From 0f8d4e9ce3695742de5024846279149f2e5cd7cd Mon Sep 17 00:00:00 2001 From: Go Johansson Date: Sat, 22 Jan 2022 02:40:20 +0100 Subject: [PATCH] changes --- .../{classes/Database.class.php => api.php} | 21 +- static/php/classes/Core.php | 83 ------ static/php/classes/Response.class.php | 259 ------------------ static/php/classes/Upload.php | 133 --------- static/php/classes/UploadException.class.php | 63 ----- static/php/classes/UploadedFile.class.php | 32 --- static/php/classes/errorReport.php | 24 -- 7 files changed, 14 insertions(+), 601 deletions(-) rename static/php/{classes/Database.class.php => api.php} (65%) delete mode 100644 static/php/classes/Core.php delete mode 100644 static/php/classes/Response.class.php delete mode 100644 static/php/classes/Upload.php delete mode 100644 static/php/classes/UploadException.class.php delete mode 100644 static/php/classes/UploadedFile.class.php delete mode 100644 static/php/classes/errorReport.php diff --git a/static/php/classes/Database.class.php b/static/php/api.php similarity index 65% rename from static/php/classes/Database.class.php rename to static/php/api.php index 7530c82..f4abf7f 100644 --- a/static/php/classes/Database.class.php +++ b/static/php/api.php @@ -18,13 +18,20 @@ * along with this program. If not, see . */ -require_once 'Settings.class.php'; +require_once 'includes/Upload.class.php'; -class Database extends Settings -{ -public $db; - public function __construct() - { - $this->db = new PDO($this->DB_CONN, $this->DB_USER, $this->DB_PASS); +use Core\Response as Response; + +if (isset($_FILES['files'])) { + $uploads = (new Upload())->reFiles($_FILES['files']); + + foreach ($uploads as $upload) { + $res[] = (new Upload())->uploadFile($upload); + } + + if (isset($res)) { + (new Response())->returnSuccess($res); + } else { + (new Response())->returnError(400, 'No input file(s)', 'N/A'); } } \ No newline at end of file diff --git a/static/php/classes/Core.php b/static/php/classes/Core.php deleted file mode 100644 index e33df09..0000000 --- a/static/php/classes/Core.php +++ /dev/null @@ -1,83 +0,0 @@ - - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -namespace Core { - - /** - * @property mixed $DB_CONN - */ - class Settings - { - - public $DB_MODE; - public $DB_PATH; - public $DB_USER; - public $DB_PASS; - - public $LOG_IP; - public $ANTI_DUPE; - public $BLACKLIST_DB; - public $FILTER_MODE; - - public $FILES_ROOT; - public $FILES_RETRIES; - - public $SSL; - public $URL; - - public $NAME_LENGTH; - public $ID_CHARSET; - public $BLOCKED_EXTENSIONS; - public $BLOCKED_MIME; - public $DOUBLE_DOTS; - - public function __constructSettings() - { - $settings_array = json_decode(file_get_contents('/Users/go.johansson/PERSONAL_REPOS/Uguu/dist.json'), true); - $this->DB_MODE = $settings_array['DB_MODE']; - $this->DB_PATH = $settings_array['DB_PATH']; - $this->DB_USER = $settings_array['DB_USER']; - $this->DB_PASS = $settings_array['DB_PASS']; - $this->LOG_IP = $settings_array['LOG_IP']; - $this->ANTI_DUPE = $settings_array['ANTI_DUPE']; - $this->BLACKLIST_DB = $settings_array['BLACKLIST_DB']; - $this->FILTER_MODE = $settings_array['FILTER_MODE']; - $this->FILES_ROOT = $settings_array['FILES_ROOT']; - $this->FILES_RETRIES = $settings_array['FILES_RETRIES']; - $this->SSL = $settings_array['SSL']; - $this->URL = $settings_array['URL']; - $this->NAME_LENGTH = $settings_array['NAME_LENGTH']; - $this->ID_CHARSET = $settings_array['ID_CHARSET']; - $this->BLOCKED_EXTENSIONS = $settings_array['BLOCKED_EXTENSIONS']; - $this->BLOCKED_MIME = $settings_array['BLOCKED_MIME']; - $this->DOUBLE_DOTS = $settings_array['DOUBLE_DOTS']; - } - } - - class Database extends Settings - { - public $DB; - - public function __constructDB() - { - $this->DB = new PDO($this->DB_MODE.':'.$this->DB_PATH, $this->DB_USER, $this->DB_PASS); - } - } -} \ No newline at end of file diff --git a/static/php/classes/Response.class.php b/static/php/classes/Response.class.php deleted file mode 100644 index a3151a7..0000000 --- a/static/php/classes/Response.class.php +++ /dev/null @@ -1,259 +0,0 @@ -type = $response_type; - break; - case 'html': - header('Content-Type: text/html; charset=UTF-8'); - $this->type = $response_type; - break; - case 'json': - header('Content-Type: application/json; charset=UTF-8'); - $this->type = $response_type; - break; - case 'gyazo': - header('Content-Type: text/plain; charset=UTF-8'); - $this->type = 'text'; - break; - case 'text': - header('Content-Type: text/plain; charset=UTF-8'); - $this->type = $response_type; - break; - default: - header('Content-Type: application/json; charset=UTF-8'); - $this->type = 'json'; - $this->error(400, 'Invalid response type. Valid options are: csv, html, json, text.'); - break; - } - } - - /** - * Routes error messages depending on response type. - * - * @param int $code HTTP status code number - * @param int $desc descriptive error message - * - * @return void - */ - public function error($code, $desc) - { - $response = null; - - switch ($this->type) { - case 'csv': - $response = $this->csvError($desc); - break; - case 'html': - $response = $this->htmlError($code, $desc); - break; - case 'json': - $response = $this->jsonError($code, $desc); - break; - case 'text': - $response = $this->textError($code, $desc); - break; - } - - //http_response_code(500); // "500 Internal Server Error" - echo $response; - } - - /** - * Routes success messages depending on response type. - * - * @param mixed[] $files - * - * @return void - */ - public function send($files) - { - $response = null; - - switch ($this->type) { - case 'csv': - $response = $this->csvSuccess($files); - break; - case 'html': - $response = $this->htmlSuccess($files); - break; - case 'json': - $response = $this->jsonSuccess($files); - break; - case 'text': - $response = $this->textSuccess($files); - break; - } - - http_response_code(200); // "200 OK". Success. - echo $response; - } - - /** - * Indicates with CSV body the request was invalid. - * - * @deprecated 2.1.0 Will be renamed to camelCase format. - * - * @param int $description descriptive error message - * - * @return string error message in CSV format - */ - private static function csvError($description) - { - return '"error"'."\r\n"."\"$description\""."\r\n"; - } - - /** - * Indicates with CSV body the request was successful. - * - * @deprecated 2.1.0 Will be renamed to camelCase format. - * - * @param mixed[] $files - * - * @return string success message in CSV format - */ - private static function csvSuccess($files) - { - $result = '"name","url","hash","size"'."\r\n"; - foreach ($files as $file) { - $result .= '"'.$file['name'].'"'.','. - '"'.$file['url'].'"'.','. - '"'.$file['hash'].'"'.','. - '"'.$file['size'].'"'."\r\n"; - } - - return $result; - } - - /** - * Indicates with HTML body the request was invalid. - * - * @deprecated 2.1.0 Will be renamed to camelCase format. - * - * @param int $code HTTP status code number - * @param int $description descriptive error message - * - * @return string error message in HTML format - */ - private static function htmlError($code, $description) - { - return '

ERROR: ('.$code.') '.$description.'

'; - } - - /** - * Indicates with HTML body the request was successful. - * - * @deprecated 2.1.0 Will be renamed to camelCase format. - * - * @param mixed[] $files - * - * @return string success message in HTML format - */ - private static function htmlSuccess($files) - { - $result = ''; - - foreach ($files as $file) { - $result .= ''.$file['url'].'
'; - } - - return $result; - } - - /** - * Indicates with JSON body the request was invalid. - * - * @deprecated 2.1.0 Will be renamed to camelCase format. - * - * @param int $code HTTP status code number - * @param int $description descriptive error message - * - * @return string error message in pretty-printed JSON format - */ - private static function jsonError($code, $description) - { - return json_encode([ - 'success' => false, - 'errorcode' => $code, - 'description' => $description, - ], JSON_PRETTY_PRINT); - } - - /** - * Indicates with JSON body the request was successful. - * - * @deprecated 2.1.0 Will be renamed to camelCase format. - * - * @param mixed[] $files - * - * @return string success message in pretty-printed JSON format - */ - private static function jsonSuccess($files) - { - return json_encode([ - 'success' => true, - 'files' => $files, - ], JSON_PRETTY_PRINT); - } - - /** - * Indicates with plain text body the request was invalid. - * - * @deprecated 2.1.0 Will be renamed to camelCase format. - * - * @param int $code HTTP status code number - * @param int $description descriptive error message - * - * @return string error message in plain text format - */ - private static function textError($code, $description) - { - return 'ERROR: ('.$code.') '.$description; - } - - /** - * Indicates with plain text body the request was successful. - * - * @deprecated 2.1.0 Will be renamed to camelCase format. - * - * @param mixed[] $files - * - * @return string success message in plain text format - */ - private static function textSuccess($files) - { - $result = ''; - - foreach ($files as $file) { - $result .= $file['url']."\n"; - } - - return $result; - } -} diff --git a/static/php/classes/Upload.php b/static/php/classes/Upload.php deleted file mode 100644 index 9a9c2ac..0000000 --- a/static/php/classes/Upload.php +++ /dev/null @@ -1,133 +0,0 @@ - - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ -require_once 'Database.class.php'; - -class Upload extends Database, errorReport -{ - public $FILE_NAME; - public $FILE_EXTENSION; - public $FILE_MIME; - - public $NEW_NAME; - public $NEW_NAME_FULL; - - public function fileInfo ($file) - { - if (isset($_FILES['files'])) { - $this->FILE_NAME = ''; - $this->FILE_NAME = $file->name; - $finfo = finfo_open(FILEINFO_MIME_TYPE); - $this->FILE_MIME = finfo_file($finfo, $file->tempfile); - finfo_close($finfo); - - // Check if extension is a double-dot extension and, if true, override $ext - foreach ($this->DOUBLE_DOTS as $ddot) { - if (stripos(strrev($this->FILE_NAME), $ddot) === 0) { - $this->FILE_EXTENSION = strrev($ddot); - } else { - $this->FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION); - } - } - } - } - -public function checkFileBlacklist ($hash){ - $q = $this->db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)'); - $q->bindValue(':hash', $hash, PDO::PARAM_STR); - $q->execute(); - $result = $q->fetch(); - if ($result['count'] > 0) { - http_response_code(415); - throw new Exception( - 'File blacklisted!', - 415 - ); - exit(0); - } -} - -public function checkExtensionBlacklist($ext){ - //Check if EXT is blacklisted - if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) { - http_response_code(415); - throw new Exception( - 'File type not allowed!', - 415 - ); - exit(0); - } -} - -public function checkMimeBlacklist($mime){ - //check if MIME is blacklisted - if (in_array($mime, unserialize($this->BLOCKED_MIME))) { - http_response_code(415); - throw new Exception( - 'File type not allowed!', - 415 - ); - exit(0); - } -} - - public function generateName($file) - { - $this->fileInfo($file); - $error = new - do { - // Iterate until we reach the maximum number of retries - if ($this->FILES_RETRIES-- === 0) { - $error->throwError('500', 'Gave up trying to find an unused name', true); - } - - - - - for ($i = 0; $i < $this->NAME_LENGTH; ++$i) { - $this->NEW_NAME .= $this->ID_CHARSET[mt_rand(0, strlen($this->ID_CHARSET))]; - } - - // Add the extension to the file name - if (isset($this->FILE_EXTENSION) && $this->FILE_EXTENSION !== '') { - $this->NEW_NAME_FULL = $this->NEW_NAME.'.'.$this->FILE_EXTENSION; - } - - // Check if the file hash is blacklisted - if($this->BLACKLIST_DB){ - $this->checkFileBlacklist($file->getSha1()); - } - - // Check if extension or mime is blacklisted - if($this->FILTER_MODE) { - $this->checkMimeBlacklist($this->FILE_MIME); - $this->checkExtensionBlacklist($this->FILE_EXTENSION); - } - - // Check if a file with the same name does already exist in the database - $q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)'); - $q->bindValue(':name', $name, PDO::PARAM_STR); - $q->execute(); - $result = $q->fetchColumn(); - // If it does, generate a new name - } while ($result > 0); - - return $name; - } -} \ No newline at end of file diff --git a/static/php/classes/UploadException.class.php b/static/php/classes/UploadException.class.php deleted file mode 100644 index 8c9e4f6..0000000 --- a/static/php/classes/UploadException.class.php +++ /dev/null @@ -1,63 +0,0 @@ - - * @author Michiel Thalen - * @copyright Copyright © 1997 - 2016 by the PHP Documentation Group - * @license - * UploadException is licensed under a Creative Commons Attribution 3.0 License - * or later. - * - * Based on a work at - * https://secure.php.net/manual/en/features.file-upload.errors.php#89374. - * - * You should have received a copy of the Creative Commons Attribution 3.0 - * License with this program. If not, see - * . - */ - - -class UploadException extends Exception -{ - public function __construct($code) - { - $message = $this->codeToMessage($code); - parent::__construct($message, 500); - } - - private function codeToMessage($code) - { - switch ($code) { - case UPLOAD_ERR_INI_SIZE: - $message = 'The uploaded file exceeds the upload_max_filesize directive in php.ini'; - break; - case UPLOAD_ERR_FORM_SIZE: - $message = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was '. - 'specified in the HTML form'; - break; - case UPLOAD_ERR_PARTIAL: - $message = 'The uploaded file was only partially uploaded'; - break; - case UPLOAD_ERR_NO_FILE: - $message = 'No file was uploaded'; - break; - case UPLOAD_ERR_NO_TMP_DIR: - $message = 'Missing a temporary folder'; - break; - case UPLOAD_ERR_CANT_WRITE: - $message = 'Failed to write file to disk'; - break; - case UPLOAD_ERR_EXTENSION: - $message = 'File upload stopped by extension'; - break; - - default: - $message = 'Unknown upload error'; - break; - } - - return $message; - } -} diff --git a/static/php/classes/UploadedFile.class.php b/static/php/classes/UploadedFile.class.php deleted file mode 100644 index d90a9a4..0000000 --- a/static/php/classes/UploadedFile.class.php +++ /dev/null @@ -1,32 +0,0 @@ -sha1) { - $this->sha1 = sha1_file($this->tempfile); - } - - return $this->sha1; - } -} diff --git a/static/php/classes/errorReport.php b/static/php/classes/errorReport.php deleted file mode 100644 index 3660da1..0000000 --- a/static/php/classes/errorReport.php +++ /dev/null @@ -1,24 +0,0 @@ - - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -class errorReport -{ - -} \ No newline at end of file