|
|
@@ -56,8 +56,20 @@ if (isset($_GET["command"])) {
|
|
|
$dir = opendir($dirname);
|
|
|
$now = time();
|
|
|
if ($dir !== FALSE) {
|
|
|
+ $dbFile = getcwd()."/uploads/db.json";
|
|
|
+ $fDbData = array();
|
|
|
+ try {
|
|
|
+ $fDbData = json_decode(@file_get_contents($dbFile), true);
|
|
|
+ } catch(\Exception $e) {
|
|
|
+ $fDbData = new StdClass();
|
|
|
+ }
|
|
|
+ $fDb = fopen($dbFile, "w");
|
|
|
+ if (!$fDb)
|
|
|
+ return;
|
|
|
+ flock($fDb, LOCK_EX);
|
|
|
+
|
|
|
while ($entry = readdir($dir)) {
|
|
|
- if (is_dir($dirname.$entry))
|
|
|
+ if (is_dir($dirname.$entry) || $entry === "db.json" || $entry === ".htaccess")
|
|
|
continue;
|
|
|
$stats = stat($dirname.$entry);
|
|
|
if ($stats === FALSE) {
|
|
|
@@ -65,8 +77,25 @@ if (isset($_GET["command"])) {
|
|
|
continue;
|
|
|
}
|
|
|
if (($now -$stats["mtime"]) / 60 > 5)
|
|
|
+ {
|
|
|
+ $found = false;
|
|
|
+ foreach ($fDbData as $i => $remote) {
|
|
|
+ foreach ($remote as $j => $fileentry) {
|
|
|
+ if ($fileentry["file"] === $dirname.$entry) {
|
|
|
+ unset($fDbData[$i][$j]);
|
|
|
+ if (count($fDbData[$i]) === 0)
|
|
|
+ unset($fDbData[$i]);
|
|
|
+ $found = true;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if ($found) break;
|
|
|
+ }
|
|
|
unlink($dirname.$entry);
|
|
|
+ }
|
|
|
}
|
|
|
+ fwrite($fDb, json_encode($fDbData));
|
|
|
+ fclose($fDb);
|
|
|
closedir($dir);
|
|
|
} else {
|
|
|
error_log("Cannot open upload dir for cleaning");
|
|
|
@@ -126,10 +155,47 @@ if (isset($_GET["command"])) {
|
|
|
die("File is too large (max " .MAX_ALLOWED_UPLOAD_SIZE ."o, got " .$_FILES["file"]["size"] .')');
|
|
|
}
|
|
|
$filename = md5($_GET["from"].time()) .$extension;
|
|
|
+ // Flood protection
|
|
|
+ if (file_exists($filename)) {
|
|
|
+ header("HTTP/1.0 400 Bad Request");
|
|
|
+ die("Please wait between uploads");
|
|
|
+ }
|
|
|
+ // Append file in files db
|
|
|
+ $dbFile = getcwd()."/uploads/db.json";
|
|
|
+ $fDbData = array();
|
|
|
+ try {
|
|
|
+ $fDbData = json_decode(@file_get_contents($dbFile), true);
|
|
|
+ } catch(\Exception $e) {
|
|
|
+ $fDbData = array();
|
|
|
+ }
|
|
|
+ $fDb = fopen($dbFile, "w");
|
|
|
+ if (!$fDb)
|
|
|
+ return;
|
|
|
+ flock($fDb, LOCK_EX);
|
|
|
+ if ($fDbData === NULL) $fDbData = array();
|
|
|
+ if (isset($fDbData->{$_SERVER["REMOTE_ADDR"]})) {
|
|
|
+ $cur = $fDbData->{$_SERVER["REMOTE_ADDR"]};
|
|
|
+ while (count($fDbData->{$_SERVER["REMOTE_ADDR"]}) > 10) {
|
|
|
+ $fileToRemove = array_shift($fDbData->{$_SERVER["REMOTE_ADDR"]});
|
|
|
+ var_dump("unlink".$fileToRemove->{"file"});
|
|
|
+ @unlink($fileToRemove->{"file"});
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ // Actual write file
|
|
|
if (move_uploaded_file($_FILES["file"]["tmp_name"], getcwd()."/uploads/".$filename) === FALSE) {
|
|
|
+ fwrite($fDb, json_encode($fDbData));
|
|
|
+ fclose($fDb);
|
|
|
header("HTTP/1.0 500 Internal Server Error");
|
|
|
die("Internal Server Error");
|
|
|
}
|
|
|
+
|
|
|
+ // Write to file db
|
|
|
+ $fDbData[$_SERVER["REMOTE_ADDR"]] = isset($fDbData[$_SERVER["REMOTE_ADDR"]]) ? $fDbData[$_SERVER["REMOTE_ADDR"]] : array();
|
|
|
+ $fDbData[$_SERVER["REMOTE_ADDR"]][] = array("file" => getcwd()."/uploads/".$filename, "time" => time(), "from" => $_GET["from"], "ip" => $_SERVER["REMOTE_ADDR"]);
|
|
|
+ fwrite($fDb, json_encode($fDbData));
|
|
|
+ fclose($fDb);
|
|
|
+
|
|
|
// Log info
|
|
|
error_log($_GET["from"] ." uploaded file " .$filename ." " .print_r($_FILES["file"], true) ." from " .$_SERVER["REMOTE_ADDR"]);
|
|
|
echo "/uploads/" .$filename;
|
