Initial commit :-)

docs/network-api.txt

@@ -0,0 +1,10 @@
+puush version       r83
+puush server        216.155.137.235
+
+UPLOADING
+POST        ->  http://puush.me/api/up
+                "k" = ?
+                "c" = ?
+                "z" = "poop" -- junk
+                "f" = image
+            <-  0,http://puu.sh/IMGID,??,??

docs/rewrite.txt

@@ -0,0 +1,10 @@
+Lighttpd
+img\.griefcraft\.com would of course become whatever your image domain is
+
+$HTTP["host"] =~ "^(img\.griefcraft\.com|puush\.me)$" {
+        server.document-root = "/var/www/servers/img.griefcraft.com/"
+        url.rewrite-once = (
+                "^/api/up" => "/upload.php",
+                "^/([a-zA-Z0-9]+)$" => "/view.php?image=$1"
+        )
+}

web/config.php

@@ -0,0 +1,28 @@
+<?php
+
+// The folder where uploads are stored in
+define ('UPLOAD_DIR', '/var/www/uploads/');
+
+// The formatted url to send to the client, where %s is the generated file name
+define ('FORMATTED_URL', 'http://img.griefcraft.com/%s');
+
+// The max file size, default 250 MB ( 250 * 1024 * 1024 )
+define ('MAX_FILE_SIZE', 250 * 1024 * 1024);
+
+// Mime types
+$mime = array('image/gif' => 'gif',
+    'image/jpeg' => 'jpeg',
+    'image/jpeg' => 'jpg',
+    'image/png' => 'png',
+    'image/psd' => 'psd',
+    'image/bmp' => 'bmp',
+    'image/tiff' => 'tiff',
+    'image/tiff' => 'tiff',
+    'image/jp2' => 'jp2',
+    'image/iff' => 'iff',
+    'image/vnd.wap.wbmp' => 'bmp',
+    'image/xbm' => 'xbm',
+    'image/vnd.microsoft.icon' => 'ico');
+
+// Extension whitelist
+$image_whitelist = array('jpg', 'jpeg', 'png', 'gif','bmp');

web/func.php

@@ -0,0 +1,92 @@
+<?php
+
+if (!defined('puush')) exit('Bonjour');
+
+/**
+ * Generate an uploaded file's name to use
+ * @return string
+ */
+function generate_upload_name($ext)
+{
+    $name = NULL;
+
+    do {
+        $name = random_filename();
+    } while (file_exists(UPLOAD_DIR . $name . '.' . $ext));
+
+    return $name;
+}
+
+/**
+ * Generates a random file name
+ */
+function random_filename()
+{
+    $random_string = md5(uniqid(rand(), true));
+
+    // chop it down to random length
+    return substr($random_string, 0, rand(2, 4));
+}
+
+/**
+ * Get a post variable and exit if it was not given
+ * @param $name
+ */
+function get_post_var($name)
+{
+    if (!isset($_POST[$name]))
+    {
+        exit ('ERR Missing post arguments.');
+    }
+
+    return $_POST[$name];
+}
+
+/**
+ * Get the extension for a given image
+ * @param $image
+ * @return string
+ */
+function get_ext($image)
+{
+    return end(explode('.', $image));
+}
+
+/**
+ * Validate an image
+ * @param $image
+ * @return TRUE if the image is valid
+ */
+function validate_image($image)
+{
+    global $mime , $image_whitelist;
+
+    // Get the info for the image
+    $info = getimagesize($image['tmp_name']);
+
+    // Is it invalid?
+    if (empty($info))
+    {
+        return FALSE;
+    }
+
+    // Verify the mimetype
+    $mime_type = $info['mime'];
+
+    if (!isset($mime[$mime_type]))
+    {
+        return FALSE;
+    }
+
+    // Get the file extension
+    $ext = get_ext($image['name']);
+
+    // Compare it to the whitelist
+    if (!in_array($ext, $image_whitelist))
+    {
+        return FALSE;
+    }
+
+    // It is good
+    return TRUE;
+}

web/upload.php

@@ -0,0 +1,42 @@
+<?php
+
+define('puush', '');
+require_once 'config.php';
+require_once 'func.php';
+
+// ?
+$k = get_post_var('k');
+
+// ?
+$c = get_post_var('c');
+
+// Check for the file
+if (!isset($_FILES['f']))
+{
+    exit ('ERR No file provided.');
+}
+
+// The file they are uploading
+$file = $_FILES['f'];
+
+// Check the size, max 250 MB
+if ($file['size'] > MAX_FILE_SIZE)
+{
+    exit ('ERR File is too big.');
+}
+
+// Ensure the image is actually a file and not a friendly virus
+if (validate_image($file) === FALSE)
+{
+    exit ('ERR Invalid image.');
+}
+
+// Generate a new file name
+$ext = get_ext($file['name']);
+$generated_name = generate_upload_name($ext);
+
+// Move the file
+move_uploaded_file($file['tmp_name'], UPLOAD_DIR . $generated_name . '.' . $ext);
+
+// ahem
+echo '0,' . sprintf(FORMATTED_URL, $generated_name) . ',-1,-1';

web/view.php

@@ -0,0 +1,47 @@
+<?php
+
+define('puush', '');
+require_once 'config.php';
+require_once 'func.php';
+
+if (!isset($_GET['image']))
+{
+    exit ('ERR No image provided.');
+}
+
+// The image to find
+$image = basename(urldecode($_GET['image']));
+
+// Look for the image
+$matched = glob (UPLOAD_DIR . $image . '.*');
+
+// Did we find an image?
+if (empty($matched))
+{
+    exit ('ERR No image found.');
+}
+
+// The matched image location (relative.)
+$matched = $matched[0];
+
+// Get the extension
+$ext = strtolower(get_ext($matched));
+
+// Look for an appropriate mime type
+$mime = array_search($ext, $mime);
+
+// Did we find one?
+if ($mime !== FALSE)
+{
+    // Set our headers
+    header('Content-type: ' . $mime);
+    header('Expires: 0');
+    header('Cache-Control: must-revalidate');
+
+    // Prepare to send the image
+    ob_clean();
+    flush();
+
+    // Send the image
+    readfile($matched);
+}