Old Keyo.co API

SUBMITTED BY: Guest

DATE: April 9, 2013, 2:23 p.m.

FORMAT: PHP

SIZE: 14.0 kB

Raw Download

HITS: 1276

Report
  1. <?php
  3. /* This should not be used in production! */
  4. //ini_set('display_errors', 1);
  5. //error_reporting(E_ALL);
  7. include 'includes/functions.php';
  10. /* Simplified API Version 4 ~ no crap */
  12. /* Declare our API Classes */
  13. $api = new apiFunctions();
  14. $error = new errorReport();
  16. define('ADDR', 'http://keyo.co'); //Main Website
  17. define('STRE', 'keyUploads'); //Where to store the files
  18. $whiteList = array('jpg','png','gif','jpeg','txt','zip','rar','doc','xls','md'); //Extension whitelist
  20. define('HOST', 'localhost'); //Database Host
  21. define('USER', 'root'); //Database User
  22. define('NAME', 'KeyoApp'); //Database Name
  23. define('PASS', ''); //Database Pass
  25. mysql_connect(HOST, USER, PASS) or die("MySQL Error: " . mysql_error());
  26. mysql_select_db(NAME) or die("MySQL Error: " . mysql_error());
  28. //Make the URLs cleaner
  29. $getParams = array();
  30. $getParts = explode('/', $_SERVER['REQUEST_URI']);
  31. //Skip through the segments by 2
  32. for($i = 0; $i < count($getParts); $i = $i + 2){
  33. //First segment is the param name, second is the value
  34. $getParams[$getParts[$i]] = $getParts[$i+1];
  35. }
  37. /* Make it work with all existing code */
  38. $_GET = $getParams;
  40. /* Collect API credentials if they are there */
  41. if (!empty($_GET['user']) && !empty($_GET['key']))
  42. {
  43. $apiUser = $api->simpleSanitize($_GET['user']);
  44. $apiKey = $_GET['key'];
  46. $getUser = mysql_query("SELECT * FROM users WHERE Username = '$apiUser'");
  47. $userExist = mysql_num_rows($getUser);
  49. /* Include the graphing code, a lot cleaner! */
  50. include 'graph.php';
  52. /* User doesn't exist in the database */
  53. if ($userExist == 0)
  54. {
  55. $noExist = $error->returnError(1);
  56. echo $noExist;
  57. die;
  58. }
  60. /* Get all the users info */
  61. $userInfo = mysql_fetch_assoc($getUser);
  63. /* See what their API key should be */
  64. $checkAPI = $api->apiKey($apiUser, $userInfo['UserID']);
  65. $oldAPI = $api->apiSuperseded($apiUser);
  67. /* API is not correct, try the old key */
  68. if ($apiKey != $checkAPI)
  69. {
  70. if ($apiKey != $oldAPI)
  71. {
  72. /* API key is still not correct, return an error */
  73. $keyCheck = $error->returnError(2);
  74. echo $keyCheck;
  75. die;
  76. }
  77. }
  78. /* Just for debugging, nothing important in here */
  79. if (!empty($_GET['debug']))
  80. {
  81. echo 'Currently using: ' . $apiKey . '<br />';
  82. echo 'Old API: ' . $oldAPI . '<br />';
  83. echo 'New API: ' . $checkAPI . '<br />';
  84. die;
  85. }
  87. /* Check for login, with the old key too! */
  88. if (!empty($_GET['login']))
  89. {
  90. if ($apiKey == $checkAPI || $apiKey == $oldAPI)
  91. {
  92. echo 'Correct';
  93. die;
  94. }
  95. else
  96. {
  97. echo 'Incorrect';
  98. die;
  99. }
  100. }
  101. /* Getting the views of a file */
  102. if (!empty($_GET['views']))
  103. {
  104. $file = $api->simpleSanitize($_GET['views']);
  105. $views = $api->getViews($file);
  106. echo $views;
  107. die;
  108. }
  109. /* Come here to remove an image */
  110. if (!empty($_GET['remove']))
  111. {
  112. $file = $api->simpleSanitize($_GET['remove']);
  113. $remove = $api->removeFile($apiUser, $file);
  114. echo $remove;
  115. die;
  116. }
  117. /* Adding a new category */
  118. if (!empty($_GET['add']) && !empty($_GET['category']))
  119. {
  120. $file = $api->simpleSanitize($_GET['add']);
  121. $fileExist = $api->fileExists($file, $apiUser);
  123. if ($fileExist)
  124. {
  125. $cat = $api->simpleSanitize($_GET['category']);
  126. $catExist = $api->catExists($cat, $apiUser);
  128. if ($catExist)
  129. {
  130. $sqlMain = mysql_query("UPDATE files SET category = '$cat' WHERE newfilename='$file' AND user='$apiUser'");
  131. echo 'File ' . $file . ' is now in the ' . $cat . ' category.';
  132. die;
  133. }
  134. else
  135. {
  136. $catCheck = $error->returnError(3);
  137. echo $catCheck;
  138. die;
  139. }
  140. }
  141. else
  142. {
  143. $fileCheck = $error->returnError(4);
  144. echo $fileCheck;
  145. die;
  146. }
  148. }
  150. if (empty($_FILES))
  151. {
  152. $postCheck = $error->returnError(5);
  153. echo $postCheck;
  154. die;
  155. }
  156. else
  157. {
  158. /* Get the time and date */
  159. $theDateTime = date('Y-m-d H:i:s');
  160. /* Just the date */
  161. $theDate = date('Y-m-d');
  162. $YearMonthDay = explode("-", $theDate);
  163. $theTime = date('H:i:s');
  164. $HourMinuteSecond = explode(":", $theTime);
  165. //IP Address
  166. $ipAddress = $_SERVER['REMOTE_ADDR'];
  168. /* The old files name */
  169. $oldFile = basename($_FILES['file']['name']);
  171. if (empty($oldFile))
  172. {
  173. $oldFile = basename($_FILES['uploaded']['name']);
  174. $android = 1;
  175. }
  177. /* Gets the extension */
  178. $getExt = pathinfo($oldFile);
  179. $checkExt = strtolower($getExt['extension']);
  181. /* This checks what type of file it is, and provides the correct link (hopefully) */
  182. $l = $api->getLink($checkExt);
  184. /* Check if the files extension is okay */
  185. if (!in_array($checkExt, $whiteList))
  186. {
  187. $typeCheck = $error->returnError(6);
  188. echo $typeCheck;
  189. die;
  190. }
  192. /* Check the size of the file */
  193. $fileSize = $_SERVER['CONTENT_LENGTH'];
  194. $sizeKB = $fileSize / 1024; //In KB
  196. /* Using MB */
  197. if ($sizeKB > 999)
  198. {
  199. $sizeKB = $sizeKB / 1024; //mb
  200. $sizeType = ' MB';
  201. if ($sizeFinalBlank > 10.0)
  202. {
  203. $sizeCheck = $error->returnError(7);
  204. echo $sizeCheck;
  205. die;
  206. }
  207. }
  208. else
  209. {
  210. $sizeType = ' KB';
  211. }
  213. /* Round the file up to 2 decimals */
  214. $sizeFinalBlank = round($sizeKB, 2);
  215. $sizeFinal = round($sizeKB, 2) . $sizeType;
  217. /* Create the new file name */
  218. $newFile = stripslashes($api->fileName() . "." . $checkExt);
  220. /* Check if the file exists, rename it if it does (needs work) */
  221. if (file_exists($newFile))
  222. {
  223. $newFile = stripslashes($api->fileName() . "." . $checkExt);
  224. }
  226. /* Full Upload Path */
  227. $fullUpload = STRE . '/' . $newFile;
  229. /* The current time */
  230. $theTimeStamp = time();
  232. /* Is it being uploaded through the app? */
  233. if (!$android)
  234. {
  235. if (is_uploaded_file($_FILES['file']['tmp_name']))
  236. {
  237. if (move_uploaded_file($_FILES['file']['tmp_name'], $fullUpload))
  238. {
  239. //Main SQL
  240. $sqlMain = mysql_query("INSERT INTO files (origfilename, newfilename, uploaderip, size, user, timedate, time, date, timestamp) VALUES ('$oldFile', '$newFile', '$ipAddress', '$sizeFinal', '$apiUser', '$theDateTime', '$theTime', '$theDate', '$theTimeStamp')");
  241. mysql_close();
  243. echo "http://keyo.co/?" . $l . "=" . $newFile;
  244. }
  245. }
  246. }
  247. else
  248. {
  249. if (is_uploaded_file($_FILES['uploaded']['tmp_name']))
  250. {
  251. if (move_uploaded_file($_FILES['uploaded']['tmp_name'], $fullUpload))
  252. {
  253. //Main SQL
  254. $sqlMain = mysql_query("INSERT INTO files (origfilename, newfilename, uploaderip, size, user, timedate, time, date, timestamp) VALUES ('$oldFile', '$newFile', '$ipAddress', '$sizeFinal', '$apiUser', '$theDateTime', '$theTime', '$theDate', '$theTimeStamp')");
  255. mysql_close();
  257. echo "http://keyo.co/?" . $l . "=" . $newFile;
  258. }
  259. }
  260. }
  261. }
  262. }
  265. class apiFunctions
  266. {
  267. function apiKey($keyoUser, $keyoID)
  268. {
  269. $uniqueSalt = sha1('PKoj7YgVBHV)(!!jk?/<');
  270. $keyoHash = sha1($keyoUser . $uniqueSalt . $keyoID);
  271. for ($i = 0; $i < 20; $i++) {
  272. $keyoHash = sha1($keyoHash);
  273. }
  274. return sha1($keyoUser . $keyoHash . $uniqueSalt . $keyoID);
  275. }
  277. function apiSuperseded($apiName)
  278. {
  279. $hashValue = "sQfYKDTXvOApaFYC";
  280. $apiChecked = sha1($apiName . $hashValue);
  281. return $apiChecked;
  282. }
  284. function fileName($nameLength = 5, $charChoice = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-$_.!(),')
  285. {
  286. $numChars = strlen($charChoice);
  287. $returnFile = '';
  288. for($i = 0; $i < $nameLength; ++$i)
  289. {
  290. $returnFile .= $charChoice[mt_rand(0, $numChars)];
  291. }
  292. return $returnFile;
  293. }
  295. function fileExists($file, $username)
  296. {
  297. $getFile = mysql_query("SELECT * FROM files WHERE newfilename = '$file' AND user = '$username'");
  298. $fileExist = mysql_num_rows($getFile);
  300. /* File doesn't exist in the database */
  301. if ($fileExist == 0)
  302. {
  303. return 0;
  304. }
  305. else
  306. {
  307. return 1;
  308. }
  309. }
  311. function catExists($cat, $username)
  312. {
  313. $getCat = mysql_query("SELECT * FROM categories WHERE name = '$cat' AND username = '$username'");
  314. $catExist = mysql_num_rows($getCat);
  316. /* Category doesn't exist in the database */
  317. if ($catExist == 0)
  318. {
  319. return 0;
  320. }
  321. else
  322. {
  323. return 1;
  324. }
  325. }
  327. function getLink($ext)
  328. {
  329. if ($ext == 'jpg' || $ext == 'png' || $ext == 'gif' || $ext == 'jpeg')
  330. {
  331. return 'i';
  332. }
  333. elseif ($ext == 'txt' || $ext == 'md')
  334. {
  335. return 't';
  336. }
  337. elseif ($ext == 'zip' || $ext == 'rar')
  338. {
  339. return 'c';
  340. }
  341. elseif ($ext == 'doc' || $ext == 'xls')
  342. {
  343. return 'd';
  344. }
  345. }
  347. function apiRequestsCount($apiUsername, $uploadsPerMin)
  348. {
  349. $callTime = time();
  350. $timeMinusMin = $callTime - 60;
  351. $getmyInfo = mysql_query("SELECT *, COUNT(newfilename) FROM files WHERE user = '$apiUsername' AND timestamp BETWEEN $timeMinusMin AND $callTime");
  352. $myInfo = mysql_fetch_assoc($getmyInfo);
  353. $myInfo = $myInfo['COUNT(newfilename)'];
  354. if ($myInfo <= $uploadsPerMin)
  355. {
  356. $apiStatus = 1;
  357. }
  358. else
  359. {
  360. $apiStatus = 0;
  361. }
  362. return $apiStatus;
  363. }
  365. function upgradeUser($upgradeUser, $userLevel)
  366. {
  367. $upgradeQuery = mysql_query("SELECT * FROM users WHERE Username = '$upgradeUser'");
  368. $upgradeDetails = mysql_fetch_assoc($upgradeQuery);
  369. $userExist = mysql_num_rows($upgradeQuery);
  370. if ($userExist == 0)
  371. {
  372. $upgradeResult = 'The user does not exist';
  373. }
  374. else
  375. {
  376. if ($upgradeDetails['AccountType'] > 1)
  377. {
  378. $upgradeResult = $upgradeUser . ' is already premium';
  379. }
  380. else
  381. {
  382. $finishUpgrade = mysql_query("UPDATE users SET AccountType='$userLevel' WHERE Username='$upgradeUser'");
  383. $upgradeResult = $upgradeUser . ' has been upgraded';
  384. }
  385. }
  386. return $upgradeResult;
  387. }
  389. function getViews($viewedFile)
  390. {
  391. $apiViews = mysql_query("SELECT * FROM files WHERE newfilename = '$viewedFile'");
  392. $viewsResult = mysql_fetch_assoc($apiViews);
  393. $viewsResult = $viewsResult['views'];
  394. return $viewsResult;
  395. }
  397. function removeFile($userCheck, $removedFile)
  398. {
  399. $apiRemove = mysql_query("SELECT * FROM files WHERE newfilename = '$removedFile'");
  400. $removeResult = mysql_fetch_assoc($apiRemove);
  401. $removeUser = $removeResult['user'];
  403. $removeCheck = mysql_num_rows($apiRemove); //Check if it exists
  405. if ($removeCheck == 0)
  406. {
  407. $remResult = "Doesn't exist";
  408. return $remResult;
  409. }
  411. if ($userCheck != $removeUser)
  412. {
  413. $remResult = "You do not own this image";
  414. return $remResult;
  415. }
  417. //Use this for the account page, so it forwards you back to the correct page!
  418. if ($_GET['forward'] == 'true')
  419. {
  420. $pastPage = $_GET['page'];
  421. $deleteMe = mysql_query("DELETE FROM files WHERE newfilename='$removedFile'");
  422. unlink("keyUploads/" . $removedFile);
  423. header("Location: http://keyo.co/gallery/page/$pastPage");
  424. }
  425. else
  426. {
  427. //Removing files from the api only, not the account page!
  428. $deleteMe = mysql_query("DELETE FROM files WHERE newfilename='$removedFile'");
  429. unlink("keyUploads/" . $removedFile);
  430. $remResult = "Success";
  431. return $remResult;
  432. }
  433. }
  435. function simpleSanitize($inputData)
  436. {
  437. $inputData = strip_tags(mysql_real_escape_string($inputData));
  438. return $inputData;
  439. }
  441. }
  443. class errorReport
  444. {
  445. function returnError($i)
  446. {
  447. switch ($i)
  448. {
  449. case 0:
  450. $msg = "No credentials given";
  451. return $msg;
  452. break;
  453. case 1:
  454. $msg = "User does not exist";
  455. return $msg;
  456. break;
  457. case 2:
  458. $msg = "Incorrect API credentials";
  459. return $msg;
  460. break;
  461. case 3:
  462. $msg = "Category does not exist";
  463. return $msg;
  464. break;
  465. case 4:
  466. $msg = "File does not exist";
  467. return $msg;
  468. break;
  469. case 5:
  470. $msg = "A POSTed file is needed";
  471. return $msg;
  472. break;
  473. case 6:
  474. $msg = "This file type is not allowed";
  475. return $msg;
  476. break;
  477. case 7:
  478. $msg = "This file is too large";
  479. return $msg;
  480. break;
  481. case 8:
  482. $msg = "";
  483. return $msg;
  484. break;
  485. case 9:
  486. $msg = "";
  487. return $msg;
  488. break;
  489. case 10:
  490. $msg = "";
  491. return $msg;
  492. break;
  493. }
  494. }
  495. }
comments powered by Disqus