From e0fc2a6c8aa524230225a08892067b3926568a9b Mon Sep 17 00:00:00 2001 From: speedie Date: Sat, 30 Sep 2023 22:24:02 +0200 Subject: [PATCH] Add login --- admin.php | 2 +- config.ini | 5 ++ config.php | 6 ++ core.php | 8 ++- index.css | 7 +- index.php | 6 +- login.php | 197 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 227 insertions(+), 4 deletions(-) create mode 100644 login.php diff --git a/admin.php b/admin.php index 091a32e..6005932 100644 --- a/admin.php +++ b/admin.php @@ -18,7 +18,7 @@ $Database = createTables($sqlDB); $DatabaseQuery = $Database->query('SELECT * FROM admins'); $html = ""; -$html = printHead($html); +$html = printHeader($html); if (isset($_REQUEST['key'])) { $Key = $_REQUEST['key']; diff --git a/config.ini b/config.ini index 66a2055..a908ff8 100644 --- a/config.ini +++ b/config.ini @@ -2,8 +2,12 @@ instance_name = curload css = index.css javascript = index.js +logo = logo.svg favicon = favicon.svg +[header] +logo_header_size = 16 + [upload] upload_dir = uploads/ public_uploading = false @@ -18,6 +22,7 @@ sqldb = curload.sql enable_keys = true enable_temporary_keys = true enable_admin_keys = true +cookie_name = speedierocks [logging] store_ip = true diff --git a/config.php b/config.php index a9c27a9..1e34c63 100644 --- a/config.php +++ b/config.php @@ -8,6 +8,7 @@ $configFile = "config.ini"; $Stylesheet = "index.css"; $javaScript = "index.js"; $Icon = "favicon.svg"; +$Logo = "logo.svg"; $uploadDir = "uploads/"; $maxFileSize = "100"; $sqlDB = "curload.db"; @@ -19,8 +20,10 @@ $storeUploads = true; $publicUploading = false; $renameDuplicates = true; $replaceOriginal = false; +$logoHeaderSize = 16; $dateFormat = "Y/m/d"; $instanceName = "curload"; +$cookieName = "speedierocks"; $enableKeys = true; $enableAdminKeys = true; $enableTemporaryKeys = true; @@ -35,6 +38,7 @@ if (!file_exists($configFile)) { $configEntries = parse_ini_file($configFile); $Stylesheet = $configEntries['css']; $Icon = $configEntries['favicon']; +$Logo = $configEntries['logo']; $uploadDir = $configEntries['upload_dir']; $maxFileSize = $configEntries['max_size']; $sqlDB = $configEntries['sqldb']; @@ -43,6 +47,7 @@ $storeAgent = $configEntries['store_user_agent']; $storeIssued = $configEntries['store_issued']; $storeLastUsage = $configEntries['store_last_usage']; $storeUploads = $configEntries['store_number_of_uploads']; +$logoHeaderSize = $configEntries['logo_header_size']; $dateFormat = $configEntries['date_format']; $instanceName = $configEntries['instance_name']; $publicUploading = $configEntries['public_uploading']; @@ -53,5 +58,6 @@ $enableAdminKeys = $configEntries['enable_admin_keys']; $enableTemporaryKeys = $configEntries['enable_temporary_keys']; $enableUploadRemoval = $configEntries['enable_upload_removal']; $enableKeyUploadRemoval = $configEntries['enable_key_upload_removal']; +$cookieName = $configEntries['cookie_name']; $javaScript = $configEntries['javascript']; ?> diff --git a/core.php b/core.php index e0b8de6..75b1eb7 100644 --- a/core.php +++ b/core.php @@ -4,7 +4,7 @@ * Licensed under the GNU Affero General Public License version 3.0 */ -function printHead($html) { +function printHeader($html) { include "config.php"; $html .= "\n"; @@ -18,6 +18,12 @@ function printHead($html) { if (file_exists($javaScript)) $html .= "\t\t\n"; $html .= "\t\t$instanceName\n"; + $html .= "\t\t
\n"; + $html .= "\t\t\t\n"; + if (file_exists($Logo)) $html .= "\t\t\t\t\n"; + $html .= "\t\t\t\t$instanceName\n"; + $html .= "\t\t\t\n"; + $html .= "\t\t
\n"; $html .= "\t\n"; $html .= "\t\n"; $html .= "\t\t
\n"; diff --git a/index.css b/index.css index a945926..ee60602 100644 --- a/index.css +++ b/index.css @@ -9,7 +9,7 @@ } .bar img { - transform: translate(0, +30%); + float: left; padding-right: 5px; } @@ -49,11 +49,16 @@ footer { padding-left: 2px; } +.error { + color: #ff0000; +} + .content { color: #f0eee4; padding: 5px; max-width: 1000px; margin: auto; + text-align: center; } a { diff --git a/index.php b/index.php index 376cd70..bd06565 100644 --- a/index.php +++ b/index.php @@ -9,13 +9,17 @@ function main() { include "core.php"; $html = ""; - $html = printHead($html); + $html = printHeader($html); $html .= "\t\t\t

speedie's super awesome file uploader junk

\n"; $html .= "\t\t\t
Select file to upload


\n"; $html .= "\t\t\t

Max file size: $maxFileSize MB

\n"; $html .= "\t\t\tsource code\n"; + if (isset($_COOKIE[$cookieName])) { + $html .= "\t\t\t

Cookie found, how awesome is that?

\n"; + } + $html = printFooter($html); print "$html"; diff --git a/login.php b/login.php new file mode 100644 index 0000000..9a2b74f --- /dev/null +++ b/login.php @@ -0,0 +1,197 @@ +query('SELECT * FROM keys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) { + $id = $line['id']; + + // update last usage + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'"); + } + + // update IP address + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'"); + } + + // update user agent + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'"); + } + + $Authorized = 1; + $KeyType = 0; + + break; + } + } + + // Temporary keys + $DatabaseQuery = $Database->query('SELECT * FROM tkeys'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableTemporaryKeys || $enableTemporaryKeys == "true")) { + $id = $line['id']; + + // update last usage + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'"); + } + + // update IP address + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'"); + } + + // update user agent + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'"); + } + + $Authorized = 1; + $KeyType = 1; + + break; + } + } + + // Admin keys + $DatabaseQuery = $Database->query('SELECT * FROM admins'); + while ($line = $DatabaseQuery->fetchArray()) { + if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableTemporaryKeys || $enableTemporaryKeys == "true")) { + $id = $line['id']; + + // update last usage + if ($storeLastUsage || $storeLastUsage == "true") { + $lastUsed = date($dateFormat); + $Database->exec("UPDATE admins SET lastused='$lastUsed' WHERE id='$id'"); + } + + // update IP address + if ($storeIP || $storeIP == "true") { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $ip = $_SERVER['HTTP_CLIENT_IP']; + } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $ip = $_SERVER['REMOTE_ADDR']; + } + + $Database->exec("UPDATE admins SET ip='$ip' WHERE id='$id'"); + } + + // update user agent + if ($storeAgent || $storeAgent == "true") { + $userAgent = $_SERVER['HTTP_USER_AGENT']; + $Database->exec("UPDATE admins SET useragent='$userAgent' WHERE id='$id'"); + } + + $Authorized = 1; + $KeyType = 2; + + break; + } + } + + if ($Authorized == 0) { + header('Location: login.php?e=true'); + die(); + } + + setcookie($cookieName, $Key); + + if (!isset($_COOKIE[$cookieName])) { + header('Location: /'); + die(); + } + + if ($Redirect == "index" || ($Redirect == "admin" && $KeyType != 3)) { + header('Location: /'); + die(); + } else { + header('Location: admin.php'); + die(); + } + + die(); +} else { + $html = ""; + + $html = printHeader($html); + + $html .= "\t\t\t

Login

\n"; + $html .= "\t\t\t\t

Enter your login key to continue.

\n"; + $html .= "\t\t\t\t
\n"; + $html .= "\t\t\t\t\t\n"; + $html .= "\t\t\t\t\t\n"; + $html .= "\t\t\t\t
\n"; + + if (isset($_REQUEST['e']) && $_REQUEST['e'] == "true") { + $html .= "\t\t\t\t

Invalid key.

\n"; + } + + $html = printFooter($html); + + print "$html"; +} +?>