221 lines
5.7 KiB
PHP
221 lines
5.7 KiB
PHP
<?php
|
|
/* curload
|
|
* Simple file uploading using POST requests and temporary keys
|
|
* Licensed under the GNU Affero General Public License version 3.0
|
|
*/
|
|
|
|
include "config.php";
|
|
include "create-table.php";
|
|
include "core.php";
|
|
|
|
$Redirect = "";
|
|
$uploadsLeft = 1;
|
|
$AuthorizedCreation = 0;
|
|
$AdminIsPrimary = 0;
|
|
$primary = 0;
|
|
|
|
if (isset($_REQUEST['redir'])) {
|
|
$Redirect = $_REQUEST['redir'];
|
|
}
|
|
|
|
$Database = createTables($sqlDB);
|
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
|
|
|
$adminExists = 0;
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
|
$adminExists = 1;
|
|
break;
|
|
}
|
|
|
|
if ($adminExists != 1) {
|
|
$primary = 1;
|
|
} else {
|
|
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
|
|
header('Location: login.php?redir=admin');
|
|
die();
|
|
} else if ($_COOKIE[$cookieTypeName] != 2) { // not allowed
|
|
header('Location: /');
|
|
die();
|
|
}
|
|
|
|
$primary = 0;
|
|
}
|
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
|
if ($line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
|
|
$AuthorizedCreation = 1;
|
|
$AdminIsPrimary = $line['primaryadmin'];
|
|
break;
|
|
}
|
|
}
|
|
|
|
// not authorized
|
|
if ($AuthorizedCreation != 1 && $primary != 1) {
|
|
header('Location: /');
|
|
die();
|
|
}
|
|
|
|
if (isset($_REQUEST['data']) && $_REQUEST['data'] != "") {
|
|
$Data = $_REQUEST['data'];
|
|
} else {
|
|
if ($Redirect == "admin") {
|
|
header("Location: admin.php?action=create&e=data");
|
|
} else if ($Redirect == "setup") {
|
|
header("Location: setup.php?e=data");
|
|
} else {
|
|
header("Location: /");
|
|
}
|
|
|
|
die();
|
|
}
|
|
|
|
if (isset($_REQUEST['type']) && $_REQUEST['type'] != "") {
|
|
$Type = $_REQUEST['type'];
|
|
} else {
|
|
if ($Redirect == "admin") {
|
|
header("Location: admin.php?action=create&e=type");
|
|
} else if ($Redirect == "setup") {
|
|
header("Location: setup.php?e=type");
|
|
} else {
|
|
header("Location: /");
|
|
}
|
|
|
|
die();
|
|
}
|
|
|
|
if (isset($_REQUEST['uploads']) && $Type == "Temporary") {
|
|
$Uploads = $_REQUEST['uploads'];
|
|
} else {
|
|
$Uploads = 1;
|
|
}
|
|
|
|
if (isset($_REQUEST['uploadsleft']) && $Type == "Temporary") {
|
|
$uploadsLeft = $_REQUEST['uploadsleft'];
|
|
|
|
if ($uploadsLeft == 0 || !isset($_REQUEST['uploadsleft'])) {
|
|
if ($Redirect == "admin") {
|
|
header("Location: admin.php?action=create&e=uploads");
|
|
} else if ($Redirect == "uploads") {
|
|
header("Location: setup.php?e=type");
|
|
} else {
|
|
header("Location: /");
|
|
}
|
|
|
|
die();
|
|
}
|
|
} else {
|
|
$uploadsLeft = -1;
|
|
}
|
|
|
|
if ($Type == "Admin") {
|
|
if ($AdminIsPrimary != 1 && $primary != 1) {
|
|
if ($Redirect == "admin") {
|
|
header("Location: admin.php?action=create&e=denied");
|
|
} else if ($Redirect == "setup") {
|
|
header("Location: setup.php?e=denied");
|
|
} else {
|
|
header("Location: /");
|
|
}
|
|
|
|
die();
|
|
}
|
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
|
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
|
if ($line['key'] == "$Data" && $Data != "" && $line['key'] != "") {
|
|
if ($Redirect == "admin") {
|
|
header("Location: admin.php?action=create&e=exists");
|
|
} else if ($Redirect == "setup") {
|
|
header("Location: setup.php?e=exists");
|
|
} else {
|
|
header("Location: /");
|
|
}
|
|
|
|
die();
|
|
}
|
|
}
|
|
|
|
$numberOfUploads = 0;
|
|
$lastUsed = "";
|
|
$Issued = "";
|
|
$ip = "";
|
|
$userAgent = "";
|
|
|
|
if ($storeAgent || $storeAgent == "true") {
|
|
$userAgent = getUserAgent();
|
|
}
|
|
|
|
if ($storeIssued || $storeIssued == "true") {
|
|
$Issued = date($dateFormat);
|
|
}
|
|
|
|
if ($storeLastUsage || $storeLastUsage == "true") {
|
|
$lastUsed = date($dateFormat);
|
|
}
|
|
|
|
if ($storeIP || $storeIP == "true") {
|
|
$ip = getIPAddress();
|
|
}
|
|
|
|
$Database->exec("INSERT INTO admins(key, primaryadmin, numberofuploads, lastused, issued, ip, useragent) VALUES('$Data', '$primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
|
} else if ($Type == "Temporary" || $Type == "Key") {
|
|
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
|
if ($line['key'] == "$Data" && $Data != "" && $line['key'] != "") {
|
|
if ($Redirect == "admin") {
|
|
header("Location: admin.php?action=create&e=exists");
|
|
} else if ($Redirect == "setup") {
|
|
header("Location: setup.php?e=exists");
|
|
} else {
|
|
header("Location: /");
|
|
}
|
|
|
|
die();
|
|
}
|
|
}
|
|
|
|
$numberOfUploads = 0;
|
|
$lastUsed = "";
|
|
$Issued = "";
|
|
$ip = "";
|
|
$userAgent = "";
|
|
|
|
if ($storeAgent || $storeAgent == "true") {
|
|
$userAgent = getUserAgent();
|
|
}
|
|
|
|
if ($storeIssued || $storeIssued == "true") {
|
|
$Issued = date($dateFormat);
|
|
}
|
|
|
|
if ($storeLastUsage || $storeLastUsage == "true") {
|
|
$lastUsed = date($dateFormat);
|
|
}
|
|
|
|
if ($storeIP || $storeIP == "true") {
|
|
$ip = getIPAddress();
|
|
}
|
|
|
|
$Database->exec("INSERT INTO keys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Data', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
|
} else {
|
|
if ($Redirect == "admin") {
|
|
header("Location: admin.php?action=create&e=type");
|
|
} else if ($Redirect == "setup") {
|
|
header("Location: setup.php?e=type");
|
|
} else {
|
|
header("Location: /");
|
|
}
|
|
|
|
die();
|
|
}
|
|
|
|
if ($Redirect == "admin") {
|
|
header("Location: admin.php?action=keys");
|
|
} else {
|
|
header("Location: /");
|
|
}
|
|
|
|
?>
|