ITbyHF
/
webapi
forked from tilera/webapi
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
webapi/jensmemes.php

392 lines
14 KiB
PHP
Raw Permalink Blame History

<?php
include "vars.php";
global $jmurl;
$obj = new stdClass();
$obj->status = 404;
$req = $_SERVER["PATH_INFO"];
$method = $_SERVER['REQUEST_METHOD'];
if ($method == "GET") {
switch ($req) {
case "":
case "/":
$obj->status = 200;
$obj->endpoints = endpoints();
break;
case "/all":
$obj->status = 200;
//Memes
$q_memes = "SELECT * FROM images";
$obj->memes = memesArray($q_memes);
//Categories
$q_cats = "SELECT * FROM cats";
$obj->categories = categoryArray($q_cats);
//Users
$users = array();
$q_users = "SELECT * FROM token";
$res_users = mysqli_query($jmcon, $q_users);
checksql($res_users);
while ($row = mysqli_fetch_array($res_users, MYSQLI_ASSOC)) {
array_push($users, $row["name"]);
}
mysqli_free_result($res_users);
$obj->users = $users;
break;
case "/baseurl":
case "/base":
$obj->status = 200;
$obj->baseurl = $jmurl;
break;
case "/memes":
$obj->status = 200;
$query = "SELECT * FROM images";
if (isset($_GET["category"])) {
$query = addCondition('cat="' . santinize($_GET["category"]) . '"', $query);
}
if (isset($_GET["user"])) {
$query = addCondition('user LIKE "%' . santinize($_GET["user"]) . '%"', $query);
}
if (isset($_GET["search"])) {
$query = addCondition('path LIKE "%' . santinize($_GET["search"]) . '%"', $query);
}
$obj->memes = memesArray($query);
break;
case "/meme":
if (isset($_GET["id"])) {
$q = 'SELECT * FROM images WHERE id=' . santinize($_GET["id"]);
$res = mysqli_query($jmcon, $q);
checksql($res);
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
if ($row) {
$obj->status = 200;
$path = $row["path"];
$path = str_replace(" ", "%20", $path);
$obj->link = $jmurl . $path;
$obj->user = $row["user"];
$obj->category = $row["cat"];
$meme = new stdClass();
$meme->link = $jmurl . $path;
$meme->user = $row["user"];
$meme->category = $row["cat"];
$obj->meme = $meme;
}
}
break;
case "/random":
$query = "SELECT * FROM images";
if (isset($_GET["category"])) {
$query = addCondition('cat="' . santinize($_GET["category"]) . '"', $query);
}
if (isset($_GET["user"])) {
$query = addCondition('user LIKE "%' . santinize($_GET["user"]) . '%"', $query);
}
$memes = memesArray($query);
$random = rand(0, count($memes) - 1);
$meme = $memes[$random];
if (isset($meme->path)) {
$obj->status = 200;
$obj->link = $jmurl . $meme->path;
$obj->category = $meme->category;
$obj->user = $meme->user;
$img = new stdClass();
$img->link = $jmurl . $meme->path;
$img->category = $meme->category;
$img->user = $meme->user;
$obj->meme = $img;
}
break;
case "/categories":
$obj->status = 200;
$obj->categories = categoryArray("SELECT * FROM cats");
break;
case "/category":
if (isset($_GET["id"])) {
$q = 'SELECT * FROM cats WHERE id="' . santinize($_GET["id"]) . '"';
$res = mysqli_query($jmcon, $q);
checksql($res);
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
if ($row) {
$obj->status = 200;
$obj->id = $row["id"];
$obj->name = $row["name"];
$cat = new stdClass();
$cat->id = $row["id"];
$cat->name = $row["name"];
$obj->category = $cat;
}
}
break;
case "/users":
$users = array();
$q_users = "SELECT * FROM token";
$res_users = mysqli_query($jmcon, $q_users);
checksql($res_users);
while ($row = mysqli_fetch_array($res_users, MYSQLI_ASSOC)) {
$user = new stdClass();
$user->name = $row["name"];
$user->tokenhash = md5($row["token"]);
$user->userdir = $row["userdir"];
$user->id = $row["userdir"];
$user->dayuploads = $row["uploadsLast24H"];
array_push($users, $user);
}
mysqli_free_result($res_users);
$obj->users = $users;
$obj->status = 200;
break;
case "/user":
$q_user = "SELECT * FROM token";
if ($_GET["id"]) {
$q_user = addCondition('userdir="' . santinize($_GET["id"]) . '"', $q_user);
}
else if ($_GET["token"]) {
$q_user = addCondition('token="' . santinize($_GET["token"]) . '"', $q_user);
}
else if ($_GET["name"]) {
$q_user = addCondition('name LIKE "%' . santinize($_GET["name"]) . '%"', $q_user);
}
$res = mysqli_query($jmcon, $q_user);
checksql($res);
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
if ($row) {
$user = new stdClass();
$user->name = $row["name"];
$user->tokenhash = md5($row["token"]);
$user->userdir = $row["userdir"];
$user->id = $row["userdir"];
$user->dayuploads = $row["uploadsLast24H"];
$obj->user = $user;
$obj->status = 200;
} else {
$obj->error = "user not found";
}
break;
default:
$obj->endpoints = endpoints();
break;
}
} else if ($method == "POST") {
switch ($req) {
case "/upload":
upload();
break;
case "/admin":
admin(file_get_contents("php://input"));
}
}
header('Content-Type: application/json');
http_response_code($obj->status);
echo stripslashes(json_encode($obj, JSON_UNESCAPED_UNICODE));
function endpoints() {
return array("/all", "/baseurl", "/memes", "/meme", "/random", "/categories", "/category", "/users");
}
function postendpoints() {
return array("/admin", "/upload");
}
function checksql($res) {
global $jmcon;
global $obj;
if (!$res) {
$obj->status = 500;
$obj->error = mysqli_error($jmcon);
}
}
function memesArray($query) {
global $jmcon;
global $jmurl;
$memes = array();
$res_memes = mysqli_query($jmcon, $query);
checksql($res_memes);
while ($row = mysqli_fetch_array( $res_memes, MYSQLI_ASSOC)) {
$meme = new stdClass();
$meme->id = $row["id"];
$path = $row["path"];
$path = str_replace(" ", "%20", $path);
$meme->link = $jmurl . $path;
$meme->path = $path;
$meme->category = $row["cat"];
$meme->user = $row["user"];
array_push($memes, $meme);
}
mysqli_free_result($res_memes);
return $memes;
}
function categoryArray($query) {
global $jmcon;
$cats = array();
$res_cats = mysqli_query($jmcon, $query);
checksql($res_cats);
while ($row = mysqli_fetch_array( $res_cats, MYSQLI_ASSOC)) {
$cat = new stdClass();
$cat->id = $row["id"];
$cat->name = $row["name"];
array_push($cats, $cat);
}
mysqli_free_result($res_cats);
return $cats;
}
function addCondition($cond, $query) {
if (strpos($query, "WHERE")) {
$query = $query . " AND " . $cond;
} else {
$query = $query . " WHERE " . $cond;
}
return $query;
}
function genToken($discord) {
$random = bin2hex(random_bytes(32));
$prehash = $random . md5(time()) . $discord;
return md5($prehash);
}
function santinize($input) {
global $jmcon;
$out = str_replace(" ", "", $input);
$out = str_replace("'", "", $out);
$out = str_replace('"', "", $out);
$out = mysqli_escape_string($jmcon, $out);
return $out;
}
function upload() {
global $jmcon;
global $obj;
global $jmimagepath;
global $jmurl;
$token = $_POST["token"];
$token = santinize($token);
$cat = $_POST["category"];
$obj->token = $token;
if (isset($token)) {
if (isset($cat)) {
$query = "SELECT * FROM token WHERE token='$token'";
$res = mysqli_query($jmcon, $query);
checksql($res);
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
if ($row) {
$uploads = $row["uploadsLast24H"];
$homedir = $row["userdir"];
$user = $row["name"];
$countfiles = count($_FILES['file']['name']);
if ($countfiles == 0) {
$obj->status = 400;
$obj->error = "no files to upload send";
}
else if ($uploads + $countfiles <= 20) {
$uploads += $countfiles;
$sqlMaxUpl = "UPDATE token SET uploadsLast24H='$uploads' WHERE token='$token'";
mysqli_query($jmcon, $sqlMaxUpl);
$type = gettype($_FILES['file']['name']);
if ($type != "array") {
$filename = $_FILES['file']['name'];
if ($filename != "") {
move_uploaded_file($_FILES['file']['tmp_name'], $jmimagepath . $homedir . "/" . $filename);
$path = "images/" . $homedir . "/" . $filename;
$obj->files = array($jmurl.$path);
$clientIP = $_SERVER['REMOTE_ADDR'];;
$sqlType = "INSERT INTO images (user, path, cat, ip) VALUES ('$user', '$path', '$cat', '$clientIP')";
$res = mysqli_query($jmcon, $sqlType);
checksql($res);
}
} else {
$obj->files = array();
for ($i = 0; $i < $countfiles; $i++) {
$filename = $_FILES['file']['name'][$i];
if ($filename != "") {
move_uploaded_file($_FILES['file']['tmp_name'][$i], $jmimagepath . $homedir . "/" . $filename);
$path = "images/" . $homedir . "/" . $filename;
array_push($obj->files, $jmurl.$path);
$clientIP = $_SERVER['REMOTE_ADDR'];;
$sqlType = "INSERT INTO images (user, path, cat, ip) VALUES ('$user', '$path', '$cat', '$clientIP')";
$res = mysqli_query($jmcon, $sqlType);
checksql($res);
}
}
}
$obj->status = 201;
} else {
$obj->status = 403;
$obj->error = "upload limit reached";
}
} else {
$obj->status = 403;
$obj->error = "token not existing";
}
} else {
$obj->status = 400;
$obj->error = "missing category";
}
} else {
$obj->status = 401;
}
}
function admin($data) {
global $obj;
global $jmkey;
global $jmcon;
$decr = "";
openssl_public_decrypt(base64_decode($data), $decr, $jmkey);
$req = json_decode($decr);
if ($req == null) {
$obj->status = 400;
$obj->error = "bad request or unauthorized";
} else {
switch ($req->method) {
case "gettoken":
$user = $req->user;
$query = "SELECT * FROM token WHERE name='$user'";
$res = mysqli_query($jmcon, $query);
checksql($res);
$tok = mysqli_fetch_array($res, MYSQLI_ASSOC);
if ($tok) {
$obj->status = 200;
$obj->token = encrypt($tok["token"], $jmkey);
}
break;
case "register":
$user = $req->user;
$query = "SELECT * FROM token WHERE name='$user'";
$res = mysqli_query($jmcon, $query);
checksql($res);
$tok = mysqli_fetch_array($res, MYSQLI_ASSOC);
if ($tok) {
$obj->status = 200;
$obj->token = encrypt($tok["token"], $jmkey);
} else {
$token = genToken($user);
$userdir = md5($user);
$query = "INSERT INTO token (name, token, userdir) VALUES ('$user', '$token', '$userdir')";
$res = mysqli_query($jmcon, $query);
checksql($res);
if ($res) {
$obj->status = 201;
$obj->token = encrypt($token, $jmkey);
$obj->userdir = $userdir;
}
}
}
}
}
function encrypt($data, $pubkey) {
$encr = "";
openssl_public_encrypt($data, $encr, $pubkey);
return base64_encode($encr);
}
Reference in New Issue View Git Blame Copy Permalink