From d2d67811402a557a869d6e7e81d711e2e1275226 Mon Sep 17 00:00:00 2001
From: Denys Fedoryshchenko <denys.f@collabora.com>
Date: Wed, 1 Mar 2023 21:20:13 +0200
Subject: [PATCH] Initial implementation

---
 upload.php | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 upload.sh  | 49 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 106 insertions(+)
 create mode 100644 upload.php
 create mode 100755 upload.sh

diff --git a/upload.php b/upload.php
new file mode 100644
index 0000000..a7cbdb9
--- /dev/null
+++ b/upload.php
@@ -0,0 +1,57 @@
+<?php
+$location = 'uploads/';
+// check if directory exists and writable if not show error 500
+if (!is_dir($location) || !is_writable($location)) {
+    header('HTTP/1.0 500 Internal Server Error');
+    echo 'Directory does not exist or is not writable';
+    exit;
+}
+// if .uploadsecret file does not exist, error 500
+if (!file_exists('.uploadsecret')) {
+    header('HTTP/1.0 500 Internal Server Error');
+    echo 'Config missing';
+    exit;
+}
+
+// read secret from .uploadsecret file
+$secret = trim(file_get_contents('.uploadsecret'));
+
+// Upload file and verify GET argument with password
+if (isset($_GET['password']) && $_GET['password'] == $secret) {
+    if (isset($_FILES['file'])) {
+        $file = $_FILES['file'];
+        $name = $file['name'];
+        $tmp_name = $file['tmp_name'];
+        // TODO: Check for safe name       
+        if (move_uploaded_file($tmp_name, $location.$name)) {
+            echo 'File '.$location.$name." uploaded successfully\n";
+            // if $name suffix ends with "split.final" then merge all files
+            if (substr($name, -11) == 'split.final') {
+                echo('Merging files...');
+                // Remove only the "split.final" file
+                unlink($location.$name);
+                // new $nameorig without the ".split.final" suffix
+                $nameorig = substr($name, 0, -12);
+                // Merge all files with the same $nameorig using cat
+                chdir($location);
+                shell_exec('cat '.$nameorig.'.split* > '.$nameorig);
+                // Remove all the split files
+                shell_exec('rm '.$nameorig.'.split*');
+                // show checksum sha512 of the merged file
+                $out = shell_exec('sha512sum '.$nameorig);
+                echo $out;
+            }
+        }
+    } else {
+        // If it is not upload, show upload script file: upload.sh as text/plain
+        header('Content-Type: text/plain');
+        $data = file_get_contents('upload.sh');
+        // replace %%UPLOADHOST%% in $data with the current hostname of webserver
+        $data = str_replace('%%UPLOADHOST%%', $_SERVER['HTTP_HOST'], $data);
+        echo $data;
+    }
+} else {
+    // http error
+    header('HTTP/1.0 403 Forbidden');
+    echo 'Forbidden';
+}
\ No newline at end of file
diff --git a/upload.sh b/upload.sh
new file mode 100755
index 0000000..d4d70bb
--- /dev/null
+++ b/upload.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+# ask password, upload file to https://%%UPLOADHOST%%/upload.php?password=<given password>
+
+# function to upload file with password
+upload() {
+    # $1 is file
+    # $2 is password
+    echo "Uploading $1"
+    curl -F "file=@$1" https://%%UPLOADHOST%%/upload.php?password=$2
+    # if failed exit
+    if [ $? -ne 0 ]; then
+        echo "Upload $1 failed"
+        exit 1
+    fi
+    echo "Upload $1 done"
+}
+
+# verify argument is existing file
+if [ ! -f "$1" ]; then
+    echo "File not found: $1"
+    exit 1
+fi
+# ask password
+read -s -p "Password: " password
+
+# If file larger than 5M then split it to pieces and make extension .split
+if [ $(stat -c%s "$1") -gt 1500000 ]; then
+    # retrieve sha512 hash of file to variable sum
+    sum=$(sha512sum "$1" | cut -d' ' -f1)
+    split -b 1500000 "$1" "$1".split
+    #rm "$1"
+    echo "File too large, split to pieces"
+    # touch final file that has ending .split.final
+    touch "$1".split.final
+    # Now upload them all same way as other files
+    for file in "$1".split*; do
+        upload $file $password
+    done
+    # Upload final file
+    # upload "$1.split.final" $password
+    # Delete all generated files
+    rm "$1".split*
+    # show hash of file
+    echo "sha512sum of file: $sum"
+else
+    upload $1 $password
+fi
+
+