speedie/keyload
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Use sessions rather than cookies

Browse source
This commit is contained in:
Jacob 2023-10-04 21:37:52 +02:00
parent 2d4cb3c5d9
commit 7377c9e245
13 changed files with 39 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
about.php
View file

@ -1,4 +1,4 @@
<?php <?php session_start();
/* curload /* curload
* Simple file uploading using POST requests and temporary keys * Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0 * Licensed under the GNU Affero General Public License version 3.0

8
admin.php
View file

@ -1,4 +1,4 @@
<?php <?php session_start();
/* curload /* curload
* Simple file uploading using POST requests and temporary keys * Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0 * Licensed under the GNU Affero General Public License version 3.0
@ -13,10 +13,10 @@ $Primary = 0;
$filterID = -1; $filterID = -1;
$Error = ""; $Error = "";
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) { if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
header('Location: login.php?redir=admin'); header('Location: login.php?redir=admin');
die(); die();
} else if ($_COOKIE[$cookieTypeName] != 2) { // not allowed } else if ($_SESSION['type'] != 2) { // not allowed
header('Location: /'); header('Location: /');
die(); die();
} }
@ -49,7 +49,7 @@ $Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM keys'); $DatabaseQuery = $Database->query('SELECT * FROM keys');
while ($line = $DatabaseQuery->fetchArray()) { while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && $line['keytype'] == 2 && ($enableKeys || $enableKeys == "true")) { if ($line['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $line['key'] != "" && $line['keytype'] == 2 && ($enableKeys || $enableKeys == "true")) {
$Authorized = 1; $Authorized = 1;
$Primary = $line['primaryadmin']; $Primary = $line['primaryadmin'];
break; break;

1
config.def.ini
View file

@ -26,7 +26,6 @@ sqldb = curload.sql
enable_keys = true enable_keys = true
enable_temporary_keys = true enable_temporary_keys = true
enable_admin_keys = true enable_admin_keys = true
cookie_name = speedierocks
[logging] [logging]
store_ip = true store_ip = true

4
config.php
View file

@ -24,13 +24,11 @@ $dateFormat = "Y/m/d";
$instanceName = "curload"; $instanceName = "curload";
$instanceDescription = "curload is a simple file uploading site allowing users to upload files by authenticating using a key."; $instanceDescription = "curload is a simple file uploading site allowing users to upload files by authenticating using a key.";
$footerText = "Licensed under the GNU Affero General Public License version 3.0."; $footerText = "Licensed under the GNU Affero General Public License version 3.0.";
$cookieName = "speedierocks";
$enableKeys = true; $enableKeys = true;
$enableAdminKeys = true; $enableAdminKeys = true;
$enableTemporaryKeys = true; $enableTemporaryKeys = true;
$enableUploadRemoval = true; $enableUploadRemoval = true;
$enableKeyUploadRemoval = false; $enableKeyUploadRemoval = false;
$cookieTypeName = "$cookieName" . "_type";
$configFile = ""; $configFile = "";
@ -72,7 +70,5 @@ $enableAdminKeys = $configEntries['enable_admin_keys'];
$enableTemporaryKeys = $configEntries['enable_temporary_keys']; $enableTemporaryKeys = $configEntries['enable_temporary_keys'];
$enableUploadRemoval = $configEntries['enable_upload_removal']; $enableUploadRemoval = $configEntries['enable_upload_removal'];
$enableKeyUploadRemoval = $configEntries['enable_key_upload_removal']; $enableKeyUploadRemoval = $configEntries['enable_key_upload_removal'];
$cookieName = $configEntries['cookie_name'];
$javaScript = $configEntries['javascript']; $javaScript = $configEntries['javascript'];
$cookieTypeName = "$cookieName" . "_type";
?> ?>

8
core.php
View file

@ -51,7 +51,7 @@ function printHeader($html) {
$html .= "\t\t\t<span id='titleSpan' class='title'>\n"; $html .= "\t\t\t<span id='titleSpan' class='title'>\n";
if (file_exists($Logo)) $html .= "\t\t\t\t<img src=\"$Logo\" id=\"titleLogo\" class=\"title\" width=\"$logoHeaderSize\" height=\"$logoHeaderSize\">\n"; if (file_exists($Logo)) $html .= "\t\t\t\t<img src=\"$Logo\" id=\"titleLogo\" class=\"title\" width=\"$logoHeaderSize\" height=\"$logoHeaderSize\">\n";
$html .= "\t\t\t\t<small id='title'><a id='title' href=\"/\">$instanceName</a></small>\n"; $html .= "\t\t\t\t<small id='title'><a id='title' href=\"/\">$instanceName</a></small>\n";
if (isset($_COOKIE[$cookieName])) $html .= "\t\t\t\t<small id='files'><a id='files' href=\"files.php\">Your files</a></small>\n"; if (isset($_SESSION['key'])) $html .= "\t\t\t\t<small id='files'><a id='files' href=\"files.php\">Your files</a></small>\n";
foreach (glob('*.php') as $file) { foreach (glob('*.php') as $file) {
if (!file_exists("$file".".name")) { if (!file_exists("$file".".name")) {
@ -63,13 +63,13 @@ function printHeader($html) {
$html .= "\t\t\t\t<small id='$name'><a id='$name' href=\"$file\">$name</a></small>\n"; $html .= "\t\t\t\t<small id='$name'><a id='$name' href=\"$file\">$name</a></small>\n";
} }
if (!isset($_COOKIE[$cookieName])) { if (!isset($_SESSION['key'])) {
$html .= "\t\t\t\t<small id='login'><a id='login' href=\"login.php\">Log in</a></small>\n"; $html .= "\t\t\t\t<small id='login'><a id='login' href=\"login.php\">Log in</a></small>\n";
} else { } else {
$html .= "\t\t\t\t<small id='logout'><a id='logout' href=\"login.php?logout=true\">Log out</a></small>\n"; $html .= "\t\t\t\t<small id='logout'><a id='logout' href=\"login.php?logout=true\">Log out</a></small>\n";
} }
if (isset($_COOKIE[$cookieTypeName]) && $_COOKIE[$cookieTypeName] == 2) { if (isset($_SESSION['type']) && $_SESSION['type'] == 2) {
$html .= "\t\t\t\t<small id='administration'><a id='administration' href=\"admin.php\">Administration</a></small>\n"; $html .= "\t\t\t\t<small id='administration'><a id='administration' href=\"admin.php\">Administration</a></small>\n";
} }
@ -101,7 +101,7 @@ function printFileUploadForm($html, $Error) {
include "config.php"; include "config.php";
// print the form // print the form
if (isset($_COOKIE[$cookieTypeName]) || ($publicUploading || $publicUploading == "true")) { if (isset($_SESSION['type']) || ($publicUploading || $publicUploading == "true")) {
$html .= "\t\t\t<form action=\"upload.php\" method=\"post\" enctype=\"multipart/form-data\">\n"; $html .= "\t\t\t<form action=\"upload.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
$html .= "\t\t\t\t<input type=\"file\" name=\"file\" id=\"file\">\n"; $html .= "\t\t\t\t<input type=\"file\" name=\"file\" id=\"file\">\n";
$html .= "\t\t\t\t<input type=\"submit\" value=\"Upload selected file\" name=\"web\">\n"; $html .= "\t\t\t\t<input type=\"submit\" value=\"Upload selected file\" name=\"web\">\n";

8
create.php
View file

@ -1,4 +1,4 @@
<?php <?php session_start();
/* curload /* curload
* Simple file uploading using POST requests and temporary keys * Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0 * Licensed under the GNU Affero General Public License version 3.0
@ -29,10 +29,10 @@ $DatabaseQuery = $Database->query('SELECT * FROM keys');
if (!checkIfAdminExists()) { if (!checkIfAdminExists()) {
$firstKey = 1; $firstKey = 1;
} else { } else {
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) { if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
header('Location: login.php?redir=admin'); header('Location: login.php?redir=admin');
die(); die();
} else if ($_COOKIE[$cookieTypeName] != 2) { // not allowed } else if ($_SESSION['type'] != 2) { // not allowed
header('Location: /'); header('Location: /');
die(); die();
} }
@ -42,7 +42,7 @@ if (!checkIfAdminExists()) {
$DatabaseQuery = $Database->query('SELECT * FROM keys'); $DatabaseQuery = $Database->query('SELECT * FROM keys');
while ($line = $DatabaseQuery->fetchArray()) { while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { if ($line['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
$AuthorizedCreation = 1; $AuthorizedCreation = 1;
$AdminIsPrimary = $line['primaryadmin']; $AdminIsPrimary = $line['primaryadmin'];
break; break;

6
files.php
View file

@ -1,4 +1,4 @@
<?php <?php session_start();
/* curload /* curload
* Simple file uploading using POST requests and temporary keys * Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0 * Licensed under the GNU Affero General Public License version 3.0
@ -17,7 +17,7 @@ $html .= "\t\t\t<h1>Your files</h1>\n";
$html .= "\t\t\t\t<p>These are the files you have uploaded using this key.</p>\n"; $html .= "\t\t\t\t<p>These are the files you have uploaded using this key.</p>\n";
// If logged in ... // If logged in ...
if (isset($_COOKIE[$cookieTypeName]) && (!$publicUploading || $publicUploading == "false")) { if (isset($_SESSION['type']) && (!$publicUploading || $publicUploading == "false")) {
$Database = createTables($sqlDB); $Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM uploads'); $DatabaseQuery = $Database->query('SELECT * FROM uploads');
@ -46,7 +46,7 @@ if (isset($_COOKIE[$cookieTypeName]) && (!$publicUploading || $publicUploading =
$UserDatabaseQuery = $Database->query('SELECT * FROM keys'); $UserDatabaseQuery = $Database->query('SELECT * FROM keys');
while ($uline = $UserDatabaseQuery->fetchArray()) { while ($uline = $UserDatabaseQuery->fetchArray()) {
if ($uline['id'] == $keyID && $_COOKIE[$cookieName] == $uline['key']) { if ($uline['id'] == $keyID && $_SESSION['key'] == $uline['key']) {
$CorrectFile = 1; $CorrectFile = 1;
break; break;
} }

4
index.php
View file

@ -1,4 +1,4 @@
<?php <?php session_start();
/* curload /* curload
* Simple file uploading using POST requests and temporary keys * Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0 * Licensed under the GNU Affero General Public License version 3.0
@ -29,7 +29,7 @@ $html .= "\t\t\t<h1>$instanceName</h1>\n";
$html .= "\t\t\t\t<p>$instanceDescription</p>\n"; $html .= "\t\t\t\t<p>$instanceDescription</p>\n";
// If logged in ... // If logged in ...
if (isset($_COOKIE[$cookieTypeName]) || ($publicUploading || $publicUploading == "true")) { if (isset($_SESSION['type']) || ($publicUploading || $publicUploading == "true")) {
$html = printFileUploadForm($html, $Error); $html = printFileUploadForm($html, $Error);
} else { } else {
$html .= "\t\t\t\t<p>To upload a file, <a href=\"login.php\">log in using your key</a> and select a file to upload. After uploading, you will receive a link to the file stored on the servers.</p>\n"; $html .= "\t\t\t\t<p>To upload a file, <a href=\"login.php\">log in using your key</a> and select a file to upload. After uploading, you will receive a link to the file stored on the servers.</p>\n";

17
login.php
View file

@ -1,4 +1,4 @@
<?php <?php session_start();
/* curload /* curload
* Simple file uploading using POST requests and temporary keys * Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0 * Licensed under the GNU Affero General Public License version 3.0
@ -15,16 +15,17 @@ if (isset($_REQUEST['redir'])) {
$Redirect = $_REQUEST['redir']; $Redirect = $_REQUEST['redir'];
} }
// if a cookie exists, redirect the user there instead // if a session exists, redirect the user there instead
if (isset($_COOKIE[$cookieName])) { if (isset($_SESSION['key'])) {
if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "true") { if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "true") {
setcookie($cookieName, "", 0); session_unset();
setcookie($cookieTypeName, "", 0); session_destroy();
header('Location: login.php'); header('Location: login.php');
die(); die();
} }
if ($Redirect == "index" || ($Redirect == "admin" && $_COOKIE[$cookieTypeName] != 2) || $Redirect == "") { if ($Redirect == "index" || ($Redirect == "admin" && $_SESSION['type'] != 2) || $Redirect == "") {
header('Location: /'); header('Location: /');
die(); die();
} else if ($Redirect == "admin") { } else if ($Redirect == "admin") {
@ -78,8 +79,8 @@ if (isset($_REQUEST['key'])) {
die(); die();
} }
setcookie($cookieName, $Key); $_SESSION['key'] = $Key;
setcookie($cookieTypeName, $KeyType); $_SESSION['type'] = $KeyType;
if ($Redirect != "") { // just so we can try again and still be redirected to the right place if ($Redirect != "") { // just so we can try again and still be redirected to the right place
header("Location: login.php?e=true&redir=$Redirect"); header("Location: login.php?e=true&redir=$Redirect");

8
remove-key.php
View file

@ -1,4 +1,4 @@
<?php <?php session_start();
/* curload /* curload
* Simple file uploading using POST requests and temporary keys * Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0 * Licensed under the GNU Affero General Public License version 3.0
@ -7,10 +7,10 @@
include "config.php"; include "config.php";
include "core.php"; include "core.php";
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) { if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
header('Location: login.php?redir=admin'); header('Location: login.php?redir=admin');
die(); die();
} else if ($_COOKIE[$cookieTypeName] != 2) { // not allowed } else if ($_SESSION['type'] != 2) { // not allowed
header('Location: /'); header('Location: /');
die(); die();
} }
@ -45,7 +45,7 @@ $Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM keys'); $DatabaseQuery = $Database->query('SELECT * FROM keys');
while ($line = $DatabaseQuery->fetchArray()) { while ($line = $DatabaseQuery->fetchArray()) {
if ($line['keytype'] == 2 && $line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { if ($line['keytype'] == 2 && $line['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
$AuthorizedRemoval = 1; $AuthorizedRemoval = 1;
$AdminIsPrimary = $line['primaryadmin']; $AdminIsPrimary = $line['primaryadmin'];
break; break;

8
remove.php
View file

@ -1,4 +1,4 @@
<?php <?php session_start();
/* curload /* curload
* Simple file uploading using POST requests and temporary keys * Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0 * Licensed under the GNU Affero General Public License version 3.0
@ -7,10 +7,10 @@
include "config.php"; include "config.php";
include "core.php"; include "core.php";
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) { if (!isset($_SESSION['key']) || !isset($_SESSION['type'])) {
header('Location: login.php'); header('Location: login.php');
die(); die();
} else if ($_COOKIE[$cookieTypeName] != 2 && (!$enableKeyUploadRemoval || $enableKeyUploadRemoval == "false")) { // not allowed } else if ($_SESSION['type'] != 2 && (!$enableKeyUploadRemoval || $enableKeyUploadRemoval == "false")) { // not allowed
header('Location: /'); header('Location: /');
die(); die();
} }
@ -66,7 +66,7 @@ while ($line = $DatabaseQuery->fetchArray()) {
} }
while ($kline = $keyDatabaseQuery->fetchArray()) { while ($kline = $keyDatabaseQuery->fetchArray()) {
if ($kline['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $kline['key'] != "" && $kline['keytype'] == 2) { // key = passed key if ($kline['key'] == $_SESSION['key'] && $_SESSION['key'] != "" && $kline['key'] != "" && $kline['keytype'] == 2) { // key = passed key
if (($fileUploadedByPrimary == 1 && $kline['primaryadmin'] == 1) || ($fileUploadedByPrimary == 0)) { // primary key passed and primary file OR non primary file if (($fileUploadedByPrimary == 1 && $kline['primaryadmin'] == 1) || ($fileUploadedByPrimary == 0)) { // primary key passed and primary file OR non primary file
$AuthorizedRemoval = 1; $AuthorizedRemoval = 1;
break; break;

2
setup.php
View file

@ -1,4 +1,4 @@
<?php <?php session_start();
/* curload /* curload
* Simple file uploading using POST requests and temporary keys * Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0 * Licensed under the GNU Affero General Public License version 3.0

6
upload.php
View file

@ -1,4 +1,4 @@
<?php <?php session_start();
/* curload /* curload
* Simple file uploading using POST requests and temporary keys * Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0 * Licensed under the GNU Affero General Public License version 3.0
@ -12,8 +12,8 @@ $WebInterface = 1;
if (isset($_REQUEST['key'])) { if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key']; $Key = $_REQUEST['key'];
$WebInterface = 0; $WebInterface = 0;
} else if (isset($_COOKIE[$cookieName])) { } else if (isset($_SESSION['key'])) {
$Key = $_COOKIE[$cookieName]; $Key = $_SESSION['key'];
$WebInterface = 1; $WebInterface = 1;
} else if (!$publicUploading || $publicUploading == "false") { } else if (!$publicUploading || $publicUploading == "false") {
print "No key specified."; print "No key specified.";