diff --git a/add-keys.php b/add-keys.php index 5ecdeb7..38de047 100644 --- a/add-keys.php +++ b/add-keys.php @@ -27,11 +27,23 @@ function addKey($adminKey, $Value) { include "config.php"; $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM keys'); + $DatabaseQuery = $Database->query('SELECT * FROM admins'); + $Authorized = 0; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") { + $Authorized = 1; + break; + } + } + if ($Authorized != 1) { + print "You are not authorized to perform this action."; + die(); + } $numberOfUploads = 0; - $lastUsed = date($dateFormat); - $Issued = date($dateFormat); + $lastUsed = ""; + $Issued = ""; $ip = ""; $userAgent = ""; @@ -39,6 +51,14 @@ function addKey($adminKey, $Value) { $userAgent = getUserAgent(); } + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); + } + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + if ($storeIP || $storeIP == "true") { $ip = getIPAddress(); } @@ -50,11 +70,23 @@ function addTempKey($adminKey, $Value, $uploadsLeft) { include "config.php"; $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); + $DatabaseQuery = $Database->query('SELECT * FROM admins'); + $Authorized = 0; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") { + $Authorized = 1; + break; + } + } + if ($Authorized != 1) { + print "You are not authorized to perform this action."; + die(); + } $numberOfUploads = 0; - $lastUsed = date($dateFormat); - $Issued = date($dateFormat); + $lastUsed = ""; + $Issued = ""; $ip = ""; $userAgent = ""; @@ -62,12 +94,16 @@ function addTempKey($adminKey, $Value, $uploadsLeft) { $userAgent = getUserAgent(); } - if ($storeIP || $storeIP == "true") { - $ip = getIPAddress(); + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); } - if ($storeAgent || $storeAgent == "true") { - $userAgent = $_SERVER['HTTP_USER_AGENT']; + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + + if ($storeIP || $storeIP == "true") { + $ip = getIPAddress(); } $Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')"); @@ -77,11 +113,23 @@ function addAdminKey($adminKey, $Value, $Primary) { include "config.php"; $Database = createTables($sqlDB); - $DatabaseQuery = $Database->query('SELECT * FROM keys'); + $DatabaseQuery = $Database->query('SELECT * FROM admins'); + $Authorized = 0; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "" && $line['primaryadmin'] == 1) { + $Authorized = 1; + break; + } + } + if ($Authorized != 1) { + print "You are not authorized to perform this action."; + die(); + } $numberOfUploads = 0; - $lastUsed = date($dateFormat); - $Issued = date($dateFormat); + $lastUsed = ""; + $Issued = ""; $ip = ""; $userAgent = ""; @@ -89,10 +137,18 @@ function addAdminKey($adminKey, $Value, $Primary) { $userAgent = getUserAgent(); } + if ($storeIssued || $storeIssued == "true") { + $Issued = date($dateFormat); + } + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + } + if ($storeIP || $storeIP == "true") { $ip = getIPAddress(); } - $Database->exec("INSERT INTO admins(key, primary, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); + $Database->exec("INSERT INTO admins(key, primaryadmin, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')"); } ?> diff --git a/admin.php b/admin.php index 816c171..d0dcd63 100644 --- a/admin.php +++ b/admin.php @@ -4,9 +4,14 @@ * Licensed under the GNU Affero General Public License version 3.0 */ -include "config.php"?; +include "config.php"; include "create-table.php"; +if (!$enableAdminKeys || $enableAdminKeys == "false") { + print "Admin keys are not supported."; + die(); +} + $Authorized = 0; $Database = createTables($sqlDB); $DatabaseQuery = $Database->query('SELECT * FROM admins'); @@ -25,7 +30,68 @@ $html .= "\t\t
\n"; if (isset($_REQUEST['key'])) { $Key = $_REQUEST['key']; + + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "") { + $id = $line['id']; + $lastUsed = date($dateFormat); + + $Database->exec("UPDATE admins SET lastused='$lastUsed' WHERE id='$id'"); + + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'"); + } + + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'"); + } + + $Authorized = 1; + break; + } + } + + // the stuff + if ($Authorized) { + $html .= "\t\t\t

Admin tools

\n"; + $html .= "\t\t\t\n"; + $html .= "\t\t\t
\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t
\n"; + } else { + header('Location: admin.php?e=true'); + die(); + } } else { $Authorized = 0; + + $html .= "\t\t\t
\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t\n"; + $html .= "\t\t\t
\n"; + + if (isset($_REQUEST['e']) && $_REQUEST['e'] == "true") { + $html .= "\t\t\t

Invalid administrator key.

\n"; + } } + +$html .= "\t\t
\n"; +$html .= "\t\n"; +$html .= "\n"; + +print "$html"; + ?> diff --git a/config.ini b/config.ini index 9d4e0ed..6dc88dd 100644 --- a/config.ini +++ b/config.ini @@ -1,23 +1,27 @@ [html] -instance_name = curload -css = index.css -favicon = favicon.svg +instance_name = curload +css = index.css +favicon = favicon.svg [upload] -upload_dir = uploads/ -max_size = 100 +upload_dir = uploads/ +public_uploading = false +rename_duplicates = true +replace_original = false +max_size = 100 [credentials] -sql = true -sqldb = curload.sql -key_file = passwords.txt -temp_key_file = temporary_passwords.txt +sqldb = curload.sql +enable_keys = true +enable_temporary_keys = true +enable_admin_keys = true [logging] -store_ip = true -store_user_agent = true -store_issued = true -store_last_usage = true +store_ip = true +store_user_agent = true +store_issued = true +store_last_usage = true +store_number_of_uploads = true [format] -date_format = Y/m/d +date_format = Y/m/d diff --git a/config.php b/config.php index 20ee21d..7d0bd0e 100644 --- a/config.php +++ b/config.php @@ -4,20 +4,24 @@ * Licensed under the GNU Affero General Public License version 3.0 */ -$Stylesheet = "index.css"; -$Icon = "favicon.svg"; -$uploadDir = "uploads/"; -$keyFile = "passwords.txt"; -$tempKeyFile = "temporary_passwords.txt"; -$maxFileSize = "100"; -$sql = true; -$sqlDB = "curload.db"; -$storeIP = true; -$storeAgent = true; -$storeIssued = true; -$storeLastUsage = true; -$dateFormat = "Y/m/d"; -$instanceName = "curload"; +$Stylesheet = "index.css"; +$Icon = "favicon.svg"; +$uploadDir = "uploads/"; +$maxFileSize = "100"; +$sqlDB = "curload.db"; +$storeIP = true; +$storeAgent = true; +$storeIssued = true; +$storeLastUsage = true; +$storeUploads = true; +$publicUploading = false; +$renameDuplicates = true; +$replaceOriginal = false; +$dateFormat = "Y/m/d"; +$instanceName = "curload"; +$enableKeys = true; +$enableAdminKeys = true; +$enableTemporaryKeys = true; define('CONFIG_FILE', 'config.ini'); @@ -30,15 +34,19 @@ $configEntries = parse_ini_file(CONFIG_FILE); $Stylesheet = $configEntries['css']; $Icon = $configEntries['favicon']; $uploadDir = $configEntries['upload_dir']; -$keyFile = $configEntries['key_file']; -$tempKeyFile = $configEntries['temp_key_file']; $maxFileSize = $configEntries['max_size']; -$sql = $configEntries['sql']; $sqlDB = $configEntries['sqldb']; $storeIP = $configEntries['store_ip']; $storeAgent = $configEntries['store_user_agent']; $storeIssued = $configEntries['store_issued']; $storeLastUsage = $configEntries['store_last_usage']; +$storeUploads = $configEntries['store_number_of_uploads']; $dateFormat = $configEntries['date_format']; $instanceName = $configEntries['instance_name']; +$publicUploading = $configEntries['public_uploading']; +$renameDuplicates = $configEntries['rename_duplicates']; +$replaceOriginal = $configEntries['replace_original']; +$enableKeys = $configEntries['enable_keys']; +$enableAdminKeys = $configEntries['enable_admin_keys']; +$enableTemporaryKeys = $configEntries['enable_temporary_keys']; ?> diff --git a/create-table.php b/create-table.php index 50e43f6..95c4555 100644 --- a/create-table.php +++ b/create-table.php @@ -10,13 +10,13 @@ function createTables($sqlDB) { /* administrator table * id (INTEGER PRIMARY KEY) * key (TEXT) - * primary (INT) + * primaryadmin (INT) * lastused (TEXT) * issued (TEXT) * ip (TEXT) * useragent (TEXT) */ - $Database->exec("CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, primary INT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); + $Database->exec("CREATE TABLE IF NOT EXISTS admins(id INTEGER PRIMARY KEY, key TEXT, primaryadmin INT, numberofuploads INT, lastused TEXT, issued TEXT, ip TEXT, useragent TEXT)"); /* keys table * id (INTEGER PRIMARY KEY) diff --git a/data.php b/data.php new file mode 100644 index 0000000..e4e61eb --- /dev/null +++ b/data.php @@ -0,0 +1,6 @@ + diff --git a/index.css b/index.css new file mode 100644 index 0000000..a945926 --- /dev/null +++ b/index.css @@ -0,0 +1,67 @@ +.bar { + position: sticky; + top: 0px; + z-index: 6; + background-color: #363636; + margin: 0px; + padding: 0px; + width: 100%; +} + +.bar img { + transform: translate(0, +30%); + padding-right: 5px; +} + +.bar input { + padding-top: 2px; + padding-bottom: 2px; + border-color: #363636; + border-width: 0px; + background-color: #363636; + color: #f0eee4; + width: 100% +} + +.title { + color: #f0eee4; + padding-left: 2px; +} + +body { + margin: 0px; + padding: 0px; + background-color: #212121; + font-family: Monospace; +} + +footer { + padding: 5px; + font-size: 8pt; + font-weight: normal; + background-color: transparent; + text-align: center; +} + +.links { + color: #66667d; + padding: 5px; + padding-left: 2px; +} + +.content { + color: #f0eee4; + padding: 5px; + max-width: 1000px; + margin: auto; +} + +a { + color: #89bfff; + text-decoration: none; + transition: 0.1s; +} +a:hover { + color: #ccccff; + text-decoration: underline; +} diff --git a/index.php b/index.php index 8cd8258..1312416 100644 --- a/index.php +++ b/index.php @@ -6,14 +6,15 @@ include "config.php"; +$html = ""; $html .= "\n"; $html .= "\n"; $html .= "\t\n"; -$html .= "\t\t\n"; +$html .= "\t\t\n"; $html .= "\t\t\n"; $html .= "\t\t\n"; $html .= "\t\t\n"; -$html .= "\t\t$primaryTitle\n"; +$html .= "\t\t$instanceName\n"; $html .= "\t\n"; $html .= "\t\n"; $html .= "\t\t
\n"; @@ -22,14 +23,6 @@ $html .= "\t\t\t

speedie's super awesome file uploader junk

\n"; $html .= "\t\t\t
Select file to upload


\n"; $html .= "\t\t\t

Max file size: $maxFileSize MB

\n"; $html .= "\t\t\tsource code\n"; -$html .= "\t\t\t

oops i leaked admin tools

\n"; -$html .= "\t\t\t
\n"; -$html .= "\t\t\t\t\n"; -$html .= "\t\t\t\t\n"; -$html .= "\t\t\t\t\n"; -$html .= "\t\t\t\t\n"; -$html .= "\t\t\t\t\n"; -$html .= "\t\t\t
\n"; $html .= "\t\t
\n"; $html .= "\t\n"; diff --git a/remove.php b/remove.php new file mode 100644 index 0000000..31fb0fa --- /dev/null +++ b/remove.php @@ -0,0 +1,13 @@ + diff --git a/upload.php b/upload.php index 40c703e..276e46c 100644 --- a/upload.php +++ b/upload.php @@ -27,19 +27,24 @@ if (!isset($_FILES['file']['name'])) { } // init database -if ($sql == "true" || $sql) { +if (!$publicUploading || $publicUploading == "false") { $Database = createTables($sqlDB); $DatabaseQuery = $Database->query('SELECT * FROM keys'); while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $Key && $Key != "" && $line['key'] != "") { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { $id = $line['id']; $keyID = $id; - $numberOfUploads = $line['numberofuploads'] + 1; - $lastUsed = date($dateFormat); - $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); - $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); + } + + if ($storeUploads || $storeUploads == "true") { + $numberOfUploads = $line['numberofuploads'] + 1; + $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + } if ($storeIP || $storeIP == "true") { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { @@ -67,16 +72,22 @@ if ($sql == "true" || $sql) { if ($Authorized != 1) { $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0 && ($enableTemporaryKeys || $enableTemporaryKeys == "true")) { $uploadsLeft = $line['uploadsleft'] - 1; - $numberOfUploads = $line['numberofuploads'] + 1; - $lastUsed = date($dateFormat); $id = $line['id']; $keyID = $id; $Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'"); - $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); - $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); + } + + if ($storeUploads || $storeUploads == "true") { + $numberOfUploads = $line['numberofuploads'] + 1; + $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'"); + } if ($storeIP || $storeIP == "true") { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { @@ -107,7 +118,7 @@ if ($sql == "true" || $sql) { $DatabaseQuery = $Database->query('SELECT * FROM admins'); while ($line = $DatabaseQuery->fetchArray()) { - if ($line['key'] == $Key && $Key != "" && $line['key'] != "") { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableAdminKeys || $enableAdminKeys == "true")) { $id = $line['id']; $keyID = $id; $numberOfUploads = $line['numberofuploads'] + 1; @@ -139,77 +150,51 @@ if ($sql == "true" || $sql) { } } } -} else { // no sql version - // All normal keys will be considered valid - if (file_exists($keyFile)) { - $validKeys = explode("\n", file_get_contents($keyFile)); - } else { // one master key must exist - print("Error: No valid keys found."); + + // Not an authorized key + if ($Authorized == 0) { + print "Not authorized: Key '$Key' is invalid."; die(); } - - foreach ($validKeys as $ValidKey) { - if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { - $Authorized = 1; - $keyType = 0; - - break; - } - } - - // Temporary keys as well - if (file_exists($tempKeyFile)) { - $tempValidKeys = explode("\n", file_get_contents($tempKeyFile)); - - foreach ($tempValidKeys as $ValidKey) { - if ($Key == $ValidKey && $Key != "" && $ValidKey != "") { - $Authorized = 1; - $keyType = 1; // key should be considered invalid after this use. - - break; - } - } - } } -// Not an authorized key -if ($Authorized == 0) { - print "Not authorized: Key '$Key' is invalid."; - die(); -} - -if ($_FILES['file']['size'] > $uploadLimit) { +if ($_FILES['file']['size'] > $uploadLimit && $uploadLimit > 0) { print "File is too big. Max file size is $maxFileSize" . "MB"; die(); } +// check if file is too big to be uploaded if (!is_dir($uploadDir)) { mkdir($uploadDir, 0777, true); } $destinationFile = $uploadDir . basename($_FILES['file']['name']); -if (file_exists($destinationFile)) { // rename file to distinguish it from existing file - $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); - if (isset($fileExtension)) { - $extension = "." . $fileExtension; - } - $destinationFile = $uploadDir . rand(1000,100000) . $extension; +// rename file if necessary +if (!$replaceOriginal || $replaceOriginal == "false") { + if (file_exists($destinationFile) && $) { // rename file to distinguish it from existing file + $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); + if (isset($fileExtension)) { + $extension = "." . $fileExtension; + } - if (file_exists($destinationFile)) { // wtf - print "Failed to upload file."; - die(); + if ($renameDuplicates || $renameDuplicates == "true") { + $destinationFile = $uploadDir . rand(1000,100000) . $extension; + } + + if (file_exists($destinationFile)) { // wtf + print "Failed to upload file."; + die(); + } } } if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; - if ($sql || $sql == "true") { - $lastUsed = date($dateFormat); - $DatabaseQuery = $Database->query('SELECT * FROM uploads'); - $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')"); - } + $lastUsed = date($dateFormat); + $DatabaseQuery = $Database->query('SELECT * FROM uploads'); + $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')"); if ($keyType == 1) { // Remove temporary key $file = file_get_contents($tempKeyFile);