$content->url = $content->url[0];
$content->version = $content->version[0];
$content->success = $content->error_message == '';
unset($content->error_messages);
# Clear error message property if successfully upload
if ($content->success) {
unset($content->error_message);
}
}
# If we are returning in an iframe
if (isset($_CGET['is_iframe'])) {
header('Location: http://' . $G_CURRENT_DOMAIN . '/blank.html#' . json_encode($content));
$strlen = PostParser::send('');
} else {
# Returning it normally
$strlen = PostParser::send($content);
}
/* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */
# Closing the storage connection
mysqli_shared_close($G_STORAGE_CONTROLLER_DBLINK, $G_SHARED_DBLINKS);
# Updating our app
$query = "\tUPDATE\n\t\t\t\t" . NQ_APPS_TABLE . "\n\t\t\tSET\n\t\t\t\t`storage_file_size`\t=`storage_file_size`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`storage_total_size`\t=`storage_total_size`+" . (int) $G_FILESIZE_ADDED . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $G_APP_DATA['id'] . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Updating our servers used space - measured in kb
$query = "\tUPDATE\n\t\t\t\t" . NQ_SERVERS_TABLE . "\n\t\t\tSET\n\t\t\t\t`space_used`\t\t=`space_used`+" . (int) ($G_FILESIZE_ADDED / 1024) . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t='" . (int) $G_SERVER_DATA['id'] . "'\n\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Updating our servers available space - measured in kb
$query = "\tUPDATE\n\t\t\t\t" . NQ_SERVERS_TABLE . "\n\t\t\tSET\n\t\t\t\t`available_space`\t=`available_space`-" . (int) ($G_FILESIZE_ADDED / 1024) . "\n\t\t\tWHERE\n\t\t\t\t`host`\t\t\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_SERVER_DATA['host']) . "' AND\n\t\t\t\t`max_space`\t\t=0";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Closing controller if tracking is different
if (NQ_CONTROLLER_HOST != NQ_TRACKING_HOST) {
$update_query = $query->get_update_query($limit, false, false);
mysqli_sub_query($partition_dblink, $update_query);
# Getting our updated info
$info = mysqli_info_array($partition_dblink);
$limit -= (int) $info['Rows matched'];
# Tracking our internal changed numbers
$content->affected_rows += (int) $info['Changed'];
$content->matched_rows += (int) $info['Rows matched'];
# We are done updating
if ($limit !== false && $limit <= 0) {
break;
}
}
mysqli_free_result($partition_results);
# Returning our values
PostParser::send($content);
/* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */
# Updating our partition row counts
$size_changed = false;
$update_queries = ['SET @table_size_delta=0'];
foreach ($partitions_affected as $id => $partition) {
# Getting our new table size
$query = "\tSELECT\n\t\t\t\t\t `DATA_LENGTH` + `INDEX_LENGTH` AS `size`\n\t\t\t\tFROM\n\t\t\t\t\t`INFORMATION_SCHEMA`.`TABLES`\n\t\t\t\tWHERE\n\t\t\t\t\t`TABLE_SCHEMA`\t='" . mysqli_escape_string($partition->dblink, $partition->database) . "' AND\n\t\t\t\t\t`TABLE_NAME`\t='" . mysqli_escape_string($partition->dblink, $partition->data['table_name']) . "'";
$size_data = mysqli_single_result_query($partition->dblink, $query);
# Done with partitions database link
mysqli_shared_close($partition->dblink, $G_SHARED_DBLINKS);
# We have a different size
$this_size_changed = false;
if ((int) $partition->data['size'] != (int) $size_data['size']) {
# Flag size changed
$size_changed = true;
$error_message = '';
if (!$img->save($G_SERVER_HOST . $filepath, $G_SERVER_DATA['available_space'], $error_message)) {
exit_fail(NQ_ERROR_SIZE_LIMIT, $error_message);
}
# Saving our file size
$filesize = (int) filesize($G_SERVER_HOST . $filepath);
$G_FILESIZE_ADDED = (int) $filesize - (int) $current_file_data['filesize'];
# Adding to the datatbase
$query = "\tINSERT INTO\n\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\tSET\n\t\t\t\t`app_id`\t\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t`environment`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t`directory_id`\t\t=" . (int) $G_DIRECTORY_DATA['id'] . ",\n\t\t\t\t`name`\t\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['name']) . "',\n\t\t\t\t`created`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['created']) . "',\n\t\t\t\t`modified`\t\t=NOW(),\n\t\t\t\t`version`\t\t=" . (int) $version . ",\n\t\t\t\t`file_id`\t\t=" . (int) $file_id . ",\n\t\t\t\t`filepath`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $filepath) . "',\n\t\t\t\t`filesize`\t\t=" . (int) $filesize . ",\n\t\t\t\t`host_id`\t\t=" . (int) $G_SERVER_DATA['id'] . ",\n\t\t\t\t`meta_mime_type`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['meta_mime_type']) . "',\n\t\t\t\t`meta_width`\t\t=" . (int) $current_file_data['meta_width'] . ",\n\t\t\t\t`meta_height`\t\t=" . (int) $current_file_data['meta_height'];
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# Return object
$content = new stdClass();
$content->success = true;
$content->env = $G_APP_ENVIRONMENT;
# Sending success
PostParser::send($content, true);
/* --- Connection closed wit img->send() --- Below this point things need to be tracked and cleaned up --- */
# Updating our directory
$query = "\tUPDATE\n\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\tSET\n\t\t\t\t`filesize`\t\t=`filesize`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`children_filesize`\t=`children_filesize`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`modified`\t\t=NOW()\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $G_DIRECTORY_DATA['id'] . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# If we have parents to update
if (count($G_DIRECTORY_DATA['parent_ids']) > 0) {
$query = "\tUPDATE\n\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`filesize`\t=`filesize`+" . (int) $G_FILESIZE_ADDED . "\n\t\t\t\tWHERE\n\t\t\t\t\t`id`\t\tIN (" . implode(',', $G_DIRECTORY_DATA['parent_ids']) . ")\n\t\t\t\tLIMIT " . count($G_DIRECTORY_DATA['parent_ids']);
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
}
# Closing the storage connection
mysqli_shared_close($G_STORAGE_CONTROLLER_DBLINK, $G_SHARED_DBLINKS);
# Updating our app
$query = "\tUPDATE\n\t\t\t\t" . NQ_APPS_TABLE . "\n\t\t\tSET\n\t\t\t\t`storage_img_size`\t=`storage_img_size`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`storage_total_size`\t=`storage_total_size`+" . (int) $G_FILESIZE_ADDED . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $G_APP_DATA['id'] . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Updating our servers used space - measured in kb
$_URI = explode('?', isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '', 2);
$_ABS_BASEDIR = explode('/', NQ_RELATIVE_PATH);
$_BASEDIR = explode('/', $_URI[0]);
$_BASEDIR_CULLED = array_splice($_BASEDIR, 0, max(0, count($_ABS_BASEDIR) - 1));
$_ENDPOINT = $_BASEDIR[2];
$_FILENAME = $_BASEDIR[count($_BASEDIR) - 1];
$_CGET = array();
isset($_URI[1]) && parse_str($_URI[1], $_CGET);
# Including our functions
require_once __DIR__ . '/shutdown.php';
require_once __DIR__ . '/functions.php';
require_once __DIR__ . '/parsers/post.php';
require_once __DIR__ . '/parsers/mysql.php';
# Send a fake success if no response required
if (isset($_CGET['response']) && !boolval_ext($_CGET['response'])) {
PostParser::send((object) ['success' => true]);
}
# Setting up our controller connections
$G_SHARED_DBLINKS = [];
$G_CONTROLLER_DBLINK = mysqli_shared_connect(NQ_CONTROLLER_HOST, NQ_CONTROLLER_USERNAME, NQ_CONTROLLER_PASSWORD, $G_SHARED_DBLINKS);
$G_STORAGE_CONTROLLER_DBLINK = mysqli_shared_connect(NQ_DATABASE_STORAGE_HOST, NQ_DATABASE_STORAGE_USERNAME, NQ_DATABASE_STORAGE_PASSWORD, $G_SHARED_DBLINKS);
# Making sure we have a connection
if (!$G_CONTROLLER_DBLINK || !$G_STORAGE_CONTROLLER_DBLINK) {
exit_fail(NQ_ERROR_SERVICE_UNAVAILABLE, 'Service temporarily unavailable.', false);
}
# If we are debugging
if (NQ_DEBUG_ENABLED) {
# New debug object
$G_DEBUG_DATA = new stdClass();
# If we want to include the config
if (NQ_DEBUG_CONFIG) {
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
# Including our configuration
require_once dirname(__FILE__) . '/_includes/config.php';
# Handling our global json parsing
$_JPOST = PostParser::decode();
# Validating our app
if (hash('sha256', $G_APP_DATA['secret']) != $_JPOST->app_secret) {
exit_fail(NQ_ERROR_SERVICE_UNAVAILABLE, 'Service unavailable.');
}
# Setting our token data
$query = "\tSELECT\n\t\t\t\t`session_id`\n\t\t\tFROM\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`hash_id`='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->token) . "'\n\t\t\tLIMIT 1";
$token_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query);
# Updating our data
$query = "\tSELECT\n\t\t\t\t`details`\n\t\t\tFROM\n\t\t\t\t" . NQ_ACCESS_SESSION_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token_data['session_id']) . "'\n\t\t\tLIMIT 1";
$session_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query);
# Creating our token string
$strlen = PostParser::send(json_decode($session_data['details']));
/* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */
# Opening our tracking dblink
$G_TRACKING_DBLINK = mysqli_shared_connect(NQ_TRACKING_HOST, NQ_TRACKING_USERNAME, NQ_TRACKING_PASSWORD, $G_SHARED_DBLINKS);
# Closing the controller dblink
mysqli_shared_close($G_CONTROLLER_DBLINK, $G_SHARED_DBLINKS);
# Adding our usage
track_endpoint($G_SHARED_DBLINKS, $G_APP_DATA['id'], $G_APP_ENVIRONMENT, $_ENDPOINT, $strlen);
}
# Adding our access token
$query = "\tINSERT INTO\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tSET\n\t\t\t\t`hash_id`\t='" . hash('sha256', mt_rand(1, 9999999)) . "',\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t`domain`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->domain) . "',\n\t\t\t\t`created`\t= NOW(),\n\t\t\t\t`expires`\t='" . $token->expires_date . "',\n\t\t\t\t`privileges`\t=" . (int) $token_id . ",\n\t\t\t\t`session_id`\t=" . (int) $session_id . ",\n\t\t\t\t`ip`\t\t=" . (int) ip2long($_SERVER['REMOTE_ADDR']) . ",\n\t\t\t\t`user_agent`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->user_agent) . "'";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
$token->id = mysqli_insert_id($G_CONTROLLER_DBLINK);
# Encoding our token id
$hashed_id = hash('sha256', uniqid($token->id, true));
$query = "\tUPDATE\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tSET\n\t\t\t\t`hash_id`='" . $hashed_id . "'\n\t\t\tWHERE\n\t\t\t\t`id`=" . (int) $token->id . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
$token->id = $hashed_id;
# Handling secondary token
if ($secondary_token_id > 0) {
# Adding our access token
$query = "\tINSERT INTO\n\t\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`hash_id`\t='" . hash('sha256', mt_rand(1, 9999999)) . "',\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t`domain`\t='" . $token->domain . "',\n\t\t\t\t\t`created`\t= NOW(),\n\t\t\t\t\t`expires`\t='" . $token->expires_date . "',\n\t\t\t\t\t`privileges`\t=" . (int) $secondary_token_id . ",\n\t\t\t\t\t`session_id`\t=" . (int) $session_id . ",\n\t\t\t\t\t`ip`\t\t=" . (int) ip2long($_JPOST->remote_ip) . ",\n\t\t\t\t\t`user_agent`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->user_agent) . "'";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
$token->secondary_token_id = mysqli_insert_id($G_CONTROLLER_DBLINK);
# Encoding our token alt id
$hashed_id = hash('sha256', uniqid($token->secondary_token_id, true));
$query = "\tUPDATE\n\t\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`hash_id`='" . $hashed_id . "'\n\t\t\t\tWHERE\n\t\t\t\t\t`id`=" . (int) $token->secondary_token_id . "\n\t\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
$token->secondary_token_id = $hashed_id;
}
# Creating our token string
$strlen = PostParser::send($token);
/* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */
# Opening our tracking dblink
$G_TRACKING_DBLINK = mysqli_shared_connect(NQ_TRACKING_HOST, NQ_TRACKING_USERNAME, NQ_TRACKING_PASSWORD, $G_SHARED_DBLINKS);
# Closing the controller dblink
mysqli_shared_close($G_CONTROLLER_DBLINK, $G_SHARED_DBLINKS);
# Adding our usage
track_endpoint($G_SHARED_DBLINKS, $G_APP_DATA['id'], $G_APP_ENVIRONMENT, $_ENDPOINT, $strlen);
function exit_fail($code, $message, $log = true)
{
# Logging our bad request
global $_ENDPOINT;
$log && log_access($_ENDPOINT, false, $message);
# Creating our error message
$error = new stdClass();
$error->success = false;
$error->errorCode = $code;
$error->message = $message;
# Sending our error header
header('HTTP/1.1 403 Unauthorized', true, 403);
# Sending our error data
PostParser::send($error, true, true);
}
