diff options
| author | 2026-06-24 03:22:20 -0400 | |
|---|---|---|
| committer | 2026-06-24 03:22:20 -0400 | |
| commit | 1246a277c17d8b600f9c9b1de7a12ae6fb6da962 (patch) | |
| tree | 9703871809d1f799c1e690f8fd11805c8b8b0f66 /upload.php | |
init
Diffstat (limited to 'upload.php')
| -rw-r--r-- | upload.php | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/upload.php b/upload.php new file mode 100644 index 0000000..3c0c3a7 --- /dev/null +++ b/upload.php @@ -0,0 +1,95 @@ +<?php +require(__DIR__ . '/.config.php'); +header('Content-Type: text/plain'); + +if (isset($_GET['df'])) { + system("df -h --output=avail / | tail -1"); + exit; +} + +$c_t = strtolower($_SERVER['HTTP_CONTENT_TYPE'] ?? ''); +if ($c_t == 'multipart/form-data' || 0 === strpos($c_t, 'multipart/form-data;')) { + foreach (array_keys($_FILES['file']['size']) as $index) { + // remap the array to have the dimensions ordered properly. + $file = array(); + foreach (array_keys($_FILES['file']) as $key) { + $file[$key] = $_FILES['file'][$key][$index]; + } + // good, now $file['tmp_name'] exists for example, instead of $_FILES['file']['tmp_name'][$index]... + + if (!is_uploaded_file($file['tmp_name'])) { + die_error("Not an uploaded file: $file[tmp_name]"); + } + $hash = hash_file("sha512", $file['tmp_name']); + if (FALSE === $hash) { + die_error("Unable to hash uploaded file?!"); + } + $filename = $hash . get_extension($file['name']); + $filepath = UPLOAD_DIR . '/' . $filename; + if (FALSE === move_uploaded_file($file['tmp_name'], $filepath)) { + die_error("Renaming uploaded file $file[tmp_name] to $filepath failed"); + } + echo UPLOAD_URL . $filename . "\n"; + send_notification("[hostfil.es] $_SERVER[REMOTE_ADDR] uploaded $file[full_path] $file[type] -> $filename"); + } +} else { + $in_fh = fopen('php://input', 'r'); + $tmp_path = tempnam(UPLOAD_DIR, '.up-'); + $out_fh = fopen($tmp_path, 'w'); + if (FALSE === $out_fh) { + die_error("Couldn't open temporary file $tmp_path"); + } + $hash = hash_init("sha512"); + $size = 0; + while (!feof($in_fh) && FALSE !== ($data = fread($in_fh, 1024*1024))) { + hash_update($hash, $data); + $fwrite_status = fwrite($out_fh, $data); + if (FALSE === $fwrite_status || $fwrite_status < strlen($data)) { + die_error("Outputting to temporary file $tmp_path failed"); + } + $size += $fwrite_status; + } + fclose($in_fh); + if (FALSE === fclose($out_fh)) { + die_error("Closing temporary file $tmp_path failed"); + } + $filename = hash_final($hash) . get_extension($_SERVER['PATH_INFO']); + $filepath = UPLOAD_DIR . '/' . $filename; + if (file_exists($filepath)) { + unlink($tmp_path); + } else { + if (FALSE === rename($tmp_path, $filepath)) { + die_error("Renaming temporary file $tmp_path to $filepath failed"); + } + } + echo UPLOAD_URL . $filename . "\n"; + send_notification("[hostfil.es] $_SERVER[REMOTE_ADDR] uploaded $_SERVER[PATH_INFO] $c_t -> $filename"); +} + + +function send_notification($note) { + $sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); + socket_connect($sock, gethostbyname(NOTIFICATION_ADDRESS), NOTIFICATION_PORT); + socket_write($sock, $note, strlen($note)); + socket_close($sock); +} + + +function die_error($s) { + global $tmp_path, $filepath, $size; + header('Status: 500 Server Is 💩'); + echo $s; + error_log($s); + @$debug = json_encode(array('s'=>$_SERVER, 'f'=>$_FILES, 't'=>$tmp_path, 'p'=>$filepath, 'size' => $size)); + send_notification("[hostfil.es] $_SERVER[REMOTE_ADDR] ! $s\n$debug"); + exit; +} + + +function get_extension($file) { + $ext = strrchr($file, '.'); + if (FALSE === $ext) { + return ''; + } + return $ext; +} |
