[uguu.git] / static / php / includes / Upload.class.php

<?php
/*
 * Uguu
 *
 * @copyright Copyright (c) 2022 Go Johansson (nokonoko) <neku@pomf.se>
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */


require_once 'Core.namespace.php';

use Core\Database as Database;
use Core\Settings as Settings;

class Upload
{

    public static string $FILE_NAME;
    public static mixed $FILE_EXTENSION;
    public static string $FILE_MIME;
    public static string $SHA1;
    public static string $NEW_NAME;
    public static string $NEW_NAME_FULL;
    public static mixed $IP;

    public static string $FILE_SIZE;
    public static string $TEMP_FILE;


    public static function reFiles($files): array
    {
        $result = [];
        $files = self::diverseArray($files);

        foreach ($files as $file) {
            self::$FILE_NAME = strip_tags($file['name']);
            self::$FILE_SIZE = $file['size'];
            self::$TEMP_FILE = $file['tmp_name'];
            self::$SHA1 = sha1_file(self::$TEMP_FILE);
            $result[] = [self::$FILE_NAME, self::$FILE_SIZE, self::$TEMP_FILE, self::$SHA1];
        }
        return $result;
    }

    public static function diverseArray($files): array
    {
        $result = [];

        foreach ($files as $key1 => $value1) {
            foreach ($value1 as $key2 => $value2) {
                $result[$key2][$key1] = $value2;
            }
        }
        return $result;
    }

    /**
     * @throws Exception
     */
    public static function uploadFile(): array
    {
        Settings::loadConfig();
        self::fileInfo();

        if (Settings::$BLACKLIST_DB) {
            Database::checkFileBlacklist();
        }

        if (Settings::$FILTER_MODE) {
            self::checkMimeBlacklist();
            if(!is_null(self::$FILE_EXTENSION)){
                self::checkExtensionBlacklist();
            }
        }

        if (Settings::$ANTI_DUPE) {
            Database::antiDupe();
        }

        if (!Settings::$ANTI_DUPE) {
            self::generateName();
        }

        if (!is_dir(Settings::$FILES_ROOT)) {
            throw new Exception('File storage path not accessible.', 500);
        }

        if (!move_uploaded_file(self::$TEMP_FILE, Settings::$FILES_ROOT . self::$NEW_NAME_FULL)) {
            throw new Exception('Failed to move file to destination', 500);
        }

        if (!chmod(Settings::$FILES_ROOT . self::$NEW_NAME_FULL, 0644)) {
            throw new Exception('Failed to change file permissions', 500);
        }

        Database::newIntoDB();

        if (Settings::$SSL) {
            $preURL = 'https://';
        } else {
            $preURL = 'http://';
        }

        return [
            'hash' => self::$SHA1,
            'name' => self::$FILE_NAME,
            'url' => $preURL . Settings::$URL . '/' . rawurlencode(self::$NEW_NAME_FULL),
            'size' => self::$FILE_SIZE
        ];
    }

    public static function getIP()
    {
        if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
            self::$IP = $_SERVER['HTTP_CLIENT_IP'];
        }
        if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
            self::$IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
        }
        if (!isset(self::$IP)) {
            self::$IP = $_SERVER['REMOTE_ADDR'];
        }
    }

    public static function fileInfo()
    {
        if (isset($_FILES['files'])) {
            $finfo = finfo_open(FILEINFO_MIME_TYPE);
            self::$FILE_MIME = finfo_file($finfo, self::$TEMP_FILE);
            finfo_close($finfo);

            $extension = explode('.', self::$FILE_NAME);
            if(substr_count(self::$FILE_NAME, '.') > 0) {
                self::$FILE_EXTENSION = $extension[count($extension)-1];
            } else {
                self::$FILE_EXTENSION = null;
            }

            if (Settings::$LOG_IP) {
                self::getIP();
            } else {
                self::$IP = null;
            }
        }
    }

    /**
     * @throws Exception
     */
    public static function checkMimeBlacklist()
    {
        if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) {
            throw new Exception('Filetype not allowed.', 415);
        }
    }

    /**
     * Check if file extension is blacklisted
     * if it does throw an exception.
     *
     * @throws Exception
     */
    public static function checkExtensionBlacklist()
    {
        if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) {
            throw new Exception('Filetype not allowed.', 415);
        }
    }

    /**
     * @throws Exception
     */
    public static function generateName()
    {
        do {
            if (Settings::$FILES_RETRIES === 0) {
                throw new Exception('Gave up trying to find an unused name!', 500);
            }

            self::$NEW_NAME = '';
            for ($i = 0; $i < Settings::$NAME_LENGTH; ++$i) {
                self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))];
            }

            self::$NEW_NAME_FULL = self::$NEW_NAME;

            if (!is_null(self::$FILE_EXTENSION)) {
                self::$NEW_NAME_FULL .= '.' . self::$FILE_EXTENSION;
            }

        } while (Database::dbCheckNameExists() > 0);
    }
}
Commit	Line	Data
044a28cd GJ	1	<?php
	2	/*
	3	* Uguu
	4	*
5156099c	5	* @copyright Copyright (c) 2022 Go Johansson (nokonoko) <neku@pomf.se>
044a28cd GJ	6	*
	7	* This program is free software: you can redistribute it and/or modify
	8	* it under the terms of the GNU General Public License as published by
	9	* the Free Software Foundation, either version 3 of the License, or
	10	* (at your option) any later version.
	11	*
	12	* This program is distributed in the hope that it will be useful,
	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	* GNU General Public License for more details.
	16	*
	17	* You should have received a copy of the GNU General Public License
	18	* along with this program. If not, see <https://www.gnu.org/licenses/>.
	19	*/
	20
	21
	22	require_once 'Core.namespace.php';
	23
	24	use Core\Database as Database;
044a28cd GJ	25	use Core\Settings as Settings;
	26
	27	class Upload
	28	{
82202428	29
044a28cd	30	public static string $FILE_NAME;
e08efcd9	31	public static mixed $FILE_EXTENSION;
044a28cd GJ	32	public static string $FILE_MIME;
044a28cd GJ	33	public static string $SHA1;
044a28cd GJ	34	public static string $NEW_NAME;
044a28cd GJ	35	public static string $NEW_NAME_FULL;
e08efcd9	36	public static mixed $IP;
044a28cd	37
82202428 GJ	38	public static string $FILE_SIZE;
	39	public static string $TEMP_FILE;
	40
	41
6b16f63c	42	public static function reFiles($files): array
82202428 GJ	43	{
	44	$result = [];
	45	$files = self::diverseArray($files);
	46
	47	foreach ($files as $file) {
32cba581	48	self::$FILE_NAME = strip_tags($file['name']);
82202428 GJ	49	self::$FILE_SIZE = $file['size'];
82202428 GJ	50	self::$TEMP_FILE = $file['tmp_name'];
45bc029d GJ	51	self::$SHA1 = sha1_file(self::$TEMP_FILE);
45bc029d GJ	52	$result[] = [self::$FILE_NAME, self::$FILE_SIZE, self::$TEMP_FILE, self::$SHA1];
82202428 GJ	53	}
	54	return $result;
	55	}
	56
6b16f63c	57	public static function diverseArray($files): array
82202428 GJ	58	{
	59	$result = [];
	60
	61	foreach ($files as $key1 => $value1) {
	62	foreach ($value1 as $key2 => $value2) {
	63	$result[$key2][$key1] = $value2;
	64	}
	65	}
	66	return $result;
	67	}
	68
4c21cfa0 GJ	69	/**
	70	* @throws Exception
	71	*/
6b16f63c	72	public static function uploadFile(): array
044a28cd	73	{
6b16f63c GJ	74	Settings::loadConfig();
6b16f63c GJ	75	self::fileInfo();
82202428	76
0a3934c2	77	if (Settings::$BLACKLIST_DB) {
6b16f63c	78	Database::checkFileBlacklist();
044a28cd GJ	79	}
044a28cd GJ	80
0a3934c2 GJ	81	if (Settings::$FILTER_MODE) {
0a3934c2 GJ	82	self::checkMimeBlacklist();
3b67377c GJ	83	if(!is_null(self::$FILE_EXTENSION)){
	84	self::checkExtensionBlacklist();
	85	}
0a3934c2	86	}
82202428	87
0a3934c2	88	if (Settings::$ANTI_DUPE) {
6b16f63c	89	Database::antiDupe();
0a3934c2 GJ	90	}
	91
	92	if (!Settings::$ANTI_DUPE) {
6b16f63c	93	self::generateName();
0a3934c2	94	}
044a28cd	95
82202428 GJ	96	if (!is_dir(Settings::$FILES_ROOT)) {
	97	throw new Exception('File storage path not accessible.', 500);
	98	}
	99
	100	if (!move_uploaded_file(self::$TEMP_FILE, Settings::$FILES_ROOT . self::$NEW_NAME_FULL)) {
	101	throw new Exception('Failed to move file to destination', 500);
044a28cd GJ	102	}
	103
	104	if (!chmod(Settings::$FILES_ROOT . self::$NEW_NAME_FULL, 0644)) {
82202428	105	throw new Exception('Failed to change file permissions', 500);
044a28cd GJ	106	}
044a28cd GJ	107
6b16f63c	108	Database::newIntoDB();
044a28cd	109
82202428 GJ	110	if (Settings::$SSL) {
	111	$preURL = 'https://';
	112	} else {
	113	$preURL = 'http://';
	114	}
	115
	116	return [
044a28cd GJ	117	'hash' => self::$SHA1,
044a28cd GJ	118	'name' => self::$FILE_NAME,
82202428	119	'url' => $preURL . Settings::$URL . '/' . rawurlencode(self::$NEW_NAME_FULL),
044a28cd	120	'size' => self::$FILE_SIZE
82202428	121	];
044a28cd	122	}
0a3934c2	123
fb13a2a3 GJ	124	public static function getIP()
	125	{
	126	if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
	127	self::$IP = $_SERVER['HTTP_CLIENT_IP'];
	128	}
	129	if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
	130	self::$IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
	131	}
	132	if (!isset(self::$IP)) {
	133	self::$IP = $_SERVER['REMOTE_ADDR'];
	134	}
	135	}
	136
6b16f63c	137	public static function fileInfo()
8fa8e4d3 GJ	138	{
8fa8e4d3 GJ	139	if (isset($_FILES['files'])) {
8fa8e4d3 GJ	140	$finfo = finfo_open(FILEINFO_MIME_TYPE);
8fa8e4d3 GJ	141	self::$FILE_MIME = finfo_file($finfo, self::$TEMP_FILE);
8fa8e4d3	142	finfo_close($finfo);
044a28cd	143
fb13a2a3	144	$extension = explode('.', self::$FILE_NAME);
3465b592	145	if(substr_count(self::$FILE_NAME, '.') > 0) {
3b67377c	146	self::$FILE_EXTENSION = $extension[count($extension)-1];
3465b592 GJ	147	} else {
3465b592 GJ	148	self::$FILE_EXTENSION = null;
3b67377c	149	}
fb13a2a3	150
8fa8e4d3	151	if (Settings::$LOG_IP) {
fb13a2a3	152	self::getIP();
8fa8e4d3	153	} else {
fb13a2a3	154	self::$IP = null;
8fa8e4d3 GJ	155	}
	156	}
	157	}
0a3934c2	158
4c21cfa0 GJ	159	/**
	160	* @throws Exception
	161	*/
6b16f63c	162	public static function checkMimeBlacklist()
044a28cd	163	{
0a3934c2 GJ	164	if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) {
	165	throw new Exception('Filetype not allowed.', 415);
	166	}
	167	}
	168
	169	/**
2d0bf4f3 GJ	170	* Check if file extension is blacklisted
	171	* if it does throw an exception.
	172	*
0a3934c2 GJ	173	* @throws Exception
0a3934c2 GJ	174	*/
6b16f63c	175	public static function checkExtensionBlacklist()
0a3934c2 GJ	176	{
	177	if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) {
	178	throw new Exception('Filetype not allowed.', 415);
	179	}
	180	}
044a28cd	181
0a3934c2 GJ	182	/**
	183	* @throws Exception
	184	*/
6b16f63c	185	public static function generateName()
0a3934c2	186	{
044a28cd	187	do {
044a28cd	188	if (Settings::$FILES_RETRIES === 0) {
82202428	189	throw new Exception('Gave up trying to find an unused name!', 500);
044a28cd GJ	190	}
044a28cd GJ	191
82202428	192	self::$NEW_NAME = '';
044a28cd GJ	193	for ($i = 0; $i < Settings::$NAME_LENGTH; ++$i) {
	194	self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))];
	195	}
	196
3b67377c GJ	197	self::$NEW_NAME_FULL = self::$NEW_NAME;
	198
	199	if (!is_null(self::$FILE_EXTENSION)) {
0a3934c2	200	self::$NEW_NAME_FULL .= '.' . self::$FILE_EXTENSION;
044a28cd	201	}
3b67377c	202
6b16f63c	203	} while (Database::dbCheckNameExists() > 0);
044a28cd	204	}
0a3934c2	205	}