diff --git a/config.php b/config.php index 7d0bd0e..c0b498c 100644 --- a/config.php +++ b/config.php @@ -4,24 +4,26 @@ * Licensed under the GNU Affero General Public License version 3.0 */ -$Stylesheet = "index.css"; -$Icon = "favicon.svg"; -$uploadDir = "uploads/"; -$maxFileSize = "100"; -$sqlDB = "curload.db"; -$storeIP = true; -$storeAgent = true; -$storeIssued = true; -$storeLastUsage = true; -$storeUploads = true; -$publicUploading = false; -$renameDuplicates = true; -$replaceOriginal = false; -$dateFormat = "Y/m/d"; -$instanceName = "curload"; -$enableKeys = true; -$enableAdminKeys = true; -$enableTemporaryKeys = true; +$Stylesheet = "index.css"; +$Icon = "favicon.svg"; +$uploadDir = "uploads/"; +$maxFileSize = "100"; +$sqlDB = "curload.db"; +$storeIP = true; +$storeAgent = true; +$storeIssued = true; +$storeLastUsage = true; +$storeUploads = true; +$publicUploading = false; +$renameDuplicates = true; +$replaceOriginal = false; +$dateFormat = "Y/m/d"; +$instanceName = "curload"; +$enableKeys = true; +$enableAdminKeys = true; +$enableTemporaryKeys = true; +$enableUploadRemoval = true; +$enableKeyUploadRemoval = true; define('CONFIG_FILE', 'config.ini'); @@ -49,4 +51,6 @@ $replaceOriginal = $configEntries['replace_original']; $enableKeys = $configEntries['enable_keys']; $enableAdminKeys = $configEntries['enable_admin_keys']; $enableTemporaryKeys = $configEntries['enable_temporary_keys']; +$enableUploadRemoval = $configEntries['enable_upload_removal']; +$enableKeyUploadRemoval = $configEntries['enable_key_upload_removal']; ?> diff --git a/remove.php b/remove.php index 31fb0fa..aa63287 100644 --- a/remove.php +++ b/remove.php @@ -9,5 +9,74 @@ die(); } - // TODO: Functions that remove stuff + if (isset($_REQUEST['id'])) { + $fileID = $_REQUEST['id']; + } else { + print "No ID specified."; + die(); + } + + if (!$enableUploadRemoval || $enableUploadRemoval == "false") { + print "Uploads cannot be removed."; + die(); + } + + $FileToRemove = ""; + $AuthorizedRemoval = 0; + $fileUploadedByPrimary = 0; + + $Database = createTables($sqlDB); + $DatabaseQuery = $Database->query('SELECT * FROM uploads'); + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['id'] == $fileID) { // passed ID is a file that exists + + // check if our key is authorized to remove the file + if (($enableKeys || $enableKeys == "true") && ($enableKeyUploadRemoval || $enableKeyUploadRemoval == "true")) { + $keyDatabaseQuery = $Database->query('SELECT * FROM keys'); + + while ($kline = $keyDatabaseQuery->fetchArray()) { + if ($line['keyid'] == $kline['id']) { + $AuthorizedRemoval = 1; + break; + } + + } + } + + // check if the key is an admin key, automatically making it authorized to remove the file provided it wasn't uploaded by a primary admin + if ($AuthorizedRemoval != 1 && ($enableUploadRemoval || $enableUploadRemoval == "true")) { + $keyDatabaseQuery = $Database->query('SELECT * FROM admins'); + + // check if the file was uploaded by a primary admin + while ($kline = $keyDatabaseQuery->fetchArray()) { + if ($kline['key'] == $line['keyid']) { + $fileUploadedByPrimary = $kline['primaryadmin']; + } + } + + while ($kline = $keyDatabaseQuery->fetchArray()) { + if ($kline['key'] == $Key && $Key != "" && $kline['key'] != "") { // key = passed key + if (($fileUploadedByPrimary == 1 && $kline['primaryadmin'] == 1) || ($fileUploadedByPrimary == 0)) { // primary key passed and primary file OR non primary file + $AuthorizedRemoval = 1; + break; + } + } + } + } + + $FileToRemove = $kline['file']; + + break; + } + } + + // fuck off pleb + if ($AuthorizedRemoval != 1) { + print "You aren't authorized to perform this action."; + die(); + } + + // remove file + unlink($FileToRemove); ?>