func upload()

1 files changed, 135 insertions, 0 deletions

diff --git a/www/functions/func_upload.php b/www/functions/func_upload.php
new file mode 100755
index 0000000..55d9492
--- /dev/null
+++ b/www/functions/func_upload.php
@@ -0,0 +1,135 @@
+<?php
+
+/* This was tested with this interface, where PWD the primary key from the working directory is:
+
+
+<!DOCTYPE html>
+<form method='post' action='/upload.php' enctype="multipart/form-data">
+<p>File :<input name="userfile" type="file" size="500000000" maxlength="100000000000000"></p>
+
+<p>PWD: <input type='text' name='pwd'></p><!-- an INTEGER!! -->
+<p>Share: <input type='text' name='share'>
+<p><input type='submit' name='submit' value='upload'></p>
+</form>
+
+*/
+
+function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash){
+	if($db->exec("
+		BEGIN TRANSACTION;
+		INSERT INTO files (id, parent, owner, name, folder, mime, size, share, hash) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."', '" . $filehash . "');
+		COMMIT;
+	")){
+		return true;
+	} else  {
+		return false;
+	}
+}
+
+function upload($db){
+
+	if(!$_SESSION["login"]){
+		return UPLOAD_LOGIN;
+	}
+	
+	if($_FILES["userfile"]["error"] > 0 || !$_FILES['userfile']['size'] > 0 || empty($_FILES['userfile']['size'])){
+		return UPLOAD_UPLOAD;
+	}
+
+	$parentdir = SQLite3::escapeString("$_POST[pwd]");
+	if(!preg_match("/[0-9]+/", $parentdir)){
+		return UPLOAD_PARENTFOLDER;
+	}
+
+	$ownername = SQLite3::escapeString($_SESSION['username']);
+	$owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
+	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
+	$owner = $owner_ar[0];
+
+	$overall_size_db = $db->query("SELECT size FROM files WHERE owner=" . $owner . " AND size > 0;");
+	$overall_size = 0;
+	$count = 0;
+	while($row = $overall_size_db->fetchArray(SQLITE3_NUM)){
+		$overall_size = $overall_size + $row[$count];
+		$count++;
+	}
+
+	if($overall_size > 2147483648){		// == 2GB
+		return UPLOAD_QUOTA;
+	}
+
+	$filename = $_FILES['userfile']['name'];
+	$folder = "FILE";
+	$mime = $_FILES['userfile']['type'];
+	$size = $_FILES['userfile']['size'];
+	$share = SQLite3::escapeString($_POST['share']);
+
+	$uploaddir = "../files/";
+
+	//$filehash = hash_file("md5", $uploaddir . $filename);
+	$filehash = hash_file("md5", $_FILES['userfile']['tmp_name']);
+
+	$hashtest_db = $db->query("SELECT hash FROM files WHERE hash='" . $filehash ."';");
+	$hashtest_ar = $hashtest_db->fetchArray(SQLITE3_NUM);
+	if(empty($hashtest_ar[0])){
+
+		if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])){
+
+			if(database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
+				$gzfile = $uploaddir . $filehash . ".gz";
+				$fp = gzopen($gzfile, 'w9');
+
+				if(!gzwrite($fp, file_get_contents($uploaddir . $filename))){
+					return UPLOAD_FILE_HANDLING;
+				}
+
+				if(!gzclose($fp)){
+					return UPLOAD_FILE_HANDLING;
+				}
+
+				if(!unlink($uploaddir . $filename)){
+					return UPLOAD_FILE_HANDLING;
+				}
+
+				return UPLOAD_SUCCESS;
+
+			} else {
+				return UPLOAD_DATABASE;
+			}
+
+		} else {
+			return UPLOAD_MOVING;
+		}
+	} else {
+
+		$dupl_db = $db->query("SELECT parent FROM files WHERE hash='" . $filehash . "';");
+
+		while($row = $dupl_db->fetchArray(SQLITE3_NUM)){
+			if($row[0] == $parentdir){
+				return UPLOAD_DUPLICATE;
+			}
+		}
+		
+		if(!database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
+			return UPLOAD_DATABASE;
+		}
+
+		if(!unlink($_FILES['userfile']['tmp_name'])){
+			return UPLOAD_FILE_HANDLING;
+		}
+
+		return UPLOAD_SUCCESS;
+	}
+}
+
+//not used atm
+
+//function web_upload($db){
+//	$url = $_POST["url"]; 
+//	if(preg_match("/^((https?|ftp)?://|www\.|ftp\.)?([-a-z0-9+&@#/%?=~_|!:,.;]+\.)+[a-z]{2}[a-z]*/i", $url)){
+//		echo "hyperlink detected";
+//	} else {
+//		echo "no hyperlink";
+//	}
+//}
+