<?php
/* curload
 * Simple file uploading using POST requests and temporary keys
 * Licensed under the GNU Affero General Public License version 3.0
 */

include "config.php";
include "create-table.php";

if (isset($_REQUEST['key'])) {
    $Key = $_REQUEST['key'];
} else {
    print "No key specified.";
    die();
}

$Status = 0;
$Authorized = 0;
$keyType = 0;
$uploadLimit = $maxFileSize * 1000000;
$keyID = 0;
$self = dirname($_SERVER['PHP_SELF']);

if (!isset($_FILES['file']['name'])) {
    print "You didn't specify a file.";
    die();
}

// init database
if (!$publicUploading || $publicUploading == "false") {
    $Database = createTables($sqlDB);

    $DatabaseQuery = $Database->query('SELECT * FROM keys');
    while ($line = $DatabaseQuery->fetchArray()) {
        if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
            $id = $line['id'];
            $keyID = $id;

            if ($storeLastUsage || $storeLastUsage == "true") {
                $lastUsed = date($dateFormat);
                $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
            }

            if ($storeUploads || $storeUploads == "true") {
                $numberOfUploads = $line['numberofuploads'] + 1;
                $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
            }

            if ($storeIP || $storeIP == "true") {
                if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
                    $ip = $_SERVER['HTTP_CLIENT_IP'];
                } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
                    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
                } else {
                    $ip = $_SERVER['REMOTE_ADDR'];
                }

                $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
            }

            if ($storeAgent || $storeAgent == "true") {
                $userAgent = $_SERVER['HTTP_USER_AGENT'];
                $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
            }

            $Authorized = 1;
            $keyType = 0;
            break;
        }
    }

    if ($Authorized != 1) {
        $DatabaseQuery = $Database->query('SELECT * FROM tkeys');
        while ($line = $DatabaseQuery->fetchArray()) {
            if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0 && ($enableTemporaryKeys || $enableTemporaryKeys == "true")) {
                $uploadsLeft = $line['uploadsleft'] - 1;
                $id = $line['id'];
                $keyID = $id;

                $Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'");

                if ($storeLastUsage || $storeLastUsage == "true") {
                    $lastUsed = date($dateFormat);
                    $Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'");
                }

                if ($storeUploads || $storeUploads == "true") {
                    $numberOfUploads = $line['numberofuploads'] + 1;
                    $Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
                }

                if ($storeIP || $storeIP == "true") {
                    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
                        $ip = $_SERVER['HTTP_CLIENT_IP'];
                    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
                        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
                    } else {
                        $ip = $_SERVER['REMOTE_ADDR'];
                    }

                    $Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'");
                }

                if ($storeAgent || $storeAgent == "true") {
                    $userAgent = $_SERVER['HTTP_USER_AGENT'];
                    $Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'");
                }

                $Authorized = 1;
                $keyType = 1;
                break;
            }
        }
    }

    // maybe admin?
    if ($Authorized != 1) {
        $DatabaseQuery = $Database->query('SELECT * FROM admins');

        while ($line = $DatabaseQuery->fetchArray()) {
            if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableAdminKeys || $enableAdminKeys == "true")) {
                $id = $line['id'];
                $keyID = $id;
                $numberOfUploads = $line['numberofuploads'] + 1;
                    $lastUsed = date($dateFormat);

                $Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
                $Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");

                if ($storeIP || $storeIP == "true") {
                    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
                        $ip = $_SERVER['HTTP_CLIENT_IP'];
                    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
                        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
                    } else {
                        $ip = $_SERVER['REMOTE_ADDR'];
                    }

                    $Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
                }

                if ($storeAgent || $storeAgent == "true") {
                    $userAgent = $_SERVER['HTTP_USER_AGENT'];
                    $Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
                }

                $Authorized = 1;
                $keyType = 2;
                break;
            }
        }
    }

    // Not an authorized key
    if ($Authorized == 0) {
        print "Not authorized: Key '$Key' is invalid.";
        die();
    }
}

if ($_FILES['file']['size'] > $uploadLimit && $uploadLimit > 0) {
    print "File is too big. Max file size is $maxFileSize" . "MB";
    die();
}

// check if file is too big to be uploaded
if (!is_dir($uploadDir)) {
    mkdir($uploadDir, 0777, true);
}

$destinationFile = $uploadDir . basename($_FILES['file']['name']);

// rename file if necessary
if (!$replaceOriginal || $replaceOriginal == "false") {
    if (file_exists($destinationFile) && $) { // rename file to distinguish it from existing file
        $fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION));
        if (isset($fileExtension)) {
            $extension = "." . $fileExtension;
        }

        if ($renameDuplicates || $renameDuplicates == "true") {
            $destinationFile = $uploadDir . rand(1000,100000) . $extension;
        }

        if (file_exists($destinationFile)) { // wtf
            print "Failed to upload file.";
            die();
        }
    }
}

if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
    $uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile;

    $lastUsed = date($dateFormat);
    $DatabaseQuery = $Database->query('SELECT * FROM uploads');
    $Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')");

    if ($keyType == 1) { // Remove temporary key
        $file = file_get_contents($tempKeyFile);
        $file = preg_replace("/\b$Key\b/", "", $file);
        file_put_contents($tempKeyFile, $file);
    }

    print "$uploadedFile";

    if (isset($_REQUEST['web'])) { // redirect back to index
        print "<p><a href=\"$uploadedFile\">Your link</a></p>\n";
        die();
    }
} else {
    print "Failed to upload file.";
    print $_FILES['file']['error'];
    die();
}
?>