aiden
/
anonupload
mirror of https://github.com/Supernova3339/anonupload
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Apply fixes from StyleCI

Browse Source
pull/31/head
StyleCI Bot 3 years ago
parent a0fe631a72
commit 8a67f48d75
No known key found for this signature in database
GPG Key ID: E4A5316DFBB23575
16 changed files with 501 additions and 497 deletions
Show Stats Download Patch File Download Diff File

80
admin/captcha.php
Unescape Escape View File

@ -1,40 +1,40 @@
<?php <?php
session_start();
// Generate random 6 character string session_start();
$captcha_code = substr(str_shuffle('01234567890123456789abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz'), 0, 6); // Generate random 6 character string
// Update the session variable $captcha_code = substr(str_shuffle('01234567890123456789abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz'), 0, 6);
$_SESSION['captcha'] = $captcha_code; // Update the session variable
// Create the image canvas - width: 150px; height: 50px; $_SESSION['captcha'] = $captcha_code;
$final_image = imagecreate(150, 50); // Create the image canvas - width: 150px; height: 50px;
// Background color (RGBA) $final_image = imagecreate(150, 50);
$rgba = [241, 245, 248, 0]; // Background color (RGBA)
// Set the background color $rgba = [241, 245, 248, 0];
$image_bg_color = imagecolorallocatealpha($final_image, 241, 245, 248, 0); // Set the background color
// Convert the captcha text to an array $image_bg_color = imagecolorallocatealpha($final_image, 241, 245, 248, 0);
$captcha_code_chars = str_split($captcha_code); // Convert the captcha text to an array
// Iterate the above array $captcha_code_chars = str_split($captcha_code);
for($i = 0; $i < count($captcha_code_chars); $i++) { // Iterate the above array
// Create the character image canvas for ($i = 0; $i < count($captcha_code_chars); $i++) {
$char_small = imagecreate(130, 16); // Create the character image canvas
$char_large = imagecreate(130, 16); $char_small = imagecreate(130, 16);
// Character background color $char_large = imagecreate(130, 16);
$char_bg_color = imagecolorallocate($char_small, 241, 245, 248); // Character background color
// Character color $char_bg_color = imagecolorallocate($char_small, 241, 245, 248);
$char_color = imagecolorallocate($char_small, rand(80,180), rand(80,180), rand(80, 180)); // Character color
// Draw the character on the canvas $char_color = imagecolorallocate($char_small, rand(80, 180), rand(80, 180), rand(80, 180));
imagestring($char_small, 1, 1, 0, $captcha_code_chars[$i], $char_color); // Draw the character on the canvas
// Copy the image and enlarge it imagestring($char_small, 1, 1, 0, $captcha_code_chars[$i], $char_color);
imagecopyresampled($char_large, $char_small, 0, 0, 0, 0, rand(250, 400), 16, 84, 8); // Copy the image and enlarge it
// Rotate the character image imagecopyresampled($char_large, $char_small, 0, 0, 0, 0, rand(250, 400), 16, 84, 8);
$char_large = imagerotate($char_large, rand(-6,6), 0); // Rotate the character image
// Add the character image to the main canvas $char_large = imagerotate($char_large, rand(-6, 6), 0);
imagecopymerge($final_image, $char_large, 20 + (20 * $i), 15, 0, 0, imagesx($char_large), imagesy($char_large), 70); // Add the character image to the main canvas
// Destroy temporary canvases imagecopymerge($final_image, $char_large, 20 + (20 * $i), 15, 0, 0, imagesx($char_large), imagesy($char_large), 70);
imagedestroy($char_small); // Destroy temporary canvases
imagedestroy($char_large); imagedestroy($char_small);
} imagedestroy($char_large);
// Output the created image }
header('Content-type: image/png'); // Output the created image
imagepng($final_image); header('Content-type: image/png');
imagedestroy($final_image); imagepng($final_image);
?> imagedestroy($final_image);

59
admin/check.php
Unescape Escape View File

@ -1,37 +1,40 @@
<?php <?php
// Get Configuration // Get Configuration
require '../system/config.php'; require '../system/config.php';
// Get Dashboard URL // Get Dashboard URL
$url = $file_url_destination."/admin/dashboard"; $url = $file_url_destination.'/admin/dashboard';
// (A) START SESSION // (A) START SESSION
session_start(); session_start();
// (B) HANDLE LOGIN // (B) HANDLE LOGIN
if (isset($_POST["user"]) && !isset($_SESSION["user"])) { if (isset($_POST['user']) && !isset($_SESSION['user'])) {
// (B1) USERS & PASSWORDS - SET YOUR OWN ! // (B1) USERS & PASSWORDS - SET YOUR OWN !
$users = [ $users = [
email => password // USER AND PASSWORD PULLED FROM CONFIGURATION FILE email => password, // USER AND PASSWORD PULLED FROM CONFIGURATION FILE
]; ];
// (B2) CHECK & VERIFY // (B2) CHECK & VERIFY
if (isset($users[$_POST["user"]])) { if (isset($users[$_POST['user']])) {
// check captcha // check captcha
if ($_SESSION['captcha'] !== $_POST['captcha']) { if ($_SESSION['captcha'] !== $_POST['captcha']) {
header("Location: ?capfail"); header('Location: ?capfail');
exit(0); exit(0);
} }
// end captcha // end captcha
if ($users[$_POST["user"]] == $_POST["password"]) { if ($users[$_POST['user']] == $_POST['password']) {
$_SESSION["user"] = $_POST["user"]; $_SESSION['user'] = $_POST['user'];
}
}
// (B3) FAILED LOGIN FLAG
if (!isset($_SESSION['user'])) {
$failed = true;
} }
}
// (B3) FAILED LOGIN FLAG
if (!isset($_SESSION["user"])) { $failed = true; }
} }
// (C) REDIRECT USER TO DASHBOARD IF SIGNED IN // (C) REDIRECT USER TO DASHBOARD IF SIGNED IN
if (isset($_SESSION["user"])) { if (isset($_SESSION['user'])) {
header("Location: dashboard"); // REDIRECT TO DASHBOARD header('Location: dashboard'); // REDIRECT TO DASHBOARD
exit(); exit();
} }

138
admin/dashboard/files.php
Unescape Escape View File

@ -1,6 +1,6 @@
<?php <?php
include 'main.php'; include 'main.php';
$dir = "../../files/"; $dir = '../../files/';
/* /*
ini_set('display_errors', 1); ini_set('display_errors', 1);
ini_set('display_startup_errors', 1); ini_set('display_startup_errors', 1);
@ -34,96 +34,86 @@ if (isset($_GET['error_msg'])) {
if ($_GET['error_msg'] == 3) { if ($_GET['error_msg'] == 3) {
$error_msg = 'An Error Occured'; $error_msg = 'An Error Occured';
} }
if ($_GET['error_msg'] == 4) { if ($_GET['error_msg'] == 4) {
$error_msg = 'File path doesnt exist.'; $error_msg = 'File path doesnt exist.';
} }
if ($_GET['error_msg'] == 5) { if ($_GET['error_msg'] == 5) {
$error_msg = 'File path not found.'; $error_msg = 'File path not found.';
} }
} }
// filelist // filelist
function list_directory_files($dir) { function list_directory_files($dir)
{
if (is_dir($dir)) { if (is_dir($dir)) {
if ($handle = opendir($dir)) { if ($handle = opendir($dir)) {
while (($file = readdir($handle)) !== false) {
while (($file = readdir($handle)) !== false) { if ($file != '.' && $file != '..' && $file != 'Thumbs.db' && $file != 'index.php') {
if ($file != "." && $file != ".." && $file != "Thumbs.db" && $file != "index.php") { echo '<tr>';
echo '<tr>'; echo '<td>';
echo '<td>'; echo $file;
echo $file; echo '</td>';
echo '</td>'; echo '<td>';
echo '<td>'; echo '<a class="link1" href="?path='.$dir.''.$file.'">Download</a>';
echo '<a class="link1" href="?path='.$dir.''.$file.'">Download</a>'; echo '<a class="link1" href="?delete&file='.$dir.''.$file.'">Delete</a>';
echo '<a class="link1" href="?delete&file='.$dir.''.$file.'">Delete</a>'; echo '</td>';
echo '</td>'; echo '</tr>';
echo '</tr>'; }
}
}
} closedir($handle);
}
closedir($handle); }
}
}
} }
// download file // download file
if(isset($_GET['path'])) if (isset($_GET['path'])) {
{ //Read the url
//Read the url $url = $_GET['path'];
$url = $_GET['path'];
//Clear the cache //Clear the cache
clearstatcache(); clearstatcache();
//Check the file path exists or not //Check the file path exists or not
if(file_exists($url)) { if (file_exists($url)) {
//Define header information //Define header information
header('Content-Description: File Transfer'); header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream'); header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($url).'"'); header('Content-Disposition: attachment; filename="'.basename($url).'"');
header('Content-Length: ' . filesize($url)); header('Content-Length: '.filesize($url));
header('Pragma: public'); header('Pragma: public');
//Clear system output buffer //Clear system output buffer
flush(); flush();
//Read the size of the file //Read the size of the file
readfile($url,true); readfile($url, true);
//Terminate from the script //Terminate from the script
die(); exit();
} } else {
else{ // do nothing
// do nothing }
}
} }
// do nothing // do nothing
if (isset($_GET['delete'], $_GET['file'])) {
if(isset($_GET['delete'], $_GET['file'])){ $delfile = $_GET['file'];
/*
$delfile = $_GET['file']; header("Location: $delfile");
/* */
header("Location: $delfile"); if (unlink($delfile)) {
*/ // file was successfully deleted
If (unlink($delfile)) { header('Refresh:0 url=files.php?success_msg=1');
// file was successfully deleted } else {
header("Refresh:0 url=files.php?success_msg=1"); // there was a problem deleting the file
} else { header('Refresh:0 url=files.php?error_msg=1');
// there was a problem deleting the file }
header("Refresh:0 url=files.php?error_msg=1");
}
} }
?> ?>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
@ -137,22 +127,22 @@ If (unlink($delfile)) {
</div> </div>
<!-- Display Success Alert --> <!-- Display Success Alert -->
<?php if (isset($success_msg)): ?> <?php if (isset($success_msg)) { ?>
<div class="msg success"> <div class="msg success">
<i class="fas fa-check-circle"></i> <i class="fas fa-check-circle"></i>
<p><?=$success_msg?></p> <p><?=$success_msg?></p>
<i class="fas fa-times"></i> <i class="fas fa-times"></i>
</div> </div>
<?php endif; ?> <?php } ?>
<!-- Display Error Message --> <!-- Display Error Message -->
<?php if (isset($error_msg)): ?> <?php if (isset($error_msg)) { ?>
<div class="msg error"> <div class="msg error">
<i class="fa fa-exclamation-triangle"></i> <i class="fa fa-exclamation-triangle"></i>
<p><?=$error_msg?></p> <p><?=$error_msg?></p>
<i class="fas fa-times"></i> <i class="fas fa-times"></i>
</div> </div>
<?php endif; ?> <?php } ?>
<div class="content-block"> <div class="content-block">
<div class="table"> <div class="table">

116
admin/dashboard/index.php
Unescape Escape View File

@ -11,74 +11,71 @@ error_reporting(E_ALL);
?> ?>
<?php <?php
$directory = "../.$file_url_destination./files/"; // dir location $directory = "../.$file_url_destination./files/"; // dir location
if (glob($directory . "*.*") != false) if (glob($directory.'*.*') != false) {
{ $filecount = count(glob($directory.'*.*' && $file != 'index.php'));
$filecount = count(glob($directory. "*.*" && $file != "index.php"));
} }
// file size of upload dir // file size of upload dir
function folderSize($dir){ function folderSize($dir)
$count_size = 0; {
$count = 0; $count_size = 0;
$dir_array = scandir($dir); $count = 0;
foreach($dir_array as $key=>$filename){ $dir_array = scandir($dir);
if($filename!=".." && $filename!="." && $filename!="index.php"){ foreach ($dir_array as $key=>$filename) {
if(is_dir($dir."/".$filename)){ if ($filename != '..' && $filename != '.' && $filename != 'index.php') {
$new_foldersize = foldersize($dir."/".$filename); if (is_dir($dir.'/'.$filename)) {
$count_size = $count_size+ $new_foldersize; $new_foldersize = foldersize($dir.'/'.$filename);
}else if(is_file($dir."/".$filename)){ $count_size = $count_size + $new_foldersize;
$count_size = $count_size + filesize($dir."/".$filename); } elseif (is_file($dir.'/'.$filename)) {
$count++; $count_size = $count_size + filesize($dir.'/'.$filename);
$count++;
}
} }
} }
}
return $count_size; return $count_size;
} }
// size converter // size converter
function sizeFormat($bytes){ function sizeFormat($bytes)
$kb = 1024; {
$mb = $kb * 1024; $kb = 1024;
$gb = $mb * 1024; $mb = $kb * 1024;
$tb = $gb * 1024; $gb = $mb * 1024;
$tb = $gb * 1024;
if (($bytes >= 0) && ($bytes < $kb)) {
return $bytes . ' B'; if (($bytes >= 0) && ($bytes < $kb)) {
return $bytes.' B';
} elseif (($bytes >= $kb) && ($bytes < $mb)) { } elseif (($bytes >= $kb) && ($bytes < $mb)) {
return ceil($bytes / $kb) . ' KB'; return ceil($bytes / $kb).' KB';
} elseif (($bytes >= $mb) && ($bytes < $gb)) {
} elseif (($bytes >= $mb) && ($bytes < $gb)) { return ceil($bytes / $mb).' MB';
return ceil($bytes / $mb) . ' MB'; } elseif (($bytes >= $gb) && ($bytes < $tb)) {
return ceil($bytes / $gb).' GB';
} elseif (($bytes >= $gb) && ($bytes < $tb)) { } elseif ($bytes >= $tb) {
return ceil($bytes / $gb) . ' GB'; return ceil($bytes / $tb).' TB';
} else {
} elseif ($bytes >= $tb) { return $bytes.' B';
return ceil($bytes / $tb) . ' TB'; }
} else {
return $bytes . ' B';
}
} }
// get size of folders in a folder // get size of folders in a folder
$plugin_count = count(glob('../../plugins/*', GLOB_ONLYDIR)); $plugin_count = count(glob('../../plugins/*', GLOB_ONLYDIR));
// Update checker // Update checker
$PATCH_URL = 'https://raw.githubusercontent.com/Supernova3339/anonfiles/main/'; $PATCH_URL = 'https://raw.githubusercontent.com/Supernova3339/anonfiles/main/';
$version_filename = 'latest.txt?token=GHSAT0AAAAAAB4S7HM4SZGF7VWPABQO3KRSY5FDV4Q'; # REMOVE TOKEN $version_filename = 'latest.txt?token=GHSAT0AAAAAAB4S7HM4SZGF7VWPABQO3KRSY5FDV4Q'; // REMOVE TOKEN
// Get version // Get version
$ch = curl_init($PATCH_URL . $version_filename); $ch = curl_init($PATCH_URL.$version_filename);
curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$str = curl_exec($ch); $str = curl_exec($ch);
curl_close($ch); curl_close($ch);
$server_version = str_to_version_info($str); $server_version = str_to_version_info($str);
?> ?>
<?=template_admin_header('Dashboard', 'dashboard')?> <?=template_admin_header('Dashboard', 'dashboard')?>
@ -116,11 +113,11 @@ $version_filename = 'latest.txt?token=GHSAT0AAAAAAB4S7HM4SZGF7VWPABQO3KRSY5FDV4Q
<p> <p>
<?=version?> <?=version?>
</p> </p>
<?php <?php
if($server_version > version){ if ($server_version > version) {
echo '<p>update available</p>'; echo '<p>update available</p>';
} }
echo $server_version; echo $server_version;
?> ?>
</p> </p>
</div> </div>
@ -130,11 +127,10 @@ $version_filename = 'latest.txt?token=GHSAT0AAAAAAB4S7HM4SZGF7VWPABQO3KRSY5FDV4Q
<br> <br>
<?php if(plausibledatadomain&&plausibledomain&&plausibleembedtoken){ <?php if (plausibledatadomain && plausibledomain && plausibleembedtoken) {
echo ' echo '
<iframe plausible-embed src="' . plausibledomain . '/share/' . plausibledatadomain . '?auth=' . plausibleembedtoken . '&embed=true&theme=light&background=%23EBECED" scrolling="no" frameborder="0" loading="lazy" style="width: 1px; min-width: 100%; height: 1600px;"></iframe> <iframe plausible-embed src="'.plausibledomain.'/share/'.plausibledatadomain.'?auth='.plausibleembedtoken.'&embed=true&theme=light&background=%23EBECED" scrolling="no" frameborder="0" loading="lazy" style="width: 1px; min-width: 100%; height: 1600px;"></iframe>
<script async src="' . plausibledomain . '/js/embed.host.js"></script> '; <script async src="'.plausibledomain.'/js/embed.host.js"></script> ';
} }
template_admin_footer(); template_admin_footer();

59
admin/dashboard/main.php
Unescape Escape View File

@ -1,4 +1,5 @@
<?php <?php
// Check if the user is logged-in // Check if the user is logged-in
include_once '../protect.php'; include_once '../protect.php';
// Read comfiguration file // Read comfiguration file
@ -6,31 +7,32 @@ include_once '../../system/config.php';
// Add/remove roles from the list // Add/remove roles from the list
$roles_list = ['Admin', 'Member']; $roles_list = ['Admin', 'Member'];
// Logout User on '?logout' --> // Logout User on '?logout' -->
if(isset($_GET['logout'])) if (isset($_GET['logout'])) {
{
logout(); logout();
} }
// Logout Function --> // Logout Function -->
function logout(){ function logout()
{
session_destroy(); session_destroy();
header("Location: ../"); header('Location: ../');
exit(); exit();
} }
// Template admin header // Template admin header
function template_admin_header($title, $selected = 'dashboard', $selected_child = '') { function template_admin_header($title, $selected = 'dashboard', $selected_child = '')
{
// Admin HTML links // Admin HTML links
$admin_links = ' $admin_links = '
<a href="index.php"' . ($selected == 'dashboard' ? ' class="selected"' : '') . '><i class="fas fa-tachometer-alt"></i>Dashboard</a> <a href="index.php"'.($selected == 'dashboard' ? ' class="selected"' : '').'><i class="fas fa-tachometer-alt"></i>Dashboard</a>
<a href="files.php"' . ($selected == 'files' ? ' class="selected"' : '') . '><i class="fas fa-file-alt"></i>Files</a> <a href="files.php"'.($selected == 'files' ? ' class="selected"' : '').'><i class="fas fa-file-alt"></i>Files</a>
<a href="settings.php"' . ($selected == 'settings' ? ' class="selected"' : '') . '><i class="fas fa-tools"></i>Settings</a> <a href="settings.php"'.($selected == 'settings' ? ' class="selected"' : '').'><i class="fas fa-tools"></i>Settings</a>
<div class="footer"> <div class="footer">
<a href="https://github.com/supernova3339/anonfiles" target="_blank">AnonFiles</a> <a href="https://github.com/supernova3339/anonfiles" target="_blank">AnonFiles</a>
Version ' . version . ' Version '.version.'
</div> </div>
'; ';
// Indenting the below code may cause an error // Indenting the below code may cause an error
echo <<<EOT echo <<<EOT
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
@ -57,9 +59,10 @@ echo <<<EOT
EOT; EOT;
} }
// Template admin footer // Template admin footer
function template_admin_footer() { function template_admin_footer()
{
// Indenting the below code may cause an error // Indenting the below code may cause an error
echo <<<EOT echo <<<EOT
</main> </main>
<script> <script>
let aside = document.querySelector("aside"), main = document.querySelector("main"), header = document.querySelector("header"); let aside = document.querySelector("aside"), main = document.querySelector("main"), header = document.querySelector("header");
@ -129,29 +132,33 @@ echo <<<EOT
EOT; EOT;
} }
// Convert date to elapsed string function // Convert date to elapsed string function
function time_elapsed_string($datetime, $full = false) { function time_elapsed_string($datetime, $full = false)
$now = new DateTime; {
$now = new DateTime();
$ago = new DateTime($datetime); $ago = new DateTime($datetime);
$diff = $now->diff($ago); $diff = $now->diff($ago);
$diff->w = floor($diff->d / 7); $diff->w = floor($diff->d / 7);
$diff->d -= $diff->w * 7; $diff->d -= $diff->w * 7;
$string = ['y' => 'year','m' => 'month','w' => 'week','d' => 'day','h' => 'hour','i' => 'minute','s' => 'second']; $string = ['y' => 'year', 'm' => 'month', 'w' => 'week', 'd' => 'day', 'h' => 'hour', 'i' => 'minute', 's' => 'second'];
foreach ($string as $k => &$v) { foreach ($string as $k => &$v) {
if ($diff->$k) { if ($diff->$k) {
$v = $diff->$k . ' ' . $v . ($diff->$k > 1 ? 's' : ''); $v = $diff->$k.' '.$v.($diff->$k > 1 ? 's' : '');
} else { } else {
unset($string[$k]); unset($string[$k]);
} }
} }
if (!$full) $string = array_slice($string, 0, 1); if (!$full) {
return $string ? implode(', ', $string) . ' ago' : 'just now'; $string = array_slice($string, 0, 1);
}
return $string ? implode(', ', $string).' ago' : 'just now';
} }
function str_to_version_info($string) function str_to_version_info($string)
{ {
$latest_version = FALSE; $latest_version = false;
if (preg_match('/^\s*?(\d+\.\d+\.\d+)/i', $string, $match)) { if (preg_match('/^\s*?(\d+\.\d+\.\d+)/i', $string, $match)) {
$latest_version = $match[1]; $latest_version = $match[1];
} }
return $latest_version;
} return $latest_version;
?> }

27
admin/dashboard/settings.php
Unescape Escape View File

@ -5,27 +5,32 @@ $file = '../../system/config.php';
// Open the configuration file for reading // Open the configuration file for reading
$contents = file_get_contents($file); $contents = file_get_contents($file);
// Format key function // Format key function
function format_key($key) { function format_key($key)
{
$key = str_replace(['_', 'url', 'db ', ' pass', ' user'], [' ', 'URL', 'Database ', ' Password', ' Username'], strtolower($key)); $key = str_replace(['_', 'url', 'db ', ' pass', ' user'], [' ', 'URL', 'Database ', ' Password', ' Username'], strtolower($key));
return ucwords($key); return ucwords($key);
} }
// Format HTML output function // Format HTML output function
function format_var_html($key, $value) { function format_var_html($key, $value)
{
$html = ''; $html = '';
$type = 'text'; $type = 'text';
$value = htmlspecialchars(trim($value, '\''), ENT_QUOTES); $value = htmlspecialchars(trim($value, '\''), ENT_QUOTES);
$type = strpos($key, 'pass') !== false ? 'password' : $type; $type = strpos($key, 'pass') !== false ? 'password' : $type;
$type = in_array(strtolower($value), ['true', 'false']) ? 'checkbox' : $type; $type = in_array(strtolower($value), ['true', 'false']) ? 'checkbox' : $type;
$checked = strtolower($value) == 'true' ? ' checked' : ''; $checked = strtolower($value) == 'true' ? ' checked' : '';
$html .= '<label for="' . $key . '">' . format_key($key) . '</label>'; $html .= '<label for="'.$key.'">'.format_key($key).'</label>';
if ($type == 'checkbox') { if ($type == 'checkbox') {
$html .= '<input type="hidden" name="' . $key . '" value="false">'; $html .= '<input type="hidden" name="'.$key.'" value="false">';
} }
$html .= '<input type="' . $type . '" name="' . $key . '" id="' . $key . '" value="' . $value . '" placeholder="' . format_key($key) . '"' . $checked . '>'; $html .= '<input type="'.$type.'" name="'.$key.'" id="'.$key.'" value="'.$value.'" placeholder="'.format_key($key).'"'.$checked.'>';
return $html; return $html;
} }
// Format form // Format form
function format_form($contents) { function format_form($contents)
{
$rows = explode("\n", $contents); $rows = explode("\n", $contents);
echo '<div class="tab-content active">'; echo '<div class="tab-content active">';
for ($i = 0; $i < count($rows); $i++) { for ($i = 0; $i < count($rows); $i++) {
@ -37,14 +42,14 @@ function format_form($contents) {
if ($match) { if ($match) {
echo format_var_html($match[1], $match[2]); echo format_var_html($match[1], $match[2]);
} }
} }
echo '</div>'; echo '</div>';
} }
if (!empty($_POST)) { if (!empty($_POST)) {
// Update the configuration file with the new keys and values // Update the configuration file with the new keys and values
foreach ($_POST as $k => $v) { foreach ($_POST as $k => $v) {
$v = in_array(strtolower($v), ['true', 'false']) ? strtolower($v) : '\'' . $v . '\''; $v = in_array(strtolower($v), ['true', 'false']) ? strtolower($v) : '\''.$v.'\'';
$contents = preg_replace('/define\(\'' . $k . '\'\, ?(.*?)\)/s', 'define(\'' . $k . '\',' . $v . ')', $contents); $contents = preg_replace('/define\(\''.$k.'\'\, ?(.*?)\)/s', 'define(\''.$k.'\','.$v.')', $contents);
} }
file_put_contents('../../system/config.php', $contents); file_put_contents('../../system/config.php', $contents);
header('Location: settings.php?success_msg=1'); header('Location: settings.php?success_msg=1');
@ -62,13 +67,13 @@ if (isset($_GET['success_msg'])) {
<h2>Settings</h2> <h2>Settings</h2>
<?php if (isset($success_msg)): ?> <?php if (isset($success_msg)) { ?>
<div class="msg success"> <div class="msg success">
<i class="fas fa-check-circle"></i> <i class="fas fa-check-circle"></i>
<p><?=$success_msg?></p> <p><?=$success_msg?></p>
<i class="fas fa-times"></i> <i class="fas fa-times"></i>
</div> </div>
<?php endif; ?> <?php } ?>

4
admin/index.php
Unescape Escape View File

@ -1,6 +1,6 @@
<?php <?php
// (A) LOGIN CHECKS // (A) LOGIN CHECKS
require "check.php"; require 'check.php';
?> ?>
<head> <head>
<title>Login</title> <title>Login</title>
@ -53,7 +53,7 @@ require "check.php";
</div> </div>
<?php } ?> <?php } ?>
<!-- invalid captcha --> <!-- invalid captcha -->
<?php if (isset($_GET["capfail"])) { ?> <?php if (isset($_GET['capfail'])) { ?>
<div class="alert alert-danger shadow" data-dismiss="alert" role="alert" style="border-left:#721C24 5px solid; border-radius: 0px"> <div class="alert alert-danger shadow" data-dismiss="alert" role="alert" style="border-left:#721C24 5px solid; border-radius: 0px">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"> <button type="button" class="close" data-dismiss="alert" aria-label="Close">

17
admin/protect.php
Unescape Escape View File

@ -1,12 +1,15 @@
<?php <?php
// (A) START SESSION // (A) START SESSION
session_start(); session_start();
// (B) LOGOUT REQUEST // (B) LOGOUT REQUEST
if (isset($_POST["logout"])) { unset($_SESSION["user"]); } if (isset($_POST['logout'])) {
unset($_SESSION['user']);
}
// (C) REDIRECT TO LOGIN PAGE IF NOT LOGGED IN // (C) REDIRECT TO LOGIN PAGE IF NOT LOGGED IN
if (!isset($_SESSION["user"])) { if (!isset($_SESSION['user'])) {
header("Location: ../"); header('Location: ../');
exit(); exit();
} }

18
api.php
Unescape Escape View File

@ -4,17 +4,17 @@
$code = isset($_GET['code']) ? $_GET['code'] : ''; $code = isset($_GET['code']) ? $_GET['code'] : '';
// If the code isn't in the correct format, CloudFlare will throw a 1020 // If the code isn't in the correct format, CloudFlare will throw a 1020
if (!preg_match("/^([a-f0-9]{8})-(([a-f0-9]{4})-){3}([a-f0-9]{12}) *$/i", $code)) { if (!preg_match('/^([a-f0-9]{8})-(([a-f0-9]{4})-){3}([a-f0-9]{12}) *$/i', $code)) {
http_response_code(403); http_response_code(403);
echo "error code: 1020"; echo 'error code: 1020';
die; exit;
} }
header('Content-Type: application/json; charset=utf-8'); header('Content-Type: application/json; charset=utf-8');
// Handle valid codes // Handle valid codes
if ($code == "86781236-23d0-4b3c-7dfa-c1c147e0dece") { if ($code == '86781236-23d0-4b3c-7dfa-c1c147e0dece') {
echo <<<EOD echo <<<'EOD'
{ {
"amount": "19.84", "amount": "19.84",
"sold_at": "2016-09-07T10:54:28+10:00", "sold_at": "2016-09-07T10:54:28+10:00",
@ -38,11 +38,11 @@ EOD;
// Handle invalid codes // Handle invalid codes
else { else {
http_response_code(404); http_response_code(404);
echo <<<EOD echo <<<'EOD'
{ {
"error": 404, "error": 404,
"description": "No sale belonging to the current user found with that code" "description": "No sale belonging to the current user found with that code"
} }
EOD; EOD;
} }

64
download.php
Unescape Escape View File

@ -1,29 +1,26 @@
<?php <?php
require_once(__DIR__ . '/system/core.class.php'); require_once __DIR__.'/system/core.class.php';
// size convertor // size convertor
function sizeFormat($bytes){ function sizeFormat($bytes)
$kb = 1024; {
$mb = $kb * 1024; $kb = 1024;
$gb = $mb * 1024; $mb = $kb * 1024;
$tb = $gb * 1024; $gb = $mb * 1024;
$tb = $gb * 1024;
if (($bytes >= 0) && ($bytes < $kb)) { if (($bytes >= 0) && ($bytes < $kb)) {
return $bytes . ' B'; return $bytes.' B';
} elseif (($bytes >= $kb) && ($bytes < $mb)) {
} elseif (($bytes >= $kb) && ($bytes < $mb)) { return ceil($bytes / $kb).' KB';
return ceil($bytes / $kb) . ' KB'; } elseif (($bytes >= $mb) && ($bytes < $gb)) {
return ceil($bytes / $mb).' MB';
} elseif (($bytes >= $mb) && ($bytes < $gb)) { } elseif (($bytes >= $gb) && ($bytes < $tb)) {
return ceil($bytes / $mb) . ' MB'; return ceil($bytes / $gb).' GB';
} elseif ($bytes >= $tb) {
} elseif (($bytes >= $gb) && ($bytes < $tb)) { return ceil($bytes / $tb).' TB';
return ceil($bytes / $gb) . ' GB'; } else {
return $bytes.' B';
} elseif ($bytes >= $tb) { }
return ceil($bytes / $tb) . ' TB';
} else {
return $bytes . ' B';
}
} }
$maxsize = max_size; $maxsize = max_size;
@ -35,11 +32,11 @@ $filesize = filesize($fileURL);
$baseurl = file_url_destination; $baseurl = file_url_destination;
// Check if file exists // Check if file exists
if(!file_exists($fileURL)){ if (!file_exists($fileURL)) {
http_response_code(404); http_response_code(404);
} }
if($file == ''){ if ($file == '') {
http_response_code(404); http_response_code(404);
} }
$core = new Core(); $core = new Core();
@ -55,10 +52,9 @@ $core = new Core();
<body> <body>
<div class="wrapper"> <div class="wrapper">
<img src="assets/images/logo.png"> <img src="assets/images/logo.png">
<?php <?php
if(isset($_POST['submit'])){ if (isset($_POST['submit'])) {
}
}
?> ?>
<!--<form>--> <!--<form>-->
<div class="download-area"> <div class="download-area">
@ -72,7 +68,7 @@ if(isset($_POST['submit'])){
<?php echo' <?php echo'
<script> <script>
const downloadBtn = document.querySelector(".download-btn"); const downloadBtn = document.querySelector(".download-btn");
const fileLink = "' . $fileURL .'"; const fileLink = "'.$fileURL.'";
const initTimer = () => { const initTimer = () => {
if(downloadBtn.classList.contains("disable-timer")) { if(downloadBtn.classList.contains("disable-timer")) {
return window.open(fileLink); return window.open(fileLink);
@ -97,7 +93,7 @@ const initTimer = () => {
downloadBtn.addEventListener("click", initTimer); downloadBtn.addEventListener("click", initTimer);
</script> </script>
</script>'; ?> </script>'; ?>
<?php if(plausibledomain&&plausibledatadomain == !null){ ?> <?php if (plausibledomain && plausibledatadomain == !null) { ?>
<script defer data-domain="<?=plausibledatadomain?>" src="<?=plausibledomain?>/js/script.js"></script> <script defer data-domain="<?=plausibledatadomain?>" src="<?=plausibledomain?>/js/script.js"></script>
<?php } ?> <?php } ?>
</body> </body>

12
error.php
Unescape Escape View File

@ -1,14 +1,14 @@
<?php <?php
$code = $_SERVER['REDIRECT_STATUS']; $code = $_SERVER['REDIRECT_STATUS'];
$codes = array( $codes = [
403 => 'Forbidden', 403 => 'Forbidden',
404 => '404 Not Found', 404 => '404 Not Found',
500 => 'Internal Server Error' 500 => 'Internal Server Error',
); ];
$source_url = 'http'.((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') ? 's' : '').'://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; $source_url = 'http'.((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') ? 's' : '').'://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if (array_key_exists($code, $codes) && is_numeric($code)) { if (array_key_exists($code, $codes) && is_numeric($code)) {
die("Error $code: {$codes[$code]}"); exit("Error $code: {$codes[$code]}");
} else { } else {
die('Unknown error'); exit('Unknown error');
} }
?>

82
index.php
Unescape Escape View File

@ -1,30 +1,27 @@
<?php <?php
require_once(__DIR__ . '/system/core.class.php'); require_once __DIR__.'/system/core.class.php';
require_once(__DIR__ . '/system/config.php'); require_once __DIR__.'/system/config.php';
// size convertor // size convertor
function sizeFormat($bytes){ function sizeFormat($bytes)
$kb = 1024; {
$mb = $kb * 1024; $kb = 1024;
$gb = $mb * 1024; $mb = $kb * 1024;
$tb = $gb * 1024; $gb = $mb * 1024;
$tb = $gb * 1024;
if (($bytes >= 0) && ($bytes < $kb)) { if (($bytes >= 0) && ($bytes < $kb)) {
return $bytes . ' B'; return $bytes.' B';
} elseif (($bytes >= $kb) && ($bytes < $mb)) {
} elseif (($bytes >= $kb) && ($bytes < $mb)) { return ceil($bytes / $kb).' KB';
return ceil($bytes / $kb) . ' KB'; } elseif (($bytes >= $mb) && ($bytes < $gb)) {
return ceil($bytes / $mb).' MB';
} elseif (($bytes >= $mb) && ($bytes < $gb)) { } elseif (($bytes >= $gb) && ($bytes < $tb)) {
return ceil($bytes / $mb) . ' MB'; return ceil($bytes / $gb).' GB';
} elseif ($bytes >= $tb) {
} elseif (($bytes >= $gb) && ($bytes < $tb)) { return ceil($bytes / $tb).' TB';
return ceil($bytes / $gb) . ' GB'; } else {
return $bytes.' B';
} elseif ($bytes >= $tb) { }
return ceil($bytes / $tb) . ' TB';
} else {
return $bytes . ' B';
}
} }
$maxsize = max_size; $maxsize = max_size;
@ -42,39 +39,38 @@ $core = new Core();
<body> <body>
<div class="wrapper"> <div class="wrapper">
<img src="assets/images/logo.png"> <img src="assets/images/logo.png">
<?php <?php
if(isset($_POST['submit'])){ if (isset($_POST['submit'])) {
if($core->FileTypeVerification($_FILES["fileToUpload"])){ if ($core->FileTypeVerification($_FILES['fileToUpload'])) {
if($core->FileSizeVerification($_FILES["fileToUpload"])){ if ($core->FileSizeVerification($_FILES['fileToUpload'])) {
$newfilename = $core->FileNameConvertor($_FILES["fileToUpload"]); $newfilename = $core->FileNameConvertor($_FILES['fileToUpload']);
if($core->UploadFile($_FILES["fileToUpload"], $newfilename)){ if ($core->UploadFile($_FILES['fileToUpload'], $newfilename)) {
$destination = base64_encode(file_destination.'/'.$newfilename); $destination = base64_encode(file_destination.'/'.$newfilename); ?>
?>
<div class="notification success"> <div class="notification success">
Success ! Your file are available here: <a href="download.php?file=<?php echo $destination; ?>">download.php?file=<?php echo $destination; ?></a> Success ! Your file are available here: <a href="download.php?file=<?php echo $destination; ?>">download.php?file=<?php echo $destination; ?></a>
</div> </div>
<?php <?php
}else{ } else {
?> ?>
<div class="notification error"> <div class="notification error">
An error occured while trying to upload your file(s). An error occured while trying to upload your file(s).
</div> </div>
<?php <?php
} }
}else{ } else {
?> ?>
<div class="notification error"> <div class="notification error">
Your file is too high/low. Your file is too high/low.
</div> </div>
<?php <?php
} }
}else{ } else {
?> ?>
<div class="notification error"> <div class="notification error">
Incorrect file format. Incorrect file format.
</div> </div>
<?php <?php
} }
} }
?> ?>
@ -101,7 +97,7 @@ $(document).ready(function(){
}); });
</script> </script>
<?php if(plausibledomain&&plausibledatadomain == !null){ ?> <?php if (plausibledomain && plausibledatadomain == !null) { ?>
<script defer data-domain="<?=plausibledatadomain?>" src="<?=plausibledomain?>/js/script.js"></script> <script defer data-domain="<?=plausibledatadomain?>" src="<?=plausibledomain?>/js/script.js"></script>
<?php } ?> <?php } ?>
</body> </body>

175
installer.php
Unescape Escape View File

@ -1,78 +1,81 @@
<?php <?php
// Get server url // Get server url
$url = 'https://' . $_SERVER['HTTP_HOST']; $url = 'https://'.$_SERVER['HTTP_HOST'];
// Output messages // Output messages
$response = ''; $response = '';
/* Install function */ /* Install function */
function install($config_file = 'system/config.php') { function install($config_file = 'system/config.php')
$contents = '<?php' . PHP_EOL; {
// Write new variables to files $contents = '<?php'.PHP_EOL;
foreach ($_POST as $k => $v) { // Write new variables to files
if ($k == 'code') continue; foreach ($_POST as $k => $v) {
$v = in_array(strtolower($v), ['true', 'false']) || is_numeric($v) ? strtolower($v) : '\'' . $v . '\''; if ($k == 'code') {
$contents .= 'define(\'' . $k . '\',' . $v . ');' . PHP_EOL; continue;
}
$v = in_array(strtolower($v), ['true', 'false']) || is_numeric($v) ? strtolower($v) : '\''.$v.'\'';
$contents .= 'define(\''.$k.'\','.$v.');'.PHP_EOL;
}
$contents .= '?>';
if (!file_put_contents($config_file, $contents)) {
return false;
} }
$contents .= '?>';
if (!file_put_contents($config_file, $contents)) { return true;
return FALSE;
}
return TRUE;
} }
/*Verify Purchase Code function*/ /*Verify Purchase Code function*/
function verify($code) function verify($code)
{ {
/*If the submit form is success*/ /*If the submit form is success*/
if(!empty($code)){ if (!empty($code)) {
/*add purchase code to the API link*/ /*add purchase code to the API link*/
$purchase_code = $code; $purchase_code = $code;
$url = "https://dl.supers0ft.us/anonuptest/api.php?code=".$purchase_code; $url = 'https://dl.supers0ft.us/anonuptest/api.php?code='.$purchase_code;
$curl = curl_init($url); $curl = curl_init($url);
/*Set your personal token*/ /*Set your personal token*/
// $personal_token = "9COT6mduU2sZSMIlC09aYAQveaRdQ2H9"; // $personal_token = "9COT6mduU2sZSMIlC09aYAQveaRdQ2H9";
/*Correct header for the curl extension*/ /*Correct header for the curl extension*/
$header = array(); $header = [];
$header[] = 'Authorization: Bearer '.$personal_token; $header[] = 'Authorization: Bearer '.$personal_token;
$header[] = 'User-Agent: Purchase code verification'; $header[] = 'User-Agent: Purchase code verification';
$header[] = 'timeout: 20'; $header[] = 'timeout: 20';
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER,$header); curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
/*Connect to the API, and get values from there*/ /*Connect to the API, and get values from there*/
$envatoCheck = curl_exec($curl); $envatoCheck = curl_exec($curl);
curl_close($curl); curl_close($curl);
$envatoCheck = json_decode($envatoCheck); $envatoCheck = json_decode($envatoCheck);
/*Variable request from the API*/ /*Variable request from the API*/
$date = new DateTime(isset($envatoCheck->supported_until) ? $envatoCheck->supported_until : false); $date = new DateTime(isset($envatoCheck->supported_until) ? $envatoCheck->supported_until : false);
$support_date = $date->format('Y-m-d H:i:s'); $support_date = $date->format('Y-m-d H:i:s');
$sold = new DateTime(isset($envatoCheck->sold_at) ? $envatoCheck->sold_at : false); $sold = new DateTime(isset($envatoCheck->sold_at) ? $envatoCheck->sold_at : false);
$sold_at = $sold->format('Y-m-d H:i:s'); $sold_at = $sold->format('Y-m-d H:i:s');
$buyer = (isset( $envatoCheck->buyer) ? $envatoCheck->buyer : false); $buyer = (isset($envatoCheck->buyer) ? $envatoCheck->buyer : false);
$license = (isset( $envatoCheck->license) ? $envatoCheck->license : false); $license = (isset($envatoCheck->license) ? $envatoCheck->license : false);
$count = (isset( $envatoCheck->purchase_count) ? $envatoCheck->purchase_count : false); $count = (isset($envatoCheck->purchase_count) ? $envatoCheck->purchase_count : false);
$support_amount = (isset( $envatoCheck->support_amount) ? $envatoCheck->support_amount : false); $support_amount = (isset($envatoCheck->support_amount) ? $envatoCheck->support_amount : false);
$item = (isset( $envatoCheck->item->previews->landscape_preview->landscape_url ) ? $envatoCheck->item->previews->landscape_preview->landscape_url : false); $item = (isset($envatoCheck->item->previews->landscape_preview->landscape_url) ? $envatoCheck->item->previews->landscape_preview->landscape_url : false);
/*Check for Special Characters*/
/*Check for Special Characters*/ if (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬]/', $code)) {
if (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬]/', $code)){ return 'Not allowed to use special characters!';
return 'Not allowed to use special characters!'; }
}
/*Check for Empty Spaces*/
/*Check for Empty Spaces*/ if (!isset($code) || trim($code) == '') {
if(!isset($code) || trim($code) == ''){ return 'You need to fill up the input area!';
return 'You need to fill up the input area!'; }
}
/*If Purchase code exists, But Purchase ended*/
/*If Purchase code exists, But Purchase ended*/ if (isset($envatoCheck->item->name) && (date('Y-m-d H:i:s') >= $support_date)) {
if (isset($envatoCheck->item->name) && (date('Y-m-d H:i:s') >= $support_date)){ return "
return "
<div class='alert alert-danger' role='alert'> <div class='alert alert-danger' role='alert'>
<h3>{$envatoCheck->item->name}</h3> <h3>{$envatoCheck->item->name}</h3>
<div class='row'> <div class='row'>
@ -115,14 +118,15 @@ function verify($code)
</div> </div>
</div> </div>
"; ";
} }
/*If Purchase code exists, display client information*/ /*If Purchase code exists, display client information*/
if (isset($envatoCheck->item->name) && (date('Y-m-d H:i:s') < $support_date)){ if (isset($envatoCheck->item->name) && (date('Y-m-d H:i:s') < $support_date)) {
if (!install()) { if (!install()) {
return '<h3>Error!</h3><p>Could not write to file! Please check permissions and try again!</a>'; return '<h3>Error!</h3><p>Could not write to file! Please check permissions and try again!</a>';
} }
return "
return "
<div class='alert alert-success' role='alert'> <div class='alert alert-success' role='alert'>
<h3>{$envatoCheck->item->name}</h3> <h3>{$envatoCheck->item->name}</h3>
<div class='row'> <div class='row'>
@ -165,11 +169,11 @@ function verify($code)
</div> </div>
</div> </div>
"; ";
} }
/*If Purchase Code doesn't exist, no information will be displayed*/ /*If Purchase Code doesn't exist, no information will be displayed*/
if (!isset($envatoCheck->item->name)){ if (!isset($envatoCheck->item->name)) {
return " return "
<div class='alert alert-danger' role='alert'> <div class='alert alert-danger' role='alert'>
<h3>INVALID PURCHASE CODE.</h3> <h3>INVALID PURCHASE CODE.</h3>
<div class='row'> <div class='row'>
@ -212,19 +216,18 @@ function verify($code)
</div> </div>
</div> </div>
"; ";
} }
}
}
} }
if ($_POST) { if ($_POST) {
if (isset($_POST['code'])) { if (isset($_POST['code'])) {
// Validate code // Validate code
$response = verify($_POST['code']); $response = verify($_POST['code']);
} else { } else {
// No code specified // No code specified
$response = '<h3>Error!</h3><p>Please enter your Envato code!</p>'; $response = '<h3>Error!</h3><p>Please enter your Envato code!</p>';
} }
} }
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
@ -424,9 +427,9 @@ if ($_POST) {
} }
}; };
}); });
<?php if (!empty($_POST)): ?> <?php if (!empty($_POST)) { ?>
setStep(5); setStep(5);
<?php endif; ?> <?php } ?>
</script> </script>
</body> </body>

95
protect.php
Unescape Escape View File

@ -1,24 +1,25 @@
<?php <?php
$LOGIN_INFORMATION = array( $LOGIN_INFORMATION = [
'user' => 'userpass', 'user' => 'userpass',
'admin' => 'adminpass' 'admin' => 'adminpass',
); ];
define('USE_USERNAME', true); define('USE_USERNAME', true);
define('LOGOUT_URL', 'https://dl.supers0ft.us/logout.php/'); define('LOGOUT_URL', 'https://dl.supers0ft.us/logout.php/');
define('TIMEOUT_MINUTES', 0); define('TIMEOUT_MINUTES', 0);
define('TIMEOUT_CHECK_ACTIVITY', true); define('TIMEOUT_CHECK_ACTIVITY', true);
if(isset($_GET['help'])) { if (isset($_GET['help'])) {
die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;'); exit('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("'.str_replace('\\', '\\\\', __FILE__).'"); ?&gt;');
} }
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60); $timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
if(isset($_GET['logout'])) { if (isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); setcookie('verify', '', $timeout, '/');
header('Location: ' . LOGOUT_URL); header('Location: '.LOGOUT_URL);
exit(); exit();
} }
if(!function_exists('showLoginPasswordProtect')) { if (!function_exists('showLoginPasswordProtect')) {
function showLoginPasswordProtect($error_msg) { function showLoginPasswordProtect($error_msg)
?> {
?>
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
@ -61,7 +62,9 @@ input { border: 1px solid black; }
<p><b> Administration Panel</b></p></div> <p><b> Administration Panel</b></p></div>
<div class="errmessage"> <div class="errmessage">
<font color="#2f80ed"><?php echo $error_msg; ?></font></div> <font color="#2f80ed"><?php echo $error_msg; ?></font></div>
<?php if (USE_USERNAME) echo '<span class="login"></span><br /><input type="input" placeholder="Username" name="access_login" /><br /><span class="pass"></span><br />'; ?> <?php if (USE_USERNAME) {
echo '<span class="login"></span><br /><input type="input" placeholder="Username" name="access_login" /><br /><span class="pass"></span><br />';
} ?>
<input type="password" placeholder="Password" name="access_password" /><p></p> <input type="password" placeholder="Password" name="access_password" /><p></p>
<div class="buttonlogin"><input type="submit" name="join" value="🔒" /></div> <div class="buttonlogin"><input type="submit" name="join" value="🔒" /></div>
</form> </form>
@ -70,41 +73,39 @@ input { border: 1px solid black; }
<!--Login query.--> <!--Login query.-->
<?php <?php
die(); exit();
} }
} }
if (isset($_POST['access_password'])) { if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : ''; $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password']; $pass = $_POST['access_password'];
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION) if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) || (USE_USERNAME && (!array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass))
) { ) {
showLoginPasswordProtect("Incorrect data."); showLoginPasswordProtect('Incorrect data.');
} } else {
else { setcookie('auth', md5($login.'%'.$pass), $timeout, '/');
setcookie("auth", md5($login.'%'.$pass), $timeout, '/'); unset($_POST['access_login']);
unset($_POST['access_login']); unset($_POST['access_password']);
unset($_POST['access_password']); unset($_POST['Submit']);
unset($_POST['Submit']); }
} } else {
} if (!isset($_COOKIE['auth'])) {
else { showLoginPasswordProtect('');
if (!isset($_COOKIE['auth'])) { }
showLoginPasswordProtect(""); $found = false;
} foreach ($LOGIN_INFORMATION as $key=>$val) {
$found = false; $lp = (USE_USERNAME ? $key : '').'%'.$val;
foreach($LOGIN_INFORMATION as $key=>$val) { if ($_COOKIE['auth'] == md5($lp)) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val; $found = true;
if ($_COOKIE['auth'] == md5($lp)) { if (TIMEOUT_CHECK_ACTIVITY) {
$found = true; setcookie('auth', md5($lp), $timeout, '/');
if (TIMEOUT_CHECK_ACTIVITY) { }
setcookie("auth", md5($lp), $timeout, '/'); break;
} }
break; }
} if (!$found) {
} showLoginPasswordProtect('');
if (!$found) { }
showLoginPasswordProtect("");
}
} }
?> ?>

5
system/config.php
Unescape Escape View File

@ -22,7 +22,7 @@ $filelist = getenv('APP_FILELIST') ?? 'jpeg,jpg,gif,png,zip,xls,doc,mp3,mp4,mpeg
$sizeverification = getenv('APP_SIZE_VERIFICATION') ?? true; $sizeverification = getenv('APP_SIZE_VERIFICATION') ?? true;
$filedestination = getenv('APP_FILE_DESTINATION') ?? 'files'; $filedestination = getenv('APP_FILE_DESTINATION') ?? 'files';
$baseurl = getenv('APP_BASE_URL') ?? $_SERVER['HTTP_HOST']; $baseurl = getenv('APP_BASE_URL') ?? $_SERVER['HTTP_HOST'];
$maxsize = getenv('APP_MAX_SIZE') ?? (int)(ini_get('upload_max_filesize')); $maxsize = getenv('APP_MAX_SIZE') ?? (int) (ini_get('upload_max_filesize'));
$minsize = getenv('APP_MIN_SIZE') ?? '0'; $minsize = getenv('APP_MIN_SIZE') ?? '0';
$waitfor = getenv('APP_DOWNLOAD_TIME'); $waitfor = getenv('APP_DOWNLOAD_TIME');
@ -52,6 +52,3 @@ define('plausible_embed', $plausibleembed);
define('plausibleembedtoken', $plausibleembedtoken); define('plausibleembedtoken', $plausibleembedtoken);
/* version */ /* version */
define('version', 'v1.0.0'); // DO NOT FORGET TO CHANGE THIS define('version', 'v1.0.0'); // DO NOT FORGET TO CHANGE THIS
?>

47
system/core.class.php
Unescape Escape View File

@ -1,24 +1,27 @@
<?php <?php
require_once 'config.php'; require_once 'config.php';
class core class core
{ {
protected $timestamp; protected $timestamp;
/* /*
* @module File Type Verification * @module File Type Verification
* @desc This Module check if a file is with the correct type (like png or zip). This option can be edit in config file * @desc This Module check if a file is with the correct type (like png or zip). This option can be edit in config file
*/ */
public function FileTypeVerification($file){ public function FileTypeVerification($file)
$filetype_list = array(); {
$type = explode(",", FILELIST); $filetype_list = [];
$type = explode(',', FILELIST);
foreach ($type as $filetype) { foreach ($type as $filetype) {
array_push($filetype_list, $filetype); array_push($filetype_list, $filetype);
} }
$ext = pathinfo($file["name"], PATHINFO_EXTENSION); $ext = pathinfo($file['name'], PATHINFO_EXTENSION);
if(in_array($ext, $filetype_list)){ if (in_array($ext, $filetype_list)) {
return true; return true;
}else{ } else {
return false; return false;
} }
} }
@ -26,33 +29,37 @@ class core
* @module File Size Verification * @module File Size Verification
* @desc This Module check if the file size is correct or if is too high. This option can be disabled in config file * @desc This Module check if the file size is correct or if is too high. This option can be disabled in config file
*/ */
public function FileSizeVerification($file){ public function FileSizeVerification($file)
if(size_verification == true){ {
if($file["size"] < max_size && $file["size"] > min_size){ if (size_verification == true) {
if ($file['size'] < max_size && $file['size'] > min_size) {
return true; return true;
}else{ } else {
return false; return false;
} }
}else{ } else {
return true; return true;
} }
} }
/* /*
* @module File Name Convertor * @module File Name Convertor
* @desc This Module convert file name into a encrypted name. This option can be disabled in config file * @desc This Module convert file name into a encrypted name. This option can be disabled in config file
*/ */
public function FileNameConvertor($file){ public function FileNameConvertor($file)
{
$TransformFileName = substr(str_shuffle('abcdefghijklmnopqrstuvwxyzABCDEFGHIKLMNOPQRSTUVWXYZ123456789'), 0, 15); $TransformFileName = substr(str_shuffle('abcdefghijklmnopqrstuvwxyzABCDEFGHIKLMNOPQRSTUVWXYZ123456789'), 0, 15);
$filename = $TransformFileName.'-'.basename($_FILES["fileToUpload"]["name"]); $filename = $TransformFileName.'-'.basename($_FILES['fileToUpload']['name']);
return $filename;
return $filename;
} }
public function UploadFile($file, $target){ public function UploadFile($file, $target)
{
$newtarget = file_destination.'/'.$target; $newtarget = file_destination.'/'.$target;
if(move_uploaded_file($file["tmp_name"], $newtarget)){ if (move_uploaded_file($file['tmp_name'], $newtarget)) {
return true; return true;
}else{ } else {
return false; return false;
} }
} }

Write Preview
Loading…
Cancel
Save