give option to log ip

sqlite_schema.sql

@@ -8,5 +8,6 @@ CREATE TABLE `files` (
 ,  `filename` varchar(30) default NULL
 ,  `size` integer  default NULL
 ,  `date` integer default NULL
+,  `ip` char(15) default NULL
 );
 END TRANSACTION;

static/php/includes/settings.inc.php

@@ -12,7 +12,7 @@
  *
  * @see http://php.net/manual/en/ref.pdo-mysql.connection.php PHP manual for
  * PDO_MYSQL DSN.
- * @param string POMF_DB_CONN DSN:host|unix_socket=hostname|path;dbname=database
+ * @param string UGUU_DB_CONN DSN:host|unix_socket=hostname|path;dbname=database
  */
 define('UGUU_DB_CONN', 'sqlite:/path/to/db/uguu.sq3');
 
@@ -20,11 +20,14 @@ define('UGUU_DB_CONN', 'sqlite:/path/to/db/uguu.sq3');
  * PDO database login credentials
  */
 
-/* @param string POMF_DB_NAME Database username */
+/* @param string UGUU_DB_NAME Database username */
 define('UGUU_DB_USER', 'NULL');
-/* @param string POMF_DB_PASS Database password */
+/* @param string UGUU_DB_PASS Database password */
 define('UGUU_DB_PASS', 'NULL');
 
+/** Log IP of uploads */
+define('LOG_IP', 'no');
+
 /*
  * File system location where to store uploaded files
  *
@@ -39,14 +42,14 @@ define('UGUU_FILES_ROOT', '/path/to/file/');
  * exist under a randomly generated filename, so we count tries and keep trying.
  * If this value is exceeded, we give up trying to generate a new filename.
  *
- * @param int POMF_FILES_RETRIES Number of attempts to retry
+ * @param int UGUU_FILES_RETRIES Number of attempts to retry
  */
 define('UGUU_FILES_RETRIES', 15);
 
 /*
  * The length of generated filename (without file extension)
  *
- * @param int POMF_FILES_LENGTH Number of random alphabetical ASCII characters
+ * @param int UGUU_FILES_LENGTH Number of random alphabetical ASCII characters
  * to use
  */
 define('UGUU_FILES_LENGTH', 8);
@@ -54,9 +57,9 @@ define('UGUU_FILES_LENGTH', 8);
 /*
  * URI to prepend to links for uploaded files
  *
- * @param string POMF_URL URI with trailing delimiter
+ * @param string UGUU_URL URI with trailing delimiter
  */
-define('UGUU_URL', 'https://a.uguu.se/');
+define('UGUU_URL', 'https://url.to.subdomain.where.files.will.be.served.com');
 
 /*
  * URI for filename generation

static/php/upload.php

@@ -1,15 +1,20 @@
 <?php
 /**
- * Require the settings and DB files.
+ * Handles POST uploads, generates filenames, moves files around and commits
+ * uploaded metadata to database.
  */
+
 require_once 'classes/Response.class.php';
 require_once 'classes/UploadException.class.php';
 require_once 'classes/UploadedFile.class.php';
 require_once 'includes/database.inc.php';
 
 /**
- * Generates name and checks in DB
- * Also adds to DB.
+ * Generates a random name for the file, retrying until we get an unused one.
+ *
+ * @param UploadedFile $file
+ *
+ * @return string
  */
 function generateName($file)
 {
@@ -17,8 +22,8 @@ function generateName($file)
     global $doubledots;
 
     // We start at N retries, and --N until we give up
-    $tries = UGUU_FILES_RETRIES;
-    $length = UGUU_FILES_LENGTH;
+    $tries = POMF_FILES_RETRIES;
+    $length = POMF_FILES_LENGTH;
     //Get EXT
     $ext = pathinfo($file->name, PATHINFO_EXTENSION);
     //Get mime
@@ -37,7 +42,8 @@ function generateName($file)
     do {
         // Iterate until we reach the maximum number of retries
         if ($tries-- === 0) {
-            throw new Exception(
+	        http_response_code(500);
+        throw new Exception(
                 'Gave up trying to find an unused name',
                 500
             ); // HTTP status code "500 Internal Server Error"
@@ -54,17 +60,29 @@ function generateName($file)
             $name .= '.'.$ext;
         }
 
-        //Check if mime is blacklisted
-        if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
-            http_response_code(415);
-            throw new Exception('Filetype not allowed!');
+       //Check if mime is blacklisted
+       if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
+	        http_response_code(415);
+        throw new Exception ('Extension type not allowed.');
             exit(0);
-        }
+          }
+
 
         //Check if EXT is blacklisted
         if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
+            http_response_code(415);           
+        throw new Exception ('Extension type not allowed.');
+            exit(0);
+        }
+
+        // Check blacklist DB
+        $q = $db->prepare('SELECT hash, COUNT(*) AS count FROM blacklistedfiles WHERE hash = (:hash)');
+        $q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
+        $q->execute();
+        $result = $q->fetch();
+        if ($result['count'] > 0) {
             http_response_code(415);
-            throw new Exception('Filetype not allowed!');
+            throw new UploadException(UPLOAD_ERR_BLACKLISTED);
             exit(0);
         }
 
@@ -74,10 +92,9 @@ function generateName($file)
         $q->execute();
         $result = $q->fetchColumn();
         // If it does, generate a new name
-    } while ($result > 0);
-
-    return $name;
-}
+        } while ($result > 0);
+            return $name;
+        }
 
 /**
  * Handles the uploading and db entry for a file.
@@ -100,13 +117,16 @@ function uploadFile($file)
     // Generate a name for the file
     $newname = generateName($file);
 
+    // Get IP
+    $ip = $_SERVER['REMOTE_ADDR'];
+
     // Store the file's full file path in memory
-    $uploadFile = UGUU_FILES_ROOT.$newname;
+    $uploadFile = POMF_FILES_ROOT . $newname;
 
     // Attempt to move it to the static directory
     if (!move_uploaded_file($file->tempfile, $uploadFile)) {
-        http_response_code(500);
-        throw new Exception(
+            http_response_code(500);        
+    throw new Exception(
             'Failed to move file to destination',
             500
         ); // HTTP status code "500 Internal Server Error"
@@ -114,40 +134,48 @@ function uploadFile($file)
 
     // Need to change permissions for the new file to make it world readable
     if (!chmod($uploadFile, 0644)) {
-        http_response_code(500);
-        throw new Exception(
+            http_response_code(500);       
+    throw new Exception(
             'Failed to change file permissions',
             500
         ); // HTTP status code "500 Internal Server Error"
     }
 
     // Add it to the database
-    $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date) VALUES (:hash, :orig, :name, :size, :date)');
-
+    if(LOG_IP == 'yes'){
+        $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)');
+    }else{
+	    $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date) VALUES (:hash, :orig, :name, :size, :date)');
+    }
     // Common parameters binding
     $q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
     $q->bindValue(':orig', strip_tags($file->name), PDO::PARAM_STR);
     $q->bindValue(':name', $newname, PDO::PARAM_STR);
     $q->bindValue(':size', $file->size, PDO::PARAM_INT);
     $q->bindValue(':date', time(), PDO::PARAM_INT);
+    if(LOG_IP == 'yes'){
+    $q->bindValue(':ip', $ip, PDO::PARAM_STR);
+    }
     $q->execute();
 
-    return [
+    return array(
         'hash' => $file->getSha1(),
         'name' => $file->name,
-        'url' => UGUU_URL.rawurlencode($newname),
+        'url' => POMF_URL.rawurlencode($newname),
         'size' => $file->size,
-    ];
+    );
 }
 
 /**
  * Reorder files array by file.
  *
+ * @param  $_FILES
+ *
  * @return array
  */
 function diverseArray($files)
 {
-    $result = [];
+    $result = array();
 
     foreach ($files as $key1 => $value1) {
         foreach ($value1 as $key2 => $value2) {
@@ -161,11 +189,13 @@ function diverseArray($files)
 /**
  * Reorganize the $_FILES array into something saner.
  *
+ * @param  $_FILES
+ *
  * @return array
  */
 function refiles($files)
 {
-    $result = [];
+    $result = array();
     $files = diverseArray($files);
 
     foreach ($files as $file) {