$content->url = $content->url[0]; $content->version = $content->version[0]; $content->success = $content->error_message == ''; unset($content->error_messages); # Clear error message property if successfully upload if ($content->success) { unset($content->error_message); } } # If we are returning in an iframe if (isset($_CGET['is_iframe'])) { header('Location: http://' . $G_CURRENT_DOMAIN . '/blank.html#' . json_encode($content)); $strlen = PostParser::send(''); } else { # Returning it normally $strlen = PostParser::send($content); } /* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */ # Closing the storage connection mysqli_shared_close($G_STORAGE_CONTROLLER_DBLINK, $G_SHARED_DBLINKS); # Updating our app $query = "\tUPDATE\n\t\t\t\t" . NQ_APPS_TABLE . "\n\t\t\tSET\n\t\t\t\t`storage_file_size`\t=`storage_file_size`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`storage_total_size`\t=`storage_total_size`+" . (int) $G_FILESIZE_ADDED . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $G_APP_DATA['id'] . "\n\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Updating our servers used space - measured in kb $query = "\tUPDATE\n\t\t\t\t" . NQ_SERVERS_TABLE . "\n\t\t\tSET\n\t\t\t\t`space_used`\t\t=`space_used`+" . (int) ($G_FILESIZE_ADDED / 1024) . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t='" . (int) $G_SERVER_DATA['id'] . "'\n\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Updating our servers available space - measured in kb $query = "\tUPDATE\n\t\t\t\t" . NQ_SERVERS_TABLE . "\n\t\t\tSET\n\t\t\t\t`available_space`\t=`available_space`-" . (int) ($G_FILESIZE_ADDED / 1024) . "\n\t\t\tWHERE\n\t\t\t\t`host`\t\t\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_SERVER_DATA['host']) . "' AND\n\t\t\t\t`max_space`\t\t=0"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Closing controller if tracking is different if (NQ_CONTROLLER_HOST != NQ_TRACKING_HOST) {
$update_query = $query->get_update_query($limit, false, false); mysqli_sub_query($partition_dblink, $update_query); # Getting our updated info $info = mysqli_info_array($partition_dblink); $limit -= (int) $info['Rows matched']; # Tracking our internal changed numbers $content->affected_rows += (int) $info['Changed']; $content->matched_rows += (int) $info['Rows matched']; # We are done updating if ($limit !== false && $limit <= 0) { break; } } mysqli_free_result($partition_results); # Returning our values PostParser::send($content); /* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */ # Updating our partition row counts $size_changed = false; $update_queries = ['SET @table_size_delta=0']; foreach ($partitions_affected as $id => $partition) { # Getting our new table size $query = "\tSELECT\n\t\t\t\t\t `DATA_LENGTH` + `INDEX_LENGTH` AS `size`\n\t\t\t\tFROM\n\t\t\t\t\t`INFORMATION_SCHEMA`.`TABLES`\n\t\t\t\tWHERE\n\t\t\t\t\t`TABLE_SCHEMA`\t='" . mysqli_escape_string($partition->dblink, $partition->database) . "' AND\n\t\t\t\t\t`TABLE_NAME`\t='" . mysqli_escape_string($partition->dblink, $partition->data['table_name']) . "'"; $size_data = mysqli_single_result_query($partition->dblink, $query); # Done with partitions database link mysqli_shared_close($partition->dblink, $G_SHARED_DBLINKS); # We have a different size $this_size_changed = false; if ((int) $partition->data['size'] != (int) $size_data['size']) { # Flag size changed $size_changed = true;
$error_message = ''; if (!$img->save($G_SERVER_HOST . $filepath, $G_SERVER_DATA['available_space'], $error_message)) { exit_fail(NQ_ERROR_SIZE_LIMIT, $error_message); } # Saving our file size $filesize = (int) filesize($G_SERVER_HOST . $filepath); $G_FILESIZE_ADDED = (int) $filesize - (int) $current_file_data['filesize']; # Adding to the datatbase $query = "\tINSERT INTO\n\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\tSET\n\t\t\t\t`app_id`\t\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t`environment`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t`directory_id`\t\t=" . (int) $G_DIRECTORY_DATA['id'] . ",\n\t\t\t\t`name`\t\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['name']) . "',\n\t\t\t\t`created`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['created']) . "',\n\t\t\t\t`modified`\t\t=NOW(),\n\t\t\t\t`version`\t\t=" . (int) $version . ",\n\t\t\t\t`file_id`\t\t=" . (int) $file_id . ",\n\t\t\t\t`filepath`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $filepath) . "',\n\t\t\t\t`filesize`\t\t=" . (int) $filesize . ",\n\t\t\t\t`host_id`\t\t=" . (int) $G_SERVER_DATA['id'] . ",\n\t\t\t\t`meta_mime_type`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['meta_mime_type']) . "',\n\t\t\t\t`meta_width`\t\t=" . (int) $current_file_data['meta_width'] . ",\n\t\t\t\t`meta_height`\t\t=" . (int) $current_file_data['meta_height']; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # Return object $content = new stdClass(); $content->success = true; $content->env = $G_APP_ENVIRONMENT; # Sending success PostParser::send($content, true); /* --- Connection closed wit img->send() --- Below this point things need to be tracked and cleaned up --- */ # Updating our directory $query = "\tUPDATE\n\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\tSET\n\t\t\t\t`filesize`\t\t=`filesize`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`children_filesize`\t=`children_filesize`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`modified`\t\t=NOW()\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $G_DIRECTORY_DATA['id'] . "\n\t\t\tLIMIT 1"; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # If we have parents to update if (count($G_DIRECTORY_DATA['parent_ids']) > 0) { $query = "\tUPDATE\n\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`filesize`\t=`filesize`+" . (int) $G_FILESIZE_ADDED . "\n\t\t\t\tWHERE\n\t\t\t\t\t`id`\t\tIN (" . implode(',', $G_DIRECTORY_DATA['parent_ids']) . ")\n\t\t\t\tLIMIT " . count($G_DIRECTORY_DATA['parent_ids']); mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); } # Closing the storage connection mysqli_shared_close($G_STORAGE_CONTROLLER_DBLINK, $G_SHARED_DBLINKS); # Updating our app $query = "\tUPDATE\n\t\t\t\t" . NQ_APPS_TABLE . "\n\t\t\tSET\n\t\t\t\t`storage_img_size`\t=`storage_img_size`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`storage_total_size`\t=`storage_total_size`+" . (int) $G_FILESIZE_ADDED . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $G_APP_DATA['id'] . "\n\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Updating our servers used space - measured in kb
$_URI = explode('?', isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '', 2); $_ABS_BASEDIR = explode('/', NQ_RELATIVE_PATH); $_BASEDIR = explode('/', $_URI[0]); $_BASEDIR_CULLED = array_splice($_BASEDIR, 0, max(0, count($_ABS_BASEDIR) - 1)); $_ENDPOINT = $_BASEDIR[2]; $_FILENAME = $_BASEDIR[count($_BASEDIR) - 1]; $_CGET = array(); isset($_URI[1]) && parse_str($_URI[1], $_CGET); # Including our functions require_once __DIR__ . '/shutdown.php'; require_once __DIR__ . '/functions.php'; require_once __DIR__ . '/parsers/post.php'; require_once __DIR__ . '/parsers/mysql.php'; # Send a fake success if no response required if (isset($_CGET['response']) && !boolval_ext($_CGET['response'])) { PostParser::send((object) ['success' => true]); } # Setting up our controller connections $G_SHARED_DBLINKS = []; $G_CONTROLLER_DBLINK = mysqli_shared_connect(NQ_CONTROLLER_HOST, NQ_CONTROLLER_USERNAME, NQ_CONTROLLER_PASSWORD, $G_SHARED_DBLINKS); $G_STORAGE_CONTROLLER_DBLINK = mysqli_shared_connect(NQ_DATABASE_STORAGE_HOST, NQ_DATABASE_STORAGE_USERNAME, NQ_DATABASE_STORAGE_PASSWORD, $G_SHARED_DBLINKS); # Making sure we have a connection if (!$G_CONTROLLER_DBLINK || !$G_STORAGE_CONTROLLER_DBLINK) { exit_fail(NQ_ERROR_SERVICE_UNAVAILABLE, 'Service temporarily unavailable.', false); } # If we are debugging if (NQ_DEBUG_ENABLED) { # New debug object $G_DEBUG_DATA = new stdClass(); # If we want to include the config if (NQ_DEBUG_CONFIG) {
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ # Including our configuration require_once dirname(__FILE__) . '/_includes/config.php'; # Handling our global json parsing $_JPOST = PostParser::decode(); # Validating our app if (hash('sha256', $G_APP_DATA['secret']) != $_JPOST->app_secret) { exit_fail(NQ_ERROR_SERVICE_UNAVAILABLE, 'Service unavailable.'); } # Setting our token data $query = "\tSELECT\n\t\t\t\t`session_id`\n\t\t\tFROM\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`hash_id`='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->token) . "'\n\t\t\tLIMIT 1"; $token_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # Updating our data $query = "\tSELECT\n\t\t\t\t`details`\n\t\t\tFROM\n\t\t\t\t" . NQ_ACCESS_SESSION_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token_data['session_id']) . "'\n\t\t\tLIMIT 1"; $session_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # Creating our token string $strlen = PostParser::send(json_decode($session_data['details'])); /* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */ # Opening our tracking dblink $G_TRACKING_DBLINK = mysqli_shared_connect(NQ_TRACKING_HOST, NQ_TRACKING_USERNAME, NQ_TRACKING_PASSWORD, $G_SHARED_DBLINKS); # Closing the controller dblink mysqli_shared_close($G_CONTROLLER_DBLINK, $G_SHARED_DBLINKS); # Adding our usage track_endpoint($G_SHARED_DBLINKS, $G_APP_DATA['id'], $G_APP_ENVIRONMENT, $_ENDPOINT, $strlen);
} # Adding our access token $query = "\tINSERT INTO\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tSET\n\t\t\t\t`hash_id`\t='" . hash('sha256', mt_rand(1, 9999999)) . "',\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t`domain`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->domain) . "',\n\t\t\t\t`created`\t= NOW(),\n\t\t\t\t`expires`\t='" . $token->expires_date . "',\n\t\t\t\t`privileges`\t=" . (int) $token_id . ",\n\t\t\t\t`session_id`\t=" . (int) $session_id . ",\n\t\t\t\t`ip`\t\t=" . (int) ip2long($_SERVER['REMOTE_ADDR']) . ",\n\t\t\t\t`user_agent`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->user_agent) . "'"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); $token->id = mysqli_insert_id($G_CONTROLLER_DBLINK); # Encoding our token id $hashed_id = hash('sha256', uniqid($token->id, true)); $query = "\tUPDATE\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tSET\n\t\t\t\t`hash_id`='" . $hashed_id . "'\n\t\t\tWHERE\n\t\t\t\t`id`=" . (int) $token->id . "\n\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); $token->id = $hashed_id; # Handling secondary token if ($secondary_token_id > 0) { # Adding our access token $query = "\tINSERT INTO\n\t\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`hash_id`\t='" . hash('sha256', mt_rand(1, 9999999)) . "',\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t`domain`\t='" . $token->domain . "',\n\t\t\t\t\t`created`\t= NOW(),\n\t\t\t\t\t`expires`\t='" . $token->expires_date . "',\n\t\t\t\t\t`privileges`\t=" . (int) $secondary_token_id . ",\n\t\t\t\t\t`session_id`\t=" . (int) $session_id . ",\n\t\t\t\t\t`ip`\t\t=" . (int) ip2long($_JPOST->remote_ip) . ",\n\t\t\t\t\t`user_agent`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->user_agent) . "'"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); $token->secondary_token_id = mysqli_insert_id($G_CONTROLLER_DBLINK); # Encoding our token alt id $hashed_id = hash('sha256', uniqid($token->secondary_token_id, true)); $query = "\tUPDATE\n\t\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`hash_id`='" . $hashed_id . "'\n\t\t\t\tWHERE\n\t\t\t\t\t`id`=" . (int) $token->secondary_token_id . "\n\t\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); $token->secondary_token_id = $hashed_id; } # Creating our token string $strlen = PostParser::send($token); /* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */ # Opening our tracking dblink $G_TRACKING_DBLINK = mysqli_shared_connect(NQ_TRACKING_HOST, NQ_TRACKING_USERNAME, NQ_TRACKING_PASSWORD, $G_SHARED_DBLINKS); # Closing the controller dblink mysqli_shared_close($G_CONTROLLER_DBLINK, $G_SHARED_DBLINKS); # Adding our usage track_endpoint($G_SHARED_DBLINKS, $G_APP_DATA['id'], $G_APP_ENVIRONMENT, $_ENDPOINT, $strlen);
function exit_fail($code, $message, $log = true) { # Logging our bad request global $_ENDPOINT; $log && log_access($_ENDPOINT, false, $message); # Creating our error message $error = new stdClass(); $error->success = false; $error->errorCode = $code; $error->message = $message; # Sending our error header header('HTTP/1.1 403 Unauthorized', true, 403); # Sending our error data PostParser::send($error, true, true); }