speedie/keyload
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request 'SQL rebase among many other things' (#11) from wip into master

Browse source 
Reviewed-on: speedie/curload#11
This commit is contained in:
Jacob 2023-09-29 23:29:40 +00:00
parent dc7b04bb9c b6a1671707
commit 8f3a013425
14 changed files with 724 additions and 140 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,3 +1,4 @@
passwords.txt
temporary_passwords.txt
uploads
curload.sql

154
add-keys.php Normal file
View file

@ -0,0 +1,154 @@
<?php
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
*/
include "create-table.php";
function getIPAddress() {
include "config.php";
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
return $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
return $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
return $_SERVER['REMOTE_ADDR'];
}
}
function getUserAgent() {
return $_SERVER['HTTP_USER_AGENT'];
}
// TODO: Hash passwords
function addKey($adminKey, $Value) {
include "config.php";
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM admins');
$Authorized = 0;
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") {
$Authorized = 1;
break;
}
}
if ($Authorized != 1) {
print "You are not authorized to perform this action.";
die();
}
$numberOfUploads = 0;
$lastUsed = "";
$Issued = "";
$ip = "";
$userAgent = "";
if ($storeAgent || $storeAgent == "true") {
$userAgent = getUserAgent();
}
if ($storeIssued || $storeIssued == "true") {
$Issued = date($dateFormat);
}
if ($storeLastUsage || $storeLastUsage == "true") {
$lastUsed = date($dateFormat);
}
if ($storeIP || $storeIP == "true") {
$ip = getIPAddress();
}
$Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')");
}
function addTempKey($adminKey, $Value, $uploadsLeft) {
include "config.php";
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM admins');
$Authorized = 0;
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") {
$Authorized = 1;
break;
}
}
if ($Authorized != 1) {
print "You are not authorized to perform this action.";
die();
}
$numberOfUploads = 0;
$lastUsed = "";
$Issued = "";
$ip = "";
$userAgent = "";
if ($storeAgent || $storeAgent == "true") {
$userAgent = getUserAgent();
}
if ($storeIssued || $storeIssued == "true") {
$Issued = date($dateFormat);
}
if ($storeLastUsage || $storeLastUsage == "true") {
$lastUsed = date($dateFormat);
}
if ($storeIP || $storeIP == "true") {
$ip = getIPAddress();
}
$Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')");
}
function addAdminKey($adminKey, $Value, $Primary) {
include "config.php";
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM admins');
$Authorized = 0;
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "" && $line['primaryadmin'] == 1) {
$Authorized = 1;
break;
}
}
if ($Authorized != 1) {
print "You are not authorized to perform this action.";
die();
}
$numberOfUploads = 0;
$lastUsed = "";
$Issued = "";
$ip = "";
$userAgent = "";
if ($storeAgent || $storeAgent == "true") {
$userAgent = getUserAgent();
}
if ($storeIssued || $storeIssued == "true") {
$Issued = date($dateFormat);
}
if ($storeLastUsage || $storeLastUsage == "true") {
$lastUsed = date($dateFormat);
}
if ($storeIP || $storeIP == "true") {
$ip = getIPAddress();
}
$Database->exec("INSERT INTO admins(key, primaryadmin, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')");
}
?>

97
admin.php Normal file
View file

@ -0,0 +1,97 @@
<?php
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
*/
include "config.php";
include "create-table.php";
if (!$enableAdminKeys || $enableAdminKeys == "false") {
print "Admin keys are not supported.";
die();
}
$Authorized = 0;
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM admins');
$html .= "<!DOCTYPE html>\n";
$html .= "<html>\n";
$html .= "\t<head>\n";
$html .= "\t\t<meta name=\"description\" content=\"Site administration\">\n";
$html .= "\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n";
$html .= "\t\t<link rel=\"icon\" href=\"$Icon\" />\n";
$html .= "\t\t<link type=\"text/css\" rel=\"stylesheet\" href=\"$Stylesheet\"/>\n";
$html .= "\t\t<title>Administration - $instanceName</title>\n";
$html .= "\t</head>\n";
$html .= "\t<body>\n";
$html .= "\t\t<div class=\"content\">\n";
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
$id = $line['id'];
$lastUsed = date($dateFormat);
$Database->exec("UPDATE admins SET lastused='$lastUsed' WHERE id='$id'");
if ($storeIP || $storeIP == "true") {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'");
}
if ($storeAgent || $storeAgent == "true") {
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'");
}
$Authorized = 1;
break;
}
}
// the stuff
if ($Authorized) {
$html .= "\t\t\t<h2>Admin tools</h2>\n";
$html .= "\t\t\t<iframe name=\"adminSubmit\" style=\"display: none;\"></iframe>\n";
$html .= "\t\t\t<form action=\"create.php\" method=\"post\" target=\"adminSubmit\">\n";
$html .= "\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"key name\">\n";
$html .= "\t\t\t\t<input type=\"text\" name=\"type\" placeholder=\"type\">\n";
$html .= "\t\t\t\t<input type=\"text\" name=\"uploads\" placeholder=\"max uploads\">\n";
$html .= "\t\t\t\t<input type=\"hidden\" name=\"key\" value=\"$Key\">\n";
$html .= "\t\t\t\t<input type=\"submit\" value=\"make\">\n";
$html .= "\t\t\t</form>\n";
} else {
header('Location: admin.php?e=true');
die();
}
} else {
$Authorized = 0;
$html .= "\t\t\t<form action=\"admin.php\" method=\"post\">\n";
$html .= "\t\t\t\t<input type=\"text\" name=\"key\" placeholder=\"Administrator key\">\n";
$html .= "\t\t\t\t<input type=\"submit\" value=\"Login\">\n";
$html .= "\t\t\t</form>\n";
if (isset($_REQUEST['e']) && $_REQUEST['e'] == "true") {
$html .= "\t\t\t<p>Invalid administrator key.</p>\n";
}
}
$html .= "\t\t</div>\n";
$html .= "\t</body>\n";
$html .= "</html>\n";
print "$html";
?>

28
config.ini
View file

@ -1,11 +1,27 @@
[html]
css = index.css
favicon = favicon.svg
instance_name = curload
css = index.css
favicon = favicon.svg
[upload]
upload_dir = uploads2/
max_size = 100
upload_dir = uploads/
public_uploading = false
rename_duplicates = true
replace_original = false
max_size = 100
[credentials]
key_file = passwords.txt
temp_key_file = temporary_passwords.txt
sqldb = curload.sql
enable_keys = true
enable_temporary_keys = true
enable_admin_keys = true
[logging]
store_ip = true
store_user_agent = true
store_issued = true
store_last_usage = true
store_number_of_uploads = true
[format]
date_format = Y/m/d

65
config.php
View file

@ -1,23 +1,52 @@
<?php
$Stylesheet = "index.css";
$Icon = "favicon.svg";
$uploadDir = "uploads/";
$keyFile = "passwords.txt";
$tempKeyFile = "temporary_passwords.txt";
$maxFileSize = "100";
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
*/
define('CONFIG_FILE', 'config.ini');
$Stylesheet = "index.css";
$Icon = "favicon.svg";
$uploadDir = "uploads/";
$maxFileSize = "100";
$sqlDB = "curload.db";
$storeIP = true;
$storeAgent = true;
$storeIssued = true;
$storeLastUsage = true;
$storeUploads = true;
$publicUploading = false;
$renameDuplicates = true;
$replaceOriginal = false;
$dateFormat = "Y/m/d";
$instanceName = "curload";
$enableKeys = true;
$enableAdminKeys = true;
$enableTemporaryKeys = true;
if (!file_exists(CONFIG_FILE)) {
return;
}
define('CONFIG_FILE', 'config.ini');
/* load config file */
$configEntries = parse_ini_file(CONFIG_FILE);
$Stylesheet = $configEntries['css'];
$Icon = $configEntries['favicon'];
$uploadDir = $configEntries['upload_dir'];
$keyFile = $configEntries['key_file'];
$tempKeyFile = $configEntries['temp_key_file'];
$maxFileSize = $configEntries['max_size'];
if (!file_exists(CONFIG_FILE)) {
return;
}
/* load config file */
$configEntries = parse_ini_file(CONFIG_FILE);
$Stylesheet = $configEntries['css'];
$Icon = $configEntries['favicon'];
$uploadDir = $configEntries['upload_dir'];
$maxFileSize = $configEntries['max_size'];
$sqlDB = $configEntries['sqldb'];
$storeIP = $configEntries['store_ip'];
$storeAgent = $configEntries['store_user_agent'];
$storeIssued = $configEntries['store_issued'];
$storeLastUsage = $configEntries['store_last_usage'];
$storeUploads = $configEntries['store_number_of_uploads'];
$dateFormat = $configEntries['date_format'];
$instanceName = $configEntries['instance_name'];
$publicUploading = $configEntries['public_uploading'];
$renameDuplicates = $configEntries['rename_duplicates'];
$replaceOriginal = $configEntries['replace_original'];
$enableKeys = $configEntries['enable_keys'];
$enableAdminKeys = $configEntries['enable_admin_keys'];
$enableTemporaryKeys = $configEntries['enable_temporary_keys'];
?>

55
create-table.php Normal file
View file

@ -0,0 +1,55 @@
<?php
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
*/
function createTables($sqlDB) {
$Database = new SQLite3($sqlDB);
/* administrator table
* id (INTEGER PRIMARY KEY)
* key (TEXT)
* primaryadmin (INT)
* lastused (TEXT)
* issued (TEXT)
* ip (TEXT)
* useragent (TEXT)
*/
$Database->exec("CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, primaryadmin INT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
/* keys table
* id (INTEGER PRIMARY KEY)
* key (TEXT)
* numberofuploads (INT)
* lastused (INT)
* issued (TEXT)
* ip (TEXT)
* useragent (TEXT)
*/
$Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
/* temporary keys table
* id (INTEGER PRIMARY KEY)
* key (TEXT)
* numberofuploads (INT)
* uploadsleft (INT)
* lastused (TEXT)
* issued (TEXT)
* ip (TEXT)
* useragent (TEXT)
*/
$Database->exec("CREATE TABLE IF NOT EXISTS tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
/* uploads table
* id (INTEGER PRIMARY KEY)
* file (TEXT)
* uploaddate (TEXT)
* keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE)
* keytype (INT)
*/
$Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, keytype INT)");
return $Database;
}
?>

42
create.php Normal file
View file

@ -0,0 +1,42 @@
<?php
include "config.php";
include "add-keys.php";
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
} else {
print "No admin key specified.";
die();
}
if (isset($_REQUEST['data'])) {
$Data = $_REQUEST['data'];
} else {
print "No data specified.";
die();
}
if (isset($_REQUEST['type'])) {
$Type = $_REQUEST['type'];
} else {
print "No type specified.";
die();
}
if (isset($_REQUEST['uploads']) && $Type == "Temporary") {
$Uploads = $_REQUEST['uploads'];
} else {
$Uploads = 1;
}
if ($Type == "Admin") {
addAdminKey($Key, $Data, 0);
} else if ($Type == "Temporary") {
addTempKey($Key, $Data, $Uploads);
} else if ($Type == "Key") {
addKey($Key, $Data);
} else {
print "Invalid type specified.";
die();
}
?>

6
data.php Normal file
View file

@ -0,0 +1,6 @@
<?php
include "config.php";
include "create-table.php";
// TODO: functions that return data from databases
?>

67
index.css Normal file
View file

@ -0,0 +1,67 @@
.bar {
position: sticky;
top: 0px;
z-index: 6;
background-color: #363636;
margin: 0px;
padding: 0px;
width: 100%;
}
.bar img {
transform: translate(0, +30%);
padding-right: 5px;
}
.bar input {
padding-top: 2px;
padding-bottom: 2px;
border-color: #363636;
border-width: 0px;
background-color: #363636;
color: #f0eee4;
width: 100%
}
.title {
color: #f0eee4;
padding-left: 2px;
}
body {
margin: 0px;
padding: 0px;
background-color: #212121;
font-family: Monospace;
}
footer {
padding: 5px;
font-size: 8pt;
font-weight: normal;
background-color: transparent;
text-align: center;
}
.links {
color: #66667d;
padding: 5px;
padding-left: 2px;
}
.content {
color: #f0eee4;
padding: 5px;
max-width: 1000px;
margin: auto;
}
a {
color: #89bfff;
text-decoration: none;
transition: 0.1s;
}
a:hover {
color: #ccccff;
text-decoration: underline;
}

54
index.php
View file

@ -4,42 +4,30 @@
* Licensed under the GNU Affero General Public License version 3.0
*/
function printHeader($title, $description, $Icon, $Stylesheet) {
print "<!DOCTYPE html>\n";
print "<html>\n";
print "\t<head>\n";
print "\t\t<meta name=\"description\" content=\"$description\">\n";
print "\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n";
print "\t\t<link rel=\"icon\" href=\"$Icon\" />\n";
print "\t\t<link type=\"text/css\" rel=\"stylesheet\" href=\"$Stylesheet\"/>\n";
print "\t\t<title>$title</title>\n";
print "\t</head>\n";
print "\t<body>\n";
print "\t\t<div class=\"content\">\n";
}
include "config.php";
function printFooter() {
print "\t\t</div>\n";
print "\t</body>\n";
print "</html>\n";
}
$html = "";
$html .= "<!DOCTYPE html>\n";
$html .= "<html>\n";
$html .= "\t<head>\n";
$html .= "\t\t<meta name=\"description\" content=\"$instanceName is a simple file uploading site allowing users to upload files by authenticating using a key.\">\n";
$html .= "\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n";
$html .= "\t\t<link rel=\"icon\" href=\"$Icon\" />\n";
$html .= "\t\t<link type=\"text/css\" rel=\"stylesheet\" href=\"$Stylesheet\"/>\n";
$html .= "\t\t<title>$instanceName</title>\n";
$html .= "\t</head>\n";
$html .= "\t<body>\n";
$html .= "\t\t<div class=\"content\">\n";
function initServer() {
}
$html .= "\t\t\t<h1>speedie's super awesome file uploader junk</h1>\n";
$html .= "\t\t\t<form action=\"upload.php\" method=\"post\" enctype=\"multipart/form-data\">Select file to upload<br><input type=\"file\" name=\"file\" id=\"file\"><br><input type=\"text\" name=\"key\" placeholder=\"Upload key here\"><br><input type=\"submit\" value=\"Upload selected file\" name=\"web\"></form>\n";
$html .= "\t\t\t<p>Max file size: $maxFileSize MB</p>\n";
$html .= "\t\t\t<a href=\"https://git.speedie.site/speedie/curload\">source code</a>\n";
function main() {
include "config.php";
$html .= "\t\t</div>\n";
$html .= "\t</body>\n";
$html .= "</html>\n";
printHeader("curload", "Upload files", $Icon, $Stylesheet);
print "\t\t\t<h1>speedie's super awesome file uploader junk</h1>\n";
print "\t\t\t<form action=\"upload.php\" method=\"post\" enctype=\"multipart/form-data\">Select file to upload<br><input type=\"file\" name=\"file\" id=\"file\"><br><input type=\"text\" name=\"key\" placeholder=\"Upload key here\"><br><input type=\"submit\" value=\"Upload selected file\" name=\"web\"></form>\n";
print "\t\t\t<p>Max file size: $maxFileSize MB</p>\n";
print "\t\t\t<a href=\"https://git.speedie.site/speedie/curload\">source code</a>\n";
printFooter();
}
main();
print "$html";
?>

13
remove.php Normal file
View file

@ -0,0 +1,13 @@
<?php
include "config.php";
include "create-table.php";
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
} else {
print "No key specified.";
die();
}
// TODO: Functions that remove stuff
?>

2
test-curload.sh Executable file
View file

@ -0,0 +1,2 @@
#!/bin/sh
php -S localhost:1337 &

2
test.sh
View file

@ -1,2 +1,2 @@
#!/bin/sh
curl -F "file=@Testfile.txt" -F "key=myKey" "http://localhost:1337/upload.php"
curl -F "file=@Testfile.txt" -F "key=${1:-myKey}" "http://localhost:1337/upload.php"

278
upload.php
View file

@ -1,102 +1,216 @@
<?php
include "config.php";
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
*/
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
} else {
print "No key specified.";
die();
include "config.php";
include "create-table.php";
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
} else {
print "No key specified.";
die();
}
$Status = 0;
$Authorized = 0;
$keyType = 0;
$uploadLimit = $maxFileSize * 1000000;
$keyID = 0;
$self = dirname($_SERVER['PHP_SELF']);
if (!isset($_FILES['file']['name'])) {
print "You didn't specify a file.";
die();
}
// init database
if (!$publicUploading || $publicUploading == "false") {
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM keys');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
$id = $line['id'];
$keyID = $id;
if ($storeLastUsage || $storeLastUsage == "true") {
$lastUsed = date($dateFormat);
$Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
}
if ($storeUploads || $storeUploads == "true") {
$numberOfUploads = $line['numberofuploads'] + 1;
$Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
}
if ($storeIP || $storeIP == "true") {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
}
if ($storeAgent || $storeAgent == "true") {
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
}
$Authorized = 1;
$keyType = 0;
break;
}
}
$Status = 0;
$Authorized = 0;
$tempKeyUsed = 0;
$uploadLimit = $maxFileSize * 1000000;
$self = dirname($_SERVER['PHP_SELF']);
if ($Authorized != 1) {
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0 && ($enableTemporaryKeys || $enableTemporaryKeys == "true")) {
$uploadsLeft = $line['uploadsleft'] - 1;
$id = $line['id'];
$keyID = $id;
if (isset($_FILES['file']['name'])) {
// All normal keys will be considered valid
if (file_exists($keyFile)) {
$validKeys = explode("\n", file_get_contents($keyFile));
} else { // one master key must exist
print("Error: No valid keys found.");
die();
}
$Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'");
if ($storeLastUsage || $storeLastUsage == "true") {
$lastUsed = date($dateFormat);
$Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'");
}
if ($storeUploads || $storeUploads == "true") {
$numberOfUploads = $line['numberofuploads'] + 1;
$Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
}
if ($storeIP || $storeIP == "true") {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'");
}
if ($storeAgent || $storeAgent == "true") {
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'");
}
foreach ($validKeys as $ValidKey) {
if ($Key == $ValidKey && $Key != "" && $ValidKey != "") {
$Authorized = 1;
$tempKeyUsed = 0;
$keyType = 1;
break;
}
}
}
// Temporary keys as well
if (file_exists($tempKeyFile)) {
$tempValidKeys = explode("\n", file_get_contents($tempKeyFile));
// maybe admin?
if ($Authorized != 1) {
$DatabaseQuery = $Database->query('SELECT * FROM admins');
foreach ($tempValidKeys as $ValidKey) {
if ($Key == $ValidKey && $Key != "" && $ValidKey != "") {
$Authorized = 1;
$tempKeyUsed = 1; // key should be considered invalid after this use.
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableAdminKeys || $enableAdminKeys == "true")) {
$id = $line['id'];
$keyID = $id;
$numberOfUploads = $line['numberofuploads'] + 1;
$lastUsed = date($dateFormat);
break;
$Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
$Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
if ($storeIP || $storeIP == "true") {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
}
if ($storeAgent || $storeAgent == "true") {
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
}
$Authorized = 1;
$keyType = 2;
break;
}
}
}
// Not an authorized key
if ($Authorized == 0) {
print "Not authorized: Key '$Key' is invalid.";
die();
}
if ($_FILES['file']['size'] > $uploadLimit) {
print "File is too big. Max file size is $maxFileSize" . "MB";
die();
}
if (!is_dir($uploadDir)) {
mkdir($uploadDir, 0777, true);
}
$destinationFile = $uploadDir . basename($_FILES['file']['name']);
if (file_exists($destinationFile)) { // rename file to distinguish it from existing file
$destinationFile = $uploadDir . rand(10000,100000) . "." . strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION));
if (file_exists($destinationFile)) { // wtf
print "Failed to upload file.";
die();
}
}
if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
$uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile;
if ($tempKeyUsed) { // Remove temporary key
$file = file_get_contents($tempKeyFile);
$file = preg_replace("/\b$Key\b/", "", $file);
file_put_contents($tempKeyFile, $file);
}
print "$uploadedFile";
if (isset($_REQUEST['web'])) { // redirect back to index
print "<p><a href=\"$uploadedFile\">Your link</a></p>\n";
die();
}
} else {
print "Failed to upload file.";
if ($_FILES['file']['error'] == 1) {
print "Is the upload_max_filesize set up properly?";
}
die();
}
} else {
print "You didn't specify a file.";
// Not an authorized key
if ($Authorized == 0) {
print "Not authorized: Key '$Key' is invalid.";
die();
}
}
if ($_FILES['file']['size'] > $uploadLimit && $uploadLimit > 0) {
print "File is too big. Max file size is $maxFileSize" . "MB";
die();
}
// check if file is too big to be uploaded
if (!is_dir($uploadDir)) {
mkdir($uploadDir, 0777, true);
}
$destinationFile = $uploadDir . basename($_FILES['file']['name']);
// rename file if necessary
if (!$replaceOriginal || $replaceOriginal == "false") {
if (file_exists($destinationFile) && $) { // rename file to distinguish it from existing file
$fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION));
if (isset($fileExtension)) {
$extension = "." . $fileExtension;
}
if ($renameDuplicates || $renameDuplicates == "true") {
$destinationFile = $uploadDir . rand(1000,100000) . $extension;
}
if (file_exists($destinationFile)) { // wtf
print "Failed to upload file.";
die();
}
}
}
if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
$uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile;
$lastUsed = date($dateFormat);
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
$Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')");
if ($keyType == 1) { // Remove temporary key
$file = file_get_contents($tempKeyFile);
$file = preg_replace("/\b$Key\b/", "", $file);
file_put_contents($tempKeyFile, $file);
}
print "$uploadedFile";
if (isset($_REQUEST['web'])) { // redirect back to index
print "<p><a href=\"$uploadedFile\">Your link</a></p>\n";
die();
}
} else {
print "Failed to upload file.";
print $_FILES['file']['error'];
die();
}
?>