From 0ed4daa0f361f6425da144c231437f1e9be93e2d Mon Sep 17 00:00:00 2001 From: speedie Date: Wed, 4 Oct 2023 11:00:28 +0200 Subject: [PATCH] Remove temporary keys, the feature is now included in normal keys --- admin.php | 41 ++++--------------------- core.php | 16 +++++++++- create-table.php | 13 +------- create.php | 60 +++--------------------------------- files.php | 14 ++------- login.php | 62 +++---------------------------------- remove-key.php | 18 +---------- remove.php | 12 -------- upload.php | 80 +++++++++--------------------------------------- 9 files changed, 50 insertions(+), 266 deletions(-) diff --git a/admin.php b/admin.php index 12d1299..03763ef 100644 --- a/admin.php +++ b/admin.php @@ -110,10 +110,8 @@ if ($Action == "files") { $keyID = $line['keyid']; $keytypeID = $line['keytype']; - if ($line['keytype'] == 0) { + if ($line['keytype'] == 1) { $keyType = "Key"; - } else if ($line['keytype'] == 1) { - $keyType = "Temporary"; } else if ($line['keytype'] == 2) { $keyType = "Administrator"; } else { @@ -241,41 +239,14 @@ if ($Action == "files") { $IP = $line['ip']; $UserAgent = $line['useragent']; - $keyType = "Key"; - $UploadsLeft = "∞"; - - $html .= "\t\t\t\t\t\n"; - $html .= "\t\t\t\t\t\t$ID\n"; - $html .= "\t\t\t\t\t\t$Key\n"; - $html .= "\t\t\t\t\t\t$NumberOfUploads\n"; - $html .= "\t\t\t\t\t\t$UploadsLeft\n"; - $html .= "\t\t\t\t\t\t$LastUsed\n"; - $html .= "\t\t\t\t\t\t$Issued\n"; - $html .= "\t\t\t\t\t\t$IP\n"; - $html .= "\t\t\t\t\t\t$UserAgent\n"; - $html .= "\t\t\t\t\t\t$keyType\n"; - $html .= "\t\t\t\t\t\tRemove\n"; - $html .= "\t\t\t\t\t\n"; - } - - $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['id'] != $filterID && $filterID != -1) { - continue; - } - - $ID = $line['id']; - $Key = $line['key']; - $NumberOfUploads = $line['numberofuploads']; - $UploadsLeft = ""; - $LastUsed = $line['lastused']; - $Issued = $line['issued']; - $IP = $line['ip']; - $UserAgent = $line['useragent']; - $keyType = "Temporary"; $UploadsLeft = $line['uploadsleft']; + if ($line['uploadsleft'] == -1) { + $UploadsLeft = "∞"; + $keyType = "Key"; + } + $html .= "\t\t\t\t\t\n"; $html .= "\t\t\t\t\t\t$ID\n"; $html .= "\t\t\t\t\t\t$Key\n"; diff --git a/core.php b/core.php index b4192dc..be8f86e 100644 --- a/core.php +++ b/core.php @@ -85,7 +85,7 @@ function printFileUploadForm($html, $Error) { } else if ($Error == "size") { $html .= "\t\t\t

File is too big.

\n"; } else if ($Error == "key") { - $html .= "\t\t\t

Invalid key. WTF?

\n"; + $html .= "\t\t\t

File upload failed: No uploads left.

\n"; } else if ($Error == "wtf") { $html .= "\t\t\t

WTF? Try again.

\n"; } @@ -112,4 +112,18 @@ function checkIfAdminExists() { return $adminExists; } +function getIPAddress() { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + return $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + return $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + return $_SERVER['REMOTE_ADDR']; + } +} + +function getUserAgent() { + return $_SERVER['HTTP_USER_AGENT']; +} + ?> diff --git a/create-table.php b/create-table.php index 65b0b4c..512c4ea 100644 --- a/create-table.php +++ b/create-table.php @@ -20,17 +20,6 @@ function createTables($sqlDB) { $Database->exec("CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, primaryadmin INT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); /* keys table - * id (INTEGER PRIMARY KEY) - * key (TEXT) - * numberofuploads (INT) - * lastused (INT) - * issued (TEXT) - * ip (TEXT) - * useragent (TEXT) - */ - $Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); - - /* temporary keys table * id (INTEGER PRIMARY KEY) * key (TEXT) * numberofuploads (INT) @@ -40,7 +29,7 @@ function createTables($sqlDB) { * ip (TEXT) * useragent (TEXT) */ - $Database->exec("CREATE TABLE IF NOT EXISTS tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + $Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); /* uploads table * id (INTEGER PRIMARY KEY) diff --git a/create.php b/create.php index 8a758f7..dbf2431 100644 --- a/create.php +++ b/create.php @@ -6,20 +6,7 @@ include "config.php"; include "create-table.php"; - -function getIPAddress() { - if (!empty($_SERVER['HTTP_CLIENT_IP'])) { - return $_SERVER['HTTP_CLIENT_IP']; - } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - return $_SERVER['HTTP_X_FORWARDED_FOR']; - } else { - return $_SERVER['REMOTE_ADDR']; - } -} - -function getUserAgent() { - return $_SERVER['HTTP_USER_AGENT']; -} +include "core.php"; $Redirect = ""; $uploadsLeft = 1; @@ -117,6 +104,8 @@ if (isset($_REQUEST['uploadsleft']) && $Type == "Temporary") { die(); } +} else { + $uploadsLeft = -1; } if ($Type == "Admin") { @@ -171,46 +160,7 @@ if ($Type == "Admin") { } $Database->exec("INSERT INTO admins(key, primaryadmin, numberofuploads, lastused, issued, ip, useragent) VALUES('$Data', '$primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); -} else if ($Type == "Temporary") { - $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == "$Data" && $Data != "" && $line['key'] != "") { - if ($Redirect == "admin") { - header("Location: admin.php?action=create&e=exists"); - } else if ($Redirect == "setup") { - header("Location: setup.php?e=exists"); - } else { - header("Location: /"); - } - - die(); - } - } - - $numberOfUploads = 0; - $lastUsed = ""; - $Issued = ""; - $ip = ""; - $userAgent = ""; - - if ($storeAgent || $storeAgent == "true") { - $userAgent = getUserAgent(); - } - - if ($storeIssued || $storeIssued == "true") { - $Issued = date($dateFormat); - } - - if ($storeLastUsage || $storeLastUsage == "true") { - $lastUsed = date($dateFormat); - } - - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); - } - - $Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Data', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); -} else if ($Type == "Key") { +} else if ($Type == "Temporary" || $Type == "Key") { $DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { if ($line['key'] == "$Data" && $Data != "" && $line['key'] != "") { @@ -248,7 +198,7 @@ if ($Type == "Admin") { $ip = getIPAddress(); } - $Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Data', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); + $Database->exec("INSERT INTO keys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Data', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); } else { if ($Redirect == "admin") { header("Location: admin.php?action=create&e=type"); diff --git a/files.php b/files.php index fa87c6e..a306c51 100644 --- a/files.php +++ b/files.php @@ -37,26 +37,16 @@ if (isset($_COOKIE[$cookieTypeName]) && (!$publicUploading || $publicUploading = $keytypeID = $line['keytype']; $CorrectFile = 0; - if ($line['keytype'] == 0) { + if ($line['keytype'] == 1) { $keyType = "Key"; - } else if ($line['keytype'] == 1) { - $keyType = "Temporary"; } else if ($line['keytype'] == 2) { $keyType = "Administrator"; } else { $keyType = "Unknown"; } - if ($keytypeID == 0) { // is it a normal key? + if ($keytypeID == 1) { // key? $UserDatabaseQuery = $Database->query('SELECT * FROM keys'); - while ($uline = $UserDatabaseQuery->fetchArray()) { - if ($uline['id'] == $keyID && $keytypeID == 0 && $_COOKIE[$cookieName] == $uline['key']) { - $CorrectFile = 1; - break; - } - } - } else if ($keytypeID == 1) { // no? - $UserDatabaseQuery = $Database->query('SELECT * FROM tkeys'); while ($uline = $UserDatabaseQuery->fetchArray()) { if ($uline['id'] == $keyID && $keytypeID == 1 && $_COOKIE[$cookieName] == $uline['key']) { $CorrectFile = 1; diff --git a/login.php b/login.php index b64080c..0e15f58 100644 --- a/login.php +++ b/login.php @@ -40,7 +40,7 @@ if (isset($_REQUEST['key'])) { // check the validity of the key $Database = createTables($sqlDB); - // Regular keys + // Temporary keys $DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { @@ -54,61 +54,16 @@ if (isset($_REQUEST['key'])) { // update IP address if ($storeIP || $storeIP == "true") { - if (!empty($_SERVER['HTTP_CLIENT_IP'])) { - $ip = $_SERVER['HTTP_CLIENT_IP']; - } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; - } else { - $ip = $_SERVER['REMOTE_ADDR']; - } - + $ip = getIPAddress(); $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'"); } // update user agent if ($storeAgent || $storeAgent == "true") { - $userAgent = $_SERVER['HTTP_USER_AGENT']; + $userAgent = getUserAgent(); $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'"); } - $Authorized = 1; - $KeyType = 0; - - break; - } - } - - // Temporary keys - $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableTemporaryKeys || $enableTemporaryKeys == "true")) { - $id = $line['id']; - - // update last usage - if ($storeLastUsage || $storeLastUsage == "true") { - $lastUsed = date($dateFormat); - $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); - } - - // update IP address - if ($storeIP || $storeIP == "true") { - if (!empty($_SERVER['HTTP_CLIENT_IP'])) { - $ip = $_SERVER['HTTP_CLIENT_IP']; - } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; - } else { - $ip = $_SERVER['REMOTE_ADDR']; - } - - $Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'"); - } - - // update user agent - if ($storeAgent || $storeAgent == "true") { - $userAgent = $_SERVER['HTTP_USER_AGENT']; - $Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'"); - } - $Authorized = 1; $KeyType = 1; @@ -130,20 +85,13 @@ if (isset($_REQUEST['key'])) { // update IP address if ($storeIP || $storeIP == "true") { - if (!empty($_SERVER['HTTP_CLIENT_IP'])) { - $ip = $_SERVER['HTTP_CLIENT_IP']; - } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; - } else { - $ip = $_SERVER['REMOTE_ADDR']; - } - + $ip = getIPAddress(); $Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'"); } // update user agent if ($storeAgent || $storeAgent == "true") { - $userAgent = $_SERVER['HTTP_USER_AGENT']; + $userAgent = getUserAgent(); $Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'"); } diff --git a/remove-key.php b/remove-key.php index 0e26dd3..c6792c0 100644 --- a/remove-key.php +++ b/remove-key.php @@ -59,27 +59,11 @@ if ($AuthorizedRemoval != 1) { } $DatabaseQuery = $Database->query('SELECT * FROM keys'); -while ($line = $DatabaseQuery->fetchArray()) { - if ($type != 0) break; - if ($line['id'] == $id && $line['id'] != "" && $id != "") { // passed ID is a key that exists - if ($AuthorizedRemoval == 1) { - $Database->exec("DELETE FROM keys WHERE id='$id'"); - $Removed = 1; - } else { - print "You aren't authorized to perform this action."; - die(); - } - - break; - } -} - -$DatabaseQuery = $Database->query('SELECT * FROM tkeys'); while ($line = $DatabaseQuery->fetchArray()) { if ($type != 1) break; if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1) { // passed ID is a key that exists if ($AuthorizedRemoval == 1) { - $Database->exec("DELETE FROM tkeys WHERE id='$id'"); + $Database->exec("DELETE FROM keys WHERE id='$id'"); $Removed = 1; } else { print "You aren't authorized to perform this action."; diff --git a/remove.php b/remove.php index 6635230..6252c83 100644 --- a/remove.php +++ b/remove.php @@ -54,18 +54,6 @@ while ($line = $DatabaseQuery->fetchArray()) { } } - // check if our key is a temporary key - if (($enableKeys || $enableKeys == "true") && ($enableKeyUploadRemoval || $enableKeyUploadRemoval == "true")) { - $keyDatabaseQuery = $Database->query('SELECT * FROM tkeys'); - - while ($kline = $keyDatabaseQuery->fetchArray()) { - if ($line['keyid'] == $kline['id']) { - $AuthorizedRemoval = 1; - break; - } - } - } - // check if the key is an admin key, automatically making it authorized to remove the file provided it wasn't uploaded by a primary admin if ($AuthorizedRemoval != 1 && ($enableUploadRemoval || $enableUploadRemoval == "true")) { $keyDatabaseQuery = $Database->query('SELECT * FROM admins'); diff --git a/upload.php b/upload.php index b6dcfc0..a4da099 100644 --- a/upload.php +++ b/upload.php @@ -6,6 +6,7 @@ include "config.php"; include "create-table.php"; +include "core.php"; $WebInterface = 1; @@ -22,7 +23,7 @@ if (isset($_REQUEST['key'])) { $Status = 0; $Authorized = 0; -$keyType = 0; +$keyType = 1; $uploadLimit = $maxFileSize * 1000000; $keyID = 0; @@ -42,10 +43,17 @@ $Database = createTables($sqlDB); if (!$publicUploading || $publicUploading == "false") { $DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0 && ($enableKeys || $enableKeys == "true")) { + // decrease uploads left if temporary + if ($line['uploadsleft'] != -1) { + $uploadsLeft = $line['uploadsleft'] - 1; + } + $id = $line['id']; $keyID = $id; + $Database->exec("UPDATE keys SET uploadsleft='$uploadsLeft' WHERE id='$id'"); + if ($storeLastUsage || $storeLastUsage == "true") { $lastUsed = date($dateFormat); $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); @@ -57,72 +65,21 @@ if (!$publicUploading || $publicUploading == "false") { } if ($storeIP || $storeIP == "true") { - if (!empty($_SERVER['HTTP_CLIENT_IP'])) { - $ip = $_SERVER['HTTP_CLIENT_IP']; - } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; - } else { - $ip = $_SERVER['REMOTE_ADDR']; - } - + $ip = getIPAddress(); $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'"); } if ($storeAgent || $storeAgent == "true") { - $userAgent = $_SERVER['HTTP_USER_AGENT']; + $userAgent = getUserAgent(); $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'"); } $Authorized = 1; - $keyType = 0; + $keyType = 1; break; } } - if ($Authorized != 1) { - $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0 && ($enableTemporaryKeys || $enableTemporaryKeys == "true")) { - $uploadsLeft = $line['uploadsleft'] - 1; - $id = $line['id']; - $keyID = $id; - - $Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'"); - - if ($storeLastUsage || $storeLastUsage == "true") { - $lastUsed = date($dateFormat); - $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); - } - - if ($storeUploads || $storeUploads == "true") { - $numberOfUploads = $line['numberofuploads'] + 1; - $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); - } - - if ($storeIP || $storeIP == "true") { - if (!empty($_SERVER['HTTP_CLIENT_IP'])) { - $ip = $_SERVER['HTTP_CLIENT_IP']; - } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; - } else { - $ip = $_SERVER['REMOTE_ADDR']; - } - - $Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'"); - } - - if ($storeAgent || $storeAgent == "true") { - $userAgent = $_SERVER['HTTP_USER_AGENT']; - $Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'"); - } - - $Authorized = 1; - $keyType = 1; - break; - } - } - } - // maybe admin? if ($Authorized != 1) { $DatabaseQuery = $Database->query('SELECT * FROM admins'); @@ -138,19 +95,12 @@ if (!$publicUploading || $publicUploading == "false") { $Database->exec("UPDATE admins SET numberofuploads='$numberOfUploads' WHERE id='$id'"); if ($storeIP || $storeIP == "true") { - if (!empty($_SERVER['HTTP_CLIENT_IP'])) { - $ip = $_SERVER['HTTP_CLIENT_IP']; - } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; - } else { - $ip = $_SERVER['REMOTE_ADDR']; - } - + $ip = getIPAddress(); $Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'"); } if ($storeAgent || $storeAgent == "true") { - $userAgent = $_SERVER['HTTP_USER_AGENT']; + $userAgent = getUserAgent(); $Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'"); }