From f5d140a3ef6e34658f6a9a6cc58ee32d01427782 Mon Sep 17 00:00:00 2001
From: Minteck <contact@minteck.org>
Date: Tue, 12 Apr 2022 16:22:44 +0200
Subject: File uploader

---
 admin/uploads/index.php | 186 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 186 insertions(+)
 create mode 100755 admin/uploads/index.php

(limited to 'admin/uploads')

diff --git a/admin/uploads/index.php b/admin/uploads/index.php
new file mode 100755
index 0000000..2990933
--- /dev/null
+++ b/admin/uploads/index.php
@@ -0,0 +1,186 @@
+<?php require_once $_SERVER["DOCUMENT_ROOT"] . "/includes/admin/session.php"; global $_USER; ?>
+<?php
+
+$projects = json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json"), true);
+
+/**
+ * @throws Exception
+ */
+function uuid($data = null) {
+    $data = $data ?? random_bytes(16);
+    assert(strlen($data) == 16);
+
+    $data[6] = chr(ord($data[6]) & 0x0f | 0x40);
+    $data[8] = chr(ord($data[8]) & 0x3f | 0x80);
+
+    return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
+}
+
+
+if (isset($_GET['submit'])) {
+    if (isset($_GET['upload'])) {
+        try {
+            $fileId = uuid();
+        } catch (Exception $e) {
+            die();
+        }
+
+        if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/uploads")) {
+            mkdir($_SERVER['DOCUMENT_ROOT'] . "/data/uploads");
+        }
+
+        $target_dir = $_SERVER['DOCUMENT_ROOT'] . "/data/uploads/";
+        $target_file = $target_dir . $fileId;
+
+        $file = $_FILES["add-file"];
+
+        if ($_FILES["add-file"]["error"] !== 0) {
+            header("Location: /admin/uploads");
+            die();
+        }
+
+        rename($_FILES["add-file"]["tmp_name"], $target_file);
+        $projects[] = [
+                "name" => $_FILES["add-file"]["name"],
+                "uuid" => $fileId,
+                "size" => $_FILES["add-file"]["size"]
+        ];
+        file_put_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json", json_encode($projects));
+
+        header("Location: /admin/uploads");
+        die();
+    }
+
+    if (isset($_GET["delete-project"])) {
+        if (isset($projects[(int)$_GET["delete-project"]])) {
+            unlink($_SERVER['DOCUMENT_ROOT'] . "/data/uploads/" . $projects[(int)$_GET["delete-project"]]['uuid']);
+            unset($projects[(int)$_GET["delete-project"]]);
+            file_put_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json", json_encode($projects, JSON_PRETTY_PRINT));
+            header("Location: /admin/uploads");
+            die();
+        }
+    }
+
+    if (isset($_GET["edit-project"]) && isset($_GET["edit-project-name"])) {
+        if (isset($projects[(int)$_GET["edit-project"]])) {
+            $projects[(int)$_GET["edit-project"]]["name"] = $_GET["edit-project-name"];
+            file_put_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json", json_encode($projects, JSON_PRETTY_PRINT));
+            header("Location: /admin/uploads");
+            die();
+        }
+    }
+}
+
+?>
+<?php require_once $_SERVER["DOCUMENT_ROOT"] . "/includes/admin/header.php"; ?>
+
+<br>
+<div class="container">
+    <?php if (isset($_GET['change']) && isset($_GET['edit-project']) && isset($projects[(int)$_GET["edit-project"]])): $project = $projects[(int)$_GET["edit-project"]]; ?>
+
+    <h1>Edit <b><?= $project["name"] ?></b><br><span class="small"><span class="small"><span class="small">(<code><?= $project["uuid"] ?></code>)</span></span></span></h1>
+
+    <br>
+
+    <form style="display: inline-block;">
+        <p>
+            File Name:<br>
+            <input name="edit-project-name" class="form-control" type="text" value="<?= $project["name"] ?>">
+        </p>
+        <input name="submit" type="hidden">
+        <input name="edit-project" type="hidden" value="<?= (int)$_GET["edit-project"] ?>">
+        <button type="submit" class="btn btn-primary">Save and apply changes</button>
+    </form>
+    <form style="margin-top: 5px;">
+            <input name="submit" type="hidden">
+            <input name="delete-project" type="hidden" value="<?= (int)$_GET["edit-project"] ?>">
+            <button type="submit" class="btn btn-danger">Delete</button>
+    </form>
+
+    <?php else: ?>
+    <h1>File Uploads</h1>
+    <p>Files added to this list are publicly accessible from their URL.</p>
+
+    <ul class="list-group">
+        <?php foreach (json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/data/files.json"), true) as $index => $project): ?>
+        <li class="list-group-item">
+            <span style="vertical-align: middle;padding-top:10px;">
+                <?= strip_tags($project["name"]) ?><span class="text-muted"> (<?php
+
+                    if ($project["size"] > 1024) {
+                        if ($project["size"] > (1024**2)) {
+                            echo(round($project["size"] / (1024**2), 1) . " MiB");
+                        } else {
+                            echo(round($project["size"] / 1024, 1) . " kiB");
+                        }
+                    } else {
+                        echo($project["size"] . " bytes");
+                    }
+
+                    ?>)</span>
+            </span>
+            <form style="display:inline;float:right;">
+                <a class="btn btn-primary" onclick="alert(`https://<?= $_SERVER['HTTP_HOST'] ?>/file/?<?= $project['uuid'] ?>`);">Show link</a>
+            </form>
+            <form style="display:inline;float:right;margin-right:10px;">
+                <input name="edit-project" type="hidden" value="<?= $index ?>">
+                <input name="change" type="hidden">
+                <button type="submit" class="btn btn-primary">Edit/delete</button>
+            </form>
+        </li>
+        <?php endforeach; ?>
+    </ul>
+    <br>
+
+    <button type="button" id="admin-add-s0" class="btn btn-outline-primary" onclick="document.getElementById('admin-add-s0').style.display='none';document.getElementById('admin-add-s1').style.display='';document.getElementById('admin-add-s2').focus();">Upload new file</button>
+    <div class="card" style="max-width:550px;display:none;" id="admin-add-s1">
+        <form class="card-body" action="?submit=&upload=" method="post" enctype="multipart/form-data">
+            <h4 class="card-title">Upload new file</h4>
+            <p>Once added, this file will be publicly accessible.</p>
+            <p>
+                <input id="admin-add-s2" name="add-file" type="file" class="form-control">
+            </p>
+            <p>You are able to rename and delete the file after uploading it.</p>
+            <p class="small text-muted">
+                <?php
+
+                $max_upload = (int)(ini_get('upload_max_filesize'));
+                $max_post = (int)(ini_get('post_max_size'));
+                $memory_limit = (int)(ini_get('memory_limit'));
+
+                if ($max_upload < $max_post && $max_upload < $memory_limit) {
+                    $upload_mb = $max_upload;
+                    $limit = "upload_max_filesize";
+                } else if ($max_post < $max_upload && $max_post < $memory_limit) {
+                    $upload_mb = $max_post;
+                    $limit = "post_max_size";
+                } else if ($memory_limit < $max_upload && $memory_limit < $max_post) {
+                    $upload_mb = $memory_limit;
+                    $limit = "memory_limit";
+                } else {
+                    $upload_mb = $max_upload;
+                    $limit = "(config)";
+                }
+
+                echo("Upload limit: " . $upload_mb . " MB, limited by <code>$limit</code>");
+
+                ?>
+            </p>
+            <input name="submit" type="hidden">
+            <button type="submit" class="btn btn-success">Upload</button> <button onclick="document.getElementById('admin-add-s1').style.display='none';document.getElementById('admin-add-s0').style.display='';" type="button" class="btn btn-outline-danger">Cancel</button>
+        </form>
+    </div>
+    <?php endif; ?>
+</div>
+
+<style>
+    .project-icon {
+        border-radius: 999px;
+        width: 24px;
+        vertical-align: middle;
+        background: lightgray;
+        margin-right: 5px;
+    }
+</style>
+
+<?php require_once $_SERVER["DOCUMENT_ROOT"] . "/includes/admin/footer.php"; ?>
\ No newline at end of file
-- 
cgit