diff --git a/.gitignore b/.gitignore index 3aea9f5..e53578d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ passwords.txt temporary_passwords.txt uploads +curload.sql diff --git a/add-keys.php b/add-keys.php new file mode 100644 index 0000000..38de047 --- /dev/null +++ b/add-keys.php @@ -0,0 +1,154 @@ +query('SELECT * FROM admins'); + $Authorized = 0; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") { + $Authorized = 1; + break; + } + } + if ($Authorized != 1) { + print "You are not authorized to perform this action."; + die(); + } + + $numberOfUploads = 0; + $lastUsed = ""; + $Issued = ""; + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); + } + + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); + } + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); + } + + $Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} + +function addTempKey($adminKey, $Value, $uploadsLeft) { + include "config.php"; + + $Database = createTables($sqlDB); + $DatabaseQuery = $Database->query('SELECT * FROM admins'); + $Authorized = 0; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") { + $Authorized = 1; + break; + } + } + if ($Authorized != 1) { + print "You are not authorized to perform this action."; + die(); + } + + $numberOfUploads = 0; + $lastUsed = ""; + $Issued = ""; + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); + } + + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); + } + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); + } + + $Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} + +function addAdminKey($adminKey, $Value, $Primary) { + include "config.php"; + + $Database = createTables($sqlDB); + $DatabaseQuery = $Database->query('SELECT * FROM admins'); + $Authorized = 0; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "" && $line['primaryadmin'] == 1) { + $Authorized = 1; + break; + } + } + if ($Authorized != 1) { + print "You are not authorized to perform this action."; + die(); + } + + $numberOfUploads = 0; + $lastUsed = ""; + $Issued = ""; + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); + } + + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); + } + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); + } + + $Database->exec("INSERT INTO admins(key, primaryadmin, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} +?> diff --git a/admin.php b/admin.php new file mode 100644 index 0000000..d0dcd63 --- /dev/null +++ b/admin.php @@ -0,0 +1,97 @@ +query('SELECT * FROM admins'); + +$html .= "\n"; +$html .= "\n"; +$html .= "\t
\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\tInvalid administrator key.
\n"; + } +} + +$html .= "\t\tMax file size: $maxFileSize MB
\n"; +$html .= "\t\t\tsource code\n"; -function main() { - include "config.php"; +$html .= "\t\tMax file size: $maxFileSize MB
\n"; - print "\t\t\tsource code\n"; - - printFooter(); -} - -main(); +print "$html"; ?> diff --git a/remove.php b/remove.php new file mode 100644 index 0000000..31fb0fa --- /dev/null +++ b/remove.php @@ -0,0 +1,13 @@ + diff --git a/test-curload.sh b/test-curload.sh new file mode 100755 index 0000000..102a20c --- /dev/null +++ b/test-curload.sh @@ -0,0 +1,2 @@ +#!/bin/sh +php -S localhost:1337 & diff --git a/test.sh b/test.sh index 8c0bcdd..505c3e5 100755 --- a/test.sh +++ b/test.sh @@ -1,2 +1,2 @@ #!/bin/sh -curl -F "file=@Testfile.txt" -F "key=myKey" "http://localhost:1337/upload.php" +curl -F "file=@Testfile.txt" -F "key=${1:-myKey}" "http://localhost:1337/upload.php" diff --git a/upload.php b/upload.php index 8efdb68..276e46c 100644 --- a/upload.php +++ b/upload.php @@ -1,102 +1,216 @@ query('SELECT * FROM keys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { + $id = $line['id']; + $keyID = $id; + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); + } + + if ($storeUploads || $storeUploads == "true") { + $numberOfUploads = $line['numberofuploads'] + 1; + $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + } + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'"); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'"); + } + + $Authorized = 1; + $keyType = 0; + break; + } } - $Status = 0; - $Authorized = 0; - $tempKeyUsed = 0; - $uploadLimit = $maxFileSize * 1000000; - $self = dirname($_SERVER['PHP_SELF']); + if ($Authorized != 1) { + $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0 && ($enableTemporaryKeys || $enableTemporaryKeys == "true")) { + $uploadsLeft = $line['uploadsleft'] - 1; + $id = $line['id']; + $keyID = $id; - if (isset($_FILES['file']['name'])) { - // All normal keys will be considered valid - if (file_exists($keyFile)) { - $validKeys = explode("\n", file_get_contents($keyFile)); - } else { // one master key must exist - print("Error: No valid keys found."); - die(); - } + $Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'"); + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); + } + + if ($storeUploads || $storeUploads == "true") { + $numberOfUploads = $line['numberofuploads'] + 1; + $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + } + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'"); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'"); + } - foreach ($validKeys as $ValidKey) { - if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { $Authorized = 1; - $tempKeyUsed = 0; - + $keyType = 1; break; } } + } - // Temporary keys as well - if (file_exists($tempKeyFile)) { - $tempValidKeys = explode("\n", file_get_contents($tempKeyFile)); + // maybe admin? + if ($Authorized != 1) { + $DatabaseQuery = $Database->query('SELECT * FROM admins'); - foreach ($tempValidKeys as $ValidKey) { - if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { - $Authorized = 1; - $tempKeyUsed = 1; // key should be considered invalid after this use. + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableAdminKeys || $enableAdminKeys == "true")) { + $id = $line['id']; + $keyID = $id; + $numberOfUploads = $line['numberofuploads'] + 1; + $lastUsed = date($dateFormat); - break; + $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); + $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'"); } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'"); + } + + $Authorized = 1; + $keyType = 2; + break; } } + } - // Not an authorized key - if ($Authorized == 0) { - print "Not authorized: Key '$Key' is invalid."; - die(); - } - - if ($_FILES['file']['size'] > $uploadLimit) { - print "File is too big. Max file size is $maxFileSize" . "MB"; - die(); - } - - if (!is_dir($uploadDir)) { - mkdir($uploadDir, 0777, true); - } - - $destinationFile = $uploadDir . basename($_FILES['file']['name']); - - if (file_exists($destinationFile)) { // rename file to distinguish it from existing file - $destinationFile = $uploadDir . rand(10000,100000) . "." . strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); - - if (file_exists($destinationFile)) { // wtf - print "Failed to upload file."; - die(); - } - } - - if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { - $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; - - if ($tempKeyUsed) { // Remove temporary key - $file = file_get_contents($tempKeyFile); - $file = preg_replace("/\b$Key\b/", "", $file); - file_put_contents($tempKeyFile, $file); - } - - print "$uploadedFile"; - - if (isset($_REQUEST['web'])) { // redirect back to index - print "\n"; - die(); - } - } else { - print "Failed to upload file."; - - if ($_FILES['file']['error'] == 1) { - print "Is the upload_max_filesize set up properly?"; - } - die(); - } - } else { - print "You didn't specify a file."; + // Not an authorized key + if ($Authorized == 0) { + print "Not authorized: Key '$Key' is invalid."; die(); } +} + +if ($_FILES['file']['size'] > $uploadLimit && $uploadLimit > 0) { + print "File is too big. Max file size is $maxFileSize" . "MB"; + die(); +} + +// check if file is too big to be uploaded +if (!is_dir($uploadDir)) { + mkdir($uploadDir, 0777, true); +} + +$destinationFile = $uploadDir . basename($_FILES['file']['name']); + +// rename file if necessary +if (!$replaceOriginal || $replaceOriginal == "false") { + if (file_exists($destinationFile) && $) { // rename file to distinguish it from existing file + $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); + if (isset($fileExtension)) { + $extension = "." . $fileExtension; + } + + if ($renameDuplicates || $renameDuplicates == "true") { + $destinationFile = $uploadDir . rand(1000,100000) . $extension; + } + + if (file_exists($destinationFile)) { // wtf + print "Failed to upload file."; + die(); + } + } +} + +if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { + $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; + + $lastUsed = date($dateFormat); + $DatabaseQuery = $Database->query('SELECT * FROM uploads'); + $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')"); + + if ($keyType == 1) { // Remove temporary key + $file = file_get_contents($tempKeyFile); + $file = preg_replace("/\b$Key\b/", "", $file); + file_put_contents($tempKeyFile, $file); + } + + print "$uploadedFile"; + + if (isset($_REQUEST['web'])) { // redirect back to index + print "\n"; + die(); + } +} else { + print "Failed to upload file."; + print $_FILES['file']['error']; + die(); +} ?>