]>
Commit | Line | Data |
---|---|---|
044a28cd GJ |
1 | <?php |
2 | /* | |
3 | * Uguu | |
4 | * | |
5 | * @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko> | |
6 | * | |
7 | * This program is free software: you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License as published by | |
9 | * the Free Software Foundation, either version 3 of the License, or | |
10 | * (at your option) any later version. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
15 | * GNU General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU General Public License | |
18 | * along with this program. If not, see <https://www.gnu.org/licenses/>. | |
19 | */ | |
20 | ||
21 | ||
22 | require_once 'Core.namespace.php'; | |
23 | ||
24 | use Core\Database as Database; | |
044a28cd GJ |
25 | use Core\Settings as Settings; |
26 | ||
27 | class Upload | |
28 | { | |
82202428 | 29 | |
044a28cd GJ |
30 | public static string $FILE_NAME; |
31 | public static string $FILE_EXTENSION; | |
32 | public static string $FILE_MIME; | |
33 | public static string $SHA1; | |
044a28cd GJ |
34 | public static string $NEW_NAME; |
35 | public static string $NEW_NAME_FULL; | |
36 | public static string $IP; | |
044a28cd | 37 | |
82202428 GJ |
38 | public static string $FILE_SIZE; |
39 | public static string $TEMP_FILE; | |
40 | ||
41 | ||
42 | public function reFiles($files): array | |
43 | { | |
44 | $result = []; | |
45 | $files = self::diverseArray($files); | |
46 | ||
47 | foreach ($files as $file) { | |
48 | self::$FILE_NAME = $file['name']; | |
49 | self::$FILE_SIZE = $file['size']; | |
50 | self::$TEMP_FILE = $file['tmp_name']; | |
51 | $result[] = [self::$FILE_NAME, self::$FILE_SIZE, self::$TEMP_FILE]; | |
52 | } | |
53 | return $result; | |
54 | } | |
55 | ||
56 | public function diverseArray($files): array | |
57 | { | |
58 | $result = []; | |
59 | ||
60 | foreach ($files as $key1 => $value1) { | |
61 | foreach ($value1 as $key2 => $value2) { | |
62 | $result[$key2][$key1] = $value2; | |
63 | } | |
64 | } | |
65 | return $result; | |
66 | } | |
67 | ||
044a28cd GJ |
68 | public function uploadFile($file): array |
69 | { | |
82202428 GJ |
70 | (new Settings())->loadConfig(); |
71 | ||
044a28cd GJ |
72 | if (Settings::$ANTI_DUPE) { |
73 | (new Database())->antiDupe(); | |
74 | } | |
75 | ||
82202428 GJ |
76 | (new Upload())->generateName($file); |
77 | ||
044a28cd | 78 | |
82202428 GJ |
79 | if (!is_dir(Settings::$FILES_ROOT)) { |
80 | throw new Exception('File storage path not accessible.', 500); | |
81 | } | |
82 | ||
83 | if (!move_uploaded_file(self::$TEMP_FILE, Settings::$FILES_ROOT . self::$NEW_NAME_FULL)) { | |
84 | throw new Exception('Failed to move file to destination', 500); | |
044a28cd GJ |
85 | } |
86 | ||
87 | if (!chmod(Settings::$FILES_ROOT . self::$NEW_NAME_FULL, 0644)) { | |
82202428 | 88 | throw new Exception('Failed to change file permissions', 500); |
044a28cd GJ |
89 | } |
90 | ||
91 | (new Database())->newIntoDB(); | |
92 | ||
82202428 GJ |
93 | if (Settings::$SSL) { |
94 | $preURL = 'https://'; | |
95 | } else { | |
96 | $preURL = 'http://'; | |
97 | } | |
98 | ||
99 | return [ | |
044a28cd GJ |
100 | 'hash' => self::$SHA1, |
101 | 'name' => self::$FILE_NAME, | |
82202428 | 102 | 'url' => $preURL . Settings::$URL . '/' . rawurlencode(self::$NEW_NAME_FULL), |
044a28cd | 103 | 'size' => self::$FILE_SIZE |
82202428 | 104 | ]; |
044a28cd GJ |
105 | } |
106 | ||
044a28cd GJ |
107 | public function generateName($file): string |
108 | { | |
82202428 | 109 | (new Upload())->fileInfo($file); |
044a28cd GJ |
110 | |
111 | do { | |
044a28cd | 112 | if (Settings::$FILES_RETRIES === 0) { |
82202428 | 113 | throw new Exception('Gave up trying to find an unused name!', 500); |
044a28cd GJ |
114 | } |
115 | ||
82202428 | 116 | self::$NEW_NAME = ''; |
044a28cd GJ |
117 | for ($i = 0; $i < Settings::$NAME_LENGTH; ++$i) { |
118 | self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))]; | |
119 | } | |
120 | ||
044a28cd GJ |
121 | if (isset(self::$FILE_EXTENSION) && self::$FILE_EXTENSION !== '') { |
122 | self::$NEW_NAME_FULL = self::$NEW_NAME . '.' . self::$FILE_EXTENSION; | |
123 | } | |
124 | ||
044a28cd GJ |
125 | if (Settings::$BLACKLIST_DB) { |
126 | (new Database())->checkFileBlacklist(); | |
127 | } | |
128 | ||
044a28cd GJ |
129 | if (Settings::$FILTER_MODE) { |
130 | self::checkMimeBlacklist(); | |
131 | self::checkExtensionBlacklist(); | |
132 | } | |
133 | } while ((new Database())->dbCheckNameExists() > 0); | |
134 | ||
135 | return self::$NEW_NAME_FULL; | |
136 | } | |
137 | ||
044a28cd GJ |
138 | public function fileInfo($file) |
139 | { | |
140 | if (isset($_FILES['files'])) { | |
82202428 | 141 | self::$SHA1 = sha1_file(self::$TEMP_FILE); |
044a28cd | 142 | $finfo = finfo_open(FILEINFO_MIME_TYPE); |
82202428 | 143 | self::$FILE_MIME = finfo_file($finfo, self::$TEMP_FILE); |
044a28cd GJ |
144 | finfo_close($finfo); |
145 | ||
146 | if (Settings::$LOG_IP) { | |
147 | self::$IP = $_SERVER['REMOTE_ADDR']; | |
148 | } else { | |
82202428 | 149 | self::$IP = '0'; |
044a28cd | 150 | } |
82202428 GJ |
151 | |
152 | foreach (Settings::$DOUBLE_DOTS as $DDOT) { | |
153 | if (stripos(strrev(self::$FILE_NAME), $DDOT) === 0) { | |
154 | self::$FILE_EXTENSION = strrev($DDOT); | |
044a28cd | 155 | } else { |
82202428 | 156 | self::$FILE_EXTENSION = pathinfo(self::$FILE_NAME, PATHINFO_EXTENSION); |
044a28cd GJ |
157 | } |
158 | } | |
159 | } | |
160 | } | |
161 | ||
044a28cd GJ |
162 | public function checkMimeBlacklist() |
163 | { | |
164 | if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) { | |
82202428 | 165 | throw new Exception('Filetype not allowed.', 415); |
044a28cd GJ |
166 | } |
167 | } | |
168 | ||
82202428 | 169 | public function checkExtensionBlacklist() |
044a28cd GJ |
170 | { |
171 | if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) { | |
82202428 | 172 | throw new Exception('Filetype not allowed.', 415); |
044a28cd | 173 | } |
044a28cd | 174 | } |
82202428 | 175 | } |