test
This commit is contained in:
parent
83f6699d7f
commit
cec6349edd
|
@ -1,5 +1,4 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Uguu
|
||||
*
|
||||
|
@ -19,7 +18,7 @@
|
|||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace Pomf\Uguu\Classes;
|
||||
namespace Uguu\Classes;
|
||||
|
||||
class CuteGrills
|
||||
{
|
||||
|
@ -36,7 +35,7 @@ class CuteGrills
|
|||
'Location: /img/grills/' .
|
||||
$this->GRILLS[array_rand($this->GRILLS)],
|
||||
true,
|
||||
303
|
||||
303,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Uguu
|
||||
*
|
||||
|
@ -19,7 +18,7 @@
|
|||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace Pomf\Uguu\Classes;
|
||||
namespace Uguu\Classes;
|
||||
|
||||
use Exception;
|
||||
use PDO;
|
||||
|
@ -53,7 +52,8 @@ class Database
|
|||
$q->bindValue(':name', $name);
|
||||
$q->execute();
|
||||
return $q->fetchColumn();
|
||||
} catch (Exception) {
|
||||
}
|
||||
catch (Exception) {
|
||||
throw new Exception('Cant check if name exists in DB.', 500);
|
||||
}
|
||||
}
|
||||
|
@ -75,7 +75,8 @@ class Database
|
|||
if ($result['count'] > 0) {
|
||||
throw new Exception('File blacklisted!', 415);
|
||||
}
|
||||
} catch (Exception) {
|
||||
}
|
||||
catch (Exception) {
|
||||
throw new Exception('Cant check blacklist DB.', 500);
|
||||
}
|
||||
}
|
||||
|
@ -92,10 +93,9 @@ class Database
|
|||
if (!$this->CONFIG['ANTI_DUPE']) {
|
||||
return true;
|
||||
}
|
||||
|
||||
try {
|
||||
$q = $this->DB->prepare(
|
||||
'SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash)'
|
||||
'SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash)',
|
||||
);
|
||||
$q->bindValue(':hash', $hash);
|
||||
$q->execute();
|
||||
|
@ -105,7 +105,8 @@ class Database
|
|||
} else {
|
||||
return true;
|
||||
}
|
||||
} catch (Exception) {
|
||||
}
|
||||
catch (Exception) {
|
||||
throw new Exception('Cant check for dupes in DB.', 500);
|
||||
}
|
||||
}
|
||||
|
@ -123,7 +124,7 @@ class Database
|
|||
try {
|
||||
$q = $this->DB->prepare(
|
||||
'INSERT INTO files (hash, originalname, filename, size, date, ip)' .
|
||||
'VALUES (:hash, :orig, :name, :size, :date, :ip)'
|
||||
'VALUES (:hash, :orig, :name, :size, :date, :ip)',
|
||||
);
|
||||
$q->bindValue(':hash', $FILE_INFO['SHA1']);
|
||||
$q->bindValue(':orig', $FILE_INFO['NAME']);
|
||||
|
@ -132,12 +133,12 @@ class Database
|
|||
$q->bindValue(':date', $fingerPrintInfo['timestamp']);
|
||||
$q->bindValue(':ip', $fingerPrintInfo['ip']);
|
||||
$q->execute();
|
||||
} catch (Exception) {
|
||||
}
|
||||
catch (Exception) {
|
||||
throw new Exception('Cant insert into DB.', 500);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Creates a new row in the database with the information provided
|
||||
*
|
||||
|
@ -147,9 +148,8 @@ class Database
|
|||
{
|
||||
$q = $this->DB->prepare(
|
||||
'INSERT INTO timestamp (iphash, files, time)' .
|
||||
'VALUES (:iphash, :files, :time)'
|
||||
'VALUES (:iphash, :files, :time)',
|
||||
);
|
||||
|
||||
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
|
||||
$q->bindValue(':files', $fingerPrintInfo['files_amount']);
|
||||
$q->bindValue(':time', $fingerPrintInfo['timestamp']);
|
||||
|
@ -167,25 +167,22 @@ class Database
|
|||
{
|
||||
if ($iStamp) {
|
||||
$q = $this->DB->prepare(
|
||||
'UPDATE ratelimit SET files = (:files), time = (:time) WHERE iphash = (:iphash)'
|
||||
'UPDATE ratelimit SET files = (:files), time = (:time) WHERE iphash = (:iphash)',
|
||||
);
|
||||
$q->bindValue(':time', $fingerPrintInfo['timestamp']);
|
||||
} else {
|
||||
$q = $this->DB->prepare(
|
||||
'UPDATE ratelimit SET files = (:files) WHERE iphash = (:iphash)'
|
||||
'UPDATE ratelimit SET files = (:files) WHERE iphash = (:iphash)',
|
||||
);
|
||||
}
|
||||
|
||||
$q->bindValue(':files', $fCount);
|
||||
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
|
||||
$q->execute();
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Checks if the user has uploaded more than 100 files in the last minute, if so it returns true, if not it updates the database with the new file count and
|
||||
* timestamp
|
||||
* Checks if the user has uploaded more than 100 files in the last minute, if so it returns true, if not it updates the database with the new file
|
||||
* count and timestamp
|
||||
*
|
||||
* @param $fingerPrintInfo array An array containing the following:
|
||||
*
|
||||
|
@ -194,29 +191,24 @@ class Database
|
|||
public function checkRateLimit(array $fingerPrintInfo):bool
|
||||
{
|
||||
$q = $this->DB->prepare(
|
||||
'SELECT files, time, iphash, COUNT(*) AS count FROM ratelimit WHERE iphash = (:iphash)'
|
||||
'SELECT files, time, iphash, COUNT(*) AS count FROM ratelimit WHERE iphash = (:iphash)',
|
||||
);
|
||||
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
|
||||
$q->execute();
|
||||
$result = $q->fetch();
|
||||
|
||||
$nTime = $fingerPrintInfo['timestamp'] - (60);
|
||||
|
||||
switch (true) {
|
||||
//If more then 100 files trigger rate-limit
|
||||
case $result['files'] > 100:
|
||||
return true;
|
||||
|
||||
//if timestamp is older than one minute, set new files count and timestamp
|
||||
case $result['time'] < $nTime:
|
||||
$this->updateRateLimit($fingerPrintInfo['files_amount'], true, $fingerPrintInfo);
|
||||
break;
|
||||
|
||||
//if timestamp isn't older than one-minute update the files count
|
||||
case $result['time'] > $nTime:
|
||||
$this->updateRateLimit($fingerPrintInfo['files_amount'] + $result['files'], false, $fingerPrintInfo);
|
||||
break;
|
||||
|
||||
//If there is no other match a record does not exist, create one
|
||||
default:
|
||||
$this->createRateLimit($fingerPrintInfo);
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Uguu
|
||||
*
|
||||
|
@ -19,7 +18,7 @@
|
|||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace Pomf\Uguu\Classes;
|
||||
namespace Uguu\Classes;
|
||||
|
||||
class Response
|
||||
{
|
||||
|
@ -115,7 +114,6 @@ class Response
|
|||
], JSON_PRETTY_PRINT);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Returns a string that contains the error code and description
|
||||
*
|
||||
|
@ -144,7 +142,6 @@ class Response
|
|||
'json' => $this->jsonSuccess($files),
|
||||
'text' => $this->textSuccess($files),
|
||||
};
|
||||
|
||||
http_response_code(200); // "200 OK". Success.
|
||||
echo $response;
|
||||
}
|
||||
|
@ -165,7 +162,6 @@ class Response
|
|||
'"' . $file['hash'] . '"' . ',' .
|
||||
'"' . $file['size'] . '"' . "\r\n";
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
@ -179,11 +175,9 @@ class Response
|
|||
private static function htmlSuccess(array $files):string
|
||||
{
|
||||
$result = '';
|
||||
|
||||
foreach ($files as $file) {
|
||||
$result .= '<a href="' . $file['url'] . '">' . $file['url'] . '</a><br>';
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
@ -212,11 +206,9 @@ class Response
|
|||
private static function textSuccess(array $files):string
|
||||
{
|
||||
$result = '';
|
||||
|
||||
foreach ($files as $file) {
|
||||
$result .= $file['url'] . "\n";
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Uguu
|
||||
*
|
||||
|
@ -19,7 +18,7 @@
|
|||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace Pomf\Uguu\Classes;
|
||||
namespace Uguu\Classes;
|
||||
|
||||
use Exception;
|
||||
|
||||
|
@ -52,7 +51,7 @@ class Upload extends Response
|
|||
'SHA1' => $hash,
|
||||
'EXTENSION' => $this->fileExtension($file),
|
||||
'MIME' => $this->fileMIME($file),
|
||||
'NEW_NAME' => $this->generateName($this->fileExtension($file), $hash)
|
||||
'NEW_NAME' => $this->generateName($this->fileExtension($file), $hash),
|
||||
];
|
||||
$result[] = [
|
||||
$this->FILE_INFO['TEMP_NAME'],
|
||||
|
@ -60,11 +59,12 @@ class Upload extends Response
|
|||
$this->FILE_INFO['SIZE'],
|
||||
$this->FILE_INFO['SHA1'],
|
||||
$this->FILE_INFO['EXTENSION'],
|
||||
$this->FILE_INFO['MIME']
|
||||
$this->FILE_INFO['MIME'],
|
||||
];
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Takes an array of arrays and returns an array of arrays with the keys and values swapped
|
||||
*
|
||||
|
@ -111,55 +111,49 @@ class Upload extends Response
|
|||
*/
|
||||
public function uploadFile():array
|
||||
{
|
||||
|
||||
if ($this->Connector->CONFIG['RATE_LIMIT']) {
|
||||
$this->Connector->checkRateLimit($this->fingerPrintInfo);
|
||||
}
|
||||
|
||||
if ($this->Connector->CONFIG['BLACKLIST_DB']) {
|
||||
$this->Connector->checkFileBlacklist($this->FILE_INFO);
|
||||
}
|
||||
|
||||
if ($this->Connector->CONFIG['FILTER_MODE'] && empty($this->FILE_INFO['EXTENSION'])) {
|
||||
$this->checkMimeBlacklist();
|
||||
}
|
||||
|
||||
if ($this->Connector->CONFIG['FILTER_MODE'] && !empty($this->FILE_INFO['EXTENSION'])) {
|
||||
$this->checkMimeBlacklist();
|
||||
$this->checkExtensionBlacklist();
|
||||
}
|
||||
|
||||
if (!is_dir($this->Connector->CONFIG['FILES_ROOT'])) {
|
||||
throw new Exception('File storage path not accessible.', 500);
|
||||
}
|
||||
|
||||
if (
|
||||
!move_uploaded_file($this->FILE_INFO['TEMP_NAME'], $this->Connector->CONFIG['FILES_ROOT'] .
|
||||
$this->FILE_INFO['NEW_NAME'])
|
||||
!move_uploaded_file(
|
||||
$this->FILE_INFO['TEMP_NAME'],
|
||||
$this->Connector->CONFIG['FILES_ROOT'] .
|
||||
$this->FILE_INFO['NEW_NAME'],
|
||||
)
|
||||
) {
|
||||
throw new Exception('Failed to move file to destination', 500);
|
||||
}
|
||||
|
||||
if (!chmod($this->Connector->CONFIG['FILES_ROOT'] . $this->FILE_INFO['NEW_NAME'], 0644)) {
|
||||
throw new Exception('Failed to change file permissions', 500);
|
||||
}
|
||||
|
||||
if (!$this->Connector->CONFIG['LOG_IP']) {
|
||||
$this->fingerPrintInfo['ip'] = null;
|
||||
}
|
||||
|
||||
$this->Connector->newIntoDB($this->FILE_INFO, $this->fingerPrintInfo);
|
||||
|
||||
return [
|
||||
'hash' => $this->FILE_INFO['SHA1'],
|
||||
'name' => $this->FILE_INFO['NAME'],
|
||||
'url' => $this->Connector->CONFIG['FILES_URL'] . '/' . $this->FILE_INFO['NEW_NAME'],
|
||||
'size' => $this->FILE_INFO['SIZE']
|
||||
'size' => $this->FILE_INFO['SIZE'],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Takes the amount of files that are being uploaded, and creates a fingerprint of the user's IP address, user agent, and the amount of files being uploaded
|
||||
* Takes the amount of files that are being uploaded, and creates a fingerprint of the user's IP address, user agent, and the amount of files being
|
||||
* uploaded
|
||||
*
|
||||
* @param $files_amount int The amount of files that are being uploaded.
|
||||
*
|
||||
|
@ -174,14 +168,13 @@ class Upload extends Response
|
|||
'useragent' => $USER_AGENT,
|
||||
'ip' => $_SERVER['REMOTE_ADDR'],
|
||||
'ip_hash' => hash('sha1', $_SERVER['REMOTE_ADDR'] . $USER_AGENT),
|
||||
'files_amount' => $files_amount
|
||||
'files_amount' => $files_amount,
|
||||
];
|
||||
} else {
|
||||
throw new Exception('Invalid user agent.', 500);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Returns the MIME type of a file
|
||||
*
|
||||
|
@ -252,13 +245,11 @@ class Upload extends Response
|
|||
if ($this->Connector->CONFIG['FILES_RETRIES'] === 0) {
|
||||
throw new Exception('Gave up trying to find an unused name!', 500);
|
||||
}
|
||||
|
||||
$NEW_NAME = '';
|
||||
for ($i = 0; $i < $this->Connector->CONFIG['NAME_LENGTH']; ++$i) {
|
||||
$NEW_NAME .= $this->Connector->CONFIG['ID_CHARSET']
|
||||
[mt_rand(0, strlen($this->Connector->CONFIG['ID_CHARSET']))];
|
||||
}
|
||||
|
||||
if (!empty($extension)) {
|
||||
$NEW_NAME .= '.' . $extension;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Uguu
|
||||
*
|
||||
|
@ -19,7 +18,7 @@
|
|||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace Pomf\Uguu;
|
||||
namespace Uguu;
|
||||
|
||||
class GrillLoader extends Classes\CuteGrills
|
||||
{
|
||||
|
|
|
@ -18,10 +18,10 @@
|
|||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace Pomf\Uguu;
|
||||
namespace Uguu;
|
||||
|
||||
use Exception;
|
||||
use Pomf\Uguu\Classes\Response;
|
||||
use Uguu\Classes\Response;
|
||||
|
||||
class UploadGateway extends Classes\Upload
|
||||
{
|
||||
|
@ -38,7 +38,6 @@
|
|||
$type = 'json' ?? $output;
|
||||
$response = (new Response($type));
|
||||
if (!empty($_FILES['files'])) {
|
||||
|
||||
$files = $this->reFiles($files);
|
||||
try {
|
||||
$this->fingerPrint(count($files));
|
||||
|
@ -53,7 +52,6 @@
|
|||
catch (Exception $e) {
|
||||
$response->error($e->getCode(), $e->getMessage());
|
||||
}
|
||||
|
||||
} else {
|
||||
$response->error(400, 'No input file(s)');
|
||||
}
|
||||
|
|
|
@ -41,6 +41,6 @@
|
|||
*/
|
||||
require_once __DIR__ . '/../vendor/autoload.php';
|
||||
|
||||
use Pomf\Uguu\GrillLoader;
|
||||
use Pomf\GrillLoader;
|
||||
|
||||
new GrillLoader();
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
checkConfig();
|
||||
require_once __DIR__ . '/../vendor/autoload.php';
|
||||
|
||||
use Pomf\Uguu\UploadGateway;
|
||||
use Uguu\UploadGateway;
|
||||
|
||||
try {
|
||||
(new UploadGateway())->handleFile($_GET['output'], $_FILES['files']);
|
||||
|
|
Loading…
Reference in New Issue