speedie/keyload
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Change some basic things

Browse source
This commit is contained in:
Jacob 2023-09-29 21:29:29 +02:00
parent 2ab18cfe2e
commit 9907eb9b72
8 changed files with 403 additions and 333 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
add-keys.php
View file

@ -1,7 +1,12 @@
<?php <?php
include "create-table.php"; /* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
*/
function getIPAddress() { include "create-table.php";
function getIPAddress() {
include "config.php"; include "config.php";
if (!empty($_SERVER['HTTP_CLIENT_IP'])) { if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
@ -11,14 +16,14 @@
} else { } else {
return $_SERVER['REMOTE_ADDR']; return $_SERVER['REMOTE_ADDR'];
} }
} }
function getUserAgent() { function getUserAgent() {
return $_SERVER['HTTP_USER_AGENT']; return $_SERVER['HTTP_USER_AGENT'];
} }
// TODO: Hash passwords // TODO: Hash passwords
function addKey($adminKey, $Value) { function addKey($adminKey, $Value) {
include "config.php"; include "config.php";
$Database = createTables($sqlDB); $Database = createTables($sqlDB);
@ -39,9 +44,9 @@
} }
$Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); $Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')");
} }
function addTempKey($adminKey, $Value, $uploadsLeft) { function addTempKey($adminKey, $Value, $uploadsLeft) {
include "config.php"; include "config.php";
$Database = createTables($sqlDB); $Database = createTables($sqlDB);
@ -66,15 +71,15 @@
} }
$Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); $Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')");
} }
// TEMPORARY FUNCTION: TO BE REMOVED function addAdminKey($adminKey, $Value, $Primary) {
function addAdminKey($Value) {
include "config.php"; include "config.php";
$Database = createTables($sqlDB); $Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM admins'); $DatabaseQuery = $Database->query('SELECT * FROM keys');
$numberOfUploads = 0;
$lastUsed = date($dateFormat); $lastUsed = date($dateFormat);
$Issued = date($dateFormat); $Issued = date($dateFormat);
$ip = ""; $ip = "";
@ -88,10 +93,6 @@
$ip = getIPAddress(); $ip = getIPAddress();
} }
if ($storeAgent || $storeAgent == "true") { $Database->exec("INSERT INTO admins(key, primary, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')");
$userAgent = $_SERVER['HTTP_USER_AGENT']; }
}
$Database->exec("INSERT INTO admins(id, key, lastused, issued, ip, useragent) VALUES('$Value', '$lastUsed', '$Issued', '$ip', '$userAgent')");
}
?> ?>

31
admin.php Normal file
View file

@ -0,0 +1,31 @@
<?php
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
*/
include "config.php"?;
include "create-table.php";
$Authorized = 0;
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM admins');
$html .= "<!DOCTYPE html>\n";
$html .= "<html>\n";
$html .= "\t<head>\n";
$html .= "\t\t<meta name=\"description\" content=\"Site administration\">\n";
$html .= "\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n";
$html .= "\t\t<link rel=\"icon\" href=\"$Icon\" />\n";
$html .= "\t\t<link type=\"text/css\" rel=\"stylesheet\" href=\"$Stylesheet\"/>\n";
$html .= "\t\t<title>Administration - $instanceName</title>\n";
$html .= "\t</head>\n";
$html .= "\t<body>\n";
$html .= "\t\t<div class=\"content\">\n";
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
} else {
$Authorized = 0;
}
?>

1
config.ini
View file

@ -1,4 +1,5 @@
[html] [html]
instance_name = curload
css = index.css css = index.css
favicon = favicon.svg favicon = favicon.svg

69
config.php
View file

@ -1,37 +1,44 @@
<?php <?php
$Stylesheet = "index.css"; /* curload
$Icon = "favicon.svg"; * Simple file uploading using POST requests and temporary keys
$uploadDir = "uploads/"; * Licensed under the GNU Affero General Public License version 3.0
$keyFile = "passwords.txt"; */
$tempKeyFile = "temporary_passwords.txt";
$maxFileSize = "100";
$sql = true;
$sqlDB = "curload.db";
$storeIP = true;
$storeAgent = true;
$storeIssued = true;
$storeLastUsage = true;
$dateFormat = "Y/m/d";
define('CONFIG_FILE', 'config.ini'); $Stylesheet = "index.css";
$Icon = "favicon.svg";
$uploadDir = "uploads/";
$keyFile = "passwords.txt";
$tempKeyFile = "temporary_passwords.txt";
$maxFileSize = "100";
$sql = true;
$sqlDB = "curload.db";
$storeIP = true;
$storeAgent = true;
$storeIssued = true;
$storeLastUsage = true;
$dateFormat = "Y/m/d";
$instanceName = "curload";
if (!file_exists(CONFIG_FILE)) { define('CONFIG_FILE', 'config.ini');
if (!file_exists(CONFIG_FILE)) {
return; return;
} }
/* load config file */ /* load config file */
$configEntries = parse_ini_file(CONFIG_FILE); $configEntries = parse_ini_file(CONFIG_FILE);
$Stylesheet = $configEntries['css']; $Stylesheet = $configEntries['css'];
$Icon = $configEntries['favicon']; $Icon = $configEntries['favicon'];
$uploadDir = $configEntries['upload_dir']; $uploadDir = $configEntries['upload_dir'];
$keyFile = $configEntries['key_file']; $keyFile = $configEntries['key_file'];
$tempKeyFile = $configEntries['temp_key_file']; $tempKeyFile = $configEntries['temp_key_file'];
$maxFileSize = $configEntries['max_size']; $maxFileSize = $configEntries['max_size'];
$sql = $configEntries['sql']; $sql = $configEntries['sql'];
$sqlDB = $configEntries['sqldb']; $sqlDB = $configEntries['sqldb'];
$storeIP = $configEntries['store_ip']; $storeIP = $configEntries['store_ip'];
$storeAgent = $configEntries['store_user_agent']; $storeAgent = $configEntries['store_user_agent'];
$storeIssued = $configEntries['store_issued']; $storeIssued = $configEntries['store_issued'];
$storeLastUsage = $configEntries['store_last_usage']; $storeLastUsage = $configEntries['store_last_usage'];
$dateFormat = $configEntries['date_format']; $dateFormat = $configEntries['date_format'];
$instanceName = $configEntries['instance_name'];
?> ?>

18
create-table.php
View file

@ -1,18 +1,22 @@
<?php <?php
function createTables($sqlDB) { /* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
*/
function createTables($sqlDB) {
$Database = new SQLite3($sqlDB); $Database = new SQLite3($sqlDB);
/* administrator table /* administrator table
* id (INTEGER PRIMARY KEY) * id (INTEGER PRIMARY KEY)
* key (TEXT) * key (TEXT)
* primary (INT)
* lastused (TEXT) * lastused (TEXT)
* issued (TEXT) * issued (TEXT)
* ip (TEXT) * ip (TEXT)
* useragent (TEXT) * useragent (TEXT)
*/ */
$Database->exec( $Database->exec("CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, primary INT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
"CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"
);
/* keys table /* keys table
* id (INTEGER PRIMARY KEY) * id (INTEGER PRIMARY KEY)
@ -42,10 +46,10 @@
* file (TEXT) * file (TEXT)
* uploaddate (TEXT) * uploaddate (TEXT)
* keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE) * keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE)
* tempkey (INT) * keytype (INT)
*/ */
$Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, tempkey INT)"); $Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, keytype INT)");
return $Database; return $Database;
} }
?> ?>

2
create.php
View file

@ -30,7 +30,7 @@
} }
if ($Type == "Admin") { if ($Type == "Admin") {
addAdminKey($Data); addAdminKey($Key, $Data, 0);
} else if ($Type == "Temporary") { } else if ($Type == "Temporary") {
addTempKey($Key, $Data, $Uploads); addTempKey($Key, $Data, $Uploads);
} else if ($Type == "Key") { } else if ($Type == "Key") {

70
index.php
View file

@ -4,51 +4,37 @@
* Licensed under the GNU Affero General Public License version 3.0 * Licensed under the GNU Affero General Public License version 3.0
*/ */
function printHeader($title, $description, $Icon, $Stylesheet) { include "config.php";
print "<!DOCTYPE html>\n";
print "<html>\n";
print "\t<head>\n";
print "\t\t<meta name=\"description\" content=\"$description\">\n";
print "\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n";
print "\t\t<link rel=\"icon\" href=\"$Icon\" />\n";
print "\t\t<link type=\"text/css\" rel=\"stylesheet\" href=\"$Stylesheet\"/>\n";
print "\t\t<title>$title</title>\n";
print "\t</head>\n";
print "\t<body>\n";
print "\t\t<div class=\"content\">\n";
}
function printFooter() { $html .= "<!DOCTYPE html>\n";
print "\t\t</div>\n"; $html .= "<html>\n";
print "\t</body>\n"; $html .= "\t<head>\n";
print "</html>\n"; $html .= "\t\t<meta name=\"description\" content=\"$primaryTitle\">\n";
} $html .= "\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n";
$html .= "\t\t<link rel=\"icon\" href=\"$Icon\" />\n";
$html .= "\t\t<link type=\"text/css\" rel=\"stylesheet\" href=\"$Stylesheet\"/>\n";
$html .= "\t\t<title>$primaryTitle</title>\n";
$html .= "\t</head>\n";
$html .= "\t<body>\n";
$html .= "\t\t<div class=\"content\">\n";
function initServer() { $html .= "\t\t\t<h1>speedie's super awesome file uploader junk</h1>\n";
} $html .= "\t\t\t<form action=\"upload.php\" method=\"post\" enctype=\"multipart/form-data\">Select file to upload<br><input type=\"file\" name=\"file\" id=\"file\"><br><input type=\"text\" name=\"key\" placeholder=\"Upload key here\"><br><input type=\"submit\" value=\"Upload selected file\" name=\"web\"></form>\n";
$html .= "\t\t\t<p>Max file size: $maxFileSize MB</p>\n";
$html .= "\t\t\t<a href=\"https://git.speedie.site/speedie/curload\">source code</a>\n";
$html .= "\t\t\t<h2>oops i leaked admin tools</h2>\n";
$html .= "\t\t\t<form action=\"create.php\" method=\"post\">\n";
$html .= "\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"key name\">\n";
$html .= "\t\t\t\t<input type=\"text\" name=\"type\" placeholder=\"type\">\n";
$html .= "\t\t\t\t<input type=\"text\" name=\"key\" placeholder=\"admin key\">\n";
$html .= "\t\t\t\t<input type=\"text\" name=\"uploads\" placeholder=\"max uploads\">\n";
$html .= "\t\t\t\t<input type=\"submit\" value=\"make\">\n";
$html .= "\t\t\t</form>\n";
function main() { $html .= "\t\t</div>\n";
include "config.php"; $html .= "\t</body>\n";
$html .= "</html>\n";
printHeader("curload", "Simply upload files", $Icon, $Stylesheet); print "$html";
print "\t\t\t<h1>speedie's super awesome file uploader junk</h1>\n";
print "\t\t\t<form action=\"upload.php\" method=\"post\" enctype=\"multipart/form-data\">Select file to upload<br><input type=\"file\" name=\"file\" id=\"file\"><br><input type=\"text\" name=\"key\" placeholder=\"Upload key here\"><br><input type=\"submit\" value=\"Upload selected file\" name=\"web\"></form>\n";
print "\t\t\t<p>Max file size: $maxFileSize MB</p>\n";
print "\t\t\t<a href=\"https://git.speedie.site/speedie/curload\">source code</a>\n";
print "\t\t\t<h2>oops i leaked admin tools</h2>\n";
print "\t\t\t<form action=\"create.php\" method=\"post\">\n";
print "\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"key name\">\n";
print "\t\t\t\t<input type=\"text\" name=\"type\" placeholder=\"type\">\n";
print "\t\t\t\t<input type=\"text\" name=\"key\" placeholder=\"admin key\">\n";
print "\t\t\t\t<input type=\"text\" name=\"uploads\" placeholder=\"max uploads\">\n";
print "\t\t\t\t<input type=\"submit\" value=\"make\">\n";
print "\t\t\t</form>\n";
printFooter();
}
main();
?> ?>

120
upload.php
View file

@ -1,28 +1,33 @@
<?php <?php
include "config.php"; /* curload
include "create-table.php"; * Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
*/
if (isset($_REQUEST['key'])) { include "config.php";
include "create-table.php";
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key']; $Key = $_REQUEST['key'];
} else { } else {
print "No key specified."; print "No key specified.";
die(); die();
} }
$Status = 0; $Status = 0;
$Authorized = 0; $Authorized = 0;
$tempKeyUsed = 0; $keyType = 0;
$uploadLimit = $maxFileSize * 1000000; $uploadLimit = $maxFileSize * 1000000;
$keyID = 0; $keyID = 0;
$self = dirname($_SERVER['PHP_SELF']); $self = dirname($_SERVER['PHP_SELF']);
if (!isset($_FILES['file']['name'])) { if (!isset($_FILES['file']['name'])) {
print "You didn't specify a file."; print "You didn't specify a file.";
die(); die();
} }
// init database // init database
if ($sql == "true" || $sql) { if ($sql == "true" || $sql) {
$Database = createTables($sqlDB); $Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM keys'); $DatabaseQuery = $Database->query('SELECT * FROM keys');
@ -54,7 +59,7 @@
} }
$Authorized = 1; $Authorized = 1;
$tempKeyUsed = 0; $keyType = 0;
break; break;
} }
} }
@ -91,12 +96,50 @@
} }
$Authorized = 1; $Authorized = 1;
$tempKeyUsed = 1; $keyType = 1;
break; break;
} }
} }
} }
} else { // no sql version
// maybe admin?
if ($Authorized != 1) {
$DatabaseQuery = $Database->query('SELECT * FROM admins');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
$id = $line['id'];
$keyID = $id;
$numberOfUploads = $line['numberofuploads'] + 1;
$lastUsed = date($dateFormat);
$Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
$Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
if ($storeIP || $storeIP == "true") {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
}
if ($storeAgent || $storeAgent == "true") {
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
}
$Authorized = 1;
$keyType = 2;
break;
}
}
}
} else { // no sql version
// All normal keys will be considered valid // All normal keys will be considered valid
if (file_exists($keyFile)) { if (file_exists($keyFile)) {
$validKeys = explode("\n", file_get_contents($keyFile)); $validKeys = explode("\n", file_get_contents($keyFile));
@ -108,7 +151,7 @@
foreach ($validKeys as $ValidKey) { foreach ($validKeys as $ValidKey) {
if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { if ($Key == $ValidKey && $Key != "" && $ValidKey != "") {
$Authorized = 1; $Authorized = 1;
$tempKeyUsed = 0; $keyType = 0;
break; break;
} }
@ -121,32 +164,32 @@
foreach ($tempValidKeys as $ValidKey) { foreach ($tempValidKeys as $ValidKey) {
if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { if ($Key == $ValidKey && $Key != "" && $ValidKey != "") {
$Authorized = 1; $Authorized = 1;
$tempKeyUsed = 1; // key should be considered invalid after this use. $keyType = 1; // key should be considered invalid after this use.
break; break;
} }
} }
} }
} }
// Not an authorized key // Not an authorized key
if ($Authorized == 0) { if ($Authorized == 0) {
print "Not authorized: Key '$Key' is invalid."; print "Not authorized: Key '$Key' is invalid.";
die(); die();
} }
if ($_FILES['file']['size'] > $uploadLimit) { if ($_FILES['file']['size'] > $uploadLimit) {
print "File is too big. Max file size is $maxFileSize" . "MB"; print "File is too big. Max file size is $maxFileSize" . "MB";
die(); die();
} }
if (!is_dir($uploadDir)) { if (!is_dir($uploadDir)) {
mkdir($uploadDir, 0777, true); mkdir($uploadDir, 0777, true);
} }
$destinationFile = $uploadDir . basename($_FILES['file']['name']); $destinationFile = $uploadDir . basename($_FILES['file']['name']);
if (file_exists($destinationFile)) { // rename file to distinguish it from existing file if (file_exists($destinationFile)) { // rename file to distinguish it from existing file
$fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION));
if (isset($fileExtension)) { if (isset($fileExtension)) {
$extension = "." . $fileExtension; $extension = "." . $fileExtension;
@ -157,18 +200,18 @@
print "Failed to upload file."; print "Failed to upload file.";
die(); die();
} }
} }
if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
$uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile;
if ($sql || $sql == "true") { if ($sql || $sql == "true") {
$lastUsed = date($dateFormat); $lastUsed = date($dateFormat);
$DatabaseQuery = $Database->query('SELECT * FROM uploads'); $DatabaseQuery = $Database->query('SELECT * FROM uploads');
$Database->exec("INSERT INTO uploads(file, uploaddate, keyid, tempkey) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$tempKeyUsed')"); $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')");
} }
if ($tempKeyUsed) { // Remove temporary key if ($keyType == 1) { // Remove temporary key
$file = file_get_contents($tempKeyFile); $file = file_get_contents($tempKeyFile);
$file = preg_replace("/\b$Key\b/", "", $file); $file = preg_replace("/\b$Key\b/", "", $file);
file_put_contents($tempKeyFile, $file); file_put_contents($tempKeyFile, $file);
@ -180,12 +223,9 @@
print "<p><a href=\"$uploadedFile\">Your link</a></p>\n"; print "<p><a href=\"$uploadedFile\">Your link</a></p>\n";
die(); die();
} }
} else { } else {
print "Failed to upload file."; print "Failed to upload file.";
print $_FILES['file']['error'];
if ($_FILES['file']['error'] == 1) {
print "Is the upload_max_filesize set up properly?";
}
die(); die();
} }
?> ?>