speedie/keyload
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
keyload/upload.php
Jacob a086b9b9b7 fix syntax error
2023-09-30 19:37:53 +02:00

217 lines
7.4 KiB
PHP
Raw Blame History

<?php
/* curload
* Simple file uploading using POST requests and temporary keys
* Licensed under the GNU Affero General Public License version 3.0
*/
include "config.php";
include "create-table.php";
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
} else {
print "No key specified.";
die();
}
$Status = 0;
$Authorized = 0;
$keyType = 0;
$uploadLimit = $maxFileSize * 1000000;
$keyID = 0;
$self = dirname($_SERVER['PHP_SELF']);
if (!isset($_FILES['file']['name'])) {
print "You didn't specify a file.";
die();
}
// init database
if (!$publicUploading || $publicUploading == "false") {
$Database = createTables($sqlDB);
$DatabaseQuery = $Database->query('SELECT * FROM keys');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
$id = $line['id'];
$keyID = $id;
if ($storeLastUsage || $storeLastUsage == "true") {
$lastUsed = date($dateFormat);
$Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
}
if ($storeUploads || $storeUploads == "true") {
$numberOfUploads = $line['numberofuploads'] + 1;
$Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
}
if ($storeIP || $storeIP == "true") {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
}
if ($storeAgent || $storeAgent == "true") {
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
}
$Authorized = 1;
$keyType = 0;
break;
}
}
if ($Authorized != 1) {
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && $line['uploadsleft'] != 0 && ($enableTemporaryKeys || $enableTemporaryKeys == "true")) {
$uploadsLeft = $line['uploadsleft'] - 1;
$id = $line['id'];
$keyID = $id;
$Database->exec("UPDATE tkeys SET uploadsleft='$uploadsLeft' WHERE id='$id'");
if ($storeLastUsage || $storeLastUsage == "true") {
$lastUsed = date($dateFormat);
$Database->exec("UPDATE tkeys SET lastused='$lastUsed' WHERE id='$id'");
}
if ($storeUploads || $storeUploads == "true") {
$numberOfUploads = $line['numberofuploads'] + 1;
$Database->exec("UPDATE tkeys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
}
if ($storeIP || $storeIP == "true") {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$Database->exec("UPDATE tkeys SET ip='$ip' WHERE id='$id'");
}
if ($storeAgent || $storeAgent == "true") {
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$Database->exec("UPDATE tkeys SET useragent='$userAgent' WHERE id='$id'");
}
$Authorized = 1;
$keyType = 1;
break;
}
}
}
// maybe admin?
if ($Authorized != 1) {
$DatabaseQuery = $Database->query('SELECT * FROM admins');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $Key && $Key != "" && $line['key'] != "" && ($enableAdminKeys || $enableAdminKeys == "true")) {
$id = $line['id'];
$keyID = $id;
$numberOfUploads = $line['numberofuploads'] + 1;
$lastUsed = date($dateFormat);
$Database->exec("UPDATE keys SET lastused='$lastUsed' WHERE id='$id'");
$Database->exec("UPDATE keys SET numberofuploads='$numberOfUploads' WHERE id='$id'");
if ($storeIP || $storeIP == "true") {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$Database->exec("UPDATE keys SET ip='$ip' WHERE id='$id'");
}
if ($storeAgent || $storeAgent == "true") {
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$Database->exec("UPDATE keys SET useragent='$userAgent' WHERE id='$id'");
}
$Authorized = 1;
$keyType = 2;
break;
}
}
}
// Not an authorized key
if ($Authorized == 0) {
print "Not authorized: Key '$Key' is invalid.";
die();
}
}
if ($_FILES['file']['size'] > $uploadLimit && $uploadLimit > 0) {
print "File is too big. Max file size is $maxFileSize" . "MB";
die();
}
// check if file is too big to be uploaded
if (!is_dir($uploadDir)) {
mkdir($uploadDir, 0777, true);
}
$destinationFile = $uploadDir . basename($_FILES['file']['name']);
// rename file if necessary
if (!$replaceOriginal || $replaceOriginal == "false") {
if (file_exists($destinationFile)) { // rename file to distinguish it from existing file
$fileExtension = strtolower(pathinfo(basename($_FILES['file']['name']),PATHINFO_EXTENSION));
if (isset($fileExtension)) {
$extension = "." . $fileExtension;
}
if ($renameDuplicates || $renameDuplicates == "true") {
$destinationFile = $uploadDir . rand(1000,100000) . $extension;
}
if (file_exists($destinationFile)) { // wtf
print "Failed to upload file.";
die();
}
}
}
if (move_uploaded_file($_FILES['file']['tmp_name'], $destinationFile)) {
$uploadedFile = dirname($_SERVER['PHP_SELF']) . $destinationFile;
$lastUsed = date($dateFormat);
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
$Database->exec("INSERT INTO uploads(file, uploaddate, keyid, keytype) VALUES('$uploadedFile', '$lastUsed', '$keyID', '$keyType')");
if ($keyType == 1) { // Remove temporary key
$file = file_get_contents($tempKeyFile);
$file = preg_replace("/\b$Key\b/", "", $file);
file_put_contents($tempKeyFile, $file);
}
print "$uploadedFile";
if (isset($_REQUEST['web'])) { // redirect back to index
print "<p><a href=\"$uploadedFile\">Your link</a></p>\n";
die();
}
} else {
print "Failed to upload file.";
print $_FILES['file']['error'];
die();
}
?>
Reference in a new issue View git blame Copy permalink