add much shit

html/config.php

@@ -28,3 +28,25 @@ define("USERS_JSON", $_SERVER['DOCUMENT_ROOT'] . "/users.json");
 define("USER_CONTENT_DIR", $_SERVER['DOCUMENT_ROOT'] . "/u");
 
 
+//	Description: If true, API keys are case-sensitive: requests will only succeed if requesting with the API key with correct case (i.e.: "PaSSword123" != "password123").
+//	Default: false
+//	Default Example: "https://ugc.dbmxpca.com/u/13940/3198590318.png"
+define("FORCE_CASE_SENSITIVE_API_KEYS", false);
+// define("FORCE_CASE_SENSITIVE_API_KEYS", true);
+
+
+//	Description: If true, errors will be returned enclosed with <pre></pre> tags.
+//	Default: true
+define("ENCLOSE_ERRORS_WITH_PRE_TAG", true);
+// define("ENCLOSE_ERRORS_WITH_PRE_TAG", false);
+
+//	Description: If true, errors will be detailed. Otherwise, errors will be vague for security reasons. This can be enabled for debugging or troubleshooting purposes.
+//	Default: true
+define("DETAILED_ERRORS", true);
+// define("DETAILED_ERRORS", false);
+
+
+
+
+
+

html/core.php

@@ -12,5 +12,149 @@
 
 require_once($_SERVER['DOCUMENT_ROOT'] . "/config.php");
 
+//	Returns true if both strings are the same. Performs a case-insensitive comparison unless third parameter is true.
+function ARE_STRINGS_EQUAL($str1, $str2, $case_sensitive = false){
+	
+	switch($case_sensitive){
+		case true:
+			if (strcmp($str1, $str2) == 0){
+				return true;
+			}
+			else{
+				return false;
+			}
+			break;
+		default:
+			if (strcasecmp($str1, $str2) == 0){
+				return true;
+			}
+			else{
+				return false;
+			}
+			break;
+	}
+	return false;	
+}
+
+function GET_JSON_DATA_FROM_FILE($full_path_to_file){
+	
+	$filename = $full_path_to_file;
+	$fp = fopen($filename, 'r');
+	$data = fread($fp, filesize($filename));
+	fclose($fp);
+	
+	$r = json_decode($data, true);
+	return $r;
+}
+
+//	Returns the language-specific string with the specified key.
+function GET_LANG_STR($str){
+	
+	$lang = "en";
+	$filename = "lang_strings.json";
+	$not_found = strtoupper($str);
+	
+	if (!isset($filename)){
+		return $not_found;
+	}
+	
+	$contents = file_get_contents($filename);
+	$json = json_decode($contents, true);
+	
+	if ($json == null){
+		return $not_found;
+	}
+	
+	if (array_key_exists($lang, $json)){
+		if (array_key_exists($str, $json[$lang])){
+			return $json[$lang][$str];
+		}
+		else{
+			return $not_found;
+		}
+	}
+	else{
+		return $not_found;
+	}
+}
+
+//	Die with error string.
+function DIE_ERR($str){
+	
+	if (!DETAILED_ERRORS){
+		$str = substr($str, 0, -2);
+	}
+	
+	if (ENCLOSE_ERRORS_WITH_PRE_TAG){
+		die("<pre>" . GET_LANG_STR($str) . "</pre>");
+	}else{
+		die(GET_LANG_STR($str));
+	}
+}
+
+
+function CHECK_USER(&$err){
+	
+	//	Is a valid user provided?
+	if (isset($_REQUEST['u']) && !empty($_REQUEST['u'])){
+
+		//	Is a valid API key provided?
+		if (isset($_REQUEST['k']) && !empty($_REQUEST['k'])){
+		
+			//	Save request username and API key.
+			$r_user = $_REQUEST['u'];
+			$r_key = $_REQUEST['k'];
+			
+			//	Fetch user database and check the username and API key combination.
+			$users = GET_JSON_DATA_FROM_FILE(USERS_JSON);
+			
+			//	Does user exist?
+			if (isset($users[$r_user])){
+				
+				//	Is user access enabled?
+				if (isset($users[$r_user]['enabled'])){
+					
+					if ($users[$r_user]['enabled']){
+						
+						if (ARE_STRINGS_EQUAL($r_key, $users[$r_user]['api_key'], FORCE_CASE_SENSITIVE_API_KEYS)){						
+							//	ALL USER CHECKS PASS.
+							return true;
+						}
+						else{
+							$err = "error_403_4";
+							return false;
+						}
+					}
+					else{
+						$err = "error_403_3";
+						return false;
+					}
+				}
+				else{
+					$err = "error_403_2";
+					return false;
+				}
+			}
+			else{
+				$err = "error_403_1";
+				return false;
+			}
+		}
+		
+		else{
+			
+			$err = "error_401_2";
+			return false;
+		}
+	}
+
+	else{
+		
+		$err = "error_401_1";
+		return false;
+	}
+}
+
+
 
 

html/lang_strings.json

@@ -0,0 +1,14 @@
+{
+	"en": {
+		"error_401": "Error 401: Unauthorized.",
+		"error_401_1": "Error 401: Unauthorized. No user account provided.",
+		"error_401_2": "Error 401: Unauthorized. No API key provided.",
+		"error_403": "Error 403: Forbidden.",
+		"error_403_1": "Error 403: Forbidden. User account does not exist.",
+		"error_403_2": "Error 403: Forbidden. User account data corrupted.",
+		"error_403_3": "Error 403: Forbidden. User account is disabled.",
+		"error_403_4": "Error 403: Forbidden. Invalid API key.",
+		"error_500": "Error 500: Internal Server Error.",
+		"e": "e"
+	}
+}

html/test.php

@@ -0,0 +1,26 @@
+<?php
+
+/*
+ * 
+ * Application Name: PHP Custom Content Uploader
+ * Module Name: test.php
+ * 
+ * Copyright (c) 2020 DBMXPCA Technologies. All rights reserved.
+ * https://www.dbmxpca.com/
+ *
+ */
+
+require_once($_SERVER['DOCUMENT_ROOT'] . "/core.php");
+
+
+//	Get user information from user-db.
+$users = GET_JSON_DATA_FROM_FILE(USERS_JSON);
+
+echo "Key: " . $users["john_smith"]["key"];
+echo "<br>";
+echo "Enabled: " . $users["john_smith"]["enabled"];
+
+//print_r($users);
+
+
+

html/upload.php

@@ -10,7 +10,34 @@
  *
  */
 
-require_once($_SERVER['DOCUMENT_ROOT'] . "/config.php");
+require_once($_SERVER['DOCUMENT_ROOT'] . "/core.php");
+
+/*
+ * 
+ * This script is designed to be called with the following parameters:
+ * 
+ * Parameter		Description
+ * -----------------------------------------------------------------
+ * u                Username, corresponding to the user's name in the "users.json" file. Value may not be empty. Case-sensitive.
+ * k                API Key, corresponding to the user's "key" value in the "users.json" file. Value may not be empty. Not case-sensitive by default but can be changed in "config.php".
+ *
+ */
+
+$err = null;
+
+if (CHECK_USER($err)){
+	
+	echo "ok";
+}
+
+else{
+	
+	DIE_ERR($err);
+}
+
+
+
+
 
 
 

html/users.json

@@ -1,10 +1,10 @@
 {
-	"john_smith": {
-		"key": "1234567",
+	"example": {
+		"api_key": "1234567",
 		"enabled": true
 	},
-	"_debug": {
-		"key": "29081532524",
+	"dbg": {
+		"api_key": "29081532524",
 		"enabled": true
 	}
 }