282 lines
9.6 KiB
PHP
282 lines
9.6 KiB
PHP
<?php
|
|
include "vars.php";
|
|
global $jmurl;
|
|
|
|
$obj = new stdClass();
|
|
$obj->status = 404;
|
|
$req = $_SERVER["PATH_INFO"];
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
if ($method == "GET") {
|
|
switch ($req) {
|
|
case "":
|
|
case "/":
|
|
$obj->status = 200;
|
|
$obj->endpoints = endpoints();
|
|
break;
|
|
case "/all":
|
|
$obj->status = 200;
|
|
//Memes
|
|
$q_memes = "SELECT * FROM images";
|
|
$obj->memes = memesArray($q_memes);
|
|
//Categories
|
|
$q_cats = "SELECT * FROM cats";
|
|
$obj->categories = categoryArray($q_cats);
|
|
//Users
|
|
$users = array();
|
|
$q_users = "SELECT * FROM token";
|
|
$res_users = mysqli_query($jmcon, $q_users);
|
|
checksql($res_users);
|
|
while ($row = mysqli_fetch_array($res_users, MYSQLI_ASSOC)) {
|
|
array_push($users, $row["name"]);
|
|
}
|
|
mysqli_free_result($res_users);
|
|
$obj->users = $users;
|
|
break;
|
|
case "/baseurl":
|
|
case "/base":
|
|
$obj->status = 200;
|
|
$obj->baseurl = $jmurl;
|
|
break;
|
|
case "/memes":
|
|
$obj->status = 200;
|
|
$query = "SELECT * FROM images";
|
|
if (isset($_GET["category"])) {
|
|
$query = addCondition('cat="' . $_GET["category"] . '"', $query);
|
|
}
|
|
if (isset($_GET["user"])) {
|
|
$query = addCondition('user LIKE "%' . $_GET["user"] . '%"', $query);
|
|
}
|
|
if (isset($_GET["search"])) {
|
|
$query = addCondition('path LIKE "%' . $_GET["search"] . '%"', $query);
|
|
}
|
|
$obj->memes = memesArray($query);
|
|
break;
|
|
case "/meme":
|
|
if (isset($_GET["id"])) {
|
|
$q = 'SELECT * FROM images WHERE id=' . $_GET["id"];
|
|
$res = mysqli_query($jmcon, $q);
|
|
checksql($res);
|
|
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
|
|
if ($row) {
|
|
$obj->status = 200;
|
|
$path = $row["path"];
|
|
$path = str_replace(" ", "%20", $path);
|
|
$obj->link = $jmurl . $path;
|
|
$obj->user = $row["user"];
|
|
$obj->category = $row["cat"];
|
|
}
|
|
}
|
|
break;
|
|
case "/random":
|
|
$query = "SELECT * FROM images";
|
|
if (isset($_GET["category"])) {
|
|
$query = addCondition('cat="' . $_GET["category"] . '"', $query);
|
|
}
|
|
if (isset($_GET["user"])) {
|
|
$query = addCondition('user LIKE "%' . $_GET["user"] . '%"', $query);
|
|
}
|
|
$memes = memesArray($query);
|
|
$random = rand(0, count($memes) - 1);
|
|
$meme = $memes[$random];
|
|
if (isset($meme->path)) {
|
|
$obj->status = 200;
|
|
$obj->link = $jmurl . $meme->path;
|
|
$obj->category = $meme->category;
|
|
$obj->user = $meme->user;
|
|
}
|
|
break;
|
|
case "/categories":
|
|
$obj->status = 200;
|
|
$obj->categories = categoryArray("SELECT * FROM cats");
|
|
break;
|
|
case "/category":
|
|
if (isset($_GET["id"])) {
|
|
$q = 'SELECT * FROM cats WHERE id="' . $_GET["id"] . '"';
|
|
$res = mysqli_query($jmcon, $q);
|
|
checksql($res);
|
|
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
|
|
if ($row) {
|
|
$obj->status = 200;
|
|
$obj->id = $row["id"];
|
|
$obj->name = $row["name"];
|
|
}
|
|
}
|
|
break;
|
|
case "/users":
|
|
$users = array();
|
|
$q_users = "SELECT * FROM token";
|
|
$res_users = mysqli_query($jmcon, $q_users);
|
|
checksql($res_users);
|
|
while ($row = mysqli_fetch_array($res_users, MYSQLI_ASSOC)) {
|
|
$user = new stdClass();
|
|
$user->name = $row["name"];
|
|
$user->tokenhash = md5($row["token"]);
|
|
$user->dayuploads = $row["uploadsLast24H"];
|
|
array_push($users, $user);
|
|
}
|
|
mysqli_free_result($res_users);
|
|
$obj->users = $users;
|
|
$obj->status = 200;
|
|
break;
|
|
case "/token/random":
|
|
if (isset($_GET["user"])) {
|
|
$obj->status = 200;
|
|
$obj->token = genToken($_GET["user"]);
|
|
} else {
|
|
$obj->error = "Need to set a user with ?user";
|
|
}
|
|
break;
|
|
default:
|
|
$obj->endpoints = endpoints();
|
|
break;
|
|
}
|
|
} else if ($method == "POST") {
|
|
switch ($req) {
|
|
case "/upload":
|
|
upload();
|
|
break;
|
|
}
|
|
|
|
|
|
}
|
|
header('Content-Type: application/json');
|
|
echo stripslashes(json_encode($obj, JSON_UNESCAPED_UNICODE));
|
|
|
|
function endpoints() {
|
|
return array("/all", "/baseurl", "/memes", "/meme", "/random", "/categories", "/category", "/users");
|
|
}
|
|
|
|
function postendpoints() {
|
|
return array("/admin", "/upload");
|
|
}
|
|
|
|
function checksql($res) {
|
|
global $jmcon;
|
|
global $obj;
|
|
if (!$res) {
|
|
$obj->status = 500;
|
|
$obj->error = mysqli_error($jmcon);
|
|
}
|
|
}
|
|
|
|
function memesArray($query) {
|
|
global $jmcon;
|
|
|
|
$memes = array();
|
|
$res_memes = mysqli_query($jmcon, $query);
|
|
checksql($res_memes);
|
|
while ($row = mysqli_fetch_array( $res_memes, MYSQLI_ASSOC)) {
|
|
$meme = new stdClass();
|
|
$meme->id = $row["id"];
|
|
$path = $row["path"];
|
|
$path = str_replace(" ", "%20", $path);
|
|
$meme->path = $path;
|
|
$meme->category = $row["cat"];
|
|
$meme->user = $row["user"];
|
|
array_push($memes, $meme);
|
|
}
|
|
mysqli_free_result($res_memes);
|
|
return $memes;
|
|
}
|
|
|
|
function categoryArray($query) {
|
|
global $jmcon;
|
|
|
|
$cats = array();
|
|
$res_cats = mysqli_query($jmcon, $query);
|
|
checksql($res_cats);
|
|
while ($row = mysqli_fetch_array( $res_cats, MYSQLI_ASSOC)) {
|
|
$cat = new stdClass();
|
|
$cat->id = $row["id"];
|
|
$cat->name = $row["name"];
|
|
array_push($cats, $cat);
|
|
}
|
|
mysqli_free_result($res_cats);
|
|
|
|
return $cats;
|
|
}
|
|
|
|
function addCondition($cond, $query) {
|
|
if (strpos($query, "WHERE")) {
|
|
$query = $query . " AND " . $cond;
|
|
} else {
|
|
$query = $query . " WHERE " . $cond;
|
|
}
|
|
return $query;
|
|
}
|
|
|
|
function genToken($discord) {
|
|
$random = bin2hex(random_bytes(32));
|
|
$prehash = $random . md5(time()) . $discord;
|
|
return md5($prehash);
|
|
}
|
|
|
|
function upload() {
|
|
global $jmcon;
|
|
global $obj;
|
|
global $jmimagepath;
|
|
$token = $_POST["token"];
|
|
$cat = $_POST["category"];
|
|
$obj->token = $token;
|
|
if (isset($token)) {
|
|
if (isset($cat)) {
|
|
$query = "SELECT * FROM token WHERE token='$token'";
|
|
$res = mysqli_query($jmcon, $query);
|
|
checksql($res);
|
|
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
|
|
if ($row) {
|
|
$uploads = $row["uploadsLast24H"];
|
|
$homedir = $row["userdir"];
|
|
$user = $row["name"];
|
|
$countfiles = count($_FILES['file']['name']);
|
|
if ($countfiles == 0) {
|
|
$obj->status = 400;
|
|
$obj->error = "no files to upload send";
|
|
}
|
|
else if ($uploads + $countfiles <= 20) {
|
|
$uploads += $countfiles;
|
|
$sqlMaxUpl = "UPDATE token SET uploadsLast24H='$uploads' WHERE token='$token'";
|
|
mysqli_query($jmcon, $sqlMaxUpl);
|
|
if ($countfiles == 1) {
|
|
$filename = $_FILES['file']['name'];
|
|
if (isset($filename)) {
|
|
$obj->file = $filename;
|
|
move_uploaded_file($_FILES['file']['tmp_name'], $jmimagepath . $homedir . "/" . $filename);
|
|
$path = "images/" . $homedir . "/" . $filename;
|
|
$clientIP = $_SERVER['REMOTE_ADDR'];;
|
|
$sqlType = "INSERT INTO images (user, path, cat, ip) VALUES ('$user', '$path', '$cat', '$clientIP')";
|
|
$res = mysqli_query($jmcon, $sqlType);
|
|
checksql($res);
|
|
}
|
|
} else {
|
|
for ($i = 0; $i < $countfiles; $i++) {
|
|
$filename = $_FILES['file']['name'][$i];
|
|
if (isset($filename)) {
|
|
$obj->file = $filename;
|
|
move_uploaded_file($_FILES['file']['tmp_name'][$i], $jmimagepath . $homedir . "/" . $filename);
|
|
$path = "images/" . $homedir . "/" . $filename;
|
|
$clientIP = $_SERVER['REMOTE_ADDR'];;
|
|
$sqlType = "INSERT INTO images (user, path, cat, ip) VALUES ('$user', '$path', '$cat', '$clientIP')";
|
|
$res = mysqli_query($jmcon, $sqlType);
|
|
checksql($res);
|
|
}
|
|
}
|
|
}
|
|
$obj->status = 201;
|
|
} else {
|
|
$obj->status = 403;
|
|
$obj->error = "upload limit reached";
|
|
}
|
|
} else {
|
|
$obj->status = 403;
|
|
$obj->error = "token not existing";
|
|
}
|
|
} else {
|
|
$obj->status = 400;
|
|
$obj->error = "missing category";
|
|
}
|
|
} else {
|
|
$obj->status = 401;
|
|
}
|
|
}
|