add a test admin tools panel
This commit is contained in:
parent
6af8b8cf13
commit
39d0b8d9a5
97
add-keys.php
Normal file
97
add-keys.php
Normal file
|
@ -0,0 +1,97 @@
|
||||||
|
<?php
|
||||||
|
include "create-table.php";
|
||||||
|
|
||||||
|
function getIPAddress() {
|
||||||
|
include "config.php";
|
||||||
|
|
||||||
|
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
||||||
|
return $_SERVER['HTTP_CLIENT_IP'];
|
||||||
|
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||||
|
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||||
|
} else {
|
||||||
|
return $_SERVER['REMOTE_ADDR'];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function getUserAgent() {
|
||||||
|
return $_SERVER['HTTP_USER_AGENT'];
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: Hash passwords
|
||||||
|
function addKey($adminKey, $Value) {
|
||||||
|
include "config.php";
|
||||||
|
|
||||||
|
$Database = createTables($sqlDB);
|
||||||
|
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||||
|
|
||||||
|
$numberOfUploads = 0;
|
||||||
|
$lastUsed = date($dateFormat);
|
||||||
|
$Issued = date($dateFormat);
|
||||||
|
$ip = "";
|
||||||
|
$userAgent = "";
|
||||||
|
|
||||||
|
if ($storeAgent || $storeAgent == "true") {
|
||||||
|
$userAgent = getUserAgent();
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($storeIP || $storeIP == "true") {
|
||||||
|
$ip = getIPAddress();
|
||||||
|
}
|
||||||
|
|
||||||
|
$Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
||||||
|
}
|
||||||
|
|
||||||
|
function addTempKey($adminKey, $Value, $uploadsLeft) {
|
||||||
|
include "config.php";
|
||||||
|
|
||||||
|
$Database = createTables($sqlDB);
|
||||||
|
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
|
||||||
|
|
||||||
|
$numberOfUploads = 0;
|
||||||
|
$lastUsed = date($dateFormat);
|
||||||
|
$Issued = date($dateFormat);
|
||||||
|
$ip = "";
|
||||||
|
$userAgent = "";
|
||||||
|
|
||||||
|
if ($storeAgent || $storeAgent == "true") {
|
||||||
|
$userAgent = getUserAgent();
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($storeIP || $storeIP == "true") {
|
||||||
|
$ip = getIPAddress();
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($storeAgent || $storeAgent == "true") {
|
||||||
|
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
||||||
|
}
|
||||||
|
|
||||||
|
$Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
||||||
|
}
|
||||||
|
|
||||||
|
// TEMPORARY FUNCTION: TO BE REMOVED
|
||||||
|
function addAdminKey($Value) {
|
||||||
|
include "config.php";
|
||||||
|
|
||||||
|
$Database = createTables($sqlDB);
|
||||||
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||||
|
|
||||||
|
$lastUsed = date($dateFormat);
|
||||||
|
$Issued = date($dateFormat);
|
||||||
|
$ip = "";
|
||||||
|
$userAgent = "";
|
||||||
|
|
||||||
|
if ($storeAgent || $storeAgent == "true") {
|
||||||
|
$userAgent = getUserAgent();
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($storeIP || $storeIP == "true") {
|
||||||
|
$ip = getIPAddress();
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($storeAgent || $storeAgent == "true") {
|
||||||
|
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
||||||
|
}
|
||||||
|
|
||||||
|
$Database->exec("INSERT INTO admins(id, key, lastused, issued, ip, useragent) VALUES('$Value', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
||||||
|
}
|
||||||
|
?>
|
|
@ -15,3 +15,8 @@ temp_key_file = temporary_passwords.txt
|
||||||
[logging]
|
[logging]
|
||||||
store_ip = true
|
store_ip = true
|
||||||
store_user_agent = true
|
store_user_agent = true
|
||||||
|
store_issued = true
|
||||||
|
store_last_usage = true
|
||||||
|
|
||||||
|
[format]
|
||||||
|
date_format = Y/m/d
|
||||||
|
|
|
@ -9,6 +9,9 @@
|
||||||
$sqlDB = "curload.db";
|
$sqlDB = "curload.db";
|
||||||
$storeIP = true;
|
$storeIP = true;
|
||||||
$storeAgent = true;
|
$storeAgent = true;
|
||||||
|
$storeIssued = true;
|
||||||
|
$storeLastUsage = true;
|
||||||
|
$dateFormat = "Y/m/d";
|
||||||
|
|
||||||
define('CONFIG_FILE', 'config.ini');
|
define('CONFIG_FILE', 'config.ini');
|
||||||
|
|
||||||
|
@ -28,4 +31,7 @@
|
||||||
$sqlDB = $configEntries['sqldb'];
|
$sqlDB = $configEntries['sqldb'];
|
||||||
$storeIP = $configEntries['store_ip'];
|
$storeIP = $configEntries['store_ip'];
|
||||||
$storeAgent = $configEntries['store_user_agent'];
|
$storeAgent = $configEntries['store_user_agent'];
|
||||||
|
$storeIssued = $configEntries['store_issued'];
|
||||||
|
$storeLastUsage = $configEntries['store_last_usage'];
|
||||||
|
$dateFormat = $configEntries['date_format'];
|
||||||
?>
|
?>
|
||||||
|
|
51
create-table.php
Normal file
51
create-table.php
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
<?php
|
||||||
|
function createTables($sqlDB) {
|
||||||
|
$Database = new SQLite3($sqlDB);
|
||||||
|
|
||||||
|
/* administrator table
|
||||||
|
* id (INTEGER PRIMARY KEY)
|
||||||
|
* key (TEXT)
|
||||||
|
* lastused (TEXT)
|
||||||
|
* issued (TEXT)
|
||||||
|
* ip (TEXT)
|
||||||
|
* useragent (TEXT)
|
||||||
|
*/
|
||||||
|
$Database->exec(
|
||||||
|
"CREATE TABLE admins(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"
|
||||||
|
);
|
||||||
|
|
||||||
|
/* keys table
|
||||||
|
* id (INTEGER PRIMARY KEY)
|
||||||
|
* key (TEXT)
|
||||||
|
* numberofuploads (INT)
|
||||||
|
* lastused (INT)
|
||||||
|
* issued (TEXT)
|
||||||
|
* ip (TEXT)
|
||||||
|
* useragent (TEXT)
|
||||||
|
*/
|
||||||
|
$Database->exec("CREATE TABLE keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
|
||||||
|
|
||||||
|
/* temporary keys table
|
||||||
|
* id (INTEGER PRIMARY KEY)
|
||||||
|
* key (TEXT)
|
||||||
|
* numberofuploads (INT)
|
||||||
|
* uploadsleft (INT)
|
||||||
|
* lastused (TEXT)
|
||||||
|
* issued (TEXT)
|
||||||
|
* ip (TEXT)
|
||||||
|
* useragent (TEXT)
|
||||||
|
*/
|
||||||
|
$Database->exec("CREATE TABLE tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
|
||||||
|
|
||||||
|
/* uploads table
|
||||||
|
* id (INTEGER PRIMARY KEY)
|
||||||
|
* file (TEXT)
|
||||||
|
* uploaddate (TEXT)
|
||||||
|
* keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE)
|
||||||
|
* tempkey (INT)
|
||||||
|
*/
|
||||||
|
$Database->exec("CREATE TABLE uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, tempkey INT)");
|
||||||
|
|
||||||
|
return $Database;
|
||||||
|
}
|
||||||
|
?>
|
42
create.php
Normal file
42
create.php
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
<?php
|
||||||
|
include "config.php";
|
||||||
|
include "add-keys.php";
|
||||||
|
|
||||||
|
if (isset($_REQUEST['key'])) {
|
||||||
|
$Key = $_REQUEST['key'];
|
||||||
|
} else {
|
||||||
|
print "No admin key specified.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_REQUEST['data'])) {
|
||||||
|
$Data = $_REQUEST['data'];
|
||||||
|
} else {
|
||||||
|
print "No data specified.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_REQUEST['type'])) {
|
||||||
|
$Type = $_REQUEST['type'];
|
||||||
|
} else {
|
||||||
|
print "No type specified.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_REQUEST['uploads']) && $Type == "Temporary") {
|
||||||
|
$Uploads = $_REQUEST['uploads'];
|
||||||
|
} else {
|
||||||
|
$Uploads = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($Type == "Admin") {
|
||||||
|
addAdminKey($Data);
|
||||||
|
} else if ($Type == "Temporary") {
|
||||||
|
addTempKey($Key, $Data, $Uploads);
|
||||||
|
} else if ($Type == "Key") {
|
||||||
|
addKey($Key, $Data);
|
||||||
|
} else {
|
||||||
|
print "Invalid type specified.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
?>
|
|
@ -37,6 +37,15 @@ function main() {
|
||||||
print "\t\t\t<p>Max file size: $maxFileSize MB</p>\n";
|
print "\t\t\t<p>Max file size: $maxFileSize MB</p>\n";
|
||||||
print "\t\t\t<a href=\"https://git.speedie.site/speedie/curload\">source code</a>\n";
|
print "\t\t\t<a href=\"https://git.speedie.site/speedie/curload\">source code</a>\n";
|
||||||
|
|
||||||
|
print "\t\t\t<h2>oops i leaked admin tools</h2>\n";
|
||||||
|
print "\t\t\t<form action=\"create.php\" method=\"post\">\n";
|
||||||
|
print "\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"key name\">\n";
|
||||||
|
print "\t\t\t\t<input type=\"text\" name=\"type\" placeholder=\"type\">\n";
|
||||||
|
print "\t\t\t\t<input type=\"text\" name=\"key\" placeholder=\"admin key\">\n";
|
||||||
|
print "\t\t\t\t<input type=\"text\" name=\"uploads\" placeholder=\"max uploads\">\n";
|
||||||
|
print "\t\t\t\t<input type=\"submit\" value=\"make\">\n";
|
||||||
|
print "\t\t\t</form>\n";
|
||||||
|
|
||||||
printFooter();
|
printFooter();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
2
test.sh
2
test.sh
|
@ -1,2 +1,2 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
curl -F "file=@Testfile.txt" -F "key=myKey" "http://localhost:1337/upload.php"
|
curl -F "file=@Testfile.txt" -F "key=${1:-myKey}" "http://localhost:1337/upload.php"
|
||||||
|
|
70
upload.php
70
upload.php
|
@ -1,5 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
include "config.php";
|
include "config.php";
|
||||||
|
include "create-table.php";
|
||||||
|
|
||||||
if (isset($_REQUEST['key'])) {
|
if (isset($_REQUEST['key'])) {
|
||||||
$Key = $_REQUEST['key'];
|
$Key = $_REQUEST['key'];
|
||||||
|
@ -12,6 +13,7 @@
|
||||||
$Authorized = 0;
|
$Authorized = 0;
|
||||||
$tempKeyUsed = 0;
|
$tempKeyUsed = 0;
|
||||||
$uploadLimit = $maxFileSize * 1000000;
|
$uploadLimit = $maxFileSize * 1000000;
|
||||||
|
$keyID = 0;
|
||||||
$self = dirname($_SERVER['PHP_SELF']);
|
$self = dirname($_SERVER['PHP_SELF']);
|
||||||
|
|
||||||
if (!isset($_FILES['file']['name'])) {
|
if (!isset($_FILES['file']['name'])) {
|
||||||
|
@ -21,16 +23,37 @@
|
||||||
|
|
||||||
// init database
|
// init database
|
||||||
if ($sql == "true" || $sql) {
|
if ($sql == "true" || $sql) {
|
||||||
$Database = new SQLite3($sqlDB);
|
$Database = createTables($sqlDB);
|
||||||
$Database->exec("CREATE TABLE admins(id INTEGER PRIMARY KEY, key TEXT, useragent TEXT, ip TEXT)");
|
|
||||||
$Database->exec("CREATE TABLE keys(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, useragent TEXT, ip TEXT)");
|
|
||||||
$Database->exec("CREATE TABLE tkeys(id INTEGER PRIMARY KEY, key TEXT, uploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
|
|
||||||
$Database->exec("CREATE TABLE uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, useragent TEXT, ip TEXT)");
|
|
||||||
|
|
||||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||||
while ($line = $DatabaseQuery->fetchArray()) {
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
|
if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
|
||||||
|
$id = $line['id'];
|
||||||
|
$keyID = $id;
|
||||||
|
$numberOfUploads = $line['numberofuploads'] + 1;
|
||||||
|
|
||||||
|
$Database->exec("UPDATE keys SET lastused=$lastUsed WHERE id=$id");
|
||||||
|
$Database->exec("UPDATE keys SET numberofuploads=$numberOfUploads WHERE id=$id");
|
||||||
|
|
||||||
|
if ($storeIP || $storeIP == "true") {
|
||||||
|
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
||||||
|
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
||||||
|
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||||
|
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||||
|
} else {
|
||||||
|
$ip = $_SERVER['REMOTE_ADDR'];
|
||||||
|
}
|
||||||
|
|
||||||
|
$Database->exec("UPDATE keys SET ip=$ip WHERE id=$id");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($storeAgent || $storeAgent == "true") {
|
||||||
|
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
||||||
|
$Database->exec("UPDATE keys SET useragent=$userAgent WHERE id=$id");
|
||||||
|
}
|
||||||
|
|
||||||
$Authorized = 1;
|
$Authorized = 1;
|
||||||
|
$tempKeyUsed = 0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -38,11 +61,36 @@
|
||||||
if ($Authorized != 1) {
|
if ($Authorized != 1) {
|
||||||
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
|
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
|
||||||
while ($line = $DatabaseQuery->fetchArray()) {
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploads'] != 0) {
|
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0) {
|
||||||
$numberOfUploads = $line['uploads'] - 1;
|
$uploadsLeft = $line['uploadsleft'] - 1;
|
||||||
|
$numberOfUploads = $line['numberofuploads'] + 1;
|
||||||
|
$lastUsed = date($dateFormat);
|
||||||
$id = $line['id'];
|
$id = $line['id'];
|
||||||
$Database->exec("UPDATE tkeys SET uploads=$numberOfUploads WHERE id=$id");
|
$keyID = $id;
|
||||||
|
|
||||||
|
$Database->exec("UPDATE tkeys SET uploadsleft=$uploadsLeft WHERE id=$id");
|
||||||
|
$Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id=$id");
|
||||||
|
$Database->exec("UPDATE tkeys SET numberofuploads=$numberOfUploads WHERE id=$id");
|
||||||
|
|
||||||
|
if ($storeIP || $storeIP == "true") {
|
||||||
|
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
||||||
|
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
||||||
|
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||||
|
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||||
|
} else {
|
||||||
|
$ip = $_SERVER['REMOTE_ADDR'];
|
||||||
|
}
|
||||||
|
|
||||||
|
$Database->exec("UPDATE tkeys SET ip=$ip WHERE id=$id");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($storeAgent || $storeAgent == "true") {
|
||||||
|
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
||||||
|
$Database->exec("UPDATE tkeys SET useragent=$userAgent WHERE id=$id");
|
||||||
|
}
|
||||||
|
|
||||||
$Authorized = 1;
|
$Authorized = 1;
|
||||||
|
$tempKeyUsed = 1;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -109,6 +157,12 @@
|
||||||
if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
|
if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
|
||||||
$uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile;
|
$uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile;
|
||||||
|
|
||||||
|
if ($sql || $sql == "true") {
|
||||||
|
$lastUsed = date($dateFormat);
|
||||||
|
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
|
||||||
|
$Database->exec("INSERT INTO uploads(file, uploaddate, keyid, tempkey) VALUES('$uploadedFile', '$lastUsed', $keyID, $tempKeyUsed)");
|
||||||
|
}
|
||||||
|
|
||||||
if ($tempKeyUsed) { // Remove temporary key
|
if ($tempKeyUsed) { // Remove temporary key
|
||||||
$file = file_get_contents($tempKeyFile);
|
$file = file_get_contents($tempKeyFile);
|
||||||
$file = preg_replace("/\b$Key\b/", "", $file);
|
$file = preg_replace("/\b$Key\b/", "", $file);
|
||||||
|
|
Loading…
Reference in a new issue