2020-08-21 23:34:27 +02:00
|
|
|
<?php
|
|
|
|
include "vars.php";
|
|
|
|
global $jmurl;
|
|
|
|
|
|
|
|
$obj = new stdClass();
|
|
|
|
$obj->status = 404;
|
|
|
|
$req = $_SERVER["PATH_INFO"];
|
2020-08-25 19:23:28 +02:00
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
|
|
if ($method == "GET") {
|
|
|
|
switch ($req) {
|
|
|
|
case "":
|
|
|
|
case "/":
|
2020-08-21 23:34:27 +02:00
|
|
|
$obj->status = 200;
|
2020-08-25 19:23:28 +02:00
|
|
|
$obj->endpoints = endpoints();
|
|
|
|
break;
|
|
|
|
case "/all":
|
2020-08-21 23:34:27 +02:00
|
|
|
$obj->status = 200;
|
2020-08-25 19:23:28 +02:00
|
|
|
//Memes
|
|
|
|
$q_memes = "SELECT * FROM images";
|
|
|
|
$obj->memes = memesArray($q_memes);
|
|
|
|
//Categories
|
|
|
|
$q_cats = "SELECT * FROM cats";
|
|
|
|
$obj->categories = categoryArray($q_cats);
|
|
|
|
//Users
|
|
|
|
$users = array();
|
|
|
|
$q_users = "SELECT * FROM token";
|
|
|
|
$res_users = mysqli_query($jmcon, $q_users);
|
|
|
|
checksql($res_users);
|
|
|
|
while ($row = mysqli_fetch_array($res_users, MYSQLI_ASSOC)) {
|
|
|
|
array_push($users, $row["name"]);
|
|
|
|
}
|
|
|
|
mysqli_free_result($res_users);
|
|
|
|
$obj->users = $users;
|
|
|
|
break;
|
|
|
|
case "/baseurl":
|
|
|
|
case "/base":
|
|
|
|
$obj->status = 200;
|
|
|
|
$obj->baseurl = $jmurl;
|
|
|
|
break;
|
|
|
|
case "/memes":
|
|
|
|
$obj->status = 200;
|
|
|
|
$query = "SELECT * FROM images";
|
|
|
|
if (isset($_GET["category"])) {
|
2020-09-04 16:36:32 +02:00
|
|
|
$query = addCondition('cat="' . santinize($_GET["category"]) . '"', $query);
|
2020-08-25 19:23:28 +02:00
|
|
|
}
|
|
|
|
if (isset($_GET["user"])) {
|
2020-09-04 16:36:32 +02:00
|
|
|
$query = addCondition('user LIKE "%' . santinize($_GET["user"]) . '%"', $query);
|
2020-08-25 19:23:28 +02:00
|
|
|
}
|
|
|
|
if (isset($_GET["search"])) {
|
2020-09-04 16:36:32 +02:00
|
|
|
$query = addCondition('path LIKE "%' . santinize($_GET["search"]) . '%"', $query);
|
2020-08-25 19:23:28 +02:00
|
|
|
}
|
|
|
|
$obj->memes = memesArray($query);
|
|
|
|
break;
|
|
|
|
case "/meme":
|
|
|
|
if (isset($_GET["id"])) {
|
2020-09-04 16:36:32 +02:00
|
|
|
$q = 'SELECT * FROM images WHERE id=' . santinize($_GET["id"]);
|
2020-08-25 19:23:28 +02:00
|
|
|
$res = mysqli_query($jmcon, $q);
|
|
|
|
checksql($res);
|
|
|
|
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
|
|
|
|
if ($row) {
|
|
|
|
$obj->status = 200;
|
|
|
|
$path = $row["path"];
|
|
|
|
$path = str_replace(" ", "%20", $path);
|
2020-09-30 22:03:52 +02:00
|
|
|
|
2020-08-25 19:23:28 +02:00
|
|
|
$obj->link = $jmurl . $path;
|
|
|
|
$obj->user = $row["user"];
|
|
|
|
$obj->category = $row["cat"];
|
2020-09-30 22:03:52 +02:00
|
|
|
|
|
|
|
$meme = new stdClass();
|
|
|
|
$meme->link = $jmurl . $path;
|
|
|
|
$meme->user = $row["user"];
|
|
|
|
$meme->category = $row["cat"];
|
|
|
|
$obj->meme = $meme;
|
2020-08-25 19:23:28 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case "/random":
|
|
|
|
$query = "SELECT * FROM images";
|
|
|
|
if (isset($_GET["category"])) {
|
2020-09-04 16:36:32 +02:00
|
|
|
$query = addCondition('cat="' . santinize($_GET["category"]) . '"', $query);
|
2020-08-25 19:23:28 +02:00
|
|
|
}
|
|
|
|
if (isset($_GET["user"])) {
|
2020-09-04 16:36:32 +02:00
|
|
|
$query = addCondition('user LIKE "%' . santinize($_GET["user"]) . '%"', $query);
|
2020-08-25 19:23:28 +02:00
|
|
|
}
|
|
|
|
$memes = memesArray($query);
|
|
|
|
$random = rand(0, count($memes) - 1);
|
|
|
|
$meme = $memes[$random];
|
|
|
|
if (isset($meme->path)) {
|
|
|
|
$obj->status = 200;
|
2020-09-30 22:03:52 +02:00
|
|
|
|
2020-08-25 19:23:28 +02:00
|
|
|
$obj->link = $jmurl . $meme->path;
|
|
|
|
$obj->category = $meme->category;
|
|
|
|
$obj->user = $meme->user;
|
2020-09-30 22:03:52 +02:00
|
|
|
|
|
|
|
$img = new stdClass();
|
|
|
|
$img->link = $jmurl . $meme->path;
|
|
|
|
$img->category = $meme->category;
|
|
|
|
$img->user = $meme->user;
|
|
|
|
$obj->meme = $img;
|
2020-08-25 19:23:28 +02:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
case "/categories":
|
|
|
|
$obj->status = 200;
|
|
|
|
$obj->categories = categoryArray("SELECT * FROM cats");
|
|
|
|
break;
|
|
|
|
case "/category":
|
|
|
|
if (isset($_GET["id"])) {
|
2020-09-04 16:36:32 +02:00
|
|
|
$q = 'SELECT * FROM cats WHERE id="' . santinize($_GET["id"]) . '"';
|
2020-08-25 19:23:28 +02:00
|
|
|
$res = mysqli_query($jmcon, $q);
|
|
|
|
checksql($res);
|
|
|
|
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
|
|
|
|
if ($row) {
|
|
|
|
$obj->status = 200;
|
2020-09-30 22:03:52 +02:00
|
|
|
|
2020-08-25 19:23:28 +02:00
|
|
|
$obj->id = $row["id"];
|
|
|
|
$obj->name = $row["name"];
|
2020-09-30 22:03:52 +02:00
|
|
|
|
|
|
|
$cat = new stdClass();
|
|
|
|
$cat->id = $row["id"];
|
|
|
|
$cat->name = $row["name"];
|
|
|
|
$obj->category = $cat;
|
2020-08-25 19:23:28 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case "/users":
|
|
|
|
$users = array();
|
|
|
|
$q_users = "SELECT * FROM token";
|
|
|
|
$res_users = mysqli_query($jmcon, $q_users);
|
|
|
|
checksql($res_users);
|
|
|
|
while ($row = mysqli_fetch_array($res_users, MYSQLI_ASSOC)) {
|
|
|
|
$user = new stdClass();
|
|
|
|
$user->name = $row["name"];
|
2020-09-04 16:36:32 +02:00
|
|
|
$user->tokenhash = md5($row["token"]);
|
2020-08-29 12:34:22 +02:00
|
|
|
$user->userdir = $row["userdir"];
|
2020-09-04 16:36:32 +02:00
|
|
|
$user->id = $row["userdir"];
|
2020-08-25 19:23:28 +02:00
|
|
|
$user->dayuploads = $row["uploadsLast24H"];
|
|
|
|
array_push($users, $user);
|
|
|
|
}
|
|
|
|
mysqli_free_result($res_users);
|
|
|
|
$obj->users = $users;
|
|
|
|
$obj->status = 200;
|
|
|
|
break;
|
2020-09-04 16:36:32 +02:00
|
|
|
case "/user":
|
|
|
|
$q_user = "SELECT * FROM token";
|
|
|
|
if ($_GET["id"]) {
|
|
|
|
$q_user = addCondition('userdir="' . santinize($_GET["id"]) . '"', $q_user);
|
|
|
|
}
|
|
|
|
else if ($_GET["token"]) {
|
|
|
|
$q_user = addCondition('token="' . santinize($_GET["token"]) . '"', $q_user);
|
|
|
|
}
|
|
|
|
else if ($_GET["name"]) {
|
|
|
|
$q_user = addCondition('name LIKE "%' . santinize($_GET["name"]) . '%"', $q_user);
|
|
|
|
}
|
|
|
|
$res = mysqli_query($jmcon, $q_user);
|
|
|
|
checksql($res);
|
|
|
|
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
|
|
|
|
if ($row) {
|
|
|
|
$user = new stdClass();
|
|
|
|
$user->name = $row["name"];
|
|
|
|
$user->tokenhash = md5($row["token"]);
|
|
|
|
$user->userdir = $row["userdir"];
|
|
|
|
$user->id = $row["userdir"];
|
|
|
|
$user->dayuploads = $row["uploadsLast24H"];
|
|
|
|
$obj->user = $user;
|
2020-08-25 19:23:28 +02:00
|
|
|
$obj->status = 200;
|
|
|
|
} else {
|
2020-09-04 16:36:32 +02:00
|
|
|
$obj->error = "user not found";
|
2020-08-25 19:23:28 +02:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
$obj->endpoints = endpoints();
|
|
|
|
break;
|
2020-08-21 23:34:27 +02:00
|
|
|
}
|
2020-08-25 19:23:28 +02:00
|
|
|
} else if ($method == "POST") {
|
|
|
|
switch ($req) {
|
|
|
|
case "/upload":
|
|
|
|
upload();
|
|
|
|
break;
|
2020-09-04 16:36:32 +02:00
|
|
|
case "/admin":
|
|
|
|
admin(file_get_contents("php://input"));
|
2020-08-21 23:34:27 +02:00
|
|
|
}
|
2020-08-25 19:23:28 +02:00
|
|
|
|
|
|
|
|
2020-08-21 23:34:27 +02:00
|
|
|
}
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
echo stripslashes(json_encode($obj, JSON_UNESCAPED_UNICODE));
|
|
|
|
|
|
|
|
function endpoints() {
|
2020-08-25 19:23:28 +02:00
|
|
|
return array("/all", "/baseurl", "/memes", "/meme", "/random", "/categories", "/category", "/users");
|
|
|
|
}
|
|
|
|
|
|
|
|
function postendpoints() {
|
|
|
|
return array("/admin", "/upload");
|
2020-08-21 23:34:27 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
function checksql($res) {
|
|
|
|
global $jmcon;
|
|
|
|
global $obj;
|
|
|
|
if (!$res) {
|
|
|
|
$obj->status = 500;
|
|
|
|
$obj->error = mysqli_error($jmcon);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
function memesArray($query) {
|
|
|
|
global $jmcon;
|
2020-08-29 12:34:22 +02:00
|
|
|
global $jmurl;
|
2020-08-21 23:34:27 +02:00
|
|
|
|
|
|
|
$memes = array();
|
|
|
|
$res_memes = mysqli_query($jmcon, $query);
|
|
|
|
checksql($res_memes);
|
|
|
|
while ($row = mysqli_fetch_array( $res_memes, MYSQLI_ASSOC)) {
|
|
|
|
$meme = new stdClass();
|
|
|
|
$meme->id = $row["id"];
|
|
|
|
$path = $row["path"];
|
|
|
|
$path = str_replace(" ", "%20", $path);
|
2020-08-29 12:34:22 +02:00
|
|
|
$meme->link = $jmurl . $path;
|
2020-08-21 23:34:27 +02:00
|
|
|
$meme->path = $path;
|
|
|
|
$meme->category = $row["cat"];
|
|
|
|
$meme->user = $row["user"];
|
|
|
|
array_push($memes, $meme);
|
|
|
|
}
|
|
|
|
mysqli_free_result($res_memes);
|
|
|
|
return $memes;
|
|
|
|
}
|
|
|
|
|
|
|
|
function categoryArray($query) {
|
|
|
|
global $jmcon;
|
|
|
|
|
|
|
|
$cats = array();
|
|
|
|
$res_cats = mysqli_query($jmcon, $query);
|
|
|
|
checksql($res_cats);
|
|
|
|
while ($row = mysqli_fetch_array( $res_cats, MYSQLI_ASSOC)) {
|
|
|
|
$cat = new stdClass();
|
|
|
|
$cat->id = $row["id"];
|
|
|
|
$cat->name = $row["name"];
|
|
|
|
array_push($cats, $cat);
|
|
|
|
}
|
|
|
|
mysqli_free_result($res_cats);
|
|
|
|
|
|
|
|
return $cats;
|
|
|
|
}
|
|
|
|
|
|
|
|
function addCondition($cond, $query) {
|
|
|
|
if (strpos($query, "WHERE")) {
|
|
|
|
$query = $query . " AND " . $cond;
|
|
|
|
} else {
|
|
|
|
$query = $query . " WHERE " . $cond;
|
|
|
|
}
|
|
|
|
return $query;
|
|
|
|
}
|
|
|
|
|
|
|
|
function genToken($discord) {
|
|
|
|
$random = bin2hex(random_bytes(32));
|
|
|
|
$prehash = $random . md5(time()) . $discord;
|
|
|
|
return md5($prehash);
|
|
|
|
}
|
2020-08-25 19:23:28 +02:00
|
|
|
|
2020-09-04 16:36:32 +02:00
|
|
|
function santinize($input) {
|
|
|
|
global $jmcon;
|
|
|
|
$out = str_replace(" ", "", $input);
|
|
|
|
$out = str_replace("'", "", $out);
|
|
|
|
$out = str_replace('"', "", $out);
|
|
|
|
$out = mysqli_escape_string($jmcon, $out);
|
|
|
|
return $out;
|
|
|
|
}
|
|
|
|
|
2020-08-25 19:23:28 +02:00
|
|
|
function upload() {
|
|
|
|
global $jmcon;
|
|
|
|
global $obj;
|
|
|
|
global $jmimagepath;
|
2020-09-04 16:36:32 +02:00
|
|
|
global $jmurl;
|
2020-08-25 19:23:28 +02:00
|
|
|
$token = $_POST["token"];
|
2020-09-04 16:36:32 +02:00
|
|
|
$token = santinize($token);
|
2020-08-25 19:23:28 +02:00
|
|
|
$cat = $_POST["category"];
|
|
|
|
$obj->token = $token;
|
|
|
|
if (isset($token)) {
|
|
|
|
if (isset($cat)) {
|
|
|
|
$query = "SELECT * FROM token WHERE token='$token'";
|
|
|
|
$res = mysqli_query($jmcon, $query);
|
|
|
|
checksql($res);
|
|
|
|
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
|
|
|
|
if ($row) {
|
|
|
|
$uploads = $row["uploadsLast24H"];
|
|
|
|
$homedir = $row["userdir"];
|
|
|
|
$user = $row["name"];
|
|
|
|
$countfiles = count($_FILES['file']['name']);
|
|
|
|
if ($countfiles == 0) {
|
|
|
|
$obj->status = 400;
|
|
|
|
$obj->error = "no files to upload send";
|
|
|
|
}
|
|
|
|
else if ($uploads + $countfiles <= 20) {
|
|
|
|
$uploads += $countfiles;
|
|
|
|
$sqlMaxUpl = "UPDATE token SET uploadsLast24H='$uploads' WHERE token='$token'";
|
|
|
|
mysqli_query($jmcon, $sqlMaxUpl);
|
2020-08-29 16:45:05 +02:00
|
|
|
$type = gettype($_FILES['file']['name']);
|
|
|
|
if ($type != "array") {
|
2020-08-25 19:23:28 +02:00
|
|
|
$filename = $_FILES['file']['name'];
|
2020-09-04 16:36:32 +02:00
|
|
|
if ($filename != "") {
|
2020-08-25 19:23:28 +02:00
|
|
|
move_uploaded_file($_FILES['file']['tmp_name'], $jmimagepath . $homedir . "/" . $filename);
|
|
|
|
$path = "images/" . $homedir . "/" . $filename;
|
2020-09-27 16:00:22 +02:00
|
|
|
$obj->files = array($jmurl.$path);
|
2020-08-25 19:23:28 +02:00
|
|
|
$clientIP = $_SERVER['REMOTE_ADDR'];;
|
|
|
|
$sqlType = "INSERT INTO images (user, path, cat, ip) VALUES ('$user', '$path', '$cat', '$clientIP')";
|
|
|
|
$res = mysqli_query($jmcon, $sqlType);
|
|
|
|
checksql($res);
|
|
|
|
}
|
|
|
|
} else {
|
2020-08-29 17:03:28 +02:00
|
|
|
$obj->files = array();
|
2020-08-25 19:23:28 +02:00
|
|
|
for ($i = 0; $i < $countfiles; $i++) {
|
|
|
|
$filename = $_FILES['file']['name'][$i];
|
2020-09-04 16:36:32 +02:00
|
|
|
if ($filename != "") {
|
2020-08-25 19:23:28 +02:00
|
|
|
move_uploaded_file($_FILES['file']['tmp_name'][$i], $jmimagepath . $homedir . "/" . $filename);
|
|
|
|
$path = "images/" . $homedir . "/" . $filename;
|
2020-09-04 16:36:32 +02:00
|
|
|
array_push($obj->files, $jmurl.$path);
|
2020-08-25 19:23:28 +02:00
|
|
|
$clientIP = $_SERVER['REMOTE_ADDR'];;
|
|
|
|
$sqlType = "INSERT INTO images (user, path, cat, ip) VALUES ('$user', '$path', '$cat', '$clientIP')";
|
|
|
|
$res = mysqli_query($jmcon, $sqlType);
|
|
|
|
checksql($res);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$obj->status = 201;
|
|
|
|
} else {
|
|
|
|
$obj->status = 403;
|
|
|
|
$obj->error = "upload limit reached";
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$obj->status = 403;
|
|
|
|
$obj->error = "token not existing";
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$obj->status = 400;
|
|
|
|
$obj->error = "missing category";
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$obj->status = 401;
|
|
|
|
}
|
|
|
|
}
|
2020-09-04 16:36:32 +02:00
|
|
|
|
|
|
|
function admin($data) {
|
|
|
|
global $obj;
|
|
|
|
global $jmkey;
|
|
|
|
global $jmcon;
|
|
|
|
$decr = "";
|
|
|
|
openssl_public_decrypt(base64_decode($data), $decr, $jmkey);
|
|
|
|
$req = json_decode($decr);
|
|
|
|
if ($req == null) {
|
|
|
|
$obj->status = 400;
|
|
|
|
$obj->error = "bad request or unauthorized";
|
|
|
|
} else {
|
|
|
|
switch ($req->method) {
|
|
|
|
case "gettoken":
|
|
|
|
$user = $req->user;
|
|
|
|
$query = "SELECT * FROM token WHERE name='$user'";
|
|
|
|
$res = mysqli_query($jmcon, $query);
|
|
|
|
checksql($res);
|
|
|
|
$tok = mysqli_fetch_array($res, MYSQLI_ASSOC);
|
|
|
|
if ($tok) {
|
|
|
|
$obj->status = 200;
|
|
|
|
$obj->token = encrypt($tok["token"], $jmkey);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case "register":
|
|
|
|
$user = $req->user;
|
|
|
|
$query = "SELECT * FROM token WHERE name='$user'";
|
|
|
|
$res = mysqli_query($jmcon, $query);
|
|
|
|
checksql($res);
|
|
|
|
$tok = mysqli_fetch_array($res, MYSQLI_ASSOC);
|
|
|
|
if ($tok) {
|
|
|
|
$obj->status = 200;
|
|
|
|
$obj->token = encrypt($tok["token"], $jmkey);
|
|
|
|
} else {
|
|
|
|
$token = genToken($user);
|
|
|
|
$userdir = md5($user);
|
|
|
|
$query = "INSERT INTO token (name, token, userdir) VALUES ('$user', '$token', '$userdir')";
|
|
|
|
$res = mysqli_query($jmcon, $query);
|
|
|
|
checksql($res);
|
|
|
|
if ($res) {
|
|
|
|
$obj->status = 201;
|
|
|
|
$obj->token = encrypt($token, $jmkey);
|
|
|
|
$obj->userdir = $userdir;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
function encrypt($data, $pubkey) {
|
|
|
|
$encr = "";
|
|
|
|
openssl_public_encrypt($data, $encr, $pubkey);
|
|
|
|
return base64_encode($encr);
|
|
|
|
}
|