speedie/keyload
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Improve remove.php, add remove-key.php for removing keys

Browse source
This commit is contained in:
Jacob 2023-09-30 19:01:41 +02:00
parent 89bd9b827f
commit 6f55b8b3f6
2 changed files with 162 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

93
remove-key.php Normal file
View file

@ -0,0 +1,93 @@
<?php
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
*/
include "config.php";
include "create-table.php";
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
} else {
print "No key specified.";
die();
}
if (isset($_REQUEST['id'])) {
$id = $_REQUEST['id'];
} else {
print "No ID specified.";
die();
}
$AdminIsPrimary = 0;
$KeyIsPrimary = 0;
$AuthorizedRemoval = 0;
$Removed = 0;
$Database = createTables($sqlDB);
// check if the key we passed is an admin key and if it's a primary admin key
$DatabaseQuery = $Database->query('SELECT * FROM admins');
while ($line = $DatabaseQuery->fetchArray()) {
if ($Key == $line['key']) {
if ($line['primaryadmin'] == 1) {
$AdminIsPrimary = 1;
}
$AuthorizedRemoval = 1;
break;
}
}
$DatabaseQuery = $Database->query('SELECT * FROM keys');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['id'] == $id && $line['id'] != "" && $id != "") { // passed ID is a key that exists
if ($AuthorizedRemoval == 1) {
$Database->exec("DELETE FROM keys WHERE id='$id'");
$Removed = 1;
} else {
print "You aren't authorized to perform this action.";
die();
}
break;
}
}
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1) { // passed ID is a key that exists
if ($AuthorizedRemoval == 1) {
$Database->exec("DELETE FROM tkeys WHERE id='$id'");
$Removed = 1;
} else {
print "You aren't authorized to perform this action.";
die();
}
break;
}
}
$DatabaseQuery = $Database->query('SELECT * FROM admins');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1 && $line['primaryadmin'] != 1) { // passed ID is a key that exists
if ($AuthorizedRemoval == 1 && $AdminIsPrimary == 1) { // in order to delete an admin key you must be a primary admin
$Database->exec("DELETE FROM admins WHERE id='$id'");
$Removed = 1;
} else {
print "You aren't authorized to perform this action.";
die();
}
break;
}
}
if ($AuthorizedRemoval != 1) {
print "You aren't authorized to perform this action.";
die();
}
?>

133
remove.php
View file

@ -1,82 +1,87 @@
<?php
include "config.php";
include "create-table.php";
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
*/
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
} else {
print "No key specified.";
die();
}
include "config.php";
include "create-table.php";
if (isset($_REQUEST['id'])) {
$fileID = $_REQUEST['id'];
} else {
print "No ID specified.";
die();
}
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
} else {
print "No key specified.";
die();
}
if (!$enableUploadRemoval || $enableUploadRemoval == "false") {
print "Uploads cannot be removed.";
die();
}
if (isset($_REQUEST['id'])) {
$fileID = $_REQUEST['id'];
} else {
print "No ID specified.";
die();
}
$FileToRemove = "";
$AuthorizedRemoval = 0;
$fileUploadedByPrimary = 0;
if (!$enableUploadRemoval || $enableUploadRemoval == "false") {
print "Uploads cannot be removed.";
die();
}
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
$FileToRemove = "";
$AuthorizedRemoval = 0;
$fileUploadedByPrimary = 0;
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['id'] == $fileID) { // passed ID is a file that exists
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
// check if our key is authorized to remove the file
if (($enableKeys || $enableKeys == "true") && ($enableKeyUploadRemoval || $enableKeyUploadRemoval == "true")) {
$keyDatabaseQuery = $Database->query('SELECT * FROM keys');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['id'] == $fileID) { // passed ID is a file that exists
while ($kline = $keyDatabaseQuery->fetchArray()) {
if ($line['keyid'] == $kline['id']) {
// check if our key is authorized to remove the file
if (($enableKeys || $enableKeys == "true") && ($enableKeyUploadRemoval || $enableKeyUploadRemoval == "true")) {
$keyDatabaseQuery = $Database->query('SELECT * FROM keys');
while ($kline = $keyDatabaseQuery->fetchArray()) {
if ($line['keyid'] == $kline['id']) {
$AuthorizedRemoval = 1;
break;
}
}
}
// check if the key is an admin key, automatically making it authorized to remove the file provided it wasn't uploaded by a primary admin
if ($AuthorizedRemoval != 1 && ($enableUploadRemoval || $enableUploadRemoval == "true")) {
$keyDatabaseQuery = $Database->query('SELECT * FROM admins');
// check if the file was uploaded by a primary admin
while ($kline = $keyDatabaseQuery->fetchArray()) {
if ($kline['key'] == $line['keyid']) {
$fileUploadedByPrimary = $kline['primaryadmin'];
}
}
while ($kline = $keyDatabaseQuery->fetchArray()) {
if ($kline['key'] == $Key && $Key != "" && $kline['key'] != "") { // key = passed key
if (($fileUploadedByPrimary == 1 && $kline['primaryadmin'] == 1) || ($fileUploadedByPrimary == 0)) { // primary key passed and primary file OR non primary file
$AuthorizedRemoval = 1;
break;
}
}
}
// check if the key is an admin key, automatically making it authorized to remove the file provided it wasn't uploaded by a primary admin
if ($AuthorizedRemoval != 1 && ($enableUploadRemoval || $enableUploadRemoval == "true")) {
$keyDatabaseQuery = $Database->query('SELECT * FROM admins');
// check if the file was uploaded by a primary admin
while ($kline = $keyDatabaseQuery->fetchArray()) {
if ($kline['key'] == $line['keyid']) {
$fileUploadedByPrimary = $kline['primaryadmin'];
}
}
while ($kline = $keyDatabaseQuery->fetchArray()) {
if ($kline['key'] == $Key && $Key != "" && $kline['key'] != "") { // key = passed key
if (($fileUploadedByPrimary == 1 && $kline['primaryadmin'] == 1) || ($fileUploadedByPrimary == 0)) { // primary key passed and primary file OR non primary file
$AuthorizedRemoval = 1;
break;
}
}
}
}
$FileToRemove = $line['file'];
break;
}
}
// fuck off pleb
if ($AuthorizedRemoval != 1) {
print "You aren't authorized to perform this action.";
die();
}
$FileToRemove = $line['file'];
$Database->exec("DELETE FROM uploads WHERE id='$fileID'");
unlink(ltrim($FileToRemove, '/'));
break;
}
}
// fuck off pleb
if ($AuthorizedRemoval != 1) {
print "You aren't authorized to perform this action.";
die();
}
$Database->exec("DELETE FROM uploads WHERE id='$fileID'");
unlink(ltrim($FileToRemove, '/'));
?>