[uguu.git] / static / php / includes / Upload.class.php

<?php
/*
 * Uguu
 *
 * @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */


require_once 'Core.namespace.php';

use Core\Database as Database;
use Core\Settings as Settings;

class Upload
{

    public static string $FILE_NAME;
    public static string $FILE_EXTENSION;
    public static string $FILE_MIME;
    public static string $SHA1;
    public static string $NEW_NAME;
    public static string $NEW_NAME_FULL;
    public static string $IP;

    public static string $FILE_SIZE;
    public static string $TEMP_FILE;


    public function reFiles($files): array
    {
        $result = [];
        $files = self::diverseArray($files);

        foreach ($files as $file) {
            self::$FILE_NAME = $file['name'];
            self::$FILE_SIZE = $file['size'];
            self::$TEMP_FILE = $file['tmp_name'];
            $result[] = [self::$FILE_NAME, self::$FILE_SIZE, self::$TEMP_FILE];
        }
        return $result;
    }

    public function diverseArray($files): array
    {
        $result = [];

        foreach ($files as $key1 => $value1) {
            foreach ($value1 as $key2 => $value2) {
                $result[$key2][$key1] = $value2;
            }
        }
        return $result;
    }

    public function uploadFile($file): array
    {
        (new Settings())->loadConfig();

        if (Settings::$ANTI_DUPE) {
            (new Database())->antiDupe();
        }

        (new Upload())->generateName($file);


        if (!is_dir(Settings::$FILES_ROOT)) {
            throw new Exception('File storage path not accessible.', 500);
        }

        if (!move_uploaded_file(self::$TEMP_FILE, Settings::$FILES_ROOT . self::$NEW_NAME_FULL)) {
            throw new Exception('Failed to move file to destination', 500);
        }

        if (!chmod(Settings::$FILES_ROOT . self::$NEW_NAME_FULL, 0644)) {
            throw new Exception('Failed to change file permissions', 500);
        }

        (new Database())->newIntoDB();

        if (Settings::$SSL) {
            $preURL = 'https://';
        } else {
            $preURL = 'http://';
        }

        return [
            'hash' => self::$SHA1,
            'name' => self::$FILE_NAME,
            'url' => $preURL . Settings::$URL . '/' . rawurlencode(self::$NEW_NAME_FULL),
            'size' => self::$FILE_SIZE
        ];
    }

    public function generateName($file): string
    {
        (new Upload())->fileInfo($file);

        do {
            if (Settings::$FILES_RETRIES === 0) {
                throw new Exception('Gave up trying to find an unused name!', 500);
            }

            self::$NEW_NAME = '';
            for ($i = 0; $i < Settings::$NAME_LENGTH; ++$i) {
                self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))];
            }

            if (isset(self::$FILE_EXTENSION) && self::$FILE_EXTENSION !== '') {
                self::$NEW_NAME_FULL = self::$NEW_NAME . '.' . self::$FILE_EXTENSION;
            }

            if (Settings::$BLACKLIST_DB) {
                (new Database())->checkFileBlacklist();
            }

            if (Settings::$FILTER_MODE) {
                self::checkMimeBlacklist();
                self::checkExtensionBlacklist();
            }
        } while ((new Database())->dbCheckNameExists() > 0);

        return self::$NEW_NAME_FULL;
    }

    public function fileInfo($file)
    {
        if (isset($_FILES['files'])) {
            self::$SHA1 = sha1_file(self::$TEMP_FILE);
            $finfo = finfo_open(FILEINFO_MIME_TYPE);
            self::$FILE_MIME = finfo_file($finfo, self::$TEMP_FILE);
            finfo_close($finfo);

            if (Settings::$LOG_IP) {
                self::$IP = $_SERVER['REMOTE_ADDR'];
            } else {
                self::$IP = '0';
            }

            foreach (Settings::$DOUBLE_DOTS as $DDOT) {
                if (stripos(strrev(self::$FILE_NAME), $DDOT) === 0) {
                    self::$FILE_EXTENSION = strrev($DDOT);
                } else {
                    self::$FILE_EXTENSION = pathinfo(self::$FILE_NAME, PATHINFO_EXTENSION);
                }
            }
        }
    }

    public function checkMimeBlacklist()
    {
        if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) {
            throw new Exception('Filetype not allowed.', 415);
        }
    }

    public function checkExtensionBlacklist()
    {
        if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) {
            throw new Exception('Filetype not allowed.', 415);
        }
    }
}
Commit	Line	Data
044a28cd GJ	1	<?php
	2	/*
	3	* Uguu
	4	*
	5	* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
	6	*
	7	* This program is free software: you can redistribute it and/or modify
	8	* it under the terms of the GNU General Public License as published by
	9	* the Free Software Foundation, either version 3 of the License, or
	10	* (at your option) any later version.
	11	*
	12	* This program is distributed in the hope that it will be useful,
	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	* GNU General Public License for more details.
	16	*
	17	* You should have received a copy of the GNU General Public License
	18	* along with this program. If not, see <https://www.gnu.org/licenses/>.
	19	*/
	20
	21
	22	require_once 'Core.namespace.php';
	23
	24	use Core\Database as Database;
044a28cd GJ	25	use Core\Settings as Settings;
	26
	27	class Upload
	28	{
82202428	29
044a28cd GJ	30	public static string $FILE_NAME;
	31	public static string $FILE_EXTENSION;
	32	public static string $FILE_MIME;
	33	public static string $SHA1;
044a28cd GJ	34	public static string $NEW_NAME;
	35	public static string $NEW_NAME_FULL;
	36	public static string $IP;
044a28cd	37
82202428 GJ	38	public static string $FILE_SIZE;
	39	public static string $TEMP_FILE;
	40
	41
	42	public function reFiles($files): array
	43	{
	44	$result = [];
	45	$files = self::diverseArray($files);
	46
	47	foreach ($files as $file) {
	48	self::$FILE_NAME = $file['name'];
	49	self::$FILE_SIZE = $file['size'];
	50	self::$TEMP_FILE = $file['tmp_name'];
	51	$result[] = [self::$FILE_NAME, self::$FILE_SIZE, self::$TEMP_FILE];
	52	}
	53	return $result;
	54	}
	55
	56	public function diverseArray($files): array
	57	{
	58	$result = [];
	59
	60	foreach ($files as $key1 => $value1) {
	61	foreach ($value1 as $key2 => $value2) {
	62	$result[$key2][$key1] = $value2;
	63	}
	64	}
	65	return $result;
	66	}
	67
044a28cd GJ	68	public function uploadFile($file): array
044a28cd GJ	69	{
82202428 GJ	70	(new Settings())->loadConfig();
82202428 GJ	71
044a28cd GJ	72	if (Settings::$ANTI_DUPE) {
	73	(new Database())->antiDupe();
	74	}
	75
82202428 GJ	76	(new Upload())->generateName($file);
82202428 GJ	77
044a28cd	78
82202428 GJ	79	if (!is_dir(Settings::$FILES_ROOT)) {
	80	throw new Exception('File storage path not accessible.', 500);
	81	}
	82
	83	if (!move_uploaded_file(self::$TEMP_FILE, Settings::$FILES_ROOT . self::$NEW_NAME_FULL)) {
	84	throw new Exception('Failed to move file to destination', 500);
044a28cd GJ	85	}
	86
	87	if (!chmod(Settings::$FILES_ROOT . self::$NEW_NAME_FULL, 0644)) {
82202428	88	throw new Exception('Failed to change file permissions', 500);
044a28cd GJ	89	}
	90
	91	(new Database())->newIntoDB();
	92
82202428 GJ	93	if (Settings::$SSL) {
	94	$preURL = 'https://';
	95	} else {
	96	$preURL = 'http://';
	97	}
	98
	99	return [
044a28cd GJ	100	'hash' => self::$SHA1,
044a28cd GJ	101	'name' => self::$FILE_NAME,
82202428	102	'url' => $preURL . Settings::$URL . '/' . rawurlencode(self::$NEW_NAME_FULL),
044a28cd	103	'size' => self::$FILE_SIZE
82202428	104	];
044a28cd GJ	105	}
044a28cd GJ	106
044a28cd GJ	107	public function generateName($file): string
044a28cd GJ	108	{
82202428	109	(new Upload())->fileInfo($file);
044a28cd GJ	110
044a28cd GJ	111	do {
044a28cd	112	if (Settings::$FILES_RETRIES === 0) {
82202428	113	throw new Exception('Gave up trying to find an unused name!', 500);
044a28cd GJ	114	}
044a28cd GJ	115
82202428	116	self::$NEW_NAME = '';
044a28cd GJ	117	for ($i = 0; $i < Settings::$NAME_LENGTH; ++$i) {
	118	self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))];
	119	}
	120
044a28cd GJ	121	if (isset(self::$FILE_EXTENSION) && self::$FILE_EXTENSION !== '') {
	122	self::$NEW_NAME_FULL = self::$NEW_NAME . '.' . self::$FILE_EXTENSION;
	123	}
	124
044a28cd GJ	125	if (Settings::$BLACKLIST_DB) {
	126	(new Database())->checkFileBlacklist();
	127	}
	128
044a28cd GJ	129	if (Settings::$FILTER_MODE) {
	130	self::checkMimeBlacklist();
	131	self::checkExtensionBlacklist();
	132	}
	133	} while ((new Database())->dbCheckNameExists() > 0);
	134
	135	return self::$NEW_NAME_FULL;
	136	}
	137
044a28cd GJ	138	public function fileInfo($file)
	139	{
	140	if (isset($_FILES['files'])) {
82202428	141	self::$SHA1 = sha1_file(self::$TEMP_FILE);
044a28cd	142	$finfo = finfo_open(FILEINFO_MIME_TYPE);
82202428	143	self::$FILE_MIME = finfo_file($finfo, self::$TEMP_FILE);
044a28cd GJ	144	finfo_close($finfo);
	145
	146	if (Settings::$LOG_IP) {
	147	self::$IP = $_SERVER['REMOTE_ADDR'];
	148	} else {
82202428	149	self::$IP = '0';
044a28cd	150	}
82202428 GJ	151
	152	foreach (Settings::$DOUBLE_DOTS as $DDOT) {
	153	if (stripos(strrev(self::$FILE_NAME), $DDOT) === 0) {
	154	self::$FILE_EXTENSION = strrev($DDOT);
044a28cd	155	} else {
82202428	156	self::$FILE_EXTENSION = pathinfo(self::$FILE_NAME, PATHINFO_EXTENSION);
044a28cd GJ	157	}
	158	}
	159	}
	160	}
	161
044a28cd GJ	162	public function checkMimeBlacklist()
	163	{
	164	if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) {
82202428	165	throw new Exception('Filetype not allowed.', 415);
044a28cd GJ	166	}
	167	}
	168
82202428	169	public function checkExtensionBlacklist()
044a28cd GJ	170	{
044a28cd GJ	171	if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) {
82202428	172	throw new Exception('Filetype not allowed.', 415);
044a28cd	173	}
044a28cd	174	}
82202428	175	}