summaryrefslogtreecommitdiff
path: root/upload.php
blob: c13b193522e969d32b7eeb3a66fc1f416d5ad370 (about) (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
<?php
require(__DIR__ . '/.config.php');
header('Content-Type: text/plain');

if (isset($_GET['df'])) {
	system("df -h --output=avail / | tail -1");
	exit;
}
if ($_SERVER['REQUEST_METHOD'] != 'POST' && $_SERVER['REQUEST_METHOD'] != 'PUT') {
	exit;
}

$c_t = strtolower($_SERVER['HTTP_CONTENT_TYPE'] ?? '');
if ($c_t == 'multipart/form-data' || 0 === strpos($c_t, 'multipart/form-data;')) {
	foreach (array_keys($_FILES['file']['size']) as $index) {
		// remap the array to have the dimensions ordered properly.
		$file = array();
		foreach (array_keys($_FILES['file']) as $key) {
			$file[$key] = $_FILES['file'][$key][$index];
		}
		// good, now $file['tmp_name'] exists for example, instead of $_FILES['file']['tmp_name'][$index]...

		if (!is_uploaded_file($file['tmp_name'])) {
			die_error("Not an uploaded file: $file[tmp_name]");
		}
		$hash = hash_file("sha512", $file['tmp_name']);
		if (FALSE === $hash) {
			die_error("Unable to hash uploaded file?!");
		}
		$filename = $hash . get_extension($file['name']);
		$filepath = UPLOAD_DIR . '/' . $filename;
		if (FALSE === move_uploaded_file($file['tmp_name'], $filepath)) {
			die_error("Renaming uploaded file $file[tmp_name] to $filepath failed");
		}
		echo UPLOAD_URL . $filename . "\n";
		send_notification("[hostfil.es] $_SERVER[REMOTE_ADDR] uploaded $file[full_path] $file[type] -> $filename");
	}
} else {
	$in_fh = fopen('php://input', 'r');
	$tmp_path = tempnam(UPLOAD_DIR, '.up-');
	$out_fh = fopen($tmp_path, 'w');
	if (FALSE === $out_fh) {
		die_error("Couldn't open temporary file $tmp_path");
	}
	$hash = hash_init("sha512");
	$size = 0;
	while (!feof($in_fh) && FALSE !== ($data = fread($in_fh, 1024*1024))) {
		hash_update($hash, $data);
		$fwrite_status = fwrite($out_fh, $data);
		if (FALSE === $fwrite_status || $fwrite_status < strlen($data)) {
			die_error("Outputting to temporary file $tmp_path failed");
		}
		$size += $fwrite_status;
	}
	fclose($in_fh);
	if (FALSE === fclose($out_fh)) {
		die_error("Closing temporary file $tmp_path failed");
	}
	$filename = hash_final($hash) . get_extension($_SERVER['PATH_INFO']);
	$filepath = UPLOAD_DIR . '/' . $filename;
	if (file_exists($filepath)) {
		unlink($tmp_path);
	} else {
		if (FALSE === rename($tmp_path, $filepath)) {
			die_error("Renaming temporary file $tmp_path to $filepath failed");
		}
	}
	echo UPLOAD_URL . $filename . "\n";
	send_notification("[hostfil.es] $_SERVER[REMOTE_ADDR] uploaded $_SERVER[PATH_INFO] $c_t -> $filename");
}


function send_notification($note) {
	$sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
	socket_connect($sock, gethostbyname(NOTIFICATION_ADDRESS), NOTIFICATION_PORT);
	socket_write($sock, $note, strlen($note));
	socket_close($sock);
}


function die_error($s) {
	global $tmp_path, $filepath, $size;
	header('Status: 500 Server Is 💩');
	echo $s;
	error_log($s);
	@$debug = json_encode(array('s'=>$_SERVER, 'f'=>$_FILES, 't'=>$tmp_path, 'p'=>$filepath, 'size' => $size));
	send_notification("[hostfil.es] $_SERVER[REMOTE_ADDR] ! $s\n$debug");
	exit;
}


function get_extension($file) {
	$ext = strrchr($file, '.');
	if (FALSE === $ext) {
		return '';
	}
	return $ext;
}