diff options
| -rwxr-xr-x | admin/index.php | 6 | ||||
| -rwxr-xr-x | admin/uploads/index.php | 186 | ||||
| -rwxr-xr-x | data/files.json | 1 | ||||
| -rwxr-xr-x[-rw-r--r--] | data/general.json | 0 | ||||
| -rw-r--r-- | file/index.php | 41 | ||||
| -rwxr-xr-x | includes/admin/navigation.php | 108 | ||||
| -rwxr-xr-x | includes/gui/header.php | 4 |
7 files changed, 340 insertions, 6 deletions
diff --git a/admin/index.php b/admin/index.php index 7722af8..942db44 100755 --- a/admin/index.php +++ b/admin/index.php @@ -19,7 +19,7 @@ <div class="card"> <div class="card-body"> <h4 class="card-title">File Uploader</h4> - <p class="card-text">Encrypted, secure and fast file uploader.</p> + <p class="card-text">Extensible, secure and fast file uploader.</p> <a href="/admin/uploads" class="btn btn-primary disabled">Manage</a> </div> </div> @@ -56,13 +56,13 @@ <div class="card-body"> <h4 class="card-title">Software Updates</h4> <p class="card-text">Ensure this version of the website is up-to-date.</p> - <a href="/admin/updates" class="btn btn-primary disabled">Manage</a> + <a href="https://ci.minteck.org/project/CloudburstSystemSWebsite?mode=builds" class="btn btn-primary" target="_blank">Manage ➚</a> </div> </div> </div> </div> - <p>This website is managed by <?php $admins = json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/data/admins.json"), true); foreach ($admins as $index => $item): ?><b><?= $item ?></b><?php if ($item === $_USER): ?> (you)<?php endif; ?><?php if ($index !== count($admins) - 1): ?><?php if ($index + 1 === count($admins) - 1): ?> and <?php else: ?>, <?php endif; ?><?php endif; ?><?php endforeach; ?> (<a href="/admin/users">edit...</a>) and updated through <a href="https://ci.minteck.org/project/CloudburstSystemSWebsite?mode=builds" target="_blank">Minteck's TeamCity instance</a></p> + <p>This website is managed by <?php $admins = json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/data/admins.json"), true); foreach ($admins as $index => $item): ?><b><?= $item ?></b><?php if ($item === $_USER): ?> (you)<?php endif; ?><?php if ($index !== count($admins) - 1): ?><?php if ($index + 1 === count($admins) - 1): ?> and <?php else: ?>, <?php endif; ?><?php endif; ?><?php endforeach; ?> (<a href="/admin/users">edit...</a>)</p> <p class="small text-muted">powered by Pawer Technologies</p> </div> diff --git a/admin/uploads/index.php b/admin/uploads/index.php new file mode 100755 index 0000000..2990933 --- /dev/null +++ b/admin/uploads/index.php @@ -0,0 +1,186 @@ +<?php require_once $_SERVER["DOCUMENT_ROOT"] . "/includes/admin/session.php"; global $_USER; ?> +<?php + +$projects = json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json"), true); + +/** + * @throws Exception + */ +function uuid($data = null) { + $data = $data ?? random_bytes(16); + assert(strlen($data) == 16); + + $data[6] = chr(ord($data[6]) & 0x0f | 0x40); + $data[8] = chr(ord($data[8]) & 0x3f | 0x80); + + return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4)); +} + + +if (isset($_GET['submit'])) { + if (isset($_GET['upload'])) { + try { + $fileId = uuid(); + } catch (Exception $e) { + die(); + } + + if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/uploads")) { + mkdir($_SERVER['DOCUMENT_ROOT'] . "/data/uploads"); + } + + $target_dir = $_SERVER['DOCUMENT_ROOT'] . "/data/uploads/"; + $target_file = $target_dir . $fileId; + + $file = $_FILES["add-file"]; + + if ($_FILES["add-file"]["error"] !== 0) { + header("Location: /admin/uploads"); + die(); + } + + rename($_FILES["add-file"]["tmp_name"], $target_file); + $projects[] = [ + "name" => $_FILES["add-file"]["name"], + "uuid" => $fileId, + "size" => $_FILES["add-file"]["size"] + ]; + file_put_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json", json_encode($projects)); + + header("Location: /admin/uploads"); + die(); + } + + if (isset($_GET["delete-project"])) { + if (isset($projects[(int)$_GET["delete-project"]])) { + unlink($_SERVER['DOCUMENT_ROOT'] . "/data/uploads/" . $projects[(int)$_GET["delete-project"]]['uuid']); + unset($projects[(int)$_GET["delete-project"]]); + file_put_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json", json_encode($projects, JSON_PRETTY_PRINT)); + header("Location: /admin/uploads"); + die(); + } + } + + if (isset($_GET["edit-project"]) && isset($_GET["edit-project-name"])) { + if (isset($projects[(int)$_GET["edit-project"]])) { + $projects[(int)$_GET["edit-project"]]["name"] = $_GET["edit-project-name"]; + file_put_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json", json_encode($projects, JSON_PRETTY_PRINT)); + header("Location: /admin/uploads"); + die(); + } + } +} + +?> +<?php require_once $_SERVER["DOCUMENT_ROOT"] . "/includes/admin/header.php"; ?> + +<br> +<div class="container"> + <?php if (isset($_GET['change']) && isset($_GET['edit-project']) && isset($projects[(int)$_GET["edit-project"]])): $project = $projects[(int)$_GET["edit-project"]]; ?> + + <h1>Edit <b><?= $project["name"] ?></b><br><span class="small"><span class="small"><span class="small">(<code><?= $project["uuid"] ?></code>)</span></span></span></h1> + + <br> + + <form style="display: inline-block;"> + <p> + File Name:<br> + <input name="edit-project-name" class="form-control" type="text" value="<?= $project["name"] ?>"> + </p> + <input name="submit" type="hidden"> + <input name="edit-project" type="hidden" value="<?= (int)$_GET["edit-project"] ?>"> + <button type="submit" class="btn btn-primary">Save and apply changes</button> + </form> + <form style="margin-top: 5px;"> + <input name="submit" type="hidden"> + <input name="delete-project" type="hidden" value="<?= (int)$_GET["edit-project"] ?>"> + <button type="submit" class="btn btn-danger">Delete</button> + </form> + + <?php else: ?> + <h1>File Uploads</h1> + <p>Files added to this list are publicly accessible from their URL.</p> + + <ul class="list-group"> + <?php foreach (json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json"), true) as $index => $project): ?> + <li class="list-group-item"> + <span style="vertical-align: middle;padding-top:10px;"> + <?= strip_tags($project["name"]) ?><span class="text-muted"> (<?php + + if ($project["size"] > 1024) { + if ($project["size"] > (1024**2)) { + echo(round($project["size"] / (1024**2), 1) . " MiB"); + } else { + echo(round($project["size"] / 1024, 1) . " kiB"); + } + } else { + echo($project["size"] . " bytes"); + } + + ?>)</span> + </span> + <form style="display:inline;float:right;"> + <a class="btn btn-primary" onclick="alert(`https://<?= $_SERVER['HTTP_HOST'] ?>/file/?<?= $project['uuid'] ?>`);">Show link</a> + </form> + <form style="display:inline;float:right;margin-right:10px;"> + <input name="edit-project" type="hidden" value="<?= $index ?>"> + <input name="change" type="hidden"> + <button type="submit" class="btn btn-primary">Edit/delete</button> + </form> + </li> + <?php endforeach; ?> + </ul> + <br> + + <button type="button" id="admin-add-s0" class="btn btn-outline-primary" onclick="document.getElementById('admin-add-s0').style.display='none';document.getElementById('admin-add-s1').style.display='';document.getElementById('admin-add-s2').focus();">Upload new file</button> + <div class="card" style="max-width:550px;display:none;" id="admin-add-s1"> + <form class="card-body" action="?submit=&upload=" method="post" enctype="multipart/form-data"> + <h4 class="card-title">Upload new file</h4> + <p>Once added, this file will be publicly accessible.</p> + <p> + <input id="admin-add-s2" name="add-file" type="file" class="form-control"> + </p> + <p>You are able to rename and delete the file after uploading it.</p> + <p class="small text-muted"> + <?php + + $max_upload = (int)(ini_get('upload_max_filesize')); + $max_post = (int)(ini_get('post_max_size')); + $memory_limit = (int)(ini_get('memory_limit')); + + if ($max_upload < $max_post && $max_upload < $memory_limit) { + $upload_mb = $max_upload; + $limit = "upload_max_filesize"; + } else if ($max_post < $max_upload && $max_post < $memory_limit) { + $upload_mb = $max_post; + $limit = "post_max_size"; + } else if ($memory_limit < $max_upload && $memory_limit < $max_post) { + $upload_mb = $memory_limit; + $limit = "memory_limit"; + } else { + $upload_mb = $max_upload; + $limit = "(config)"; + } + + echo("Upload limit: " . $upload_mb . " MB, limited by <code>$limit</code>"); + + ?> + </p> + <input name="submit" type="hidden"> + <button type="submit" class="btn btn-success">Upload</button> <button onclick="document.getElementById('admin-add-s1').style.display='none';document.getElementById('admin-add-s0').style.display='';" type="button" class="btn btn-outline-danger">Cancel</button> + </form> + </div> + <?php endif; ?> +</div> + +<style> + .project-icon { + border-radius: 999px; + width: 24px; + vertical-align: middle; + background: lightgray; + margin-right: 5px; + } +</style> + +<?php require_once $_SERVER["DOCUMENT_ROOT"] . "/includes/admin/footer.php"; ?>
\ No newline at end of file diff --git a/data/files.json b/data/files.json new file mode 100755 index 0000000..0637a08 --- /dev/null +++ b/data/files.json @@ -0,0 +1 @@ +[]
\ No newline at end of file diff --git a/data/general.json b/data/general.json index 5c53246..5c53246 100644..100755 --- a/data/general.json +++ b/data/general.json diff --git a/file/index.php b/file/index.php new file mode 100644 index 0000000..9b1f250 --- /dev/null +++ b/file/index.php @@ -0,0 +1,41 @@ +<?php + +$keys = array_keys($_GET); + +if (isset($keys[0])) { + $id = $keys[0]; +} else { + die(); +} + +if (str_contains($id, "/") || str_contains($id, ".")) { + die(); +} + +if (trim($id) === "") { + die(); +} + +$data = json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json"), true); + +$name = $id . ".bin"; +foreach ($data as $item) { + if ($item["uuid"] === $id) { + $name = $item["name"]; + } +} + +$file = $_SERVER['DOCUMENT_ROOT'] . "/data/uploads/" . $id; + +header('Content-Description: File Transfer'); +header('Content-Type: ' . mime_content_type($file)); +header('Content-Disposition: filename="' . $name . '"'); +header('Content-Transfer-Encoding: binary'); +header('Content-Length: ' . filesize($file)); +header('Expires: 0'); +header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); +header('Pragma: public'); +ob_clean(); +flush(); +readfile($file); +exit;
\ No newline at end of file diff --git a/includes/admin/navigation.php b/includes/admin/navigation.php index 23cc361..1fc5881 100755 --- a/includes/admin/navigation.php +++ b/includes/admin/navigation.php @@ -1,15 +1,24 @@ <nav class="navbar navbar-expand-sm bg-dark navbar-dark"> <div class="container-fluid"> - <a class="navbar-brand" href="/admin">Project Cloudsdale Admin Panel</a> + <a class="navbar-brand" href="/admin"> + <span class="nav-ultrasmall-1">Project Cloudsdale Admin Panel</span> + <span class="nav-ultrasmall-2">Panel</span> + </a> <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#collapsibleNavbar"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="collapsibleNavbar"> - <ul class="navbar-nav"> + <ul class="navbar-nav nav-big"> <li class="nav-item"> <a class="nav-link" href="/">← Go back to website</a> </li> <li class="nav-item"> + <a class="nav-link" href="/admin/general">General</a> + </li> + <li class="nav-item"> + <a class="nav-link" href="/admin/uploads">File Uploader</a> + </li> + <li class="nav-item"> <a class="nav-link" href="/admin/pluralkit">PluralKit</a> </li> <li class="nav-item"> @@ -21,7 +30,100 @@ <li class="nav-item"> <a class="nav-link" href="/admin/contact">Contact Info</a> </li> + <li class="nav-item"> + <a class="nav-link" href="https://ci.minteck.org/project/CloudburstSystemSWebsite?mode=builds" target="_blank">Software Updates ➚</a> + </li> + </ul> + <ul class="navbar-nav nav-small"> + <li class="nav-item"> + <a class="nav-link" href="/">←<span class="nav-supersmall"> Back</span></a> + </li> + <li class="nav-item"> + <a class="nav-link" href="/admin/general">Main</a> + </li> + <li class="nav-item"> + <a class="nav-link" href="/admin/uploads">Files</a> + </li> + <li class="nav-item"> + <a class="nav-link" href="/admin/pluralkit">PK</a> + </li> + <li class="nav-item"> + <a class="nav-link" href="/admin/users">Admins</a> + </li> + <li class="nav-item"> + <a class="nav-link" href="/admin/projects">Prj.</a> + </li> + <li class="nav-item"> + <a class="nav-link" href="/admin/contact">Info</a> + </li> + <li class="nav-item"> + <a class="nav-link" href="/admin/updates">Upd.➚</a> + </li> </ul> </div> </div> -</nav>
\ No newline at end of file +</nav> + +<style> + .nav-small, .nav-ultrasmall-2 { + display: none; + } + + @media (max-width: 1300px) { + .nav-small { + display: inherit; + } + + .nav-big { + display: none; + } + } + + @media (max-width: 760px) { + .nav-supersmall { + display: none; + } + } + + @media (max-width: 720px) { + .nav-ultrasmall-1 { + display: none; + } + + .nav-ultrasmall-2 { + display: inherit; + } + } + + @media (max-width: 575px) { + .nav-ultrasmall-1 { + display: inherit; + } + + .nav-ultrasmall-2 { + display: none; + } + + .nav-supersmall { + display: inherit; + } + + .nav-small { + display: none; + } + + .nav-big { + display: inherit; + } + } + + @media (max-width: 400px) { + .nav-ultrasmall-1 { + display: none; + } + + .nav-ultrasmall-2 { + display: inherit; + } + } +</style>
\ No newline at end of file diff --git a/includes/gui/header.php b/includes/gui/header.php index 0ca8765..7a85a55 100755 --- a/includes/gui/header.php +++ b/includes/gui/header.php @@ -7,6 +7,10 @@ if (!file_exists($_SERVER["DOCUMENT_ROOT"] . "/data/general.json")) { ])); } +if (!file_exists($_SERVER["DOCUMENT_ROOT"] . "/data/files.json")) { + file_put_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json", json_encode([])); +} + if ($_SERVER['HTTP_HOST'] !== "conep.one" && $_SERVER['HTTP_HOST'] !== "www.conep.one" && $_SERVER['HTTP_HOST'] !== "localhost" && $_SERVER['HTTP_HOST'] !== "0.0.0.0") { header("Location: https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); die(); |