php-custom-content-uploader/html/core.php

<?php

/*
 * 
 * Application Name: PHP Custom Content Uploader
 * Module Name: core.php
 * 
 * Copyright (c) 2020 DBMXPCA Technologies. All rights reserved.
 * https://www.dbmxpca.com/
 *
 */

require_once($_SERVER['DOCUMENT_ROOT'] . "/config.php");

//	Returns true if both strings are the same. Performs a case-insensitive comparison unless third parameter is true.
function ARE_STRINGS_EQUAL($str1, $str2, $case_sensitive = false){
	
	switch($case_sensitive){
		case true:
			if (strcmp($str1, $str2) == 0){
				return true;
			}
			else{
				return false;
			}
			break;
		default:
			if (strcasecmp($str1, $str2) == 0){
				return true;
			}
			else{
				return false;
			}
			break;
	}
	return false;	
}

//	@BRIEF		Generates a secure, random string.
//	@RETURNS	Returns the generated string.
//	@CREDITS	https://stackoverflow.com/questions/4356289/php-random-string-generator/31107425#31107425
function GET_RANDOM_STRING($length = RANDOM_STRING_DEFAULT_LENGTH, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'){
	
    $pieces = [];
    $max = mb_strlen($keyspace, '8bit') - 1;
    for ($i = 0; $i < $length; ++$i) {
        $pieces []= $keyspace[random_int(0, $max)];
    }
    return implode('', $pieces);
}

//	@BRIEF		Generates a random filename.
//	@CREDITS	php-image-serve.
function GET_RANDOM_FILENAME($username, $type){
	
	$an = '0123456789';
	$str = '';
	for ($i = 0; $i < 5; $i++){
		
		$str .= substr($an, rand(0, strlen($an) - 1), 1);
	}
	
	if (!file_exists(GET_USER_CONTENT_DIR_PATH($username) . $str . "." . $type)){
		
		return $str;
	}
	else{
		
		return GET_RANDOM_FILENAME($username, $type);
	}
}

function SAVE_IMAGE($username, $mime_type, $tmp_name){
	
	$save_dir = GET_USER_CONTENT_DIR_PATH($username);
	$mime_type_arr = explode('/', $mime_type);
	$type = $mime_type_arr[1];
	
	$name = GET_RANDOM_FILENAME($username, $type);
	$final_filename = $name . "." . $type;
	
	if (move_uploaded_file($tmp_name, $save_dir . "/" . $final_filename)){
		$img_url = HTTP_PROTOCOL . "://" . FQDN . PUBLIC_USER_CONTENT_DIR . "/" . $username . "/" . $final_filename;
		echo $img_url;
	}
	
}

function GET_JSON_DATA_FROM_FILE($full_path_to_file){
	
	$filename = $full_path_to_file;
	$fp = fopen($filename, 'r');
	$data = fread($fp, filesize($filename));
	fclose($fp);
	
	$r = json_decode($data, true);
	return $r;
}

//	Returns the language-specific string with the specified key.
function GET_LANG_STR($str){
	
	$lang = "en";
	$filename = "lang_strings.json";
	$not_found = strtoupper($str);
	
	if (!isset($filename)){
		return $not_found;
	}
	
	$contents = file_get_contents($filename);
	$json = json_decode($contents, true);
	
	if ($json == null){
		return $not_found;
	}
	
	if (array_key_exists($lang, $json)){
		if (array_key_exists($str, $json[$lang])){
			return $json[$lang][$str];
		}
		else{
			return $not_found;
		}
	}
	else{
		return $not_found;
	}
}

//	Die with error string.
function DIE_ERR($str){
	
	if (!DETAILED_ERRORS){
		$str = substr($str, 0, -2);
	}
	
	if (ENCLOSE_ERRORS_WITH_PRE_TAG){
		die("<pre>" . GET_LANG_STR($str) . "</pre>");
	}else{
		die(GET_LANG_STR($str));
	}
}

//	Create the user directory within the UCD if it doesn't exist. Returns true on success or false on failure.
function CREATE_USER_CONTENT_DIR($username){
	
	//	Attempt to create the directory if it doesn't exist.
	$user_content_dir = USER_CONTENT_DIR . "/" . $username;
	if (!file_exists($user_content_dir)){
		
		mkdir($user_content_dir, 0777, true); 
	}
	//	Check and make sure it now exists.
	if (!file_exists($user_content_dir)){
		return false;
	}
	
	return true;
}

//	Returns full path to the user's directory within the UCD.
function GET_USER_CONTENT_DIR_PATH($username){
	
	return USER_CONTENT_DIR . "/" . $username;
}

//	Check user authorization.
function CHECK_USER(&$err){
	
	//	Is a valid user provided?
	if (isset($_REQUEST['u']) && !empty($_REQUEST['u'])){

		//	Is a valid API key provided?
		if (isset($_REQUEST['k']) && !empty($_REQUEST['k'])){
		
			//	Save request username and API key.
			$r_user = $_REQUEST['u'];
			$r_key = $_REQUEST['k'];
			
			//	Fetch user database and check the username and API key combination.
			$users = GET_JSON_DATA_FROM_FILE(USERS_JSON);
			
			//	Does user exist?
			if (isset($users[$r_user])){
				
				//	Is user access enabled?
				if (isset($users[$r_user]['enabled'])){
					
					if ($users[$r_user]['enabled']){
						
						if (ARE_STRINGS_EQUAL($r_key, $users[$r_user]['api_key'], FORCE_CASE_SENSITIVE_API_KEYS)){						
							//	ALL USER CHECKS PASS.
							return true;
						}
						else{
							$err = "error_403_4";
							return false;
						}
					}
					else{
						$err = "error_403_3";
						return false;
					}
				}
				else{
					$err = "error_403_2";
					return false;
				}
			}
			else{
				$err = "error_403_1";
				return false;
			}
		}
		
		else{
			
			$err = "error_401_2";
			return false;
		}
	}

	else{
		
		$err = "error_401_1";
		return false;
	}
}


//	Check image prelim data.
function CHECK_IMAGE_PRELIM_DATA(&$err){
	
	global $allowed_mime_types;
	
	if (empty($_FILES)){
		
		$err = "error_415_1";
		return false;
	}
	
	if (filesize($_FILES['image']['tmp_name']) > 0){
		
		if (in_array($_FILES['image']['type'], $allowed_mime_types)){
			
			$err = null;
			return true;
		}
		else{
			
			$err = "error_415_1";
			return false;
		}
	}
	else{
		
		$err = "error_400_2";
		return false;
	}
}

//	Check if any errors on file upload.
function CHECK_IMAGE_ERRORS(&$err){
	
	if ($_FILES['image']['error'] > 0){
		$err = "error_500_0_";
		return false;
	}
	$err = null;
	return true;
}