adlerka.top/lib/upload.php

<?php

function makePathSafe($userInput): string
{
    // Keep only alphanumeric characters, underscores, and hyphens
    $safeString = preg_replace('/[^\w\-]/', '', $userInput);

    // Ensure no path traversal
    $safeString = str_replace('..', '_', $safeString);

    // Trim leading/trailing underscores
    $safeString = trim($safeString, '_');

    // Replace directory separator characters with underscores
    $safeString = str_replace(['/', '\\'], '_', $safeString);

    // Limit length for safety
    return substr($safeString, 0, 255);
}

function autoRotateImage(Imagick $imagick): void {
    // Get the current orientation of the image
    try {
        $orientation = $imagick->getImageOrientation();
        switch ($orientation) {
            case Imagick::ORIENTATION_BOTTOMRIGHT: // upside down
                $imagick->rotateimage("#000", 180); // rotate 180 degrees
                break;

            case Imagick::ORIENTATION_RIGHTTOP: // 90 degrees CW
                $imagick->rotateimage("#000", 90); // rotate 90 degrees CW
                break;

            case Imagick::ORIENTATION_LEFTBOTTOM: // 90 degrees CCW
                $imagick->rotateimage("#000", -90); // rotate 90 degrees CCW
                break;
        }

        // Reset orientation to normal after the correction
        $imagick->setImageOrientation(Imagick::ORIENTATION_TOPLEFT);
    } catch (ImagickException) {
    }

}

function getIncomingFiles(): array
{
    $files = $_FILES;
    $files2 = [];
    foreach ($files as $infoArr) {
        $filesByInput = [];
        foreach ($infoArr as $key => $valueArr) {
            if (is_array($valueArr)) { // file input "multiple"
                foreach ($valueArr as $i => $value) {
                    $filesByInput[$i][$key] = $value;
                }
            } else { // -> string, normal file input
                $filesByInput[] = $infoArr;
                break;
            }
        }
        $files2 = array_merge($files2, $filesByInput);
    }
    $files3 = [];
    foreach ($files2 as $file) { // let's filter empty & errors
        if (!$file['error']) $files3[] = $file;
    }
    return $files3;
}

function saveUploadedFileInDatabase(string $filePath, string $fileType, int $width, int $height): bool
{
    global $mysqli;
    $stmt = $mysqli->prepare("INSERT INTO Files (Path, Type, UploadedBy, UploadedAt, Width, Height) VALUES (?, ?, ?, NOW(), ?, ?)");
    $stmt->bind_param("ssiii", $filePath, $fileType, $_SESSION["ID"], $width, $height);
    $stmt->execute();
    $stat = $stmt->affected_rows > 0;
    $stmt->close();
    return $stat;
}

function doImageUpload($inFile, $outFile): bool
{
    // Create Imagick object
    $width = 0;
    $height = 0;
    try {
        $imagick = new Imagick($inFile);
        $imagick->setImageFormat('webp');
        autoRotateImage($imagick);
        $imagick->stripImage();
        $imagick->writeImage($outFile);
        $width = $imagick->getImageWidth();
        $height = $imagick->getImageHeight();
        $imagick->destroy();
    } catch (ImagickException) {
    }

    // Check if the reencoding was successful
    if (file_exists($outFile)) {
        return saveUploadedFileInDatabase($outFile, 'image/webp', $width, $height);
    } else {
        return false;
    }
}

function listFiles($onlyMine = true): array
{
    $output = ["Status" => "Success"];
    require_once "lib/account.php";
    if (isLoggedIn()) {
        global $mysqli;
        if (!$onlyMine && !isModerator()) {
            $onlyMine = true;
        }
        $query = "SELECT Files.ID, Files.Path, Files.Type, Files.UploadedAt, Files.UploadedBy, Users.Nickname FROM Files INNER JOIN Users ON Files.UploadedBy = Users.ID ORDER BY UploadedAt DESC";

        if ($onlyMine) {
            $query .= " WHERE UploadedBy = ?";
        }

        $stmt = $mysqli->prepare($query);
        if ($onlyMine) {
            $stmt->bind_param("i", $_SESSION["ID"]);
        }

        $id = 0;
        $path = "";
        $type = "";
        $uploadedAt = "";
        $uploadedByID = 0;
        $uploadedBy = "";

        $stmt->bind_result($id, $path, $type, $uploadedAt, $uploadedByID, $uploadedBy);

        $stmt->execute();
        $files = array();
        // Fetch the results into the bound variables
        while ($stmt->fetch()) {
            $files[] = [
                'ID' => $id,
                'Path' => $path,
                'Type' => $type,
                'UploadedAt' => $uploadedAt,
                'UploadedByID' => $uploadedByID,
                'UploadedBy' => $uploadedBy,
            ];
        }

        // Check if any results were fetched
        $output["Files"] = $files;

        $stmt->close();
    }

    return $output;

}

function parseIncomingFiles(): array
{
    $incomingFiles = getIncomingFiles();
    $success = true;
    foreach ($incomingFiles as $incomingFile) {
        if ($incomingFile["error"] == 0 && is_file($incomingFile["tmp_name"])) {
            $type = explode("/", $incomingFile["type"]);
            if ($type[0] == "image") {
                $imgFname = pathinfo($incomingFile["name"], PATHINFO_FILENAME);
                $uploadPath = getUploadPath("image", $imgFname);
                if (!empty($uploadPath)) {
                    if (!doImageUpload($incomingFile["tmp_name"], $uploadPath)) {
                        $success = false;
                    }
                } else {
                    $success = false;
                }
            }
        }
    }
    $output = ["Status" => "Fail"];
    if ($success) {
        $output["Status"] = "Success";
    }
    return $output;
}

function getUploadPath($type = "unknown", $filename = "hehe"): string
{
    $type = makePathSafe($type);
    $id = makePathSafe($_SESSION["ID"]);
    $date = makePathSafe(date("YmdHis"));
    $filename = makePathSafe($filename);
    $extension = match ($type) {
        'image' => 'webp',
        default => 'dummy',
    };
    if ($extension != "dummy") {
        $basepath = "uploads/$type/$id/$date";
        mkdir($basepath, 755, true);
        return $basepath . "/$filename.$extension";
    } else {
        return "";
    }
}

function fileExists(int $fileId, bool $onlyMine = true): bool|string
{
    if (!$fileId) {
        return false;
    }
    global $mysqli;
    if (!$onlyMine && !isModerator()) {
        $onlyMine = true;
    }
    $query = 'SELECT ID, Path FROM Files WHERE ID = ?' . ($onlyMine ? ' AND UploadedBy = ?' : '');
    $stmtfileexists = $mysqli->prepare($query);
    if ($onlyMine) {
        $stmtfileexists->bind_param('ii', $fileId, $_SESSION['ID']);
    } else {
        $stmtfileexists->bind_param('i', $fileId);
    }
    $filePath = "";
    $id = null;
    $stmtfileexists->bind_result($id, $filePath);
    $stmtfileexists->execute();
    $stmtfileexists->fetch();
    if ($id != null) {
        return $filePath;
    } else {
        return false;
    }
}

function addToGroup(int $groupId, int $fileId): array
{
    $output = ["Status" => "Fail"];
    if (!$groupId || !$fileId) {
        return $output;
    }
    global $mysqli;
    $stmtcheck = $mysqli->prepare('SELECT ID FROM FileGroups WHERE CreatorID != ? AND ID = ?');
    $stmtcheck->bind_param('ii', $_SESSION['ID'], $groupId);
    $stmtcheck->execute();
    if ($stmtcheck->affected_rows == 0) {
        if (fileExists($fileId, false)) {
            $stmtadd = $mysqli->prepare('INSERT INTO FileGroups (FileID, CreatorID, ID) VALUES (?, ?, ?)');
            $stmtadd->bind_param('iii', $fileId, $_SESSION['ID'], $groupId);
            $stmtadd->execute();
            if ($stmtadd->affected_rows > 0) {
                $output["Status"] = "Success";
            }
        }
    }
    return $output;
}

function deleteFile(int $fileID): array
{
    global $mysqli;
    $out = ["Status" => "Fail"];
    if (isLoggedIn()) {
        $file_location = fileExists($fileID, !isAdmin());
        $query = !isAdmin() ? 'DELETE FROM Files WHERE ID = ? AND UploadedBy = ?' : 'DELETE FROM Files WHERE ID = ?';
        $stmtDelete = $mysqli->prepare($query);
        if (!isAdmin()) {
            $stmtDelete->bind_param('ii', $fileID, $_SESSION['ID']);
        } else {
            $stmtDelete->bind_param('i', $fileID);
        }
        $stmtDelete->execute();
        if ($file_location) {
            if (unlink($file_location) && $stmtDelete->affected_rows > 0) {
                $out['Status'] = 'Success';
            }
        }
    }
    return $out;
}
Add upload backend 2024-03-01 22:14:20 +01:00			`<?php`

			`function makePathSafe($userInput): string`
			`{`
			`// Keep only alphanumeric characters, underscores, and hyphens`
			`$safeString = preg_replace('/[^\w\-]/', '', $userInput);`

			`// Ensure no path traversal`
			`$safeString = str_replace('..', '_', $safeString);`

			`// Trim leading/trailing underscores`
			`$safeString = trim($safeString, '_');`

			`// Replace directory separator characters with underscores`
			`$safeString = str_replace(['/', '\\'], '_', $safeString);`

			`// Limit length for safety`
			`return substr($safeString, 0, 255);`
			`}`

Stuff 2024-04-26 14:37:54 +02:00			`function autoRotateImage(Imagick $imagick): void {`
			`// Get the current orientation of the image`
			`try {`
			`$orientation = $imagick->getImageOrientation();`
			`switch ($orientation) {`
			`case Imagick::ORIENTATION_BOTTOMRIGHT: // upside down`
			`$imagick->rotateimage("#000", 180); // rotate 180 degrees`
			`break;`

			`case Imagick::ORIENTATION_RIGHTTOP: // 90 degrees CW`
			`$imagick->rotateimage("#000", 90); // rotate 90 degrees CW`
			`break;`

			`case Imagick::ORIENTATION_LEFTBOTTOM: // 90 degrees CCW`
			`$imagick->rotateimage("#000", -90); // rotate 90 degrees CCW`
			`break;`
			`}`

			`// Reset orientation to normal after the correction`
			`$imagick->setImageOrientation(Imagick::ORIENTATION_TOPLEFT);`
			`} catch (ImagickException) {`
			`}`

			`}`

Add upload backend 2024-03-01 22:14:20 +01:00			`function getIncomingFiles(): array`
			`{`
			`$files = $_FILES;`
			`$files2 = [];`
			`foreach ($files as $infoArr) {`
			`$filesByInput = [];`
			`foreach ($infoArr as $key => $valueArr) {`
			`if (is_array($valueArr)) { // file input "multiple"`
			`foreach ($valueArr as $i => $value) {`
			`$filesByInput[$i][$key] = $value;`
			`}`
			`} else { // -> string, normal file input`
			`$filesByInput[] = $infoArr;`
			`break;`
			`}`
			`}`
			`$files2 = array_merge($files2, $filesByInput);`
			`}`
			`$files3 = [];`
			`foreach ($files2 as $file) { // let's filter empty & errors`
			`if (!$file['error']) $files3[] = $file;`
			`}`
			`return $files3;`
			`}`

Update meme voting 2024-04-27 11:48:58 +02:00			`function saveUploadedFileInDatabase(string $filePath, string $fileType, int $width, int $height): bool`
Add upload backend 2024-03-01 22:14:20 +01:00			`{`
			`global $mysqli;`
Update meme voting 2024-04-27 11:48:58 +02:00			`$stmt = $mysqli->prepare("INSERT INTO Files (Path, Type, UploadedBy, UploadedAt, Width, Height) VALUES (?, ?, ?, NOW(), ?, ?)");`
			`$stmt->bind_param("ssiii", $filePath, $fileType, $_SESSION["ID"], $width, $height);`
Add upload backend 2024-03-01 22:14:20 +01:00			`$stmt->execute();`
			`$stat = $stmt->affected_rows > 0;`
			`$stmt->close();`
			`return $stat;`
			`}`

			`function doImageUpload($inFile, $outFile): bool`
			`{`
			`// Create Imagick object`
Update meme voting 2024-04-27 11:48:58 +02:00			`$width = 0;`
			`$height = 0;`
PHPStorm stuff 2024-03-10 22:55:29 +01:00			`try {`
			`$imagick = new Imagick($inFile);`
			`$imagick->setImageFormat('webp');`
Stuff 2024-04-26 14:37:54 +02:00			`autoRotateImage($imagick);`
PHPStorm stuff 2024-03-10 22:55:29 +01:00			`$imagick->stripImage();`
			`$imagick->writeImage($outFile);`
Update meme voting 2024-04-27 11:48:58 +02:00			`$width = $imagick->getImageWidth();`
			`$height = $imagick->getImageHeight();`
Add file upload 2024-04-25 10:19:24 +02:00			`$imagick->destroy();`
Stuff 2024-04-26 14:37:54 +02:00			`} catch (ImagickException) {`
PHPStorm stuff 2024-03-10 22:55:29 +01:00			`}`
Add upload backend 2024-03-01 22:14:20 +01:00
			`// Check if the reencoding was successful`
			`if (file_exists($outFile)) {`
Update meme voting 2024-04-27 11:48:58 +02:00			`return saveUploadedFileInDatabase($outFile, 'image/webp', $width, $height);`
Add upload backend 2024-03-01 22:14:20 +01:00			`} else {`
			`return false;`
			`}`
			`}`

Do something 2024-04-11 10:36:40 +02:00			`function listFiles($onlyMine = true): array`
Add upload backend 2024-03-01 22:14:20 +01:00			`{`
Update meme voting 2024-04-27 11:57:07 +02:00			`$output = ["Status" => "Success"];`
Add upload backend 2024-03-01 22:14:20 +01:00			`require_once "lib/account.php";`
Fix 2024-04-26 09:46:10 +02:00			`if (isLoggedIn()) {`
Add upload backend 2024-03-01 22:14:20 +01:00			`global $mysqli;`
Fix 2024-04-26 09:46:10 +02:00			`if (!$onlyMine && !isModerator()) {`
			`$onlyMine = true;`
			`}`
Rewrite some stuff 2024-04-26 15:09:45 +02:00			`$query = "SELECT Files.ID, Files.Path, Files.Type, Files.UploadedAt, Files.UploadedBy, Users.Nickname FROM Files INNER JOIN Users ON Files.UploadedBy = Users.ID ORDER BY UploadedAt DESC";`
Add upload backend 2024-03-01 22:14:20 +01:00
Do something 2024-04-11 10:36:40 +02:00			`if ($onlyMine) {`
Add upload backend 2024-03-01 22:14:20 +01:00			`$query .= " WHERE UploadedBy = ?";`
			`}`

			`$stmt = $mysqli->prepare($query);`
Do something 2024-04-11 10:36:40 +02:00			`if ($onlyMine) {`
Add upload backend 2024-03-01 22:14:20 +01:00			`$stmt->bind_param("i", $_SESSION["ID"]);`
			`}`

			`$id = 0;`
			`$path = "";`
			`$type = "";`
			`$uploadedAt = "";`
Rewrite some stuff 2024-04-26 15:09:45 +02:00			`$uploadedByID = 0;`
			`$uploadedBy = "";`
Add upload backend 2024-03-01 22:14:20 +01:00
Rewrite some stuff 2024-04-26 15:09:45 +02:00			`$stmt->bind_result($id, $path, $type, $uploadedAt, $uploadedByID, $uploadedBy);`
Add upload backend 2024-03-01 22:14:20 +01:00
			`$stmt->execute();`
Update meme voting 2024-04-27 11:57:07 +02:00			`$files = array();`
Add upload backend 2024-03-01 22:14:20 +01:00			`// Fetch the results into the bound variables`
			`while ($stmt->fetch()) {`
			`$files[] = [`
			`'ID' => $id,`
			`'Path' => $path,`
			`'Type' => $type,`
			`'UploadedAt' => $uploadedAt,`
Rewrite some stuff 2024-04-26 15:09:45 +02:00			`'UploadedByID' => $uploadedByID,`
Add upload backend 2024-03-01 22:14:20 +01:00			`'UploadedBy' => $uploadedBy,`
			`];`
			`}`

			`// Check if any results were fetched`
Update meme voting 2024-04-27 11:57:07 +02:00			`$output["Files"] = $files;`
Add upload backend 2024-03-01 22:14:20 +01:00
			`$stmt->close();`
			`}`

			`return $output;`

			`}`

			`function parseIncomingFiles(): array`
			`{`
			`$incomingFiles = getIncomingFiles();`
			`$success = true;`
			`foreach ($incomingFiles as $incomingFile) {`
			`if ($incomingFile["error"] == 0 && is_file($incomingFile["tmp_name"])) {`
			`$type = explode("/", $incomingFile["type"]);`
Add file upload 2024-04-25 10:49:45 +02:00			`if ($type[0] == "image") {`
PHPStorm stuff 2024-03-10 22:55:29 +01:00			`$imgFname = pathinfo($incomingFile["name"], PATHINFO_FILENAME);`
			`$uploadPath = getUploadPath("image", $imgFname);`
			`if (!empty($uploadPath)) {`
			`if (!doImageUpload($incomingFile["tmp_name"], $uploadPath)) {`
Add upload backend 2024-03-01 22:14:20 +01:00			`$success = false;`
			`}`
PHPStorm stuff 2024-03-10 22:55:29 +01:00			`} else {`
			`$success = false;`
			`}`
Add upload backend 2024-03-01 22:14:20 +01:00			`}`
			`}`
			`}`
			`$output = ["Status" => "Fail"];`
Do something 2024-04-11 10:36:40 +02:00			`if ($success) {`
Add upload backend 2024-03-01 22:14:20 +01:00			`$output["Status"] = "Success";`
			`}`
			`return $output;`
			`}`

			`function getUploadPath($type = "unknown", $filename = "hehe"): string`
			`{`
			`$type = makePathSafe($type);`
			`$id = makePathSafe($_SESSION["ID"]);`
MEME 2024-04-26 01:33:20 +02:00			`$date = makePathSafe(date("YmdHis"));`
Add upload backend 2024-03-01 22:14:20 +01:00			`$filename = makePathSafe($filename);`
			`$extension = match ($type) {`
			`'image' => 'webp',`
			`default => 'dummy',`
			`};`
Do something 2024-04-11 10:36:40 +02:00			`if ($extension != "dummy") {`
Add file upload 2024-04-25 10:30:22 +02:00			`$basepath = "uploads/$type/$id/$date";`
			`mkdir($basepath, 755, true);`
			`return $basepath . "/$filename.$extension";`
Do something 2024-04-11 10:36:40 +02:00			`} else {`
Add upload backend 2024-03-01 22:14:20 +01:00			`return "";`
			`}`
Do something 2024-04-11 10:36:40 +02:00			`}`

Test file list 2024-04-25 15:01:17 +02:00			`function fileExists(int $fileId, bool $onlyMine = true): bool\|string`
Do something 2024-04-11 10:36:40 +02:00			`{`
Fix 2024-04-26 09:46:10 +02:00			`if (!$fileId) {`
Do something 2024-04-11 10:36:40 +02:00			`return false;`
			`}`
			`global $mysqli;`
Fix 2024-04-26 09:51:40 +02:00			`if (!$onlyMine && !isModerator()) {`
Do something 2024-04-11 10:36:40 +02:00			`$onlyMine = true;`
			`}`
Am I dumb? 2024-04-26 10:47:42 +02:00			`$query = 'SELECT ID, Path FROM Files WHERE ID = ?' . ($onlyMine ? ' AND UploadedBy = ?' : '');`
			`$stmtfileexists = $mysqli->prepare($query);`
Do something 2024-04-11 10:36:40 +02:00			`if ($onlyMine) {`
Am I dumb? 2024-04-26 10:47:42 +02:00			`$stmtfileexists->bind_param('ii', $fileId, $_SESSION['ID']);`
Do something 2024-04-11 10:36:40 +02:00			`} else {`
			`$stmtfileexists->bind_param('i', $fileId);`
			`}`
Test file list 2024-04-25 15:01:17 +02:00			`$filePath = "";`
Fix 2024-04-26 10:39:00 +02:00			`$id = null;`
Fix 2024-04-26 10:46:34 +02:00			`$stmtfileexists->bind_result($id, $filePath);`
Am I dumb? 2024-04-26 10:47:42 +02:00			`$stmtfileexists->execute();`
MEME 2024-04-25 23:37:52 +02:00			`$stmtfileexists->fetch();`
Am I dumb? 2024-04-26 10:47:42 +02:00			`if ($id != null) {`
Test file list 2024-04-25 15:01:17 +02:00			`return $filePath;`
Fix 2024-04-26 09:46:10 +02:00			`} else {`
Test file list 2024-04-25 15:01:17 +02:00			`return false;`
			`}`
Do something 2024-04-11 10:36:40 +02:00			`}`

Add file upload 2024-04-25 10:19:24 +02:00			`function addToGroup(int $groupId, int $fileId): array`
Do something 2024-04-11 10:36:40 +02:00			`{`
			`$output = ["Status" => "Fail"];`
			`if (!$groupId \|\| !$fileId) {`
			`return $output;`
			`}`
			`global $mysqli;`
			`$stmtcheck = $mysqli->prepare('SELECT ID FROM FileGroups WHERE CreatorID != ? AND ID = ?');`
Fix 2024-04-26 10:52:11 +02:00			`$stmtcheck->bind_param('ii', $_SESSION['ID'], $groupId);`
Do something 2024-04-11 10:36:40 +02:00			`$stmtcheck->execute();`
			`if ($stmtcheck->affected_rows == 0) {`
			`if (fileExists($fileId, false)) {`
			`$stmtadd = $mysqli->prepare('INSERT INTO FileGroups (FileID, CreatorID, ID) VALUES (?, ?, ?)');`
Fix 2024-04-26 10:52:11 +02:00			`$stmtadd->bind_param('iii', $fileId, $_SESSION['ID'], $groupId);`
Do something 2024-04-11 10:36:40 +02:00			`$stmtadd->execute();`
			`if ($stmtadd->affected_rows > 0) {`
			`$output["Status"] = "Success";`
			`}`
			`}`
			`}`
			`return $output;`
Test css 2024-04-25 09:04:10 +02:00			`}`

Stuff 2024-04-26 14:37:54 +02:00			`function deleteFile(int $fileID): array`
Test file list 2024-04-25 15:01:17 +02:00			`{`
MEME 2024-04-26 01:17:49 +02:00			`global $mysqli;`
Test file list 2024-04-25 15:01:17 +02:00			`$out = ["Status" => "Fail"];`
Fix 2024-04-26 09:46:10 +02:00			`if (isLoggedIn()) {`
MEME 2024-04-26 01:17:49 +02:00			`$file_location = fileExists($fileID, !isAdmin());`
			`$query = !isAdmin() ? 'DELETE FROM Files WHERE ID = ? AND UploadedBy = ?' : 'DELETE FROM Files WHERE ID = ?';`
			`$stmtDelete = $mysqli->prepare($query);`
			`if (!isAdmin()) {`
Fix 2024-04-26 10:52:11 +02:00			`$stmtDelete->bind_param('ii', $fileID, $_SESSION['ID']);`
MEME 2024-04-26 01:17:49 +02:00			`} else {`
			`$stmtDelete->bind_param('i', $fileID);`
			`}`
			`$stmtDelete->execute();`
			`if ($file_location) {`
			`if (unlink($file_location) && $stmtDelete->affected_rows > 0) {`
			`$out['Status'] = 'Success';`
			`}`
Test file list 2024-04-25 15:01:17 +02:00			`}`
			`}`
			`return $out;`
Add upload backend 2024-03-01 22:14:20 +01:00			`}`