* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
-require_once 'Settings.class.php';
+require_once 'includes/Upload.class.php';
-class Database extends Settings
-{
-public $db;
- public function __construct()
- {
- $this->db = new PDO($this->DB_CONN, $this->DB_USER, $this->DB_PASS);
+use Core\Response as Response;
+
+if (isset($_FILES['files'])) {
+ $uploads = (new Upload())->reFiles($_FILES['files']);
+
+ foreach ($uploads as $upload) {
+ $res[] = (new Upload())->uploadFile($upload);
+ }
+
+ if (isset($res)) {
+ (new Response())->returnSuccess($res);
+ } else {
+ (new Response())->returnError(400, 'No input file(s)', 'N/A');
}
}
\ No newline at end of file
+++ /dev/null
-<?php
-/*
- * Uguu
- *
- * @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-namespace Core {
-
- /**
- * @property mixed $DB_CONN
- */
- class Settings
- {
-
- public $DB_MODE;
- public $DB_PATH;
- public $DB_USER;
- public $DB_PASS;
-
- public $LOG_IP;
- public $ANTI_DUPE;
- public $BLACKLIST_DB;
- public $FILTER_MODE;
-
- public $FILES_ROOT;
- public $FILES_RETRIES;
-
- public $SSL;
- public $URL;
-
- public $NAME_LENGTH;
- public $ID_CHARSET;
- public $BLOCKED_EXTENSIONS;
- public $BLOCKED_MIME;
- public $DOUBLE_DOTS;
-
- public function __constructSettings()
- {
- $settings_array = json_decode(file_get_contents('/Users/go.johansson/PERSONAL_REPOS/Uguu/dist.json'), true);
- $this->DB_MODE = $settings_array['DB_MODE'];
- $this->DB_PATH = $settings_array['DB_PATH'];
- $this->DB_USER = $settings_array['DB_USER'];
- $this->DB_PASS = $settings_array['DB_PASS'];
- $this->LOG_IP = $settings_array['LOG_IP'];
- $this->ANTI_DUPE = $settings_array['ANTI_DUPE'];
- $this->BLACKLIST_DB = $settings_array['BLACKLIST_DB'];
- $this->FILTER_MODE = $settings_array['FILTER_MODE'];
- $this->FILES_ROOT = $settings_array['FILES_ROOT'];
- $this->FILES_RETRIES = $settings_array['FILES_RETRIES'];
- $this->SSL = $settings_array['SSL'];
- $this->URL = $settings_array['URL'];
- $this->NAME_LENGTH = $settings_array['NAME_LENGTH'];
- $this->ID_CHARSET = $settings_array['ID_CHARSET'];
- $this->BLOCKED_EXTENSIONS = $settings_array['BLOCKED_EXTENSIONS'];
- $this->BLOCKED_MIME = $settings_array['BLOCKED_MIME'];
- $this->DOUBLE_DOTS = $settings_array['DOUBLE_DOTS'];
- }
- }
-
- class Database extends Settings
- {
- public $DB;
-
- public function __constructDB()
- {
- $this->DB = new PDO($this->DB_MODE.':'.$this->DB_PATH, $this->DB_USER, $this->DB_PASS);
- }
- }
-}
\ No newline at end of file
+++ /dev/null
-<?php
-/**
- * The Response class is a do-it-all for getting responses out in different
- * formats.
- *
- * @todo Create sub-classes to split and extend this god object.
- */
-class Response
-{
- /**
- * Indicates response type used for routing.
- *
- * Valid strings are 'csv', 'html', 'json' and 'text'.
- *
- * @var string Response type
- */
- private $type;
-
- /**
- * Indicates requested response type.
- *
- * Valid strings are 'csv', 'html', 'json', 'gyazo' and 'text'.
- *
- * @param string|null $response_type Response type
- */
- public function __construct($response_type = null)
- {
- switch ($response_type) {
- case 'csv':
- header('Content-Type: text/csv; charset=UTF-8');
- $this->type = $response_type;
- break;
- case 'html':
- header('Content-Type: text/html; charset=UTF-8');
- $this->type = $response_type;
- break;
- case 'json':
- header('Content-Type: application/json; charset=UTF-8');
- $this->type = $response_type;
- break;
- case 'gyazo':
- header('Content-Type: text/plain; charset=UTF-8');
- $this->type = 'text';
- break;
- case 'text':
- header('Content-Type: text/plain; charset=UTF-8');
- $this->type = $response_type;
- break;
- default:
- header('Content-Type: application/json; charset=UTF-8');
- $this->type = 'json';
- $this->error(400, 'Invalid response type. Valid options are: csv, html, json, text.');
- break;
- }
- }
-
- /**
- * Routes error messages depending on response type.
- *
- * @param int $code HTTP status code number
- * @param int $desc descriptive error message
- *
- * @return void
- */
- public function error($code, $desc)
- {
- $response = null;
-
- switch ($this->type) {
- case 'csv':
- $response = $this->csvError($desc);
- break;
- case 'html':
- $response = $this->htmlError($code, $desc);
- break;
- case 'json':
- $response = $this->jsonError($code, $desc);
- break;
- case 'text':
- $response = $this->textError($code, $desc);
- break;
- }
-
- //http_response_code(500); // "500 Internal Server Error"
- echo $response;
- }
-
- /**
- * Routes success messages depending on response type.
- *
- * @param mixed[] $files
- *
- * @return void
- */
- public function send($files)
- {
- $response = null;
-
- switch ($this->type) {
- case 'csv':
- $response = $this->csvSuccess($files);
- break;
- case 'html':
- $response = $this->htmlSuccess($files);
- break;
- case 'json':
- $response = $this->jsonSuccess($files);
- break;
- case 'text':
- $response = $this->textSuccess($files);
- break;
- }
-
- http_response_code(200); // "200 OK". Success.
- echo $response;
- }
-
- /**
- * Indicates with CSV body the request was invalid.
- *
- * @deprecated 2.1.0 Will be renamed to camelCase format.
- *
- * @param int $description descriptive error message
- *
- * @return string error message in CSV format
- */
- private static function csvError($description)
- {
- return '"error"'."\r\n"."\"$description\""."\r\n";
- }
-
- /**
- * Indicates with CSV body the request was successful.
- *
- * @deprecated 2.1.0 Will be renamed to camelCase format.
- *
- * @param mixed[] $files
- *
- * @return string success message in CSV format
- */
- private static function csvSuccess($files)
- {
- $result = '"name","url","hash","size"'."\r\n";
- foreach ($files as $file) {
- $result .= '"'.$file['name'].'"'.','.
- '"'.$file['url'].'"'.','.
- '"'.$file['hash'].'"'.','.
- '"'.$file['size'].'"'."\r\n";
- }
-
- return $result;
- }
-
- /**
- * Indicates with HTML body the request was invalid.
- *
- * @deprecated 2.1.0 Will be renamed to camelCase format.
- *
- * @param int $code HTTP status code number
- * @param int $description descriptive error message
- *
- * @return string error message in HTML format
- */
- private static function htmlError($code, $description)
- {
- return '<p>ERROR: ('.$code.') '.$description.'</p>';
- }
-
- /**
- * Indicates with HTML body the request was successful.
- *
- * @deprecated 2.1.0 Will be renamed to camelCase format.
- *
- * @param mixed[] $files
- *
- * @return string success message in HTML format
- */
- private static function htmlSuccess($files)
- {
- $result = '';
-
- foreach ($files as $file) {
- $result .= '<a href="'.$file['url'].'">'.$file['url'].'</a><br>';
- }
-
- return $result;
- }
-
- /**
- * Indicates with JSON body the request was invalid.
- *
- * @deprecated 2.1.0 Will be renamed to camelCase format.
- *
- * @param int $code HTTP status code number
- * @param int $description descriptive error message
- *
- * @return string error message in pretty-printed JSON format
- */
- private static function jsonError($code, $description)
- {
- return json_encode([
- 'success' => false,
- 'errorcode' => $code,
- 'description' => $description,
- ], JSON_PRETTY_PRINT);
- }
-
- /**
- * Indicates with JSON body the request was successful.
- *
- * @deprecated 2.1.0 Will be renamed to camelCase format.
- *
- * @param mixed[] $files
- *
- * @return string success message in pretty-printed JSON format
- */
- private static function jsonSuccess($files)
- {
- return json_encode([
- 'success' => true,
- 'files' => $files,
- ], JSON_PRETTY_PRINT);
- }
-
- /**
- * Indicates with plain text body the request was invalid.
- *
- * @deprecated 2.1.0 Will be renamed to camelCase format.
- *
- * @param int $code HTTP status code number
- * @param int $description descriptive error message
- *
- * @return string error message in plain text format
- */
- private static function textError($code, $description)
- {
- return 'ERROR: ('.$code.') '.$description;
- }
-
- /**
- * Indicates with plain text body the request was successful.
- *
- * @deprecated 2.1.0 Will be renamed to camelCase format.
- *
- * @param mixed[] $files
- *
- * @return string success message in plain text format
- */
- private static function textSuccess($files)
- {
- $result = '';
-
- foreach ($files as $file) {
- $result .= $file['url']."\n";
- }
-
- return $result;
- }
-}
+++ /dev/null
-<?php
-/*
- * Uguu
- *
- * @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-require_once 'Database.class.php';
-
-class Upload extends Database, errorReport
-{
- public $FILE_NAME;
- public $FILE_EXTENSION;
- public $FILE_MIME;
-
- public $NEW_NAME;
- public $NEW_NAME_FULL;
-
- public function fileInfo ($file)
- {
- if (isset($_FILES['files'])) {
- $this->FILE_NAME = '';
- $this->FILE_NAME = $file->name;
- $finfo = finfo_open(FILEINFO_MIME_TYPE);
- $this->FILE_MIME = finfo_file($finfo, $file->tempfile);
- finfo_close($finfo);
-
- // Check if extension is a double-dot extension and, if true, override $ext
- foreach ($this->DOUBLE_DOTS as $ddot) {
- if (stripos(strrev($this->FILE_NAME), $ddot) === 0) {
- $this->FILE_EXTENSION = strrev($ddot);
- } else {
- $this->FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION);
- }
- }
- }
- }
-
-public function checkFileBlacklist ($hash){
- $q = $this->db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
- $q->bindValue(':hash', $hash, PDO::PARAM_STR);
- $q->execute();
- $result = $q->fetch();
- if ($result['count'] > 0) {
- http_response_code(415);
- throw new Exception(
- 'File blacklisted!',
- 415
- );
- exit(0);
- }
-}
-
-public function checkExtensionBlacklist($ext){
- //Check if EXT is blacklisted
- if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
- http_response_code(415);
- throw new Exception(
- 'File type not allowed!',
- 415
- );
- exit(0);
- }
-}
-
-public function checkMimeBlacklist($mime){
- //check if MIME is blacklisted
- if (in_array($mime, unserialize($this->BLOCKED_MIME))) {
- http_response_code(415);
- throw new Exception(
- 'File type not allowed!',
- 415
- );
- exit(0);
- }
-}
-
- public function generateName($file)
- {
- $this->fileInfo($file);
- $error = new
- do {
- // Iterate until we reach the maximum number of retries
- if ($this->FILES_RETRIES-- === 0) {
- $error->throwError('500', 'Gave up trying to find an unused name', true);
- }
-
-
-
-
- for ($i = 0; $i < $this->NAME_LENGTH; ++$i) {
- $this->NEW_NAME .= $this->ID_CHARSET[mt_rand(0, strlen($this->ID_CHARSET))];
- }
-
- // Add the extension to the file name
- if (isset($this->FILE_EXTENSION) && $this->FILE_EXTENSION !== '') {
- $this->NEW_NAME_FULL = $this->NEW_NAME.'.'.$this->FILE_EXTENSION;
- }
-
- // Check if the file hash is blacklisted
- if($this->BLACKLIST_DB){
- $this->checkFileBlacklist($file->getSha1());
- }
-
- // Check if extension or mime is blacklisted
- if($this->FILTER_MODE) {
- $this->checkMimeBlacklist($this->FILE_MIME);
- $this->checkExtensionBlacklist($this->FILE_EXTENSION);
- }
-
- // Check if a file with the same name does already exist in the database
- $q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
- $q->bindValue(':name', $name, PDO::PARAM_STR);
- $q->execute();
- $result = $q->fetchColumn();
- // If it does, generate a new name
- } while ($result > 0);
-
- return $name;
- }
-}
\ No newline at end of file
+++ /dev/null
-<?php
-
-/**
- * Returns a human readable error description for file upload errors.
- *
- * @author Dan Brown <danbrown@php.net>
- * @author Michiel Thalen
- * @copyright Copyright © 1997 - 2016 by the PHP Documentation Group
- * @license
- * UploadException is licensed under a Creative Commons Attribution 3.0 License
- * or later.
- *
- * Based on a work at
- * https://secure.php.net/manual/en/features.file-upload.errors.php#89374.
- *
- * You should have received a copy of the Creative Commons Attribution 3.0
- * License with this program. If not, see
- * <https://creativecommons.org/licenses/by/3.0/>.
- */
-
-
-class UploadException extends Exception
-{
- public function __construct($code)
- {
- $message = $this->codeToMessage($code);
- parent::__construct($message, 500);
- }
-
- private function codeToMessage($code)
- {
- switch ($code) {
- case UPLOAD_ERR_INI_SIZE:
- $message = 'The uploaded file exceeds the upload_max_filesize directive in php.ini';
- break;
- case UPLOAD_ERR_FORM_SIZE:
- $message = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was '.
- 'specified in the HTML form';
- break;
- case UPLOAD_ERR_PARTIAL:
- $message = 'The uploaded file was only partially uploaded';
- break;
- case UPLOAD_ERR_NO_FILE:
- $message = 'No file was uploaded';
- break;
- case UPLOAD_ERR_NO_TMP_DIR:
- $message = 'Missing a temporary folder';
- break;
- case UPLOAD_ERR_CANT_WRITE:
- $message = 'Failed to write file to disk';
- break;
- case UPLOAD_ERR_EXTENSION:
- $message = 'File upload stopped by extension';
- break;
-
- default:
- $message = 'Unknown upload error';
- break;
- }
-
- return $message;
- }
-}
+++ /dev/null
-<?php
-
-class UploadedFile
-{
- /* Public attributes */
- public $name;
- public $mime;
- public $size;
- public $tempfile;
- public $error;
-
- /**
- * SHA-1 checksum
- *
- * @var string 40 digit hexadecimal hash (160 bits)
- */
- private $sha1;
-
- /**
- * Generates the SHA-1 or returns the cached SHA-1 hash for the file.
- *
- * @return string|false $sha1
- */
- public function getSha1()
- {
- if (!$this->sha1) {
- $this->sha1 = sha1_file($this->tempfile);
- }
-
- return $this->sha1;
- }
-}
+++ /dev/null
-<?php
-/*
- * Uguu
- *
- * @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-class errorReport
-{
-
-}
\ No newline at end of file