Soper
/
sugoi
forked from gitbot/uguu
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

give option to log ip

testing
nokonoko 2021-05-02 14:38:09 +02:00
parent 7c9356159c
commit 8fa0750dd7
3 changed files with 69 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sqlite_schema.sql
View File

@ -8,5 +8,6 @@ CREATE TABLE `files` (
, `filename` varchar(30) default NULL , `filename` varchar(30) default NULL
, `size` integer default NULL , `size` integer default NULL
, `date` integer default NULL , `date` integer default NULL
, `ip` char(15) default NULL
); );
END TRANSACTION; END TRANSACTION;

17
static/php/includes/settings.inc.php
View File

@ -12,7 +12,7 @@
* *
* @see http://php.net/manual/en/ref.pdo-mysql.connection.php PHP manual for * @see http://php.net/manual/en/ref.pdo-mysql.connection.php PHP manual for
* PDO_MYSQL DSN. * PDO_MYSQL DSN.
* @param string POMF_DB_CONN DSN:host|unix_socket=hostname|path;dbname=database * @param string UGUU_DB_CONN DSN:host|unix_socket=hostname|path;dbname=database
*/ */
define('UGUU_DB_CONN', 'sqlite:/path/to/db/uguu.sq3'); define('UGUU_DB_CONN', 'sqlite:/path/to/db/uguu.sq3');
@ -20,11 +20,14 @@ define('UGUU_DB_CONN', 'sqlite:/path/to/db/uguu.sq3');
* PDO database login credentials * PDO database login credentials
*/ */
/* @param string POMF_DB_NAME Database username */ /* @param string UGUU_DB_NAME Database username */
define('UGUU_DB_USER', 'NULL'); define('UGUU_DB_USER', 'NULL');
/* @param string POMF_DB_PASS Database password */ /* @param string UGUU_DB_PASS Database password */
define('UGUU_DB_PASS', 'NULL'); define('UGUU_DB_PASS', 'NULL');
/** Log IP of uploads */
define('LOG_IP', 'no');
/* /*
* File system location where to store uploaded files * File system location where to store uploaded files
* *
@ -39,14 +42,14 @@ define('UGUU_FILES_ROOT', '/path/to/file/');
* exist under a randomly generated filename, so we count tries and keep trying. * exist under a randomly generated filename, so we count tries and keep trying.
* If this value is exceeded, we give up trying to generate a new filename. * If this value is exceeded, we give up trying to generate a new filename.
* *
* @param int POMF_FILES_RETRIES Number of attempts to retry * @param int UGUU_FILES_RETRIES Number of attempts to retry
*/ */
define('UGUU_FILES_RETRIES', 15); define('UGUU_FILES_RETRIES', 15);
/* /*
* The length of generated filename (without file extension) * The length of generated filename (without file extension)
* *
* @param int POMF_FILES_LENGTH Number of random alphabetical ASCII characters * @param int UGUU_FILES_LENGTH Number of random alphabetical ASCII characters
* to use * to use
*/ */
define('UGUU_FILES_LENGTH', 8); define('UGUU_FILES_LENGTH', 8);
@ -54,9 +57,9 @@ define('UGUU_FILES_LENGTH', 8);
/* /*
* URI to prepend to links for uploaded files * URI to prepend to links for uploaded files
* *
* @param string POMF_URL URI with trailing delimiter * @param string UGUU_URL URI with trailing delimiter
*/ */
define('UGUU_URL', 'https://a.uguu.se/'); define('UGUU_URL', 'https://url.to.subdomain.where.files.will.be.served.com');
/* /*
* URI for filename generation * URI for filename generation

60
static/php/upload.php
View File

@ -1,15 +1,20 @@
<?php <?php
/** /**
* Require the settings and DB files. * Handles POST uploads, generates filenames, moves files around and commits
* uploaded metadata to database.
*/ */
require_once 'classes/Response.class.php'; require_once 'classes/Response.class.php';
require_once 'classes/UploadException.class.php'; require_once 'classes/UploadException.class.php';
require_once 'classes/UploadedFile.class.php'; require_once 'classes/UploadedFile.class.php';
require_once 'includes/database.inc.php'; require_once 'includes/database.inc.php';
/** /**
* Generates name and checks in DB * Generates a random name for the file, retrying until we get an unused one.
* Also adds to DB. *
* @param UploadedFile $file
*
* @return string
*/ */
function generateName($file) function generateName($file)
{ {
@ -17,8 +22,8 @@ function generateName($file)
global $doubledots; global $doubledots;
// We start at N retries, and --N until we give up // We start at N retries, and --N until we give up
$tries = UGUU_FILES_RETRIES; $tries = POMF_FILES_RETRIES;
$length = UGUU_FILES_LENGTH; $length = POMF_FILES_LENGTH;
//Get EXT //Get EXT
$ext = pathinfo($file->name, PATHINFO_EXTENSION); $ext = pathinfo($file->name, PATHINFO_EXTENSION);
//Get mime //Get mime
@ -37,6 +42,7 @@ function generateName($file)
do { do {
// Iterate until we reach the maximum number of retries // Iterate until we reach the maximum number of retries
if ($tries-- === 0) { if ($tries-- === 0) {
http_response_code(500);
throw new Exception( throw new Exception(
'Gave up trying to find an unused name', 'Gave up trying to find an unused name',
500 500
@ -57,14 +63,26 @@ function generateName($file)
//Check if mime is blacklisted //Check if mime is blacklisted
if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) { if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
http_response_code(415); http_response_code(415);
throw new Exception('Filetype not allowed!'); throw new Exception ('Extension type not allowed.');
exit(0); exit(0);
} }
//Check if EXT is blacklisted //Check if EXT is blacklisted
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) { if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
http_response_code(415); http_response_code(415);
throw new Exception('Filetype not allowed!'); throw new Exception ('Extension type not allowed.');
exit(0);
}
// Check blacklist DB
$q = $db->prepare('SELECT hash, COUNT(*) AS count FROM blacklistedfiles WHERE hash = (:hash)');
$q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
$q->execute();
$result = $q->fetch();
if ($result['count'] > 0) {
http_response_code(415);
throw new UploadException(UPLOAD_ERR_BLACKLISTED);
exit(0); exit(0);
} }
@ -75,7 +93,6 @@ function generateName($file)
$result = $q->fetchColumn(); $result = $q->fetchColumn();
// If it does, generate a new name // If it does, generate a new name
} while ($result > 0); } while ($result > 0);
return $name; return $name;
} }
@ -100,8 +117,11 @@ function uploadFile($file)
// Generate a name for the file // Generate a name for the file
$newname = generateName($file); $newname = generateName($file);
// Get IP
$ip = $_SERVER['REMOTE_ADDR'];
// Store the file's full file path in memory // Store the file's full file path in memory
$uploadFile = UGUU_FILES_ROOT.$newname; $uploadFile = POMF_FILES_ROOT . $newname;
// Attempt to move it to the static directory // Attempt to move it to the static directory
if (!move_uploaded_file($file->tempfile, $uploadFile)) { if (!move_uploaded_file($file->tempfile, $uploadFile)) {
@ -122,32 +142,40 @@ function uploadFile($file)
} }
// Add it to the database // Add it to the database
if(LOG_IP == 'yes'){
$q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)');
}else{
$q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date) VALUES (:hash, :orig, :name, :size, :date)'); $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date) VALUES (:hash, :orig, :name, :size, :date)');
}
// Common parameters binding // Common parameters binding
$q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR); $q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
$q->bindValue(':orig', strip_tags($file->name), PDO::PARAM_STR); $q->bindValue(':orig', strip_tags($file->name), PDO::PARAM_STR);
$q->bindValue(':name', $newname, PDO::PARAM_STR); $q->bindValue(':name', $newname, PDO::PARAM_STR);
$q->bindValue(':size', $file->size, PDO::PARAM_INT); $q->bindValue(':size', $file->size, PDO::PARAM_INT);
$q->bindValue(':date', time(), PDO::PARAM_INT); $q->bindValue(':date', time(), PDO::PARAM_INT);
if(LOG_IP == 'yes'){
$q->bindValue(':ip', $ip, PDO::PARAM_STR);
}
$q->execute(); $q->execute();
return [ return array(
'hash' => $file->getSha1(), 'hash' => $file->getSha1(),
'name' => $file->name, 'name' => $file->name,
'url' => UGUU_URL.rawurlencode($newname), 'url' => POMF_URL.rawurlencode($newname),
'size' => $file->size, 'size' => $file->size,
]; );
} }
/** /**
* Reorder files array by file. * Reorder files array by file.
* *
* @param $_FILES
*
* @return array * @return array
*/ */
function diverseArray($files) function diverseArray($files)
{ {
$result = []; $result = array();
foreach ($files as $key1 => $value1) { foreach ($files as $key1 => $value1) {
foreach ($value1 as $key2 => $value2) { foreach ($value1 as $key2 => $value2) {
@ -161,11 +189,13 @@ function diverseArray($files)
/** /**
* Reorganize the $_FILES array into something saner. * Reorganize the $_FILES array into something saner.
* *
* @param $_FILES
*
* @return array * @return array
*/ */
function refiles($files) function refiles($files)
{ {
$result = []; $result = array();
$files = diverseArray($files); $files = diverseArray($files);
foreach ($files as $file) { foreach ($files as $file) {