add referer block, and ga events

2025-10-06 21:52:50 +02:00 · 2017-11-15 17:50:06 +08:00
parent 365cdf4fd2
commit dbccf470d1
7 changed files with 86 additions and 43 deletions
--- a/src/php/api.php
+++ b/src/php/api.php
@@ -1,8 +1,9 @@
 <?php
 	session_start();
-	require_once('config.php');
+	include_once('config.php');
-
+	include_once('ga.php');
 	$body = file_get_contents('php://input');
 	$c = json_decode($body);
 	$rsp = array(
@@ -12,7 +13,7 @@
 	switch($c->cmd){
 		case "config":
 		{
-			require_once("db.php");
+			include_once("db.php");
 			$db = new DB();
 			$rsp["stats"] = $db->GetStats();
@@ -25,7 +26,7 @@
 		}
 		case "file": 
 		{
-			require_once("db.php");
+			include_once("db.php");
 			$db = new DB();
 			$fi = $db->GetFile($c->hash);
@@ -42,10 +43,13 @@
 				$dlCounter = $redis->get($hashKey);
 				if($dlCounter != False && $dlCounter >= _DL_CAPTCHA) {
 					GAEvent("Captcha", "Hit");
 					$rsp["captcha"] = True;
 				}
 				$redis->close();
 			}else { 
 				$rsp["file"] = NULL;
 			}
 			break;
 		}
@@ -78,11 +82,14 @@
 					$dlCounter = 0;
 					$redis->setEx($hashKey, _CAPTCHA_DL_EXPIRE, 0);
 					$rsp["ok"] = True;
 					GAEvent("Captcha", "Pass");
 				}else{
 					$rsp["ok"] = False;
 					GAEvent("Captcha", "Fail");
 				}
 			}else{
 				$rsp["ok"] = True;
 				GAEvent("Captcha", "Miss");
 			}
 			$redis->close();
@@ -92,4 +99,4 @@
 	header('Content-Type: application/json');
 	echo json_encode($rsp);
-?>
+?>
--- a/src/php/config.php.sample
+++ b/src/php/config.php.sample
@@ -15,7 +15,8 @@
 	define('_FILEPATH', '/var/www/void.cat' . _UPLOADDIR);
 	define('_DISCORD_WEBHOOK', 'DISCORD_HOOK_URL');
 	define('_FILE_EXPIRE_TIME', 30);
-	define('_GA_CODE', 'UA-73200448-1');
+	define('_GA_SITE_CODE', 'UA-73200448-1');
 	define('_BLOCK_REFERER', array("yobuilder.com", "adf.ly"));
 	/* CAPTCHA SETTINGS */
 	define('_DL_CAPTCHA', 10);
--- a/src/php/cron.php
+++ b/src/php/cron.php
@@ -9,14 +9,15 @@
    foreach($fl as $f) {
 	if(unlink($f->path)) {
 	    $db->DeleteFile($f);
-	    echo 'Deleted file: ' . $f->filename . ' (' . $f->hash160 . ')\n';
+	    echo 'Deleted file: ' . $f->filename . ' (' . $f->hash160 . ') \n';
 	    $del[] = $f->hash160;
 	}else{
-	    echo 'Cant delete file ' . $f->hash160 . '\n';
+	    echo 'Cant delete file ' . $f->path . ' \n';
 	}
    }
    if(count($fl) > 0){
-    	$discord_data = array("content" => 'Deleted ' . count($fl) . ' expired files.');
+    	$discord_data = array("content" => 'Deleted ' . count($fl) . ' expired files. `' . implode("` `", $del) . '`');
    	include('discord.php');
    }
-?>
+?>
--- a/src/php/db.php
+++ b/src/php/db.php
@@ -67,7 +67,7 @@
 		{
 			$res = array();
-			$stmt = $this->mysqli->prepare("select hash160, hash256, filename, mime, size, path, views, isAdminFile, uploaded, lastview from files");
+			$stmt = $this->mysqli->prepare("select hash160, hash256, filename, mime, size, path, views, isAdminFile, uploaded, lastview from files order by uploaded desc");
 			if($stmt)
 			{
 				$stmt->execute();
@@ -109,7 +109,7 @@
 			$stmt = $this->mysqli->prepare("delete from files where hash160 = ?");
 			if($stmt)
 			{
-				$stmt->bind_param("s", $f->id);
+				$stmt->bind_param("s", $f->hash160);
 				$stmt->execute();
 				$stmt->close();
 			}
@@ -141,14 +141,16 @@
 		{
 			$res = array();
-			$stmt = $this->mysqli->prepare("select hash160 from files where date_add(lastview, INTERVAL " . _FILE_EXPIRE_TIME . " DAY) >= CURRENT_TIMESTAMP");
+			$stmt = $this->mysqli->prepare("select hash160, filename, path from files where date_add(lastview, INTERVAL " . _FILE_EXPIRE_TIME . " DAY) < CURRENT_TIMESTAMP");
 			if($stmt)
 			{
 				$stmt->execute();
-				$stmt->bind_result($hash160);
+				$stmt->bind_result($hash160, $filename, $path);
 				while($stmt->fetch()){
 					$nf = new FileUpload();
 					$nf->hash160 = $hash160;
 					$nf->filename = $filename;
 					$nf->path = $path;
 					array_push($res, $nf);
 				}
 				$stmt->close();
--- a/src/php/download.php
+++ b/src/php/download.php
@@ -1,37 +1,19 @@
 <?php
 	session_start();
 	include_once('config.php');
 	include_once('ga.php');
 	function XFastDownload($location, $filename, $mimeType = 'application/octet-stream')
 	{
 		global $validRequest;
 		if($validRequest)
 		{
 			$url = "https://www.google-analytics.com/collect";
 			$payload = "v=1&tid=" . _GA_CODE . "&cid=" . session_id() . "&t=pageview&dh=" . $_SERVER['HTTP_HOST'] . "&dp=" . urlencode($_SERVER['REQUEST_URI']) . "&uip=" . $_SERVER['REMOTE_ADDR'] . "&ua=" . urlencode($_SERVER["HTTP_USER_AGENT"]) . "&dr=" . urlencode(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "");
 			$ch = curl_init();
 			curl_setopt($ch, CURLOPT_URL, $url);
 			curl_setopt($ch, CURLOPT_POST, 1);
 			curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
 			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 			curl_exec($ch);
 			curl_close ($ch);
 		}
 		$expire = 604800;
 		header("X-Accel-Redirect: $location");
 		header("Cache-Control: public, max-age=$expire");
 		header("Content-type: $mimeType");
 		header('Content-Disposition: inline; filename="' . $filename . '"');
 	}
 	$hash = substr($_SERVER["REQUEST_URI"], 1);
 	$hashKey = $_SERVER['REMOTE_ADDR'] . ':' . $hash;
 	$refr = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : False;
 	if($refr != False){
 		$rh = parse_url($refr)["host"];
 		if(in_array($rh, _BLOCK_REFERER)){
 			http_response_code(403);
 			exit();
 		}
 	}
 	$range_start = 0;
 	$range_end = 999;
 	if(isset($_SERVER['HTTP_RANGE'])){
@@ -54,20 +36,31 @@
 		if($dlCounter >= _DL_CAPTCHA){
 			//redirect for captcha check
 			$redis->close();
 			GAEvent("Captcha", "Hit");
 			header('location: ' . _SITEURL . '?dl#' . $hash);
 			exit();
 		}
 	}else{
 		$redis->setEx($hashKey, _CAPTCHA_DL_EXPIRE, 0);
 		$dlCounter = 0;
 	}
 	include_once('db.php');
 	$db = new DB();
 	$f = $db->GetFile($hash);
 	if($f->hash160 != NULL){
-		XFastDownload(_UPLOADDIR . $f->hash160, $f->filename, $f->mime);
+		$expire = 604800;
 		$location = _UPLOADDIR . $f->hash160;
 		$mimeType = $f->mime;
 		$filename = $f->filename;
 		header("X-Accel-Redirect: $location");
 		header("Cache-Control: public, max-age=$expire");
 		header("Content-type: $mimeType");
 		header('Content-Disposition: inline; filename="' . $filename . '"');
 		if($validRequest){
 			GAPageView();
 			$db->AddView($f->hash160);
 			$redis->incr($hashKey);
 		}
--- a/src/php/ga.php
+++ b/src/php/ga.php
@@ -0,0 +1,39 @@
 <?php
 	include_once('config.php');
 	function GACollect($p) {
 		$url = "https://www.google-analytics.com/collect";
 		$p["v"] = "1";
 		$p["tid"] = _GA_SITE_CODE;
 		$p["cid"] = session_id();
 		$ch = curl_init();
 		curl_setopt($ch, CURLOPT_URL, $url);
 		curl_setopt($ch, CURLOPT_POST, 1);
 		curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($p));
 		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 		curl_exec($ch);
 		curl_close ($ch);
 	}
 	function GAPageView(){
 		GACollect(array(
 			"t" => "pageview",
 			"dh" => $_SERVER['HTTP_HOST'],
 			"dp" => urlencode($_SERVER['REQUEST_URI']),
 			"uip" => $_SERVER['REMOTE_ADDR'],
 			"ua" => urlencode(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ""),
 			"dr" => urlencode(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "")
 		));
 	}
 	function GAEvent($cat, $act) {
 		GACollect(array(
 			"t" => "event",
 			"ec" => $cat,
 			"ea" => $act
 		));
 	}
 ?>
--- a/src/php/upload.php
+++ b/src/php/upload.php
@@ -123,4 +123,4 @@
 	//return response
 	header('Content-Type: application/json');
 	echo json_encode($response);
-?>  
+?>