diff --git a/.gitignore b/.gitignore index 3aea9f5..e53578d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ passwords.txt temporary_passwords.txt uploads +curload.sql diff --git a/add-keys.php b/add-keys.php new file mode 100644 index 0000000..38de047 --- /dev/null +++ b/add-keys.php @@ -0,0 +1,154 @@ +query('SELECT * FROM admins'); + $Authorized = 0; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") { + $Authorized = 1; + break; + } + } + if ($Authorized != 1) { + print "You are not authorized to perform this action."; + die(); + } + + $numberOfUploads = 0; + $lastUsed = ""; + $Issued = ""; + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); + } + + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); + } + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); + } + + $Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} + +function addTempKey($adminKey, $Value, $uploadsLeft) { + include "config.php"; + + $Database = createTables($sqlDB); + $DatabaseQuery = $Database->query('SELECT * FROM admins'); + $Authorized = 0; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") { + $Authorized = 1; + break; + } + } + if ($Authorized != 1) { + print "You are not authorized to perform this action."; + die(); + } + + $numberOfUploads = 0; + $lastUsed = ""; + $Issued = ""; + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); + } + + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); + } + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); + } + + $Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} + +function addAdminKey($adminKey, $Value, $Primary) { + include "config.php"; + + $Database = createTables($sqlDB); + $DatabaseQuery = $Database->query('SELECT * FROM admins'); + $Authorized = 0; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "" && $line['primaryadmin'] == 1) { + $Authorized = 1; + break; + } + } + if ($Authorized != 1) { + print "You are not authorized to perform this action."; + die(); + } + + $numberOfUploads = 0; + $lastUsed = ""; + $Issued = ""; + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); + } + + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); + } + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); + } + + $Database->exec("INSERT INTO admins(key, primaryadmin, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} +?> diff --git a/admin.php b/admin.php new file mode 100644 index 0000000..d0dcd63 --- /dev/null +++ b/admin.php @@ -0,0 +1,97 @@ +query('SELECT * FROM admins'); + +$html .= "\n"; +$html .= "\n"; +$html .= "\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\tAdministration - $instanceName\n"; +$html .= "\t\n"; +$html .= "\t\n"; +$html .= "\t\t
\n"; + +if (isset($_REQUEST['key'])) { + $Key = $_REQUEST['key']; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "") { + $id = $line['id']; + $lastUsed = date($dateFormat); + + $Database->exec("UPDATE admins SET lastused='$lastUsed' WHERE id='$id'"); + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'"); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'"); + } + + $Authorized = 1; + break; + } + } + + // the stuff + if ($Authorized) { + $html .= "\t\t\t

Admin tools

\n"; + $html .= "\t\t\t\n"; + $html .= "\t\t\t
\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t
\n"; + } else { + header('Location: admin.php?e=true'); + die(); + } +} else { + $Authorized = 0; + + $html .= "\t\t\t
\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t
\n"; + + if (isset($_REQUEST['e']) && $_REQUEST['e'] == "true") { + $html .= "\t\t\t

Invalid administrator key.

\n"; + } +} + +$html .= "\t\t
\n"; +$html .= "\t\n"; +$html .= "\n"; + +print "$html"; + +?> diff --git a/config.ini b/config.ini index b539d89..6dc88dd 100644 --- a/config.ini +++ b/config.ini @@ -1,11 +1,27 @@ [html] -css = index.css -favicon = favicon.svg +instance_name = curload +css = index.css +favicon = favicon.svg [upload] -upload_dir = uploads2/ -max_size = 100 +upload_dir = uploads/ +public_uploading = false +rename_duplicates = true +replace_original = false +max_size = 100 [credentials] -key_file = passwords.txt -temp_key_file = temporary_passwords.txt +sqldb = curload.sql +enable_keys = true +enable_temporary_keys = true +enable_admin_keys = true + +[logging] +store_ip = true +store_user_agent = true +store_issued = true +store_last_usage = true +store_number_of_uploads = true + +[format] +date_format = Y/m/d diff --git a/config.php b/config.php index a2cceb0..7d0bd0e 100644 --- a/config.php +++ b/config.php @@ -1,23 +1,52 @@ diff --git a/create-table.php b/create-table.php new file mode 100644 index 0000000..95c4555 --- /dev/null +++ b/create-table.php @@ -0,0 +1,55 @@ +exec("CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, primaryadmin INT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + + /* keys table + * id (INTEGER PRIMARY KEY) + * key (TEXT) + * numberofuploads (INT) + * lastused (INT) + * issued (TEXT) + * ip (TEXT) + * useragent (TEXT) + */ + $Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + + /* temporary keys table + * id (INTEGER PRIMARY KEY) + * key (TEXT) + * numberofuploads (INT) + * uploadsleft (INT) + * lastused (TEXT) + * issued (TEXT) + * ip (TEXT) + * useragent (TEXT) + */ + $Database->exec("CREATE TABLE IF NOT EXISTS tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + + /* uploads table + * id (INTEGER PRIMARY KEY) + * file (TEXT) + * uploaddate (TEXT) + * keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE) + * keytype (INT) + */ + $Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, keytype INT)"); + + return $Database; +} +?> diff --git a/create.php b/create.php new file mode 100644 index 0000000..ac8953b --- /dev/null +++ b/create.php @@ -0,0 +1,42 @@ + diff --git a/data.php b/data.php new file mode 100644 index 0000000..e4e61eb --- /dev/null +++ b/data.php @@ -0,0 +1,6 @@ + diff --git a/index.css b/index.css new file mode 100644 index 0000000..a945926 --- /dev/null +++ b/index.css @@ -0,0 +1,67 @@ +.bar { + position: sticky; + top: 0px; + z-index: 6; + background-color: #363636; + margin: 0px; + padding: 0px; + width: 100%; +} + +.bar img { + transform: translate(0, +30%); + padding-right: 5px; +} + +.bar input { + padding-top: 2px; + padding-bottom: 2px; + border-color: #363636; + border-width: 0px; + background-color: #363636; + color: #f0eee4; + width: 100% +} + +.title { + color: #f0eee4; + padding-left: 2px; +} + +body { + margin: 0px; + padding: 0px; + background-color: #212121; + font-family: Monospace; +} + +footer { + padding: 5px; + font-size: 8pt; + font-weight: normal; + background-color: transparent; + text-align: center; +} + +.links { + color: #66667d; + padding: 5px; + padding-left: 2px; +} + +.content { + color: #f0eee4; + padding: 5px; + max-width: 1000px; + margin: auto; +} + +a { + color: #89bfff; + text-decoration: none; + transition: 0.1s; +} +a:hover { + color: #ccccff; + text-decoration: underline; +} diff --git a/index.php b/index.php index b26243e..1312416 100644 --- a/index.php +++ b/index.php @@ -4,42 +4,30 @@ * Licensed under the GNU Affero General Public License version 3.0 */ -function printHeader($title, $description, $Icon, $Stylesheet) { - print "\n"; - print "\n"; - print "\t\n"; - print "\t\t\n"; - print "\t\t\n"; - print "\t\t\n"; - print "\t\t\n"; - print "\t\t$title\n"; - print "\t\n"; - print "\t\n"; - print "\t\t
\n"; -} +include "config.php"; -function printFooter() { - print "\t\t
\n"; - print "\t\n"; - print "\n"; -} +$html = ""; +$html .= "\n"; +$html .= "\n"; +$html .= "\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t$instanceName\n"; +$html .= "\t\n"; +$html .= "\t\n"; +$html .= "\t\t
\n"; -function initServer() { -} +$html .= "\t\t\t

speedie's super awesome file uploader junk

\n"; +$html .= "\t\t\t
Select file to upload


\n"; +$html .= "\t\t\t

Max file size: $maxFileSize MB

\n"; +$html .= "\t\t\tsource code\n"; -function main() { - include "config.php"; +$html .= "\t\t
\n"; +$html .= "\t\n"; +$html .= "\n"; - printHeader("curload", "Upload files", $Icon, $Stylesheet); - - print "\t\t\t

speedie's super awesome file uploader junk

\n"; - print "\t\t\t
Select file to upload


\n"; - print "\t\t\t

Max file size: $maxFileSize MB

\n"; - print "\t\t\tsource code\n"; - - printFooter(); -} - -main(); +print "$html"; ?> diff --git a/remove.php b/remove.php new file mode 100644 index 0000000..31fb0fa --- /dev/null +++ b/remove.php @@ -0,0 +1,13 @@ + diff --git a/test-curload.sh b/test-curload.sh new file mode 100755 index 0000000..102a20c --- /dev/null +++ b/test-curload.sh @@ -0,0 +1,2 @@ +#!/bin/sh +php -S localhost:1337 & diff --git a/test.sh b/test.sh index 8c0bcdd..505c3e5 100755 --- a/test.sh +++ b/test.sh @@ -1,2 +1,2 @@ #!/bin/sh -curl -F "file=@Testfile.txt" -F "key=myKey" "http://localhost:1337/upload.php" +curl -F "file=@Testfile.txt" -F "key=${1:-myKey}" "http://localhost:1337/upload.php" diff --git a/upload.php b/upload.php index 8efdb68..276e46c 100644 --- a/upload.php +++ b/upload.php @@ -1,102 +1,216 @@ query('SELECT * FROM keys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { + $id = $line['id']; + $keyID = $id; + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); + } + + if ($storeUploads || $storeUploads == "true") { + $numberOfUploads = $line['numberofuploads'] + 1; + $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + } + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'"); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'"); + } + + $Authorized = 1; + $keyType = 0; + break; + } } - $Status = 0; - $Authorized = 0; - $tempKeyUsed = 0; - $uploadLimit = $maxFileSize * 1000000; - $self = dirname($_SERVER['PHP_SELF']); + if ($Authorized != 1) { + $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0 && ($enableTemporaryKeys || $enableTemporaryKeys == "true")) { + $uploadsLeft = $line['uploadsleft'] - 1; + $id = $line['id']; + $keyID = $id; - if (isset($_FILES['file']['name'])) { - // All normal keys will be considered valid - if (file_exists($keyFile)) { - $validKeys = explode("\n", file_get_contents($keyFile)); - } else { // one master key must exist - print("Error: No valid keys found."); - die(); - } + $Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'"); + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); + } + + if ($storeUploads || $storeUploads == "true") { + $numberOfUploads = $line['numberofuploads'] + 1; + $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + } + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'"); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'"); + } - foreach ($validKeys as $ValidKey) { - if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { $Authorized = 1; - $tempKeyUsed = 0; - + $keyType = 1; break; } } + } - // Temporary keys as well - if (file_exists($tempKeyFile)) { - $tempValidKeys = explode("\n", file_get_contents($tempKeyFile)); + // maybe admin? + if ($Authorized != 1) { + $DatabaseQuery = $Database->query('SELECT * FROM admins'); - foreach ($tempValidKeys as $ValidKey) { - if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { - $Authorized = 1; - $tempKeyUsed = 1; // key should be considered invalid after this use. + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableAdminKeys || $enableAdminKeys == "true")) { + $id = $line['id']; + $keyID = $id; + $numberOfUploads = $line['numberofuploads'] + 1; + $lastUsed = date($dateFormat); - break; + $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); + $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'"); } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'"); + } + + $Authorized = 1; + $keyType = 2; + break; } } + } - // Not an authorized key - if ($Authorized == 0) { - print "Not authorized: Key '$Key' is invalid."; - die(); - } - - if ($_FILES['file']['size'] > $uploadLimit) { - print "File is too big. Max file size is $maxFileSize" . "MB"; - die(); - } - - if (!is_dir($uploadDir)) { - mkdir($uploadDir, 0777, true); - } - - $destinationFile = $uploadDir . basename($_FILES['file']['name']); - - if (file_exists($destinationFile)) { // rename file to distinguish it from existing file - $destinationFile = $uploadDir . rand(10000,100000) . "." . strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); - - if (file_exists($destinationFile)) { // wtf - print "Failed to upload file."; - die(); - } - } - - if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { - $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; - - if ($tempKeyUsed) { // Remove temporary key - $file = file_get_contents($tempKeyFile); - $file = preg_replace("/\b$Key\b/", "", $file); - file_put_contents($tempKeyFile, $file); - } - - print "$uploadedFile"; - - if (isset($_REQUEST['web'])) { // redirect back to index - print "

Your link

\n"; - die(); - } - } else { - print "Failed to upload file."; - - if ($_FILES['file']['error'] == 1) { - print "Is the upload_max_filesize set up properly?"; - } - die(); - } - } else { - print "You didn't specify a file."; + // Not an authorized key + if ($Authorized == 0) { + print "Not authorized: Key '$Key' is invalid."; die(); } +} + +if ($_FILES['file']['size'] > $uploadLimit && $uploadLimit > 0) { + print "File is too big. Max file size is $maxFileSize" . "MB"; + die(); +} + +// check if file is too big to be uploaded +if (!is_dir($uploadDir)) { + mkdir($uploadDir, 0777, true); +} + +$destinationFile = $uploadDir . basename($_FILES['file']['name']); + +// rename file if necessary +if (!$replaceOriginal || $replaceOriginal == "false") { + if (file_exists($destinationFile) && $) { // rename file to distinguish it from existing file + $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); + if (isset($fileExtension)) { + $extension = "." . $fileExtension; + } + + if ($renameDuplicates || $renameDuplicates == "true") { + $destinationFile = $uploadDir . rand(1000,100000) . $extension; + } + + if (file_exists($destinationFile)) { // wtf + print "Failed to upload file."; + die(); + } + } +} + +if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { + $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; + + $lastUsed = date($dateFormat); + $DatabaseQuery = $Database->query('SELECT * FROM uploads'); + $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')"); + + if ($keyType == 1) { // Remove temporary key + $file = file_get_contents($tempKeyFile); + $file = preg_replace("/\b$Key\b/", "", $file); + file_put_contents($tempKeyFile, $file); + } + + print "$uploadedFile"; + + if (isset($_REQUEST['web'])) { // redirect back to index + print "

Your link

\n"; + die(); + } +} else { + print "Failed to upload file."; + print $_FILES['file']['error']; + die(); +} ?>