X-Git-Url: https://jfr.im/git/uguu.git/blobdiff_plain/b1d3139a77a3d0cf02bb23ab94fbf2b2894ad7d9..d90f9e58e900128fe1920ef780c6018d7dcb11b6:/static/php/upload.php diff --git a/static/php/upload.php b/static/php/upload.php index 879d68d..23200cc 100644 --- a/static/php/upload.php +++ b/static/php/upload.php @@ -1,6 +1,7 @@ name, PATHINFO_EXTENSION); - //Get mime + + //Get MIME $finfo = finfo_open(FILEINFO_MIME_TYPE); $type_mime = finfo_file($finfo, $file->tempfile); finfo_close($finfo); @@ -37,6 +43,7 @@ function generateName($file) do { // Iterate until we reach the maximum number of retries if ($tries-- === 0) { + http_response_code(500); throw new Exception( 'Gave up trying to find an unused name', 500 @@ -54,15 +61,16 @@ function generateName($file) $name .= '.'.$ext; } - //Check if mime is blacklisted + //Check if MIME is blacklisted if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) { - throw new Exception('Extension type not allowed.'); + http_response_code(415); + throw new UploadException(UPLOAD_ERR_EXTENSION); exit(0); } - //Check if EXT is blacklisted if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) { - throw new Exception('Extension type not allowed.'); + http_response_code(415); + throw new UploadException(UPLOAD_ERR_EXTENSION); exit(0); } @@ -95,6 +103,31 @@ function uploadFile($file) throw new UploadException($file->error); } + //fixes a bug + $lol = $file->getSha1(); + + // Check if a file with the same hash and size (a file which is the same) + // does already exist in the database; if it does, return the proper link + // and data. PHP deletes the temporary file just uploaded automatically. + if(ANTI_DUPE == 'true'){ + $q = $db->prepare('SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash) AND size = (:size)'); + $q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR); + $q->bindValue(':size', $file->size, PDO::PARAM_INT); + $q->execute(); + $result = $q->fetch(); + if ($result['count'] > 0) { + return [ + 'hash' => $file->getSha1(), + 'name' => $file->name, + 'url' => UGUU_URL.rawurlencode($result['filename']), + 'size' => $file->size, + ]; + } +} + + // Get IP + $ip = $_SERVER['REMOTE_ADDR']; + // Generate a name for the file $newname = generateName($file); @@ -103,6 +136,7 @@ function uploadFile($file) // Attempt to move it to the static directory if (!move_uploaded_file($file->tempfile, $uploadFile)) { + http_response_code(500); throw new Exception( 'Failed to move file to destination', 500 @@ -111,6 +145,7 @@ function uploadFile($file) // Need to change permissions for the new file to make it world readable if (!chmod($uploadFile, 0644)) { + http_response_code(500); throw new Exception( 'Failed to change file permissions', 500 @@ -118,14 +153,20 @@ function uploadFile($file) } // Add it to the database - $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date) VALUES (:hash, :orig, :name, :size, :date)'); + if(LOG_IP == 'true'){ + $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)'); + } else { + $ip = '0'; + $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)'); + } // Common parameters binding $q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR); $q->bindValue(':orig', strip_tags($file->name), PDO::PARAM_STR); $q->bindValue(':name', $newname, PDO::PARAM_STR); $q->bindValue(':size', $file->size, PDO::PARAM_INT); - $q->bindValue(':date', time(), PDO::PARAM_INT); + $q->bindValue(':date', time(), PDO::PARAM_STR); + $q->bindValue(':ip', $ip, PDO::PARAM_STR); $q->execute(); return [