diff --git a/add-keys.php b/add-keys.php deleted file mode 100644 index 95f8384..0000000 --- a/add-keys.php +++ /dev/null @@ -1,182 +0,0 @@ -query('SELECT * FROM admins'); - $Authorized = 0; - - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") { - $Authorized = 1; - break; - } - } - - // Make sure no existing key exists with that value - $DatabaseQuery = $Database->query('SELECT * FROM keys'); - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == "$Value") { - print "A key with that value already exists."; - die(); - } - } - - if ($Authorized != 1) { - print "You are not authorized to perform this action."; - die(); - } - - $numberOfUploads = 0; - $lastUsed = ""; - $Issued = ""; - $ip = ""; - $userAgent = ""; - - if ($storeAgent || $storeAgent == "true") { - $userAgent = getUserAgent(); - } - - if ($storeIssued || $storeIssued == "true") { - $Issued = date($dateFormat); - } - - if ($storeLastUsage || $storeLastUsage == "true") { - $lastUsed = date($dateFormat); - } - - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); - } - - $Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); -} - -function addTempKey($adminKey, $Value, $uploadsLeft) { - include "config.php"; - - $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM admins'); - $Authorized = 0; - - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") { - $Authorized = 1; - break; - } - } - - // Make sure no existing key exists with that value - $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == "$Value") { - print "A key with that value already exists."; - die(); - } - } - - if ($Authorized != 1) { - print "You are not authorized to perform this action."; - die(); - } - - $numberOfUploads = 0; - $lastUsed = ""; - $Issued = ""; - $ip = ""; - $userAgent = ""; - - if ($storeAgent || $storeAgent == "true") { - $userAgent = getUserAgent(); - } - - if ($storeIssued || $storeIssued == "true") { - $Issued = date($dateFormat); - } - - if ($storeLastUsage || $storeLastUsage == "true") { - $lastUsed = date($dateFormat); - } - - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); - } - - $Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); -} - -function addAdminKey($adminKey, $Value, $Primary) { - include "config.php"; - - $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM admins'); - $Authorized = 0; - - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "" && $line['primaryadmin'] == 1) { - $Authorized = 1; - break; - } - } - - // Make sure no existing key exists with that value - $DatabaseQuery = $Database->query('SELECT * FROM admins'); - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == "$Value") { - print "A key with that value already exists."; - die(); - } - } - - if ($Authorized != 1) { - print "You are not authorized to perform this action."; - die(); - } - - $numberOfUploads = 0; - $lastUsed = ""; - $Issued = ""; - $ip = ""; - $userAgent = ""; - - if ($storeAgent || $storeAgent == "true") { - $userAgent = getUserAgent(); - } - - if ($storeIssued || $storeIssued == "true") { - $Issued = date($dateFormat); - } - - if ($storeLastUsage || $storeLastUsage == "true") { - $lastUsed = date($dateFormat); - } - - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); - } - - $Database->exec("INSERT INTO admins(key, primaryadmin, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); -} -?> diff --git a/admin.php b/admin.php index c699537..99faea9 100644 --- a/admin.php +++ b/admin.php @@ -12,6 +12,7 @@ $Action = ""; $Authorized = 0; $Primary = 0; $filterID = -1; +$Error = 0; if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) { header('Location: login.php?redir=admin'); @@ -33,6 +34,12 @@ if (!isset($_REQUEST['id'])) { $filterID = $_REQUEST['id']; } +if (!isset($_REQUEST['e'])) { + $Error = 0; +} else { + $Error = $_REQUEST['e']; +} + // in case admin keys are disabled if (!$enableAdminKeys || $enableAdminKeys == "false") { header('Location: /'); @@ -75,6 +82,12 @@ if ($Action == "keys") { $html .= "\t\t\t\t\t\tKeys\n"; } +if ($Action == "create") { + $html .= "\t\t\t\t\t\tCreate\n"; +} else { + $html .= "\t\t\t\t\t\tCreate\n"; +} + $html .= "\t\t\t\t\t\n"; $html .= "\t\t\t\t\n"; @@ -109,7 +122,7 @@ if ($Action == "files") { $html .= "\t\t\t\t\t\n"; $html .= "\t\t\t\t\t\t$ID\n"; - $html .= "\t\t\t\t\t\t$Filename\n"; + $html .= "\t\t\t\t\t\t$Filename\n"; $html .= "\t\t\t\t\t\t$uploadDate\n"; $html .= "\t\t\t\t\t\t$keyID\n"; $html .= "\t\t\t\t\t\t$keyType\n"; @@ -119,6 +132,37 @@ if ($Action == "files") { } $html .= "\t\t\t\t\n"; +} else if ($Action == "create") { + $html .= "\t\t\t\t
\n"; + $html .= "\t\t\t\t\t\n"; + $html .= "\t\t\t\t\t\n"; + $html .= "\t\t\t\t\t\n"; + $html .= "\t\t\t\t\t\n"; + $html .= "\t\t\t\t\t\n"; + $html .= "\t\t\t\t\t\n"; + $html .= "\t\t\t\t\t\n"; + $html .= "\t\t\t\t
\n"; + + // handle errors + if ($Error == "data") { + $html .= "\t\t\t\t

Invalid key.

\n"; + } else if ($Error == "type") { + $html .= "\t\t\t\t

Invalid type.

\n"; + } else if ($Error == "denied") { + $html .= "\t\t\t\t

You don't have permission to create a key of this type.

\n"; + } else if ($Error == "exists") { + $html .= "\t\t\t\t

This key already exists.

\n"; + } else if ($Error == "uploads") { + $html .= "\t\t\t\t

Invalid amount of uploads.

\n"; + } } else if ($Action == "keys") { if ($Primary != 1) { $html .= "\t\t\t\t

Administrator keys are not visible.

\n"; diff --git a/create.php b/create.php index 8adae62..8a1d02f 100644 --- a/create.php +++ b/create.php @@ -5,26 +5,77 @@ */ include "config.php"; -include "add-keys.php"; +include "create-table.php"; -if (isset($_REQUEST['key'])) { - $Key = $_REQUEST['key']; -} else { - print "No admin key specified."; +function getIPAddress() { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + return $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + return $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + return $_SERVER['REMOTE_ADDR']; + } +} + +function getUserAgent() { + return $_SERVER['HTTP_USER_AGENT']; +} + +$Redirect = ""; +$uploadsLeft = 1; +$AuthorizedRemoval = 0; +$AdminIsPrimary = 0; + +if (isset($_REQUEST['redir'])) { + $Redirect = $_REQUEST['redir']; +} + +if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) { + header('Location: login.php?redir=admin'); + die(); +} else if ($_COOKIE[$cookieTypeName] != 2) { // not allowed + header('Location: /'); die(); } -if (isset($_REQUEST['data'])) { +$Database = createTables($sqlDB); +$DatabaseQuery = $Database->query('SELECT * FROM admins'); + +while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { + $AuthorizedRemoval = 1; + $AdminIsPrimary = $line['primaryadmin']; + break; + } +} + +// not authorized +if ($AuthorizedRemoval != 1) { + header('Location: /'); + die(); +} + +if (isset($_REQUEST['data']) && $_REQUEST['data'] != "") { $Data = $_REQUEST['data']; } else { - print "No data specified."; + if ($Redirect == "admin") { + header("Location: admin.php?action=create&e=data"); + } else { + header("Location: /"); + } + die(); } -if (isset($_REQUEST['type'])) { +if (isset($_REQUEST['type']) && $_REQUEST['type'] != "") { $Type = $_REQUEST['type']; } else { - print "No type specified."; + if ($Redirect == "admin") { + header("Location: admin.php?action=create&e=type"); + } else { + header("Location: /"); + } + die(); } @@ -34,14 +85,156 @@ if (isset($_REQUEST['uploads']) && $Type == "Temporary") { $Uploads = 1; } -if ($Type == "Admin") { - addAdminKey($Key, $Data, 0); -} else if ($Type == "Temporary") { - addTempKey($Key, $Data, $Uploads); -} else if ($Type == "Key") { - addKey($Key, $Data); -} else { - print "Invalid type specified."; +if (isset($_REQUEST['uploadsleft']) && $Type == "Temporary") { + $uploadsLeft = $_REQUEST['uploadsleft']; +} + +if (($_REQUEST['uploadsleft'] == 0 || !isset($_REQUEST['uploadsleft'])) && $Type == "Temporary") { + if ($Redirect == "admin") { + header("Location: admin.php?action=create&e=uploads"); + } else { + header("Location: /"); + } + die(); } + +if ($Type == "Admin") { + if ($AdminIsPrimary != 1) { + if ($Redirect == "admin") { + header("Location: admin.php?action=create&e=denied"); + } else { + header("Location: /"); + } + + die(); + } + + $DatabaseQuery = $Database->query('SELECT * FROM admins'); + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == "$Data") { + if ($Redirect == "admin") { + header("Location: admin.php?action=create&e=exists"); + } else { + header("Location: /"); + } + + die(); + } + } + + $numberOfUploads = 0; + $lastUsed = ""; + $Issued = ""; + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); + } + + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); + } + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); + } + + $Database->exec("INSERT INTO admins(key, primaryadmin, numberofuploads, lastused, issued, ip, useragent) VALUES('$Data', '0', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} else if ($Type == "Temporary") { + $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == "$Data") { + if ($Redirect == "admin") { + header("Location: admin.php?action=create&e=exists"); + } else { + header("Location: /"); + } + + die(); + } + } + + $numberOfUploads = 0; + $lastUsed = ""; + $Issued = ""; + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); + } + + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); + } + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); + } + + $Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Data', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} else if ($Type == "Key") { + $DatabaseQuery = $Database->query('SELECT * FROM keys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == "$Data") { + if ($Redirect == "admin") { + header("Location: admin.php?action=create&e=exists"); + } else { + header("Location: /"); + } + + die(); + } + } + + $numberOfUploads = 0; + $lastUsed = ""; + $Issued = ""; + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); + } + + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); + } + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); + } + + $Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Data', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} else { + if ($Redirect == "admin") { + header("Location: admin.php?action=create&e=type"); + } else { + header("Location: /"); + } + + die(); +} + +if ($Redirect == "admin") { + header("Location: admin.php?action=keys"); +} else { + header("Location: /"); +} + ?> diff --git a/index.css b/index.css index 0fb3ee7..c588d0a 100644 --- a/index.css +++ b/index.css @@ -43,6 +43,10 @@ footer { color: #ff0000; } +.adminError { + color: #ff0000; +} + .content { color: #f0eee4; padding: 5px; @@ -69,6 +73,10 @@ footer { background-color: #363636; } +.adminCreateForm { + padding: 10px; +} + .adminWarning { color: #ffff00; } diff --git a/upload.php b/upload.php index de26b74..c083257 100644 --- a/upload.php +++ b/upload.php @@ -122,10 +122,10 @@ if (!$publicUploading || $publicUploading == "false") { $id = $line['id']; $keyID = $id; $numberOfUploads = $line['numberofuploads'] + 1; - $lastUsed = date($dateFormat); + $lastUsed = date($dateFormat); - $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); - $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + $Database->exec("UPDATE admins SET lastused='$lastUsed' WHERE id='$id'"); + $Database->exec("UPDATE admins SET numberofuploads='$numberOfUploads' WHERE id='$id'"); if ($storeIP || $storeIP == "true") { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { @@ -136,12 +136,12 @@ if (!$publicUploading || $publicUploading == "false") { $ip = $_SERVER['REMOTE_ADDR']; } - $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'"); + $Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'"); } if ($storeAgent || $storeAgent == "true") { $userAgent = $_SERVER['HTTP_USER_AGENT']; - $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'"); + $Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'"); } $Authorized = 1; @@ -196,12 +196,6 @@ if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { $DatabaseQuery = $Database->query('SELECT * FROM uploads'); $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')"); - if ($keyType == 1) { // Remove temporary key - $file = file_get_contents($tempKeyFile); - $file = preg_replace("/\b$Key\b/", "", $file); - file_put_contents($tempKeyFile, $file); - } - print "$uploadedFile"; if (isset($_REQUEST['web'])) { // redirect back to index