changes
3
.gitignore
vendored
@ -1,2 +1,3 @@
|
||||
.DS_Store
|
||||
**/.DS_Store
|
||||
node_modules
|
||||
dist/
|
2
Makefile
@ -25,7 +25,7 @@ htmlmin:
|
||||
installdirs:
|
||||
mkdir -p $(DESTDIR)/ $(DESTDIR)/img
|
||||
ifneq (,$(findstring php,$(MODULES)))
|
||||
mkdir -p $(DESTDIR)/classes $(DESTDIR)/includes
|
||||
mkdir -p $(DESTDIR)/includes
|
||||
endif
|
||||
ifneq (,$(findstring moe,$(MODULES)))
|
||||
mkdir -p $(DESTDIR)/moe/{css,fonts,includes,js,login,panel/css/font,panel/css/images,register,templates}
|
||||
|
Before Width: | Height: | Size: 29 KiB After Width: | Height: | Size: 29 KiB |
Before Width: | Height: | Size: 46 KiB After Width: | Height: | Size: 46 KiB |
Before Width: | Height: | Size: 76 KiB After Width: | Height: | Size: 76 KiB |
Before Width: | Height: | Size: 33 KiB After Width: | Height: | Size: 33 KiB |
Before Width: | Height: | Size: 73 KiB After Width: | Height: | Size: 73 KiB |
Before Width: | Height: | Size: 76 KiB After Width: | Height: | Size: 76 KiB |
Before Width: | Height: | Size: 228 KiB After Width: | Height: | Size: 228 KiB |
Before Width: | Height: | Size: 22 KiB After Width: | Height: | Size: 22 KiB |
Before Width: | Height: | Size: 36 KiB After Width: | Height: | Size: 36 KiB |
Before Width: | Height: | Size: 47 KiB After Width: | Height: | Size: 47 KiB |
Before Width: | Height: | Size: 65 KiB After Width: | Height: | Size: 65 KiB |
Before Width: | Height: | Size: 22 KiB After Width: | Height: | Size: 22 KiB |
Before Width: | Height: | Size: 56 KiB After Width: | Height: | Size: 56 KiB |
Before Width: | Height: | Size: 13 KiB After Width: | Height: | Size: 13 KiB |
Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 20 KiB |
Before Width: | Height: | Size: 28 KiB After Width: | Height: | Size: 28 KiB |
Before Width: | Height: | Size: 28 KiB After Width: | Height: | Size: 28 KiB |
Before Width: | Height: | Size: 47 KiB After Width: | Height: | Size: 47 KiB |
Before Width: | Height: | Size: 28 KiB After Width: | Height: | Size: 28 KiB |
@ -1,37 +0,0 @@
|
||||
<?php
|
||||
/*
|
||||
* Uguu
|
||||
*
|
||||
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
require_once 'includes/Upload.class.php';
|
||||
|
||||
use Core\Response as Response;
|
||||
|
||||
if (isset($_FILES['files'])) {
|
||||
$uploads = (new Upload())->reFiles($_FILES['files']);
|
||||
|
||||
foreach ($uploads as $upload) {
|
||||
$res[] = (new Upload())->uploadFile($upload);
|
||||
}
|
||||
|
||||
if (isset($res)) {
|
||||
(new Response())->returnSuccess($res);
|
||||
} else {
|
||||
(new Response())->returnError(400, 'No input file(s)', 'N/A');
|
||||
}
|
||||
}
|
@ -1,24 +1,25 @@
|
||||
<?php
|
||||
/*
|
||||
* Uguu
|
||||
*
|
||||
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
// Array of image paths, feel free to add/remove to/from this list
|
||||
$images = array(
|
||||
'img/2.png',
|
||||
'img/3.png',
|
||||
'img/4.png',
|
||||
'img/5.png',
|
||||
'img/6.png',
|
||||
'img/7.png',
|
||||
'img/8.png',
|
||||
'img/9.png',
|
||||
'img/10.png',
|
||||
'img/11.png',
|
||||
'img/12.png',
|
||||
'img/13.png',
|
||||
'img/14.png',
|
||||
'img/15.png',
|
||||
);
|
||||
require_once 'includes/Core.namespace.php';
|
||||
|
||||
// Redirect to a random image from the above array using status code "303 See Other"
|
||||
if (headers_sent() === false) {
|
||||
header('Location: '.$images[array_rand($images)], true, 303);
|
||||
}
|
||||
use Core\cuteGrills as cuteGrills;
|
||||
|
||||
cuteGrills::showGrills();
|
195
static/php/includes/Core.namespace.php
Normal file
@ -0,0 +1,195 @@
|
||||
<?php
|
||||
/*
|
||||
* Uguu
|
||||
*
|
||||
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace Core {
|
||||
|
||||
use PDO;
|
||||
use Upload as Upload;
|
||||
|
||||
class Settings
|
||||
{
|
||||
|
||||
public static mixed $DB;
|
||||
|
||||
public static string $DB_MODE;
|
||||
public static string $DB_PATH;
|
||||
public static string $DB_USER;
|
||||
public static string $DB_PASS;
|
||||
|
||||
public static bool $LOG_IP;
|
||||
public static bool $ANTI_DUPE;
|
||||
public static bool $BLACKLIST_DB;
|
||||
public static bool $FILTER_MODE;
|
||||
|
||||
public static string $FILES_ROOT;
|
||||
public static int $FILES_RETRIES;
|
||||
|
||||
public static bool $SSL;
|
||||
public static string $URL;
|
||||
|
||||
public static int $NAME_LENGTH;
|
||||
public static string $ID_CHARSET;
|
||||
public static array $DOUBLE_DOTS;
|
||||
public static array $BLOCKED_EXTENSIONS;
|
||||
public static array $BLOCKED_MIME;
|
||||
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$settings_array = json_decode(file_get_contents('/Users/go.johansson/PERSONAL_REPOS/Uguu/dist.json'), true);
|
||||
self::$DB_MODE = $settings_array['DB_MODE'];
|
||||
self::$DB_PATH = $settings_array['DB_PATH'];
|
||||
self::$DB_USER = $settings_array['DB_USER'];
|
||||
self::$DB_PASS = $settings_array['DB_PASS'];
|
||||
self::$LOG_IP = $settings_array['LOG_IP'];
|
||||
self::$ANTI_DUPE = $settings_array['ANTI_DUPE'];
|
||||
self::$BLACKLIST_DB = $settings_array['BLACKLIST_DB'];
|
||||
self::$FILTER_MODE = $settings_array['FILTER_MODE'];
|
||||
self::$FILES_ROOT = $settings_array['FILES_ROOT'];
|
||||
self::$FILES_RETRIES = $settings_array['FILES_RETRIES'];
|
||||
self::$SSL = $settings_array['SSL'];
|
||||
self::$URL = $settings_array['URL'];
|
||||
self::$NAME_LENGTH = $settings_array['NAME_LENGTH'];
|
||||
self::$ID_CHARSET = $settings_array['ID_CHARSET'];
|
||||
self::$BLOCKED_EXTENSIONS = $settings_array['BLOCKED_EXTENSIONS'];
|
||||
self::$BLOCKED_MIME = $settings_array['BLOCKED_MIME'];
|
||||
self::$DOUBLE_DOTS = array($settings_array['DOUBLE_DOTS']);
|
||||
}
|
||||
}
|
||||
|
||||
class cuteGrills
|
||||
{
|
||||
public static array $GRILLS;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
self::$GRILLS = array_slice(scandir('/Users/go.johansson/PERSONAL_REPOS/Uguu/dist/img/grills/'), 2);
|
||||
}
|
||||
|
||||
|
||||
public static function showGrills()
|
||||
{
|
||||
if (!headers_sent()) {
|
||||
header('Location: ' . self::$GRILLS[array_rand(self::$GRILLS)], true, 303);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
class Response
|
||||
{
|
||||
public function returnError($code, $message, $filename): bool|string
|
||||
{
|
||||
http_response_code($code);
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
self::cleanAndDie();
|
||||
return json_encode(array(
|
||||
'success' => false,
|
||||
'file' => $filename,
|
||||
'code' => $code,
|
||||
'description' => $message
|
||||
), JSON_FORCE_OBJECT);
|
||||
}
|
||||
|
||||
public function cleanAndDie()
|
||||
{
|
||||
Settings::$DB = null;
|
||||
}
|
||||
|
||||
public function returnSuccess($files): bool|string
|
||||
{
|
||||
http_response_code('200');
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
return json_encode(array(
|
||||
'success' => true,
|
||||
'files' => $files
|
||||
), JSON_PRETTY_PRINT);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
class Database
|
||||
{
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
Settings::$DB = new PDO(
|
||||
Settings::$DB_MODE . ':' . Settings::$DB_PATH, Settings::$DB_USER,
|
||||
Settings::$DB_PASS
|
||||
);
|
||||
}
|
||||
|
||||
public function dbCheckNameExists()
|
||||
{
|
||||
$q = Settings::$DB->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
|
||||
$q->bindValue(':name', Upload::$NEW_NAME_FULL);
|
||||
$q->execute();
|
||||
return $q->fetchColumn();
|
||||
}
|
||||
|
||||
public function checkFileBlacklist()
|
||||
{
|
||||
$q = Settings::$DB->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
|
||||
$q->bindValue(':hash', Upload::$SHA1, PDO::PARAM_STR);
|
||||
$q->execute();
|
||||
$result = $q->fetch();
|
||||
if ($result['count'] > 0) {
|
||||
(new Response())->returnError('415', 'File blacklisted!', Upload::$FILE_NAME);
|
||||
}
|
||||
}
|
||||
|
||||
public function antiDupe(): ?array
|
||||
{
|
||||
$q = Settings::$DB->prepare(
|
||||
'SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash) AND size = (:size)'
|
||||
);
|
||||
$q->bindValue(':hash', Upload::$SHA1, PDO::PARAM_STR);
|
||||
$q->bindValue(':size', Upload::$FILE_SIZE, PDO::PARAM_INT);
|
||||
$q->execute();
|
||||
$result = $q->fetch();
|
||||
if ($result['count'] > 0) {
|
||||
return array(
|
||||
'hash' => Upload::$SHA1,
|
||||
'name' => Upload::$FILE_NAME,
|
||||
'url' => Settings::$URL . rawurlencode($result['filename']),
|
||||
'size' => Upload::$FILE_SIZE
|
||||
);
|
||||
}
|
||||
return [];
|
||||
}
|
||||
|
||||
public function newIntoDB()
|
||||
{
|
||||
$q = Settings::$DB->prepare(
|
||||
'INSERT INTO files (hash, originalname, filename, size, date, ip)' .
|
||||
'VALUES (:hash, :orig, :name, :size, :date, :ip)'
|
||||
);
|
||||
$q->bindValue(':hash', Upload::$SHA1, PDO::PARAM_STR);
|
||||
$q->bindValue(':orig', strip_tags(Upload::$FILE_NAME), PDO::PARAM_STR);
|
||||
$q->bindValue(':name', Upload::$NEW_NAME_FULL, PDO::PARAM_STR);
|
||||
$q->bindValue(':size', Upload::$FILE_SIZE, PDO::PARAM_INT);
|
||||
$q->bindValue(':date', time(), PDO::PARAM_STR);
|
||||
$q->bindValue(':ip', Upload::$IP, PDO::PARAM_STR);
|
||||
$q->execute();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
200
static/php/includes/Upload.class.php
Normal file
@ -0,0 +1,200 @@
|
||||
<?php
|
||||
/*
|
||||
* Uguu
|
||||
*
|
||||
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
|
||||
require_once 'Core.namespace.php';
|
||||
|
||||
use Core\Database as Database;
|
||||
use Core\Response as Response;
|
||||
use Core\Settings as Settings;
|
||||
|
||||
class Upload
|
||||
{
|
||||
public static string $FILE_NAME;
|
||||
public static string $FILE_EXTENSION;
|
||||
public static string $FILE_MIME;
|
||||
public static string $SHA1;
|
||||
public static int $FILE_SIZE;
|
||||
public static string $NEW_NAME;
|
||||
public static string $NEW_NAME_FULL;
|
||||
public static string $IP;
|
||||
public mixed $file;
|
||||
|
||||
/**
|
||||
* @param $file
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function uploadFile($file): array
|
||||
{
|
||||
if (Settings::$ANTI_DUPE) {
|
||||
(new Database())->antiDupe();
|
||||
}
|
||||
|
||||
self::generateName($file);
|
||||
|
||||
if (!move_uploaded_file($file->tempfile, Settings::$FILES_ROOT . self::$NEW_NAME_FULL)) {
|
||||
(new Response())->returnError('500', 'Failed to move file to destination', self::$FILE_NAME);
|
||||
}
|
||||
|
||||
if (!chmod(Settings::$FILES_ROOT . self::$NEW_NAME_FULL, 0644)) {
|
||||
(new Response())->returnError('500', 'Failed to change file permissions', self::$FILE_NAME);
|
||||
}
|
||||
|
||||
(new Database())->newIntoDB();
|
||||
|
||||
return array(
|
||||
'hash' => self::$SHA1,
|
||||
'name' => self::$FILE_NAME,
|
||||
'url' => Settings::$URL . rawurlencode(self::$NEW_NAME_FULL),
|
||||
'size' => self::$FILE_SIZE
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $file
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function generateName($file): string
|
||||
{
|
||||
self::fileInfo($file);
|
||||
|
||||
do {
|
||||
// Iterate until we reach the maximum number of retries
|
||||
if (Settings::$FILES_RETRIES === 0) {
|
||||
(new Response())->returnError('500', 'Gave up trying to find an unused name', self::$FILE_NAME);
|
||||
}
|
||||
|
||||
for ($i = 0; $i < Settings::$NAME_LENGTH; ++$i) {
|
||||
self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))];
|
||||
}
|
||||
|
||||
// Add the extension to the file name
|
||||
if (isset(self::$FILE_EXTENSION) && self::$FILE_EXTENSION !== '') {
|
||||
self::$NEW_NAME_FULL = self::$NEW_NAME . '.' . self::$FILE_EXTENSION;
|
||||
}
|
||||
|
||||
// Check if the file hash is blacklisted
|
||||
if (Settings::$BLACKLIST_DB) {
|
||||
(new Database())->checkFileBlacklist();
|
||||
}
|
||||
|
||||
// Check if extension or mime is blacklisted
|
||||
if (Settings::$FILTER_MODE) {
|
||||
self::checkMimeBlacklist();
|
||||
self::checkExtensionBlacklist();
|
||||
}
|
||||
} while ((new Database())->dbCheckNameExists() > 0);
|
||||
|
||||
return self::$NEW_NAME_FULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $file
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function fileInfo($file)
|
||||
{
|
||||
if (isset($_FILES['files'])) {
|
||||
self::$FILE_NAME = $file->name;
|
||||
self::$SHA1 = sha1_file($file->tempfile);
|
||||
self::$FILE_SIZE = $file->size;
|
||||
$finfo = finfo_open(FILEINFO_MIME_TYPE);
|
||||
self::$FILE_MIME = finfo_file($finfo, $file->tempfile);
|
||||
finfo_close($finfo);
|
||||
|
||||
if (Settings::$LOG_IP) {
|
||||
self::$IP = $_SERVER['REMOTE_ADDR'];
|
||||
} else {
|
||||
self::$IP = null;
|
||||
}
|
||||
// Check if extension is a double-dot extension and, if true, override $ext
|
||||
foreach (Settings::$DOUBLE_DOTS as $ddot) {
|
||||
if (stripos(strrev(self::$FILE_NAME), $ddot) === 0) {
|
||||
self::$FILE_EXTENSION = strrev($ddot);
|
||||
} else {
|
||||
self::$FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return void
|
||||
*/
|
||||
public function checkMimeBlacklist()
|
||||
{
|
||||
if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) {
|
||||
(new Response())->returnError('415', 'Filetype not allowed!', self::$FILE_NAME);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return void
|
||||
*/
|
||||
protected function checkExtensionBlacklist()
|
||||
{
|
||||
if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) {
|
||||
(new Response())->returnError('415', 'Filetype not allowed!', self::$FILE_NAME);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $files
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function reFiles($files): array
|
||||
{
|
||||
$result = [];
|
||||
$files = self::diverseArray($files);
|
||||
|
||||
foreach ($files as $file) {
|
||||
$f = $this->file;
|
||||
$f->name = $file['name'];
|
||||
$f->mime = $file['type'];
|
||||
$f->size = $file['size'];
|
||||
$f->tempfile = $file['tmp_name'];
|
||||
$f->error = $file['error'];
|
||||
$result[] = $f;
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $files
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function diverseArray($files): array
|
||||
{
|
||||
$result = [];
|
||||
|
||||
foreach ($files as $key1 => $value1) {
|
||||
foreach ($value1 as $key2 => $value2) {
|
||||
$result[$key2][$key1] = $value2;
|
||||
}
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
}
|
@ -1,281 +1,37 @@
|
||||
<?php
|
||||
/**
|
||||
* Handles POST uploads, generates filenames, moves files around and commits
|
||||
* uploaded metadata to database.
|
||||
/*
|
||||
* Uguu
|
||||
*
|
||||
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
require_once 'classes/Response.class.php';
|
||||
require_once 'classes/UploadException.class.php';
|
||||
require_once 'classes/UploadedFile.class.php';
|
||||
require_once 'includes/database.inc.php';
|
||||
|
||||
/**
|
||||
* Generates a random name for the file, retrying until we get an unused one.
|
||||
*
|
||||
* @param UploadedFile $file
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function generateName($file)
|
||||
{
|
||||
global $db;
|
||||
global $doubledots;
|
||||
require_once 'includes/Upload.class.php';
|
||||
|
||||
// We start at N retries, and --N until we give up
|
||||
$tries = UGUU_FILES_RETRIES;
|
||||
$length = UGUU_FILES_LENGTH;
|
||||
|
||||
//Get EXT
|
||||
$ext = pathinfo($file->name, PATHINFO_EXTENSION);
|
||||
|
||||
//Get MIME
|
||||
$finfo = finfo_open(FILEINFO_MIME_TYPE);
|
||||
$type_mime = finfo_file($finfo, $file->tempfile);
|
||||
finfo_close($finfo);
|
||||
|
||||
// Check if extension is a double-dot extension and, if true, override $ext
|
||||
$revname = strrev($file->name);
|
||||
foreach ($doubledots as $ddot) {
|
||||
if (stripos($revname, $ddot) === 0) {
|
||||
$ext = strrev($ddot);
|
||||
}
|
||||
}
|
||||
|
||||
do {
|
||||
// Iterate until we reach the maximum number of retries
|
||||
if ($tries-- === 0) {
|
||||
http_response_code(500);
|
||||
throw new Exception(
|
||||
'Gave up trying to find an unused name',
|
||||
500
|
||||
); // HTTP status code "500 Internal Server Error"
|
||||
}
|
||||
|
||||
$chars = ID_CHARSET;
|
||||
$name = '';
|
||||
for ($i = 0; $i < $length; ++$i) {
|
||||
$name .= $chars[mt_rand(0, strlen($chars))];
|
||||
}
|
||||
|
||||
// Add the extension to the file name
|
||||
if (isset($ext) && $ext !== '') {
|
||||
$name .= '.'.$ext;
|
||||
}
|
||||
|
||||
// Check if the file is blacklisted
|
||||
if(BLACKLIST_DB){
|
||||
$q = $db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
|
||||
$q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
|
||||
$q->execute();
|
||||
$result = $q->fetch();
|
||||
if ($result['count'] > 0) {
|
||||
http_response_code(415);
|
||||
throw new Exception(
|
||||
'File blacklisted!',
|
||||
415
|
||||
);
|
||||
exit(0);
|
||||
}
|
||||
}
|
||||
|
||||
// Check if file is whitelisted or blacklisted
|
||||
switch (CONFIG_FILTER_MODE) {
|
||||
|
||||
case false:
|
||||
//check if MIME is blacklisted
|
||||
if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
|
||||
http_response_code(415);
|
||||
throw new Exception(
|
||||
'File type not allowed!',
|
||||
415
|
||||
);
|
||||
exit(0);
|
||||
}
|
||||
//Check if EXT is blacklisted
|
||||
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
|
||||
http_response_code(415);
|
||||
throw new Exception(
|
||||
'File type not allowed!',
|
||||
415
|
||||
);
|
||||
exit(0);
|
||||
}
|
||||
break;
|
||||
|
||||
case true:
|
||||
//Check if MIME is whitelisted
|
||||
if (!in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
|
||||
http_response_code(415);
|
||||
throw new Exception(
|
||||
'File type not allowed!',
|
||||
415
|
||||
);
|
||||
exit(0);
|
||||
}
|
||||
//Check if EXT is whitelisted
|
||||
if (!in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
|
||||
http_response_code(415);
|
||||
throw new Exception(
|
||||
'File type not allowed!',
|
||||
415
|
||||
);
|
||||
exit(0);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
// Check if a file with the same name does already exist in the database
|
||||
$q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
|
||||
$q->bindValue(':name', $name, PDO::PARAM_STR);
|
||||
$q->execute();
|
||||
$result = $q->fetchColumn();
|
||||
// If it does, generate a new name
|
||||
} while ($result > 0);
|
||||
|
||||
return $name;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handles the uploading and db entry for a file.
|
||||
*
|
||||
* @param UploadedFile $file
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
function uploadFile($file)
|
||||
{
|
||||
global $db;
|
||||
|
||||
// Handle file errors
|
||||
if ($file->error) {
|
||||
throw new UploadException($file->error);
|
||||
}
|
||||
|
||||
//fixes a bug
|
||||
$lol = $file->getSha1();
|
||||
|
||||
// Check if a file with the same hash and size (a file which is the same)
|
||||
// does already exist in the database; if it does, return the proper link
|
||||
// and data. PHP deletes the temporary file just uploaded automatically.
|
||||
if(ANTI_DUPE){
|
||||
$q = $db->prepare('SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash) AND size = (:size)');
|
||||
$q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
|
||||
$q->bindValue(':size', $file->size, PDO::PARAM_INT);
|
||||
$q->execute();
|
||||
$result = $q->fetch();
|
||||
if ($result['count'] > 0) {
|
||||
return [
|
||||
'hash' => $file->getSha1(),
|
||||
'name' => $file->name,
|
||||
'url' => UGUU_URL.rawurlencode($result['filename']),
|
||||
'size' => $file->size,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
// Generate a name for the file
|
||||
$newname = generateName($file);
|
||||
|
||||
// Store the file's full file path in memory
|
||||
$uploadFile = UGUU_FILES_ROOT.$newname;
|
||||
|
||||
// Attempt to move it to the static directory
|
||||
if (!move_uploaded_file($file->tempfile, $uploadFile)) {
|
||||
http_response_code(500);
|
||||
throw new Exception(
|
||||
'Failed to move file to destination',
|
||||
500
|
||||
); // HTTP status code "500 Internal Server Error"
|
||||
}
|
||||
|
||||
// Need to change permissions for the new file to make it world readable
|
||||
if (!chmod($uploadFile, 0644)) {
|
||||
http_response_code(500);
|
||||
throw new Exception(
|
||||
'Failed to change file permissions',
|
||||
500
|
||||
); // HTTP status code "500 Internal Server Error"
|
||||
}
|
||||
|
||||
// Log IP
|
||||
if(LOG_IP){
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
} else {
|
||||
$ip = null;
|
||||
}
|
||||
|
||||
// Common parameters binding
|
||||
$q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)');
|
||||
$q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
|
||||
$q->bindValue(':orig', strip_tags($file->name), PDO::PARAM_STR);
|
||||
$q->bindValue(':name', $newname, PDO::PARAM_STR);
|
||||
$q->bindValue(':size', $file->size, PDO::PARAM_INT);
|
||||
$q->bindValue(':date', time(), PDO::PARAM_STR);
|
||||
$q->bindValue(':ip', $ip, PDO::PARAM_STR);
|
||||
$q->execute();
|
||||
|
||||
return [
|
||||
'hash' => $file->getSha1(),
|
||||
'name' => $file->name,
|
||||
'url' => UGUU_URL.rawurlencode($newname),
|
||||
'size' => $file->size,
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Reorder files array by file.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
function diverseArray($files)
|
||||
{
|
||||
$result = [];
|
||||
|
||||
foreach ($files as $key1 => $value1) {
|
||||
foreach ($value1 as $key2 => $value2) {
|
||||
$result[$key2][$key1] = $value2;
|
||||
}
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Reorganize the $_FILES array into something saner.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
function refiles($files)
|
||||
{
|
||||
$result = [];
|
||||
$files = diverseArray($files);
|
||||
|
||||
foreach ($files as $file) {
|
||||
$f = new UploadedFile();
|
||||
$f->name = $file['name'];
|
||||
$f->mime = $file['type'];
|
||||
$f->size = $file['size'];
|
||||
$f->tempfile = $file['tmp_name'];
|
||||
$f->error = $file['error'];
|
||||
$result[] = $f;
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
$type = isset($_GET['output']) ? $_GET['output'] : 'json';
|
||||
$response = new Response($type);
|
||||
use Core\Response as Response;
|
||||
|
||||
if (isset($_FILES['files'])) {
|
||||
$uploads = refiles($_FILES['files']);
|
||||
$uploads = (new Upload())->reFiles($_FILES['files']);
|
||||
|
||||
try {
|
||||
foreach ($uploads as $upload) {
|
||||
$res[] = uploadFile($upload);
|
||||
}
|
||||
$response->send($res);
|
||||
} catch (Exception $e) {
|
||||
$response->error($e->getCode(), $e->getMessage());
|
||||
$res[] = (new Upload())->uploadFile($upload);
|
||||
}
|
||||
|
||||
if (isset($res)) {
|
||||
(new Response())->returnSuccess($res);
|
||||
} else {
|
||||
$response->error(400, 'No input file(s)');
|
||||
(new Response())->returnError(400, 'No input file(s)', 'N/A');
|
||||
}
|
||||
}
|