sharex-uploader/upload.php at master · iraizo/sharex-uploader · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<?php

error_reporting(E_ALL);

$config = include("config.php");

$url = $config['url'];
$db = $config['db'];
$server = $config['server'];
$user = $config['user'];
$pass = $config['pass'];
$dir = $config['directory'];
$length = $config['randomstringlength'];
$randomstring = $config['randomstring'];

try {
    $connection = new PDO("mysql:host=localhost;dbname=example", "user", "pass"); //TODO USE THIS WITH CONFIGS
    $connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    function generateRandomString($length)
    {
        $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
        $charactersLength = strlen($characters);
        $randomString = '';
        for ($i = 0; $i < $length; $i++) {
            $randomString .= $characters[rand(0, $charactersLength - 1)];
        }
        return $randomString;
    }

    function TokenExists(string $token, $connection)
    {
    $query = $connection->prepare('SELECT COUNT(UserPassword) FROM sharex WHERE UserPassword = "?"');
    $result = $query->execute(array($token));
    $row = $query->fetchAll();
    return $row > 0;
    }


    if (isset($_POST['token'])) {
        if (TokenExists($_POST['token'], $connection)) {
            if ($randomstring) {
                $filename = generateRandomString($length); // TODO MOVE THIS SO I DONT NEED TO REPEAT CODE
                $target = $_FILES["x"]["name"];
                $extension = pathinfo($target, PATHINFO_EXTENSION);

                if (move_uploaded_file($_FILES["x"]["tmp_name"], $dir . $filename . '.' . $extension)) {
                    echo $url . $dir . $filename . '.' . $extension;
                } else {
                    echo "Possible permission error contact the server administrator.";
                }


            } else {

            }
        } else {
            echo "Wrong Token contact the server administrator.";
        }
    } else {
        echo "No post data received from client.";
    }
} catch(PDOException $e)
{
    echo "PDO Error: " . $e->getMessage();
}
$connection = null;