From 639dd58d7ac8c784a616bcf5700a42c7912ee97d Mon Sep 17 00:00:00 2001 From: Timo Ley Date: Tue, 25 Aug 2020 19:23:28 +0200 Subject: [PATCH] Using switches and added upload --- jensmemes.php | 311 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 203 insertions(+), 108 deletions(-) diff --git a/jensmemes.php b/jensmemes.php index 59ae8c6..6c44b02 100644 --- a/jensmemes.php +++ b/jensmemes.php @@ -5,123 +5,149 @@ global $jmurl; $obj = new stdClass(); $obj->status = 404; $req = $_SERVER["PATH_INFO"]; -$endpoint = explode("/", $req); -if ($req == "" or $req == "/") { - $obj->status = 200; - $obj->endpoints = endpoints(); -} -elseif ($req == "/all") { - $obj->status = 200; - //Memes - $q_memes = "SELECT * FROM images"; - $obj->memes = memesArray($q_memes); - //Categories - $q_cats = "SELECT * FROM cats"; - $obj->categories = categoryArray($q_cats); - //Users - $users = array(); - $q_users = "SELECT * FROM token"; - $res_users = mysqli_query($jmcon, $q_users); - checksql($res_users); - while ($row = mysqli_fetch_array( $res_users, MYSQLI_ASSOC)) { - array_push($users, $row["name"]); - } - mysqli_free_result($res_users); - $obj->users = $users; -} elseif ($req == "/base" or $req == "/baseurl") { - $obj->status = 200; - $obj->baseurl = $jmurl; -} elseif ($req == "/memes") { - $obj->status = 200; - $query = "SELECT * FROM images"; - if (isset($_GET["category"])) { - $query = addCondition('cat="' . $_GET["category"] . '"', $query); - } - if (isset($_GET["user"])) { - $query = addCondition('user LIKE "%' . $_GET["user"] . '%"', $query); - } - if (isset($_GET["search"])) { - $query = addCondition('path LIKE "%' . $_GET["search"] . '%"', $query); - } - $obj->memes = memesArray($query); -} elseif ($req == "/meme") { - if (isset($_GET["id"])) { - $q = 'SELECT * FROM images WHERE id=' . $_GET["id"]; - $res = mysqli_query($jmcon, $q); - checksql($res); - $row = mysqli_fetch_array($res, MYSQLI_ASSOC); - if ($row) { +$method = $_SERVER['REQUEST_METHOD']; +if ($method == "GET") { + switch ($req) { + case "": + case "/": $obj->status = 200; - $path = $row["path"]; - $path = str_replace(" ", "%20", $path); - $obj->link = $jmurl . $path; - $obj->user = $row["user"]; - $obj->category = $row["cat"]; - } - } -} elseif ($req == "/random") { - $query = "SELECT * FROM images"; - if (isset($_GET["category"])) { - $query = addCondition('cat="' . $_GET["category"] . '"', $query); - } - if (isset($_GET["user"])) { - $query = addCondition('user LIKE "%' . $_GET["user"] . '%"', $query); - } - $memes = memesArray($query); - $random = rand(0, count($memes) - 1); - $meme = $memes[$random]; - if (isset($meme->path)) { - $obj->status = 200; - $obj->link = $jmurl . $meme->path; - $obj->category = $meme->category; - $obj->user = $meme->user; - } -} elseif ($req == "/categories") { - $obj->status = 200; - $obj->categories = categoryArray("SELECT * FROM cats"); -} elseif ($req == "/category") { - if (isset($_GET["id"])) { - $q = 'SELECT * FROM cats WHERE id="' . $_GET["id"] . '"'; - $res = mysqli_query($jmcon, $q); - checksql($res); - $row = mysqli_fetch_array($res, MYSQLI_ASSOC); - if ($row) { + $obj->endpoints = endpoints(); + break; + case "/all": $obj->status = 200; - $obj->id = $row["id"]; - $obj->name = $row["name"]; - } + //Memes + $q_memes = "SELECT * FROM images"; + $obj->memes = memesArray($q_memes); + //Categories + $q_cats = "SELECT * FROM cats"; + $obj->categories = categoryArray($q_cats); + //Users + $users = array(); + $q_users = "SELECT * FROM token"; + $res_users = mysqli_query($jmcon, $q_users); + checksql($res_users); + while ($row = mysqli_fetch_array($res_users, MYSQLI_ASSOC)) { + array_push($users, $row["name"]); + } + mysqli_free_result($res_users); + $obj->users = $users; + break; + case "/baseurl": + case "/base": + $obj->status = 200; + $obj->baseurl = $jmurl; + break; + case "/memes": + $obj->status = 200; + $query = "SELECT * FROM images"; + if (isset($_GET["category"])) { + $query = addCondition('cat="' . $_GET["category"] . '"', $query); + } + if (isset($_GET["user"])) { + $query = addCondition('user LIKE "%' . $_GET["user"] . '%"', $query); + } + if (isset($_GET["search"])) { + $query = addCondition('path LIKE "%' . $_GET["search"] . '%"', $query); + } + $obj->memes = memesArray($query); + break; + case "/meme": + if (isset($_GET["id"])) { + $q = 'SELECT * FROM images WHERE id=' . $_GET["id"]; + $res = mysqli_query($jmcon, $q); + checksql($res); + $row = mysqli_fetch_array($res, MYSQLI_ASSOC); + if ($row) { + $obj->status = 200; + $path = $row["path"]; + $path = str_replace(" ", "%20", $path); + $obj->link = $jmurl . $path; + $obj->user = $row["user"]; + $obj->category = $row["cat"]; + } + } + break; + case "/random": + $query = "SELECT * FROM images"; + if (isset($_GET["category"])) { + $query = addCondition('cat="' . $_GET["category"] . '"', $query); + } + if (isset($_GET["user"])) { + $query = addCondition('user LIKE "%' . $_GET["user"] . '%"', $query); + } + $memes = memesArray($query); + $random = rand(0, count($memes) - 1); + $meme = $memes[$random]; + if (isset($meme->path)) { + $obj->status = 200; + $obj->link = $jmurl . $meme->path; + $obj->category = $meme->category; + $obj->user = $meme->user; + } + break; + case "/categories": + $obj->status = 200; + $obj->categories = categoryArray("SELECT * FROM cats"); + break; + case "/category": + if (isset($_GET["id"])) { + $q = 'SELECT * FROM cats WHERE id="' . $_GET["id"] . '"'; + $res = mysqli_query($jmcon, $q); + checksql($res); + $row = mysqli_fetch_array($res, MYSQLI_ASSOC); + if ($row) { + $obj->status = 200; + $obj->id = $row["id"]; + $obj->name = $row["name"]; + } + } + break; + case "/users": + $users = array(); + $q_users = "SELECT * FROM token"; + $res_users = mysqli_query($jmcon, $q_users); + checksql($res_users); + while ($row = mysqli_fetch_array($res_users, MYSQLI_ASSOC)) { + $user = new stdClass(); + $user->name = $row["name"]; + $user->tokenhash = md5($row["token"]); + $user->dayuploads = $row["uploadsLast24H"]; + array_push($users, $user); + } + mysqli_free_result($res_users); + $obj->users = $users; + $obj->status = 200; + break; + case "/token/random": + if (isset($_GET["user"])) { + $obj->status = 200; + $obj->token = genToken($_GET["user"]); + } else { + $obj->error = "Need to set a user with ?user"; + } + break; + default: + $obj->endpoints = endpoints(); + break; } -} elseif ($req == "/users") { - $users = array(); - $q_users = "SELECT * FROM token"; - $res_users = mysqli_query($jmcon, $q_users); - checksql($res_users); - while ($row = mysqli_fetch_array( $res_users, MYSQLI_ASSOC)) { - $user = new stdClass(); - $user->name = $row["name"]; - $user->tokenhash = md5($row["token"]); - $user->dayuploads = $row["uploadsLast24H"]; - array_push($users, $user); +} else if ($method == "POST") { + switch ($req) { + case "/upload": + upload(); + break; } - mysqli_free_result($res_users); - $obj->users = $users; - $obj->status = 200; -} elseif ($req == "/token/random") { - if (isset($_GET["user"])) { - $obj->status = 200; - $obj->token = genToken($_GET["user"]); - } else { - $obj->error = "Need to set a user with ?user"; - } -} -else { - $obj->endpoints = endpoints(); + + } header('Content-Type: application/json'); echo stripslashes(json_encode($obj, JSON_UNESCAPED_UNICODE)); function endpoints() { - return array("/all", "/baseurl", "/memes", "/meme", "/random", "/categories", "/category"); + return array("/all", "/baseurl", "/memes", "/meme", "/random", "/categories", "/category", "/users"); +} + +function postendpoints() { + return array("/admin", "/upload"); } function checksql($res) { @@ -184,3 +210,72 @@ function genToken($discord) { $prehash = $random . md5(time()) . $discord; return md5($prehash); } + +function upload() { + global $jmcon; + global $obj; + global $jmimagepath; + $token = $_POST["token"]; + $cat = $_POST["category"]; + $obj->token = $token; + if (isset($token)) { + if (isset($cat)) { + $query = "SELECT * FROM token WHERE token='$token'"; + $res = mysqli_query($jmcon, $query); + checksql($res); + $row = mysqli_fetch_array($res, MYSQLI_ASSOC); + if ($row) { + $uploads = $row["uploadsLast24H"]; + $homedir = $row["userdir"]; + $user = $row["name"]; + $countfiles = count($_FILES['file']['name']); + if ($countfiles == 0) { + $obj->status = 400; + $obj->error = "no files to upload send"; + } + else if ($uploads + $countfiles <= 20) { + $uploads += $countfiles; + $sqlMaxUpl = "UPDATE token SET uploadsLast24H='$uploads' WHERE token='$token'"; + mysqli_query($jmcon, $sqlMaxUpl); + if ($countfiles == 1) { + $filename = $_FILES['file']['name']; + if (isset($filename)) { + $obj->file = $filename; + move_uploaded_file($_FILES['file']['tmp_name'], $jmimagepath . $homedir . "/" . $filename); + $path = "images/" . $homedir . "/" . $filename; + $clientIP = $_SERVER['REMOTE_ADDR'];; + $sqlType = "INSERT INTO images (user, path, cat, ip) VALUES ('$user', '$path', '$cat', '$clientIP')"; + $res = mysqli_query($jmcon, $sqlType); + checksql($res); + } + } else { + for ($i = 0; $i < $countfiles; $i++) { + $filename = $_FILES['file']['name'][$i]; + if (isset($filename)) { + $obj->file = $filename; + move_uploaded_file($_FILES['file']['tmp_name'][$i], $jmimagepath . $homedir . "/" . $filename); + $path = "images/" . $homedir . "/" . $filename; + $clientIP = $_SERVER['REMOTE_ADDR'];; + $sqlType = "INSERT INTO images (user, path, cat, ip) VALUES ('$user', '$path', '$cat', '$clientIP')"; + $res = mysqli_query($jmcon, $sqlType); + checksql($res); + } + } + } + $obj->status = 201; + } else { + $obj->status = 403; + $obj->error = "upload limit reached"; + } + } else { + $obj->status = 403; + $obj->error = "token not existing"; + } + } else { + $obj->status = 400; + $obj->error = "missing category"; + } + } else { + $obj->status = 401; + } +}