From 312b5d6e873d53b78db4bef628fe01391a30cdb0 Mon Sep 17 00:00:00 2001 From: ilotterytea Date: Wed, 18 Jun 2025 15:00:49 +0500 Subject: feat: file bans --- database.sql | 11 +++++ lib/partials.php | 2 +- public/ban.php | 104 ++++++++++++++++++++++++++++++++++++++++ public/catalogue.php | 3 +- public/index.php | 124 ++++++++++++++++++++++++++++-------------------- public/mod.php | 2 +- public/static/style.css | 15 ++++-- public/upload.php | 9 ++++ 8 files changed, 211 insertions(+), 59 deletions(-) create mode 100644 public/ban.php diff --git a/database.sql b/database.sql index b7efa83..47f7ea6 100644 --- a/database.sql +++ b/database.sql @@ -16,4 +16,15 @@ CREATE TABLE IF NOT EXISTS file_metadata ( height BIGINT, duration BIGINT, line_count BIGINT +); + +CREATE TABLE IF NOT EXISTS hash_bans ( + sha256 CHAR(64) PRIMARY KEY, + reason TEXT +); + +CREATE TABLE IF NOT EXISTS file_bans ( + id CHAR(32) NOT NULL PRIMARY KEY REFERENCES files(id) ON DELETE CASCADE, + hash_ban CHAR(64) NOT NULL REFERENCES hash_bans(sha256) ON DELETE CASCADE, + banned_at TIMESTAMP NOT NULL DEFAULT UTC_TIMESTAMP ); \ No newline at end of file diff --git a/lib/partials.php b/lib/partials.php index 24e6e70..64b12bd 100644 --- a/lib/partials.php +++ b/lib/partials.php @@ -82,7 +82,7 @@ function html_mini_navbar(string|null $subtitle = null) function html_footer() { $db = new PDO(DB_URL, DB_USER, DB_PASS); - $stmt = $db->query('SELECT COUNT(*) AS file_count, SUM(size) AS file_overall_size FROM files'); + $stmt = $db->query('SELECT COUNT(*) AS file_count, SUM(size) AS file_overall_size FROM files WHERE id NOT IN (SELECT id FROM file_bans)'); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); diff --git a/public/ban.php b/public/ban.php new file mode 100644 index 0000000..c9fdfd6 --- /dev/null +++ b/public/ban.php @@ -0,0 +1,104 @@ +prepare('SELECT f.id FROM files f + WHERE f.id = ? AND f.extension = ? + AND f.id NOT IN (SELECT id FROM file_bans) +'); +$stmt->execute([$file_id, $file_ext]); + +$file = $stmt->fetch(PDO::FETCH_ASSOC) ?: null; + +if (!$file) { + generate_alert( + "/", + "File not found", + 404 + ); + exit(); +} + +$file_sha = hash_file('sha256', $file_path); + +if (!delete_file($file_id, $file_ext)) { + generate_alert( + "/$file_id.$file_ext", + 'Failed to remove files. Try again later', + 500 + ); + exit(); +} + +$db->prepare('INSERT IGNORE INTO hash_bans(sha256, reason) VALUES (?,?)') + ->execute([$file_sha, $reason]); + +$db->prepare('INSERT INTO file_bans(id, hash_ban) VALUES (?,?)') + ->execute([$file_id, $file_sha]); + +generate_alert( + $_GET['r'] ?? '/', + 'Successfully banned the file', + 200, + [ + 'id' => $file_id, + 'extension' => $file_ext, + 'sha256' => $file_sha, + 'reason' => $reason + ] +); \ No newline at end of file diff --git a/public/catalogue.php b/public/catalogue.php index 756675a..add156e 100644 --- a/public/catalogue.php +++ b/public/catalogue.php @@ -17,7 +17,7 @@ $page = max(intval($_GET['p'] ?? '1') - 1, 0); $limit = 20; // counting max pages -$stmt = $db->query('SELECT COUNT(id) AS all_files FROM files'); +$stmt = $db->query('SELECT COUNT(id) AS all_files FROM files WHERE id NOT IN (SELECT id FROM file_bans)'); $stmt->execute(); $max_pages = ceil(($stmt->fetch(PDO::FETCH_ASSOC)['all_files'] ?: 0) / $limit); @@ -28,6 +28,7 @@ $offset = $page * $limit; $stmt = $db->query("SELECT f.id, f.mime, f.extension FROM files f + WHERE f.id NOT IN (SELECT id FROM file_bans) ORDER BY f.uploaded_at DESC LIMIT $limit OFFSET $offset "); diff --git a/public/index.php b/public/index.php index 7788bbe..b03b063 100644 --- a/public/index.php +++ b/public/index.php @@ -40,16 +40,13 @@ if (FILE_CATALOG_FANCY_VIEW && $file_id) { exit(); } - $file_path = FILE_UPLOAD_DIRECTORY . "/{$file_id}.{$file_ext}"; - - if (!file_exists($file_path)) { - http_response_code(404); - exit(); - } - - $stmt = $db->prepare('SELECT fm.*, f.* + $stmt = $db->prepare('SELECT fm.*, f.*, + hb.reason AS ban_reason, + CASE WHEN fb.hash_ban IS NOT NULL THEN 1 ELSE 0 END AS is_banned FROM files f LEFT JOIN file_metadata fm ON fm.id = f.id + LEFT JOIN file_bans fb ON fb.id = f.id + LEFT JOIN hash_bans hb ON hb.sha256 = fb.hash_ban WHERE f.id = ? AND f.extension = ? '); $stmt->execute([$file_id, $file_ext]); @@ -60,6 +57,8 @@ if (FILE_CATALOG_FANCY_VIEW && $file_id) { exit(); } + $file_exists = is_file(FILE_UPLOAD_DIRECTORY . "/$file_id.$file_ext"); + // counting views $viewed_file_ids = $_SESSION['viewed_file_ids'] ?? []; if (!in_array($file['id'], $viewed_file_ids)) { @@ -153,54 +152,75 @@ $privacy_exists = is_file($_SERVER['DOCUMENT_ROOT'] . '/static/PRIVACY.txt'); -
-
-
-
- -

- -

File

- -
- -
- - Image file. - - - - - -
- -

This file cannot be displayed.

- -
+
- + @@ -324,7 +344,7 @@ $privacy_exists = is_file($_SERVER['DOCUMENT_ROOT'] . '/static/PRIVACY.txt'); - + diff --git a/public/mod.php b/public/mod.php index de789ce..728222e 100644 --- a/public/mod.php +++ b/public/mod.php @@ -66,7 +66,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { - + diff --git a/public/static/style.css b/public/static/style.css index 7298fcb..2194b28 100644 --- a/public/static/style.css +++ b/public/static/style.css @@ -29,12 +29,12 @@ --anchor-color-hovered: #ff9696; } - button[type=submit] { + button[type=submit].fancy { background: var(--box-tab-background); color: var(--box-tab-foreground); } - button[type=submit]:hover { + button[type=submit].fancy:hover { background: var(--box-tab-background); } @@ -139,14 +139,14 @@ table.left td { } /** FORM */ -button[type=submit] { +button[type=submit].fancy { background: linear-gradient(0deg, var(--box-tab-background), var(--background)); padding: 8px; font-size: 18px; border: 1px solid var(--box-border); } -button[type=submit]:hover { +button[type=submit].fancy:hover { background: linear-gradient(180deg, var(--box-tab-background), var(--background)); cursor: pointer; } @@ -173,6 +173,12 @@ button[type=submit]:hover { .box { background: var(--box-content-background); border: 2px solid var(--box-border); + padding: 8px; +} + +.box.red { + background: var(--box-tab-foreground); + color: var(--background); } .box>.tabs { @@ -186,6 +192,7 @@ button[type=submit]:hover { .box:has(.tabs), .box:has(.tab) { + padding: 0; background: none; border: none; } diff --git a/public/upload.php b/public/upload.php index 0a6be1d..8ad01e1 100644 --- a/public/upload.php +++ b/public/upload.php @@ -172,6 +172,15 @@ try { throw new RuntimeException("Failed to save the file. Try again later."); } + // checking if this is a banned file + $file_sha = hash_file('sha256', $file_path); + $stmt = $db->prepare('SELECT reason FROM hash_bans WHERE sha256 = ?'); + $stmt->execute([$file_sha]); + if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { + delete_file($file_id, $file_data['extension']); + throw new RuntimeException('This file is not allowed for upload.' . (isset($row['reason']) ? ' Reason: ' . $row['reason'] : '')); + } + $file_data['size'] = filesize($file_path); if (FILE_THUMBNAILS && !is_dir(FILE_THUMBNAIL_DIRECTORY) && !mkdir(FILE_THUMBNAIL_DIRECTORY, 0777, true)) { -- cgit v1.2.3