<?php
/* curload
 * Simple file uploading using POST requests and temporary keys
 * Licensed under the GNU Affero General Public License version 3.0
 */

include "config.php";
include "create-table.php";

if (isset($_REQUEST['key'])) {
    $Key = $_REQUEST['key'];
} else {
    print "No key specified.";
    die();
}

$Status = 0;
$Authorized = 0;
$keyType = 0;
$uploadLimit = $maxFileSize * 1000000;
$keyID = 0;
$self = dirname($_SERVER['PHP_SELF']);

if (!isset($_FILES['file']['name'])) {
    print "You didn't specify a file.";
    die();
}

// init database
if ($sql == "true" || $sql) {
    $Database = createTables($sqlDB);

    $DatabaseQuery = $Database->query('SELECT * FROM keys');
    while ($line = $DatabaseQuery->fetchArray()) {
        if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
            $id = $line['id'];
            $keyID = $id;
            $numberOfUploads = $line['numberofuploads'] + 1;
                $lastUsed = date($dateFormat);

            $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
            $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");

            if ($storeIP || $storeIP == "true") {
                if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
                    $ip = $_SERVER['HTTP_CLIENT_IP'];
                } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
                    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
                } else {
                    $ip = $_SERVER['REMOTE_ADDR'];
                }

                $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
            }

            if ($storeAgent || $storeAgent == "true") {
                $userAgent = $_SERVER['HTTP_USER_AGENT'];
                $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
            }

            $Authorized = 1;
            $keyType = 0;
            break;
        }
    }

    if ($Authorized != 1) {
        $DatabaseQuery = $Database->query('SELECT * FROM tkeys');
        while ($line = $DatabaseQuery->fetchArray()) {
            if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0) {
                $uploadsLeft = $line['uploadsleft'] - 1;
                $numberOfUploads = $line['numberofuploads'] + 1;
                $lastUsed = date($dateFormat);
                $id = $line['id'];
                $keyID = $id;

                $Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'");
                $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'");
                $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'");

                if ($storeIP || $storeIP == "true") {
                    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
                        $ip = $_SERVER['HTTP_CLIENT_IP'];
                    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
                        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
                    } else {
                        $ip = $_SERVER['REMOTE_ADDR'];
                    }

                    $Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'");
                }

                if ($storeAgent || $storeAgent == "true") {
                    $userAgent = $_SERVER['HTTP_USER_AGENT'];
                    $Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'");
                }

                $Authorized = 1;
                $keyType = 1;
                break;
            }
        }
    }

    // maybe admin?
    if ($Authorized != 1) {
        $DatabaseQuery = $Database->query('SELECT * FROM admins');

        while ($line = $DatabaseQuery->fetchArray()) {
            if ($line['key'] == $Key && $Key != "" && $line['key'] != "") {
                $id = $line['id'];
                $keyID = $id;
                $numberOfUploads = $line['numberofuploads'] + 1;
                    $lastUsed = date($dateFormat);

                $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
                $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");

                if ($storeIP || $storeIP == "true") {
                    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
                        $ip = $_SERVER['HTTP_CLIENT_IP'];
                    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
                        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
                    } else {
                        $ip = $_SERVER['REMOTE_ADDR'];
                    }

                    $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
                }

                if ($storeAgent || $storeAgent == "true") {
                    $userAgent = $_SERVER['HTTP_USER_AGENT'];
                    $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
                }

                $Authorized = 1;
                $keyType = 2;
                break;
            }
        }
    }
} else { // no sql version
    // All normal keys will be considered valid
    if (file_exists($keyFile)) {
        $validKeys = explode("\n", file_get_contents($keyFile));
    } else { // one master key must exist
        print("Error: No valid keys found.");
        die();
    }

    foreach ($validKeys as $ValidKey) {
        if ($Key == $ValidKey && $Key != "" && $ValidKey != "") {
            $Authorized = 1;
            $keyType = 0;

            break;
        }
    }

    // Temporary keys as well
    if (file_exists($tempKeyFile)) {
        $tempValidKeys = explode("\n", file_get_contents($tempKeyFile));

        foreach ($tempValidKeys as $ValidKey) {
            if ($Key == $ValidKey && $Key != "" && $ValidKey != "") {
                $Authorized = 1;
                $keyType = 1; // key should be considered invalid after this use.

                break;
            }
        }
    }
}

// Not an authorized key
if ($Authorized == 0) {
    print "Not authorized: Key '$Key' is invalid.";
    die();
}

if ($_FILES['file']['size'] > $uploadLimit) {
    print "File is too big. Max file size is $maxFileSize" . "MB";
    die();
}

if (!is_dir($uploadDir)) {
    mkdir($uploadDir, 0777, true);
}

$destinationFile = $uploadDir . basename($_FILES['file']['name']);

if (file_exists($destinationFile)) { // rename file to distinguish it from existing file
    $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION));
    if (isset($fileExtension)) {
        $extension = "." . $fileExtension;
    }
    $destinationFile = $uploadDir . rand(1000,100000) . $extension;

    if (file_exists($destinationFile)) { // wtf
        print "Failed to upload file.";
        die();
    }
}

if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
    $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile;

    if ($sql || $sql == "true") {
        $lastUsed = date($dateFormat);
        $DatabaseQuery = $Database->query('SELECT * FROM uploads');
        $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')");
    }

    if ($keyType == 1) { // Remove temporary key
        $file = file_get_contents($tempKeyFile);
        $file = preg_replace("/\b$Key\b/", "", $file);
        file_put_contents($tempKeyFile, $file);
    }

    print "$uploadedFile";

    if (isset($_REQUEST['web'])) { // redirect back to index
        print "<p><a href=\"$uploadedFile\">Your link</a></p>\n";
        die();
    }
} else {
    print "Failed to upload file.";
    print $_FILES['file']['error'];
    die();
}
?>