From 9907eb9b725925d562a76fbdab10fa118186d15c Mon Sep 17 00:00:00 2001 From: speedie Date: Fri, 29 Sep 2023 21:29:29 +0200 Subject: [PATCH] Change some basic things --- add-keys.php | 161 +++++++++++++------------ admin.php | 31 +++++ config.ini | 1 + config.php | 71 ++++++----- create-table.php | 92 +++++++------- create.php | 2 +- index.php | 70 +++++------ upload.php | 308 ++++++++++++++++++++++++++--------------------- 8 files changed, 403 insertions(+), 333 deletions(-) create mode 100644 admin.php diff --git a/add-keys.php b/add-keys.php index 278c72e..5ecdeb7 100644 --- a/add-keys.php +++ b/add-keys.php @@ -1,97 +1,98 @@ query('SELECT * FROM keys'); + + $numberOfUploads = 0; + $lastUsed = date($dateFormat); + $Issued = date($dateFormat); + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); } - function getUserAgent() { - return $_SERVER['HTTP_USER_AGENT']; + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); } - // TODO: Hash passwords - function addKey($adminKey, $Value) { - include "config.php"; + $Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} - $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM keys'); +function addTempKey($adminKey, $Value, $uploadsLeft) { + include "config.php"; - $numberOfUploads = 0; - $lastUsed = date($dateFormat); - $Issued = date($dateFormat); - $ip = ""; - $userAgent = ""; + $Database = createTables($sqlDB); + $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); - if ($storeAgent || $storeAgent == "true") { - $userAgent = getUserAgent(); - } + $numberOfUploads = 0; + $lastUsed = date($dateFormat); + $Issued = date($dateFormat); + $ip = ""; + $userAgent = ""; - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); - } - - $Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); } - function addTempKey($adminKey, $Value, $uploadsLeft) { - include "config.php"; - - $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); - - $numberOfUploads = 0; - $lastUsed = date($dateFormat); - $Issued = date($dateFormat); - $ip = ""; - $userAgent = ""; - - if ($storeAgent || $storeAgent == "true") { - $userAgent = getUserAgent(); - } - - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); - } - - if ($storeAgent || $storeAgent == "true") { - $userAgent = $_SERVER['HTTP_USER_AGENT']; - } - - $Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); } - // TEMPORARY FUNCTION: TO BE REMOVED - function addAdminKey($Value) { - include "config.php"; - - $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM admins'); - - $lastUsed = date($dateFormat); - $Issued = date($dateFormat); - $ip = ""; - $userAgent = ""; - - if ($storeAgent || $storeAgent == "true") { - $userAgent = getUserAgent(); - } - - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); - } - - if ($storeAgent || $storeAgent == "true") { - $userAgent = $_SERVER['HTTP_USER_AGENT']; - } - - $Database->exec("INSERT INTO admins(id, key, lastused, issued, ip, useragent) VALUES('$Value', '$lastUsed', '$Issued', '$ip', '$userAgent')"); + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; } + + $Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} + +function addAdminKey($adminKey, $Value, $Primary) { + include "config.php"; + + $Database = createTables($sqlDB); + $DatabaseQuery = $Database->query('SELECT * FROM keys'); + + $numberOfUploads = 0; + $lastUsed = date($dateFormat); + $Issued = date($dateFormat); + $ip = ""; + $userAgent = ""; + + if ($storeAgent || $storeAgent == "true") { + $userAgent = getUserAgent(); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); + } + + $Database->exec("INSERT INTO admins(key, primary, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); +} ?> diff --git a/admin.php b/admin.php new file mode 100644 index 0000000..816c171 --- /dev/null +++ b/admin.php @@ -0,0 +1,31 @@ +query('SELECT * FROM admins'); + +$html .= "\n"; +$html .= "\n"; +$html .= "\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\tAdministration - $instanceName\n"; +$html .= "\t\n"; +$html .= "\t\n"; +$html .= "\t\t
\n"; + +if (isset($_REQUEST['key'])) { + $Key = $_REQUEST['key']; +} else { + $Authorized = 0; +} +?> diff --git a/config.ini b/config.ini index 3c72881..9d4e0ed 100644 --- a/config.ini +++ b/config.ini @@ -1,4 +1,5 @@ [html] +instance_name = curload css = index.css favicon = favicon.svg diff --git a/config.php b/config.php index 92bbe27..20ee21d 100644 --- a/config.php +++ b/config.php @@ -1,37 +1,44 @@ diff --git a/create-table.php b/create-table.php index c7fd391..50e43f6 100644 --- a/create-table.php +++ b/create-table.php @@ -1,51 +1,55 @@ exec( - "CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)" - ); +function createTables($sqlDB) { + $Database = new SQLite3($sqlDB); - /* keys table - * id (INTEGER PRIMARY KEY) - * key (TEXT) - * numberofuploads (INT) - * lastused (INT) - * issued (TEXT) - * ip (TEXT) - * useragent (TEXT) - */ - $Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + /* administrator table + * id (INTEGER PRIMARY KEY) + * key (TEXT) + * primary (INT) + * lastused (TEXT) + * issued (TEXT) + * ip (TEXT) + * useragent (TEXT) + */ + $Database->exec("CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, primary INT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); - /* temporary keys table - * id (INTEGER PRIMARY KEY) - * key (TEXT) - * numberofuploads (INT) - * uploadsleft (INT) - * lastused (TEXT) - * issued (TEXT) - * ip (TEXT) - * useragent (TEXT) - */ - $Database->exec("CREATE TABLE IF NOT EXISTS tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + /* keys table + * id (INTEGER PRIMARY KEY) + * key (TEXT) + * numberofuploads (INT) + * lastused (INT) + * issued (TEXT) + * ip (TEXT) + * useragent (TEXT) + */ + $Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); - /* uploads table - * id (INTEGER PRIMARY KEY) - * file (TEXT) - * uploaddate (TEXT) - * keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE) - * tempkey (INT) - */ - $Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, tempkey INT)"); + /* temporary keys table + * id (INTEGER PRIMARY KEY) + * key (TEXT) + * numberofuploads (INT) + * uploadsleft (INT) + * lastused (TEXT) + * issued (TEXT) + * ip (TEXT) + * useragent (TEXT) + */ + $Database->exec("CREATE TABLE IF NOT EXISTS tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); - return $Database; - } + /* uploads table + * id (INTEGER PRIMARY KEY) + * file (TEXT) + * uploaddate (TEXT) + * keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE) + * keytype (INT) + */ + $Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, keytype INT)"); + + return $Database; +} ?> diff --git a/create.php b/create.php index 11c84cc..ac8953b 100644 --- a/create.php +++ b/create.php @@ -30,7 +30,7 @@ } if ($Type == "Admin") { - addAdminKey($Data); + addAdminKey($Key, $Data, 0); } else if ($Type == "Temporary") { addTempKey($Key, $Data, $Uploads); } else if ($Type == "Key") { diff --git a/index.php b/index.php index 4ae4ba0..8cd8258 100644 --- a/index.php +++ b/index.php @@ -4,51 +4,37 @@ * Licensed under the GNU Affero General Public License version 3.0 */ -function printHeader($title, $description, $Icon, $Stylesheet) { - print "\n"; - print "\n"; - print "\t\n"; - print "\t\t\n"; - print "\t\t\n"; - print "\t\t\n"; - print "\t\t\n"; - print "\t\t$title\n"; - print "\t\n"; - print "\t\n"; - print "\t\t
\n"; -} +include "config.php"; -function printFooter() { - print "\t\t
\n"; - print "\t\n"; - print "\n"; -} +$html .= "\n"; +$html .= "\n"; +$html .= "\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t\n"; +$html .= "\t\t$primaryTitle\n"; +$html .= "\t\n"; +$html .= "\t\n"; +$html .= "\t\t
\n"; -function initServer() { -} +$html .= "\t\t\t

speedie's super awesome file uploader junk

\n"; +$html .= "\t\t\t
Select file to upload


\n"; +$html .= "\t\t\t

Max file size: $maxFileSize MB

\n"; +$html .= "\t\t\tsource code\n"; +$html .= "\t\t\t

oops i leaked admin tools

\n"; +$html .= "\t\t\t
\n"; +$html .= "\t\t\t\t\n"; +$html .= "\t\t\t\t\n"; +$html .= "\t\t\t\t\n"; +$html .= "\t\t\t\t\n"; +$html .= "\t\t\t\t\n"; +$html .= "\t\t\t
\n"; -function main() { - include "config.php"; +$html .= "\t\t
\n"; +$html .= "\t\n"; +$html .= "\n"; - printHeader("curload", "Simply upload files", $Icon, $Stylesheet); - - print "\t\t\t

speedie's super awesome file uploader junk

\n"; - print "\t\t\t
Select file to upload


\n"; - print "\t\t\t

Max file size: $maxFileSize MB

\n"; - print "\t\t\tsource code\n"; - - print "\t\t\t

oops i leaked admin tools

\n"; - print "\t\t\t
\n"; - print "\t\t\t\t\n"; - print "\t\t\t\t\n"; - print "\t\t\t\t\n"; - print "\t\t\t\t\n"; - print "\t\t\t\t\n"; - print "\t\t\t
\n"; - - printFooter(); -} - -main(); +print "$html"; ?> diff --git a/upload.php b/upload.php index 5233b86..40c703e 100644 --- a/upload.php +++ b/upload.php @@ -1,31 +1,111 @@ query('SELECT * FROM keys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "") { + $id = $line['id']; + $keyID = $id; + $numberOfUploads = $line['numberofuploads'] + 1; + $lastUsed = date($dateFormat); + + $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); + $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'"); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'"); + } + + $Authorized = 1; + $keyType = 0; + break; + } } - $Status = 0; - $Authorized = 0; - $tempKeyUsed = 0; - $uploadLimit = $maxFileSize * 1000000; - $keyID = 0; - $self = dirname($_SERVER['PHP_SELF']); + if ($Authorized != 1) { + $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0) { + $uploadsLeft = $line['uploadsleft'] - 1; + $numberOfUploads = $line['numberofuploads'] + 1; + $lastUsed = date($dateFormat); + $id = $line['id']; + $keyID = $id; - if (!isset($_FILES['file']['name'])) { - print "You didn't specify a file."; - die(); + $Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'"); + $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); + $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'"); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'"); + } + + $Authorized = 1; + $keyType = 1; + break; + } + } } - // init database - if ($sql == "true" || $sql) { - $Database = createTables($sqlDB); + // maybe admin? + if ($Authorized != 1) { + $DatabaseQuery = $Database->query('SELECT * FROM admins'); - $DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { if ($line['key'] == $Key && $Key != "" && $line['key'] != "") { $id = $line['id']; @@ -54,138 +134,98 @@ } $Authorized = 1; - $tempKeyUsed = 0; + $keyType = 2; break; } } + } +} else { // no sql version + // All normal keys will be considered valid + if (file_exists($keyFile)) { + $validKeys = explode("\n", file_get_contents($keyFile)); + } else { // one master key must exist + print("Error: No valid keys found."); + die(); + } - if ($Authorized != 1) { - $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); - while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0) { - $uploadsLeft = $line['uploadsleft'] - 1; - $numberOfUploads = $line['numberofuploads'] + 1; - $lastUsed = date($dateFormat); - $id = $line['id']; - $keyID = $id; + foreach ($validKeys as $ValidKey) { + if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { + $Authorized = 1; + $keyType = 0; - $Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'"); - $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); - $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); - - if ($storeIP || $storeIP == "true") { - if (!empty($_SERVER['HTTP_CLIENT_IP'])) { - $ip = $_SERVER['HTTP_CLIENT_IP']; - } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; - } else { - $ip = $_SERVER['REMOTE_ADDR']; - } - - $Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'"); - } - - if ($storeAgent || $storeAgent == "true") { - $userAgent = $_SERVER['HTTP_USER_AGENT']; - $Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'"); - } - - $Authorized = 1; - $tempKeyUsed = 1; - break; - } - } - } - } else { // no sql version - // All normal keys will be considered valid - if (file_exists($keyFile)) { - $validKeys = explode("\n", file_get_contents($keyFile)); - } else { // one master key must exist - print("Error: No valid keys found."); - die(); + break; } + } - foreach ($validKeys as $ValidKey) { + // Temporary keys as well + if (file_exists($tempKeyFile)) { + $tempValidKeys = explode("\n", file_get_contents($tempKeyFile)); + + foreach ($tempValidKeys as $ValidKey) { if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { $Authorized = 1; - $tempKeyUsed = 0; + $keyType = 1; // key should be considered invalid after this use. break; } } - - // Temporary keys as well - if (file_exists($tempKeyFile)) { - $tempValidKeys = explode("\n", file_get_contents($tempKeyFile)); - - foreach ($tempValidKeys as $ValidKey) { - if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { - $Authorized = 1; - $tempKeyUsed = 1; // key should be considered invalid after this use. - - break; - } - } - } } +} - // Not an authorized key - if ($Authorized == 0) { - print "Not authorized: Key '$Key' is invalid."; - die(); +// Not an authorized key +if ($Authorized == 0) { + print "Not authorized: Key '$Key' is invalid."; + die(); +} + +if ($_FILES['file']['size'] > $uploadLimit) { + print "File is too big. Max file size is $maxFileSize" . "MB"; + die(); +} + +if (!is_dir($uploadDir)) { + mkdir($uploadDir, 0777, true); +} + +$destinationFile = $uploadDir . basename($_FILES['file']['name']); + +if (file_exists($destinationFile)) { // rename file to distinguish it from existing file + $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); + if (isset($fileExtension)) { + $extension = "." . $fileExtension; } + $destinationFile = $uploadDir . rand(1000,100000) . $extension; - if ($_FILES['file']['size'] > $uploadLimit) { - print "File is too big. Max file size is $maxFileSize" . "MB"; - die(); - } - - if (!is_dir($uploadDir)) { - mkdir($uploadDir, 0777, true); - } - - $destinationFile = $uploadDir . basename($_FILES['file']['name']); - - if (file_exists($destinationFile)) { // rename file to distinguish it from existing file - $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); - if (isset($fileExtension)) { - $extension = "." . $fileExtension; - } - $destinationFile = $uploadDir . rand(1000,100000) . $extension; - - if (file_exists($destinationFile)) { // wtf - print "Failed to upload file."; - die(); - } - } - - if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { - $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; - - if ($sql || $sql == "true") { - $lastUsed = date($dateFormat); - $DatabaseQuery = $Database->query('SELECT * FROM uploads'); - $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, tempkey) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$tempKeyUsed')"); - } - - if ($tempKeyUsed) { // Remove temporary key - $file = file_get_contents($tempKeyFile); - $file = preg_replace("/\b$Key\b/", "", $file); - file_put_contents($tempKeyFile, $file); - } - - print "$uploadedFile"; - - if (isset($_REQUEST['web'])) { // redirect back to index - print "

Your link

\n"; - die(); - } - } else { + if (file_exists($destinationFile)) { // wtf print "Failed to upload file."; - - if ($_FILES['file']['error'] == 1) { - print "Is the upload_max_filesize set up properly?"; - } die(); } +} + +if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { + $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; + + if ($sql || $sql == "true") { + $lastUsed = date($dateFormat); + $DatabaseQuery = $Database->query('SELECT * FROM uploads'); + $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')"); + } + + if ($keyType == 1) { // Remove temporary key + $file = file_get_contents($tempKeyFile); + $file = preg_replace("/\b$Key\b/", "", $file); + file_put_contents($tempKeyFile, $file); + } + + print "$uploadedFile"; + + if (isset($_REQUEST['web'])) { // redirect back to index + print "

Your link

\n"; + die(); + } +} else { + print "Failed to upload file."; + print $_FILES['file']['error']; + die(); +} ?>