2023-09-28 21:29:21 +02:00
|
|
|
<?php
|
2023-09-29 21:29:29 +02:00
|
|
|
/* curload
|
|
|
|
* Simple file uploading using POST requests and temporary keys
|
|
|
|
* Licensed under the GNU Affero General Public License version 3.0
|
|
|
|
*/
|
|
|
|
|
|
|
|
include "config.php";
|
|
|
|
include "create-table.php";
|
|
|
|
|
2023-10-01 03:47:59 +02:00
|
|
|
$WebInterface = 1;
|
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
if (isset($_REQUEST['key'])) {
|
|
|
|
$Key = $_REQUEST['key'];
|
2023-10-01 03:47:59 +02:00
|
|
|
$WebInterface = 0;
|
|
|
|
} else if (isset($_COOKIE[$cookieName])) {
|
|
|
|
$Key = $_COOKIE[$cookieName];
|
|
|
|
$WebInterface = 1;
|
2023-10-01 16:23:07 +02:00
|
|
|
} else if (!$publicUploading || $publicUploading == "false") {
|
2023-09-29 21:29:29 +02:00
|
|
|
print "No key specified.";
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
|
|
|
|
$Status = 0;
|
|
|
|
$Authorized = 0;
|
|
|
|
$keyType = 0;
|
|
|
|
$uploadLimit = $maxFileSize * 1000000;
|
|
|
|
$keyID = 0;
|
|
|
|
$self = dirname($_SERVER['PHP_SELF']);
|
|
|
|
|
2023-10-01 04:10:34 +02:00
|
|
|
if (!isset($_FILES['file']['name']) || $_FILES['file']['name'] == "") {
|
2023-10-01 03:47:59 +02:00
|
|
|
if ($WebInterface == 0) {
|
|
|
|
print "You didn't specify a file.";
|
|
|
|
die();
|
|
|
|
} else {
|
|
|
|
header("Location: /?e=file");
|
|
|
|
die();
|
|
|
|
}
|
2023-09-29 21:29:29 +02:00
|
|
|
}
|
|
|
|
|
2023-10-01 16:23:07 +02:00
|
|
|
$Database = createTables($sqlDB);
|
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
// init database
|
2023-09-30 01:28:36 +02:00
|
|
|
if (!$publicUploading || $publicUploading == "false") {
|
2023-09-29 21:29:29 +02:00
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
|
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
2023-09-30 01:28:36 +02:00
|
|
|
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
|
2023-09-29 21:29:29 +02:00
|
|
|
$id = $line['id'];
|
|
|
|
$keyID = $id;
|
2023-09-30 01:28:36 +02:00
|
|
|
|
|
|
|
if ($storeLastUsage || $storeLastUsage == "true") {
|
2023-09-29 21:29:29 +02:00
|
|
|
$lastUsed = date($dateFormat);
|
2023-09-30 01:28:36 +02:00
|
|
|
$Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
|
|
|
|
}
|
2023-09-29 21:29:29 +02:00
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
if ($storeUploads || $storeUploads == "true") {
|
|
|
|
$numberOfUploads = $line['numberofuploads'] + 1;
|
|
|
|
$Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
|
|
|
|
}
|
2023-09-29 21:29:29 +02:00
|
|
|
|
|
|
|
if ($storeIP || $storeIP == "true") {
|
|
|
|
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
|
|
|
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
|
|
|
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
|
|
|
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
|
|
} else {
|
|
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
|
|
}
|
2023-09-28 21:29:21 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
$Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($storeAgent || $storeAgent == "true") {
|
|
|
|
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
|
|
|
$Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
|
|
|
|
}
|
|
|
|
|
|
|
|
$Authorized = 1;
|
|
|
|
$keyType = 0;
|
|
|
|
break;
|
|
|
|
}
|
2023-09-28 21:29:21 +02:00
|
|
|
}
|
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
if ($Authorized != 1) {
|
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
|
|
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
2023-09-30 01:28:36 +02:00
|
|
|
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0 && ($enableTemporaryKeys || $enableTemporaryKeys == "true")) {
|
2023-09-29 21:29:29 +02:00
|
|
|
$uploadsLeft = $line['uploadsleft'] - 1;
|
|
|
|
$id = $line['id'];
|
|
|
|
$keyID = $id;
|
2023-09-28 21:29:21 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
$Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'");
|
2023-09-30 01:28:36 +02:00
|
|
|
|
|
|
|
if ($storeLastUsage || $storeLastUsage == "true") {
|
|
|
|
$lastUsed = date($dateFormat);
|
|
|
|
$Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'");
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($storeUploads || $storeUploads == "true") {
|
|
|
|
$numberOfUploads = $line['numberofuploads'] + 1;
|
|
|
|
$Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
|
|
|
|
}
|
2023-09-29 21:29:29 +02:00
|
|
|
|
|
|
|
if ($storeIP || $storeIP == "true") {
|
|
|
|
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
|
|
|
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
|
|
|
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
|
|
|
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
|
|
} else {
|
|
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
|
|
}
|
|
|
|
|
|
|
|
$Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'");
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($storeAgent || $storeAgent == "true") {
|
|
|
|
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
|
|
|
$Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'");
|
|
|
|
}
|
|
|
|
|
|
|
|
$Authorized = 1;
|
|
|
|
$keyType = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2023-09-29 00:25:59 +02:00
|
|
|
}
|
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
// maybe admin?
|
|
|
|
if ($Authorized != 1) {
|
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
2023-09-29 00:25:59 +02:00
|
|
|
|
|
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
2023-09-30 01:28:36 +02:00
|
|
|
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableAdminKeys || $enableAdminKeys == "true")) {
|
2023-09-29 19:08:35 +02:00
|
|
|
$id = $line['id'];
|
|
|
|
$keyID = $id;
|
|
|
|
$numberOfUploads = $line['numberofuploads'] + 1;
|
2023-10-01 03:02:05 +02:00
|
|
|
$lastUsed = date($dateFormat);
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-10-01 03:02:05 +02:00
|
|
|
$Database->exec("UPDATE admins SET lastused='$lastUsed' WHERE id='$id'");
|
|
|
|
$Database->exec("UPDATE admins SET numberofuploads='$numberOfUploads' WHERE id='$id'");
|
2023-09-29 19:08:35 +02:00
|
|
|
|
|
|
|
if ($storeIP || $storeIP == "true") {
|
|
|
|
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
|
|
|
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
|
|
|
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
|
|
|
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
|
|
} else {
|
|
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
|
|
}
|
|
|
|
|
2023-10-01 03:02:05 +02:00
|
|
|
$Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'");
|
2023-09-29 19:08:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if ($storeAgent || $storeAgent == "true") {
|
|
|
|
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
2023-10-01 03:02:05 +02:00
|
|
|
$Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'");
|
2023-09-29 19:08:35 +02:00
|
|
|
}
|
|
|
|
|
2023-09-29 00:25:59 +02:00
|
|
|
$Authorized = 1;
|
2023-09-29 21:29:29 +02:00
|
|
|
$keyType = 2;
|
2023-09-29 00:25:59 +02:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2023-09-29 21:29:29 +02:00
|
|
|
}
|
2023-09-29 00:25:59 +02:00
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
// Not an authorized key
|
|
|
|
if ($Authorized == 0) {
|
2023-10-01 03:47:59 +02:00
|
|
|
if ($WebInterface == 0) {
|
|
|
|
print "Not authorized: Your key is invalid.";
|
|
|
|
die();
|
|
|
|
} else {
|
|
|
|
header("Location: /?e=key");
|
|
|
|
die();
|
|
|
|
}
|
2023-09-29 21:29:29 +02:00
|
|
|
}
|
|
|
|
}
|
2023-09-28 21:29:21 +02:00
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
if ($_FILES['file']['size'] > $uploadLimit && $uploadLimit > 0) {
|
2023-10-01 03:47:59 +02:00
|
|
|
if ($WebInterface == 0) {
|
|
|
|
print "File is too big. Max file size is $maxFileSize" . "MB";
|
|
|
|
die();
|
|
|
|
} else {
|
|
|
|
header("Location: /?e=size");
|
|
|
|
die();
|
|
|
|
}
|
2023-09-29 21:29:29 +02:00
|
|
|
}
|
2023-09-28 21:29:21 +02:00
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
// check if file is too big to be uploaded
|
2023-09-29 21:29:29 +02:00
|
|
|
if (!is_dir($uploadDir)) {
|
|
|
|
mkdir($uploadDir, 0777, true);
|
|
|
|
}
|
2023-09-28 21:29:21 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
$destinationFile = $uploadDir . basename($_FILES['file']['name']);
|
2023-09-28 21:29:21 +02:00
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
// rename file if necessary
|
|
|
|
if (!$replaceOriginal || $replaceOriginal == "false") {
|
2023-09-30 19:37:53 +02:00
|
|
|
if (file_exists($destinationFile)) { // rename file to distinguish it from existing file
|
2023-09-30 01:28:36 +02:00
|
|
|
$fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION));
|
|
|
|
if (isset($fileExtension)) {
|
|
|
|
$extension = "." . $fileExtension;
|
|
|
|
}
|
2023-09-28 21:29:21 +02:00
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
if ($renameDuplicates || $renameDuplicates == "true") {
|
|
|
|
$destinationFile = $uploadDir . rand(1000,100000) . $extension;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (file_exists($destinationFile)) { // wtf
|
2023-10-01 03:47:59 +02:00
|
|
|
if ($WebInterface == 0) {
|
|
|
|
print "Upload failed.";
|
|
|
|
die();
|
|
|
|
} else {
|
|
|
|
header("Location: /?e=wtf");
|
|
|
|
die();
|
|
|
|
}
|
2023-09-30 01:28:36 +02:00
|
|
|
}
|
2023-09-29 00:25:59 +02:00
|
|
|
}
|
2023-09-29 21:29:29 +02:00
|
|
|
}
|
2023-09-28 21:29:21 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
|
|
|
|
$uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile;
|
2023-09-28 21:29:21 +02:00
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
$lastUsed = date($dateFormat);
|
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
|
|
|
|
$Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')");
|
2023-09-28 21:29:21 +02:00
|
|
|
|
2023-10-01 03:47:59 +02:00
|
|
|
if ($WebInterface == 0) {
|
|
|
|
print "$uploadedFile";
|
|
|
|
} else {
|
|
|
|
header("Location: $uploadedFile");
|
|
|
|
}
|
2023-09-29 00:25:59 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
if (isset($_REQUEST['web'])) { // redirect back to index
|
2023-10-01 03:47:59 +02:00
|
|
|
header("Redirect: $uploadedFile");
|
2023-09-28 21:29:21 +02:00
|
|
|
die();
|
|
|
|
}
|
2023-09-29 21:29:29 +02:00
|
|
|
} else {
|
2023-10-01 03:47:59 +02:00
|
|
|
if (file_exists($destinationFile)) { // wtf
|
|
|
|
if ($WebInterface == 0) {
|
|
|
|
print "Upload failed.";
|
|
|
|
die();
|
|
|
|
} else {
|
|
|
|
header("Location: /?e=wtf");
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
}
|
2023-09-29 21:29:29 +02:00
|
|
|
}
|
2023-09-28 21:29:21 +02:00
|
|
|
?>
|