|
|
|
@@ -6,6 +6,11 @@ require '_user.php';
|
|
|
|
session_start();
|
|
|
|
session_start();
|
|
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
const MAX_UPLOAD_FILE_SIZE_MB = 32;
|
|
|
|
|
|
|
|
const MAX_UPLOAD_FILE_SIZE_BYTES = MAX_UPLOAD_FILE_SIZE_MB * 1024 * 1024;
|
|
|
|
|
|
|
|
ini_set('upload_max_filesize', MAX_UPLOAD_FILE_SIZE_MB . 'M');
|
|
|
|
|
|
|
|
ini_set('post_max_size', (MAX_UPLOAD_FILE_SIZE_MB + 1) . 'M');
|
|
|
|
|
|
|
|
|
|
|
|
/* ─────────────────────────────
|
|
|
|
/* ─────────────────────────────
|
|
|
|
Security
|
|
|
|
Security
|
|
|
|
───────────────────────────── */
|
|
|
|
───────────────────────────── */
|
|
|
|
@@ -346,8 +351,10 @@ if ($action === 'identity_edit') {
|
|
|
|
if ($safeName === '') {
|
|
|
|
if ($safeName === '') {
|
|
|
|
$safeName = 'file';
|
|
|
|
$safeName = 'file';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
do {
|
|
|
|
$storedName = bin2hex(random_bytes(12)) . '_' . $safeName;
|
|
|
|
$storedName = bin2hex(random_bytes(12)) . '_' . $safeName;
|
|
|
|
$destination = $uploadDir . $storedName;
|
|
|
|
$destination = $uploadDir . $storedName;
|
|
|
|
|
|
|
|
} while (is_file($destination));
|
|
|
|
|
|
|
|
|
|
|
|
if (!move_uploaded_file($tmpName, $destination)) {
|
|
|
|
if (!move_uploaded_file($tmpName, $destination)) {
|
|
|
|
$fileUploadErrors[] = sprintf('Speichern von %s fehlgeschlagen.', $originalName);
|
|
|
|
$fileUploadErrors[] = sprintf('Speichern von %s fehlgeschlagen.', $originalName);
|
|
|
|
@@ -477,6 +484,18 @@ if ($action === 'identity_edit') {
|
|
|
|
if ($identityFiles === false) {
|
|
|
|
if ($identityFiles === false) {
|
|
|
|
$identityFiles = [];
|
|
|
|
$identityFiles = [];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$duplicateFilenameCounts = [];
|
|
|
|
|
|
|
|
foreach ($identityFiles as $file) {
|
|
|
|
|
|
|
|
$filename = $file['filename'] ?? '';
|
|
|
|
|
|
|
|
if ($filename === '') {
|
|
|
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
$duplicateFilenameCounts[$filename] = ($duplicateFilenameCounts[$filename] ?? 0) + 1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
$duplicateFileNames = array_keys(array_filter(
|
|
|
|
|
|
|
|
$duplicateFilenameCounts,
|
|
|
|
|
|
|
|
static fn (int $count): bool => $count > 1
|
|
|
|
|
|
|
|
));
|
|
|
|
?>
|
|
|
|
?>
|
|
|
|
<!doctype html>
|
|
|
|
<!doctype html>
|
|
|
|
<html>
|
|
|
|
<html>
|
|
|
|
@@ -581,10 +600,18 @@ if ($action === 'identity_edit') {
|
|
|
|
<?php if ($fileDeleteMessage !== ''): ?>
|
|
|
|
<?php if ($fileDeleteMessage !== ''): ?>
|
|
|
|
<p style="color:#22c55e; margin-top:.25rem;"><?= htmlspecialchars($fileDeleteMessage) ?></p>
|
|
|
|
<p style="color:#22c55e; margin-top:.25rem;"><?= htmlspecialchars($fileDeleteMessage) ?></p>
|
|
|
|
<?php endif; ?>
|
|
|
|
<?php endif; ?>
|
|
|
|
|
|
|
|
<?php if (!empty($duplicateFileNames)): ?>
|
|
|
|
|
|
|
|
<p style="color:#fbbf24; margin-top:.25rem;">
|
|
|
|
|
|
|
|
Dateien mit identischem Dateinamen bleiben getrennt und können einzeln gelöscht.
|
|
|
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<?php endif; ?>
|
|
|
|
<ul>
|
|
|
|
<ul>
|
|
|
|
<?php foreach ($identityFiles as $file): ?>
|
|
|
|
<?php foreach ($identityFiles as $file): ?>
|
|
|
|
<li>
|
|
|
|
<li>
|
|
|
|
<?= htmlspecialchars($file['filename']) ?> (ID <?= (int)$file['id'] ?>)
|
|
|
|
<?= htmlspecialchars($file['filename']) ?> (ID <?= (int)$file['id'] ?>)
|
|
|
|
|
|
|
|
<?php if (!empty($duplicateFileNames) && in_array($file['filename'], $duplicateFileNames, true)): ?>
|
|
|
|
|
|
|
|
<span style="color:#fbbf24; margin-left:.5rem; font-size:.85rem;">mehrfach vorhanden</span>
|
|
|
|
|
|
|
|
<?php endif; ?>
|
|
|
|
<form method="post" style="display:inline; margin-left:.75rem;">
|
|
|
|
<form method="post" style="display:inline; margin-left:.75rem;">
|
|
|
|
<input type="hidden" name="file_id" value="<?= (int)$file['id'] ?>">
|
|
|
|
<input type="hidden" name="file_id" value="<?= (int)$file['id'] ?>">
|
|
|
|
<button name="delete_file" type="submit"
|
|
|
|
<button name="delete_file" type="submit"
|
|
|
|
@@ -774,6 +801,26 @@ if ($action === 'uuid_edit') {
|
|
|
|
"i",
|
|
|
|
"i",
|
|
|
|
[$token['identity_id']]
|
|
|
|
[$token['identity_id']]
|
|
|
|
);
|
|
|
|
);
|
|
|
|
|
|
|
|
$files = $sql->get(
|
|
|
|
|
|
|
|
"SELECT id, filename FROM files
|
|
|
|
|
|
|
|
WHERE identity_id = ?
|
|
|
|
|
|
|
|
AND (token_id IS NULL OR token_id = ?)
|
|
|
|
|
|
|
|
ORDER BY uploaded_at DESC",
|
|
|
|
|
|
|
|
"ii",
|
|
|
|
|
|
|
|
[$token['identity_id'], $token['id']]
|
|
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
if ($files === false) {
|
|
|
|
|
|
|
|
$files = [];
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
$fileLinks = array_filter(array_map(static function ($file) use ($uuid) {
|
|
|
|
|
|
|
|
if (empty($file['id'])) {
|
|
|
|
|
|
|
|
return null;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return [
|
|
|
|
|
|
|
|
'url' => '/download.php?id=' . (int)$file['id'] . '&uuid=' . urlencode($uuid),
|
|
|
|
|
|
|
|
'filename' => (string)($file['filename'] ?: 'Datei'),
|
|
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
}, $files));
|
|
|
|
?>
|
|
|
|
?>
|
|
|
|
<!doctype html>
|
|
|
|
<!doctype html>
|
|
|
|
<html><head><meta charset="utf-8"><title>UUID bearbeiten</title><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
|
|
|
|
<html><head><meta charset="utf-8"><title>UUID bearbeiten</title><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
|
|
|
|
@@ -801,6 +848,20 @@ if ($action === 'uuid_edit') {
|
|
|
|
<button>Speichern</button>
|
|
|
|
<button>Speichern</button>
|
|
|
|
</form>
|
|
|
|
</form>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<?php if (!empty($fileLinks)): ?>
|
|
|
|
|
|
|
|
<h3>Dateien</h3>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
|
|
|
|
<?php foreach ($fileLinks as $link): ?>
|
|
|
|
|
|
|
|
<li>
|
|
|
|
|
|
|
|
<a href="<?= htmlspecialchars($link['url']) ?>"
|
|
|
|
|
|
|
|
target="_blank" rel="noopener noreferrer">
|
|
|
|
|
|
|
|
<?= htmlspecialchars($link['filename']) ?>
|
|
|
|
|
|
|
|
</a>
|
|
|
|
|
|
|
|
</li>
|
|
|
|
|
|
|
|
<?php endforeach; ?>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<?php endif; ?>
|
|
|
|
|
|
|
|
|
|
|
|
<p><a href="admin.php">← zurück</a></p>
|
|
|
|
<p><a href="admin.php">← zurück</a></p>
|
|
|
|
</body></html>
|
|
|
|
</body></html>
|
|
|
|
<?php
|
|
|
|
<?php
|
|
|
|
@@ -872,15 +933,8 @@ $identities = $sql->get("SELECT * FROM identities ORDER BY id DESC");
|
|
|
|
<?php
|
|
|
|
<?php
|
|
|
|
//TODO einheitliches dunkles design
|
|
|
|
//TODO einheitliches dunkles design
|
|
|
|
|
|
|
|
|
|
|
|
//TODO upload filesize vergrößern auf 32MB
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//TODO im bereich UUID bearbeiten sollen files mit dem dateinamen und einem link (target=_blank) dargestellt werden und nicht mit der id
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//TODO prüfen was passiert, wenn mehrere dateien mit dem gleichen dateinamen hochgeladen werden
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//TODO option schaffen eine bestehende datei zu überschreiben ??? bzw prüfen ob das notwendig ist
|
|
|
|
//TODO option schaffen eine bestehende datei zu überschreiben ??? bzw prüfen ob das notwendig ist
|
|
|
|
|
|
|
|
|
|
|
|
//TODO anzeige von einer gelöschten oder leeren datei ausblenden, bei vollzogenem löschvorgang
|
|
|
|
//TODO anzeige von einer gelöschten oder leeren datei ausblenden, bei vollzogenem löschvorgang
|
|
|
|
|
|
|
|
|
|
|
|
//TODO prüfen ob dateien nur mit korrektem uuid herunterladbar sind
|
|
|
|
|
|
|
|
?>
|
|
|
|
?>
|
|
|
|
|
