<?php
require_once '../system/function.php';
header('Access-Control-Allow-Origin: *');
header('Content-Type: application/json; charset=utf8');
header('Access-Control-Max-Age: 600');
header('Access-Control-Allow-Methods: POST, OPTIONS');
$req_dump = print_r($_REQUEST, true);
$fp = fopen('request.log', 'a');
fwrite($fp, $req_dump);
fclose($fp);
$set = $db->query('SELECT * FROM `set`')->fetch_assoc();
$maxsize = $set['maxsize'];
$time_interval = 1;
$max_requests = 2;
$fast_request_check = (@$_SESSION['last_session_request'] > time() - $time_interval);
if (!isset($_SESSION)) {
$_SESSION['last_session_request'] = time();
$_SESSION['request_count'] = 1;
} elseif ($fast_request_check && ($_SESSION['request_count'] < $max_requests) or $fast_request_check) {
$_SESSION['request_count']++;
echo '{
"data": {
"error": "Bad Request",
"message": "Too Many Requests"
},
"success": false,
"status": 429
}';
exit;
} else {
$_SESSION['last_session_request'] = time();
$_SESSION['request_count'] = 1;
if (isset($_POST)) {
$x = input(@$_POST['x']);
$y = input(@$_POST['y']);
$new_width = input(@$_POST['w']);
$new_height = input(@$_POST['h']);
$opis = input(@$_POST['opis']);
if (isset($user)) {
$username = $user['login'];
} elseif (isset($_POST['username'])) {
$username = input(@$_POST['username']);
} else {
$username = 'User'.mt_rand(1000,9999);
}
$usrId = input(@$_POST['userid']);
$access = input(@$_POST['access']);
$pass = input(@$_POST['pass']);
$size = @$_FILES['filename']['size'];
if ($_SERVER["HTTP_USER_AGENT"] == 'NULLED_USER_AGENT') {
$del = (int)1;
} else {
$del = input(@$_POST['del']);
}
if ($del != null) {
$avto = $del * 86400;
} else {
$avto = $set['del'] * 86400;
}
if (!@file_exists($_FILES['filename']['tmp_name'])) {
echo '{
"data": {
"error": "Bad Request",
"message": "Choose file"
},
"success": false,
"status": 400
}';
exit;
}
if (mb_strlen($username) < 2) {
echo '{
"data": {
"error": "Bad Request",
"message": "Enter name"
},
"success": false,
"status": 400
}';
exit;
}
if ($size > (1048576 * $maxsize)) {
echo '{
"data": {
"error": "Bad Request",
"message": "Maximum file size '.$maxsize.' Mb"
},
"success": false,
"status": 400
}';
exit;
}
if ($size < 4) {
echo '{
"data": {
"error": "Bad Request",
"message": "Empty file"
},
"success": false,
"status": 400
}';
exit;
}
if ($del != null) {
if ($del > 10) {
echo '{
"data": {
"error": "Bad Request",
"message": "Unknown storage date"
},
"success": false,
"status": 400
}';
exit;
}
}
if (isset($user)) {
$user_file = $user['id'];
} elseif (isset($usrId) and $usrId != 0) {
$user_file = $usrId;
} else {
$user_file = 0;
}
if ($pass != null) {
setcookie('filepass', $pass, time()+86400*365);
}
if ($access == null) {
$access = 'true';
} else if ($access == 'false') {
$access = 'false';
} else {
$access = 'true';
}
$filetype = array('jpg', 'gif', 'png', 'jpeg', 'bmp', 'ico', 'svg', 'psd', 'eps', 'ai', 'xd', 'sketch', 'zip', 'rar', 'mp3', 'ogg', 'wav', 'oga', 'avi', 'mp4', 'webm', '3gp', 'jar', 'apk', 'pdf', 'doc', 'docx', 'txt', 'ttf', 'pptx', 'torrent');
$upfiletype = substr($_FILES['filename']['name'], strrpos($_FILES['filename']['name'], '.')+1);
if (!in_array(strtolower($upfiletype), $filetype)) {
echo '{
"data": {
"error": "Bad Request",
"message": "This file format is not allowed"
},
"success": false,
"status": 400
}';
exit;
}
$files = $set['site'].'_'.mt_rand(1000,9999).'_'.time().'.'.$upfiletype;
if (strlen($x) or strlen($y)) {
$image = imagecreatefrompng($_FILES['filename']['tmp_name']);
$cropped = imagecreatetruecolor($new_width, $new_height);
imagecopyresampled($cropped, $image, 0, 0, $x, $y, $new_width, $new_height, $new_width, $new_height);
imagepng($cropped, H.'/files/'.$files);
} else {
move_uploaded_file($_FILES['filename']['tmp_name'], H.'/files/'.$files);
}
$upload = "INSERT INTO `file` (user, name, avtor, opis, file, format, pass, access, time, del) VALUES('$user_file', '".input($_FILES['filename']['name'])."', '$username', '$opis', '$files', '".strtolower($upfiletype)."', '$pass', '$access', '".time()."'+'".$avto."', '$del')";
$db->query($upload);
$sql = $db->insert_id;
echo '{
"data": {
"id": '.$sql.',
"url": "https://'.$_SERVER['HTTP_HOST'].'/file'.$sql.'",
"link": "https://'.$_SERVER['HTTP_HOST'].'/files/'.$files.'",
"name": '.json_encode($_FILES['filename']['name'], JSON_UNESCAPED_UNICODE).',
"opis": '.json_encode($opis, JSON_UNESCAPED_UNICODE).',
"type": "'.$upfiletype.'",
"author": '.json_encode($username, JSON_UNESCAPED_UNICODE).',
"time": '.time().'
},
"success": true,
"status": 200
}';
exit;
}
}