file upload

1 files changed, 57 insertions, 0 deletions

diff --git a/www/upload.php b/www/upload.php
new file mode 100644
index 0000000..cd8c3af
--- /dev/null
+++ b/www/upload.php
@@ -0,0 +1,57 @@
+<?
+
+function error($reason){
+	echo "Failure! <br>";
+	echo $reason;
+	exit;
+}
+
+function upload($db){
+
+	if(!$_SESSION["login"]){
+		error("Operation not permitted.");
+		exit;
+	}
+	
+	if($_FILES["userfile"]["error"] > 0 || !$_FILE['userfile']['size'] > 0 || empty($_FILE['userfile']['size'])){
+		error("Error while proceding the upload: " . $_FILES['userfile']['error']);
+	}
+
+	$parentdir = SQLite3::escapeString("$_POST[pwd]");
+	if(!preg_match("/[0-9]+/", $parentdir)){
+		error("Invalid parent folder.");
+	}
+
+	$ownername = SQLite3::escapeString($_SESSION['username']);
+	$owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
+	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
+	$owner = $owner_ar[0];
+
+	$filename = $_FILE['userfile']['name'];
+	$folder = "FILE";
+	$mime = $_FILE['userfile']['type'];
+	$size = $_FILE['userfile']['size'];
+	$share = SQLite3::escapeString('$_POST[share]');
+
+	$uploaddir = "../files/";
+
+	if($db->exec("
+		BEGIN TRANSACTION;
+		INSERT INTO files (id, parent, owner, name, folder, mime, size, share) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."');
+		COMMIT;
+	")){
+		$id = SQLite3::lastInsertRowID();
+		if(move_uploaded_file($_FILE['userfile']['tmp_username'], $uploaddir . $_FILE['userfile']['name'])){
+			if(rename($uploaddir . $filename, $uploaddir . $id)){
+				echo "Success!";
+			} else {
+				echo "Failure!";
+			}
+
+		} else {
+			error("Upload failed");
+			exit;
+		}
+	}
+
+}