[uguu.git] / static / php / includes / Upload.class.php

<?php
/*
 * Uguu
 *
 * @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */


require_once 'Core.namespace.php';

use Core\Database as Database;
use Core\Response as Response;
use Core\Settings as Settings;

class Upload
{
    public static string $FILE_NAME;
    public static string $FILE_EXTENSION;
    public static string $FILE_MIME;
    public static string $SHA1;
    public static int $FILE_SIZE;
    public static string $NEW_NAME;
    public static string $NEW_NAME_FULL;
    public static string $IP;
    public mixed $file;

    /**
     * @param $file
     *
     * @return array
     */
    public function uploadFile($file): array
    {
        if (Settings::$ANTI_DUPE) {
            (new Database())->antiDupe();
        }

        self::generateName($file);

        if (!move_uploaded_file($file->tempfile, Settings::$FILES_ROOT . self::$NEW_NAME_FULL)) {
            (new Response())->returnError('500', 'Failed to move file to destination', self::$FILE_NAME);
        }

        if (!chmod(Settings::$FILES_ROOT . self::$NEW_NAME_FULL, 0644)) {
            (new Response())->returnError('500', 'Failed to change file permissions', self::$FILE_NAME);
        }

        (new Database())->newIntoDB();

        return array(
            'hash' => self::$SHA1,
            'name' => self::$FILE_NAME,
            'url' => Settings::$URL . rawurlencode(self::$NEW_NAME_FULL),
            'size' => self::$FILE_SIZE
        );
    }

    /**
     * @param $file
     *
     * @return string
     */
    public function generateName($file): string
    {
        self::fileInfo($file);

        do {
            // Iterate until we reach the maximum number of retries
            if (Settings::$FILES_RETRIES === 0) {
                (new Response())->returnError('500', 'Gave up trying to find an unused name', self::$FILE_NAME);
            }

            for ($i = 0; $i < Settings::$NAME_LENGTH; ++$i) {
                self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))];
            }

            // Add the extension to the file name
            if (isset(self::$FILE_EXTENSION) && self::$FILE_EXTENSION !== '') {
                self::$NEW_NAME_FULL = self::$NEW_NAME . '.' . self::$FILE_EXTENSION;
            }

            // Check if the file hash is blacklisted
            if (Settings::$BLACKLIST_DB) {
                (new Database())->checkFileBlacklist();
            }

            // Check if extension or mime is blacklisted
            if (Settings::$FILTER_MODE) {
                self::checkMimeBlacklist();
                self::checkExtensionBlacklist();
            }
        } while ((new Database())->dbCheckNameExists() > 0);

        return self::$NEW_NAME_FULL;
    }

    /**
     * @param $file
     *
     * @return void
     */
    public function fileInfo($file)
    {
        if (isset($_FILES['files'])) {
            self::$FILE_NAME = $file->name;
            self::$SHA1 = sha1_file($file->tempfile);
            self::$FILE_SIZE = $file->size;
            $finfo = finfo_open(FILEINFO_MIME_TYPE);
            self::$FILE_MIME = finfo_file($finfo, $file->tempfile);
            finfo_close($finfo);

            if (Settings::$LOG_IP) {
                self::$IP = $_SERVER['REMOTE_ADDR'];
            } else {
                self::$IP = null;
            }
            // Check if extension is a double-dot extension and, if true, override $ext
            foreach (Settings::$DOUBLE_DOTS as $ddot) {
                if (stripos(strrev(self::$FILE_NAME), $ddot) === 0) {
                    self::$FILE_EXTENSION = strrev($ddot);
                } else {
                    self::$FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION);
                }
            }
        }
    }

    /**
     * @return void
     */
    public function checkMimeBlacklist()
    {
        if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) {
            (new Response())->returnError('415', 'Filetype not allowed!', self::$FILE_NAME);
        }
    }

    /**
     * @return void
     */
    protected function checkExtensionBlacklist()
    {
        if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) {
            (new Response())->returnError('415', 'Filetype not allowed!', self::$FILE_NAME);
        }
    }

    /**
     * @param $files
     *
     * @return array
     */
    public function reFiles($files): array
    {
        $result = [];
        $files = self::diverseArray($files);

        foreach ($files as $file) {
            $f = $this->file;
            $f->name = $file['name'];
            $f->mime = $file['type'];
            $f->size = $file['size'];
            $f->tempfile = $file['tmp_name'];
            $f->error = $file['error'];
            $result[] = $f;
        }
        return $result;
    }

    /**
     * @param $files
     *
     * @return array
     */
    public function diverseArray($files): array
    {
        $result = [];

        foreach ($files as $key1 => $value1) {
            foreach ($value1 as $key2 => $value2) {
                $result[$key2][$key1] = $value2;
            }
        }

        return $result;
    }
}
Commit	Line	Data
044a28cd GJ	1	<?php
	2	/*
	3	* Uguu
	4	*
	5	* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
	6	*
	7	* This program is free software: you can redistribute it and/or modify
	8	* it under the terms of the GNU General Public License as published by
	9	* the Free Software Foundation, either version 3 of the License, or
	10	* (at your option) any later version.
	11	*
	12	* This program is distributed in the hope that it will be useful,
	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	* GNU General Public License for more details.
	16	*
	17	* You should have received a copy of the GNU General Public License
	18	* along with this program. If not, see <https://www.gnu.org/licenses/>.
	19	*/
	20
	21
	22	require_once 'Core.namespace.php';
	23
	24	use Core\Database as Database;
	25	use Core\Response as Response;
	26	use Core\Settings as Settings;
	27
	28	class Upload
	29	{
	30	public static string $FILE_NAME;
	31	public static string $FILE_EXTENSION;
	32	public static string $FILE_MIME;
	33	public static string $SHA1;
	34	public static int $FILE_SIZE;
	35	public static string $NEW_NAME;
	36	public static string $NEW_NAME_FULL;
	37	public static string $IP;
	38	public mixed $file;
	39
	40	/**
	41	* @param $file
	42	*
	43	* @return array
	44	*/
	45	public function uploadFile($file): array
	46	{
	47	if (Settings::$ANTI_DUPE) {
	48	(new Database())->antiDupe();
	49	}
	50
	51	self::generateName($file);
	52
	53	if (!move_uploaded_file($file->tempfile, Settings::$FILES_ROOT . self::$NEW_NAME_FULL)) {
	54	(new Response())->returnError('500', 'Failed to move file to destination', self::$FILE_NAME);
	55	}
	56
	57	if (!chmod(Settings::$FILES_ROOT . self::$NEW_NAME_FULL, 0644)) {
	58	(new Response())->returnError('500', 'Failed to change file permissions', self::$FILE_NAME);
	59	}
	60
	61	(new Database())->newIntoDB();
	62
	63	return array(
	64	'hash' => self::$SHA1,
65	'name' => self::$FILE_NAME,
66	'url' => Settings::$URL . rawurlencode(self::$NEW_NAME_FULL),
67	'size' => self::$FILE_SIZE
68	);
69	}
70
71	/**
72	* @param $file
73	*
74	* @return string
75	*/
76	public function generateName($file): string
77	{
78	self::fileInfo($file);
79
80	do {
81	// Iterate until we reach the maximum number of retries
82	if (Settings::$FILES_RETRIES === 0) {
83	(new Response())->returnError('500', 'Gave up trying to find an unused name', self::$FILE_NAME);
84	}
85
86	for ($i = 0; $i < Settings::$NAME_LENGTH; ++$i) {
87	self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))];
88	}
89
90	// Add the extension to the file name
91	if (isset(self::$FILE_EXTENSION) && self::$FILE_EXTENSION !== '') {
92	self::$NEW_NAME_FULL = self::$NEW_NAME . '.' . self::$FILE_EXTENSION;
93	}
94
95	// Check if the file hash is blacklisted
96	if (Settings::$BLACKLIST_DB) {
97	(new Database())->checkFileBlacklist();
98	}
99
100	// Check if extension or mime is blacklisted
101	if (Settings::$FILTER_MODE) {
102	self::checkMimeBlacklist();
103	self::checkExtensionBlacklist();
104	}
105	} while ((new Database())->dbCheckNameExists() > 0);
106
107	return self::$NEW_NAME_FULL;
108	}
109
110	/**
111	* @param $file
112	*
113	* @return void
114	*/
115	public function fileInfo($file)
116	{
117	if (isset($_FILES['files'])) {
118	self::$FILE_NAME = $file->name;
119	self::$SHA1 = sha1_file($file->tempfile);
120	self::$FILE_SIZE = $file->size;
121	$finfo = finfo_open(FILEINFO_MIME_TYPE);
122	self::$FILE_MIME = finfo_file($finfo, $file->tempfile);
123	finfo_close($finfo);
124
125	if (Settings::$LOG_IP) {
126	self::$IP = $_SERVER['REMOTE_ADDR'];
127	} else {
128	self::$IP = null;
129	}
130	// Check if extension is a double-dot extension and, if true, override $ext
131	foreach (Settings::$DOUBLE_DOTS as $ddot) {
132	if (stripos(strrev(self::$FILE_NAME), $ddot) === 0) {
133	self::$FILE_EXTENSION = strrev($ddot);
134	} else {
135	self::$FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION);
136	}
137	}
138	}
139	}
140
141	/**
142	* @return void
143	*/
144	public function checkMimeBlacklist()
145	{
146	if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) {
147	(new Response())->returnError('415', 'Filetype not allowed!', self::$FILE_NAME);
148	}
149	}
150
151	/**
152	* @return void
153	*/
154	protected function checkExtensionBlacklist()
155	{
156	if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) {
157	(new Response())->returnError('415', 'Filetype not allowed!', self::$FILE_NAME);
158	}
159	}
160
161	/**
162	* @param $files
163	*
164	* @return array
165	*/
166	public function reFiles($files): array
167	{
168	$result = [];
169	$files = self::diverseArray($files);
170
171	foreach ($files as $file) {
172	$f = $this->file;
173	$f->name = $file['name'];
174	$f->mime = $file['type'];
175	$f->size = $file['size'];
176	$f->tempfile = $file['tmp_name'];
177	$f->error = $file['error'];
178	$result[] = $f;
179	}
180	return $result;
181	}
182
183	/**
184	* @param $files
185	*
186	* @return array
187	*/
188	public function diverseArray($files): array
189	{
190	$result = [];
191
192	foreach ($files as $key1 => $value1) {
193	foreach ($value1 as $key2 => $value2) {
194	$result[$key2][$key1] = $value2;
195	}
196	}
197
198	return $result;
199	}
200	}