]>
Commit | Line | Data |
---|---|---|
044a28cd GJ |
1 | <?php |
2 | /* | |
3 | * Uguu | |
4 | * | |
5156099c | 5 | * @copyright Copyright (c) 2022 Go Johansson (nokonoko) <neku@pomf.se> |
044a28cd GJ |
6 | * |
7 | * This program is free software: you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License as published by | |
9 | * the Free Software Foundation, either version 3 of the License, or | |
10 | * (at your option) any later version. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
15 | * GNU General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU General Public License | |
18 | * along with this program. If not, see <https://www.gnu.org/licenses/>. | |
19 | */ | |
20 | ||
21 | ||
22 | require_once 'Core.namespace.php'; | |
23 | ||
24 | use Core\Database as Database; | |
044a28cd GJ |
25 | use Core\Settings as Settings; |
26 | ||
27 | class Upload | |
28 | { | |
82202428 | 29 | |
044a28cd GJ |
30 | public static string $FILE_NAME; |
31 | public static string $FILE_EXTENSION; | |
32 | public static string $FILE_MIME; | |
33 | public static string $SHA1; | |
044a28cd GJ |
34 | public static string $NEW_NAME; |
35 | public static string $NEW_NAME_FULL; | |
36 | public static string $IP; | |
044a28cd | 37 | |
82202428 GJ |
38 | public static string $FILE_SIZE; |
39 | public static string $TEMP_FILE; | |
40 | ||
41 | ||
6b16f63c | 42 | public static function reFiles($files): array |
82202428 GJ |
43 | { |
44 | $result = []; | |
45 | $files = self::diverseArray($files); | |
46 | ||
47 | foreach ($files as $file) { | |
48 | self::$FILE_NAME = $file['name']; | |
49 | self::$FILE_SIZE = $file['size']; | |
50 | self::$TEMP_FILE = $file['tmp_name']; | |
45bc029d GJ |
51 | self::$SHA1 = sha1_file(self::$TEMP_FILE); |
52 | $result[] = [self::$FILE_NAME, self::$FILE_SIZE, self::$TEMP_FILE, self::$SHA1]; | |
82202428 GJ |
53 | } |
54 | return $result; | |
55 | } | |
56 | ||
6b16f63c | 57 | public static function diverseArray($files): array |
82202428 GJ |
58 | { |
59 | $result = []; | |
60 | ||
61 | foreach ($files as $key1 => $value1) { | |
62 | foreach ($value1 as $key2 => $value2) { | |
63 | $result[$key2][$key1] = $value2; | |
64 | } | |
65 | } | |
66 | return $result; | |
67 | } | |
68 | ||
4c21cfa0 GJ |
69 | /** |
70 | * @throws Exception | |
71 | */ | |
6b16f63c | 72 | public static function uploadFile(): array |
044a28cd | 73 | { |
6b16f63c GJ |
74 | Settings::loadConfig(); |
75 | self::fileInfo(); | |
82202428 | 76 | |
0a3934c2 | 77 | if (Settings::$BLACKLIST_DB) { |
6b16f63c | 78 | Database::checkFileBlacklist(); |
044a28cd GJ |
79 | } |
80 | ||
0a3934c2 GJ |
81 | if (Settings::$FILTER_MODE) { |
82 | self::checkMimeBlacklist(); | |
3b67377c GJ |
83 | if(!is_null(self::$FILE_EXTENSION)){ |
84 | self::checkExtensionBlacklist(); | |
85 | } | |
0a3934c2 | 86 | } |
82202428 | 87 | |
0a3934c2 | 88 | if (Settings::$ANTI_DUPE) { |
6b16f63c | 89 | Database::antiDupe(); |
0a3934c2 GJ |
90 | } |
91 | ||
92 | if (!Settings::$ANTI_DUPE) { | |
6b16f63c | 93 | self::generateName(); |
0a3934c2 | 94 | } |
044a28cd | 95 | |
82202428 GJ |
96 | if (!is_dir(Settings::$FILES_ROOT)) { |
97 | throw new Exception('File storage path not accessible.', 500); | |
98 | } | |
99 | ||
100 | if (!move_uploaded_file(self::$TEMP_FILE, Settings::$FILES_ROOT . self::$NEW_NAME_FULL)) { | |
101 | throw new Exception('Failed to move file to destination', 500); | |
044a28cd GJ |
102 | } |
103 | ||
104 | if (!chmod(Settings::$FILES_ROOT . self::$NEW_NAME_FULL, 0644)) { | |
82202428 | 105 | throw new Exception('Failed to change file permissions', 500); |
044a28cd GJ |
106 | } |
107 | ||
6b16f63c | 108 | Database::newIntoDB(); |
044a28cd | 109 | |
82202428 GJ |
110 | if (Settings::$SSL) { |
111 | $preURL = 'https://'; | |
112 | } else { | |
113 | $preURL = 'http://'; | |
114 | } | |
115 | ||
116 | return [ | |
044a28cd GJ |
117 | 'hash' => self::$SHA1, |
118 | 'name' => self::$FILE_NAME, | |
82202428 | 119 | 'url' => $preURL . Settings::$URL . '/' . rawurlencode(self::$NEW_NAME_FULL), |
044a28cd | 120 | 'size' => self::$FILE_SIZE |
82202428 | 121 | ]; |
044a28cd | 122 | } |
0a3934c2 | 123 | |
fb13a2a3 GJ |
124 | public static function getIP() |
125 | { | |
126 | if (!empty($_SERVER['HTTP_CLIENT_IP'])) { | |
127 | self::$IP = $_SERVER['HTTP_CLIENT_IP']; | |
128 | } | |
129 | if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { | |
130 | self::$IP = $_SERVER['HTTP_X_FORWARDED_FOR']; | |
131 | } | |
132 | if (!isset(self::$IP)) { | |
133 | self::$IP = $_SERVER['REMOTE_ADDR']; | |
134 | } | |
135 | } | |
136 | ||
6b16f63c | 137 | public static function fileInfo() |
8fa8e4d3 GJ |
138 | { |
139 | if (isset($_FILES['files'])) { | |
8fa8e4d3 GJ |
140 | $finfo = finfo_open(FILEINFO_MIME_TYPE); |
141 | self::$FILE_MIME = finfo_file($finfo, self::$TEMP_FILE); | |
8fa8e4d3 | 142 | finfo_close($finfo); |
044a28cd | 143 | |
fb13a2a3 | 144 | $extension = explode('.', self::$FILE_NAME); |
3b67377c GJ |
145 | if(substr_count(self::$FILE_NAME, '.') === 0) { |
146 | self::$FILE_EXTENSION = null; | |
147 | } elseif(substr_count(self::$FILE_NAME, '.') > 1) { | |
148 | self::$FILE_EXTENSION = $extension[count($extension)-2].'.'.$extension[count($extension)-1]; | |
149 | } else { | |
150 | self::$FILE_EXTENSION = $extension[count($extension)-1]; | |
151 | } | |
fb13a2a3 | 152 | |
8fa8e4d3 | 153 | if (Settings::$LOG_IP) { |
fb13a2a3 | 154 | self::getIP(); |
8fa8e4d3 | 155 | } else { |
fb13a2a3 | 156 | self::$IP = null; |
8fa8e4d3 GJ |
157 | } |
158 | } | |
159 | } | |
0a3934c2 | 160 | |
4c21cfa0 GJ |
161 | /** |
162 | * @throws Exception | |
163 | */ | |
6b16f63c | 164 | public static function checkMimeBlacklist() |
044a28cd | 165 | { |
0a3934c2 GJ |
166 | if (in_array(self::$FILE_MIME, Settings::$BLOCKED_MIME)) { |
167 | throw new Exception('Filetype not allowed.', 415); | |
168 | } | |
169 | } | |
170 | ||
171 | /** | |
2d0bf4f3 GJ |
172 | * Check if file extension is blacklisted |
173 | * if it does throw an exception. | |
174 | * | |
0a3934c2 GJ |
175 | * @throws Exception |
176 | */ | |
6b16f63c | 177 | public static function checkExtensionBlacklist() |
0a3934c2 GJ |
178 | { |
179 | if (in_array(self::$FILE_EXTENSION, Settings::$BLOCKED_EXTENSIONS)) { | |
180 | throw new Exception('Filetype not allowed.', 415); | |
181 | } | |
182 | } | |
044a28cd | 183 | |
0a3934c2 GJ |
184 | /** |
185 | * @throws Exception | |
186 | */ | |
6b16f63c | 187 | public static function generateName() |
0a3934c2 | 188 | { |
044a28cd | 189 | do { |
044a28cd | 190 | if (Settings::$FILES_RETRIES === 0) { |
82202428 | 191 | throw new Exception('Gave up trying to find an unused name!', 500); |
044a28cd GJ |
192 | } |
193 | ||
82202428 | 194 | self::$NEW_NAME = ''; |
044a28cd GJ |
195 | for ($i = 0; $i < Settings::$NAME_LENGTH; ++$i) { |
196 | self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))]; | |
197 | } | |
198 | ||
3b67377c GJ |
199 | self::$NEW_NAME_FULL = self::$NEW_NAME; |
200 | ||
201 | if (!is_null(self::$FILE_EXTENSION)) { | |
0a3934c2 | 202 | self::$NEW_NAME_FULL .= '.' . self::$FILE_EXTENSION; |
044a28cd | 203 | } |
3b67377c | 204 | |
6b16f63c | 205 | } while (Database::dbCheckNameExists() > 0); |
044a28cd | 206 | } |
0a3934c2 | 207 | } |