From 66b515b718fb2de57462c1aa172d89b94936cef5 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 10 Mar 2014 18:08:08 +0100 Subject: file upload --- www/upload.php | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 www/upload.php (limited to 'www/upload.php') diff --git a/www/upload.php b/www/upload.php new file mode 100644 index 0000000..cd8c3af --- /dev/null +++ b/www/upload.php @@ -0,0 +1,57 @@ +"; + echo $reason; + exit; +} + +function upload($db){ + + if(!$_SESSION["login"]){ + error("Operation not permitted."); + exit; + } + + if($_FILES["userfile"]["error"] > 0 || !$_FILE['userfile']['size'] > 0 || empty($_FILE['userfile']['size'])){ + error("Error while proceding the upload: " . $_FILES['userfile']['error']); + } + + $parentdir = SQLite3::escapeString("$_POST[pwd]"); + if(!preg_match("/[0-9]+/", $parentdir)){ + error("Invalid parent folder."); + } + + $ownername = SQLite3::escapeString($_SESSION['username']); + $owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';"); + $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); + $owner = $owner_ar[0]; + + $filename = $_FILE['userfile']['name']; + $folder = "FILE"; + $mime = $_FILE['userfile']['type']; + $size = $_FILE['userfile']['size']; + $share = SQLite3::escapeString('$_POST[share]'); + + $uploaddir = "../files/"; + + if($db->exec(" + BEGIN TRANSACTION; + INSERT INTO files (id, parent, owner, name, folder, mime, size, share) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."'); + COMMIT; + ")){ + $id = SQLite3::lastInsertRowID(); + if(move_uploaded_file($_FILE['userfile']['tmp_username'], $uploaddir . $_FILE['userfile']['name'])){ + if(rename($uploaddir . $filename, $uploaddir . $id)){ + echo "Success!"; + } else { + echo "Failure!"; + } + + } else { + error("Upload failed"); + exit; + } + } + +} -- cgit v1.2.3