Change some basic things
This commit is contained in:
parent
2ab18cfe2e
commit
9907eb9b72
161
add-keys.php
161
add-keys.php
|
@ -1,97 +1,98 @@
|
|||
<?php
|
||||
include "create-table.php";
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
function getIPAddress() {
|
||||
include "config.php";
|
||||
include "create-table.php";
|
||||
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
} else {
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
function getIPAddress() {
|
||||
include "config.php";
|
||||
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
} else {
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
}
|
||||
|
||||
function getUserAgent() {
|
||||
return $_SERVER['HTTP_USER_AGENT'];
|
||||
}
|
||||
|
||||
// TODO: Hash passwords
|
||||
function addKey($adminKey, $Value) {
|
||||
include "config.php";
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
|
||||
$numberOfUploads = 0;
|
||||
$lastUsed = date($dateFormat);
|
||||
$Issued = date($dateFormat);
|
||||
$ip = "";
|
||||
$userAgent = "";
|
||||
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = getUserAgent();
|
||||
}
|
||||
|
||||
function getUserAgent() {
|
||||
return $_SERVER['HTTP_USER_AGENT'];
|
||||
if ($storeIP || $storeIP == "true") {
|
||||
$ip = getIPAddress();
|
||||
}
|
||||
|
||||
// TODO: Hash passwords
|
||||
function addKey($adminKey, $Value) {
|
||||
include "config.php";
|
||||
$Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
||||
}
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
function addTempKey($adminKey, $Value, $uploadsLeft) {
|
||||
include "config.php";
|
||||
|
||||
$numberOfUploads = 0;
|
||||
$lastUsed = date($dateFormat);
|
||||
$Issued = date($dateFormat);
|
||||
$ip = "";
|
||||
$userAgent = "";
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
|
||||
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = getUserAgent();
|
||||
}
|
||||
$numberOfUploads = 0;
|
||||
$lastUsed = date($dateFormat);
|
||||
$Issued = date($dateFormat);
|
||||
$ip = "";
|
||||
$userAgent = "";
|
||||
|
||||
if ($storeIP || $storeIP == "true") {
|
||||
$ip = getIPAddress();
|
||||
}
|
||||
|
||||
$Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = getUserAgent();
|
||||
}
|
||||
|
||||
function addTempKey($adminKey, $Value, $uploadsLeft) {
|
||||
include "config.php";
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
|
||||
|
||||
$numberOfUploads = 0;
|
||||
$lastUsed = date($dateFormat);
|
||||
$Issued = date($dateFormat);
|
||||
$ip = "";
|
||||
$userAgent = "";
|
||||
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = getUserAgent();
|
||||
}
|
||||
|
||||
if ($storeIP || $storeIP == "true") {
|
||||
$ip = getIPAddress();
|
||||
}
|
||||
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
||||
}
|
||||
|
||||
$Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
||||
if ($storeIP || $storeIP == "true") {
|
||||
$ip = getIPAddress();
|
||||
}
|
||||
|
||||
// TEMPORARY FUNCTION: TO BE REMOVED
|
||||
function addAdminKey($Value) {
|
||||
include "config.php";
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||
|
||||
$lastUsed = date($dateFormat);
|
||||
$Issued = date($dateFormat);
|
||||
$ip = "";
|
||||
$userAgent = "";
|
||||
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = getUserAgent();
|
||||
}
|
||||
|
||||
if ($storeIP || $storeIP == "true") {
|
||||
$ip = getIPAddress();
|
||||
}
|
||||
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
||||
}
|
||||
|
||||
$Database->exec("INSERT INTO admins(id, key, lastused, issued, ip, useragent) VALUES('$Value', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
||||
}
|
||||
|
||||
$Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
||||
}
|
||||
|
||||
function addAdminKey($adminKey, $Value, $Primary) {
|
||||
include "config.php";
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
|
||||
$numberOfUploads = 0;
|
||||
$lastUsed = date($dateFormat);
|
||||
$Issued = date($dateFormat);
|
||||
$ip = "";
|
||||
$userAgent = "";
|
||||
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = getUserAgent();
|
||||
}
|
||||
|
||||
if ($storeIP || $storeIP == "true") {
|
||||
$ip = getIPAddress();
|
||||
}
|
||||
|
||||
$Database->exec("INSERT INTO admins(key, primary, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
||||
}
|
||||
?>
|
||||
|
|
31
admin.php
Normal file
31
admin.php
Normal file
|
@ -0,0 +1,31 @@
|
|||
<?php
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
include "config.php"?;
|
||||
include "create-table.php";
|
||||
|
||||
$Authorized = 0;
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||
|
||||
$html .= "<!DOCTYPE html>\n";
|
||||
$html .= "<html>\n";
|
||||
$html .= "\t<head>\n";
|
||||
$html .= "\t\t<meta name=\"description\" content=\"Site administration\">\n";
|
||||
$html .= "\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n";
|
||||
$html .= "\t\t<link rel=\"icon\" href=\"$Icon\" />\n";
|
||||
$html .= "\t\t<link type=\"text/css\" rel=\"stylesheet\" href=\"$Stylesheet\"/>\n";
|
||||
$html .= "\t\t<title>Administration - $instanceName</title>\n";
|
||||
$html .= "\t</head>\n";
|
||||
$html .= "\t<body>\n";
|
||||
$html .= "\t\t<div class=\"content\">\n";
|
||||
|
||||
if (isset($_REQUEST['key'])) {
|
||||
$Key = $_REQUEST['key'];
|
||||
} else {
|
||||
$Authorized = 0;
|
||||
}
|
||||
?>
|
|
@ -1,4 +1,5 @@
|
|||
[html]
|
||||
instance_name = curload
|
||||
css = index.css
|
||||
favicon = favicon.svg
|
||||
|
||||
|
|
71
config.php
71
config.php
|
@ -1,37 +1,44 @@
|
|||
<?php
|
||||
$Stylesheet = "index.css";
|
||||
$Icon = "favicon.svg";
|
||||
$uploadDir = "uploads/";
|
||||
$keyFile = "passwords.txt";
|
||||
$tempKeyFile = "temporary_passwords.txt";
|
||||
$maxFileSize = "100";
|
||||
$sql = true;
|
||||
$sqlDB = "curload.db";
|
||||
$storeIP = true;
|
||||
$storeAgent = true;
|
||||
$storeIssued = true;
|
||||
$storeLastUsage = true;
|
||||
$dateFormat = "Y/m/d";
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
define('CONFIG_FILE', 'config.ini');
|
||||
$Stylesheet = "index.css";
|
||||
$Icon = "favicon.svg";
|
||||
$uploadDir = "uploads/";
|
||||
$keyFile = "passwords.txt";
|
||||
$tempKeyFile = "temporary_passwords.txt";
|
||||
$maxFileSize = "100";
|
||||
$sql = true;
|
||||
$sqlDB = "curload.db";
|
||||
$storeIP = true;
|
||||
$storeAgent = true;
|
||||
$storeIssued = true;
|
||||
$storeLastUsage = true;
|
||||
$dateFormat = "Y/m/d";
|
||||
$instanceName = "curload";
|
||||
|
||||
if (!file_exists(CONFIG_FILE)) {
|
||||
return;
|
||||
}
|
||||
define('CONFIG_FILE', 'config.ini');
|
||||
|
||||
/* load config file */
|
||||
$configEntries = parse_ini_file(CONFIG_FILE);
|
||||
$Stylesheet = $configEntries['css'];
|
||||
$Icon = $configEntries['favicon'];
|
||||
$uploadDir = $configEntries['upload_dir'];
|
||||
$keyFile = $configEntries['key_file'];
|
||||
$tempKeyFile = $configEntries['temp_key_file'];
|
||||
$maxFileSize = $configEntries['max_size'];
|
||||
$sql = $configEntries['sql'];
|
||||
$sqlDB = $configEntries['sqldb'];
|
||||
$storeIP = $configEntries['store_ip'];
|
||||
$storeAgent = $configEntries['store_user_agent'];
|
||||
$storeIssued = $configEntries['store_issued'];
|
||||
$storeLastUsage = $configEntries['store_last_usage'];
|
||||
$dateFormat = $configEntries['date_format'];
|
||||
if (!file_exists(CONFIG_FILE)) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* load config file */
|
||||
$configEntries = parse_ini_file(CONFIG_FILE);
|
||||
$Stylesheet = $configEntries['css'];
|
||||
$Icon = $configEntries['favicon'];
|
||||
$uploadDir = $configEntries['upload_dir'];
|
||||
$keyFile = $configEntries['key_file'];
|
||||
$tempKeyFile = $configEntries['temp_key_file'];
|
||||
$maxFileSize = $configEntries['max_size'];
|
||||
$sql = $configEntries['sql'];
|
||||
$sqlDB = $configEntries['sqldb'];
|
||||
$storeIP = $configEntries['store_ip'];
|
||||
$storeAgent = $configEntries['store_user_agent'];
|
||||
$storeIssued = $configEntries['store_issued'];
|
||||
$storeLastUsage = $configEntries['store_last_usage'];
|
||||
$dateFormat = $configEntries['date_format'];
|
||||
$instanceName = $configEntries['instance_name'];
|
||||
?>
|
||||
|
|
|
@ -1,51 +1,55 @@
|
|||
<?php
|
||||
function createTables($sqlDB) {
|
||||
$Database = new SQLite3($sqlDB);
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
/* administrator table
|
||||
* id (INTEGER PRIMARY KEY)
|
||||
* key (TEXT)
|
||||
* lastused (TEXT)
|
||||
* issued (TEXT)
|
||||
* ip (TEXT)
|
||||
* useragent (TEXT)
|
||||
*/
|
||||
$Database->exec(
|
||||
"CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"
|
||||
);
|
||||
function createTables($sqlDB) {
|
||||
$Database = new SQLite3($sqlDB);
|
||||
|
||||
/* keys table
|
||||
* id (INTEGER PRIMARY KEY)
|
||||
* key (TEXT)
|
||||
* numberofuploads (INT)
|
||||
* lastused (INT)
|
||||
* issued (TEXT)
|
||||
* ip (TEXT)
|
||||
* useragent (TEXT)
|
||||
*/
|
||||
$Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
|
||||
/* administrator table
|
||||
* id (INTEGER PRIMARY KEY)
|
||||
* key (TEXT)
|
||||
* primary (INT)
|
||||
* lastused (TEXT)
|
||||
* issued (TEXT)
|
||||
* ip (TEXT)
|
||||
* useragent (TEXT)
|
||||
*/
|
||||
$Database->exec("CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, primary INT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
|
||||
|
||||
/* temporary keys table
|
||||
* id (INTEGER PRIMARY KEY)
|
||||
* key (TEXT)
|
||||
* numberofuploads (INT)
|
||||
* uploadsleft (INT)
|
||||
* lastused (TEXT)
|
||||
* issued (TEXT)
|
||||
* ip (TEXT)
|
||||
* useragent (TEXT)
|
||||
*/
|
||||
$Database->exec("CREATE TABLE IF NOT EXISTS tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
|
||||
/* keys table
|
||||
* id (INTEGER PRIMARY KEY)
|
||||
* key (TEXT)
|
||||
* numberofuploads (INT)
|
||||
* lastused (INT)
|
||||
* issued (TEXT)
|
||||
* ip (TEXT)
|
||||
* useragent (TEXT)
|
||||
*/
|
||||
$Database->exec("CREATE TABLE IF NOT EXISTS keys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
|
||||
|
||||
/* uploads table
|
||||
* id (INTEGER PRIMARY KEY)
|
||||
* file (TEXT)
|
||||
* uploaddate (TEXT)
|
||||
* keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE)
|
||||
* tempkey (INT)
|
||||
*/
|
||||
$Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, tempkey INT)");
|
||||
/* temporary keys table
|
||||
* id (INTEGER PRIMARY KEY)
|
||||
* key (TEXT)
|
||||
* numberofuploads (INT)
|
||||
* uploadsleft (INT)
|
||||
* lastused (TEXT)
|
||||
* issued (TEXT)
|
||||
* ip (TEXT)
|
||||
* useragent (TEXT)
|
||||
*/
|
||||
$Database->exec("CREATE TABLE IF NOT EXISTS tkeys(id INTEGER PRIMARY KEY, key TEXT, numberofuploads INT, uploadsleft INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)");
|
||||
|
||||
return $Database;
|
||||
}
|
||||
/* uploads table
|
||||
* id (INTEGER PRIMARY KEY)
|
||||
* file (TEXT)
|
||||
* uploaddate (TEXT)
|
||||
* keyid (INT) (THIS IS THE ID OF THE KEY USED TO UPLOAD THE FILE)
|
||||
* keytype (INT)
|
||||
*/
|
||||
$Database->exec("CREATE TABLE IF NOT EXISTS uploads(id INTEGER PRIMARY KEY, file TEXT, uploaddate TEXT, keyid INT, keytype INT)");
|
||||
|
||||
return $Database;
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
}
|
||||
|
||||
if ($Type == "Admin") {
|
||||
addAdminKey($Data);
|
||||
addAdminKey($Key, $Data, 0);
|
||||
} else if ($Type == "Temporary") {
|
||||
addTempKey($Key, $Data, $Uploads);
|
||||
} else if ($Type == "Key") {
|
||||
|
|
70
index.php
70
index.php
|
@ -4,51 +4,37 @@
|
|||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
function printHeader($title, $description, $Icon, $Stylesheet) {
|
||||
print "<!DOCTYPE html>\n";
|
||||
print "<html>\n";
|
||||
print "\t<head>\n";
|
||||
print "\t\t<meta name=\"description\" content=\"$description\">\n";
|
||||
print "\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n";
|
||||
print "\t\t<link rel=\"icon\" href=\"$Icon\" />\n";
|
||||
print "\t\t<link type=\"text/css\" rel=\"stylesheet\" href=\"$Stylesheet\"/>\n";
|
||||
print "\t\t<title>$title</title>\n";
|
||||
print "\t</head>\n";
|
||||
print "\t<body>\n";
|
||||
print "\t\t<div class=\"content\">\n";
|
||||
}
|
||||
include "config.php";
|
||||
|
||||
function printFooter() {
|
||||
print "\t\t</div>\n";
|
||||
print "\t</body>\n";
|
||||
print "</html>\n";
|
||||
}
|
||||
$html .= "<!DOCTYPE html>\n";
|
||||
$html .= "<html>\n";
|
||||
$html .= "\t<head>\n";
|
||||
$html .= "\t\t<meta name=\"description\" content=\"$primaryTitle\">\n";
|
||||
$html .= "\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n";
|
||||
$html .= "\t\t<link rel=\"icon\" href=\"$Icon\" />\n";
|
||||
$html .= "\t\t<link type=\"text/css\" rel=\"stylesheet\" href=\"$Stylesheet\"/>\n";
|
||||
$html .= "\t\t<title>$primaryTitle</title>\n";
|
||||
$html .= "\t</head>\n";
|
||||
$html .= "\t<body>\n";
|
||||
$html .= "\t\t<div class=\"content\">\n";
|
||||
|
||||
function initServer() {
|
||||
}
|
||||
$html .= "\t\t\t<h1>speedie's super awesome file uploader junk</h1>\n";
|
||||
$html .= "\t\t\t<form action=\"upload.php\" method=\"post\" enctype=\"multipart/form-data\">Select file to upload<br><input type=\"file\" name=\"file\" id=\"file\"><br><input type=\"text\" name=\"key\" placeholder=\"Upload key here\"><br><input type=\"submit\" value=\"Upload selected file\" name=\"web\"></form>\n";
|
||||
$html .= "\t\t\t<p>Max file size: $maxFileSize MB</p>\n";
|
||||
$html .= "\t\t\t<a href=\"https://git.speedie.site/speedie/curload\">source code</a>\n";
|
||||
$html .= "\t\t\t<h2>oops i leaked admin tools</h2>\n";
|
||||
$html .= "\t\t\t<form action=\"create.php\" method=\"post\">\n";
|
||||
$html .= "\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"key name\">\n";
|
||||
$html .= "\t\t\t\t<input type=\"text\" name=\"type\" placeholder=\"type\">\n";
|
||||
$html .= "\t\t\t\t<input type=\"text\" name=\"key\" placeholder=\"admin key\">\n";
|
||||
$html .= "\t\t\t\t<input type=\"text\" name=\"uploads\" placeholder=\"max uploads\">\n";
|
||||
$html .= "\t\t\t\t<input type=\"submit\" value=\"make\">\n";
|
||||
$html .= "\t\t\t</form>\n";
|
||||
|
||||
function main() {
|
||||
include "config.php";
|
||||
$html .= "\t\t</div>\n";
|
||||
$html .= "\t</body>\n";
|
||||
$html .= "</html>\n";
|
||||
|
||||
printHeader("curload", "Simply upload files", $Icon, $Stylesheet);
|
||||
|
||||
print "\t\t\t<h1>speedie's super awesome file uploader junk</h1>\n";
|
||||
print "\t\t\t<form action=\"upload.php\" method=\"post\" enctype=\"multipart/form-data\">Select file to upload<br><input type=\"file\" name=\"file\" id=\"file\"><br><input type=\"text\" name=\"key\" placeholder=\"Upload key here\"><br><input type=\"submit\" value=\"Upload selected file\" name=\"web\"></form>\n";
|
||||
print "\t\t\t<p>Max file size: $maxFileSize MB</p>\n";
|
||||
print "\t\t\t<a href=\"https://git.speedie.site/speedie/curload\">source code</a>\n";
|
||||
|
||||
print "\t\t\t<h2>oops i leaked admin tools</h2>\n";
|
||||
print "\t\t\t<form action=\"create.php\" method=\"post\">\n";
|
||||
print "\t\t\t\t<input type=\"text\" name=\"data\" placeholder=\"key name\">\n";
|
||||
print "\t\t\t\t<input type=\"text\" name=\"type\" placeholder=\"type\">\n";
|
||||
print "\t\t\t\t<input type=\"text\" name=\"key\" placeholder=\"admin key\">\n";
|
||||
print "\t\t\t\t<input type=\"text\" name=\"uploads\" placeholder=\"max uploads\">\n";
|
||||
print "\t\t\t\t<input type=\"submit\" value=\"make\">\n";
|
||||
print "\t\t\t</form>\n";
|
||||
|
||||
printFooter();
|
||||
}
|
||||
|
||||
main();
|
||||
print "$html";
|
||||
|
||||
?>
|
||||
|
|
308
upload.php
308
upload.php
|
@ -1,31 +1,111 @@
|
|||
<?php
|
||||
include "config.php";
|
||||
include "create-table.php";
|
||||
/* curload
|
||||
* Simple file uploading using POST requests and temporary keys
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
if (isset($_REQUEST['key'])) {
|
||||
$Key = $_REQUEST['key'];
|
||||
} else {
|
||||
print "No key specified.";
|
||||
die();
|
||||
include "config.php";
|
||||
include "create-table.php";
|
||||
|
||||
if (isset($_REQUEST['key'])) {
|
||||
$Key = $_REQUEST['key'];
|
||||
} else {
|
||||
print "No key specified.";
|
||||
die();
|
||||
}
|
||||
|
||||
$Status = 0;
|
||||
$Authorized = 0;
|
||||
$keyType = 0;
|
||||
$uploadLimit = $maxFileSize * 1000000;
|
||||
$keyID = 0;
|
||||
$self = dirname($_SERVER['PHP_SELF']);
|
||||
|
||||
if (!isset($_FILES['file']['name'])) {
|
||||
print "You didn't specify a file.";
|
||||
die();
|
||||
}
|
||||
|
||||
// init database
|
||||
if ($sql == "true" || $sql) {
|
||||
$Database = createTables($sqlDB);
|
||||
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
|
||||
$id = $line['id'];
|
||||
$keyID = $id;
|
||||
$numberOfUploads = $line['numberofuploads'] + 1;
|
||||
$lastUsed = date($dateFormat);
|
||||
|
||||
$Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
|
||||
$Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
|
||||
|
||||
if ($storeIP || $storeIP == "true") {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
||||
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
||||
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
} else {
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
|
||||
$Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
|
||||
}
|
||||
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
||||
$Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
|
||||
}
|
||||
|
||||
$Authorized = 1;
|
||||
$keyType = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$Status = 0;
|
||||
$Authorized = 0;
|
||||
$tempKeyUsed = 0;
|
||||
$uploadLimit = $maxFileSize * 1000000;
|
||||
$keyID = 0;
|
||||
$self = dirname($_SERVER['PHP_SELF']);
|
||||
if ($Authorized != 1) {
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0) {
|
||||
$uploadsLeft = $line['uploadsleft'] - 1;
|
||||
$numberOfUploads = $line['numberofuploads'] + 1;
|
||||
$lastUsed = date($dateFormat);
|
||||
$id = $line['id'];
|
||||
$keyID = $id;
|
||||
|
||||
if (!isset($_FILES['file']['name'])) {
|
||||
print "You didn't specify a file.";
|
||||
die();
|
||||
$Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'");
|
||||
$Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'");
|
||||
$Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
|
||||
|
||||
if ($storeIP || $storeIP == "true") {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
||||
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
||||
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
} else {
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
|
||||
$Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'");
|
||||
}
|
||||
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
||||
$Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'");
|
||||
}
|
||||
|
||||
$Authorized = 1;
|
||||
$keyType = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// init database
|
||||
if ($sql == "true" || $sql) {
|
||||
$Database = createTables($sqlDB);
|
||||
// maybe admin?
|
||||
if ($Authorized != 1) {
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
|
||||
$id = $line['id'];
|
||||
|
@ -54,138 +134,98 @@
|
|||
}
|
||||
|
||||
$Authorized = 1;
|
||||
$tempKeyUsed = 0;
|
||||
$keyType = 2;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else { // no sql version
|
||||
// All normal keys will be considered valid
|
||||
if (file_exists($keyFile)) {
|
||||
$validKeys = explode("\n", file_get_contents($keyFile));
|
||||
} else { // one master key must exist
|
||||
print("Error: No valid keys found.");
|
||||
die();
|
||||
}
|
||||
|
||||
if ($Authorized != 1) {
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0) {
|
||||
$uploadsLeft = $line['uploadsleft'] - 1;
|
||||
$numberOfUploads = $line['numberofuploads'] + 1;
|
||||
$lastUsed = date($dateFormat);
|
||||
$id = $line['id'];
|
||||
$keyID = $id;
|
||||
foreach ($validKeys as $ValidKey) {
|
||||
if ($Key == $ValidKey && $Key != "" && $ValidKey != "") {
|
||||
$Authorized = 1;
|
||||
$keyType = 0;
|
||||
|
||||
$Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'");
|
||||
$Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'");
|
||||
$Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
|
||||
|
||||
if ($storeIP || $storeIP == "true") {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
||||
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
||||
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
} else {
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
|
||||
$Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'");
|
||||
}
|
||||
|
||||
if ($storeAgent || $storeAgent == "true") {
|
||||
$userAgent = $_SERVER['HTTP_USER_AGENT'];
|
||||
$Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'");
|
||||
}
|
||||
|
||||
$Authorized = 1;
|
||||
$tempKeyUsed = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else { // no sql version
|
||||
// All normal keys will be considered valid
|
||||
if (file_exists($keyFile)) {
|
||||
$validKeys = explode("\n", file_get_contents($keyFile));
|
||||
} else { // one master key must exist
|
||||
print("Error: No valid keys found.");
|
||||
die();
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($validKeys as $ValidKey) {
|
||||
// Temporary keys as well
|
||||
if (file_exists($tempKeyFile)) {
|
||||
$tempValidKeys = explode("\n", file_get_contents($tempKeyFile));
|
||||
|
||||
foreach ($tempValidKeys as $ValidKey) {
|
||||
if ($Key == $ValidKey && $Key != "" && $ValidKey != "") {
|
||||
$Authorized = 1;
|
||||
$tempKeyUsed = 0;
|
||||
$keyType = 1; // key should be considered invalid after this use.
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// Temporary keys as well
|
||||
if (file_exists($tempKeyFile)) {
|
||||
$tempValidKeys = explode("\n", file_get_contents($tempKeyFile));
|
||||
|
||||
foreach ($tempValidKeys as $ValidKey) {
|
||||
if ($Key == $ValidKey && $Key != "" && $ValidKey != "") {
|
||||
$Authorized = 1;
|
||||
$tempKeyUsed = 1; // key should be considered invalid after this use.
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Not an authorized key
|
||||
if ($Authorized == 0) {
|
||||
print "Not authorized: Key '$Key' is invalid.";
|
||||
die();
|
||||
// Not an authorized key
|
||||
if ($Authorized == 0) {
|
||||
print "Not authorized: Key '$Key' is invalid.";
|
||||
die();
|
||||
}
|
||||
|
||||
if ($_FILES['file']['size'] > $uploadLimit) {
|
||||
print "File is too big. Max file size is $maxFileSize" . "MB";
|
||||
die();
|
||||
}
|
||||
|
||||
if (!is_dir($uploadDir)) {
|
||||
mkdir($uploadDir, 0777, true);
|
||||
}
|
||||
|
||||
$destinationFile = $uploadDir . basename($_FILES['file']['name']);
|
||||
|
||||
if (file_exists($destinationFile)) { // rename file to distinguish it from existing file
|
||||
$fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION));
|
||||
if (isset($fileExtension)) {
|
||||
$extension = "." . $fileExtension;
|
||||
}
|
||||
$destinationFile = $uploadDir . rand(1000,100000) . $extension;
|
||||
|
||||
if ($_FILES['file']['size'] > $uploadLimit) {
|
||||
print "File is too big. Max file size is $maxFileSize" . "MB";
|
||||
die();
|
||||
}
|
||||
|
||||
if (!is_dir($uploadDir)) {
|
||||
mkdir($uploadDir, 0777, true);
|
||||
}
|
||||
|
||||
$destinationFile = $uploadDir . basename($_FILES['file']['name']);
|
||||
|
||||
if (file_exists($destinationFile)) { // rename file to distinguish it from existing file
|
||||
$fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION));
|
||||
if (isset($fileExtension)) {
|
||||
$extension = "." . $fileExtension;
|
||||
}
|
||||
$destinationFile = $uploadDir . rand(1000,100000) . $extension;
|
||||
|
||||
if (file_exists($destinationFile)) { // wtf
|
||||
print "Failed to upload file.";
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
|
||||
$uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile;
|
||||
|
||||
if ($sql || $sql == "true") {
|
||||
$lastUsed = date($dateFormat);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
|
||||
$Database->exec("INSERT INTO uploads(file, uploaddate, keyid, tempkey) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$tempKeyUsed')");
|
||||
}
|
||||
|
||||
if ($tempKeyUsed) { // Remove temporary key
|
||||
$file = file_get_contents($tempKeyFile);
|
||||
$file = preg_replace("/\b$Key\b/", "", $file);
|
||||
file_put_contents($tempKeyFile, $file);
|
||||
}
|
||||
|
||||
print "$uploadedFile";
|
||||
|
||||
if (isset($_REQUEST['web'])) { // redirect back to index
|
||||
print "<p><a href=\"$uploadedFile\">Your link</a></p>\n";
|
||||
die();
|
||||
}
|
||||
} else {
|
||||
if (file_exists($destinationFile)) { // wtf
|
||||
print "Failed to upload file.";
|
||||
|
||||
if ($_FILES['file']['error'] == 1) {
|
||||
print "Is the upload_max_filesize set up properly?";
|
||||
}
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
|
||||
$uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile;
|
||||
|
||||
if ($sql || $sql == "true") {
|
||||
$lastUsed = date($dateFormat);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
|
||||
$Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')");
|
||||
}
|
||||
|
||||
if ($keyType == 1) { // Remove temporary key
|
||||
$file = file_get_contents($tempKeyFile);
|
||||
$file = preg_replace("/\b$Key\b/", "", $file);
|
||||
file_put_contents($tempKeyFile, $file);
|
||||
}
|
||||
|
||||
print "$uploadedFile";
|
||||
|
||||
if (isset($_REQUEST['web'])) { // redirect back to index
|
||||
print "<p><a href=\"$uploadedFile\">Your link</a></p>\n";
|
||||
die();
|
||||
}
|
||||
} else {
|
||||
print "Failed to upload file.";
|
||||
print $_FILES['file']['error'];
|
||||
die();
|
||||
}
|
||||
?>
|
||||
|
|
Loading…
Reference in a new issue