diff options
| author | ilotterytea <iltsu@alright.party> | 2025-06-18 15:00:49 +0500 |
|---|---|---|
| committer | ilotterytea <iltsu@alright.party> | 2025-06-18 15:00:49 +0500 |
| commit | 312b5d6e873d53b78db4bef628fe01391a30cdb0 (patch) | |
| tree | 677ea09ae06471784509602421ba78d24d68dbb0 /public/ban.php | |
| parent | 01b4d8ac76a2a6a7ee57dd173f3894022977d2cb (diff) | |
feat: file bans
Diffstat (limited to 'public/ban.php')
| -rw-r--r-- | public/ban.php | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/public/ban.php b/public/ban.php new file mode 100644 index 0000000..c9fdfd6 --- /dev/null +++ b/public/ban.php @@ -0,0 +1,104 @@ +<?php +include_once $_SERVER['DOCUMENT_ROOT'] . '/../config.php'; +include_once $_SERVER['DOCUMENT_ROOT'] . '/../lib/utils.php'; +include_once $_SERVER['DOCUMENT_ROOT'] . '/../lib/file.php'; +include_once $_SERVER['DOCUMENT_ROOT'] . '/../lib/alert.php'; + +session_start(); + +if (!MOD_BAN_FILES || !isset($_SESSION['is_moderator'])) { + generate_alert( + '/', + "File ban is not allowed", + 403 + ); + exit(); +} + +if ($_SERVER['REQUEST_METHOD'] != 'POST') { + http_response_code(405); + exit; +} + +$file_id = $_POST['f'] ?? null; +$reason = $_POST['reason'] ?? null; + +if (!isset($file_id)) { + generate_alert( + '/', + "File ID must be set!", + 400 + ); + exit(); +} + +$file_id = explode('.', $file_id); +$file_ext = $file_id[1]; +$file_id = $file_id[0]; + +if (!preg_match('/^[a-zA-Z0-9_-]+$/', $file_id) || !preg_match('/^[a-zA-Z0-9]+$/', $file_ext)) { + generate_alert( + '/', + "File not found", + 404 + ); + exit(); +} + +$file_path = FILE_UPLOAD_DIRECTORY . "/$file_id.$file_ext"; + +if (!is_file($file_path)) { + generate_alert( + '/', + "File not found", + 404 + ); + exit; +} + +$db = new PDO(DB_URL, DB_USER, DB_PASS); +$stmt = $db->prepare('SELECT f.id FROM files f + WHERE f.id = ? AND f.extension = ? + AND f.id NOT IN (SELECT id FROM file_bans) +'); +$stmt->execute([$file_id, $file_ext]); + +$file = $stmt->fetch(PDO::FETCH_ASSOC) ?: null; + +if (!$file) { + generate_alert( + "/", + "File not found", + 404 + ); + exit(); +} + +$file_sha = hash_file('sha256', $file_path); + +if (!delete_file($file_id, $file_ext)) { + generate_alert( + "/$file_id.$file_ext", + 'Failed to remove files. Try again later', + 500 + ); + exit(); +} + +$db->prepare('INSERT IGNORE INTO hash_bans(sha256, reason) VALUES (?,?)') + ->execute([$file_sha, $reason]); + +$db->prepare('INSERT INTO file_bans(id, hash_ban) VALUES (?,?)') + ->execute([$file_id, $file_sha]); + +generate_alert( + $_GET['r'] ?? '/', + 'Successfully banned the file', + 200, + [ + 'id' => $file_id, + 'extension' => $file_ext, + 'sha256' => $file_sha, + 'reason' => $reason + ] +);
\ No newline at end of file |