Nemcio/Anonupload
1
0
Fork 0
mirror of https://github.com/Supernova3339/anonupload.git synced 2026-02-26 08:10:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply fixes from StyleCI

Browse Source
This commit is contained in:
StyleCI Bot
2023-01-19 17:45:32 +00:00
parent b2f0fedce4
commit edfec973b8
16 changed files with 495 additions and 491 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
admin/captcha.php
View File

@@ -1,40 +1,40 @@
<?php
session_start();
// Generate random 6 character string
$captcha_code = substr(str_shuffle('01234567890123456789abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz'), 0, 6);
// Update the session variable
$_SESSION['captcha'] = $captcha_code;
// Create the image canvas - width: 150px; height: 50px;
$final_image = imagecreate(150, 50);
// Background color (RGBA)
$rgba = [241, 245, 248, 0];
// Set the background color
$image_bg_color = imagecolorallocatealpha($final_image, 241, 245, 248, 0);
// Convert the captcha text to an array
$captcha_code_chars = str_split($captcha_code);
// Iterate the above array
for($i = 0; $i < count($captcha_code_chars); $i++) {
// Create the character image canvas
$char_small = imagecreate(130, 16);
$char_large = imagecreate(130, 16);
// Character background color
$char_bg_color = imagecolorallocate($char_small, 241, 245, 248);
// Character color
$char_color = imagecolorallocate($char_small, rand(80,180), rand(80,180), rand(80, 180));
// Draw the character on the canvas
imagestring($char_small, 1, 1, 0, $captcha_code_chars[$i], $char_color);
// Copy the image and enlarge it
imagecopyresampled($char_large, $char_small, 0, 0, 0, 0, rand(250, 400), 16, 84, 8);
// Rotate the character image
$char_large = imagerotate($char_large, rand(-6,6), 0);
// Add the character image to the main canvas
imagecopymerge($final_image, $char_large, 20 + (20 * $i), 15, 0, 0, imagesx($char_large), imagesy($char_large), 70);
// Destroy temporary canvases
imagedestroy($char_small);
imagedestroy($char_large);
}
// Output the created image
header('Content-type: image/png');
imagepng($final_image);
imagedestroy($final_image);
?>
<?php
session_start();
// Generate random 6 character string
$captcha_code = substr(str_shuffle('01234567890123456789abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz'), 0, 6);
// Update the session variable
$_SESSION['captcha'] = $captcha_code;
// Create the image canvas - width: 150px; height: 50px;
$final_image = imagecreate(150, 50);
// Background color (RGBA)
$rgba = [241, 245, 248, 0];
// Set the background color
$image_bg_color = imagecolorallocatealpha($final_image, 241, 245, 248, 0);
// Convert the captcha text to an array
$captcha_code_chars = str_split($captcha_code);
// Iterate the above array
for ($i = 0; $i < count($captcha_code_chars); $i++) {
// Create the character image canvas
$char_small = imagecreate(130, 16);
$char_large = imagecreate(130, 16);
// Character background color
$char_bg_color = imagecolorallocate($char_small, 241, 245, 248);
// Character color
$char_color = imagecolorallocate($char_small, rand(80, 180), rand(80, 180), rand(80, 180));
// Draw the character on the canvas
imagestring($char_small, 1, 1, 0, $captcha_code_chars[$i], $char_color);
// Copy the image and enlarge it
imagecopyresampled($char_large, $char_small, 0, 0, 0, 0, rand(250, 400), 16, 84, 8);
// Rotate the character image
$char_large = imagerotate($char_large, rand(-6, 6), 0);
// Add the character image to the main canvas
imagecopymerge($final_image, $char_large, 20 + (20 * $i), 15, 0, 0, imagesx($char_large), imagesy($char_large), 70);
// Destroy temporary canvases
imagedestroy($char_small);
imagedestroy($char_large);
}
// Output the created image
header('Content-type: image/png');
imagepng($final_image);
imagedestroy($final_image);

59
admin/check.php
View File

@@ -1,37 +1,40 @@
<?php
// Get Configuration
require '../system/config.php';
// Get Dashboard URL
$url = $file_url_destination."/admin/dashboard";
// (A) START SESSION
$url = $file_url_destination.'/admin/dashboard';
// (A) START SESSION
session_start();
// (B) HANDLE LOGIN
if (isset($_POST["user"]) && !isset($_SESSION["user"])) {
// (B1) USERS & PASSWORDS - SET YOUR OWN !
$users = [
email => password // USER AND PASSWORD PULLED FROM CONFIGURATION FILE
];
// (B2) CHECK & VERIFY
if (isset($users[$_POST["user"]])) {
// check captcha
if ($_SESSION['captcha'] !== $_POST['captcha']) {
header("Location: ?capfail");
exit(0);
}
// end captcha
if ($users[$_POST["user"]] == $_POST["password"]) {
$_SESSION["user"] = $_POST["user"];
if (isset($_POST['user']) && !isset($_SESSION['user'])) {
// (B1) USERS & PASSWORDS - SET YOUR OWN !
$users = [
email => password, // USER AND PASSWORD PULLED FROM CONFIGURATION FILE
];
// (B2) CHECK & VERIFY
if (isset($users[$_POST['user']])) {
// check captcha
if ($_SESSION['captcha'] !== $_POST['captcha']) {
header('Location: ?capfail');
exit(0);
}
// end captcha
if ($users[$_POST['user']] == $_POST['password']) {
$_SESSION['user'] = $_POST['user'];
}
}
// (B3) FAILED LOGIN FLAG
if (!isset($_SESSION['user'])) {
$failed = true;
}
}
// (B3) FAILED LOGIN FLAG
if (!isset($_SESSION["user"])) { $failed = true; }
}
// (C) REDIRECT USER TO DASHBOARD IF SIGNED IN
if (isset($_SESSION["user"])) {
header("Location: dashboard"); // REDIRECT TO DASHBOARD
exit();
}
if (isset($_SESSION['user'])) {
header('Location: dashboard'); // REDIRECT TO DASHBOARD
exit();
}

132
admin/dashboard/files.php
View File

@@ -1,6 +1,6 @@
<?php
include 'main.php';
$dir = "../../files/";
$dir = '../../files/';
/*
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
@@ -34,95 +34,85 @@ if (isset($_GET['error_msg'])) {
if ($_GET['error_msg'] == 3) {
$error_msg = 'An Error Occured';
}
if ($_GET['error_msg'] == 4) {
if ($_GET['error_msg'] == 4) {
$error_msg = 'File path doesnt exist.';
}
if ($_GET['error_msg'] == 5) {
if ($_GET['error_msg'] == 5) {
$error_msg = 'File path not found.';
}
}
// filelist
function list_directory_files($dir) {
if (is_dir($dir)) {
if ($handle = opendir($dir)) {
while (($file = readdir($handle)) !== false) {
if ($file != "." && $file != ".." && $file != "Thumbs.db" && $file != "index.php") {
echo '<tr>';
echo '<td>';
echo $file;
echo '</td>';
echo '<td>';
echo '<a class="link1" href="?path='.$dir.''.$file.'">Download</a>';
echo '<a class="link1" href="?delete&file='.$dir.''.$file.'">Delete</a>';
echo '</td>';
echo '</tr>';
}
}
closedir($handle);
}
}
function list_directory_files($dir)
{
if (is_dir($dir)) {
if ($handle = opendir($dir)) {
while (($file = readdir($handle)) !== false) {
if ($file != '.' && $file != '..' && $file != 'Thumbs.db' && $file != 'index.php') {
echo '<tr>';
echo '<td>';
echo $file;
echo '</td>';
echo '<td>';
echo '<a class="link1" href="?path='.$dir.''.$file.'">Download</a>';
echo '<a class="link1" href="?delete&file='.$dir.''.$file.'">Delete</a>';
echo '</td>';
echo '</tr>';
}
}
closedir($handle);
}
}
}
// download file
if(isset($_GET['path']))
{
//Read the url
$url = $_GET['path'];
if (isset($_GET['path'])) {
//Read the url
$url = $_GET['path'];
//Clear the cache
clearstatcache();
//Clear the cache
clearstatcache();
//Check the file path exists or not
if(file_exists($url)) {
//Check the file path exists or not
if (file_exists($url)) {
//Define header information
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($url).'"');
header('Content-Length: ' . filesize($url));
header('Pragma: public');
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($url).'"');
header('Content-Length: '.filesize($url));
header('Pragma: public');
//Clear system output buffer
flush();
//Clear system output buffer
flush();
//Read the size of the file
readfile($url,true);
//Read the size of the file
readfile($url, true);
//Terminate from the script
die();
}
else{
// do nothing
}
//Terminate from the script
exit();
} else {
// do nothing
}
}
// do nothing
if(isset($_GET['delete'], $_GET['file'])){
$delfile = $_GET['file'];
/*
header("Location: $delfile");
*/
If (unlink($delfile)) {
// file was successfully deleted
header("Refresh:0 url=files.php?success_msg=1");
} else {
// there was a problem deleting the file
header("Refresh:0 url=files.php?error_msg=1");
if (isset($_GET['delete'], $_GET['file'])) {
$delfile = $_GET['file'];
/*
header("Location: $delfile");
*/
if (unlink($delfile)) {
// file was successfully deleted
header('Refresh:0 url=files.php?success_msg=1');
} else {
// there was a problem deleting the file
header('Refresh:0 url=files.php?error_msg=1');
}
}
}
?>
@@ -137,22 +127,22 @@ If (unlink($delfile)) {
</div>
<!-- Display Success Alert -->
<?php if (isset($success_msg)): ?>
<?php if (isset($success_msg)) { ?>
<div class="msg success">
<i class="fas fa-check-circle"></i>
<p><?=$success_msg?></p>
<i class="fas fa-times"></i>
</div>
<?php endif; ?>
<?php } ?>
<!-- Display Error Message -->
<?php if (isset($error_msg)): ?>
<?php if (isset($error_msg)) { ?>
<div class="msg error">
<i class="fa fa-exclamation-triangle"></i>
<p><?=$error_msg?></p>
<i class="fas fa-times"></i>
</div>
<?php endif; ?>
<?php } ?>
<div class="content-block">
<div class="table">

114
admin/dashboard/index.php
View File

@@ -11,74 +11,71 @@ error_reporting(E_ALL);
?>
<?php
$directory = "../.$file_url_destination./files/"; // dir location
if (glob($directory . "*.*") != false)
{
$filecount = count(glob($directory. "*.*" && $file != "index.php"));
if (glob($directory.'*.*') != false) {
$filecount = count(glob($directory.'*.*' && $file != 'index.php'));
}
// file size of upload dir
function folderSize($dir){
$count_size = 0;
$count = 0;
$dir_array = scandir($dir);
foreach($dir_array as $key=>$filename){
if($filename!=".." && $filename!="." && $filename!="index.php"){
if(is_dir($dir."/".$filename)){
$new_foldersize = foldersize($dir."/".$filename);
$count_size = $count_size+ $new_foldersize;
}else if(is_file($dir."/".$filename)){
$count_size = $count_size + filesize($dir."/".$filename);
$count++;
function folderSize($dir)
{
$count_size = 0;
$count = 0;
$dir_array = scandir($dir);
foreach ($dir_array as $key=>$filename) {
if ($filename != '..' && $filename != '.' && $filename != 'index.php') {
if (is_dir($dir.'/'.$filename)) {
$new_foldersize = foldersize($dir.'/'.$filename);
$count_size = $count_size + $new_foldersize;
} elseif (is_file($dir.'/'.$filename)) {
$count_size = $count_size + filesize($dir.'/'.$filename);
$count++;
}
}
}
}
return $count_size;
}
return $count_size;
}
// size converter
function sizeFormat($bytes){
$kb = 1024;
$mb = $kb * 1024;
$gb = $mb * 1024;
$tb = $gb * 1024;
function sizeFormat($bytes)
{
$kb = 1024;
$mb = $kb * 1024;
$gb = $mb * 1024;
$tb = $gb * 1024;
if (($bytes >= 0) && ($bytes < $kb)) {
return $bytes . ' B';
} elseif (($bytes >= $kb) && ($bytes < $mb)) {
return ceil($bytes / $kb) . ' KB';
} elseif (($bytes >= $mb) && ($bytes < $gb)) {
return ceil($bytes / $mb) . ' MB';
} elseif (($bytes >= $gb) && ($bytes < $tb)) {
return ceil($bytes / $gb) . ' GB';
} elseif ($bytes >= $tb) {
return ceil($bytes / $tb) . ' TB';
} else {
return $bytes . ' B';
}
if (($bytes >= 0) && ($bytes < $kb)) {
return $bytes.' B';
} elseif (($bytes >= $kb) && ($bytes < $mb)) {
return ceil($bytes / $kb).' KB';
} elseif (($bytes >= $mb) && ($bytes < $gb)) {
return ceil($bytes / $mb).' MB';
} elseif (($bytes >= $gb) && ($bytes < $tb)) {
return ceil($bytes / $gb).' GB';
} elseif ($bytes >= $tb) {
return ceil($bytes / $tb).' TB';
} else {
return $bytes.' B';
}
}
// get size of folders in a folder
// get size of folders in a folder
$plugin_count = count(glob('../../plugins/*', GLOB_ONLYDIR));
// Update checker
$PATCH_URL = 'https://raw.githubusercontent.com/Supernova3339/anonfiles/main/';
$version_filename = 'latest.txt?token=GHSAT0AAAAAAB4S7HM4SZGF7VWPABQO3KRSY5FDV4Q'; # REMOVE TOKEN
$version_filename = 'latest.txt?token=GHSAT0AAAAAAB4S7HM4SZGF7VWPABQO3KRSY5FDV4Q'; // REMOVE TOKEN
// Get version
$ch = curl_init($PATCH_URL . $version_filename);
$ch = curl_init($PATCH_URL.$version_filename);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$str = curl_exec($ch);
curl_close($ch);
$str = curl_exec($ch);
curl_close($ch);
$server_version = str_to_version_info($str);
$server_version = str_to_version_info($str);
?>
<?=template_admin_header('Dashboard', 'dashboard')?>
@@ -116,11 +113,11 @@ $version_filename = 'latest.txt?token=GHSAT0AAAAAAB4S7HM4SZGF7VWPABQO3KRSY5FDV4Q
<p>
<?=version?>
</p>
<?php
if($server_version > version){
echo '<p>update available</p>';
<?php
if ($server_version > version) {
echo '<p>update available</p>';
}
echo $server_version;
echo $server_version;
?>
</p>
</div>
@@ -130,11 +127,10 @@ $version_filename = 'latest.txt?token=GHSAT0AAAAAAB4S7HM4SZGF7VWPABQO3KRSY5FDV4Q
<br>
<?php if(plausibledatadomain&&plausibledomain&&plausibleembedtoken){
echo '
<iframe plausible-embed src="' . plausibledomain . '/share/' . plausibledatadomain . '?auth=' . plausibleembedtoken . '&embed=true&theme=light&background=%23EBECED" scrolling="no" frameborder="0" loading="lazy" style="width: 1px; min-width: 100%; height: 1600px;"></iframe>
<script async src="' . plausibledomain . '/js/embed.host.js"></script> ';
}
<?php if (plausibledatadomain && plausibledomain && plausibleembedtoken) {
echo '
<iframe plausible-embed src="'.plausibledomain.'/share/'.plausibledatadomain.'?auth='.plausibleembedtoken.'&embed=true&theme=light&background=%23EBECED" scrolling="no" frameborder="0" loading="lazy" style="width: 1px; min-width: 100%; height: 1600px;"></iframe>
<script async src="'.plausibledomain.'/js/embed.host.js"></script> ';
}
template_admin_footer();

59
admin/dashboard/main.php
View File

@@ -1,4 +1,5 @@
<?php
// Check if the user is logged-in
include_once '../protect.php';
// Read comfiguration file
@@ -6,31 +7,32 @@ include_once '../../system/config.php';
// Add/remove roles from the list
$roles_list = ['Admin', 'Member'];
// Logout User on '?logout' -->
if(isset($_GET['logout']))
{
if (isset($_GET['logout'])) {
logout();
}
// Logout Function -->
function logout(){
function logout()
{
session_destroy();
header("Location: ../");
header('Location: ../');
exit();
}
// Template admin header
function template_admin_header($title, $selected = 'dashboard', $selected_child = '') {
function template_admin_header($title, $selected = 'dashboard', $selected_child = '')
{
// Admin HTML links
$admin_links = '
<a href="index.php"' . ($selected == 'dashboard' ? ' class="selected"' : '') . '><i class="fas fa-tachometer-alt"></i>Dashboard</a>
<a href="files.php"' . ($selected == 'files' ? ' class="selected"' : '') . '><i class="fas fa-file-alt"></i>Files</a>
<a href="settings.php"' . ($selected == 'settings' ? ' class="selected"' : '') . '><i class="fas fa-tools"></i>Settings</a>
<a href="index.php"'.($selected == 'dashboard' ? ' class="selected"' : '').'><i class="fas fa-tachometer-alt"></i>Dashboard</a>
<a href="files.php"'.($selected == 'files' ? ' class="selected"' : '').'><i class="fas fa-file-alt"></i>Files</a>
<a href="settings.php"'.($selected == 'settings' ? ' class="selected"' : '').'><i class="fas fa-tools"></i>Settings</a>
<div class="footer">
<a href="https://github.com/supernova3339/anonfiles" target="_blank">AnonFiles</a>
Version ' . version . '
Version '.version.'
</div>
';
// Indenting the below code may cause an error
echo <<<EOT
echo <<<EOT
<!DOCTYPE html>
<html>
<head>
@@ -57,9 +59,10 @@ echo <<<EOT
EOT;
}
// Template admin footer
function template_admin_footer() {
function template_admin_footer()
{
// Indenting the below code may cause an error
echo <<<EOT
echo <<<EOT
</main>
<script>
let aside = document.querySelector("aside"), main = document.querySelector("main"), header = document.querySelector("header");
@@ -129,29 +132,33 @@ echo <<<EOT
EOT;
}
// Convert date to elapsed string function
function time_elapsed_string($datetime, $full = false) {
$now = new DateTime;
function time_elapsed_string($datetime, $full = false)
{
$now = new DateTime();
$ago = new DateTime($datetime);
$diff = $now->diff($ago);
$diff->w = floor($diff->d / 7);
$diff->d -= $diff->w * 7;
$string = ['y' => 'year','m' => 'month','w' => 'week','d' => 'day','h' => 'hour','i' => 'minute','s' => 'second'];
$string = ['y' => 'year', 'm' => 'month', 'w' => 'week', 'd' => 'day', 'h' => 'hour', 'i' => 'minute', 's' => 'second'];
foreach ($string as $k => &$v) {
if ($diff->$k) {
$v = $diff->$k . ' ' . $v . ($diff->$k > 1 ? 's' : '');
$v = $diff->$k.' '.$v.($diff->$k > 1 ? 's' : '');
} else {
unset($string[$k]);
}
}
if (!$full) $string = array_slice($string, 0, 1);
return $string ? implode(', ', $string) . ' ago' : 'just now';
if (!$full) {
$string = array_slice($string, 0, 1);
}
return $string ? implode(', ', $string).' ago' : 'just now';
}
function str_to_version_info($string)
{
$latest_version = FALSE;
if (preg_match('/^\s*?(\d+\.\d+\.\d+)/i', $string, $match)) {
$latest_version = $match[1];
}
return $latest_version;
}
?>
{
$latest_version = false;
if (preg_match('/^\s*?(\d+\.\d+\.\d+)/i', $string, $match)) {
$latest_version = $match[1];
}
return $latest_version;
}

27
admin/dashboard/settings.php
View File

@@ -5,27 +5,32 @@ $file = '../../system/config.php';
// Open the configuration file for reading
$contents = file_get_contents($file);
// Format key function
function format_key($key) {
function format_key($key)
{
$key = str_replace(['_', 'url', 'db ', ' pass', ' user'], [' ', 'URL', 'Database ', ' Password', ' Username'], strtolower($key));
return ucwords($key);
}
// Format HTML output function
function format_var_html($key, $value) {
function format_var_html($key, $value)
{
$html = '';
$type = 'text';
$value = htmlspecialchars(trim($value, '\''), ENT_QUOTES);
$type = strpos($key, 'pass') !== false ? 'password' : $type;
$type = in_array(strtolower($value), ['true', 'false']) ? 'checkbox' : $type;
$checked = strtolower($value) == 'true' ? ' checked' : '';
$html .= '<label for="' . $key . '">' . format_key($key) . '</label>';
$html .= '<label for="'.$key.'">'.format_key($key).'</label>';
if ($type == 'checkbox') {
$html .= '<input type="hidden" name="' . $key . '" value="false">';
$html .= '<input type="hidden" name="'.$key.'" value="false">';
}
$html .= '<input type="' . $type . '" name="' . $key . '" id="' . $key . '" value="' . $value . '" placeholder="' . format_key($key) . '"' . $checked . '>';
$html .= '<input type="'.$type.'" name="'.$key.'" id="'.$key.'" value="'.$value.'" placeholder="'.format_key($key).'"'.$checked.'>';
return $html;
}
// Format form
function format_form($contents) {
function format_form($contents)
{
$rows = explode("\n", $contents);
echo '<div class="tab-content active">';
for ($i = 0; $i < count($rows); $i++) {
@@ -37,14 +42,14 @@ function format_form($contents) {
if ($match) {
echo format_var_html($match[1], $match[2]);
}
}
}
echo '</div>';
}
if (!empty($_POST)) {
// Update the configuration file with the new keys and values
foreach ($_POST as $k => $v) {
$v = in_array(strtolower($v), ['true', 'false']) ? strtolower($v) : '\'' . $v . '\'';
$contents = preg_replace('/define\(\'' . $k . '\'\, ?(.*?)\)/s', 'define(\'' . $k . '\',' . $v . ')', $contents);
$v = in_array(strtolower($v), ['true', 'false']) ? strtolower($v) : '\''.$v.'\'';
$contents = preg_replace('/define\(\''.$k.'\'\, ?(.*?)\)/s', 'define(\''.$k.'\','.$v.')', $contents);
}
file_put_contents('../../system/config.php', $contents);
header('Location: settings.php?success_msg=1');
@@ -62,13 +67,13 @@ if (isset($_GET['success_msg'])) {
<h2>Settings</h2>
<?php if (isset($success_msg)): ?>
<?php if (isset($success_msg)) { ?>
<div class="msg success">
<i class="fas fa-check-circle"></i>
<p><?=$success_msg?></p>
<i class="fas fa-times"></i>
</div>
<?php endif; ?>
<?php } ?>

4
admin/index.php
View File

@@ -1,6 +1,6 @@
<?php
// (A) LOGIN CHECKS
require "check.php";
require 'check.php';
?>
<head>
<title>Login</title>
@@ -53,7 +53,7 @@ require "check.php";
</div>
<?php } ?>
<!-- invalid captcha -->
<?php if (isset($_GET["capfail"])) { ?>
<?php if (isset($_GET['capfail'])) { ?>
<div class="alert alert-danger shadow" data-dismiss="alert" role="alert" style="border-left:#721C24 5px solid; border-radius: 0px">
<button type="button" class="close" data-dismiss="alert" aria-label="Close">

17
admin/protect.php
View File

@@ -1,12 +1,15 @@
<?php
// (A) START SESSION
session_start();
// (B) LOGOUT REQUEST
if (isset($_POST["logout"])) { unset($_SESSION["user"]); }
if (isset($_POST['logout'])) {
unset($_SESSION['user']);
}
// (C) REDIRECT TO LOGIN PAGE IF NOT LOGGED IN
if (!isset($_SESSION["user"])) {
header("Location: ../");
exit();
}
if (!isset($_SESSION['user'])) {
header('Location: ../');
exit();
}

18
api.php
View File

@@ -4,17 +4,17 @@
$code = isset($_GET['code']) ? $_GET['code'] : '';
// If the code isn't in the correct format, CloudFlare will throw a 1020
if (!preg_match("/^([a-f0-9]{8})-(([a-f0-9]{4})-){3}([a-f0-9]{12}) *$/i", $code)) {
http_response_code(403);
echo "error code: 1020";
die;
if (!preg_match('/^([a-f0-9]{8})-(([a-f0-9]{4})-){3}([a-f0-9]{12}) *$/i', $code)) {
http_response_code(403);
echo 'error code: 1020';
exit;
}
header('Content-Type: application/json; charset=utf-8');
// Handle valid codes
if ($code == "86781236-23d0-4b3c-7dfa-c1c147e0dece") {
echo <<<EOD
if ($code == '86781236-23d0-4b3c-7dfa-c1c147e0dece') {
echo <<<'EOD'
{
"amount": "19.84",
"sold_at": "2016-09-07T10:54:28+10:00",
@@ -38,11 +38,11 @@ EOD;
// Handle invalid codes
else {
http_response_code(404);
echo <<<EOD
http_response_code(404);
echo <<<'EOD'
{
"error": 404,
"description": "No sale belonging to the current user found with that code"
}
EOD;
}
}

64
download.php
View File

@@ -1,29 +1,26 @@
<?php
require_once(__DIR__ . '/system/core.class.php');
<?php
require_once __DIR__.'/system/core.class.php';
// size convertor
function sizeFormat($bytes){
$kb = 1024;
$mb = $kb * 1024;
$gb = $mb * 1024;
$tb = $gb * 1024;
function sizeFormat($bytes)
{
$kb = 1024;
$mb = $kb * 1024;
$gb = $mb * 1024;
$tb = $gb * 1024;
if (($bytes >= 0) && ($bytes < $kb)) {
return $bytes . ' B';
} elseif (($bytes >= $kb) && ($bytes < $mb)) {
return ceil($bytes / $kb) . ' KB';
} elseif (($bytes >= $mb) && ($bytes < $gb)) {
return ceil($bytes / $mb) . ' MB';
} elseif (($bytes >= $gb) && ($bytes < $tb)) {
return ceil($bytes / $gb) . ' GB';
} elseif ($bytes >= $tb) {
return ceil($bytes / $tb) . ' TB';
} else {
return $bytes . ' B';
}
if (($bytes >= 0) && ($bytes < $kb)) {
return $bytes.' B';
} elseif (($bytes >= $kb) && ($bytes < $mb)) {
return ceil($bytes / $kb).' KB';
} elseif (($bytes >= $mb) && ($bytes < $gb)) {
return ceil($bytes / $mb).' MB';
} elseif (($bytes >= $gb) && ($bytes < $tb)) {
return ceil($bytes / $gb).' GB';
} elseif ($bytes >= $tb) {
return ceil($bytes / $tb).' TB';
} else {
return $bytes.' B';
}
}
$maxsize = max_size;
@@ -35,11 +32,11 @@ $filesize = filesize($fileURL);
$baseurl = file_url_destination;
// Check if file exists
if(!file_exists($fileURL)){
http_response_code(404);
if (!file_exists($fileURL)) {
http_response_code(404);
}
if($file == ''){
http_response_code(404);
if ($file == '') {
http_response_code(404);
}
$core = new Core();
@@ -55,10 +52,9 @@ $core = new Core();
<body>
<div class="wrapper">
<img src="assets/images/logo.png">
<?php
if(isset($_POST['submit'])){
}
<?php
if (isset($_POST['submit'])) {
}
?>
<!--<form>-->
<div class="download-area">
@@ -72,7 +68,7 @@ if(isset($_POST['submit'])){
<?php echo'
<script>
const downloadBtn = document.querySelector(".download-btn");
const fileLink = "' . $fileURL .'";
const fileLink = "'.$fileURL.'";
const initTimer = () => {
if(downloadBtn.classList.contains("disable-timer")) {
return window.open(fileLink);
@@ -97,7 +93,7 @@ const initTimer = () => {
downloadBtn.addEventListener("click", initTimer);
</script>
</script>'; ?>
<?php if(plausibledomain&&plausibledatadomain == !null){ ?>
<?php if (plausibledomain && plausibledatadomain == !null) { ?>
<script defer data-domain="<?=plausibledatadomain?>" src="<?=plausibledomain?>/js/script.js"></script>
<?php } ?>
</body>

12
error.php
View File

@@ -1,14 +1,14 @@
<?php
$code = $_SERVER['REDIRECT_STATUS'];
$codes = array(
$codes = [
403 => 'Forbidden',
404 => '404 Not Found',
500 => 'Internal Server Error'
);
500 => 'Internal Server Error',
];
$source_url = 'http'.((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') ? 's' : '').'://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if (array_key_exists($code, $codes) && is_numeric($code)) {
die("Error $code: {$codes[$code]}");
exit("Error $code: {$codes[$code]}");
} else {
die('Unknown error');
exit('Unknown error');
}
?>

82
index.php
View File

@@ -1,30 +1,27 @@
<?php
require_once(__DIR__ . '/system/core.class.php');
require_once(__DIR__ . '/system/config.php');
<?php
require_once __DIR__.'/system/core.class.php';
require_once __DIR__.'/system/config.php';
// size convertor
function sizeFormat($bytes){
$kb = 1024;
$mb = $kb * 1024;
$gb = $mb * 1024;
$tb = $gb * 1024;
function sizeFormat($bytes)
{
$kb = 1024;
$mb = $kb * 1024;
$gb = $mb * 1024;
$tb = $gb * 1024;
if (($bytes >= 0) && ($bytes < $kb)) {
return $bytes . ' B';
} elseif (($bytes >= $kb) && ($bytes < $mb)) {
return ceil($bytes / $kb) . ' KB';
} elseif (($bytes >= $mb) && ($bytes < $gb)) {
return ceil($bytes / $mb) . ' MB';
} elseif (($bytes >= $gb) && ($bytes < $tb)) {
return ceil($bytes / $gb) . ' GB';
} elseif ($bytes >= $tb) {
return ceil($bytes / $tb) . ' TB';
} else {
return $bytes . ' B';
}
if (($bytes >= 0) && ($bytes < $kb)) {
return $bytes.' B';
} elseif (($bytes >= $kb) && ($bytes < $mb)) {
return ceil($bytes / $kb).' KB';
} elseif (($bytes >= $mb) && ($bytes < $gb)) {
return ceil($bytes / $mb).' MB';
} elseif (($bytes >= $gb) && ($bytes < $tb)) {
return ceil($bytes / $gb).' GB';
} elseif ($bytes >= $tb) {
return ceil($bytes / $tb).' TB';
} else {
return $bytes.' B';
}
}
$maxsize = max_size;
@@ -42,39 +39,38 @@ $core = new Core();
<body>
<div class="wrapper">
<img src="assets/images/logo.png">
<?php
if(isset($_POST['submit'])){
if($core->FileTypeVerification($_FILES["fileToUpload"])){
if($core->FileSizeVerification($_FILES["fileToUpload"])){
$newfilename = $core->FileNameConvertor($_FILES["fileToUpload"]);
if($core->UploadFile($_FILES["fileToUpload"], $newfilename)){
$destination = base64_encode(file_destination.'/'.$newfilename);
?>
<?php
if (isset($_POST['submit'])) {
if ($core->FileTypeVerification($_FILES['fileToUpload'])) {
if ($core->FileSizeVerification($_FILES['fileToUpload'])) {
$newfilename = $core->FileNameConvertor($_FILES['fileToUpload']);
if ($core->UploadFile($_FILES['fileToUpload'], $newfilename)) {
$destination = base64_encode(file_destination.'/'.$newfilename); ?>
<div class="notification success">
Success ! Your file are available here: <a href="download.php?file=<?php echo $destination; ?>">download.php?file=<?php echo $destination; ?></a>
</div>
<?php
}else{
?>
} else {
?>
<div class="notification error">
An error occured while trying to upload your file(s).
</div>
<?php
}
}else{
?>
}
} else {
?>
<div class="notification error">
Your file is too high/low.
</div>
<?php
}
}else{
?>
}
} else {
?>
<div class="notification error">
Incorrect file format.
</div>
<?php
}
}
}
?>
@@ -101,7 +97,7 @@ $(document).ready(function(){
});
</script>
<?php if(plausibledomain&&plausibledatadomain == !null){ ?>
<?php if (plausibledomain && plausibledatadomain == !null) { ?>
<script defer data-domain="<?=plausibledatadomain?>" src="<?=plausibledomain?>/js/script.js"></script>
<?php } ?>
</body>

171
installer.php
View File

@@ -1,78 +1,81 @@
<?php
// Get server url
$url = 'https://' . $_SERVER['HTTP_HOST'];
$url = 'https://'.$_SERVER['HTTP_HOST'];
// Output messages
$response = '';
/* Install function */
function install($config_file = 'system/config.php') {
$contents = '<?php' . PHP_EOL;
// Write new variables to files
foreach ($_POST as $k => $v) {
if ($k == 'code') continue;
$v = in_array(strtolower($v), ['true', 'false']) || is_numeric($v) ? strtolower($v) : '\'' . $v . '\'';
$contents .= 'define(\'' . $k . '\',' . $v . ');' . PHP_EOL;
function install($config_file = 'system/config.php')
{
$contents = '<?php'.PHP_EOL;
// Write new variables to files
foreach ($_POST as $k => $v) {
if ($k == 'code') {
continue;
}
$v = in_array(strtolower($v), ['true', 'false']) || is_numeric($v) ? strtolower($v) : '\''.$v.'\'';
$contents .= 'define(\''.$k.'\','.$v.');'.PHP_EOL;
}
$contents .= '?>';
if (!file_put_contents($config_file, $contents)) {
return FALSE;
}
return TRUE;
$contents .= '?>';
if (!file_put_contents($config_file, $contents)) {
return false;
}
return true;
}
/*Verify Purchase Code function*/
function verify($code)
{
/*If the submit form is success*/
if(!empty($code)){
/*add purchase code to the API link*/
$purchase_code = $code;
$url = "https://dl.supers0ft.us/anonuptest/api.php?code=".$purchase_code;
$curl = curl_init($url);
/*Set your personal token*/
// $personal_token = "9COT6mduU2sZSMIlC09aYAQveaRdQ2H9";
/*Correct header for the curl extension*/
$header = array();
$header[] = 'Authorization: Bearer '.$personal_token;
$header[] = 'User-Agent: Purchase code verification';
$header[] = 'timeout: 20';
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER,$header);
/*Connect to the API, and get values from there*/
$envatoCheck = curl_exec($curl);
curl_close($curl);
$envatoCheck = json_decode($envatoCheck);
/*Variable request from the API*/
$date = new DateTime(isset($envatoCheck->supported_until) ? $envatoCheck->supported_until : false);
$support_date = $date->format('Y-m-d H:i:s');
$sold = new DateTime(isset($envatoCheck->sold_at) ? $envatoCheck->sold_at : false);
$sold_at = $sold->format('Y-m-d H:i:s');
$buyer = (isset( $envatoCheck->buyer) ? $envatoCheck->buyer : false);
$license = (isset( $envatoCheck->license) ? $envatoCheck->license : false);
$count = (isset( $envatoCheck->purchase_count) ? $envatoCheck->purchase_count : false);
$support_amount = (isset( $envatoCheck->support_amount) ? $envatoCheck->support_amount : false);
$item = (isset( $envatoCheck->item->previews->landscape_preview->landscape_url ) ? $envatoCheck->item->previews->landscape_preview->landscape_url : false);
/*Check for Special Characters*/
if (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬]/', $code)){
return 'Not allowed to use special characters!';
}
/*Check for Empty Spaces*/
if(!isset($code) || trim($code) == ''){
return 'You need to fill up the input area!';
}
/*If Purchase code exists, But Purchase ended*/
if (isset($envatoCheck->item->name) && (date('Y-m-d H:i:s') >= $support_date)){
return "
/*If the submit form is success*/
if (!empty($code)) {
/*add purchase code to the API link*/
$purchase_code = $code;
$url = 'https://dl.supers0ft.us/anonuptest/api.php?code='.$purchase_code;
$curl = curl_init($url);
/*Set your personal token*/
// $personal_token = "9COT6mduU2sZSMIlC09aYAQveaRdQ2H9";
/*Correct header for the curl extension*/
$header = [];
$header[] = 'Authorization: Bearer '.$personal_token;
$header[] = 'User-Agent: Purchase code verification';
$header[] = 'timeout: 20';
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
/*Connect to the API, and get values from there*/
$envatoCheck = curl_exec($curl);
curl_close($curl);
$envatoCheck = json_decode($envatoCheck);
/*Variable request from the API*/
$date = new DateTime(isset($envatoCheck->supported_until) ? $envatoCheck->supported_until : false);
$support_date = $date->format('Y-m-d H:i:s');
$sold = new DateTime(isset($envatoCheck->sold_at) ? $envatoCheck->sold_at : false);
$sold_at = $sold->format('Y-m-d H:i:s');
$buyer = (isset($envatoCheck->buyer) ? $envatoCheck->buyer : false);
$license = (isset($envatoCheck->license) ? $envatoCheck->license : false);
$count = (isset($envatoCheck->purchase_count) ? $envatoCheck->purchase_count : false);
$support_amount = (isset($envatoCheck->support_amount) ? $envatoCheck->support_amount : false);
$item = (isset($envatoCheck->item->previews->landscape_preview->landscape_url) ? $envatoCheck->item->previews->landscape_preview->landscape_url : false);
/*Check for Special Characters*/
if (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬]/', $code)) {
return 'Not allowed to use special characters!';
}
/*Check for Empty Spaces*/
if (!isset($code) || trim($code) == '') {
return 'You need to fill up the input area!';
}
/*If Purchase code exists, But Purchase ended*/
if (isset($envatoCheck->item->name) && (date('Y-m-d H:i:s') >= $support_date)) {
return "
<div class='alert alert-danger' role='alert'>
<h3>{$envatoCheck->item->name}</h3>
<div class='row'>
@@ -115,14 +118,15 @@ function verify($code)
</div>
</div>
";
}
}
/*If Purchase code exists, display client information*/
if (isset($envatoCheck->item->name) && (date('Y-m-d H:i:s') < $support_date)){
if (!install()) {
return '<h3>Error!</h3><p>Could not write to file! Please check permissions and try again!</a>';
}
return "
/*If Purchase code exists, display client information*/
if (isset($envatoCheck->item->name) && (date('Y-m-d H:i:s') < $support_date)) {
if (!install()) {
return '<h3>Error!</h3><p>Could not write to file! Please check permissions and try again!</a>';
}
return "
<div class='alert alert-success' role='alert'>
<h3>{$envatoCheck->item->name}</h3>
<div class='row'>
@@ -165,11 +169,11 @@ function verify($code)
</div>
</div>
";
}
}
/*If Purchase Code doesn't exist, no information will be displayed*/
if (!isset($envatoCheck->item->name)){
return "
/*If Purchase Code doesn't exist, no information will be displayed*/
if (!isset($envatoCheck->item->name)) {
return "
<div class='alert alert-danger' role='alert'>
<h3>INVALID PURCHASE CODE.</h3>
<div class='row'>
@@ -212,19 +216,18 @@ function verify($code)
</div>
</div>
";
}
}
}
}
}
if ($_POST) {
if (isset($_POST['code'])) {
// Validate code
$response = verify($_POST['code']);
} else {
// No code specified
$response = '<h3>Error!</h3><p>Please enter your Envato code!</p>';
}
// Validate code
$response = verify($_POST['code']);
} else {
// No code specified
$response = '<h3>Error!</h3><p>Please enter your Envato code!</p>';
}
}
?>
<!DOCTYPE html>
@@ -424,9 +427,9 @@ if ($_POST) {
}
};
});
<?php if (!empty($_POST)): ?>
<?php if (!empty($_POST)) { ?>
setStep(5);
<?php endif; ?>
<?php } ?>
</script>
</body>

95
protect.php
View File

@@ -1,24 +1,25 @@
<?php
$LOGIN_INFORMATION = array(
'user' => 'userpass',
'admin' => 'adminpass'
);
$LOGIN_INFORMATION = [
'user' => 'userpass',
'admin' => 'adminpass',
];
define('USE_USERNAME', true);
define('LOGOUT_URL', 'https://dl.supers0ft.us/logout.php/');
define('TIMEOUT_MINUTES', 0);
define('TIMEOUT_CHECK_ACTIVITY', true);
if(isset($_GET['help'])) {
die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
if (isset($_GET['help'])) {
exit('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("'.str_replace('\\', '\\\\', __FILE__).'"); ?&gt;');
}
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/');
header('Location: ' . LOGOUT_URL);
exit();
if (isset($_GET['logout'])) {
setcookie('verify', '', $timeout, '/');
header('Location: '.LOGOUT_URL);
exit();
}
if(!function_exists('showLoginPasswordProtect')) {
function showLoginPasswordProtect($error_msg) {
?>
if (!function_exists('showLoginPasswordProtect')) {
function showLoginPasswordProtect($error_msg)
{
?>
<!DOCTYPE html>
<html>
<head>
@@ -61,7 +62,9 @@ input { border: 1px solid black; }
<p><b> Administration Panel</b></p></div>
<div class="errmessage">
<font color="#2f80ed"><?php echo $error_msg; ?></font></div>
<?php if (USE_USERNAME) echo '<span class="login"></span><br /><input type="input" placeholder="Username" name="access_login" /><br /><span class="pass"></span><br />'; ?>
<?php if (USE_USERNAME) {
echo '<span class="login"></span><br /><input type="input" placeholder="Username" name="access_login" /><br /><span class="pass"></span><br />';
} ?>
<input type="password" placeholder="Password" name="access_password" /><p></p>
<div class="buttonlogin"><input type="submit" name="join" value="🔒" /></div>
</form>
@@ -70,41 +73,39 @@ input { border: 1px solid black; }
<!--Login query.-->
<?php
die();
}
exit();
}
}
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && (!array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass))
) {
showLoginPasswordProtect("Incorrect data.");
}
else {
setcookie("auth", md5($login.'%'.$pass), $timeout, '/');
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
}
}
else {
if (!isset($_COOKIE['auth'])) {
showLoginPasswordProtect("");
}
$found = false;
foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['auth'] == md5($lp)) {
$found = true;
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("auth", md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect("");
}
showLoginPasswordProtect('Incorrect data.');
} else {
setcookie('auth', md5($login.'%'.$pass), $timeout, '/');
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
}
} else {
if (!isset($_COOKIE['auth'])) {
showLoginPasswordProtect('');
}
$found = false;
foreach ($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '').'%'.$val;
if ($_COOKIE['auth'] == md5($lp)) {
$found = true;
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie('auth', md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect('');
}
}
?>

5
system/config.php
View File

@@ -22,7 +22,7 @@ $filelist = getenv('APP_FILELIST') ?? 'jpeg,jpg,gif,png,zip,xls,doc,mp3,mp4,mpeg
$sizeverification = getenv('APP_SIZE_VERIFICATION') ?? true;
$filedestination = getenv('APP_FILE_DESTINATION') ?? 'files';
$baseurl = getenv('APP_BASE_URL') ?? $_SERVER['HTTP_HOST'];
$maxsize = getenv('APP_MAX_SIZE') ?? (int)(ini_get('upload_max_filesize'));
$maxsize = getenv('APP_MAX_SIZE') ?? (int) (ini_get('upload_max_filesize'));
$minsize = getenv('APP_MIN_SIZE') ?? '0';
$waitfor = getenv('APP_DOWNLOAD_TIME');
@@ -52,6 +52,3 @@ define('plausible_embed', $plausibleembed);
define('plausibleembedtoken', $plausibleembedtoken);
/* version */
define('version', 'v1.0.0'); // DO NOT FORGET TO CHANGE THIS
?>

47
system/core.class.php
View File

@@ -1,24 +1,27 @@
<?php
require_once 'config.php';
class core
{
protected $timestamp;
/*
* @module File Type Verification
* @desc This Module check if a file is with the correct type (like png or zip). This option can be edit in config file
*/
public function FileTypeVerification($file){
$filetype_list = array();
$type = explode(",", FILELIST);
public function FileTypeVerification($file)
{
$filetype_list = [];
$type = explode(',', FILELIST);
foreach ($type as $filetype) {
array_push($filetype_list, $filetype);
}
$ext = pathinfo($file["name"], PATHINFO_EXTENSION);
if(in_array($ext, $filetype_list)){
return true;
}else{
return false;
$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
if (in_array($ext, $filetype_list)) {
return true;
} else {
return false;
}
}
@@ -26,33 +29,37 @@ class core
* @module File Size Verification
* @desc This Module check if the file size is correct or if is too high. This option can be disabled in config file
*/
public function FileSizeVerification($file){
if(size_verification == true){
if($file["size"] < max_size && $file["size"] > min_size){
public function FileSizeVerification($file)
{
if (size_verification == true) {
if ($file['size'] < max_size && $file['size'] > min_size) {
return true;
}else{
} else {
return false;
}
}else{
} else {
return true;
}
}
}
/*
* @module File Name Convertor
* @desc This Module convert file name into a encrypted name. This option can be disabled in config file
*/
public function FileNameConvertor($file){
public function FileNameConvertor($file)
{
$TransformFileName = substr(str_shuffle('abcdefghijklmnopqrstuvwxyzABCDEFGHIKLMNOPQRSTUVWXYZ123456789'), 0, 15);
$filename = $TransformFileName.'-'.basename($_FILES["fileToUpload"]["name"]);
return $filename;
$filename = $TransformFileName.'-'.basename($_FILES['fileToUpload']['name']);
return $filename;
}
public function UploadFile($file, $target){
public function UploadFile($file, $target)
{
$newtarget = file_destination.'/'.$target;
if(move_uploaded_file($file["tmp_name"], $newtarget)){
if (move_uploaded_file($file['tmp_name'], $newtarget)) {
return true;
}else{
} else {
return false;
}
}