From e01c13fe82178afc18bd7cb10be00f20447623c1 Mon Sep 17 00:00:00 2001 From: speedie Date: Fri, 29 Sep 2023 00:25:59 +0200 Subject: [PATCH] WIP work on SQL #4 --- config.ini | 18 ++++++--- config.php | 8 ++++ index.php | 2 +- upload.php | 113 +++++++++++++++++++++++++++++++++-------------------- 4 files changed, 92 insertions(+), 49 deletions(-) diff --git a/config.ini b/config.ini index b539d89..e316e58 100644 --- a/config.ini +++ b/config.ini @@ -1,11 +1,17 @@ [html] -css = index.css -favicon = favicon.svg +css = index.css +favicon = favicon.svg [upload] -upload_dir = uploads2/ -max_size = 100 +upload_dir = uploads/ +max_size = 100 [credentials] -key_file = passwords.txt -temp_key_file = temporary_passwords.txt +sql = true +sqldb = curload.sql +key_file = passwords.txt +temp_key_file = temporary_passwords.txt + +[logging] +store_ip = true +store_user_agent = true diff --git a/config.php b/config.php index a2cceb0..4ef12b7 100644 --- a/config.php +++ b/config.php @@ -5,6 +5,10 @@ $keyFile = "passwords.txt"; $tempKeyFile = "temporary_passwords.txt"; $maxFileSize = "100"; + $sql = true; + $sqlDB = "curload.db"; + $storeIP = true; + $storeAgent = true; define('CONFIG_FILE', 'config.ini'); @@ -20,4 +24,8 @@ $keyFile = $configEntries['key_file']; $tempKeyFile = $configEntries['temp_key_file']; $maxFileSize = $configEntries['max_size']; + $sql = $configEntries['sql']; + $sqlDB = $configEntries['sqldb']; + $storeIP = $configEntries['store_ip']; + $storeAgent = $configEntries['store_user_agent']; ?> diff --git a/index.php b/index.php index b26243e..943d34f 100644 --- a/index.php +++ b/index.php @@ -30,7 +30,7 @@ function initServer() { function main() { include "config.php"; - printHeader("curload", "Upload files", $Icon, $Stylesheet); + printHeader("curload", "Simply upload files", $Icon, $Stylesheet); print "\t\t\t

speedie's super awesome file uploader junk

\n"; print "\t\t\t
Select file to upload


\n"; diff --git a/upload.php b/upload.php index 8efdb68..b6593b7 100644 --- a/upload.php +++ b/upload.php @@ -14,7 +14,39 @@ $uploadLimit = $maxFileSize * 1000000; $self = dirname($_SERVER['PHP_SELF']); - if (isset($_FILES['file']['name'])) { + if (!isset($_FILES['file']['name'])) { + print "You didn't specify a file."; + die(); + } + + // init database + if ($sql) { + $Database = new SQLite3($sqlDB); + $Database->exec("CREATE TABLE keys(id INTEGER PRIMARY KEY, key TEXT)"); + $Database->exec("CREATE TABLE tkeys(id INTEGER PRIMARY KEY, key TEXT, uploads INT)"); + $Database->exec("CREATE TABLE uploads(id INTEGER PRIMARY KEY, file TEXT, date TEXT, useragent TEXT, ip TEXT)"); + + $DatabaseQuery = $Database->query('SELECT * FROM keys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "") { + $Authorized = 1; + break; + } + } + + if ($Authorized != 1) { + $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploads'] != 0) { + $numberOfUploads = $line['uploads'] - 1; + $id = $line['id']; + $Database->exec("UPDATE tkeys SET uploads=$numberOfUploads WHERE id=$id"); + $Authorized = 1; + break; + } + } + } + } else { // no sql version // All normal keys will be considered valid if (file_exists($keyFile)) { $validKeys = explode("\n", file_get_contents($keyFile)); @@ -45,58 +77,55 @@ } } } + } - // Not an authorized key - if ($Authorized == 0) { - print "Not authorized: Key '$Key' is invalid."; - die(); - } + // Not an authorized key + if ($Authorized == 0) { + print "Not authorized: Key '$Key' is invalid."; + die(); + } - if ($_FILES['file']['size'] > $uploadLimit) { - print "File is too big. Max file size is $maxFileSize" . "MB"; - die(); - } + if ($_FILES['file']['size'] > $uploadLimit) { + print "File is too big. Max file size is $maxFileSize" . "MB"; + die(); + } - if (!is_dir($uploadDir)) { - mkdir($uploadDir, 0777, true); - } + if (!is_dir($uploadDir)) { + mkdir($uploadDir, 0777, true); + } - $destinationFile = $uploadDir . basename($_FILES['file']['name']); + $destinationFile = $uploadDir . basename($_FILES['file']['name']); - if (file_exists($destinationFile)) { // rename file to distinguish it from existing file - $destinationFile = $uploadDir . rand(10000,100000) . "." . strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); + if (file_exists($destinationFile)) { // rename file to distinguish it from existing file + $destinationFile = $uploadDir . rand(10000,100000) . "." . strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION)); - if (file_exists($destinationFile)) { // wtf - print "Failed to upload file."; - die(); - } - } - - if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { - $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; - - if ($tempKeyUsed) { // Remove temporary key - $file = file_get_contents($tempKeyFile); - $file = preg_replace("/\b$Key\b/", "", $file); - file_put_contents($tempKeyFile, $file); - } - - print "$uploadedFile"; - - if (isset($_REQUEST['web'])) { // redirect back to index - print "

Your link

\n"; - die(); - } - } else { + if (file_exists($destinationFile)) { // wtf print "Failed to upload file."; + die(); + } + } - if ($_FILES['file']['error'] == 1) { - print "Is the upload_max_filesize set up properly?"; - } + if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) { + $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile; + + if ($tempKeyUsed) { // Remove temporary key + $file = file_get_contents($tempKeyFile); + $file = preg_replace("/\b$Key\b/", "", $file); + file_put_contents($tempKeyFile, $file); + } + + print "$uploadedFile"; + + if (isset($_REQUEST['web'])) { // redirect back to index + print "

Your link

\n"; die(); } } else { - print "You didn't specify a file."; + print "Failed to upload file."; + + if ($_FILES['file']['error'] == 1) { + print "Is the upload_max_filesize set up properly?"; + } die(); } ?>