X-Git-Url: https://jfr.im/git/uguu.git/blobdiff_plain/317f6899046421f99276b7656f025f3fcc030ae2..d90f9e58e900128fe1920ef780c6018d7dcb11b6:/static/php/upload.php diff --git a/static/php/upload.php b/static/php/upload.php index 6c6786b..23200cc 100644 --- a/static/php/upload.php +++ b/static/php/upload.php @@ -3,7 +3,6 @@ * Handles POST uploads, generates filenames, moves files around and commits * uploaded metadata to database. */ - require_once 'classes/Response.class.php'; require_once 'classes/UploadException.class.php'; require_once 'classes/UploadedFile.class.php'; @@ -24,9 +23,11 @@ function generateName($file) // We start at N retries, and --N until we give up $tries = UGUU_FILES_RETRIES; $length = UGUU_FILES_LENGTH; + //Get EXT $ext = pathinfo($file->name, PATHINFO_EXTENSION); - //Get mime + + //Get MIME $finfo = finfo_open(FILEINFO_MIME_TYPE); $type_mime = finfo_file($finfo, $file->tempfile); finfo_close($finfo); @@ -42,8 +43,8 @@ function generateName($file) do { // Iterate until we reach the maximum number of retries if ($tries-- === 0) { - http_response_code(500); - throw new Exception( + http_response_code(500); + throw new Exception( 'Gave up trying to find an unused name', 500 ); // HTTP status code "500 Internal Server Error" @@ -60,17 +61,16 @@ function generateName($file) $name .= '.'.$ext; } - //Check if mime is blacklisted - if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) { - http_response_code(415); - throw new Exception ('Extension type not allowed.'); + //Check if MIME is blacklisted + if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) { + http_response_code(415); + throw new UploadException(UPLOAD_ERR_EXTENSION); exit(0); - } - + } //Check if EXT is blacklisted if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) { - http_response_code(415); - throw new Exception ('Extension type not allowed.'); + http_response_code(415); + throw new UploadException(UPLOAD_ERR_EXTENSION); exit(0); } @@ -80,9 +80,10 @@ function generateName($file) $q->execute(); $result = $q->fetchColumn(); // If it does, generate a new name - } while ($result > 0); - return $name; - } + } while ($result > 0); + + return $name; +} /** * Handles the uploading and db entry for a file. @@ -102,19 +103,41 @@ function uploadFile($file) throw new UploadException($file->error); } - // Generate a name for the file - $newname = generateName($file); + //fixes a bug + $lol = $file->getSha1(); + + // Check if a file with the same hash and size (a file which is the same) + // does already exist in the database; if it does, return the proper link + // and data. PHP deletes the temporary file just uploaded automatically. + if(ANTI_DUPE == 'true'){ + $q = $db->prepare('SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash) AND size = (:size)'); + $q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR); + $q->bindValue(':size', $file->size, PDO::PARAM_INT); + $q->execute(); + $result = $q->fetch(); + if ($result['count'] > 0) { + return [ + 'hash' => $file->getSha1(), + 'name' => $file->name, + 'url' => UGUU_URL.rawurlencode($result['filename']), + 'size' => $file->size, + ]; + } +} // Get IP $ip = $_SERVER['REMOTE_ADDR']; + // Generate a name for the file + $newname = generateName($file); + // Store the file's full file path in memory - $uploadFile = UGUU_FILES_ROOT . $newname; + $uploadFile = UGUU_FILES_ROOT.$newname; // Attempt to move it to the static directory if (!move_uploaded_file($file->tempfile, $uploadFile)) { - http_response_code(500); - throw new Exception( + http_response_code(500); + throw new Exception( 'Failed to move file to destination', 500 ); // HTTP status code "500 Internal Server Error" @@ -122,47 +145,46 @@ function uploadFile($file) // Need to change permissions for the new file to make it world readable if (!chmod($uploadFile, 0644)) { - http_response_code(500); - throw new Exception( + http_response_code(500); + throw new Exception( 'Failed to change file permissions', 500 ); // HTTP status code "500 Internal Server Error" } // Add it to the database - if(LOG_IP == 'yes'){ + if(LOG_IP == 'true'){ $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)'); - }else{ + } else { $ip = '0'; $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)'); - } + } + // Common parameters binding $q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR); $q->bindValue(':orig', strip_tags($file->name), PDO::PARAM_STR); $q->bindValue(':name', $newname, PDO::PARAM_STR); $q->bindValue(':size', $file->size, PDO::PARAM_INT); - $q->bindValue(':date', time(), PDO::PARAM_INT); + $q->bindValue(':date', time(), PDO::PARAM_STR); $q->bindValue(':ip', $ip, PDO::PARAM_STR); $q->execute(); - return array( + return [ 'hash' => $file->getSha1(), 'name' => $file->name, 'url' => UGUU_URL.rawurlencode($newname), 'size' => $file->size, - ); + ]; } /** * Reorder files array by file. * - * @param $_FILES - * * @return array */ function diverseArray($files) { - $result = array(); + $result = []; foreach ($files as $key1 => $value1) { foreach ($value1 as $key2 => $value2) { @@ -176,13 +198,11 @@ function diverseArray($files) /** * Reorganize the $_FILES array into something saner. * - * @param $_FILES - * * @return array */ function refiles($files) { - $result = array(); + $result = []; $files = diverseArray($files); foreach ($files as $file) {