diff options
author | alexvitkov <44268717+alexvitkov@users.noreply.github.com> | 2021-01-29 12:52:06 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-29 12:52:06 +0200 |
commit | 33e533d28dbf9ad7bfc7ad9af467e5efe25ae8a0 (patch) | |
tree | 7b748d2b87ab018d7ff451b4111a1b88eeb58416 /php | |
parent | ceedd596c9f39f53555fd0746a42d6b85cd49b6c (diff) | |
parent | 472e170f408e3d8d1db2eb066d445153aad55d73 (diff) | |
download | fileup-33e533d28dbf9ad7bfc7ad9af467e5efe25ae8a0.tar.gz |
Merge pull request #1 from GTSimeonov/master
rararrararararraar
Diffstat (limited to 'php')
-rw-r--r-- | php/configuration.php | 17 | ||||
-rw-r--r-- | php/database.php | 112 | ||||
-rw-r--r-- | php/file_type_recogniser.php | 84 | ||||
-rw-r--r-- | php/login.php | 25 | ||||
-rw-r--r-- | php/misc.php | 18 | ||||
-rw-r--r-- | php/register.php | 27 | ||||
-rw-r--r-- | php/upload.php | 23 | ||||
-rw-r--r-- | php/user.php | 10 |
8 files changed, 316 insertions, 0 deletions
diff --git a/php/configuration.php b/php/configuration.php new file mode 100644 index 0000000..6b87508 --- /dev/null +++ b/php/configuration.php @@ -0,0 +1,17 @@ +<?php +/*should be placed outside of document root*/ + +$domain_name="localhost"; + +$database_name="adam"; +$database_username="adam"; +$database_password="asdfd"; +$database_location="127.0.0.1"; + + + +$password_hash_algo=PASSWORD_BCRYPT; + + +$has_email_verification=false; +?> diff --git a/php/database.php b/php/database.php new file mode 100644 index 0000000..ef2b825 --- /dev/null +++ b/php/database.php @@ -0,0 +1,112 @@ +<?php +require_once "configuration.php"; +require_once "user.php"; +require_once "misc.php"; + +/*handles database stuff*/ + class Database + { + private $pdo; + + + public function __construct() + { + global $domain_name; + global $database_name; + global $database_username; + global $database_password; + global $database_location; + try + { + $this->pdo=new PDO("mysql:dbname={$database_name};host={$database_location}",$database_username,$database_password); + }catch(PDOException $e) + { + error_log("Could not get database {$database_name} from {$database_location}, {$e} "); + die("The cow bought the farm"); + } + } + + /*returns false if this isn't a user, otherwise returns the user*/ + function get_user(string $user) + { + $ret=new User; + + $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username"); + $prep->bindParam(':username',$user); + + $prep->execute(); + + $hold=$prep->fetch(PDO::FETCH_ASSOC); + + if($hold) + { + $ret->user_id=$hold["user_id"]; + $ret->username=$hold["username"]; + $ret->email_address=$hold["email"]; + return $ret; + }else + { + return false; + } + } + /*returns false if this isn't a user or the password is incorrect, otherwise returns the userid*/ + function authenticate(string $user, string $password) + { + $ret=new User; + + $prep=$this->pdo->prepare("select user_id,username,email,password from users where username=:username"); + $prep->bindParam(':username',$user); + $prep->execute(); + + $hold=$prep->fetch(PDO::FETCH_ASSOC); + + if($hold) + { + if(password_verify($password,$hold["password"])) + { + $ret->user_id=$hold["user_id"]; + $ret->username=$hold["username"]; + $ret->email_address=$hold["email"]; + return $ret; + }else + { + return false; + } + }else + { + return false; + } + } + /*returns false if username is taken, email is not checked here*/ + function register_user(string $user,string $password,string $email) : bool + { + $hold=$this->get_user($user); + global $domain_name; + global $has_email_verification; + global $password_hash_algo; + + + if($hold) + { + return false; + }else + { + if($has_email_verification) + { + generate_email_verification_link(); + }else + { + $hashed_pass=password_hash($password,$password_hash_algo); + $prep=$this->pdo->prepare("insert into users(username,password,email) values(:username,:password,:email)"); + $prep->bindParam(':username',$user); + $prep->bindParam(':password',$hashed_pass); + $prep->bindParam(':email',$email); + $prep->execute(); + } + return true; + } + } + } + + +?> diff --git a/php/file_type_recogniser.php b/php/file_type_recogniser.php new file mode 100644 index 0000000..f160fb7 --- /dev/null +++ b/php/file_type_recogniser.php @@ -0,0 +1,84 @@ +<?php + +function file_type($path_to_file) { + $file_type_database = new finfo(FILEINFO_SYMLINK|FILEINFO_MIME_TYPE); + return $file_type_database->file($path_to_file); +} + + +function file_extension($path_to_file) { + #FILEINFO_EXTENSION introduced in php7.2.0 https://www.php.net/manual/en/fileinfo.constants.php + if(defined("FILEINFO_EXTENSION")) + { + $file_type_database = new finfo(FILEINFO_EXTENSION); + return "." . $file_type_database->file($path_to_file); + }else + { + $result=file_type($path_to_file); + + $optimus_prime = array( + 'text/plain'=>'.txt', + 'text/html'=>'.html', + 'text/php'=>'.php', + 'text/css'=>'.css', + 'application/javascript'=>'.js', + 'application/json'=>'.json', + 'application/xml'=>'.xml', + 'application/x-shockwave-flash'=>'.swf', + 'video/x-flv'=>'.flv', + 'image/png'=>'.png', + 'image/jpeg'=>'.jpe', + 'image/jpeg'=>'.jpeg', + 'image/jpeg'=>'.jpg', + 'image/gif'=>'.gif', + 'image/bmp'=>'.bmp', + 'image/vnd.microsoft.icon'=>'.ico', + 'image/tiff'=>'.tiff', + 'image/tiff'=>'.tif', + 'image/svg+xml'=>'.svg', + 'image/svg+xml'=>'.svgz', + 'application/zip'=>'.zip', + 'application/x-rar-compressed'=>'.rar', + 'application/x-msdownload'=>'.exe', + 'application/x-msdownload'=>'.msi', + 'application/vnd.ms-cab-compressed'=>'.cab', + 'audio/mpeg'=>'.mp3', + 'video/quicktime'=>'.qt', + 'video/quicktime'=>'.mov', + 'application/pdf'=>'.pdf', + 'image/vnd.adobe.photoshop'=>'.psd', + 'application/postscript'=>'.ai', + 'application/postscript'=>'.eps', + 'application/postscript'=>'.ps', + 'application/msword'=>'.doc', + 'application/rtf'=>'.rtf', + 'application/vnd.ms-excel'=>'.xls', + 'application/vnd.ms-powerpoint'=>'.ppt', + 'application/vnd.oasis.opendocument.text'=>'.odt', + 'application/vnd.oasis.opendocument.spreadsheet'=>'.ods' + ); + + if(!array_key_exists($result,$optimus_prime)) + { + return ".dat"; + }else + { + return $optimus_prime[$result]; + } + + } +} + +function get_icon($path_to_file) +{ + $file_ext="svg/icons/".file_extension($path_to_file).".svg"; + if(!file_exists($file_ext)) + { + return "svg/icons/.dat.svg"; + }else + { + return $file_ext; + } +} + +?> diff --git a/php/login.php b/php/login.php new file mode 100644 index 0000000..e6d44dc --- /dev/null +++ b/php/login.php @@ -0,0 +1,25 @@ +<?php +require_once "user.php"; +require_once "database.php"; +require_once "misc.php"; + +$username=$_POST["username"]; +$password=$_POST["password"]; +/*server side verification*/ +if(gettype($username)!="string" || gettype($password)!="string") +{ + die("You didn't specify the pass or the username"); +} + +$database=new Database(); +$user=$database->authenticate($username,$password); +if(!$user) +{ + die("Password or username is incorrect"); +} + +echo "Username: {$user->username}\n"; +echo "Email: {$user->email_address}"; + + +?> diff --git a/php/misc.php b/php/misc.php new file mode 100644 index 0000000..3ab0277 --- /dev/null +++ b/php/misc.php @@ -0,0 +1,18 @@ +<?php +require_once "user.php"; + +function validate_credentials(string $username,string $email,string $password,string $password2) : bool +{ + return true; +} + +function generate_email_verification_link() +{ + /*TODO*/ + $url="{$domain_name}/register/"+random_bytes(20); + mail($email,"Registration at ${domain_name}","Click here to register {$url}."); +} + + + +?> diff --git a/php/register.php b/php/register.php new file mode 100644 index 0000000..b6b164c --- /dev/null +++ b/php/register.php @@ -0,0 +1,27 @@ +<?php +require_once "database.php"; +require_once "misc.php"; +require_once "configuration.php"; + +$username=$_POST["username"]; +$password=$_POST["password"]; +$password2=$_POST["password2"]; +$email=$_POST["email"]; + +/*check if we are given shady credentials*/ +if(!validate_credentials($username,$email,$password,$password2)) +{ + error_log("Invalid registration that has probbably bypassed client side verification. This could be an attack!"); + die(); +} +$database= new Database; + +if($database->register_user($username,$password,$email)) +{ + echo "registered"; +}else +{ + echo "didn't register"; +} + +?> diff --git a/php/upload.php b/php/upload.php new file mode 100644 index 0000000..93fa778 --- /dev/null +++ b/php/upload.php @@ -0,0 +1,23 @@ +<?php + +if (!array_key_exists('uf', $_FILES)) { + http_response_code(400); + exit(); +} + + +$file = $_FILES['uf']; + + +if (file['error'] != 0) { + http_response_code(400); + exit(); +} + +$m = md5_file($file['tmp_name']); + +copy($file['tmp_name'], "screen/$m.png"); + +echo "http://india.fmi.fail/screen/$m.png"; + +?> diff --git a/php/user.php b/php/user.php new file mode 100644 index 0000000..1ef3083 --- /dev/null +++ b/php/user.php @@ -0,0 +1,10 @@ +<?php + class User + { + /*I don't think we need to abstract these away*/ + public $user_id; + public $username; + public $email_address; + } + +?> |