From e01c13fe82178afc18bd7cb10be00f20447623c1 Mon Sep 17 00:00:00 2001 From: speedie Date: Fri, 29 Sep 2023 00:25:59 +0200 Subject: [PATCH 1/6] WIP work on SQL #4 --- config.ini | 18 ++++++--- config.php | 8 ++++ index.php | 2 +- upload.php | 113 +++++++++++++++++++++++++++++++++-------------------- 4 files changed, 92 insertions(+), 49 deletions(-) diff --git a/config.ini b/config.ini index b539d89..e316e58 100644 --- a/config.ini +++ b/config.ini @@ -1,11 +1,17 @@ [html] -css = index.css -favicon = favicon.svg +css = index.css +favicon = favicon.svg [upload] -upload_dir = uploads2/ -max_size = 100 +upload_dir = uploads/ +max_size = 100 [credentials] -key_file = passwords.txt -temp_key_file = temporary_passwords.txt +sql = true +sqldb = curload.sql +key_file = passwords.txt +temp_key_file = temporary_passwords.txt + +[logging] +store_ip = true +store_user_agent = true diff --git a/config.php b/config.php index a2cceb0..4ef12b7 100644 --- a/config.php +++ b/config.php @@ -5,6 +5,10 @@ $keyFile = "passwords.txt"; $tempKeyFile = "temporary_passwords.txt"; $maxFileSize = "100"; + $sql = true; + $sqlDB = "curload.db"; + $storeIP = true; + $storeAgent = true; define('CONFIG_FILE', 'config.ini'); @@ -20,4 +24,8 @@ $keyFile = $configEntries['key_file']; $tempKeyFile = $configEntries['temp_key_file']; $maxFileSize = $configEntries['max_size']; + $sql = $configEntries['sql']; + $sqlDB = $configEntries['sqldb']; + $storeIP = $configEntries['store_ip']; + $storeAgent = $configEntries['store_user_agent']; ?> diff --git a/index.php b/index.php index b26243e..943d34f 100644 --- a/index.php +++ b/index.php @@ -30,7 +30,7 @@ function initServer() { function main() { include "config.php"; - printHeader("curload", "Upload files", $Icon, $Stylesheet); + printHeader("curload", "Simply upload files", $Icon, $Stylesheet); print "\t\t\t

speedie's super awesome file uploader junk

\n"; print "\t\t\t
Select file to upload


\n"; diff --git a/upload.php b/upload.php index 8efdb68..b6593b7 100644 --- a/upload.php +++ b/upload.php @@ -14,7 +14,39 @@ $uploadLimit = $maxFileSize * 1000000; $self = dirname($_SERVER['PHP_SELF']); - if (isset($_FILES['file']['name'])) { + if (!isset($_FILES['file']['name'])) { + print "You didn't specify a file."; + die(); + } + + // init database + if ($sql) { + $Database = new SQLite3($sqlDB); + $Database->exec("CREATE TABLE keys(id INTEGER PRIMARY KEY, key TEXT)"); + $Database->exec("CREATE TABLE tkeys(id INTEGER PRIMARY KEY, key TEXT, uploads INT)"); + $Database->exec("CREATE TABLE uploads(id INTEGER PRIMARY KEY, file TEXT, date TEXT, useragent TEXT, ip TEXT)"); + + $DatabaseQuery = $Database->query('SELECT * FROM keys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "") { + $Authorized = 1; + break; + } + } + + if ($Authorized != 1) { + $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploads'] != 0) { + $numberOfUploads = $line['uploads'] - 1; + $id = $line['id']; + $Database->exec("UPDATE tkeys SET uploads=$numberOfUploads WHERE id=$id"); + $Authorized = 1; + break; + } + } + } + } else { // no sql version // All normal keys will be considered valid if (file_exists($keyFile)) { $validKeys = explode("\n", file_get_contents($keyFile)); @@ -45,58 +77,55 @@ } } } + } - // Not an authorized key - if ($Authorized == 0) { - print "Not authorized: Key '$Key' is invalid."; - die(); - } + // Not an authorized key + if ($Authorized == 0) { + print "Not authorized: Key '$Key' is invalid."; + die(); + } - if ($_FILES['file']['size'] > $uploadLimit) { - print "File is too big. Max file size is $maxFileSize" . "MB"; - die(); - } + if ($_FILES['file']['size'] > $uploadLimit) { + print "File is too big. Max file size is $maxFileSize" . "MB"; + die(); + } - if (!is_dir($uploadDir)) { - mkdir($uploadDir, 0777, true); - } + if (!is_dir($uploadDir)) { + mkdir($uploadDir, 0777, true); + } - $destinationFile = $uploadDir . basename($_FILES['file']['name']); + $destinationFile = $uploadDir . basename($_FILES['file']['name']); - if (file_exists($destinationFile)) { // rename file to distinguish it from existing file - $destinationFile = $uploadDir . rand(10000,100000) . "." . strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); + if (file_exists($destinationFile)) { // rename file to distinguish it from existing file + $destinationFile = $uploadDir . rand(10000,100000) . "." . strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); - if (file_exists($destinationFile)) { // wtf - print "Failed to upload file."; - die(); - } - } - - if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { - $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; - - if ($tempKeyUsed) { // Remove temporary key - $file = file_get_contents($tempKeyFile); - $file = preg_replace("/\b$Key\b/", "", $file); - file_put_contents($tempKeyFile, $file); - } - - print "$uploadedFile"; - - if (isset($_REQUEST['web'])) { // redirect back to index - print "

Your link

\n"; - die(); - } - } else { + if (file_exists($destinationFile)) { // wtf print "Failed to upload file."; + die(); + } + } - if ($_FILES['file']['error'] == 1) { - print "Is the upload_max_filesize set up properly?"; - } + if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { + $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; + + if ($tempKeyUsed) { // Remove temporary key + $file = file_get_contents($tempKeyFile); + $file = preg_replace("/\b$Key\b/", "", $file); + file_put_contents($tempKeyFile, $file); + } + + print "$uploadedFile"; + + if (isset($_REQUEST['web'])) { // redirect back to index + print "

Your link

\n"; die(); } } else { - print "You didn't specify a file."; + print "Failed to upload file."; + + if ($_FILES['file']['error'] == 1) { + print "Is the upload_max_filesize set up properly?"; + } die(); } ?> From 6af8b8cf1314c0e056c089efa374201e3a84bafa Mon Sep 17 00:00:00 2001 From: speedie Date: Fri, 29 Sep 2023 16:09:02 +0200 Subject: [PATCH 2/6] Add admin database, will be used shortly --- .gitignore | 1 + test-curload.sh | 2 ++ upload.php | 9 +++++---- 3 files changed, 8 insertions(+), 4 deletions(-) create mode 100755 test-curload.sh diff --git a/.gitignore b/.gitignore index 3aea9f5..e53578d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ passwords.txt temporary_passwords.txt uploads +curload.sql diff --git a/test-curload.sh b/test-curload.sh new file mode 100755 index 0000000..102a20c --- /dev/null +++ b/test-curload.sh @@ -0,0 +1,2 @@ +#!/bin/sh +php -S localhost:1337 & diff --git a/upload.php b/upload.php index b6593b7..c9e9119 100644 --- a/upload.php +++ b/upload.php @@ -20,11 +20,12 @@ } // init database - if ($sql) { + if ($sql == "true" || $sql) { $Database = new SQLite3($sqlDB); - $Database->exec("CREATE TABLE keys(id INTEGER PRIMARY KEY, key TEXT)"); - $Database->exec("CREATE TABLE tkeys(id INTEGER PRIMARY KEY, key TEXT, uploads INT)"); - $Database->exec("CREATE TABLE uploads(id INTEGER PRIMARY KEY, file TEXT, date TEXT, useragent TEXT, ip TEXT)"); + $Database->exec("CREATE TABLE admins(id INTEGER PRIMARY KEY, key TEXT, useragent TEXT, ip TEXT)"); + $Database->exec("CREATE TABLE keys(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, useragent TEXT, ip TEXT)"); + $Database->exec("CREATE TABLE tkeys(id INTEGER PRIMARY KEY, key TEXT, uploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + $Database->exec("CREATE TABLE uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, useragent TEXT, ip TEXT)"); $DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { From 39d0b8d9a53136519a7bc99a5ff80b9c71a6542e Mon Sep 17 00:00:00 2001 From: speedie Date: Fri, 29 Sep 2023 19:08:35 +0200 Subject: [PATCH 3/6] add a test admin tools panel --- add-keys.php | 97 ++++++++++++++++++++++++++++++++++++++++++++++++ config.ini | 5 +++ config.php | 26 ++++++++----- create-table.php | 51 +++++++++++++++++++++++++ create.php | 42 +++++++++++++++++++++ index.php | 9 +++++ test.sh | 2 +- upload.php | 70 ++++++++++++++++++++++++++++++---- 8 files changed, 283 insertions(+), 19 deletions(-) create mode 100644 add-keys.php create mode 100644 create-table.php create mode 100644 create.php diff --git a/add-keys.php b/add-keys.php new file mode 100644 index 0000000..278c72e --- /dev/null +++ b/add-keys.php @@ -0,0 +1,97 @@ +query('SELECT * FROM keys'); + + $numberOfUploads = 0; + $lastUsed = date($dateFormat); + $Issued = date($dateFormat); + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); + } + + $Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); + } + + function addTempKey($adminKey, $Value, $uploadsLeft) { + include "config.php"; + + $Database = createTables($sqlDB); + $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); + + $numberOfUploads = 0; + $lastUsed = date($dateFormat); + $Issued = date($dateFormat); + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + } + + $Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); + } + + // TEMPORARY FUNCTION: TO BE REMOVED + function addAdminKey($Value) { + include "config.php"; + + $Database = createTables($sqlDB); + $DatabaseQuery = $Database->query('SELECT * FROM admins'); + + $lastUsed = date($dateFormat); + $Issued = date($dateFormat); + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + } + + $Database->exec("INSERT INTO admins(id, key, lastused, issued, ip, useragent) VALUES('$Value', '$lastUsed', '$Issued', '$ip', '$userAgent')"); + } +?> diff --git a/config.ini b/config.ini index e316e58..3c72881 100644 --- a/config.ini +++ b/config.ini @@ -15,3 +15,8 @@ temp_key_file = temporary_passwords.txt [logging] store_ip = true store_user_agent = true +store_issued = true +store_last_usage = true + +[format] +date_format = Y/m/d diff --git a/config.php b/config.php index 4ef12b7..92bbe27 100644 --- a/config.php +++ b/config.php @@ -1,14 +1,17 @@ diff --git a/create-table.php b/create-table.php new file mode 100644 index 0000000..c622113 --- /dev/null +++ b/create-table.php @@ -0,0 +1,51 @@ +exec( + "CREATE TABLE admins(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)" + ); + + /* keys table + * id (INTEGER PRIMARY KEY) + * key (TEXT) + * numberofuploads (INT) + * lastused (INT) + * issued (TEXT) + * ip (TEXT) + * useragent (TEXT) + */ + $Database->exec("CREATE TABLE keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + + /* temporary keys table + * id (INTEGER PRIMARY KEY) + * key (TEXT) + * numberofuploads (INT) + * uploadsleft (INT) + * lastused (TEXT) + * issued (TEXT) + * ip (TEXT) + * useragent (TEXT) + */ + $Database->exec("CREATE TABLE tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + + /* uploads table + * id (INTEGER PRIMARY KEY) + * file (TEXT) + * uploaddate (TEXT) + * keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE) + * tempkey (INT) + */ + $Database->exec("CREATE TABLE uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, tempkey INT)"); + + return $Database; + } +?> diff --git a/create.php b/create.php new file mode 100644 index 0000000..11c84cc --- /dev/null +++ b/create.php @@ -0,0 +1,42 @@ + diff --git a/index.php b/index.php index 943d34f..4ae4ba0 100644 --- a/index.php +++ b/index.php @@ -37,6 +37,15 @@ function main() { print "\t\t\t

Max file size: $maxFileSize MB

\n"; print "\t\t\tsource code\n"; + print "\t\t\t

oops i leaked admin tools

\n"; + print "\t\t\t
\n"; + print "\t\t\t\t\n"; + print "\t\t\t\t\n"; + print "\t\t\t\t\n"; + print "\t\t\t\t\n"; + print "\t\t\t\t\n"; + print "\t\t\t
\n"; + printFooter(); } diff --git a/test.sh b/test.sh index 8c0bcdd..505c3e5 100755 --- a/test.sh +++ b/test.sh @@ -1,2 +1,2 @@ #!/bin/sh -curl -F "file=@Testfile.txt" -F "key=myKey" "http://localhost:1337/upload.php" +curl -F "file=@Testfile.txt" -F "key=${1:-myKey}" "http://localhost:1337/upload.php" diff --git a/upload.php b/upload.php index c9e9119..899817d 100644 --- a/upload.php +++ b/upload.php @@ -1,5 +1,6 @@ exec("CREATE TABLE admins(id INTEGER PRIMARY KEY, key TEXT, useragent TEXT, ip TEXT)"); - $Database->exec("CREATE TABLE keys(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, useragent TEXT, ip TEXT)"); - $Database->exec("CREATE TABLE tkeys(id INTEGER PRIMARY KEY, key TEXT, uploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); - $Database->exec("CREATE TABLE uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, useragent TEXT, ip TEXT)"); + $Database = createTables($sqlDB); $DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { if ($line['key'] == $Key && $Key != "" && $line['key'] != "") { + $id = $line['id']; + $keyID = $id; + $numberOfUploads = $line['numberofuploads'] + 1; + + $Database->exec("UPDATE keys SET lastused=$lastUsed WHERE id=$id"); + $Database->exec("UPDATE keys SET numberofuploads=$numberOfUploads WHERE id=$id"); + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE keys SET ip=$ip WHERE id=$id"); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE keys SET useragent=$userAgent WHERE id=$id"); + } + $Authorized = 1; + $tempKeyUsed = 0; break; } } @@ -38,11 +61,36 @@ if ($Authorized != 1) { $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploads'] != 0) { - $numberOfUploads = $line['uploads'] - 1; + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0) { + $uploadsLeft = $line['uploadsleft'] - 1; + $numberOfUploads = $line['numberofuploads'] + 1; + $lastUsed = date($dateFormat); $id = $line['id']; - $Database->exec("UPDATE tkeys SET uploads=$numberOfUploads WHERE id=$id"); + $keyID = $id; + + $Database->exec("UPDATE tkeys SET uploadsleft=$uploadsLeft WHERE id=$id"); + $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id=$id"); + $Database->exec("UPDATE tkeys SET numberofuploads=$numberOfUploads WHERE id=$id"); + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE tkeys SET ip=$ip WHERE id=$id"); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE tkeys SET useragent=$userAgent WHERE id=$id"); + } + $Authorized = 1; + $tempKeyUsed = 1; break; } } @@ -109,6 +157,12 @@ if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; + if ($sql || $sql == "true") { + $lastUsed = date($dateFormat); + $DatabaseQuery = $Database->query('SELECT * FROM uploads'); + $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, tempkey) VALUES('$uploadedFile', '$lastUsed', $keyID, $tempKeyUsed)"); + } + if ($tempKeyUsed) { // Remove temporary key $file = file_get_contents($tempKeyFile); $file = preg_replace("/\b$Key\b/", "", $file); From 2ab18cfe2e9bfe914d967128724dc8d4fb03796f Mon Sep 17 00:00:00 2001 From: speedie Date: Fri, 29 Sep 2023 19:53:53 +0200 Subject: [PATCH 4/6] Some fixes --- create-table.php | 8 ++++---- upload.php | 27 ++++++++++++++++----------- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/create-table.php b/create-table.php index c622113..c7fd391 100644 --- a/create-table.php +++ b/create-table.php @@ -11,7 +11,7 @@ * useragent (TEXT) */ $Database->exec( - "CREATE TABLE admins(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)" + "CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)" ); /* keys table @@ -23,7 +23,7 @@ * ip (TEXT) * useragent (TEXT) */ - $Database->exec("CREATE TABLE keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + $Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); /* temporary keys table * id (INTEGER PRIMARY KEY) @@ -35,7 +35,7 @@ * ip (TEXT) * useragent (TEXT) */ - $Database->exec("CREATE TABLE tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + $Database->exec("CREATE TABLE IF NOT EXISTS tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); /* uploads table * id (INTEGER PRIMARY KEY) @@ -44,7 +44,7 @@ * keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE) * tempkey (INT) */ - $Database->exec("CREATE TABLE uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, tempkey INT)"); + $Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, tempkey INT)"); return $Database; } diff --git a/upload.php b/upload.php index 899817d..5233b86 100644 --- a/upload.php +++ b/upload.php @@ -31,9 +31,10 @@ $id = $line['id']; $keyID = $id; $numberOfUploads = $line['numberofuploads'] + 1; + $lastUsed = date($dateFormat); - $Database->exec("UPDATE keys SET lastused=$lastUsed WHERE id=$id"); - $Database->exec("UPDATE keys SET numberofuploads=$numberOfUploads WHERE id=$id"); + $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); + $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); if ($storeIP || $storeIP == "true") { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { @@ -44,12 +45,12 @@ $ip = $_SERVER['REMOTE_ADDR']; } - $Database->exec("UPDATE keys SET ip=$ip WHERE id=$id"); + $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'"); } if ($storeAgent || $storeAgent == "true") { $userAgent = $_SERVER['HTTP_USER_AGENT']; - $Database->exec("UPDATE keys SET useragent=$userAgent WHERE id=$id"); + $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'"); } $Authorized = 1; @@ -68,9 +69,9 @@ $id = $line['id']; $keyID = $id; - $Database->exec("UPDATE tkeys SET uploadsleft=$uploadsLeft WHERE id=$id"); - $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id=$id"); - $Database->exec("UPDATE tkeys SET numberofuploads=$numberOfUploads WHERE id=$id"); + $Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'"); + $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); + $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); if ($storeIP || $storeIP == "true") { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { @@ -81,12 +82,12 @@ $ip = $_SERVER['REMOTE_ADDR']; } - $Database->exec("UPDATE tkeys SET ip=$ip WHERE id=$id"); + $Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'"); } if ($storeAgent || $storeAgent == "true") { $userAgent = $_SERVER['HTTP_USER_AGENT']; - $Database->exec("UPDATE tkeys SET useragent=$userAgent WHERE id=$id"); + $Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'"); } $Authorized = 1; @@ -146,7 +147,11 @@ $destinationFile = $uploadDir . basename($_FILES['file']['name']); if (file_exists($destinationFile)) { // rename file to distinguish it from existing file - $destinationFile = $uploadDir . rand(10000,100000) . "." . strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); + $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); + if (isset($fileExtension)) { + $extension = "." . $fileExtension; + } + $destinationFile = $uploadDir . rand(1000,100000) . $extension; if (file_exists($destinationFile)) { // wtf print "Failed to upload file."; @@ -160,7 +165,7 @@ if ($sql || $sql == "true") { $lastUsed = date($dateFormat); $DatabaseQuery = $Database->query('SELECT * FROM uploads'); - $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, tempkey) VALUES('$uploadedFile', '$lastUsed', $keyID, $tempKeyUsed)"); + $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, tempkey) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$tempKeyUsed')"); } if ($tempKeyUsed) { // Remove temporary key From 9907eb9b725925d562a76fbdab10fa118186d15c Mon Sep 17 00:00:00 2001 From: speedie Date: Fri, 29 Sep 2023 21:29:29 +0200 Subject: [PATCH 5/6] Change some basic things --- add-keys.php | 161 +++++++++++++------------ admin.php | 31 +++++ config.ini | 1 + config.php | 71 ++++++----- create-table.php | 92 +++++++------- create.php | 2 +- index.php | 70 +++++------ upload.php | 308 ++++++++++++++++++++++++++--------------------- 8 files changed, 403 insertions(+), 333 deletions(-) create mode 100644 admin.php diff --git a/add-keys.php b/add-keys.php index 278c72e..5ecdeb7 100644 --- a/add-keys.php +++ b/add-keys.php @@ -1,97 +1,98 @@ query('SELECT * FROM keys'); + + $numberOfUploads = 0; + $lastUsed = date($dateFormat); + $Issued = date($dateFormat); + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); } - function getUserAgent() { - return $_SERVER['HTTP_USER_AGENT']; + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); } - // TODO: Hash passwords - function addKey($adminKey, $Value) { - include "config.php"; + $Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} - $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM keys'); +function addTempKey($adminKey, $Value, $uploadsLeft) { + include "config.php"; - $numberOfUploads = 0; - $lastUsed = date($dateFormat); - $Issued = date($dateFormat); - $ip = ""; - $userAgent = ""; + $Database = createTables($sqlDB); + $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); - if ($storeAgent || $storeAgent == "true") { - $userAgent = getUserAgent(); - } + $numberOfUploads = 0; + $lastUsed = date($dateFormat); + $Issued = date($dateFormat); + $ip = ""; + $userAgent = ""; - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); - } - - $Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); } - function addTempKey($adminKey, $Value, $uploadsLeft) { - include "config.php"; - - $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); - - $numberOfUploads = 0; - $lastUsed = date($dateFormat); - $Issued = date($dateFormat); - $ip = ""; - $userAgent = ""; - - if ($storeAgent || $storeAgent == "true") { - $userAgent = getUserAgent(); - } - - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); - } - - if ($storeAgent || $storeAgent == "true") { - $userAgent = $_SERVER['HTTP_USER_AGENT']; - } - - $Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); } - // TEMPORARY FUNCTION: TO BE REMOVED - function addAdminKey($Value) { - include "config.php"; - - $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM admins'); - - $lastUsed = date($dateFormat); - $Issued = date($dateFormat); - $ip = ""; - $userAgent = ""; - - if ($storeAgent || $storeAgent == "true") { - $userAgent = getUserAgent(); - } - - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); - } - - if ($storeAgent || $storeAgent == "true") { - $userAgent = $_SERVER['HTTP_USER_AGENT']; - } - - $Database->exec("INSERT INTO admins(id, key, lastused, issued, ip, useragent) VALUES('$Value', '$lastUsed', '$Issued', '$ip', '$userAgent')"); + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; } + + $Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} + +function addAdminKey($adminKey, $Value, $Primary) { + include "config.php"; + + $Database = createTables($sqlDB); + $DatabaseQuery = $Database->query('SELECT * FROM keys'); + + $numberOfUploads = 0; + $lastUsed = date($dateFormat); + $Issued = date($dateFormat); + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); + } + + $Database->exec("INSERT INTO admins(key, primary, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} ?> diff --git a/admin.php b/admin.php new file mode 100644 index 0000000..816c171 --- /dev/null +++ b/admin.php @@ -0,0 +1,31 @@ +query('SELECT * FROM admins'); + +$html .= "\n"; +$html .= "\n"; +$html .= "\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\tAdministration - $instanceName\n"; +$html .= "\t\n"; +$html .= "\t\n"; +$html .= "\t\t
\n"; + +if (isset($_REQUEST['key'])) { + $Key = $_REQUEST['key']; +} else { + $Authorized = 0; +} +?> diff --git a/config.ini b/config.ini index 3c72881..9d4e0ed 100644 --- a/config.ini +++ b/config.ini @@ -1,4 +1,5 @@ [html] +instance_name = curload css = index.css favicon = favicon.svg diff --git a/config.php b/config.php index 92bbe27..20ee21d 100644 --- a/config.php +++ b/config.php @@ -1,37 +1,44 @@ diff --git a/create-table.php b/create-table.php index c7fd391..50e43f6 100644 --- a/create-table.php +++ b/create-table.php @@ -1,51 +1,55 @@ exec( - "CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)" - ); +function createTables($sqlDB) { + $Database = new SQLite3($sqlDB); - /* keys table - * id (INTEGER PRIMARY KEY) - * key (TEXT) - * numberofuploads (INT) - * lastused (INT) - * issued (TEXT) - * ip (TEXT) - * useragent (TEXT) - */ - $Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + /* administrator table + * id (INTEGER PRIMARY KEY) + * key (TEXT) + * primary (INT) + * lastused (TEXT) + * issued (TEXT) + * ip (TEXT) + * useragent (TEXT) + */ + $Database->exec("CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, primary INT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); - /* temporary keys table - * id (INTEGER PRIMARY KEY) - * key (TEXT) - * numberofuploads (INT) - * uploadsleft (INT) - * lastused (TEXT) - * issued (TEXT) - * ip (TEXT) - * useragent (TEXT) - */ - $Database->exec("CREATE TABLE IF NOT EXISTS tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + /* keys table + * id (INTEGER PRIMARY KEY) + * key (TEXT) + * numberofuploads (INT) + * lastused (INT) + * issued (TEXT) + * ip (TEXT) + * useragent (TEXT) + */ + $Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); - /* uploads table - * id (INTEGER PRIMARY KEY) - * file (TEXT) - * uploaddate (TEXT) - * keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE) - * tempkey (INT) - */ - $Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, tempkey INT)"); + /* temporary keys table + * id (INTEGER PRIMARY KEY) + * key (TEXT) + * numberofuploads (INT) + * uploadsleft (INT) + * lastused (TEXT) + * issued (TEXT) + * ip (TEXT) + * useragent (TEXT) + */ + $Database->exec("CREATE TABLE IF NOT EXISTS tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); - return $Database; - } + /* uploads table + * id (INTEGER PRIMARY KEY) + * file (TEXT) + * uploaddate (TEXT) + * keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE) + * keytype (INT) + */ + $Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, keytype INT)"); + + return $Database; +} ?> diff --git a/create.php b/create.php index 11c84cc..ac8953b 100644 --- a/create.php +++ b/create.php @@ -30,7 +30,7 @@ } if ($Type == "Admin") { - addAdminKey($Data); + addAdminKey($Key, $Data, 0); } else if ($Type == "Temporary") { addTempKey($Key, $Data, $Uploads); } else if ($Type == "Key") { diff --git a/index.php b/index.php index 4ae4ba0..8cd8258 100644 --- a/index.php +++ b/index.php @@ -4,51 +4,37 @@ * Licensed under the GNU Affero General Public License version 3.0 */ -function printHeader($title, $description, $Icon, $Stylesheet) { - print "\n"; - print "\n"; - print "\t\n"; - print "\t\t\n"; - print "\t\t\n"; - print "\t\t\n"; - print "\t\t\n"; - print "\t\t$title\n"; - print "\t\n"; - print "\t\n"; - print "\t\t
\n"; -} +include "config.php"; -function printFooter() { - print "\t\t
\n"; - print "\t\n"; - print "\n"; -} +$html .= "\n"; +$html .= "\n"; +$html .= "\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t$primaryTitle\n"; +$html .= "\t\n"; +$html .= "\t\n"; +$html .= "\t\t
\n"; -function initServer() { -} +$html .= "\t\t\t

speedie's super awesome file uploader junk

\n"; +$html .= "\t\t\t
Select file to upload


\n"; +$html .= "\t\t\t

Max file size: $maxFileSize MB

\n"; +$html .= "\t\t\tsource code\n"; +$html .= "\t\t\t

oops i leaked admin tools

\n"; +$html .= "\t\t\t
\n"; +$html .= "\t\t\t\t\n"; +$html .= "\t\t\t\t\n"; +$html .= "\t\t\t\t\n"; +$html .= "\t\t\t\t\n"; +$html .= "\t\t\t\t\n"; +$html .= "\t\t\t
\n"; -function main() { - include "config.php"; +$html .= "\t\t
\n"; +$html .= "\t\n"; +$html .= "\n"; - printHeader("curload", "Simply upload files", $Icon, $Stylesheet); - - print "\t\t\t

speedie's super awesome file uploader junk

\n"; - print "\t\t\t
Select file to upload


\n"; - print "\t\t\t

Max file size: $maxFileSize MB

\n"; - print "\t\t\tsource code\n"; - - print "\t\t\t

oops i leaked admin tools

\n"; - print "\t\t\t
\n"; - print "\t\t\t\t\n"; - print "\t\t\t\t\n"; - print "\t\t\t\t\n"; - print "\t\t\t\t\n"; - print "\t\t\t\t\n"; - print "\t\t\t
\n"; - - printFooter(); -} - -main(); +print "$html"; ?> diff --git a/upload.php b/upload.php index 5233b86..40c703e 100644 --- a/upload.php +++ b/upload.php @@ -1,31 +1,111 @@ query('SELECT * FROM keys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "") { + $id = $line['id']; + $keyID = $id; + $numberOfUploads = $line['numberofuploads'] + 1; + $lastUsed = date($dateFormat); + + $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); + $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'"); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'"); + } + + $Authorized = 1; + $keyType = 0; + break; + } } - $Status = 0; - $Authorized = 0; - $tempKeyUsed = 0; - $uploadLimit = $maxFileSize * 1000000; - $keyID = 0; - $self = dirname($_SERVER['PHP_SELF']); + if ($Authorized != 1) { + $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0) { + $uploadsLeft = $line['uploadsleft'] - 1; + $numberOfUploads = $line['numberofuploads'] + 1; + $lastUsed = date($dateFormat); + $id = $line['id']; + $keyID = $id; - if (!isset($_FILES['file']['name'])) { - print "You didn't specify a file."; - die(); + $Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'"); + $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); + $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'"); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'"); + } + + $Authorized = 1; + $keyType = 1; + break; + } + } } - // init database - if ($sql == "true" || $sql) { - $Database = createTables($sqlDB); + // maybe admin? + if ($Authorized != 1) { + $DatabaseQuery = $Database->query('SELECT * FROM admins'); - $DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { if ($line['key'] == $Key && $Key != "" && $line['key'] != "") { $id = $line['id']; @@ -54,138 +134,98 @@ } $Authorized = 1; - $tempKeyUsed = 0; + $keyType = 2; break; } } + } +} else { // no sql version + // All normal keys will be considered valid + if (file_exists($keyFile)) { + $validKeys = explode("\n", file_get_contents($keyFile)); + } else { // one master key must exist + print("Error: No valid keys found."); + die(); + } - if ($Authorized != 1) { - $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0) { - $uploadsLeft = $line['uploadsleft'] - 1; - $numberOfUploads = $line['numberofuploads'] + 1; - $lastUsed = date($dateFormat); - $id = $line['id']; - $keyID = $id; + foreach ($validKeys as $ValidKey) { + if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { + $Authorized = 1; + $keyType = 0; - $Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'"); - $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); - $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); - - if ($storeIP || $storeIP == "true") { - if (!empty($_SERVER['HTTP_CLIENT_IP'])) { - $ip = $_SERVER['HTTP_CLIENT_IP']; - } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; - } else { - $ip = $_SERVER['REMOTE_ADDR']; - } - - $Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'"); - } - - if ($storeAgent || $storeAgent == "true") { - $userAgent = $_SERVER['HTTP_USER_AGENT']; - $Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'"); - } - - $Authorized = 1; - $tempKeyUsed = 1; - break; - } - } - } - } else { // no sql version - // All normal keys will be considered valid - if (file_exists($keyFile)) { - $validKeys = explode("\n", file_get_contents($keyFile)); - } else { // one master key must exist - print("Error: No valid keys found."); - die(); + break; } + } - foreach ($validKeys as $ValidKey) { + // Temporary keys as well + if (file_exists($tempKeyFile)) { + $tempValidKeys = explode("\n", file_get_contents($tempKeyFile)); + + foreach ($tempValidKeys as $ValidKey) { if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { $Authorized = 1; - $tempKeyUsed = 0; + $keyType = 1; // key should be considered invalid after this use. break; } } - - // Temporary keys as well - if (file_exists($tempKeyFile)) { - $tempValidKeys = explode("\n", file_get_contents($tempKeyFile)); - - foreach ($tempValidKeys as $ValidKey) { - if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { - $Authorized = 1; - $tempKeyUsed = 1; // key should be considered invalid after this use. - - break; - } - } - } } +} - // Not an authorized key - if ($Authorized == 0) { - print "Not authorized: Key '$Key' is invalid."; - die(); +// Not an authorized key +if ($Authorized == 0) { + print "Not authorized: Key '$Key' is invalid."; + die(); +} + +if ($_FILES['file']['size'] > $uploadLimit) { + print "File is too big. Max file size is $maxFileSize" . "MB"; + die(); +} + +if (!is_dir($uploadDir)) { + mkdir($uploadDir, 0777, true); +} + +$destinationFile = $uploadDir . basename($_FILES['file']['name']); + +if (file_exists($destinationFile)) { // rename file to distinguish it from existing file + $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); + if (isset($fileExtension)) { + $extension = "." . $fileExtension; } + $destinationFile = $uploadDir . rand(1000,100000) . $extension; - if ($_FILES['file']['size'] > $uploadLimit) { - print "File is too big. Max file size is $maxFileSize" . "MB"; - die(); - } - - if (!is_dir($uploadDir)) { - mkdir($uploadDir, 0777, true); - } - - $destinationFile = $uploadDir . basename($_FILES['file']['name']); - - if (file_exists($destinationFile)) { // rename file to distinguish it from existing file - $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); - if (isset($fileExtension)) { - $extension = "." . $fileExtension; - } - $destinationFile = $uploadDir . rand(1000,100000) . $extension; - - if (file_exists($destinationFile)) { // wtf - print "Failed to upload file."; - die(); - } - } - - if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { - $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; - - if ($sql || $sql == "true") { - $lastUsed = date($dateFormat); - $DatabaseQuery = $Database->query('SELECT * FROM uploads'); - $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, tempkey) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$tempKeyUsed')"); - } - - if ($tempKeyUsed) { // Remove temporary key - $file = file_get_contents($tempKeyFile); - $file = preg_replace("/\b$Key\b/", "", $file); - file_put_contents($tempKeyFile, $file); - } - - print "$uploadedFile"; - - if (isset($_REQUEST['web'])) { // redirect back to index - print "

Your link

\n"; - die(); - } - } else { + if (file_exists($destinationFile)) { // wtf print "Failed to upload file."; - - if ($_FILES['file']['error'] == 1) { - print "Is the upload_max_filesize set up properly?"; - } die(); } +} + +if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { + $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; + + if ($sql || $sql == "true") { + $lastUsed = date($dateFormat); + $DatabaseQuery = $Database->query('SELECT * FROM uploads'); + $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')"); + } + + if ($keyType == 1) { // Remove temporary key + $file = file_get_contents($tempKeyFile); + $file = preg_replace("/\b$Key\b/", "", $file); + file_put_contents($tempKeyFile, $file); + } + + print "$uploadedFile"; + + if (isset($_REQUEST['web'])) { // redirect back to index + print "

Your link

\n"; + die(); + } +} else { + print "Failed to upload file."; + print $_FILES['file']['error']; + die(); +} ?> From b6a167170701da38e79dc028bd2f745acf4ab7c6 Mon Sep 17 00:00:00 2001 From: speedie Date: Sat, 30 Sep 2023 01:28:36 +0200 Subject: [PATCH 6/6] some more work --- add-keys.php | 84 ++++++++++++++++++++++++++++++------ admin.php | 68 ++++++++++++++++++++++++++++- config.ini | 32 ++++++++------ config.php | 42 ++++++++++-------- create-table.php | 4 +- data.php | 6 +++ index.css | 67 +++++++++++++++++++++++++++++ index.php | 13 ++---- remove.php | 13 ++++++ upload.php | 109 ++++++++++++++++++++--------------------------- 10 files changed, 318 insertions(+), 120 deletions(-) create mode 100644 data.php create mode 100644 index.css create mode 100644 remove.php diff --git a/add-keys.php b/add-keys.php index 5ecdeb7..38de047 100644 --- a/add-keys.php +++ b/add-keys.php @@ -27,11 +27,23 @@ function addKey($adminKey, $Value) { include "config.php"; $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM keys'); + $DatabaseQuery = $Database->query('SELECT * FROM admins'); + $Authorized = 0; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") { + $Authorized = 1; + break; + } + } + if ($Authorized != 1) { + print "You are not authorized to perform this action."; + die(); + } $numberOfUploads = 0; - $lastUsed = date($dateFormat); - $Issued = date($dateFormat); + $lastUsed = ""; + $Issued = ""; $ip = ""; $userAgent = ""; @@ -39,6 +51,14 @@ function addKey($adminKey, $Value) { $userAgent = getUserAgent(); } + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); + } + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + if ($storeIP || $storeIP == "true") { $ip = getIPAddress(); } @@ -50,11 +70,23 @@ function addTempKey($adminKey, $Value, $uploadsLeft) { include "config.php"; $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); + $DatabaseQuery = $Database->query('SELECT * FROM admins'); + $Authorized = 0; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") { + $Authorized = 1; + break; + } + } + if ($Authorized != 1) { + print "You are not authorized to perform this action."; + die(); + } $numberOfUploads = 0; - $lastUsed = date($dateFormat); - $Issued = date($dateFormat); + $lastUsed = ""; + $Issued = ""; $ip = ""; $userAgent = ""; @@ -62,12 +94,16 @@ function addTempKey($adminKey, $Value, $uploadsLeft) { $userAgent = getUserAgent(); } - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); } - if ($storeAgent || $storeAgent == "true") { - $userAgent = $_SERVER['HTTP_USER_AGENT']; + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); } $Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); @@ -77,11 +113,23 @@ function addAdminKey($adminKey, $Value, $Primary) { include "config.php"; $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM keys'); + $DatabaseQuery = $Database->query('SELECT * FROM admins'); + $Authorized = 0; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "" && $line['primaryadmin'] == 1) { + $Authorized = 1; + break; + } + } + if ($Authorized != 1) { + print "You are not authorized to perform this action."; + die(); + } $numberOfUploads = 0; - $lastUsed = date($dateFormat); - $Issued = date($dateFormat); + $lastUsed = ""; + $Issued = ""; $ip = ""; $userAgent = ""; @@ -89,10 +137,18 @@ function addAdminKey($adminKey, $Value, $Primary) { $userAgent = getUserAgent(); } + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); + } + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + if ($storeIP || $storeIP == "true") { $ip = getIPAddress(); } - $Database->exec("INSERT INTO admins(key, primary, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); + $Database->exec("INSERT INTO admins(key, primaryadmin, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); } ?> diff --git a/admin.php b/admin.php index 816c171..d0dcd63 100644 --- a/admin.php +++ b/admin.php @@ -4,9 +4,14 @@ * Licensed under the GNU Affero General Public License version 3.0 */ -include "config.php"?; +include "config.php"; include "create-table.php"; +if (!$enableAdminKeys || $enableAdminKeys == "false") { + print "Admin keys are not supported."; + die(); +} + $Authorized = 0; $Database = createTables($sqlDB); $DatabaseQuery = $Database->query('SELECT * FROM admins'); @@ -25,7 +30,68 @@ $html .= "\t\t
\n"; if (isset($_REQUEST['key'])) { $Key = $_REQUEST['key']; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "") { + $id = $line['id']; + $lastUsed = date($dateFormat); + + $Database->exec("UPDATE admins SET lastused='$lastUsed' WHERE id='$id'"); + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'"); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'"); + } + + $Authorized = 1; + break; + } + } + + // the stuff + if ($Authorized) { + $html .= "\t\t\t

Admin tools

\n"; + $html .= "\t\t\t\n"; + $html .= "\t\t\t
\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t
\n"; + } else { + header('Location: admin.php?e=true'); + die(); + } } else { $Authorized = 0; + + $html .= "\t\t\t
\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t
\n"; + + if (isset($_REQUEST['e']) && $_REQUEST['e'] == "true") { + $html .= "\t\t\t

Invalid administrator key.

\n"; + } } + +$html .= "\t\t
\n"; +$html .= "\t\n"; +$html .= "\n"; + +print "$html"; + ?> diff --git a/config.ini b/config.ini index 9d4e0ed..6dc88dd 100644 --- a/config.ini +++ b/config.ini @@ -1,23 +1,27 @@ [html] -instance_name = curload -css = index.css -favicon = favicon.svg +instance_name = curload +css = index.css +favicon = favicon.svg [upload] -upload_dir = uploads/ -max_size = 100 +upload_dir = uploads/ +public_uploading = false +rename_duplicates = true +replace_original = false +max_size = 100 [credentials] -sql = true -sqldb = curload.sql -key_file = passwords.txt -temp_key_file = temporary_passwords.txt +sqldb = curload.sql +enable_keys = true +enable_temporary_keys = true +enable_admin_keys = true [logging] -store_ip = true -store_user_agent = true -store_issued = true -store_last_usage = true +store_ip = true +store_user_agent = true +store_issued = true +store_last_usage = true +store_number_of_uploads = true [format] -date_format = Y/m/d +date_format = Y/m/d diff --git a/config.php b/config.php index 20ee21d..7d0bd0e 100644 --- a/config.php +++ b/config.php @@ -4,20 +4,24 @@ * Licensed under the GNU Affero General Public License version 3.0 */ -$Stylesheet = "index.css"; -$Icon = "favicon.svg"; -$uploadDir = "uploads/"; -$keyFile = "passwords.txt"; -$tempKeyFile = "temporary_passwords.txt"; -$maxFileSize = "100"; -$sql = true; -$sqlDB = "curload.db"; -$storeIP = true; -$storeAgent = true; -$storeIssued = true; -$storeLastUsage = true; -$dateFormat = "Y/m/d"; -$instanceName = "curload"; +$Stylesheet = "index.css"; +$Icon = "favicon.svg"; +$uploadDir = "uploads/"; +$maxFileSize = "100"; +$sqlDB = "curload.db"; +$storeIP = true; +$storeAgent = true; +$storeIssued = true; +$storeLastUsage = true; +$storeUploads = true; +$publicUploading = false; +$renameDuplicates = true; +$replaceOriginal = false; +$dateFormat = "Y/m/d"; +$instanceName = "curload"; +$enableKeys = true; +$enableAdminKeys = true; +$enableTemporaryKeys = true; define('CONFIG_FILE', 'config.ini'); @@ -30,15 +34,19 @@ $configEntries = parse_ini_file(CONFIG_FILE); $Stylesheet = $configEntries['css']; $Icon = $configEntries['favicon']; $uploadDir = $configEntries['upload_dir']; -$keyFile = $configEntries['key_file']; -$tempKeyFile = $configEntries['temp_key_file']; $maxFileSize = $configEntries['max_size']; -$sql = $configEntries['sql']; $sqlDB = $configEntries['sqldb']; $storeIP = $configEntries['store_ip']; $storeAgent = $configEntries['store_user_agent']; $storeIssued = $configEntries['store_issued']; $storeLastUsage = $configEntries['store_last_usage']; +$storeUploads = $configEntries['store_number_of_uploads']; $dateFormat = $configEntries['date_format']; $instanceName = $configEntries['instance_name']; +$publicUploading = $configEntries['public_uploading']; +$renameDuplicates = $configEntries['rename_duplicates']; +$replaceOriginal = $configEntries['replace_original']; +$enableKeys = $configEntries['enable_keys']; +$enableAdminKeys = $configEntries['enable_admin_keys']; +$enableTemporaryKeys = $configEntries['enable_temporary_keys']; ?> diff --git a/create-table.php b/create-table.php index 50e43f6..95c4555 100644 --- a/create-table.php +++ b/create-table.php @@ -10,13 +10,13 @@ function createTables($sqlDB) { /* administrator table * id (INTEGER PRIMARY KEY) * key (TEXT) - * primary (INT) + * primaryadmin (INT) * lastused (TEXT) * issued (TEXT) * ip (TEXT) * useragent (TEXT) */ - $Database->exec("CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, primary INT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + $Database->exec("CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, primaryadmin INT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); /* keys table * id (INTEGER PRIMARY KEY) diff --git a/data.php b/data.php new file mode 100644 index 0000000..e4e61eb --- /dev/null +++ b/data.php @@ -0,0 +1,6 @@ + diff --git a/index.css b/index.css new file mode 100644 index 0000000..a945926 --- /dev/null +++ b/index.css @@ -0,0 +1,67 @@ +.bar { + position: sticky; + top: 0px; + z-index: 6; + background-color: #363636; + margin: 0px; + padding: 0px; + width: 100%; +} + +.bar img { + transform: translate(0, +30%); + padding-right: 5px; +} + +.bar input { + padding-top: 2px; + padding-bottom: 2px; + border-color: #363636; + border-width: 0px; + background-color: #363636; + color: #f0eee4; + width: 100% +} + +.title { + color: #f0eee4; + padding-left: 2px; +} + +body { + margin: 0px; + padding: 0px; + background-color: #212121; + font-family: Monospace; +} + +footer { + padding: 5px; + font-size: 8pt; + font-weight: normal; + background-color: transparent; + text-align: center; +} + +.links { + color: #66667d; + padding: 5px; + padding-left: 2px; +} + +.content { + color: #f0eee4; + padding: 5px; + max-width: 1000px; + margin: auto; +} + +a { + color: #89bfff; + text-decoration: none; + transition: 0.1s; +} +a:hover { + color: #ccccff; + text-decoration: underline; +} diff --git a/index.php b/index.php index 8cd8258..1312416 100644 --- a/index.php +++ b/index.php @@ -6,14 +6,15 @@ include "config.php"; +$html = ""; $html .= "\n"; $html .= "\n"; $html .= "\t\n"; -$html .= "\t\t\n"; +$html .= "\t\t\n"; $html .= "\t\t\n"; $html .= "\t\t\n"; $html .= "\t\t\n"; -$html .= "\t\t$primaryTitle\n"; +$html .= "\t\t$instanceName\n"; $html .= "\t\n"; $html .= "\t\n"; $html .= "\t\t
\n"; @@ -22,14 +23,6 @@ $html .= "\t\t\t

speedie's super awesome file uploader junk

\n"; $html .= "\t\t\t
Select file to upload


\n"; $html .= "\t\t\t

Max file size: $maxFileSize MB

\n"; $html .= "\t\t\tsource code\n"; -$html .= "\t\t\t

oops i leaked admin tools

\n"; -$html .= "\t\t\t
\n"; -$html .= "\t\t\t\t\n"; -$html .= "\t\t\t\t\n"; -$html .= "\t\t\t\t\n"; -$html .= "\t\t\t\t\n"; -$html .= "\t\t\t\t\n"; -$html .= "\t\t\t
\n"; $html .= "\t\t
\n"; $html .= "\t\n"; diff --git a/remove.php b/remove.php new file mode 100644 index 0000000..31fb0fa --- /dev/null +++ b/remove.php @@ -0,0 +1,13 @@ + diff --git a/upload.php b/upload.php index 40c703e..276e46c 100644 --- a/upload.php +++ b/upload.php @@ -27,19 +27,24 @@ if (!isset($_FILES['file']['name'])) { } // init database -if ($sql == "true" || $sql) { +if (!$publicUploading || $publicUploading == "false") { $Database = createTables($sqlDB); $DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $Key && $Key != "" && $line['key'] != "") { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { $id = $line['id']; $keyID = $id; - $numberOfUploads = $line['numberofuploads'] + 1; - $lastUsed = date($dateFormat); - $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); - $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); + } + + if ($storeUploads || $storeUploads == "true") { + $numberOfUploads = $line['numberofuploads'] + 1; + $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + } if ($storeIP || $storeIP == "true") { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { @@ -67,16 +72,22 @@ if ($sql == "true" || $sql) { if ($Authorized != 1) { $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0 && ($enableTemporaryKeys || $enableTemporaryKeys == "true")) { $uploadsLeft = $line['uploadsleft'] - 1; - $numberOfUploads = $line['numberofuploads'] + 1; - $lastUsed = date($dateFormat); $id = $line['id']; $keyID = $id; $Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'"); - $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); - $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); + } + + if ($storeUploads || $storeUploads == "true") { + $numberOfUploads = $line['numberofuploads'] + 1; + $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + } if ($storeIP || $storeIP == "true") { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { @@ -107,7 +118,7 @@ if ($sql == "true" || $sql) { $DatabaseQuery = $Database->query('SELECT * FROM admins'); while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $Key && $Key != "" && $line['key'] != "") { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableAdminKeys || $enableAdminKeys == "true")) { $id = $line['id']; $keyID = $id; $numberOfUploads = $line['numberofuploads'] + 1; @@ -139,77 +150,51 @@ if ($sql == "true" || $sql) { } } } -} else { // no sql version - // All normal keys will be considered valid - if (file_exists($keyFile)) { - $validKeys = explode("\n", file_get_contents($keyFile)); - } else { // one master key must exist - print("Error: No valid keys found."); + + // Not an authorized key + if ($Authorized == 0) { + print "Not authorized: Key '$Key' is invalid."; die(); } - - foreach ($validKeys as $ValidKey) { - if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { - $Authorized = 1; - $keyType = 0; - - break; - } - } - - // Temporary keys as well - if (file_exists($tempKeyFile)) { - $tempValidKeys = explode("\n", file_get_contents($tempKeyFile)); - - foreach ($tempValidKeys as $ValidKey) { - if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { - $Authorized = 1; - $keyType = 1; // key should be considered invalid after this use. - - break; - } - } - } } -// Not an authorized key -if ($Authorized == 0) { - print "Not authorized: Key '$Key' is invalid."; - die(); -} - -if ($_FILES['file']['size'] > $uploadLimit) { +if ($_FILES['file']['size'] > $uploadLimit && $uploadLimit > 0) { print "File is too big. Max file size is $maxFileSize" . "MB"; die(); } +// check if file is too big to be uploaded if (!is_dir($uploadDir)) { mkdir($uploadDir, 0777, true); } $destinationFile = $uploadDir . basename($_FILES['file']['name']); -if (file_exists($destinationFile)) { // rename file to distinguish it from existing file - $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); - if (isset($fileExtension)) { - $extension = "." . $fileExtension; - } - $destinationFile = $uploadDir . rand(1000,100000) . $extension; +// rename file if necessary +if (!$replaceOriginal || $replaceOriginal == "false") { + if (file_exists($destinationFile) && $) { // rename file to distinguish it from existing file + $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); + if (isset($fileExtension)) { + $extension = "." . $fileExtension; + } - if (file_exists($destinationFile)) { // wtf - print "Failed to upload file."; - die(); + if ($renameDuplicates || $renameDuplicates == "true") { + $destinationFile = $uploadDir . rand(1000,100000) . $extension; + } + + if (file_exists($destinationFile)) { // wtf + print "Failed to upload file."; + die(); + } } } if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; - if ($sql || $sql == "true") { - $lastUsed = date($dateFormat); - $DatabaseQuery = $Database->query('SELECT * FROM uploads'); - $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')"); - } + $lastUsed = date($dateFormat); + $DatabaseQuery = $Database->query('SELECT * FROM uploads'); + $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')"); if ($keyType == 1) { // Remove temporary key $file = file_get_contents($tempKeyFile);