mirror of
https://github.com/nokonoko/Uguu.git
synced 2024-01-06 13:35:15 +00:00
365 lines
12 KiB
PHP
365 lines
12 KiB
PHP
<?php
|
|
|
|
/*
|
|
* Uguu
|
|
*
|
|
* @copyright Copyright (c) 2022 Go Johansson (nokonoko) <neku@pomf.se>
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
|
|
namespace Core {
|
|
|
|
require_once 'Upload.class.php';
|
|
|
|
use Exception;
|
|
use PDO;
|
|
use Upload as Upload;
|
|
|
|
class Settings
|
|
{
|
|
|
|
public static mixed $DB;
|
|
|
|
public static string $DB_MODE;
|
|
public static string $DB_PATH;
|
|
public static string $DB_USER;
|
|
public static string $DB_PASS;
|
|
|
|
public static bool $LOG_IP;
|
|
public static bool $ANTI_DUPE;
|
|
public static bool $BLACKLIST_DB;
|
|
public static bool $FILTER_MODE;
|
|
|
|
public static string $FILES_ROOT;
|
|
public static int $FILES_RETRIES;
|
|
|
|
public static bool $SSL;
|
|
public static string $URL;
|
|
|
|
public static int $NAME_LENGTH;
|
|
public static string $ID_CHARSET;
|
|
public static array $DOUBLE_DOTS;
|
|
public static array $BLOCKED_EXTENSIONS;
|
|
public static array $BLOCKED_MIME;
|
|
|
|
|
|
/**
|
|
* @throws Exception
|
|
*/
|
|
public static function loadConfig()
|
|
{
|
|
if (!file_exists('/var/www/uguu/dist.json')) {
|
|
throw new Exception('Cant read settings file.', 500);
|
|
}
|
|
try {
|
|
$settings_array = json_decode(
|
|
file_get_contents('/var/www/uguu/dist.json'),
|
|
true
|
|
);
|
|
self::$DB_MODE = $settings_array['DB_MODE'];
|
|
self::$DB_PATH = $settings_array['DB_PATH'];
|
|
self::$DB_USER = $settings_array['DB_USER'];
|
|
self::$DB_PASS = $settings_array['DB_PASS'];
|
|
self::$LOG_IP = $settings_array['LOG_IP'];
|
|
self::$ANTI_DUPE = $settings_array['ANTI_DUPE'];
|
|
self::$BLACKLIST_DB = $settings_array['BLACKLIST_DB'];
|
|
self::$FILTER_MODE = $settings_array['FILTER_MODE'];
|
|
self::$FILES_ROOT = $settings_array['FILES_ROOT'];
|
|
self::$FILES_RETRIES = $settings_array['FILES_RETRIES'];
|
|
self::$SSL = $settings_array['SSL'];
|
|
self::$URL = $settings_array['URL'];
|
|
self::$NAME_LENGTH = $settings_array['NAME_LENGTH'];
|
|
self::$ID_CHARSET = $settings_array['ID_CHARSET'];
|
|
self::$BLOCKED_EXTENSIONS = $settings_array['BLOCKED_EXTENSIONS'];
|
|
self::$BLOCKED_MIME = $settings_array['BLOCKED_MIME'];
|
|
self::$DOUBLE_DOTS = $settings_array['DOUBLE_DOTS'];
|
|
} catch (Exception) {
|
|
throw new Exception('Cant populate settings.', 500);
|
|
}
|
|
(new Database())->assemblePDO();
|
|
}
|
|
}
|
|
|
|
class cuteGrills
|
|
{
|
|
public static array $GRILLS;
|
|
|
|
public static function showGrills()
|
|
{
|
|
self::loadGrills();
|
|
if (!headers_sent()) {
|
|
header(
|
|
'Location: /img/grills/' .
|
|
self::$GRILLS[array_rand(self::$GRILLS)],
|
|
true,
|
|
303
|
|
);
|
|
}
|
|
}
|
|
|
|
public static function loadGrills()
|
|
{
|
|
self::$GRILLS = array_slice(scandir('img/grills/'), 2);
|
|
}
|
|
}
|
|
|
|
class Response
|
|
{
|
|
private mixed $type;
|
|
|
|
public function __construct($response_type = null)
|
|
{
|
|
switch ($response_type) {
|
|
case 'csv':
|
|
header('Content-Type: text/csv; charset=UTF-8');
|
|
$this->type = $response_type;
|
|
break;
|
|
case 'html':
|
|
header('Content-Type: text/html; charset=UTF-8');
|
|
$this->type = $response_type;
|
|
break;
|
|
case 'json':
|
|
header('Content-Type: application/json; charset=UTF-8');
|
|
$this->type = $response_type;
|
|
break;
|
|
case 'gyazo':
|
|
header('Content-Type: text/plain; charset=UTF-8');
|
|
$this->type = 'text';
|
|
break;
|
|
case 'text':
|
|
header('Content-Type: text/plain; charset=UTF-8');
|
|
$this->type = $response_type;
|
|
break;
|
|
default:
|
|
header('Content-Type: application/json; charset=UTF-8');
|
|
$this->type = 'json';
|
|
$this->error(400, 'Invalid response type. Valid options are: csv, html, json, text.');
|
|
break;
|
|
}
|
|
}
|
|
|
|
public function error($code, $desc)
|
|
{
|
|
$response = null;
|
|
|
|
switch ($this->type) {
|
|
case 'csv':
|
|
$response = $this->csvError($desc);
|
|
break;
|
|
case 'html':
|
|
$response = $this->htmlError($code, $desc);
|
|
break;
|
|
case 'json':
|
|
$response = $this->jsonError($code, $desc);
|
|
break;
|
|
case 'text':
|
|
$response = $this->textError($code, $desc);
|
|
break;
|
|
}
|
|
http_response_code($code);
|
|
echo $response;
|
|
}
|
|
|
|
private static function csvError($description): string
|
|
{
|
|
return '"error"' . "\r\n" . "\"$description\"" . "\r\n";
|
|
}
|
|
|
|
private static function htmlError($code, $description): string
|
|
{
|
|
return '<p>ERROR: (' . $code . ') ' . $description . '</p>';
|
|
}
|
|
|
|
private static function jsonError($code, $description): bool|string
|
|
{
|
|
return json_encode([
|
|
'success' => false,
|
|
'errorcode' => $code,
|
|
'description' => $description,
|
|
], JSON_PRETTY_PRINT);
|
|
}
|
|
|
|
|
|
private static function textError($code, $description): string
|
|
{
|
|
return 'ERROR: (' . $code . ') ' . $description;
|
|
}
|
|
|
|
public function send($files)
|
|
{
|
|
$response = null;
|
|
|
|
switch ($this->type) {
|
|
case 'csv':
|
|
$response = $this->csvSuccess($files);
|
|
break;
|
|
case 'html':
|
|
$response = $this->htmlSuccess($files);
|
|
break;
|
|
case 'json':
|
|
$response = $this->jsonSuccess($files);
|
|
break;
|
|
case 'text':
|
|
$response = $this->textSuccess($files);
|
|
break;
|
|
}
|
|
|
|
http_response_code(200); // "200 OK". Success.
|
|
echo $response;
|
|
}
|
|
|
|
private static function csvSuccess($files): string
|
|
{
|
|
$result = '"name","url","hash","size"' . "\r\n";
|
|
foreach ($files as $file) {
|
|
$result .= '"' . $file['name'] . '"' . ',' .
|
|
'"' . $file['url'] . '"' . ',' .
|
|
'"' . $file['hash'] . '"' . ',' .
|
|
'"' . $file['size'] . '"' . "\r\n";
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
private static function htmlSuccess($files): string
|
|
{
|
|
$result = '';
|
|
|
|
foreach ($files as $file) {
|
|
$result .= '<a href="' . $file['url'] . '">' . $file['url'] . '</a><br>';
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
private static function jsonSuccess($files): bool|string
|
|
{
|
|
return json_encode([
|
|
'success' => true,
|
|
'files' => $files,
|
|
], JSON_PRETTY_PRINT);
|
|
}
|
|
|
|
private static function textSuccess($files): string
|
|
{
|
|
$result = '';
|
|
|
|
foreach ($files as $file) {
|
|
$result .= $file['url'] . "\n";
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
}
|
|
|
|
class Database
|
|
{
|
|
/**
|
|
* @throws Exception
|
|
*/
|
|
public static function assemblePDO()
|
|
{
|
|
try {
|
|
Settings::$DB = new PDO(
|
|
Settings::$DB_MODE . ':' . Settings::$DB_PATH, Settings::$DB_USER,
|
|
Settings::$DB_PASS
|
|
);
|
|
} catch (Exception) {
|
|
throw new Exception('Cant connect to DB.', 500);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @throws Exception
|
|
*/
|
|
public function dbCheckNameExists()
|
|
{
|
|
try {
|
|
$q = Settings::$DB->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
|
|
$q->bindValue(':name', Upload::$NEW_NAME_FULL);
|
|
$q->execute();
|
|
return $q->fetchColumn();
|
|
} catch (Exception) {
|
|
throw new Exception('Cant check if name exists in DB.', 500);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @throws Exception
|
|
*/
|
|
public function checkFileBlacklist()
|
|
{
|
|
try {
|
|
$q = Settings::$DB->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
|
|
$q->bindValue(':hash', Upload::$SHA1, PDO::PARAM_STR);
|
|
$q->execute();
|
|
$result = $q->fetch();
|
|
if ($result['count'] > 0) {
|
|
throw new Exception('File blacklisted!', 415);
|
|
}
|
|
} catch (Exception) {
|
|
throw new Exception('Cant check blacklist DB.', 500);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @throws Exception
|
|
*/
|
|
public function antiDupe()
|
|
{
|
|
try {
|
|
$q = Settings::$DB->prepare(
|
|
'SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash) AND size = (:size)'
|
|
);
|
|
$q->bindValue(':hash', Upload::$SHA1, PDO::PARAM_STR);
|
|
$q->bindValue(':size', Upload::$FILE_SIZE, PDO::PARAM_INT);
|
|
$q->execute();
|
|
$result = $q->fetch();
|
|
if ($result['count'] > 0) {
|
|
Upload::$NEW_NAME_FULL = $result['filename'];
|
|
}
|
|
} catch (Exception) {
|
|
throw new Exception('Cant check for dupes in DB.', 500);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @throws Exception
|
|
*/
|
|
public function newIntoDB()
|
|
{
|
|
try {
|
|
$q = Settings::$DB->prepare(
|
|
'INSERT INTO files (hash, originalname, filename, size, date, ip)' .
|
|
'VALUES (:hash, :orig, :name, :size, :date, :ip)'
|
|
);
|
|
$q->bindValue(':hash', Upload::$SHA1, PDO::PARAM_STR);
|
|
$q->bindValue(':orig', strip_tags(Upload::$FILE_NAME), PDO::PARAM_STR);
|
|
$q->bindValue(':name', Upload::$NEW_NAME_FULL, PDO::PARAM_STR);
|
|
$q->bindValue(':size', Upload::$FILE_SIZE, PDO::PARAM_INT);
|
|
$q->bindValue(':date', time(), PDO::PARAM_STR);
|
|
$q->bindValue(':ip', Upload::$IP, PDO::PARAM_STR);
|
|
$q->execute();
|
|
} catch (Exception) {
|
|
throw new Exception('Cant insert into DB.', 500);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
|