]> jfr.im git - uguu.git/blob - src/Classes/Database.php
projects / uguu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fixes
[uguu.git] / src / Classes / Database.php
1 <?php
2
3 /**
4 * Uguu
5 *
6 * @copyright Copyright (c) 2022 Go Johansson (nokonoko) <neku@pomf.se>
7 *
8 * This program is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see <https://www.gnu.org/licenses/>.
20 */
21
22 namespace Pomf\Uguu\Classes;
23
24 use DateTimeZone;
25 use Exception;
26 use PDO;
27 use DateTime;
28
29 class Database
30 {
31 private PDO $DB;
32
33 /**
34 * Sets the value of the DB variable.
35 *
36 * @param $DB PDO The database connection.
37 */
38 public function setDB(PDO $DB): void
39 {
40 $this->DB = $DB;
41 }
42
43 /**
44 * Checks if a file name exists in the database
45 *
46 * @param $name string The name of the file.
47 *
48 * @return bool The number of rows that match the query.
49 * @throws \Exception
50 */
51 public function dbCheckNameExists(string $name): bool
52 {
53 try {
54 $q = $this->DB->prepare('SELECT * FROM files WHERE EXISTS
55 (SELECT filename FROM files WHERE filename = (:name)) LIMIT 1');
56 $q->bindValue(':name', $name);
57 $q->execute();
58 $result = $q->fetch();
59 if ($result) {
60 return true;
61 }
62 return false;
63 } catch (Exception) {
64 throw new Exception('Cant check if name exists in DB.', 500);
65 }
66 }
67
68 /**
69 * Checks if the file is blacklisted
70 *
71 * @param $FILE_INFO array An array containing the following:
72 *
73 * @throws \Exception
74 */
75 public function checkFileBlacklist(array $FILE_INFO): void
76 {
77 try {
78 $q = $this->DB->prepare('SELECT * FROM blacklist WHERE EXISTS
79 (SELECT hash FROM blacklist WHERE hash = (:hash)) LIMIT 1');
80 $q->bindValue(':hash', $FILE_INFO['SHA1']);
81 $q->execute();
82 $result = $q->fetch();
83 if ($result) {
84 throw new Exception('File blacklisted!', 415);
85 }
86 } catch (Exception) {
87 throw new Exception('Cant check blacklist DB.', 500);
88 }
89 }
90
91 /**
92 * Checks if the file already exists in the database
93 *
94 * @param $hash string The hash of the file you want to check for.
95 *
96 * @throws \Exception
97 */
98 public function antiDupe(string $hash): array
99 {
100 try {
101 $q = $this->DB->prepare(
102 'SELECT * FROM files WHERE EXISTS
103 (SELECT filename FROM files WHERE hash = (:hash)) LIMIT 1',
104 );
105 $q->bindValue(':hash', $hash);
106 $q->execute();
107 $result = $q->fetch();
108 if ($result) {
109 return [
110 'result' => true,
111 'name' => $result['filename'],
112 ];
113 } else {
114 return [
115 'result' => false
116 ];
117 }
118 } catch (Exception) {
119 throw new Exception('Cant check for dupes in DB.', 500);
120 }
121 }
122
123 /**
124 * Inserts a new file into the database
125 *
126 * @param $FILE_INFO array
127 * @param $fingerPrintInfo array
128 *
129 * @throws \Exception
130 */
131 public function newIntoDB(array $FILE_INFO, array $fingerPrintInfo): void
132 {
133 try {
134 $q = $this->DB->prepare(
135 'INSERT INTO files (hash, originalname, filename, size, date, ip)' .
136 'VALUES (:hash, :orig, :name, :size, :date, :ip)',
137 );
138 $q->bindValue(':hash', $FILE_INFO['SHA1']);
139 $q->bindValue(':orig', $FILE_INFO['NAME']);
140 $q->bindValue(':name', $FILE_INFO['NEW_NAME']);
141 $q->bindValue(':size', $FILE_INFO['SIZE'], PDO::PARAM_INT);
142 $q->bindValue(':date', $fingerPrintInfo['timestamp']);
143 $q->bindValue(':ip', $fingerPrintInfo['ip']);
144 $q->execute();
145 } catch (Exception) {
146 throw new Exception('Cant insert into DB.', 500);
147 }
148 }
149
150 /**
151 * Creates a new row in the database with the information provided
152 *
153 * @param $fingerPrintInfo array
154 *
155 * @throws \Exception
156 */
157 public function createRateLimit(array $fingerPrintInfo): void
158 {
159 try {
160 $q = $this->DB->prepare(
161 'INSERT INTO ratelimit (iphash, files, time)' .
162 'VALUES (:iphash, :files, :time)',
163 );
164 $q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
165 $q->bindValue(':files', $fingerPrintInfo['files_amount']);
166 $q->bindValue(':time', $fingerPrintInfo['timestamp']);
167 $q->execute();
168 } catch (Exception $e) {
169 throw new Exception(500, $e->getMessage());
170 }
171 }
172
173 /**
174 * Update the rate limit table with the new file count and timestamp
175 *
176 * @param $fCount int The number of files uploaded by the user.
177 * @param $iStamp bool A boolean value that determines whether or not to update the timestamp.
178 * @param $fingerPrintInfo array An array containing the following keys:
179 *
180 * @throws \Exception
181 */
182 public function updateRateLimit(int $fCount, bool $iStamp, array $fingerPrintInfo): void
183 {
184 try {
185 if ($iStamp) {
186 $q = $this->DB->prepare(
187 'UPDATE ratelimit SET files = (:files), time = (:time) WHERE iphash = (:iphash)',
188 );
189 $q->bindValue(':time', $fingerPrintInfo['timestamp']);
190 } else {
191 $q = $this->DB->prepare(
192 'UPDATE ratelimit SET files = (:files) WHERE iphash = (:iphash)',
193 );
194 }
195 $q->bindValue(':files', $fCount);
196 $q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
197 $q->execute();
198 } catch (Exception $e) {
199 throw new Exception(500, $e->getMessage());
200 }
201 }
202
203 /**
204 * @throws \Exception
205 */
206 public function compareTime(int $timestamp, int $seconds_d): bool
207 {
208 $dateTime_end = new DateTime('now', new DateTimeZone('Europe/Stockholm'));
209 $dateTime_start = new DateTime();
210 $dateTime_start->setTimestamp($timestamp);
211 $diff = strtotime($dateTime_end->format('Y-m-d H:i:s')) - strtotime($dateTime_start->format('Y-m-d H:i:s'));
212 if ($diff > $seconds_d) {
213 return true;
214 }
215 return false;
216 }
217
218 /**
219 * Checks if the user has uploaded more than 100 files in the last minute, if so it returns true,
220 * if not it updates the database with the new file
221 * count and timestamp
222 *
223 * @param $fingerPrintInfo array An array containing the following:
224 *
225 * @return bool A boolean value.
226 * @throws \Exception
227 */
228 public function checkRateLimit(array $fingerPrintInfo, int $rateTimeout, int $fileLimit): bool
229 {
230 $q = $this->DB->prepare(
231 'SELECT files, time, iphash, COUNT(*) AS count FROM ratelimit WHERE iphash = (:iphash)',
232 );
233 $q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
234 $q->execute();
235 $result = $q->fetch();
236
237 //If there is no other match a record does not exist, create one.
238 if (!$result['count'] > 0) {
239 $this->createRateLimit($fingerPrintInfo);
240 return false;
241 }
242
243 // Apply rate-limit when file count reached and timeout not reached.
244 if ($result['files'] === $fileLimit and !$this->compareTime($result['time'], $rateTimeout)) {
245 return true;
246 }
247
248 // Update timestamp if timeout reached.
249 if ($this->compareTime($result['time'], $rateTimeout)) {
250 $this->updateRateLimit($fingerPrintInfo['files_amount'], true, $fingerPrintInfo);
251 return false;
252 }
253
254 // Add filecount, timeout not reached.
255 if ($result['files'] < $fileLimit and !$this->compareTime($result['time'], $rateTimeout)) {
256 $this->updateRateLimit($result['files'] + $fingerPrintInfo['files_amount'], false, $fingerPrintInfo);
257 return false;
258 }
259
260 return false;
261 }
262 }
Image host (fork of https://github.com/nokonoko/Uguu)