speedie/keyload
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Use sessions rather than cookies

Browse source
This commit is contained in:
Jacob 2023-10-04 21:37:52 +02:00
parent 2d4cb3c5d9
commit 7377c9e245
13 changed files with 39 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
about.php
View file

@ -1,4 +1,4 @@
<?php
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0

8
admin.php
View file

@ -1,4 +1,4 @@
<?php
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
@ -13,10 +13,10 @@ $Primary = 0;
$filterID = -1;
$Error = "";
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
header('Location: login.php?redir=admin');
die();
} else if ($_COOKIE[$cookieTypeName] != 2) { // not allowed
} else if ($_SESSION['type'] != 2) { // not allowed
header('Location: /');
die();
}
@ -49,7 +49,7 @@ $Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM keys');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && $line['keytype'] == 2 && ($enableKeys || $enableKeys == "true")) {
if ($line['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $line['key'] != "" && $line['keytype'] == 2 && ($enableKeys || $enableKeys == "true")) {
$Authorized = 1;
$Primary = $line['primaryadmin'];
break;

1
config.def.ini
View file

@ -26,7 +26,6 @@ sqldb = curload.sql
enable_keys = true
enable_temporary_keys = true
enable_admin_keys = true
cookie_name = speedierocks
[logging]
store_ip = true

4
config.php
View file

@ -24,13 +24,11 @@ $dateFormat = "Y/m/d";
$instanceName = "curload";
$instanceDescription = "curload is a simple file uploading site allowing users to upload files by authenticating using a key.";
$footerText = "Licensed under the GNU Affero General Public License version 3.0.";
$cookieName = "speedierocks";
$enableKeys = true;
$enableAdminKeys = true;
$enableTemporaryKeys = true;
$enableUploadRemoval = true;
$enableKeyUploadRemoval = false;
$cookieTypeName = "$cookieName" . "_type";
$configFile = "";
@ -72,7 +70,5 @@ $enableAdminKeys = $configEntries['enable_admin_keys'];
$enableTemporaryKeys = $configEntries['enable_temporary_keys'];
$enableUploadRemoval = $configEntries['enable_upload_removal'];
$enableKeyUploadRemoval = $configEntries['enable_key_upload_removal'];
$cookieName = $configEntries['cookie_name'];
$javaScript = $configEntries['javascript'];
$cookieTypeName = "$cookieName" . "_type";
?>

8
core.php
View file

@ -51,7 +51,7 @@ function printHeader($html) {
$html .= "\t\t\t<span id='titleSpan' class='title'>\n";
if (file_exists($Logo)) $html .= "\t\t\t\t<img src=\"$Logo\" id=\"titleLogo\" class=\"title\" width=\"$logoHeaderSize\" height=\"$logoHeaderSize\">\n";
$html .= "\t\t\t\t<small id='title'><a id='title' href=\"/\">$instanceName</a></small>\n";
if (isset($_COOKIE[$cookieName])) $html .= "\t\t\t\t<small id='files'><a id='files' href=\"files.php\">Your files</a></small>\n";
if (isset($_SESSION['key'])) $html .= "\t\t\t\t<small id='files'><a id='files' href=\"files.php\">Your files</a></small>\n";
foreach (glob('*.php') as $file) {
if (!file_exists("$file".".name")) {
@ -63,13 +63,13 @@ function printHeader($html) {
$html .= "\t\t\t\t<small id='$name'><a id='$name' href=\"$file\">$name</a></small>\n";
}
if (!isset($_COOKIE[$cookieName])) {
if (!isset($_SESSION['key'])) {
$html .= "\t\t\t\t<small id='login'><a id='login' href=\"login.php\">Log in</a></small>\n";
} else {
$html .= "\t\t\t\t<small id='logout'><a id='logout' href=\"login.php?logout=true\">Log out</a></small>\n";
}
if (isset($_COOKIE[$cookieTypeName]) && $_COOKIE[$cookieTypeName] == 2) {
if (isset($_SESSION['type']) && $_SESSION['type'] == 2) {
$html .= "\t\t\t\t<small id='administration'><a id='administration' href=\"admin.php\">Administration</a></small>\n";
}
@ -101,7 +101,7 @@ function printFileUploadForm($html, $Error) {
include "config.php";
// print the form
if (isset($_COOKIE[$cookieTypeName]) || ($publicUploading || $publicUploading == "true")) {
if (isset($_SESSION['type']) || ($publicUploading || $publicUploading == "true")) {
$html .= "\t\t\t<form action=\"upload.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
$html .= "\t\t\t\t<input type=\"file\" name=\"file\" id=\"file\">\n";
$html .= "\t\t\t\t<input type=\"submit\" value=\"Upload selected file\" name=\"web\">\n";

8
create.php
View file

@ -1,4 +1,4 @@
<?php
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
@ -29,10 +29,10 @@ $DatabaseQuery = $Database->query('SELECT * FROM keys');
if (!checkIfAdminExists()) {
$firstKey = 1;
} else {
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
header('Location: login.php?redir=admin');
die();
} else if ($_COOKIE[$cookieTypeName] != 2) { // not allowed
} else if ($_SESSION['type'] != 2) { // not allowed
header('Location: /');
die();
}
@ -42,7 +42,7 @@ if (!checkIfAdminExists()) {
$DatabaseQuery = $Database->query('SELECT * FROM keys');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
if ($line['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
$AuthorizedCreation = 1;
$AdminIsPrimary = $line['primaryadmin'];
break;

6
files.php
View file

@ -1,4 +1,4 @@
<?php
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
@ -17,7 +17,7 @@ $html .= "\t\t\t<h1>Your files</h1>\n";
$html .= "\t\t\t\t<p>These are the files you have uploaded using this key.</p>\n";
// If logged in ...
if (isset($_COOKIE[$cookieTypeName]) && (!$publicUploading || $publicUploading == "false")) {
if (isset($_SESSION['type']) && (!$publicUploading || $publicUploading == "false")) {
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
@ -46,7 +46,7 @@ if (isset($_COOKIE[$cookieTypeName]) && (!$publicUploading || $publicUploading =
$UserDatabaseQuery = $Database->query('SELECT * FROM keys');
while ($uline = $UserDatabaseQuery->fetchArray()) {
if ($uline['id'] == $keyID && $_COOKIE[$cookieName] == $uline['key']) {
if ($uline['id'] == $keyID && $_SESSION['key'] == $uline['key']) {
$CorrectFile = 1;
break;
}

4
index.php
View file

@ -1,4 +1,4 @@
<?php
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
@ -29,7 +29,7 @@ $html .= "\t\t\t<h1>$instanceName</h1>\n";
$html .= "\t\t\t\t<p>$instanceDescription</p>\n";
// If logged in ...
if (isset($_COOKIE[$cookieTypeName]) || ($publicUploading || $publicUploading == "true")) {
if (isset($_SESSION['type']) || ($publicUploading || $publicUploading == "true")) {
$html = printFileUploadForm($html, $Error);
} else {
$html .= "\t\t\t\t<p>To upload a file, <a href=\"login.php\">log in using your key</a> and select a file to upload. After uploading, you will receive a link to the file stored on the servers.</p>\n";

17
login.php
View file

@ -1,4 +1,4 @@
<?php
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
@ -15,16 +15,17 @@ if (isset($_REQUEST['redir'])) {
$Redirect = $_REQUEST['redir'];
}
// if a cookie exists, redirect the user there instead
if (isset($_COOKIE[$cookieName])) {
// if a session exists, redirect the user there instead
if (isset($_SESSION['key'])) {
if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "true") {
setcookie($cookieName, "", 0);
setcookie($cookieTypeName, "", 0);
session_unset();
session_destroy();
header('Location: login.php');
die();
}
if ($Redirect == "index" || ($Redirect == "admin" && $_COOKIE[$cookieTypeName] != 2) || $Redirect == "") {
if ($Redirect == "index" || ($Redirect == "admin" && $_SESSION['type'] != 2) || $Redirect == "") {
header('Location: /');
die();
} else if ($Redirect == "admin") {
@ -78,8 +79,8 @@ if (isset($_REQUEST['key'])) {
die();
}
setcookie($cookieName, $Key);
setcookie($cookieTypeName, $KeyType);
$_SESSION['key'] = $Key;
$_SESSION['type'] = $KeyType;
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
header("Location: login.php?e=true&redir=$Redirect");

8
remove-key.php
View file

@ -1,4 +1,4 @@
<?php
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
@ -7,10 +7,10 @@
include "config.php";
include "core.php";
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
header('Location: login.php?redir=admin');
die();
} else if ($_COOKIE[$cookieTypeName] != 2) { // not allowed
} else if ($_SESSION['type'] != 2) { // not allowed
header('Location: /');
die();
}
@ -45,7 +45,7 @@ $Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM keys');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['keytype'] == 2 && $line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
if ($line['keytype'] == 2 && $line['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
$AuthorizedRemoval = 1;
$AdminIsPrimary = $line['primaryadmin'];
break;

8
remove.php
View file

@ -1,4 +1,4 @@
<?php
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
@ -7,10 +7,10 @@
include "config.php";
include "core.php";
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
header('Location: login.php');
die();
} else if ($_COOKIE[$cookieTypeName] != 2 && (!$enableKeyUploadRemoval || $enableKeyUploadRemoval == "false")) { // not allowed
} else if ($_SESSION['type'] != 2 && (!$enableKeyUploadRemoval || $enableKeyUploadRemoval == "false")) { // not allowed
header('Location: /');
die();
}
@ -66,7 +66,7 @@ while ($line = $DatabaseQuery->fetchArray()) {
}
while ($kline = $keyDatabaseQuery->fetchArray()) {
if ($kline['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $kline['key'] != "" && $kline['keytype'] == 2) { // key = passed key
if ($kline['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $kline['key'] != "" && $kline['keytype'] == 2) { // key = passed key
if (($fileUploadedByPrimary == 1 && $kline['primaryadmin'] == 1) || ($fileUploadedByPrimary == 0)) { // primary key passed and primary file OR non primary file
$AuthorizedRemoval = 1;
break;

2
setup.php
View file

@ -1,4 +1,4 @@
<?php
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0

6
upload.php
View file

@ -1,4 +1,4 @@
<?php
<?php session_start();
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
@ -12,8 +12,8 @@ $WebInterface = 1;
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
$WebInterface = 0;
} else if (isset($_COOKIE[$cookieName])) {
$Key = $_COOKIE[$cookieName];
} else if (isset($_SESSION['key'])) {
$Key = $_SESSION['key'];
$WebInterface = 1;
} else if (!$publicUploading || $publicUploading == "false") {
print "No key specified.";