From f5d140a3ef6e34658f6a9a6cc58ee32d01427782 Mon Sep 17 00:00:00 2001
From: Minteck <contact@minteck.org>
Date: Tue, 12 Apr 2022 16:22:44 +0200
Subject: File uploader

---
 admin/index.php               |   6 +-
 admin/uploads/index.php       | 186 ++++++++++++++++++++++++++++++++++++++++++
 data/files.json               |   1 +
 data/general.json             |   0
 file/index.php                |  41 ++++++++++
 includes/admin/navigation.php | 108 +++++++++++++++++++++++-
 includes/gui/header.php       |   4 +
 7 files changed, 340 insertions(+), 6 deletions(-)
 create mode 100755 admin/uploads/index.php
 create mode 100755 data/files.json
 mode change 100644 => 100755 data/general.json
 create mode 100644 file/index.php

diff --git a/admin/index.php b/admin/index.php
index 7722af8..942db44 100755
--- a/admin/index.php
+++ b/admin/index.php
@@ -19,7 +19,7 @@
             <div class="card">
                 <div class="card-body">
                     <h4 class="card-title">File Uploader</h4>
-                    <p class="card-text">Encrypted, secure and fast file uploader.</p>
+                    <p class="card-text">Extensible, secure and fast file uploader.</p>
                     <a href="/admin/uploads" class="btn btn-primary disabled">Manage</a>
                 </div>
             </div>
@@ -56,13 +56,13 @@
                 <div class="card-body">
                     <h4 class="card-title">Software Updates</h4>
                     <p class="card-text">Ensure this version of the website is up-to-date.</p>
-                    <a href="/admin/updates" class="btn btn-primary disabled">Manage</a>
+                    <a href="https://ci.minteck.org/project/CloudburstSystemSWebsite?mode=builds" class="btn btn-primary" target="_blank">Manage &#10138;</a>
                 </div>
             </div>
         </div>
     </div>
 
-    <p>This website is managed by <?php $admins = json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/data/admins.json"), true); foreach ($admins as $index => $item): ?><b><?= $item ?></b><?php if ($item === $_USER): ?> (you)<?php endif; ?><?php if ($index !== count($admins) - 1): ?><?php if ($index + 1 === count($admins) - 1): ?> and <?php else: ?>, <?php endif; ?><?php endif; ?><?php endforeach; ?> (<a href="/admin/users">edit...</a>) and updated through <a href="https://ci.minteck.org/project/CloudburstSystemSWebsite?mode=builds" target="_blank">Minteck's TeamCity instance</a></p>
+    <p>This website is managed by <?php $admins = json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/data/admins.json"), true); foreach ($admins as $index => $item): ?><b><?= $item ?></b><?php if ($item === $_USER): ?> (you)<?php endif; ?><?php if ($index !== count($admins) - 1): ?><?php if ($index + 1 === count($admins) - 1): ?> and <?php else: ?>, <?php endif; ?><?php endif; ?><?php endforeach; ?> (<a href="/admin/users">edit...</a>)</p>
 
     <p class="small text-muted">powered by Pawer Technologies</p>
 </div>
diff --git a/admin/uploads/index.php b/admin/uploads/index.php
new file mode 100755
index 0000000..2990933
--- /dev/null
+++ b/admin/uploads/index.php
@@ -0,0 +1,186 @@
+<?php require_once $_SERVER["DOCUMENT_ROOT"] . "/includes/admin/session.php"; global $_USER; ?>
+<?php
+
+$projects = json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json"), true);
+
+/**
+ * @throws Exception
+ */
+function uuid($data = null) {
+    $data = $data ?? random_bytes(16);
+    assert(strlen($data) == 16);
+
+    $data[6] = chr(ord($data[6]) & 0x0f | 0x40);
+    $data[8] = chr(ord($data[8]) & 0x3f | 0x80);
+
+    return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
+}
+
+
+if (isset($_GET['submit'])) {
+    if (isset($_GET['upload'])) {
+        try {
+            $fileId = uuid();
+        } catch (Exception $e) {
+            die();
+        }
+
+        if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/uploads")) {
+            mkdir($_SERVER['DOCUMENT_ROOT'] . "/data/uploads");
+        }
+
+        $target_dir = $_SERVER['DOCUMENT_ROOT'] . "/data/uploads/";
+        $target_file = $target_dir . $fileId;
+
+        $file = $_FILES["add-file"];
+
+        if ($_FILES["add-file"]["error"] !== 0) {
+            header("Location: /admin/uploads");
+            die();
+        }
+
+        rename($_FILES["add-file"]["tmp_name"], $target_file);
+        $projects[] = [
+                "name" => $_FILES["add-file"]["name"],
+                "uuid" => $fileId,
+                "size" => $_FILES["add-file"]["size"]
+        ];
+        file_put_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json", json_encode($projects));
+
+        header("Location: /admin/uploads");
+        die();
+    }
+
+    if (isset($_GET["delete-project"])) {
+        if (isset($projects[(int)$_GET["delete-project"]])) {
+            unlink($_SERVER['DOCUMENT_ROOT'] . "/data/uploads/" . $projects[(int)$_GET["delete-project"]]['uuid']);
+            unset($projects[(int)$_GET["delete-project"]]);
+            file_put_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json", json_encode($projects, JSON_PRETTY_PRINT));
+            header("Location: /admin/uploads");
+            die();
+        }
+    }
+
+    if (isset($_GET["edit-project"]) && isset($_GET["edit-project-name"])) {
+        if (isset($projects[(int)$_GET["edit-project"]])) {
+            $projects[(int)$_GET["edit-project"]]["name"] = $_GET["edit-project-name"];
+            file_put_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json", json_encode($projects, JSON_PRETTY_PRINT));
+            header("Location: /admin/uploads");
+            die();
+        }
+    }
+}
+
+?>
+<?php require_once $_SERVER["DOCUMENT_ROOT"] . "/includes/admin/header.php"; ?>
+
+<br>
+<div class="container">
+    <?php if (isset($_GET['change']) && isset($_GET['edit-project']) && isset($projects[(int)$_GET["edit-project"]])): $project = $projects[(int)$_GET["edit-project"]]; ?>
+
+    <h1>Edit <b><?= $project["name"] ?></b><br><span class="small"><span class="small"><span class="small">(<code><?= $project["uuid"] ?></code>)</span></span></span></h1>
+
+    <br>
+
+    <form style="display: inline-block;">
+        <p>
+            File Name:<br>
+            <input name="edit-project-name" class="form-control" type="text" value="<?= $project["name"] ?>">
+        </p>
+        <input name="submit" type="hidden">
+        <input name="edit-project" type="hidden" value="<?= (int)$_GET["edit-project"] ?>">
+        <button type="submit" class="btn btn-primary">Save and apply changes</button>
+    </form>
+    <form style="margin-top: 5px;">
+            <input name="submit" type="hidden">
+            <input name="delete-project" type="hidden" value="<?= (int)$_GET["edit-project"] ?>">
+            <button type="submit" class="btn btn-danger">Delete</button>
+    </form>
+
+    <?php else: ?>
+    <h1>File Uploads</h1>
+    <p>Files added to this list are publicly accessible from their URL.</p>
+
+    <ul class="list-group">
+        <?php foreach (json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json"), true) as $index => $project): ?>
+        <li class="list-group-item">
+            <span style="vertical-align: middle;padding-top:10px;">
+                <?= strip_tags($project["name"]) ?><span class="text-muted"> (<?php
+
+                    if ($project["size"] > 1024) {
+                        if ($project["size"] > (1024**2)) {
+                            echo(round($project["size"] / (1024**2), 1) . " MiB");
+                        } else {
+                            echo(round($project["size"] / 1024, 1) . " kiB");
+                        }
+                    } else {
+                        echo($project["size"] . " bytes");
+                    }
+
+                    ?>)</span>
+            </span>
+            <form style="display:inline;float:right;">
+                <a class="btn btn-primary" onclick="alert(`https://<?= $_SERVER['HTTP_HOST'] ?>/file/?<?= $project['uuid'] ?>`);">Show link</a>
+            </form>
+            <form style="display:inline;float:right;margin-right:10px;">
+                <input name="edit-project" type="hidden" value="<?= $index ?>">
+                <input name="change" type="hidden">
+                <button type="submit" class="btn btn-primary">Edit/delete</button>
+            </form>
+        </li>
+        <?php endforeach; ?>
+    </ul>
+    <br>
+
+    <button type="button" id="admin-add-s0" class="btn btn-outline-primary" onclick="document.getElementById('admin-add-s0').style.display='none';document.getElementById('admin-add-s1').style.display='';document.getElementById('admin-add-s2').focus();">Upload new file</button>
+    <div class="card" style="max-width:550px;display:none;" id="admin-add-s1">
+        <form class="card-body" action="?submit=&upload=" method="post" enctype="multipart/form-data">
+            <h4 class="card-title">Upload new file</h4>
+            <p>Once added, this file will be publicly accessible.</p>
+            <p>
+                <input id="admin-add-s2" name="add-file" type="file" class="form-control">
+            </p>
+            <p>You are able to rename and delete the file after uploading it.</p>
+            <p class="small text-muted">
+                <?php
+
+                $max_upload = (int)(ini_get('upload_max_filesize'));
+                $max_post = (int)(ini_get('post_max_size'));
+                $memory_limit = (int)(ini_get('memory_limit'));
+
+                if ($max_upload < $max_post && $max_upload < $memory_limit) {
+                    $upload_mb = $max_upload;
+                    $limit = "upload_max_filesize";
+                } else if ($max_post < $max_upload && $max_post < $memory_limit) {
+                    $upload_mb = $max_post;
+                    $limit = "post_max_size";
+                } else if ($memory_limit < $max_upload && $memory_limit < $max_post) {
+                    $upload_mb = $memory_limit;
+                    $limit = "memory_limit";
+                } else {
+                    $upload_mb = $max_upload;
+                    $limit = "(config)";
+                }
+
+                echo("Upload limit: " . $upload_mb . " MB, limited by <code>$limit</code>");
+
+                ?>
+            </p>
+            <input name="submit" type="hidden">
+            <button type="submit" class="btn btn-success">Upload</button> <button onclick="document.getElementById('admin-add-s1').style.display='none';document.getElementById('admin-add-s0').style.display='';" type="button" class="btn btn-outline-danger">Cancel</button>
+        </form>
+    </div>
+    <?php endif; ?>
+</div>
+
+<style>
+    .project-icon {
+        border-radius: 999px;
+        width: 24px;
+        vertical-align: middle;
+        background: lightgray;
+        margin-right: 5px;
+    }
+</style>
+
+<?php require_once $_SERVER["DOCUMENT_ROOT"] . "/includes/admin/footer.php"; ?>
\ No newline at end of file
diff --git a/data/files.json b/data/files.json
new file mode 100755
index 0000000..0637a08
--- /dev/null
+++ b/data/files.json
@@ -0,0 +1 @@
+[]
\ No newline at end of file
diff --git a/data/general.json b/data/general.json
old mode 100644
new mode 100755
diff --git a/file/index.php b/file/index.php
new file mode 100644
index 0000000..9b1f250
--- /dev/null
+++ b/file/index.php
@@ -0,0 +1,41 @@
+<?php
+
+$keys = array_keys($_GET);
+
+if (isset($keys[0])) {
+    $id = $keys[0];
+} else {
+    die();
+}
+
+if (str_contains($id, "/") || str_contains($id, ".")) {
+    die();
+}
+
+if (trim($id) === "") {
+    die();
+}
+
+$data = json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json"), true);
+
+$name = $id . ".bin";
+foreach ($data as $item) {
+    if ($item["uuid"] === $id) {
+        $name = $item["name"];
+    }
+}
+
+$file = $_SERVER['DOCUMENT_ROOT'] . "/data/uploads/" . $id;
+
+header('Content-Description: File Transfer');
+header('Content-Type: ' . mime_content_type($file));
+header('Content-Disposition: filename="' . $name . '"');
+header('Content-Transfer-Encoding: binary');
+header('Content-Length: ' . filesize($file));
+header('Expires: 0');
+header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+header('Pragma: public');
+ob_clean();
+flush();
+readfile($file);
+exit;
\ No newline at end of file
diff --git a/includes/admin/navigation.php b/includes/admin/navigation.php
index 23cc361..1fc5881 100755
--- a/includes/admin/navigation.php
+++ b/includes/admin/navigation.php
@@ -1,14 +1,23 @@
 <nav class="navbar navbar-expand-sm bg-dark navbar-dark">
     <div class="container-fluid">
-        <a class="navbar-brand" href="/admin">Project Cloudsdale Admin Panel</a>
+        <a class="navbar-brand" href="/admin">
+            <span class="nav-ultrasmall-1">Project Cloudsdale Admin Panel</span>
+            <span class="nav-ultrasmall-2">Panel</span>
+        </a>
         <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#collapsibleNavbar">
             <span class="navbar-toggler-icon"></span>
         </button>
         <div class="collapse navbar-collapse" id="collapsibleNavbar">
-            <ul class="navbar-nav">
+            <ul class="navbar-nav nav-big">
                 <li class="nav-item">
                     <a class="nav-link" href="/">← Go back to website</a>
                 </li>
+                <li class="nav-item">
+                    <a class="nav-link" href="/admin/general">General</a>
+                </li>
+                <li class="nav-item">
+                    <a class="nav-link" href="/admin/uploads">File Uploader</a>
+                </li>
                 <li class="nav-item">
                     <a class="nav-link" href="/admin/pluralkit">PluralKit</a>
                 </li>
@@ -21,7 +30,100 @@
                 <li class="nav-item">
                     <a class="nav-link" href="/admin/contact">Contact Info</a>
                 </li>
+                <li class="nav-item">
+                    <a class="nav-link" href="https://ci.minteck.org/project/CloudburstSystemSWebsite?mode=builds" target="_blank">Software Updates &#10138;</a>
+                </li>
+            </ul>
+            <ul class="navbar-nav nav-small">
+                <li class="nav-item">
+                    <a class="nav-link" href="/">←<span class="nav-supersmall"> Back</span></a>
+                </li>
+                <li class="nav-item">
+                    <a class="nav-link" href="/admin/general">Main</a>
+                </li>
+                <li class="nav-item">
+                    <a class="nav-link" href="/admin/uploads">Files</a>
+                </li>
+                <li class="nav-item">
+                    <a class="nav-link" href="/admin/pluralkit">PK</a>
+                </li>
+                <li class="nav-item">
+                    <a class="nav-link" href="/admin/users">Admins</a>
+                </li>
+                <li class="nav-item">
+                    <a class="nav-link" href="/admin/projects">Prj.</a>
+                </li>
+                <li class="nav-item">
+                    <a class="nav-link" href="/admin/contact">Info</a>
+                </li>
+                <li class="nav-item">
+                    <a class="nav-link" href="/admin/updates">Upd.&#10138;</a>
+                </li>
             </ul>
         </div>
     </div>
-</nav>
\ No newline at end of file
+</nav>
+
+<style>
+    .nav-small, .nav-ultrasmall-2 {
+        display: none;
+    }
+
+    @media (max-width: 1300px) {
+        .nav-small {
+            display: inherit;
+        }
+
+        .nav-big {
+            display: none;
+        }
+    }
+
+    @media (max-width: 760px) {
+        .nav-supersmall {
+            display: none;
+        }
+    }
+
+    @media (max-width: 720px) {
+        .nav-ultrasmall-1 {
+            display: none;
+        }
+
+        .nav-ultrasmall-2 {
+            display: inherit;
+        }
+    }
+
+    @media (max-width: 575px) {
+        .nav-ultrasmall-1 {
+            display: inherit;
+        }
+
+        .nav-ultrasmall-2 {
+            display: none;
+        }
+
+        .nav-supersmall {
+            display: inherit;
+        }
+
+        .nav-small {
+            display: none;
+        }
+
+        .nav-big {
+            display: inherit;
+        }
+    }
+
+    @media (max-width: 400px) {
+        .nav-ultrasmall-1 {
+            display: none;
+        }
+
+        .nav-ultrasmall-2 {
+            display: inherit;
+        }
+    }
+</style>
\ No newline at end of file
diff --git a/includes/gui/header.php b/includes/gui/header.php
index 0ca8765..7a85a55 100755
--- a/includes/gui/header.php
+++ b/includes/gui/header.php
@@ -7,6 +7,10 @@ if (!file_exists($_SERVER["DOCUMENT_ROOT"] . "/data/general.json")) {
     ]));
 }
 
+if (!file_exists($_SERVER["DOCUMENT_ROOT"] . "/data/files.json")) {
+    file_put_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json", json_encode([]));
+}
+
 if ($_SERVER['HTTP_HOST'] !== "conep.one" && $_SERVER['HTTP_HOST'] !== "www.conep.one" && $_SERVER['HTTP_HOST'] !== "localhost" && $_SERVER['HTTP_HOST'] !== "0.0.0.0") {
     header("Location: https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
     die();
-- 
cgit