Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
irc.knacki.info
/
www-irc
3
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Эх сурвалжийг харах

Refs #7 flood protection

isundil 6 жил өмнө
parent
00986e6e0a
commit
a61021f01d
2 өөрчлөгдсөн 70 нэмэгдсэн , 1 устгасан
Өөрчлөллтийг нэгтгэж харах Өөрчлөлтийн статистик харах
  1. 67 1
      api.php
  2. 3 0
      uploads/.htaccess

+ 67 - 1
api.php
Файл харах 

@@ -56,8 +56,20 @@ if (isset($_GET["command"])) {
 
         $dir = opendir($dirname);
 
         $dir = opendir($dirname);
 
         $now = time();
 
         $now = time();
 
         if ($dir !== FALSE) {
 
         if ($dir !== FALSE) {
 
+            $dbFile = getcwd()."/uploads/db.json";
 
+            $fDbData = array();
 
+            try {
 
+                $fDbData = json_decode(@file_get_contents($dbFile), true);
 
+            } catch(\Exception $e) {
 
+                $fDbData = new StdClass();
 
+            }
 
+            $fDb = fopen($dbFile, "w");
 
+            if (!$fDb)
 
+                return;
 
+            flock($fDb, LOCK_EX);
 
+
 
             while ($entry = readdir($dir)) {
 
             while ($entry = readdir($dir)) {
 
-                if (is_dir($dirname.$entry))
 
+                if (is_dir($dirname.$entry) || $entry === "db.json" || $entry === ".htaccess")
 
                     continue;
 
                     continue;
 
                 $stats = stat($dirname.$entry);
 
                 $stats = stat($dirname.$entry);
 
                 if ($stats === FALSE) {
 
                 if ($stats === FALSE) {
 
@@ -65,8 +77,25 @@ if (isset($_GET["command"])) {
 
                     continue;
 
                     continue;
 
                 }
 
                 }
 
                 if (($now -$stats["mtime"]) / 60 > 5)
 
                 if (($now -$stats["mtime"]) / 60 > 5)
 
+                {
 
+                    $found = false;
 
+                    foreach ($fDbData as $i => $remote) {
 
+                        foreach ($remote as $j => $fileentry) {
 
+                            if ($fileentry["file"] === $dirname.$entry) {
 
+                                unset($fDbData[$i][$j]);
 
+                                if (count($fDbData[$i]) === 0)
 
+                                    unset($fDbData[$i]);
 
+                                $found = true;
 
+                                break;
 
+                            }
 
+                        }
 
+                        if ($found) break;
 
+                    }
 
                     unlink($dirname.$entry);
 
                     unlink($dirname.$entry);
 
+                }
 
             }
 
             }
 
+            fwrite($fDb, json_encode($fDbData));
 
+            fclose($fDb);
 
             closedir($dir);
 
             closedir($dir);
 
         } else {
 
         } else {
 
             error_log("Cannot open upload dir for cleaning");
 
             error_log("Cannot open upload dir for cleaning");
 
@@ -126,10 +155,47 @@ if (isset($_GET["command"])) {
 
             die("File is too large (max " .MAX_ALLOWED_UPLOAD_SIZE ."o, got " .$_FILES["file"]["size"] .')');
 
             die("File is too large (max " .MAX_ALLOWED_UPLOAD_SIZE ."o, got " .$_FILES["file"]["size"] .')');
 
         }
 
         }
 
         $filename = md5($_GET["from"].time()) .$extension;
 
         $filename = md5($_GET["from"].time()) .$extension;
 
+        // Flood protection
 
+        if (file_exists($filename)) {
 
+            header("HTTP/1.0 400 Bad Request");
 
+            die("Please wait between uploads");
 
+        }
 
+        // Append file in files db
 
+        $dbFile = getcwd()."/uploads/db.json";
 
+        $fDbData = array();
 
+        try {
 
+            $fDbData = json_decode(@file_get_contents($dbFile), true);
 
+        } catch(\Exception $e) {
 
+            $fDbData = array();
 
+        }
 
+        $fDb = fopen($dbFile, "w");
 
+        if (!$fDb)
 
+            return;
 
+        flock($fDb, LOCK_EX);
 
+        if ($fDbData === NULL) $fDbData = array();
 
+        if (isset($fDbData->{$_SERVER["REMOTE_ADDR"]})) {
 
+            $cur = $fDbData->{$_SERVER["REMOTE_ADDR"]};
 
+            while (count($fDbData->{$_SERVER["REMOTE_ADDR"]}) > 10) {
 
+                $fileToRemove = array_shift($fDbData->{$_SERVER["REMOTE_ADDR"]});
 
+                var_dump("unlink".$fileToRemove->{"file"});
 
+                @unlink($fileToRemove->{"file"});
 
+            }
 
+        }
 
+
 
+        // Actual write file
 
         if (move_uploaded_file($_FILES["file"]["tmp_name"], getcwd()."/uploads/".$filename) === FALSE) {
 
         if (move_uploaded_file($_FILES["file"]["tmp_name"], getcwd()."/uploads/".$filename) === FALSE) {
 
+            fwrite($fDb, json_encode($fDbData));
 
+            fclose($fDb);
 
             header("HTTP/1.0 500 Internal Server Error");
 
             header("HTTP/1.0 500 Internal Server Error");
 
             die("Internal Server Error");
 
             die("Internal Server Error");
 
         }
 
         }
 
+
 
+        // Write to file db
 
+        $fDbData[$_SERVER["REMOTE_ADDR"]] = isset($fDbData[$_SERVER["REMOTE_ADDR"]]) ? $fDbData[$_SERVER["REMOTE_ADDR"]] : array();
 
+        $fDbData[$_SERVER["REMOTE_ADDR"]][] = array("file" => getcwd()."/uploads/".$filename, "time" => time(), "from" => $_GET["from"], "ip" => $_SERVER["REMOTE_ADDR"]);
 
+        fwrite($fDb, json_encode($fDbData));
 
+        fclose($fDb);
 
+
 
         // Log info
 
         // Log info
 
         error_log($_GET["from"] ." uploaded file " .$filename ." " .print_r($_FILES["file"], true) ." from " .$_SERVER["REMOTE_ADDR"]);
 
         error_log($_GET["from"] ." uploaded file " .$filename ." " .print_r($_FILES["file"], true) ." from " .$_SERVER["REMOTE_ADDR"]);
 
         echo "/uploads/" .$filename;
 
         echo "/uploads/" .$filename;

+ 3 - 0
uploads/.htaccess
Файл харах 

@@ -0,0 +1,3 @@
 
+<Files ./db.json>
 
+Deny from all
 
+</Files>