add referer block, and ga events

src/php/api.php

@@ -1,8 +1,9 @@
 <?php
 	session_start();
 	
-	require_once('config.php');
-
+	include_once('config.php');
+	include_once('ga.php');
+	
 	$body = file_get_contents('php://input');
 	$c = json_decode($body);
 	$rsp = array(
@@ -12,7 +13,7 @@
 	switch($c->cmd){
 		case "config":
 		{
-			require_once("db.php");
+			include_once("db.php");
 			
 			$db = new DB();
 			$rsp["stats"] = $db->GetStats();
@@ -25,7 +26,7 @@
 		}
 		case "file": 
 		{
-			require_once("db.php");
+			include_once("db.php");
 			
 			$db = new DB();
 			$fi = $db->GetFile($c->hash);
@@ -42,10 +43,13 @@
 				
 				$dlCounter = $redis->get($hashKey);
 				if($dlCounter != False && $dlCounter >= _DL_CAPTCHA) {
+					GAEvent("Captcha", "Hit");
 					$rsp["captcha"] = True;
 				}
 				
 				$redis->close();
+			}else { 
+				$rsp["file"] = NULL;
 			}
 			break;
 		}
@@ -78,11 +82,14 @@
 					$dlCounter = 0;
 					$redis->setEx($hashKey, _CAPTCHA_DL_EXPIRE, 0);
 					$rsp["ok"] = True;
+					GAEvent("Captcha", "Pass");
 				}else{
 					$rsp["ok"] = False;
+					GAEvent("Captcha", "Fail");
 				}
 			}else{
 				$rsp["ok"] = True;
+				GAEvent("Captcha", "Miss");
 			}
 			
 			$redis->close();
@@ -92,4 +99,4 @@
 
 	header('Content-Type: application/json');
 	echo json_encode($rsp);
-?>
+?>

src/php/config.php.sample

@@ -15,7 +15,8 @@
 	define('_FILEPATH', '/var/www/void.cat' . _UPLOADDIR);
 	define('_DISCORD_WEBHOOK', 'DISCORD_HOOK_URL');
 	define('_FILE_EXPIRE_TIME', 30);
-	define('_GA_CODE', 'UA-73200448-1');
+	define('_GA_SITE_CODE', 'UA-73200448-1');
+	define('_BLOCK_REFERER', array("yobuilder.com", "adf.ly"));
 	
 	/* CAPTCHA SETTINGS */
 	define('_DL_CAPTCHA', 10);

src/php/cron.php

@@ -9,14 +9,15 @@
     foreach($fl as $f) {
 	if(unlink($f->path)) {
 	    $db->DeleteFile($f);
-	    echo 'Deleted file: ' . $f->filename . ' (' . $f->hash160 . ')\n';
+	    echo 'Deleted file: ' . $f->filename . ' (' . $f->hash160 . ') \n';
+	    $del[] = $f->hash160;
 	}else{
-	    echo 'Cant delete file ' . $f->hash160 . '\n';
+	    echo 'Cant delete file ' . $f->path . ' \n';
 	}
     }
 
     if(count($fl) > 0){
-    	$discord_data = array("content" => 'Deleted ' . count($fl) . ' expired files.');
+    	$discord_data = array("content" => 'Deleted ' . count($fl) . ' expired files. `' . implode("` `", $del) . '`');
     	include('discord.php');
     }
-?>
+?>

src/php/db.php

@@ -67,7 +67,7 @@
 		{
 			$res = array();
 
-			$stmt = $this->mysqli->prepare("select hash160, hash256, filename, mime, size, path, views, isAdminFile, uploaded, lastview from files");
+			$stmt = $this->mysqli->prepare("select hash160, hash256, filename, mime, size, path, views, isAdminFile, uploaded, lastview from files order by uploaded desc");
 			if($stmt)
 			{
 				$stmt->execute();
@@ -109,7 +109,7 @@
 			$stmt = $this->mysqli->prepare("delete from files where hash160 = ?");
 			if($stmt)
 			{
-				$stmt->bind_param("s", $f->id);
+				$stmt->bind_param("s", $f->hash160);
 				$stmt->execute();
 				$stmt->close();
 			}
@@ -141,14 +141,16 @@
 		{
 			$res = array();
 
-			$stmt = $this->mysqli->prepare("select hash160 from files where date_add(lastview, INTERVAL " . _FILE_EXPIRE_TIME . " DAY) >= CURRENT_TIMESTAMP");
+			$stmt = $this->mysqli->prepare("select hash160, filename, path from files where date_add(lastview, INTERVAL " . _FILE_EXPIRE_TIME . " DAY) < CURRENT_TIMESTAMP");
 			if($stmt)
 			{
 				$stmt->execute();
-				$stmt->bind_result($hash160);
+				$stmt->bind_result($hash160, $filename, $path);
 				while($stmt->fetch()){
 					$nf = new FileUpload();
 					$nf->hash160 = $hash160;
+					$nf->filename = $filename;
+					$nf->path = $path;
 					array_push($res, $nf);
 				}
 				$stmt->close();

src/php/download.php

@@ -1,37 +1,19 @@
 <?php
 	session_start();
 	include_once('config.php');
+	include_once('ga.php');
 	
-	function XFastDownload($location, $filename, $mimeType = 'application/octet-stream')
-	{
-		global $validRequest;
-		if($validRequest)
-		{
-			$url = "https://www.google-analytics.com/collect";
-			$payload = "v=1&tid=" . _GA_CODE . "&cid=" . session_id() . "&t=pageview&dh=" . $_SERVER['HTTP_HOST'] . "&dp=" . urlencode($_SERVER['REQUEST_URI']) . "&uip=" . $_SERVER['REMOTE_ADDR'] . "&ua=" . urlencode($_SERVER["HTTP_USER_AGENT"]) . "&dr=" . urlencode(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "");
-
-			$ch = curl_init();
-
-			curl_setopt($ch, CURLOPT_URL, $url);
-			curl_setopt($ch, CURLOPT_POST, 1);
-			curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
-		
-			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-			curl_exec($ch);
-			curl_close ($ch);
-		}
-	
-		$expire = 604800;
-	
-		header("X-Accel-Redirect: $location");
-		header("Cache-Control: public, max-age=$expire");
-		header("Content-type: $mimeType");
-		header('Content-Disposition: inline; filename="' . $filename . '"');
-	}
-
 	$hash = substr($_SERVER["REQUEST_URI"], 1);
 	$hashKey = $_SERVER['REMOTE_ADDR'] . ':' . $hash;
 
+	$refr = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : False;
+	if($refr != False){
+		$rh = parse_url($refr)["host"];
+		if(in_array($rh, _BLOCK_REFERER)){
+			http_response_code(403);
+			exit();
+		}
+	}
 	$range_start = 0;
 	$range_end = 999;
 	if(isset($_SERVER['HTTP_RANGE'])){
@@ -54,20 +36,31 @@
 		if($dlCounter >= _DL_CAPTCHA){
 			//redirect for captcha check
 			$redis->close();
+			GAEvent("Captcha", "Hit");
 			header('location: ' . _SITEURL . '?dl#' . $hash);
 			exit();
 		}
 	}else{
 		$redis->setEx($hashKey, _CAPTCHA_DL_EXPIRE, 0);
+		$dlCounter = 0;
 	}
 	
 	include_once('db.php');
 	$db = new DB();
 	$f = $db->GetFile($hash);
 	if($f->hash160 != NULL){
-		XFastDownload(_UPLOADDIR . $f->hash160, $f->filename, $f->mime);
+		$expire = 604800;
+		$location = _UPLOADDIR . $f->hash160;
+		$mimeType = $f->mime;
+		$filename = $f->filename;
+		
+		header("X-Accel-Redirect: $location");
+		header("Cache-Control: public, max-age=$expire");
+		header("Content-type: $mimeType");
+		header('Content-Disposition: inline; filename="' . $filename . '"');
 		
 		if($validRequest){
+			GAPageView();
 			$db->AddView($f->hash160);
 			$redis->incr($hashKey);
 		}

src/php/ga.php

@@ -0,0 +1,39 @@
+<?php
+	include_once('config.php');
+	
+	function GACollect($p) {
+		$url = "https://www.google-analytics.com/collect";
+		$p["v"] = "1";
+		$p["tid"] = _GA_SITE_CODE;
+		$p["cid"] = session_id();
+		
+		$ch = curl_init();
+
+		curl_setopt($ch, CURLOPT_URL, $url);
+		curl_setopt($ch, CURLOPT_POST, 1);
+		curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($p));
+	
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+		curl_exec($ch);
+		curl_close ($ch);
+	}
+	
+	function GAPageView(){
+		GACollect(array(
+			"t" => "pageview",
+			"dh" => $_SERVER['HTTP_HOST'],
+			"dp" => urlencode($_SERVER['REQUEST_URI']),
+			"uip" => $_SERVER['REMOTE_ADDR'],
+			"ua" => urlencode(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ""),
+			"dr" => urlencode(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "")
+		));
+	}
+	
+	function GAEvent($cat, $act) {
+		GACollect(array(
+			"t" => "event",
+			"ec" => $cat,
+			"ea" => $act
+		));
+	}
+?>

src/php/upload.php

@@ -123,4 +123,4 @@
 	//return response
 	header('Content-Type: application/json');
 	echo json_encode($response);
-?>  
+?>