]>
Commit | Line | Data |
---|---|---|
044a28cd GJ |
1 | <?php |
2 | /* | |
3 | * Uguu | |
4 | * | |
5 | * @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko> | |
6 | * | |
7 | * This program is free software: you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License as published by | |
9 | * the Free Software Foundation, either version 3 of the License, or | |
10 | * (at your option) any later version. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
15 | * GNU General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU General Public License | |
18 | * along with this program. If not, see <https://www.gnu.org/licenses/>. | |
19 | */ | |
20 | ||
21 | ||
22 | require_once 'Core.namespace.php'; | |
23 | ||
24 | use Core\Database as Database; | |
25 | use Core\Response as Response; | |
26 | use Core\Settings as Settings; | |
27 | ||
28 | class Upload | |
29 | { | |
30 | public static string $FILE_NAME; | |
31 | public static string $FILE_EXTENSION; | |
32 | public static string $FILE_MIME; | |
33 | public static string $SHA1; | |
34 | public static int $FILE_SIZE; | |
35 | public static string $NEW_NAME; | |
36 | public static string $NEW_NAME_FULL; | |
37 | public static string $IP; | |
38 | public mixed $file; | |
39 | ||
40 | /** | |
41 | * @param $file | |
42 | * | |
43 | * @return array | |
44 | */ | |
45 | public function uploadFile($file): array | |
46 | { | |
47 | if (Settings::$ANTI_DUPE) { | |
48 | (new Database())->antiDupe(); | |
49 | } | |
50 | ||
51 | self::generateName($file); | |
52 | ||
53 | if (!move_uploaded_file($file->tempfile, Settings::$FILES_ROOT . self::$NEW_NAME_FULL)) { | |
54 | (new Response())->returnError('500', 'Failed to move file to destination', self::$FILE_NAME); | |
55 | } | |
56 | ||
57 | if (!chmod(Settings::$FILES_ROOT . self::$NEW_NAME_FULL, 0644)) { | |
58 | (new Response())->returnError('500', 'Failed to change file permissions', self::$FILE_NAME); | |
59 | } | |
60 | ||
61 | (new Database())->newIntoDB(); | |
62 | ||
63 | return array( | |
64 | 'hash' => self::$SHA1, | |
65 | 'name' => self::$FILE_NAME, | |
66 | 'url' => Settings::$URL . rawurlencode(self::$NEW_NAME_FULL), | |
67 | 'size' => self::$FILE_SIZE | |
68 | ); | |
69 | } | |
70 | ||
71 | /** | |
72 | * @param $file | |
73 | * | |
74 | * @return string | |
75 | */ | |
76 | public function generateName($file): string | |
77 | { | |
78 | self::fileInfo($file); | |
79 | ||
80 | do { | |
81 | // Iterate until we reach the maximum number of retries | |
82 | if (Settings::$FILES_RETRIES === 0) { | |
83 | (new Response())->returnError('500', 'Gave up trying to find an unused name', self::$FILE_NAME); | |
84 | } | |
85 | ||
86 | for ($i = 0; $i < Settings::$NAME_LENGTH; ++$i) { | |
87 | self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))]; | |
88 | } | |
89 | ||
90 | // Add the extension to the file name | |
91 | if (isset(self::$FILE_EXTENSION) && self::$FILE_EXTENSION !== '') { | |
92 | self::$NEW_NAME_FULL = self::$NEW_NAME . '.' . self::$FILE_EXTENSION; | |
93 | } | |
94 | ||
95 | // Check if the file hash is blacklisted | |
96 | if (Settings::$BLACKLIST_DB) { | |
97 | (new Database())->checkFileBlacklist(); | |
98 | } | |
99 | ||
100 | // Check if extension or mime is blacklisted | |
101 | if (Settings::$FILTER_MODE) { | |
102 | self::checkMimeBlacklist(); | |
103 | self::checkExtensionBlacklist(); | |
104 | } | |
105 | } while ((new Database())->dbCheckNameExists() > 0); | |
106 | ||
107 | return self::$NEW_NAME_FULL; | |
108 | } | |
109 | ||
110 | /** | |
111 | * @param $file | |
112 | * | |
113 | * @return void | |
114 | */ | |
115 | public function fileInfo($file) | |
116 | { | |
117 | if (isset($_FILES['files'])) { | |
118 | self::$FILE_NAME = $file->name; | |
119 | self::$SHA1 = sha1_file($file->tempfile); | |
120 | self::$FILE_SIZE = $file->size; | |
121 | $finfo = finfo_open(FILEINFO_MIME_TYPE); | |
122 | self::$FILE_MIME = finfo_file($finfo, $file->tempfile); | |
123 | finfo_close($finfo); | |
124 | ||
125 | if (Settings::$LOG_IP) { | |
126 | self::$IP = $_SERVER['REMOTE_ADDR']; | |
127 | } else { | |
128 | self::$IP = null; | |
129 | } | |
130 | // Check if extension is a double-dot extension and, if true, override $ext | |
131 | foreach (Settings::$DOUBLE_DOTS as $ddot) { | |
132 | if (stripos(strrev(self::$FILE_NAME), $ddot) === 0) { | |
133 | self::$FILE_EXTENSION = strrev($ddot); | |
134 | } else { | |
135 | self::$FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION); | |
136 | } | |
137 | } | |
138 | } | |
139 | } | |
140 | ||
141 | /** | |
142 | * @return void | |
143 | */ | |
144 | public function checkMimeBlacklist() | |
145 | { | |
146 | if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) { | |
147 | (new Response())->returnError('415', 'Filetype not allowed!', self::$FILE_NAME); | |
148 | } | |
149 | } | |
150 | ||
151 | /** | |
152 | * @return void | |
153 | */ | |
154 | protected function checkExtensionBlacklist() | |
155 | { | |
156 | if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) { | |
157 | (new Response())->returnError('415', 'Filetype not allowed!', self::$FILE_NAME); | |
158 | } | |
159 | } | |
160 | ||
161 | /** | |
162 | * @param $files | |
163 | * | |
164 | * @return array | |
165 | */ | |
166 | public function reFiles($files): array | |
167 | { | |
168 | $result = []; | |
169 | $files = self::diverseArray($files); | |
170 | ||
171 | foreach ($files as $file) { | |
172 | $f = $this->file; | |
173 | $f->name = $file['name']; | |
174 | $f->mime = $file['type']; | |
175 | $f->size = $file['size']; | |
176 | $f->tempfile = $file['tmp_name']; | |
177 | $f->error = $file['error']; | |
178 | $result[] = $f; | |
179 | } | |
180 | return $result; | |
181 | } | |
182 | ||
183 | /** | |
184 | * @param $files | |
185 | * | |
186 | * @return array | |
187 | */ | |
188 | public function diverseArray($files): array | |
189 | { | |
190 | $result = []; | |
191 | ||
192 | foreach ($files as $key1 => $value1) { | |
193 | foreach ($value1 as $key2 => $value2) { | |
194 | $result[$key2][$key1] = $value2; | |
195 | } | |
196 | } | |
197 | ||
198 | return $result; | |
199 | } | |
200 | } |