From 2ab18cfe2e9bfe914d967128724dc8d4fb03796f Mon Sep 17 00:00:00 2001 From: speedie Date: Fri, 29 Sep 2023 19:53:53 +0200 Subject: [PATCH] Some fixes --- create-table.php | 8 ++++---- upload.php | 27 ++++++++++++++++----------- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/create-table.php b/create-table.php index c622113..c7fd391 100644 --- a/create-table.php +++ b/create-table.php @@ -11,7 +11,7 @@ * useragent (TEXT) */ $Database->exec( - "CREATE TABLE admins(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)" + "CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)" ); /* keys table @@ -23,7 +23,7 @@ * ip (TEXT) * useragent (TEXT) */ - $Database->exec("CREATE TABLE keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + $Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); /* temporary keys table * id (INTEGER PRIMARY KEY) @@ -35,7 +35,7 @@ * ip (TEXT) * useragent (TEXT) */ - $Database->exec("CREATE TABLE tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + $Database->exec("CREATE TABLE IF NOT EXISTS tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); /* uploads table * id (INTEGER PRIMARY KEY) @@ -44,7 +44,7 @@ * keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE) * tempkey (INT) */ - $Database->exec("CREATE TABLE uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, tempkey INT)"); + $Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, tempkey INT)"); return $Database; } diff --git a/upload.php b/upload.php index 899817d..5233b86 100644 --- a/upload.php +++ b/upload.php @@ -31,9 +31,10 @@ $id = $line['id']; $keyID = $id; $numberOfUploads = $line['numberofuploads'] + 1; + $lastUsed = date($dateFormat); - $Database->exec("UPDATE keys SET lastused=$lastUsed WHERE id=$id"); - $Database->exec("UPDATE keys SET numberofuploads=$numberOfUploads WHERE id=$id"); + $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); + $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); if ($storeIP || $storeIP == "true") { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { @@ -44,12 +45,12 @@ $ip = $_SERVER['REMOTE_ADDR']; } - $Database->exec("UPDATE keys SET ip=$ip WHERE id=$id"); + $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'"); } if ($storeAgent || $storeAgent == "true") { $userAgent = $_SERVER['HTTP_USER_AGENT']; - $Database->exec("UPDATE keys SET useragent=$userAgent WHERE id=$id"); + $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'"); } $Authorized = 1; @@ -68,9 +69,9 @@ $id = $line['id']; $keyID = $id; - $Database->exec("UPDATE tkeys SET uploadsleft=$uploadsLeft WHERE id=$id"); - $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id=$id"); - $Database->exec("UPDATE tkeys SET numberofuploads=$numberOfUploads WHERE id=$id"); + $Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'"); + $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); + $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); if ($storeIP || $storeIP == "true") { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { @@ -81,12 +82,12 @@ $ip = $_SERVER['REMOTE_ADDR']; } - $Database->exec("UPDATE tkeys SET ip=$ip WHERE id=$id"); + $Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'"); } if ($storeAgent || $storeAgent == "true") { $userAgent = $_SERVER['HTTP_USER_AGENT']; - $Database->exec("UPDATE tkeys SET useragent=$userAgent WHERE id=$id"); + $Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'"); } $Authorized = 1; @@ -146,7 +147,11 @@ $destinationFile = $uploadDir . basename($_FILES['file']['name']); if (file_exists($destinationFile)) { // rename file to distinguish it from existing file - $destinationFile = $uploadDir . rand(10000,100000) . "." . strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); + $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); + if (isset($fileExtension)) { + $extension = "." . $fileExtension; + } + $destinationFile = $uploadDir . rand(1000,100000) . $extension; if (file_exists($destinationFile)) { // wtf print "Failed to upload file."; @@ -160,7 +165,7 @@ if ($sql || $sql == "true") { $lastUsed = date($dateFormat); $DatabaseQuery = $Database->query('SELECT * FROM uploads'); - $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, tempkey) VALUES('$uploadedFile', '$lastUsed', $keyID, $tempKeyUsed)"); + $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, tempkey) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$tempKeyUsed')"); } if ($tempKeyUsed) { // Remove temporary key