Improve remove.php, add remove-key.php for removing keys
This commit is contained in:
parent
89bd9b827f
commit
6f55b8b3f6
93
remove-key.php
Normal file
93
remove-key.php
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
<?php
|
||||||
|
/* curload
|
||||||
|
* Simple file uploading using POST requests and temporary keys
|
||||||
|
* Licensed under the GNU Affero General Public License version 3.0
|
||||||
|
*/
|
||||||
|
include "config.php";
|
||||||
|
include "create-table.php";
|
||||||
|
|
||||||
|
if (isset($_REQUEST['key'])) {
|
||||||
|
$Key = $_REQUEST['key'];
|
||||||
|
} else {
|
||||||
|
print "No key specified.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_REQUEST['id'])) {
|
||||||
|
$id = $_REQUEST['id'];
|
||||||
|
} else {
|
||||||
|
print "No ID specified.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
|
$AdminIsPrimary = 0;
|
||||||
|
$KeyIsPrimary = 0;
|
||||||
|
$AuthorizedRemoval = 0;
|
||||||
|
$Removed = 0;
|
||||||
|
|
||||||
|
$Database = createTables($sqlDB);
|
||||||
|
|
||||||
|
// check if the key we passed is an admin key and if it's a primary admin key
|
||||||
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
|
if ($Key == $line['key']) {
|
||||||
|
if ($line['primaryadmin'] == 1) {
|
||||||
|
$AdminIsPrimary = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
$AuthorizedRemoval = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
|
if ($line['id'] == $id && $line['id'] != "" && $id != "") { // passed ID is a key that exists
|
||||||
|
if ($AuthorizedRemoval == 1) {
|
||||||
|
$Database->exec("DELETE FROM keys WHERE id='$id'");
|
||||||
|
$Removed = 1;
|
||||||
|
} else {
|
||||||
|
print "You aren't authorized to perform this action.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
|
||||||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
|
if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1) { // passed ID is a key that exists
|
||||||
|
if ($AuthorizedRemoval == 1) {
|
||||||
|
$Database->exec("DELETE FROM tkeys WHERE id='$id'");
|
||||||
|
$Removed = 1;
|
||||||
|
} else {
|
||||||
|
print "You aren't authorized to perform this action.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
|
if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1 && $line['primaryadmin'] != 1) { // passed ID is a key that exists
|
||||||
|
if ($AuthorizedRemoval == 1 && $AdminIsPrimary == 1) { // in order to delete an admin key you must be a primary admin
|
||||||
|
$Database->exec("DELETE FROM admins WHERE id='$id'");
|
||||||
|
$Removed = 1;
|
||||||
|
} else {
|
||||||
|
print "You aren't authorized to perform this action.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($AuthorizedRemoval != 1) {
|
||||||
|
print "You aren't authorized to perform this action.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
133
remove.php
133
remove.php
|
@ -1,82 +1,87 @@
|
||||||
<?php
|
<?php
|
||||||
include "config.php";
|
/* curload
|
||||||
include "create-table.php";
|
* Simple file uploading using POST requests and temporary keys
|
||||||
|
* Licensed under the GNU Affero General Public License version 3.0
|
||||||
|
*/
|
||||||
|
|
||||||
if (isset($_REQUEST['key'])) {
|
include "config.php";
|
||||||
$Key = $_REQUEST['key'];
|
include "create-table.php";
|
||||||
} else {
|
|
||||||
print "No key specified.";
|
|
||||||
die();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($_REQUEST['id'])) {
|
if (isset($_REQUEST['key'])) {
|
||||||
$fileID = $_REQUEST['id'];
|
$Key = $_REQUEST['key'];
|
||||||
} else {
|
} else {
|
||||||
print "No ID specified.";
|
print "No key specified.";
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$enableUploadRemoval || $enableUploadRemoval == "false") {
|
if (isset($_REQUEST['id'])) {
|
||||||
print "Uploads cannot be removed.";
|
$fileID = $_REQUEST['id'];
|
||||||
die();
|
} else {
|
||||||
}
|
print "No ID specified.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
$FileToRemove = "";
|
if (!$enableUploadRemoval || $enableUploadRemoval == "false") {
|
||||||
$AuthorizedRemoval = 0;
|
print "Uploads cannot be removed.";
|
||||||
$fileUploadedByPrimary = 0;
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
$Database = createTables($sqlDB);
|
$FileToRemove = "";
|
||||||
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
|
$AuthorizedRemoval = 0;
|
||||||
|
$fileUploadedByPrimary = 0;
|
||||||
|
|
||||||
while ($line = $DatabaseQuery->fetchArray()) {
|
$Database = createTables($sqlDB);
|
||||||
if ($line['id'] == $fileID) { // passed ID is a file that exists
|
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
|
||||||
|
|
||||||
// check if our key is authorized to remove the file
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
if (($enableKeys || $enableKeys == "true") && ($enableKeyUploadRemoval || $enableKeyUploadRemoval == "true")) {
|
if ($line['id'] == $fileID) { // passed ID is a file that exists
|
||||||
$keyDatabaseQuery = $Database->query('SELECT * FROM keys');
|
|
||||||
|
|
||||||
while ($kline = $keyDatabaseQuery->fetchArray()) {
|
// check if our key is authorized to remove the file
|
||||||
if ($line['keyid'] == $kline['id']) {
|
if (($enableKeys || $enableKeys == "true") && ($enableKeyUploadRemoval || $enableKeyUploadRemoval == "true")) {
|
||||||
|
$keyDatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||||
|
|
||||||
|
while ($kline = $keyDatabaseQuery->fetchArray()) {
|
||||||
|
if ($line['keyid'] == $kline['id']) {
|
||||||
|
$AuthorizedRemoval = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// check if the key is an admin key, automatically making it authorized to remove the file provided it wasn't uploaded by a primary admin
|
||||||
|
if ($AuthorizedRemoval != 1 && ($enableUploadRemoval || $enableUploadRemoval == "true")) {
|
||||||
|
$keyDatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||||
|
|
||||||
|
// check if the file was uploaded by a primary admin
|
||||||
|
while ($kline = $keyDatabaseQuery->fetchArray()) {
|
||||||
|
if ($kline['key'] == $line['keyid']) {
|
||||||
|
$fileUploadedByPrimary = $kline['primaryadmin'];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
while ($kline = $keyDatabaseQuery->fetchArray()) {
|
||||||
|
if ($kline['key'] == $Key && $Key != "" && $kline['key'] != "") { // key = passed key
|
||||||
|
if (($fileUploadedByPrimary == 1 && $kline['primaryadmin'] == 1) || ($fileUploadedByPrimary == 0)) { // primary key passed and primary file OR non primary file
|
||||||
$AuthorizedRemoval = 1;
|
$AuthorizedRemoval = 1;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if the key is an admin key, automatically making it authorized to remove the file provided it wasn't uploaded by a primary admin
|
|
||||||
if ($AuthorizedRemoval != 1 && ($enableUploadRemoval || $enableUploadRemoval == "true")) {
|
|
||||||
$keyDatabaseQuery = $Database->query('SELECT * FROM admins');
|
|
||||||
|
|
||||||
// check if the file was uploaded by a primary admin
|
|
||||||
while ($kline = $keyDatabaseQuery->fetchArray()) {
|
|
||||||
if ($kline['key'] == $line['keyid']) {
|
|
||||||
$fileUploadedByPrimary = $kline['primaryadmin'];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
while ($kline = $keyDatabaseQuery->fetchArray()) {
|
|
||||||
if ($kline['key'] == $Key && $Key != "" && $kline['key'] != "") { // key = passed key
|
|
||||||
if (($fileUploadedByPrimary == 1 && $kline['primaryadmin'] == 1) || ($fileUploadedByPrimary == 0)) { // primary key passed and primary file OR non primary file
|
|
||||||
$AuthorizedRemoval = 1;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$FileToRemove = $line['file'];
|
|
||||||
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// fuck off pleb
|
$FileToRemove = $line['file'];
|
||||||
if ($AuthorizedRemoval != 1) {
|
|
||||||
print "You aren't authorized to perform this action.";
|
|
||||||
die();
|
|
||||||
}
|
|
||||||
|
|
||||||
$Database->exec("DELETE FROM uploads WHERE id='$fileID'");
|
break;
|
||||||
unlink(ltrim($FileToRemove, '/'));
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// fuck off pleb
|
||||||
|
if ($AuthorizedRemoval != 1) {
|
||||||
|
print "You aren't authorized to perform this action.";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
|
$Database->exec("DELETE FROM uploads WHERE id='$fileID'");
|
||||||
|
unlink(ltrim($FileToRemove, '/'));
|
||||||
?>
|
?>
|
||||||
|
|
Loading…
Reference in a new issue