diff --git a/add-keys.php b/add-keys.php
new file mode 100644
index 0000000..278c72e
--- /dev/null
+++ b/add-keys.php
@@ -0,0 +1,97 @@
+query('SELECT * FROM keys');
+
+ $numberOfUploads = 0;
+ $lastUsed = date($dateFormat);
+ $Issued = date($dateFormat);
+ $ip = "";
+ $userAgent = "";
+
+ if ($storeAgent || $storeAgent == "true") {
+ $userAgent = getUserAgent();
+ }
+
+ if ($storeIP || $storeIP == "true") {
+ $ip = getIPAddress();
+ }
+
+ $Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')");
+ }
+
+ function addTempKey($adminKey, $Value, $uploadsLeft) {
+ include "config.php";
+
+ $Database = createTables($sqlDB);
+ $DatabaseQuery = $Database->query('SELECT * FROM tkeys');
+
+ $numberOfUploads = 0;
+ $lastUsed = date($dateFormat);
+ $Issued = date($dateFormat);
+ $ip = "";
+ $userAgent = "";
+
+ if ($storeAgent || $storeAgent == "true") {
+ $userAgent = getUserAgent();
+ }
+
+ if ($storeIP || $storeIP == "true") {
+ $ip = getIPAddress();
+ }
+
+ if ($storeAgent || $storeAgent == "true") {
+ $userAgent = $_SERVER['HTTP_USER_AGENT'];
+ }
+
+ $Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')");
+ }
+
+ // TEMPORARY FUNCTION: TO BE REMOVED
+ function addAdminKey($Value) {
+ include "config.php";
+
+ $Database = createTables($sqlDB);
+ $DatabaseQuery = $Database->query('SELECT * FROM admins');
+
+ $lastUsed = date($dateFormat);
+ $Issued = date($dateFormat);
+ $ip = "";
+ $userAgent = "";
+
+ if ($storeAgent || $storeAgent == "true") {
+ $userAgent = getUserAgent();
+ }
+
+ if ($storeIP || $storeIP == "true") {
+ $ip = getIPAddress();
+ }
+
+ if ($storeAgent || $storeAgent == "true") {
+ $userAgent = $_SERVER['HTTP_USER_AGENT'];
+ }
+
+ $Database->exec("INSERT INTO admins(id, key, lastused, issued, ip, useragent) VALUES('$Value', '$lastUsed', '$Issued', '$ip', '$userAgent')");
+ }
+?>
diff --git a/config.ini b/config.ini
index e316e58..3c72881 100644
--- a/config.ini
+++ b/config.ini
@@ -15,3 +15,8 @@ temp_key_file = temporary_passwords.txt
[logging]
store_ip = true
store_user_agent = true
+store_issued = true
+store_last_usage = true
+
+[format]
+date_format = Y/m/d
diff --git a/config.php b/config.php
index 4ef12b7..92bbe27 100644
--- a/config.php
+++ b/config.php
@@ -1,14 +1,17 @@
diff --git a/create-table.php b/create-table.php
new file mode 100644
index 0000000..c622113
--- /dev/null
+++ b/create-table.php
@@ -0,0 +1,51 @@
+exec(
+ "CREATE TABLE admins(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"
+ );
+
+ /* keys table
+ * id (INTEGER PRIMARY KEY)
+ * key (TEXT)
+ * numberofuploads (INT)
+ * lastused (INT)
+ * issued (TEXT)
+ * ip (TEXT)
+ * useragent (TEXT)
+ */
+ $Database->exec("CREATE TABLE keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
+
+ /* temporary keys table
+ * id (INTEGER PRIMARY KEY)
+ * key (TEXT)
+ * numberofuploads (INT)
+ * uploadsleft (INT)
+ * lastused (TEXT)
+ * issued (TEXT)
+ * ip (TEXT)
+ * useragent (TEXT)
+ */
+ $Database->exec("CREATE TABLE tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
+
+ /* uploads table
+ * id (INTEGER PRIMARY KEY)
+ * file (TEXT)
+ * uploaddate (TEXT)
+ * keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE)
+ * tempkey (INT)
+ */
+ $Database->exec("CREATE TABLE uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, tempkey INT)");
+
+ return $Database;
+ }
+?>
diff --git a/create.php b/create.php
new file mode 100644
index 0000000..11c84cc
--- /dev/null
+++ b/create.php
@@ -0,0 +1,42 @@
+
diff --git a/index.php b/index.php
index 943d34f..4ae4ba0 100644
--- a/index.php
+++ b/index.php
@@ -37,6 +37,15 @@ function main() {
print "\t\t\tMax file size: $maxFileSize MB
\n";
print "\t\t\tsource code\n";
+ print "\t\t\toops i leaked admin tools
\n";
+ print "\t\t\t\n";
+
printFooter();
}
diff --git a/test.sh b/test.sh
index 8c0bcdd..505c3e5 100755
--- a/test.sh
+++ b/test.sh
@@ -1,2 +1,2 @@
#!/bin/sh
-curl -F "file=@Testfile.txt" -F "key=myKey" "http://localhost:1337/upload.php"
+curl -F "file=@Testfile.txt" -F "key=${1:-myKey}" "http://localhost:1337/upload.php"
diff --git a/upload.php b/upload.php
index c9e9119..899817d 100644
--- a/upload.php
+++ b/upload.php
@@ -1,5 +1,6 @@
exec("CREATE TABLE admins(id INTEGER PRIMARY KEY, key TEXT, useragent TEXT, ip TEXT)");
- $Database->exec("CREATE TABLE keys(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, useragent TEXT, ip TEXT)");
- $Database->exec("CREATE TABLE tkeys(id INTEGER PRIMARY KEY, key TEXT, uploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
- $Database->exec("CREATE TABLE uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, useragent TEXT, ip TEXT)");
+ $Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM keys');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
+ $id = $line['id'];
+ $keyID = $id;
+ $numberOfUploads = $line['numberofuploads'] + 1;
+
+ $Database->exec("UPDATE keys SET lastused=$lastUsed WHERE id=$id");
+ $Database->exec("UPDATE keys SET numberofuploads=$numberOfUploads WHERE id=$id");
+
+ if ($storeIP || $storeIP == "true") {
+ if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
+ $ip = $_SERVER['HTTP_CLIENT_IP'];
+ } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+ } else {
+ $ip = $_SERVER['REMOTE_ADDR'];
+ }
+
+ $Database->exec("UPDATE keys SET ip=$ip WHERE id=$id");
+ }
+
+ if ($storeAgent || $storeAgent == "true") {
+ $userAgent = $_SERVER['HTTP_USER_AGENT'];
+ $Database->exec("UPDATE keys SET useragent=$userAgent WHERE id=$id");
+ }
+
$Authorized = 1;
+ $tempKeyUsed = 0;
break;
}
}
@@ -38,11 +61,36 @@
if ($Authorized != 1) {
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
while ($line = $DatabaseQuery->fetchArray()) {
- if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploads'] != 0) {
- $numberOfUploads = $line['uploads'] - 1;
+ if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0) {
+ $uploadsLeft = $line['uploadsleft'] - 1;
+ $numberOfUploads = $line['numberofuploads'] + 1;
+ $lastUsed = date($dateFormat);
$id = $line['id'];
- $Database->exec("UPDATE tkeys SET uploads=$numberOfUploads WHERE id=$id");
+ $keyID = $id;
+
+ $Database->exec("UPDATE tkeys SET uploadsleft=$uploadsLeft WHERE id=$id");
+ $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id=$id");
+ $Database->exec("UPDATE tkeys SET numberofuploads=$numberOfUploads WHERE id=$id");
+
+ if ($storeIP || $storeIP == "true") {
+ if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
+ $ip = $_SERVER['HTTP_CLIENT_IP'];
+ } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+ } else {
+ $ip = $_SERVER['REMOTE_ADDR'];
+ }
+
+ $Database->exec("UPDATE tkeys SET ip=$ip WHERE id=$id");
+ }
+
+ if ($storeAgent || $storeAgent == "true") {
+ $userAgent = $_SERVER['HTTP_USER_AGENT'];
+ $Database->exec("UPDATE tkeys SET useragent=$userAgent WHERE id=$id");
+ }
+
$Authorized = 1;
+ $tempKeyUsed = 1;
break;
}
}
@@ -109,6 +157,12 @@
if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
$uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile;
+ if ($sql || $sql == "true") {
+ $lastUsed = date($dateFormat);
+ $DatabaseQuery = $Database->query('SELECT * FROM uploads');
+ $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, tempkey) VALUES('$uploadedFile', '$lastUsed', $keyID, $tempKeyUsed)");
+ }
+
if ($tempKeyUsed) { // Remove temporary key
$file = file_get_contents($tempKeyFile);
$file = preg_replace("/\b$Key\b/", "", $file);