berdosi · April 14, 2019 22:09
diff --git a/showOnce.php b/showOnce.php
 <?php
 /* Result of some quick night-coding, so don't expect much.
 There should be a show.db sqlite3 database with a schema like 
 in line 22. 
 If there isn't a new one is created with helloworld as a default password.
 New passwords can be created, they are stored as sha1() hashes.

 One can create a new link on show.php?mode=admin; the file names are paths on the web server.
 The links are going to look like this: show.php?session=SESSION

 Please keep in mind, that using an sqlite database isn't very secure. Using GET variables instead of POSTed sessions, either.
 */
 $database_init = false;
 if (!file_exists('show.db')) {
  touch('show.db');
  $database_init = true;
 }

 $db = new PDO('sqlite:show.db');
 if ($database_init) {
  $db->exec(sprintf("CREATE TABLE files (filename varchar, hash varchar, unique(hash)); CREATE TABLE passwords (hash varchar); INSERT INTO passwords VALUES ('%s')", sha1(isset($_GET['defaultpassword']) ? $_GET['defaultpassword'] : 'helloworld' )));
 }
 if (isset($_GET['session']) && ($session = $_GET['session'])) {
  $hash = sha1($_GET['session']);
  $q = $db->query(sprintf("SELECT filename FROM files WHERE hash='%s'", $hash));
  if ($filename = $q->fetch()) {
    $q = $db->query(sprintf("DELETE FROM files WHERE hash='%s'", $hash));
    if ($q->rowCount() > 0) {
      header('Content-type: ' . finfo_file(finfo_open(FILEINFO_MIME_TYPE), $filename['filename']));
      echo file_get_contents($filename['filename']);
    } else {
      "Error: cannot delete session. You won't see this file until someone smart fixes this.";
    }
  } else {
    die("Error: No such file.");
  }
 } elseif ((isset($_GET['mode'])) && ('admin' == $_GET['mode'])) {
 ?>
 <!DOCTYPE html>
 <html>
  <head>
    <meta charset="utf-8">
    <title>Add your file name and get your hash...</title>
  </head>
  <body>
    <form action="show.php" method="post" id="pwdform">
      <div>
        <label for="filename">File Name</label><input type="text" id="filename" name="filename">
        <label for="password">Password</label><input type="password" id="password" name="password">
        <input type="submit">
      </div>
    </form>
  </body>
 </html>
 <?php 
 } elseif ((isset($_POST['password'])) && ($password = $_POST['password']) && ((isset($_POST['filename'])) && ($filenam = $_POST['filename']))) {
  $q = $db->query(sprintf("SELECT * FROM passwords WHERE hash='%s'", sha1($password)));
  if ($q->fetch()) {
    if (!$db->quote('dummy')) { die("DB Error: String quoting not supported."); }
    $hash = sha1($id = uniqid("", true));
    $q = $db->query(sprintf("INSERT INTO files VALUES(%s, %s)", $db->quote($_POST['filename']), $db->quote($hash)));
    if ($q->rowCount()) {
      printf('Your file is available once on the <a href="show.php?session=%s">following link</a>.', $id);
    } else {
      die("DB error happened.");
      print_r($db->errorInfo());
    }
  } else {
    die("Auth error.");
  }
 } else {
  die("There was an error in your request.");
 }
	<?php
	/* Result of some quick night-coding, so don't expect much.
	There should be a show.db sqlite3 database with a schema like
	in line 22.
	If there isn't a new one is created with helloworld as a default password.
	New passwords can be created, they are stored as sha1() hashes.

	One can create a new link on show.php?mode=admin; the file names are paths on the web server.
	The links are going to look like this: show.php?session=SESSION

	Please keep in mind, that using an sqlite database isn't very secure. Using GET variables instead of POSTed sessions, either.
	*/
	$database_init = false;
	if (!file_exists('show.db')) {
	touch('show.db');
	$database_init = true;
	}

	$db = new PDO('sqlite:show.db');
	if ($database_init) {
	$db->exec(sprintf("CREATE TABLE files (filename varchar, hash varchar, unique(hash)); CREATE TABLE passwords (hash varchar); INSERT INTO passwords VALUES ('%s')", sha1(isset($_GET['defaultpassword']) ? $_GET['defaultpassword'] : 'helloworld' )));
	}
	if (isset($_GET['session']) && ($session = $_GET['session'])) {
	$hash = sha1($_GET['session']);
	$q = $db->query(sprintf("SELECT filename FROM files WHERE hash='%s'", $hash));
	if ($filename = $q->fetch()) {
	$q = $db->query(sprintf("DELETE FROM files WHERE hash='%s'", $hash));
	if ($q->rowCount() > 0) {
	header('Content-type: ' . finfo_file(finfo_open(FILEINFO_MIME_TYPE), $filename['filename']));
	echo file_get_contents($filename['filename']);
	} else {
	"Error: cannot delete session. You won't see this file until someone smart fixes this.";
	}
	} else {
	die("Error: No such file.");
	}
	} elseif ((isset($_GET['mode'])) && ('admin' == $_GET['mode'])) {
	?>
	<!DOCTYPE html>
	<html>
	<head>
	<meta charset="utf-8">
	<title>Add your file name and get your hash...</title>
	</head>
	<body>
	<form action="show.php" method="post" id="pwdform">
	<div>
	<label for="filename">File Name</label><input type="text" id="filename" name="filename">
	<label for="password">Password</label><input type="password" id="password" name="password">
	<input type="submit">
	</div>
	</form>
	</body>
	</html>
	<?php
	} elseif ((isset($_POST['password'])) && ($password = $_POST['password']) && ((isset($_POST['filename'])) && ($filenam = $_POST['filename']))) {
	$q = $db->query(sprintf("SELECT * FROM passwords WHERE hash='%s'", sha1($password)));
	if ($q->fetch()) {
	if (!$db->quote('dummy')) { die("DB Error: String quoting not supported."); }
	$hash = sha1($id = uniqid("", true));
	$q = $db->query(sprintf("INSERT INTO files VALUES(%s, %s)", $db->quote($_POST['filename']), $db->quote($hash)));
	if ($q->rowCount()) {
	printf('Your file is available once on the <a href="show.php?session=%s">following link</a>.', $id);
	} else {
	die("DB error happened.");
	print_r($db->errorInfo());
	}
	} else {
	die("Auth error.");
	}
	} else {
	die("There was an error in your request.");
	}