\">ID</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminFilename\">Filename</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminUploadDate\">Upload date</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminKeyID\">Key ID</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminKeyType\">Key type</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminUploader\">Uploader</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminuserType\">User type</th>\n";
|
||||
$html .= "\t\t\t\t\t</tr>\n";
|
||||
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
$ID = $line['id'];
|
||||
$Filename = $line['file'];
|
||||
$uploadDate = $line['uploaddate'];
|
||||
$keyID = $line['keyid'];
|
||||
$keytypeID = $line['keytype'];
|
||||
$Username = $line['username'];
|
||||
$usertypeID = $line['usertype'];
|
||||
|
||||
if ($line['keytype'] == 1) {
|
||||
$keyType = "Key";
|
||||
} else if ($line['keytype'] == 2) {
|
||||
$keyType = "Administrator";
|
||||
if ($line['usertype'] == 1) {
|
||||
$userType = "User";
|
||||
} else if ($line['usertype'] == 2) {
|
||||
$userType = "Administrator";
|
||||
} else {
|
||||
$keyType = "Unknown";
|
||||
$userType = "Unknown";
|
||||
}
|
||||
|
||||
$html .= "\t\t\t\t\t<tr class=\"adminFileView\">\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminID\" id=\"adminID-$ID\">$ID</td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminFilename\"><a href=\"$Filename\">$Filename</a></td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminUploadDate\">$uploadDate</td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminKeyID\"><a href=\"admin.php?action=keys#id-$keytypeID-$keyID\">$keyID</a></td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminUsername\"><a href=\"admin.php?action=users#id-$usertypeID-$Username\">$Username</a></td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminuserType\">$userType</td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove.php?redir=admin&id=$ID\">Remove</a></td>\n";
|
||||
|
||||
$html .= "\t\t\t\t\t</tr>\n";
|
||||
|
@ -131,65 +125,70 @@ if ($Action == "files") {
|
|||
$html .= "\t\t\t\t</table>\n";
|
||||
} else if ($Action == "create") {
|
||||
$html .= "\t\t\t\t<form class=\"adminCreateForm\" action=\"create.php?redir=admin\" method=\"post\">\n";
|
||||
$html .= "\t\t\t\t\t<label for=\"type\">Type</label>\n";
|
||||
$html .= "\t\t\t\t\t<label for=\"type\">User type</label>\n";
|
||||
$html .= "\t\t\t\t\t<select name=\"type\" required>\n";
|
||||
|
||||
if ($Primary == 1) {
|
||||
$html .= "\t\t\t\t\t\t<option value=\"Admin\">Administrator</option>\n";
|
||||
}
|
||||
|
||||
$html .= "\t\t\t\t\t\t<option value=\"Key\" selected=\"selected\">Key</option>\n";
|
||||
$html .= "\t\t\t\t\t\t<option value=\"Temporary\">Temporary Key</option>\n";
|
||||
$html .= "\t\t\t\t\t\t<option value=\"User\" selected=\"selected\">User</option>\n";
|
||||
$html .= "\t\t\t\t\t\t<option value=\"Temporary\">Temporary User</option>\n";
|
||||
$html .= "\t\t\t\t\t</select>\n";
|
||||
$html .= "\t\t\t\t\t<label for=\"data\">Key</label>\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"Key\">\n";
|
||||
$html .= "\t\t\t\t\t<label for=\"username\">Username</label>\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"text\" name=\"username\" placeholder=\"Username\">\n";
|
||||
$html .= "\t\t\t\t\t<label for=\"password\">Password</label>\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"text\" name=\"password\" placeholder=\"Password\">\n";
|
||||
$html .= "\t\t\t\t\t<br><br>\n";
|
||||
$html .= "\t\t\t\t\t<label for=\"uploadsleft\">Number</label>\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"number\" name=\"uploadsleft\" min=\"1\" value=\"1\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Create key\" name=\"create\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Create user\" name=\"create\">\n";
|
||||
$html .= "\t\t\t\t</form>\n";
|
||||
|
||||
// handle errors
|
||||
if ($Error == "data") {
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">Invalid key.</p>\n";
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">Invalid user.</p>\n";
|
||||
} else if ($Error == "type") {
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">Invalid type.</p>\n";
|
||||
} else if ($Error == "denied") {
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">You don't have permission to create a key of this type.</p>\n";
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">You don't have permission to create a user of this type.</p>\n";
|
||||
} else if ($Error == "exists") {
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">This key already exists.</p>\n";
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">This user already exists.</p>\n";
|
||||
} else if ($Error == "uploads") {
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">Invalid amount of uploads.</p>\n";
|
||||
} else if ($Error == "username") {
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">You must specify a username.</p>\n";
|
||||
}
|
||||
} else if ($Action == "keys") {
|
||||
} else if ($Action == "users") {
|
||||
if ($Primary != 1) {
|
||||
$html .= "\t\t\t\t<p class=\"adminWarning\">Administrator keys are not visible.</p>\n";
|
||||
$html .= "\t\t\t\t<p class=\"adminWarning\">Administrator users are not visible.</p>\n";
|
||||
}
|
||||
|
||||
$html .= "\t\t\t\t<table class=\"adminKeyView\">\n";
|
||||
$html .= "\t\t\t\t\t<tr class=\"adminKeyView\">\n";
|
||||
$html .= "\t\t\t\t<table class=\"adminUserView\">\n";
|
||||
$html .= "\t\t\t\t\t<tr class=\"adminUserView\">\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminID\">ID</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminKey\">Key</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminUser\">User</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminNumberOfUploads\">Uploads</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminUploadsLeft\">Uploads left</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminLastUsed\">Last used</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminIssued\">Issued</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminIP\">IP</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminUserAgent\">User agent</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminKeyType\">Key type</th>\n";
|
||||
$html .= "\t\t\t\t\t\t<th class=\"adminuserType\">User type</th>\n";
|
||||
$html .= "\t\t\t\t\t</tr>\n";
|
||||
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['id'] != $filterID && $filterID != -1) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if ($line['keytype'] == 2 && $Primary != 1) {
|
||||
if ($line['usertype'] == 2 && $Primary != 1) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$ID = $line['id'];
|
||||
$Key = $line['key'];
|
||||
$Username = $line['username'];
|
||||
$NumberOfUploads = $line['numberofuploads'];
|
||||
$UploadsLeft = "";
|
||||
$LastUsed = $line['lastused'];
|
||||
|
@ -197,34 +196,34 @@ if ($Action == "files") {
|
|||
$IP = $line['ip'];
|
||||
$UserAgent = $line['useragent'];
|
||||
|
||||
$keyType = "Temporary";
|
||||
$userType = "Temporary";
|
||||
$UploadsLeft = $line['uploadsleft'];
|
||||
|
||||
if ($line['uploadsleft'] == -1) {
|
||||
$UploadsLeft = "∞";
|
||||
$keyType = "Key";
|
||||
$userType = "User";
|
||||
}
|
||||
if ($line['keytype'] == 2) {
|
||||
$keyType = "Administrator";
|
||||
if ($line['usertype'] == 2) {
|
||||
$userType = "Administrator";
|
||||
|
||||
if ($line['primaryadmin'] == 1) {
|
||||
$keyType = "Primary Administrator";
|
||||
$userType = "Primary Administrator";
|
||||
}
|
||||
}
|
||||
|
||||
$html .= "\t\t\t\t\t<tr class=\"adminKeyView\">\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminID\" id=\"id-1-$ID\">$ID</td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminKey\">$Key</td>\n";
|
||||
$html .= "\t\t\t\t\t<tr class=\"adminUserView\">\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminID\" id=\"id-1-$Username\">$ID</td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminUser\">$Username</td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminNumberOfUploads\"><a href=\"admin.php?action=files&id=$ID\">$NumberOfUploads</a></td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminUploadsLeft\">$UploadsLeft</td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminLastUsed\">$LastUsed</td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminIssued\">$Issued</td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminIP\">$IP</td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminUserAgent\">$UserAgent</td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminuserType\">$userType</td>\n";
|
||||
|
||||
if ($Primary == 1 && $line['primaryadmin'] != 1) { // primary admins cannot be removed
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-key.php?redir=admin&id=$ID&type=2\">Remove</a></td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-user.php?redir=admin&id=$ID&type=2\">Remove</a></td>\n";
|
||||
}
|
||||
|
||||
$html .= "\t\t\t\t\t</tr>\n";
|
||||
|
|
|
@ -1,38 +1,35 @@
|
|||
# curload default configuration file
|
||||
|
||||
[html]
|
||||
instance_name = curload
|
||||
instance_description = curload is a simple file uploading site allowing users to upload files by authenticating using a key.
|
||||
footer_text = Licensed under the GNU Affero General Public License version 3.0.<br><br>Made in Sweden
|
||||
css = index.css
|
||||
javascript = index.js
|
||||
logo = logo.svg
|
||||
favicon = favicon.svg
|
||||
instance_name = curload
|
||||
instance_description = curload is a simple file uploading site allowing users to upload files
|
||||
footer_text = Licensed under the GNU Affero General Public License version 3.0.<br><br>Made in Sweden
|
||||
css = index.css
|
||||
javascript = index.js
|
||||
logo = logo.svg
|
||||
favicon = favicon.svg
|
||||
|
||||
[header]
|
||||
logo_header_size = 16
|
||||
logo_header_size = 16
|
||||
|
||||
[upload]
|
||||
upload_dir = uploads/
|
||||
public_uploading = false
|
||||
rename_duplicates = true
|
||||
replace_original = false
|
||||
max_size = 100
|
||||
enable_upload_removal = true
|
||||
enable_key_upload_removal = false
|
||||
upload_dir = uploads/
|
||||
public_uploading = false
|
||||
rename_duplicates = true
|
||||
replace_original = false
|
||||
max_size = 100
|
||||
enable_upload_removal = true
|
||||
enable_user_upload_removal = false
|
||||
|
||||
[credentials]
|
||||
sqldb = curload.sql
|
||||
enable_keys = true
|
||||
enable_temporary_keys = true
|
||||
enable_admin_keys = true
|
||||
sqldb = curload.sql
|
||||
|
||||
[logging]
|
||||
store_ip = true
|
||||
store_user_agent = true
|
||||
store_issued = true
|
||||
store_last_usage = true
|
||||
store_number_of_uploads = true
|
||||
store_ip = true
|
||||
store_user_agent = true
|
||||
store_issued = true
|
||||
store_last_usage = true
|
||||
store_number_of_uploads = true
|
||||
|
||||
[format]
|
||||
date_format = Y/m/d
|
||||
date_format = Y/m/d
|
||||
|
|
14
config.php
14
config.php
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
|
@ -22,13 +22,10 @@ $replaceOriginal = false;
|
|||
$logoHeaderSize = 16;
|
||||
$dateFormat = "Y/m/d";
|
||||
$instanceName = "curload";
|
||||
$instanceDescription = "curload is a simple file uploading site allowing users to upload files by authenticating using a key.";
|
||||
$instanceDescription = "curload is a simple file uploading site allowing users to upload files.";
|
||||
$footerText = "Licensed under the GNU Affero General Public License version 3.0.";
|
||||
$enableKeys = true;
|
||||
$enableAdminKeys = true;
|
||||
$enableTemporaryKeys = true;
|
||||
$enableUploadRemoval = true;
|
||||
$enableKeyUploadRemoval = false;
|
||||
$enableUserUploadRemoval = false;
|
||||
|
||||
$configFile = "";
|
||||
|
||||
|
@ -65,10 +62,7 @@ $footerText = $configEntries['footer_text'];
|
|||
$publicUploading = $configEntries['public_uploading'];
|
||||
$renameDuplicates = $configEntries['rename_duplicates'];
|
||||
$replaceOriginal = $configEntries['replace_original'];
|
||||
$enableKeys = $configEntries['enable_keys'];
|
||||
$enableAdminKeys = $configEntries['enable_admin_keys'];
|
||||
$enableTemporaryKeys = $configEntries['enable_temporary_keys'];
|
||||
$enableUploadRemoval = $configEntries['enable_upload_removal'];
|
||||
$enableKeyUploadRemoval = $configEntries['enable_key_upload_removal'];
|
||||
$enableUserUploadRemoval = $configEntries['enable_user_upload_removal'];
|
||||
$javaScript = $configEntries['javascript'];
|
||||
?>
|
||||
|
|
31
core.php
31
core.php
|
@ -1,16 +1,17 @@
|
|||
<?php
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
function createTables($sqlDB) {
|
||||
$Database = new SQLite3($sqlDB);
|
||||
|
||||
/* keys table
|
||||
/* users table
|
||||
* id (INTEGER PRIMARY KEY)
|
||||
* key (TEXT)
|
||||
* keytype (INT)
|
||||
* username (TEXT)
|
||||
* password (TEXT)
|
||||
* usertype (INT)
|
||||
* primaryadmin (INT)
|
||||
* numberofuploads (INT)
|
||||
* uploadsleft (INT)
|
||||
|
@ -19,16 +20,16 @@ function createTables($sqlDB) {
|
|||
* ip (TEXT)
|
||||
* useragent (TEXT)
|
||||
*/
|
||||
$Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, keytype INT, primaryadmin INT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
|
||||
$Database->exec("CREATE TABLE IF NOT EXISTS users(id INTEGER PRIMARY KEY, username TEXT, password TEXT, usertype INT, primaryadmin INT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
|
||||
|
||||
/* uploads table
|
||||
* id (INTEGER PRIMARY KEY)
|
||||
* file (TEXT)
|
||||
* uploaddate (TEXT)
|
||||
* keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE)
|
||||
* keytype (INT)
|
||||
*usernameeyusername (INT)
|
||||
* usertype (INT)
|
||||
*/
|
||||
$Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, keytype INT)");
|
||||
$Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, username TEXT, usertype INT)");
|
||||
|
||||
return $Database;
|
||||
}
|
||||
|
@ -51,7 +52,7 @@ function printHeader($html) {
|
|||
$html .= "\t\t\t<span id='titleSpan' class='title'>\n";
|
||||
if (file_exists($Logo)) $html .= "\t\t\t\t<img src=\"$Logo\" id=\"titleLogo\" class=\"title\" width=\"$logoHeaderSize\" height=\"$logoHeaderSize\">\n";
|
||||
$html .= "\t\t\t\t<small id='title'><a id='title' href=\"/\">$instanceName</a></small>\n";
|
||||
if (isset($_SESSION['key'])) $html .= "\t\t\t\t<small id='files'><a id='files' href=\"files.php\">Your files</a></small>\n";
|
||||
if (isset($_SESSION['type'])) $html .= "\t\t\t\t<small id='files'><a id='files' href=\"files.php\">Your files</a></small>\n";
|
||||
|
||||
foreach (glob('*.php') as $file) {
|
||||
if (!file_exists("$file".".name")) {
|
||||
|
@ -63,7 +64,7 @@ function printHeader($html) {
|
|||
$html .= "\t\t\t\t<small id='$name'><a id='$name' href=\"$file\">$name</a></small>\n";
|
||||
}
|
||||
|
||||
if (!isset($_SESSION['key'])) {
|
||||
if (!isset($_SESSION['type'])) {
|
||||
$html .= "\t\t\t\t<small id='login'><a id='login' href=\"login.php\">Log in</a></small>\n";
|
||||
} else {
|
||||
$html .= "\t\t\t\t<small id='logout'><a id='logout' href=\"login.php?logout=true\">Log out</a></small>\n";
|
||||
|
@ -113,7 +114,7 @@ function printFileUploadForm($html, $Error) {
|
|||
$html .= "\t\t\t<p class=\"error\">No file specified.</p>\n";
|
||||
} else if ($Error == "size") {
|
||||
$html .= "\t\t\t<p class=\"error\">File is too big.</p>\n";
|
||||
} else if ($Error == "key") {
|
||||
} else if ($Error == "user") {
|
||||
$html .= "\t\t\t<p class=\"error\">File upload failed: No uploads left.</p>\n";
|
||||
} else if ($Error == "wtf") {
|
||||
$html .= "\t\t\t<p class=\"error\">WTF? Try again.</p>\n";
|
||||
|
@ -129,11 +130,11 @@ function checkIfAdminExists() {
|
|||
$adminExists = 0;
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
|
||||
$adminExists = 0;
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['keytype'] == 2) {
|
||||
if ($line['usertype'] == 2) {
|
||||
$adminExists = 1;
|
||||
break;
|
||||
}
|
||||
|
@ -156,4 +157,8 @@ function getUserAgent() {
|
|||
return $_SERVER['HTTP_USER_AGENT'];
|
||||
}
|
||||
|
||||
function generatePassword($pwd) {
|
||||
return password_hash($pwd, PASSWORD_DEFAULT);
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
75
create.php
75
create.php
|
@ -1,35 +1,39 @@
|
|||
<?php session_start();
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
include "core.php";
|
||||
include "config.php";
|
||||
|
||||
$Redirect = "";
|
||||
$uploadsLeft = 1;
|
||||
$AuthorizedCreation = 0;
|
||||
$AdminIsPrimary = 0;
|
||||
$firstKey = 0;
|
||||
$typeNum = 1;
|
||||
$numberOfUploads = 0;
|
||||
// fields
|
||||
$Username = "";
|
||||
$Password = "";
|
||||
$lastUsed = "";
|
||||
$Issued = "";
|
||||
$ip = "";
|
||||
$userAgent = "";
|
||||
|
||||
$Redirect = "";
|
||||
$uploadsLeft = 1;
|
||||
$AuthorizedCreation = 0;
|
||||
$AdminIsPrimary = 0;
|
||||
$firstUser = 0;
|
||||
$typeNum = 1;
|
||||
$numberOfUploads = 0;
|
||||
|
||||
if (isset($_REQUEST['redir'])) {
|
||||
$Redirect = $_REQUEST['redir'];
|
||||
}
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
|
||||
if (!checkIfAdminExists()) {
|
||||
$firstKey = 1;
|
||||
$firstUser = 1;
|
||||
} else {
|
||||
if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
|
||||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php?redir=admin');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2) { // not allowed
|
||||
|
@ -37,12 +41,12 @@ if (!checkIfAdminExists()) {
|
|||
die();
|
||||
}
|
||||
|
||||
$firstKey = 0;
|
||||
$firstUser = 0;
|
||||
}
|
||||
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
|
||||
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password']) {
|
||||
$AuthorizedCreation = 1;
|
||||
$AdminIsPrimary = $line['primaryadmin'];
|
||||
break;
|
||||
|
@ -50,19 +54,34 @@ while ($line = $DatabaseQuery->fetchArray()) {
|
|||
}
|
||||
|
||||
// not authorized
|
||||
if ($AuthorizedCreation != 1 && $firstKey != 1) {
|
||||
if ($AuthorizedCreation != 1 && $firstUser != 1) {
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
||||
// data must be specified
|
||||
if (isset($_REQUEST['data']) && $_REQUEST['data'] != "") {
|
||||
$Data = $_REQUEST['data'];
|
||||
// username must be specified
|
||||
if (isset($_REQUEST['username']) && $_REQUEST['username'] != "") {
|
||||
$Username = $_REQUEST['username'];
|
||||
} else {
|
||||
if ($Redirect == "admin") {
|
||||
header("Location: admin.php?action=create&e=data");
|
||||
header("Location: admin.php?action=create&e=username");
|
||||
} else if ($Redirect == "setup") {
|
||||
header("Location: setup.php?e=data");
|
||||
header("Location: setup.php?e=username");
|
||||
} else {
|
||||
header("Location: /");
|
||||
}
|
||||
|
||||
die();
|
||||
}
|
||||
|
||||
// password must be specified
|
||||
if (isset($_REQUEST['password']) && ($_REQUEST['password'] != "" && $firstUser == 1 || $firstUser != 1)) {
|
||||
$Password = generatePassword($_REQUEST['password']);
|
||||
} else {
|
||||
if ($Redirect == "admin") {
|
||||
header("Location: admin.php?action=create&e=password");
|
||||
} else if ($Redirect == "setup") {
|
||||
header("Location: setup.php?e=password");
|
||||
} else {
|
||||
header("Location: /");
|
||||
}
|
||||
|
@ -85,7 +104,7 @@ if (isset($_REQUEST['type']) && $_REQUEST['type'] != "") {
|
|||
die();
|
||||
}
|
||||
|
||||
// uploads left must be specified for temp keys
|
||||
// uploads left must be specified for temp users
|
||||
if (isset($_REQUEST['uploadsleft']) && $Type == "Temporary") {
|
||||
$uploadsLeft = $_REQUEST['uploadsleft'];
|
||||
|
||||
|
@ -104,8 +123,8 @@ if (isset($_REQUEST['uploadsleft']) && $Type == "Temporary") {
|
|||
$uploadsLeft = -1;
|
||||
}
|
||||
|
||||
// only primary admins may create admin keys
|
||||
if ($AdminIsPrimary != 1 && $firstKey != 1 && $Type == "Admin") {
|
||||
// only primary admins may create admin users
|
||||
if ($AdminIsPrimary != 1 && $firstUser != 1 && $Type == "Admin") {
|
||||
if ($Redirect == "admin") {
|
||||
header("Location: admin.php?action=create&e=denied");
|
||||
} else if ($Redirect == "setup") {
|
||||
|
@ -117,10 +136,10 @@ if ($AdminIsPrimary != 1 && $firstKey != 1 && $Type == "Admin") {
|
|||
die();
|
||||
}
|
||||
|
||||
// check if a key by the same name already exists
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
// check if a user by the same name already exists
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['key'] == "$Data" && $Data != "" && $line['key'] != "") {
|
||||
if ($line['username'] == "$Username" && $Username != "" && $line['username'] != "") {
|
||||
if ($Redirect == "admin") {
|
||||
header("Location: admin.php?action=create&e=exists");
|
||||
} else if ($Redirect == "setup") {
|
||||
|
@ -144,10 +163,10 @@ if ($Type == "Admin") {
|
|||
$typeNum = 1;
|
||||
}
|
||||
|
||||
$Database->exec("INSERT INTO keys(key, keytype, primaryadmin, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Data', '$typeNum', '$firstKey', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
||||
$Database->exec("INSERT INTO users(username, password, usertype, primaryadmin, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Username', '$Password', '$typeNum', '$firstUser', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
||||
|
||||
if ($Redirect == "admin") {
|
||||
header("Location: admin.php?action=keys");
|
||||
header("Location: admin.php?action=users");
|
||||
} else {
|
||||
header("Location: /");
|
||||
}
|
||||
|
|
24
files.php
24
files.php
|
@ -1,6 +1,6 @@
|
|||
<?php session_start();
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
|
@ -14,7 +14,7 @@ if (isset($_REQUEST['e'])) $Error = $_REQUEST['e'];
|
|||
|
||||
$html = printHeader($html);
|
||||
$html .= "\t\t\t<h1>Your files</h1>\n";
|
||||
$html .= "\t\t\t\t<p>These are the files you have uploaded using this key.</p>\n";
|
||||
$html .= "\t\t\t\t<p>These are the files you have uploaded using this account.</p>\n";
|
||||
|
||||
// If logged in ...
|
||||
if (isset($_SESSION['type']) && (!$publicUploading || $publicUploading == "false")) {
|
||||
|
@ -32,21 +32,21 @@ if (isset($_SESSION['type']) && (!$publicUploading || $publicUploading == "false
|
|||
$ID = $line['id'];
|
||||
$Filename = $line['file'];
|
||||
$uploadDate = $line['uploaddate'];
|
||||
$keyID = $line['keyid'];
|
||||
$keytypeID = $line['keytype'];
|
||||
$Username = $line['username'];
|
||||
$usertypeID = $line['usertype'];
|
||||
$CorrectFile = 0;
|
||||
|
||||
if ($line['keytype'] == 1) {
|
||||
$keyType = "Key";
|
||||
} else if ($line['keytype'] == 2) {
|
||||
$keyType = "Administrator";
|
||||
if ($line['usertype'] == 1) {
|
||||
$userType = "User";
|
||||
} else if ($line['usertype'] == 2) {
|
||||
$userType = "Administrator";
|
||||
} else {
|
||||
$keyType = "Unknown";
|
||||
$userType = "Unknown";
|
||||
}
|
||||
|
||||
$UserDatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
$UserDatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($uline = $UserDatabaseQuery->fetchArray()) {
|
||||
if ($uline['id'] == $keyID && $_SESSION['key'] == $uline['key']) {
|
||||
if ($uline['username'] == $Username && $_SESSION['username'] == $uline['username']) {
|
||||
$CorrectFile = 1;
|
||||
break;
|
||||
}
|
||||
|
@ -62,7 +62,7 @@ if (isset($_SESSION['type']) && (!$publicUploading || $publicUploading == "false
|
|||
$html .= "\t\t\t\t\t\t<td class=\"fileFilename\"><a href=\"$Filename\">$Filename</a></td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"fileUploadDate\">$uploadDate</td>\n";
|
||||
|
||||
if (($enableKeyUploadRemoval || $enableKeyUploadRemoval == "true") || $keytypeID == 2) {
|
||||
if (($enableUserUploadRemoval || $enableUserUploadRemoval == "true") || $usertypeID == 2) {
|
||||
$html .= "\t\t\t\t\t\t<td class=\"fileRemove\"><a href=\"/remove.php?redir=files&id=$ID\">Remove</a></td>\n";
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?php session_start();
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
|
@ -32,10 +32,10 @@ $html .= "\t\t\t\t<p>$instanceDescription</p>\n";
|
|||
if (isset($_SESSION['type']) || ($publicUploading || $publicUploading == "true")) {
|
||||
$html = printFileUploadForm($html, $Error);
|
||||
} else {
|
||||
$html .= "\t\t\t\t<p>To upload a file, <a href=\"login.php\">log in using your key</a> and select a file to upload. After uploading, you will receive a link to the file stored on the servers.</p>\n";
|
||||
$html .= "\t\t\t\t<p>To upload a file, <a href=\"login.php\">log in using your username and password</a> and select a file to upload. After uploading, you will receive a link to the file stored on the servers.</p>\n";
|
||||
}
|
||||
|
||||
$html .= "\t\t\t\t<p>You can also upload a file using <code>curl</code> (or any POST request):<br><br><code>curl -F \"file=@myfile\" -F \"key=mykey\" \"https://dl.speedie.site/upload.php\"</code>.</p>\n";
|
||||
$html .= "\t\t\t\t<p>You can also upload a file using <code>curl</code> (or any POST request):<br><br><code>curl -F \"file=@myfile\" -F \"username=myusername\" -F \"password=mypassword\" \"https://dl.speedie.site/upload.php\"</code>.</p>\n";
|
||||
|
||||
// End the content div and print footer
|
||||
$html = printFooter($html);
|
||||
|
|
58
login.php
58
login.php
|
@ -1,6 +1,6 @@
|
|||
<?php session_start();
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
|
@ -8,23 +8,23 @@ include "config.php";
|
|||
include "core.php";
|
||||
|
||||
$Authorized = 0;
|
||||
$KeyType = 0;
|
||||
$userType = 0;
|
||||
$Redirect = "";
|
||||
|
||||
if (isset($_REQUEST['redir'])) {
|
||||
$Redirect = $_REQUEST['redir'];
|
||||
}
|
||||
|
||||
if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "true") {
|
||||
session_unset();
|
||||
session_destroy();
|
||||
|
||||
header('Location: login.php');
|
||||
die();
|
||||
}
|
||||
|
||||
// if a session exists, redirect the user there instead
|
||||
if (isset($_SESSION['key'])) {
|
||||
if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "true") {
|
||||
session_unset();
|
||||
session_destroy();
|
||||
|
||||
header('Location: login.php');
|
||||
die();
|
||||
}
|
||||
|
||||
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
|
||||
if ($Redirect == "index" || ($Redirect == "admin" && $_SESSION['type'] != 2) || $Redirect == "") {
|
||||
header('Location: /');
|
||||
die();
|
||||
|
@ -34,37 +34,38 @@ if (isset($_SESSION['key'])) {
|
|||
}
|
||||
}
|
||||
|
||||
if (isset($_REQUEST['key'])) {
|
||||
$Key = $_REQUEST['key'];
|
||||
|
||||
// check the validity of the key
|
||||
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
$Username = "";
|
||||
$Password = "";
|
||||
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
|
||||
if ($line['username'] == $_REQUEST['username'] && $_REQUEST['username'] != "" && password_verify($_REQUEST['password'], $line['password'])) {
|
||||
$Username = $line['username'];
|
||||
$Password = $line['password'];
|
||||
$id = $line['id'];
|
||||
|
||||
// update last usage
|
||||
if ($storeLastUsage || $storeLastUsage == "true") {
|
||||
$lastUsed = date($dateFormat);
|
||||
$Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
|
||||
$Database->exec("UPDATE users SET lastused='$lastUsed' WHERE id='$id'");
|
||||
}
|
||||
|
||||
// update IP address
|
||||
if ($storeIP || $storeIP == "true") {
|
||||
$ip = getIPAddress();
|
||||
$Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
|
||||
$Database->exec("UPDATE users SET ip='$ip' WHERE id='$id'");
|
||||
}
|
||||
|
||||
// update user agent
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = getUserAgent();
|
||||
$Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
|
||||
$Database->exec("UPDATE users SET useragent='$userAgent' WHERE id='$id'");
|
||||
}
|
||||
|
||||
$Authorized = 1;
|
||||
$KeyType = $line['keytype'];
|
||||
$userType = $line['usertype'];
|
||||
|
||||
break;
|
||||
}
|
||||
|
@ -79,8 +80,9 @@ if (isset($_REQUEST['key'])) {
|
|||
die();
|
||||
}
|
||||
|
||||
$_SESSION['key'] = $Key;
|
||||
$_SESSION['type'] = $KeyType;
|
||||
$_SESSION['type'] = $userType;
|
||||
$_SESSION['username'] = $Username;
|
||||
$_SESSION['password'] = $Password;
|
||||
|
||||
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
|
||||
header("Location: login.php?e=true&redir=$Redirect");
|
||||
|
@ -95,15 +97,19 @@ if (isset($_REQUEST['key'])) {
|
|||
$html = printHeader($html);
|
||||
|
||||
$html .= "\t\t\t<h1 id='loginHeader'>Login</h1>\n";
|
||||
$html .= "\t\t\t\t<p>Enter your login key to continue.</p>\n";
|
||||
$html .= "\t\t\t\t<p>Enter your username and password to continue.</p>\n";
|
||||
$html .= "\t\t\t\t<form action=\"login.php\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"password\" name=\"key\" placeholder=\"Login key\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"text\" name=\"username\" placeholder=\"Username\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"password\" name=\"password\" placeholder=\"Password\">\n";
|
||||
if (isset($Redirect)) $html .= "\t\t\t\t\t<input type=\"hidden\" name=\"redir\" value=\"$Redirect\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Login\">\n";
|
||||
$html .= "\t\t\t\t</form>\n";
|
||||
|
||||
if (isset($_REQUEST['e']) && $_REQUEST['e'] == "true") {
|
||||
$html .= "\t\t\t\t<p class=\"error\">Invalid key.</p>\n";
|
||||
session_unset();
|
||||
session_destroy();
|
||||
|
||||
$html .= "\t\t\t\t<p class=\"error\">Invalid username or password.</p>\n";
|
||||
}
|
||||
|
||||
$html = printFooter($html);
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
<?php session_start();
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
include "config.php";
|
||||
include "core.php";
|
||||
|
||||
if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
|
||||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php?redir=admin');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2) { // not allowed
|
||||
|
@ -16,7 +16,7 @@ if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
|
|||
}
|
||||
|
||||
$AdminIsPrimary = 0;
|
||||
$KeyIsPrimary = 0;
|
||||
$UserIsPrimary = 0;
|
||||
$AuthorizedRemoval = 0;
|
||||
$Removed = 0;
|
||||
$Redirect = "";
|
||||
|
@ -42,10 +42,10 @@ if (isset($_REQUEST['redir'])) {
|
|||
}
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['keytype'] == 2 && $line['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
|
||||
if ($line['usertype'] == 2 && $line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $_SESSION['password'] != "") {
|
||||
$AuthorizedRemoval = 1;
|
||||
$AdminIsPrimary = $line['primaryadmin'];
|
||||
break;
|
||||
|
@ -58,11 +58,11 @@ if ($AuthorizedRemoval != 1) {
|
|||
die();
|
||||
}
|
||||
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1 && $line['primaryadmin'] != 1) { // passed ID is a key that exists
|
||||
if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1 && $line['primaryadmin'] != 1) {
|
||||
if ($AuthorizedRemoval == 1 && (($AdminIsPrimary == 1 && $line['id'] == 2) || $line['id'] != 2)) {
|
||||
$Database->exec("DELETE FROM keys WHERE id='$id'");
|
||||
$Database->exec("DELETE FROM users WHERE id='$id'");
|
||||
$Removed = 1;
|
||||
} else {
|
||||
print "You aren't authorized to perform this action.";
|
||||
|
@ -74,7 +74,7 @@ while ($line = $DatabaseQuery->fetchArray()) {
|
|||
}
|
||||
|
||||
if ($Redirect == "admin") {
|
||||
header("Location: admin.php?action=keys");
|
||||
header("Location: admin.php?action=users");
|
||||
} else {
|
||||
header("Location: /");
|
||||
}
|
30
remove.php
30
remove.php
|
@ -1,16 +1,16 @@
|
|||
<?php session_start();
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
include "config.php";
|
||||
include "core.php";
|
||||
|
||||
if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
|
||||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2 && (!$enableKeyUploadRemoval || $enableKeyUploadRemoval == "false")) { // not allowed
|
||||
} else if ($_SESSION['type'] != 2 && (!$enableUserUploadRemoval || $enableUserUploadRemoval == "false")) { // not allowed
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
@ -42,32 +42,32 @@ $DatabaseQuery = $Database->query('SELECT * FROM uploads');
|
|||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['id'] == $fileID) { // passed ID is a file that exists
|
||||
|
||||
// check if our key is authorized to remove the file
|
||||
if (($enableKeys || $enableKeys == "true") && ($enableKeyUploadRemoval || $enableKeyUploadRemoval == "true")) {
|
||||
$keyDatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
// check if our user is authorized to remove the file
|
||||
if ($enableUserUploadRemoval || $enableUserUploadRemoval == "true") {
|
||||
$userDatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
|
||||
while ($kline = $keyDatabaseQuery->fetchArray()) {
|
||||
if ($line['keyid'] == $kline['id']) {
|
||||
while ($kline = $userDatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $kline['username'] && $_SESSION['username'] == $kline['username'] && $_SESSION['password'] == $kline['password']) {
|
||||
$AuthorizedRemoval = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// check if the key is an admin key, automatically making it authorized to remove the file provided it wasn't uploaded by a primary admin
|
||||
// check if the user is an admin, automatically making it authorized to remove the file provided it wasn't uploaded by a primary admin
|
||||
if ($AuthorizedRemoval != 1 && ($enableUploadRemoval || $enableUploadRemoval == "true")) {
|
||||
$keyDatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
$userDatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
|
||||
// check if the file was uploaded by a primary admin
|
||||
while ($kline = $keyDatabaseQuery->fetchArray()) {
|
||||
if ($kline['key'] == $line['keyid']) {
|
||||
while ($kline = $userDatabaseQuery->fetchArray()) {
|
||||
if ($kline['username'] == $line['username']) {
|
||||
$fileUploadedByPrimary = $kline['primaryadmin'];
|
||||
}
|
||||
}
|
||||
|
||||
while ($kline = $keyDatabaseQuery->fetchArray()) {
|
||||
if ($kline['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $kline['key'] != "" && $kline['keytype'] == 2) { // key = passed key
|
||||
if (($fileUploadedByPrimary == 1 && $kline['primaryadmin'] == 1) || ($fileUploadedByPrimary == 0)) { // primary key passed and primary file OR non primary file
|
||||
while ($kline = $userDatabaseQuery->fetchArray()) {
|
||||
if ($kline['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $kline['password'] == $_SESSION['password'] && $kline['usertype'] == 2) {
|
||||
if (($fileUploadedByPrimary == 1 && $kline['primaryadmin'] == 1) || ($fileUploadedByPrimary == 0)) {
|
||||
$AuthorizedRemoval = 1;
|
||||
break;
|
||||
}
|
||||
|
|
23
setup.php
23
setup.php
|
@ -1,6 +1,6 @@
|
|||
<?php session_start();
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
|
@ -19,25 +19,26 @@ if (checkIfAdminExists()) {
|
|||
|
||||
$html = printHeader($html);
|
||||
$html .= "\t\t\t<h1>Welcome</h1>\n";
|
||||
$html .= "\t\t\t\t<p>Before curload can be used, a primary administrator must be created.</p>\n";
|
||||
$html .= "\t\t\t\t<p class='error'>Please note that the primary administrator key cannot trivially be changed later.</p>\n";
|
||||
$html .= "\t\t\t\t<p>Before curload can be used, a primary administrator user must be created.</p>\n";
|
||||
|
||||
$html .= "\t\t\t\t<form class=\"adminCreateForm\" action=\"create.php?redir=setup\" method=\"post\">\n";
|
||||
$html .= "\t\t\t\t\t<label for=\"data\">Key</label>\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"Key\">\n";
|
||||
$html .= "\t\t\t\t\t<label for=\"username\">Username</label>\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"text\" name=\"username\" placeholder=\"Username\">\n";
|
||||
$html .= "\t\t\t\t\t<label for=\"password\">Password</label>\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"password\" name=\"password\" placeholder=\"Password\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"hidden\" name=\"type\" value=\"Admin\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Create key\" name=\"create\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Create user\" name=\"create\">\n";
|
||||
$html .= "\t\t\t\t</form>\n";
|
||||
|
||||
// handle errors
|
||||
if ($Error == "data") {
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">Invalid key.</p>\n";
|
||||
if ($Error == "password" || $Error == "username") {
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">Invalid username or password.</p>\n";
|
||||
} else if ($Error == "type") {
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">Invalid type.</p>\n";
|
||||
} else if ($Error == "denied") {
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">You don't have permission to create a key of this type.</p>\n";
|
||||
} else if ($Error == "exists") {
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">This key already exists.</p>\n";
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">You don't have permission to create a user of this type.</p>\n";
|
||||
} else if ($Error == "exists") { // i mean, how the fuck would this happen anyway?
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">This user already exists.</p>\n";
|
||||
} else if ($Error == "uploads") {
|
||||
$html .= "\t\t\t\t<p class=\"adminError\">Invalid amount of uploads.</p>\n";
|
||||
}
|
||||
|
|
48
upload.php
48
upload.php
|
@ -1,6 +1,6 @@
|
|||
<?php session_start();
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
|
@ -9,22 +9,27 @@ include "core.php";
|
|||
|
||||
$WebInterface = 1;
|
||||
|
||||
if (isset($_REQUEST['key'])) {
|
||||
$Key = $_REQUEST['key'];
|
||||
$Username = "";
|
||||
$Password = "";
|
||||
|
||||
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
|
||||
$Username = $_REQUEST['username'];
|
||||
$Password = $_REQUEST['password'];
|
||||
$WebInterface = 0;
|
||||
} else if (isset($_SESSION['key'])) {
|
||||
$Key = $_SESSION['key'];
|
||||
} else if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
|
||||
$Username = $_SESSION['username'];
|
||||
$Password = $_SESSION['password'];
|
||||
$WebInterface = 1;
|
||||
} else if (!$publicUploading || $publicUploading == "false") {
|
||||
print "No key specified.";
|
||||
print "Username and password must be specified.";
|
||||
die();
|
||||
}
|
||||
|
||||
$Status = 0;
|
||||
$Authorized = 0;
|
||||
$keyType = 1;
|
||||
$userType = 1;
|
||||
$uploadLimit = $maxFileSize * 1000000;
|
||||
$keyID = 0;
|
||||
$Username = "";
|
||||
|
||||
if (!isset($_FILES['file']['name']) || $_FILES['file']['name'] == "") {
|
||||
if ($WebInterface == 0) {
|
||||
|
@ -40,51 +45,52 @@ $Database = createTables($sqlDB);
|
|||
|
||||
// init database
|
||||
if (!$publicUploading || $publicUploading == "false") {
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0 && ($enableKeys || $enableKeys == "true")) {
|
||||
if ($line['username'] == $Username && $Username != "" && $line['password'] != "" && $Password == $line['password'] && $line['uploadsleft'] != 0) {
|
||||
$id = $line['id'];
|
||||
$keyID = $id;
|
||||
$Username = $line['username'];
|
||||
|
||||
// decrease uploads left if temporary
|
||||
if ($line['uploadsleft'] != -1) {
|
||||
$uploadsLeft = $line['uploadsleft'] - 1;
|
||||
$Database->exec("UPDATE keys SET uploadsleft='$uploadsLeft' WHERE id='$id'");
|
||||
$Database->exec("UPDATE users SET uploadsleft='$uploadsLeft' WHERE id='$id'");
|
||||
}
|
||||
|
||||
if ($storeLastUsage || $storeLastUsage == "true") {
|
||||
$lastUsed = date($dateFormat);
|
||||
$Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
|
||||
$Database->exec("UPDATE users SET lastused='$lastUsed' WHERE id='$id'");
|
||||
}
|
||||
|
||||
if ($storeUploads || $storeUploads == "true") {
|
||||
$numberOfUploads = $line['numberofuploads'] + 1;
|
||||
$Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
|
||||
$Database->exec("UPDATE users SET numberofuploads='$numberOfUploads' WHERE id='$id'");
|
||||
}
|
||||
|
||||
if ($storeIP || $storeIP == "true") {
|
||||
$ip = getIPAddress();
|
||||
$Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
|
||||
$Database->exec("UPDATE users SET ip='$ip' WHERE id='$id'");
|
||||
}
|
||||
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = getUserAgent();
|
||||
$Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
|
||||
$Database->exec("UPDATE users SET useragent='$userAgent' WHERE id='$id'");
|
||||
}
|
||||
|
||||
$Authorized = 1;
|
||||
$keyType = $line['keytype'];
|
||||
$userType = $line['usertype'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// Not an authorized key
|
||||
// Not authorized
|
||||
if ($Authorized == 0) {
|
||||
if ($WebInterface == 0) {
|
||||
print "Not authorized: Your key is invalid.";
|
||||
print "Not authorized: Your username or password is invalid.";
|
||||
die();
|
||||
} else {
|
||||
header("Location: /?e=key");
|
||||
header("Location: /?e=user");
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
@ -136,7 +142,7 @@ if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
|
|||
|
||||
$lastUsed = date($dateFormat);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
|
||||
$Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')");
|
||||
$Database->exec("INSERT INTO uploads(file, uploaddate, username, usertype) VALUES('$uploadedFile', '$lastUsed', '$Username', '$userType')");
|
||||
|
||||
if ($WebInterface == 0) {
|
||||
print "$uploadedFile";
|
||||
|
|
Loading…
Reference in a new issue