forked from KeyAuth/KeyAuth-Source-Code
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupload.php
More file actions
77 lines (66 loc) · 2.23 KB
/
upload.php
File metadata and controls
77 lines (66 loc) · 2.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<?php
namespace misc\upload;
use misc\etc;
use misc\cache;
use misc\mysql;
function add($url, $authed, $secret = null)
{
$url = etc\sanitize($url);
$authed = etc\sanitize($authed);
if (!filter_var($url, FILTER_VALIDATE_URL)) {
return 'invalid';
}
if(str_contains($url, "localhost") || str_contains($url, "127.0.0.1") || str_contains($url, "file:/"))
return 'no_local';
$file = file_get_contents($url);
$filesize = strlen($file);
if ($filesize > 10000000 && $_SESSION['role'] == "tester") {
return 'tester_file_exceed';
} else if ($filesize > 50000000 && ($_SESSION['role'] == "developer" || $_SESSION['role'] == "Manager")) {
return 'dev_file_exceed';
} else if ($filesize > 75000000) {
return 'seller_file_exceed';
}
$id = etc\generateRandomNum();
$fn = basename($url);
$fs = etc\formatBytes($filesize);
if (strlen($fn) > 49) {
return 'name_too_large';
}
$query = mysql\query("INSERT INTO `files` (name, id, url, size, uploaddate, app, authed) VALUES (?, ?, ?, ?, ?, ?, ?)", [$fn, $id, $url, $fs, time(), $secret ?? $_SESSION['app'], $authed]);
if ($query->affected_rows > 0) {
if ($_SESSION['role'] == "seller" || !is_null($secret)) {
cache\purge('KeyAuthFiles:' . ($secret ?? $_SESSION['app']));
}
return 'success';
} else {
return 'failure';
}
}
function deleteAll($secret = null)
{
$query = mysql\query("DELETE FROM `files` WHERE `app` = ?", [$secret ?? $_SESSION['app']]);
if ($query->affected_rows > 0) {
cache\purgePattern('KeyAuthFile:' . ($secret ?? $_SESSION['app']));
if ($_SESSION['role'] == "seller" || !is_null($secret)) {
cache\purge('KeyAuthFiles:' . ($secret ?? $_SESSION['app']));
}
return 'success';
} else {
return 'failure';
}
}
function deleteSingular($file, $secret = null)
{
$file = etc\sanitize($file);
$query = mysql\query("DELETE FROM `files` WHERE `app` = ? AND `id` = ?", [$secret ?? $_SESSION['app'], $file]);
if ($query->affected_rows > 0) {
cache\purge('KeyAuthFile:' . ($secret ?? $_SESSION['app']) . ':' . $file);
if ($_SESSION['role'] == "seller" || !is_null($secret)) {
cache\purge('KeyAuthFiles:' . ($secret ?? $_SESSION['app']));
}
return 'success';
} else {
return 'failure';
}
}