forked from gitbot/uguu
give option to log ip
parent
7c9356159c
commit
8fa0750dd7
|
@ -8,5 +8,6 @@ CREATE TABLE `files` (
|
||||||
, `filename` varchar(30) default NULL
|
, `filename` varchar(30) default NULL
|
||||||
, `size` integer default NULL
|
, `size` integer default NULL
|
||||||
, `date` integer default NULL
|
, `date` integer default NULL
|
||||||
|
, `ip` char(15) default NULL
|
||||||
);
|
);
|
||||||
END TRANSACTION;
|
END TRANSACTION;
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
*
|
*
|
||||||
* @see http://php.net/manual/en/ref.pdo-mysql.connection.php PHP manual for
|
* @see http://php.net/manual/en/ref.pdo-mysql.connection.php PHP manual for
|
||||||
* PDO_MYSQL DSN.
|
* PDO_MYSQL DSN.
|
||||||
* @param string POMF_DB_CONN DSN:host|unix_socket=hostname|path;dbname=database
|
* @param string UGUU_DB_CONN DSN:host|unix_socket=hostname|path;dbname=database
|
||||||
*/
|
*/
|
||||||
define('UGUU_DB_CONN', 'sqlite:/path/to/db/uguu.sq3');
|
define('UGUU_DB_CONN', 'sqlite:/path/to/db/uguu.sq3');
|
||||||
|
|
||||||
|
@ -20,11 +20,14 @@ define('UGUU_DB_CONN', 'sqlite:/path/to/db/uguu.sq3');
|
||||||
* PDO database login credentials
|
* PDO database login credentials
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* @param string POMF_DB_NAME Database username */
|
/* @param string UGUU_DB_NAME Database username */
|
||||||
define('UGUU_DB_USER', 'NULL');
|
define('UGUU_DB_USER', 'NULL');
|
||||||
/* @param string POMF_DB_PASS Database password */
|
/* @param string UGUU_DB_PASS Database password */
|
||||||
define('UGUU_DB_PASS', 'NULL');
|
define('UGUU_DB_PASS', 'NULL');
|
||||||
|
|
||||||
|
/** Log IP of uploads */
|
||||||
|
define('LOG_IP', 'no');
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* File system location where to store uploaded files
|
* File system location where to store uploaded files
|
||||||
*
|
*
|
||||||
|
@ -39,14 +42,14 @@ define('UGUU_FILES_ROOT', '/path/to/file/');
|
||||||
* exist under a randomly generated filename, so we count tries and keep trying.
|
* exist under a randomly generated filename, so we count tries and keep trying.
|
||||||
* If this value is exceeded, we give up trying to generate a new filename.
|
* If this value is exceeded, we give up trying to generate a new filename.
|
||||||
*
|
*
|
||||||
* @param int POMF_FILES_RETRIES Number of attempts to retry
|
* @param int UGUU_FILES_RETRIES Number of attempts to retry
|
||||||
*/
|
*/
|
||||||
define('UGUU_FILES_RETRIES', 15);
|
define('UGUU_FILES_RETRIES', 15);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The length of generated filename (without file extension)
|
* The length of generated filename (without file extension)
|
||||||
*
|
*
|
||||||
* @param int POMF_FILES_LENGTH Number of random alphabetical ASCII characters
|
* @param int UGUU_FILES_LENGTH Number of random alphabetical ASCII characters
|
||||||
* to use
|
* to use
|
||||||
*/
|
*/
|
||||||
define('UGUU_FILES_LENGTH', 8);
|
define('UGUU_FILES_LENGTH', 8);
|
||||||
|
@ -54,9 +57,9 @@ define('UGUU_FILES_LENGTH', 8);
|
||||||
/*
|
/*
|
||||||
* URI to prepend to links for uploaded files
|
* URI to prepend to links for uploaded files
|
||||||
*
|
*
|
||||||
* @param string POMF_URL URI with trailing delimiter
|
* @param string UGUU_URL URI with trailing delimiter
|
||||||
*/
|
*/
|
||||||
define('UGUU_URL', 'https://a.uguu.se/');
|
define('UGUU_URL', 'https://url.to.subdomain.where.files.will.be.served.com');
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* URI for filename generation
|
* URI for filename generation
|
||||||
|
|
|
@ -1,15 +1,20 @@
|
||||||
<?php
|
<?php
|
||||||
/**
|
/**
|
||||||
* Require the settings and DB files.
|
* Handles POST uploads, generates filenames, moves files around and commits
|
||||||
|
* uploaded metadata to database.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
require_once 'classes/Response.class.php';
|
require_once 'classes/Response.class.php';
|
||||||
require_once 'classes/UploadException.class.php';
|
require_once 'classes/UploadException.class.php';
|
||||||
require_once 'classes/UploadedFile.class.php';
|
require_once 'classes/UploadedFile.class.php';
|
||||||
require_once 'includes/database.inc.php';
|
require_once 'includes/database.inc.php';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Generates name and checks in DB
|
* Generates a random name for the file, retrying until we get an unused one.
|
||||||
* Also adds to DB.
|
*
|
||||||
|
* @param UploadedFile $file
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
*/
|
*/
|
||||||
function generateName($file)
|
function generateName($file)
|
||||||
{
|
{
|
||||||
|
@ -17,8 +22,8 @@ function generateName($file)
|
||||||
global $doubledots;
|
global $doubledots;
|
||||||
|
|
||||||
// We start at N retries, and --N until we give up
|
// We start at N retries, and --N until we give up
|
||||||
$tries = UGUU_FILES_RETRIES;
|
$tries = POMF_FILES_RETRIES;
|
||||||
$length = UGUU_FILES_LENGTH;
|
$length = POMF_FILES_LENGTH;
|
||||||
//Get EXT
|
//Get EXT
|
||||||
$ext = pathinfo($file->name, PATHINFO_EXTENSION);
|
$ext = pathinfo($file->name, PATHINFO_EXTENSION);
|
||||||
//Get mime
|
//Get mime
|
||||||
|
@ -37,7 +42,8 @@ function generateName($file)
|
||||||
do {
|
do {
|
||||||
// Iterate until we reach the maximum number of retries
|
// Iterate until we reach the maximum number of retries
|
||||||
if ($tries-- === 0) {
|
if ($tries-- === 0) {
|
||||||
throw new Exception(
|
http_response_code(500);
|
||||||
|
throw new Exception(
|
||||||
'Gave up trying to find an unused name',
|
'Gave up trying to find an unused name',
|
||||||
500
|
500
|
||||||
); // HTTP status code "500 Internal Server Error"
|
); // HTTP status code "500 Internal Server Error"
|
||||||
|
@ -54,17 +60,29 @@ function generateName($file)
|
||||||
$name .= '.'.$ext;
|
$name .= '.'.$ext;
|
||||||
}
|
}
|
||||||
|
|
||||||
//Check if mime is blacklisted
|
//Check if mime is blacklisted
|
||||||
if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
|
if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
|
||||||
http_response_code(415);
|
http_response_code(415);
|
||||||
throw new Exception('Filetype not allowed!');
|
throw new Exception ('Extension type not allowed.');
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
//Check if EXT is blacklisted
|
//Check if EXT is blacklisted
|
||||||
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
|
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
|
||||||
|
http_response_code(415);
|
||||||
|
throw new Exception ('Extension type not allowed.');
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check blacklist DB
|
||||||
|
$q = $db->prepare('SELECT hash, COUNT(*) AS count FROM blacklistedfiles WHERE hash = (:hash)');
|
||||||
|
$q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
|
||||||
|
$q->execute();
|
||||||
|
$result = $q->fetch();
|
||||||
|
if ($result['count'] > 0) {
|
||||||
http_response_code(415);
|
http_response_code(415);
|
||||||
throw new Exception('Filetype not allowed!');
|
throw new UploadException(UPLOAD_ERR_BLACKLISTED);
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -74,10 +92,9 @@ function generateName($file)
|
||||||
$q->execute();
|
$q->execute();
|
||||||
$result = $q->fetchColumn();
|
$result = $q->fetchColumn();
|
||||||
// If it does, generate a new name
|
// If it does, generate a new name
|
||||||
} while ($result > 0);
|
} while ($result > 0);
|
||||||
|
return $name;
|
||||||
return $name;
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Handles the uploading and db entry for a file.
|
* Handles the uploading and db entry for a file.
|
||||||
|
@ -100,13 +117,16 @@ function uploadFile($file)
|
||||||
// Generate a name for the file
|
// Generate a name for the file
|
||||||
$newname = generateName($file);
|
$newname = generateName($file);
|
||||||
|
|
||||||
|
// Get IP
|
||||||
|
$ip = $_SERVER['REMOTE_ADDR'];
|
||||||
|
|
||||||
// Store the file's full file path in memory
|
// Store the file's full file path in memory
|
||||||
$uploadFile = UGUU_FILES_ROOT.$newname;
|
$uploadFile = POMF_FILES_ROOT . $newname;
|
||||||
|
|
||||||
// Attempt to move it to the static directory
|
// Attempt to move it to the static directory
|
||||||
if (!move_uploaded_file($file->tempfile, $uploadFile)) {
|
if (!move_uploaded_file($file->tempfile, $uploadFile)) {
|
||||||
http_response_code(500);
|
http_response_code(500);
|
||||||
throw new Exception(
|
throw new Exception(
|
||||||
'Failed to move file to destination',
|
'Failed to move file to destination',
|
||||||
500
|
500
|
||||||
); // HTTP status code "500 Internal Server Error"
|
); // HTTP status code "500 Internal Server Error"
|
||||||
|
@ -114,40 +134,48 @@ function uploadFile($file)
|
||||||
|
|
||||||
// Need to change permissions for the new file to make it world readable
|
// Need to change permissions for the new file to make it world readable
|
||||||
if (!chmod($uploadFile, 0644)) {
|
if (!chmod($uploadFile, 0644)) {
|
||||||
http_response_code(500);
|
http_response_code(500);
|
||||||
throw new Exception(
|
throw new Exception(
|
||||||
'Failed to change file permissions',
|
'Failed to change file permissions',
|
||||||
500
|
500
|
||||||
); // HTTP status code "500 Internal Server Error"
|
); // HTTP status code "500 Internal Server Error"
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add it to the database
|
// Add it to the database
|
||||||
$q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date) VALUES (:hash, :orig, :name, :size, :date)');
|
if(LOG_IP == 'yes'){
|
||||||
|
$q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)');
|
||||||
|
}else{
|
||||||
|
$q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date) VALUES (:hash, :orig, :name, :size, :date)');
|
||||||
|
}
|
||||||
// Common parameters binding
|
// Common parameters binding
|
||||||
$q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
|
$q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
|
||||||
$q->bindValue(':orig', strip_tags($file->name), PDO::PARAM_STR);
|
$q->bindValue(':orig', strip_tags($file->name), PDO::PARAM_STR);
|
||||||
$q->bindValue(':name', $newname, PDO::PARAM_STR);
|
$q->bindValue(':name', $newname, PDO::PARAM_STR);
|
||||||
$q->bindValue(':size', $file->size, PDO::PARAM_INT);
|
$q->bindValue(':size', $file->size, PDO::PARAM_INT);
|
||||||
$q->bindValue(':date', time(), PDO::PARAM_INT);
|
$q->bindValue(':date', time(), PDO::PARAM_INT);
|
||||||
|
if(LOG_IP == 'yes'){
|
||||||
|
$q->bindValue(':ip', $ip, PDO::PARAM_STR);
|
||||||
|
}
|
||||||
$q->execute();
|
$q->execute();
|
||||||
|
|
||||||
return [
|
return array(
|
||||||
'hash' => $file->getSha1(),
|
'hash' => $file->getSha1(),
|
||||||
'name' => $file->name,
|
'name' => $file->name,
|
||||||
'url' => UGUU_URL.rawurlencode($newname),
|
'url' => POMF_URL.rawurlencode($newname),
|
||||||
'size' => $file->size,
|
'size' => $file->size,
|
||||||
];
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Reorder files array by file.
|
* Reorder files array by file.
|
||||||
*
|
*
|
||||||
|
* @param $_FILES
|
||||||
|
*
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
function diverseArray($files)
|
function diverseArray($files)
|
||||||
{
|
{
|
||||||
$result = [];
|
$result = array();
|
||||||
|
|
||||||
foreach ($files as $key1 => $value1) {
|
foreach ($files as $key1 => $value1) {
|
||||||
foreach ($value1 as $key2 => $value2) {
|
foreach ($value1 as $key2 => $value2) {
|
||||||
|
@ -161,11 +189,13 @@ function diverseArray($files)
|
||||||
/**
|
/**
|
||||||
* Reorganize the $_FILES array into something saner.
|
* Reorganize the $_FILES array into something saner.
|
||||||
*
|
*
|
||||||
|
* @param $_FILES
|
||||||
|
*
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
function refiles($files)
|
function refiles($files)
|
||||||
{
|
{
|
||||||
$result = [];
|
$result = array();
|
||||||
$files = diverseArray($files);
|
$files = diverseArray($files);
|
||||||
|
|
||||||
foreach ($files as $file) {
|
foreach ($files as $file) {
|
||||||
|
|
Loading…
Reference in New Issue