status = 404; $req = $_SERVER["PATH_INFO"]; $method = $_SERVER['REQUEST_METHOD']; if ($method == "GET") { switch ($req) { case "": case "/": $obj->status = 200; $obj->endpoints = endpoints(); break; case "/all": $obj->status = 200; //Memes $q_memes = "SELECT * FROM images"; $obj->memes = memesArray($q_memes); //Categories $q_cats = "SELECT * FROM cats"; $obj->categories = categoryArray($q_cats); //Users $users = array(); $q_users = "SELECT * FROM token"; $res_users = mysqli_query($jmcon, $q_users); checksql($res_users); while ($row = mysqli_fetch_array($res_users, MYSQLI_ASSOC)) { array_push($users, $row["name"]); } mysqli_free_result($res_users); $obj->users = $users; break; case "/baseurl": case "/base": $obj->status = 200; $obj->baseurl = $jmurl; break; case "/memes": $obj->status = 200; $query = "SELECT * FROM images"; if (isset($_GET["category"])) { $query = addCondition('cat="' . santinize($_GET["category"]) . '"', $query); } if (isset($_GET["user"])) { $query = addCondition('user LIKE "%' . santinize($_GET["user"]) . '%"', $query); } if (isset($_GET["search"])) { $query = addCondition('path LIKE "%' . santinize($_GET["search"]) . '%"', $query); } $obj->memes = memesArray($query); break; case "/meme": if (isset($_GET["id"])) { $q = 'SELECT * FROM images WHERE id=' . santinize($_GET["id"]); $res = mysqli_query($jmcon, $q); checksql($res); $row = mysqli_fetch_array($res, MYSQLI_ASSOC); if ($row) { $obj->status = 200; $path = $row["path"]; $path = str_replace(" ", "%20", $path); $obj->link = $jmurl . $path; $obj->user = $row["user"]; $obj->category = $row["cat"]; $meme = new stdClass(); $meme->link = $jmurl . $path; $meme->user = $row["user"]; $meme->category = $row["cat"]; $obj->meme = $meme; } } break; case "/random": $query = "SELECT * FROM images"; if (isset($_GET["category"])) { $query = addCondition('cat="' . santinize($_GET["category"]) . '"', $query); } if (isset($_GET["user"])) { $query = addCondition('user LIKE "%' . santinize($_GET["user"]) . '%"', $query); } $memes = memesArray($query); $random = rand(0, count($memes) - 1); $meme = $memes[$random]; if (isset($meme->path)) { $obj->status = 200; $obj->link = $jmurl . $meme->path; $obj->category = $meme->category; $obj->user = $meme->user; $img = new stdClass(); $img->link = $jmurl . $meme->path; $img->category = $meme->category; $img->user = $meme->user; $obj->meme = $img; } break; case "/categories": $obj->status = 200; $obj->categories = categoryArray("SELECT * FROM cats"); break; case "/category": if (isset($_GET["id"])) { $q = 'SELECT * FROM cats WHERE id="' . santinize($_GET["id"]) . '"'; $res = mysqli_query($jmcon, $q); checksql($res); $row = mysqli_fetch_array($res, MYSQLI_ASSOC); if ($row) { $obj->status = 200; $obj->id = $row["id"]; $obj->name = $row["name"]; $cat = new stdClass(); $cat->id = $row["id"]; $cat->name = $row["name"]; $obj->category = $cat; } } break; case "/users": $users = array(); $q_users = "SELECT * FROM token"; $res_users = mysqli_query($jmcon, $q_users); checksql($res_users); while ($row = mysqli_fetch_array($res_users, MYSQLI_ASSOC)) { $user = new stdClass(); $user->name = $row["name"]; $user->tokenhash = md5($row["token"]); $user->userdir = $row["userdir"]; $user->id = $row["userdir"]; $user->dayuploads = $row["uploadsLast24H"]; array_push($users, $user); } mysqli_free_result($res_users); $obj->users = $users; $obj->status = 200; break; case "/user": $q_user = "SELECT * FROM token"; if ($_GET["id"]) { $q_user = addCondition('userdir="' . santinize($_GET["id"]) . '"', $q_user); } else if ($_GET["token"]) { $q_user = addCondition('token="' . santinize($_GET["token"]) . '"', $q_user); } else if ($_GET["name"]) { $q_user = addCondition('name LIKE "%' . santinize($_GET["name"]) . '%"', $q_user); } $res = mysqli_query($jmcon, $q_user); checksql($res); $row = mysqli_fetch_array($res, MYSQLI_ASSOC); if ($row) { $user = new stdClass(); $user->name = $row["name"]; $user->tokenhash = md5($row["token"]); $user->userdir = $row["userdir"]; $user->id = $row["userdir"]; $user->dayuploads = $row["uploadsLast24H"]; $obj->user = $user; $obj->status = 200; } else { $obj->error = "user not found"; } break; default: $obj->endpoints = endpoints(); break; } } else if ($method == "POST") { switch ($req) { case "/upload": upload(); break; case "/admin": admin(file_get_contents("php://input")); } } header('Content-Type: application/json'); http_response_code($obj->status); echo stripslashes(json_encode($obj, JSON_UNESCAPED_UNICODE)); function endpoints() { return array("/all", "/baseurl", "/memes", "/meme", "/random", "/categories", "/category", "/users"); } function postendpoints() { return array("/admin", "/upload"); } function checksql($res) { global $jmcon; global $obj; if (!$res) { $obj->status = 500; $obj->error = mysqli_error($jmcon); } } function memesArray($query) { global $jmcon; global $jmurl; $memes = array(); $res_memes = mysqli_query($jmcon, $query); checksql($res_memes); while ($row = mysqli_fetch_array( $res_memes, MYSQLI_ASSOC)) { $meme = new stdClass(); $meme->id = $row["id"]; $path = $row["path"]; $path = str_replace(" ", "%20", $path); $meme->link = $jmurl . $path; $meme->path = $path; $meme->category = $row["cat"]; $meme->user = $row["user"]; array_push($memes, $meme); } mysqli_free_result($res_memes); return $memes; } function categoryArray($query) { global $jmcon; $cats = array(); $res_cats = mysqli_query($jmcon, $query); checksql($res_cats); while ($row = mysqli_fetch_array( $res_cats, MYSQLI_ASSOC)) { $cat = new stdClass(); $cat->id = $row["id"]; $cat->name = $row["name"]; array_push($cats, $cat); } mysqli_free_result($res_cats); return $cats; } function addCondition($cond, $query) { if (strpos($query, "WHERE")) { $query = $query . " AND " . $cond; } else { $query = $query . " WHERE " . $cond; } return $query; } function genToken($discord) { $random = bin2hex(random_bytes(32)); $prehash = $random . md5(time()) . $discord; return md5($prehash); } function santinize($input) { global $jmcon; $out = str_replace(" ", "", $input); $out = str_replace("'", "", $out); $out = str_replace('"', "", $out); $out = mysqli_escape_string($jmcon, $out); return $out; } function upload() { global $jmcon; global $obj; global $jmimagepath; global $jmurl; $token = $_POST["token"]; $token = santinize($token); $cat = $_POST["category"]; $obj->token = $token; if (isset($token)) { if (isset($cat)) { $query = "SELECT * FROM token WHERE token='$token'"; $res = mysqli_query($jmcon, $query); checksql($res); $row = mysqli_fetch_array($res, MYSQLI_ASSOC); if ($row) { $uploads = $row["uploadsLast24H"]; $homedir = $row["userdir"]; $user = $row["name"]; $countfiles = count($_FILES['file']['name']); if ($countfiles == 0) { $obj->status = 400; $obj->error = "no files to upload send"; } else if ($uploads + $countfiles <= 20) { $uploads += $countfiles; $sqlMaxUpl = "UPDATE token SET uploadsLast24H='$uploads' WHERE token='$token'"; mysqli_query($jmcon, $sqlMaxUpl); $type = gettype($_FILES['file']['name']); if ($type != "array") { $filename = $_FILES['file']['name']; if ($filename != "") { move_uploaded_file($_FILES['file']['tmp_name'], $jmimagepath . $homedir . "/" . $filename); $path = "images/" . $homedir . "/" . $filename; $obj->files = array($jmurl.$path); $clientIP = $_SERVER['REMOTE_ADDR'];; $sqlType = "INSERT INTO images (user, path, cat, ip) VALUES ('$user', '$path', '$cat', '$clientIP')"; $res = mysqli_query($jmcon, $sqlType); checksql($res); } } else { $obj->files = array(); for ($i = 0; $i < $countfiles; $i++) { $filename = $_FILES['file']['name'][$i]; if ($filename != "") { move_uploaded_file($_FILES['file']['tmp_name'][$i], $jmimagepath . $homedir . "/" . $filename); $path = "images/" . $homedir . "/" . $filename; array_push($obj->files, $jmurl.$path); $clientIP = $_SERVER['REMOTE_ADDR'];; $sqlType = "INSERT INTO images (user, path, cat, ip) VALUES ('$user', '$path', '$cat', '$clientIP')"; $res = mysqli_query($jmcon, $sqlType); checksql($res); } } } $obj->status = 201; } else { $obj->status = 403; $obj->error = "upload limit reached"; } } else { $obj->status = 403; $obj->error = "token not existing"; } } else { $obj->status = 400; $obj->error = "missing category"; } } else { $obj->status = 401; } } function admin($data) { global $obj; global $jmkey; global $jmcon; $decr = ""; openssl_public_decrypt(base64_decode($data), $decr, $jmkey); $req = json_decode($decr); if ($req == null) { $obj->status = 400; $obj->error = "bad request or unauthorized"; } else { switch ($req->method) { case "gettoken": $user = $req->user; $query = "SELECT * FROM token WHERE name='$user'"; $res = mysqli_query($jmcon, $query); checksql($res); $tok = mysqli_fetch_array($res, MYSQLI_ASSOC); if ($tok) { $obj->status = 200; $obj->token = encrypt($tok["token"], $jmkey); } break; case "register": $user = $req->user; $query = "SELECT * FROM token WHERE name='$user'"; $res = mysqli_query($jmcon, $query); checksql($res); $tok = mysqli_fetch_array($res, MYSQLI_ASSOC); if ($tok) { $obj->status = 200; $obj->token = encrypt($tok["token"], $jmkey); } else { $token = genToken($user); $userdir = md5($user); $query = "INSERT INTO token (name, token, userdir) VALUES ('$user', '$token', '$userdir')"; $res = mysqli_query($jmcon, $query); checksql($res); if ($res) { $obj->status = 201; $obj->token = encrypt($token, $jmkey); $obj->userdir = $userdir; } } } } } function encrypt($data, $pubkey) { $encr = ""; openssl_public_encrypt($data, $encr, $pubkey); return base64_encode($encr); }