From faa66b350b7c95701654cae59583761feaeeb3d3 Mon Sep 17 00:00:00 2001
From: Horus3
Date: Tue, 18 Mar 2014 00:14:37 +0100
Subject: func upload()
---
www/constants.php | 10 ++++
www/createfolder.php | 96 ------------------------------
www/functions/func_upload.php | 135 ++++++++++++++++++++++++++++++++++++++++++
www/upload.php | 122 --------------------------------------
4 files changed, 145 insertions(+), 218 deletions(-)
delete mode 100755 www/createfolder.php
create mode 100755 www/functions/func_upload.php
delete mode 100755 www/upload.php
(limited to 'www')
diff --git a/www/constants.php b/www/constants.php
index 9d3bd7f..235f34a 100644
--- a/www/constants.php
+++ b/www/constants.php
@@ -34,3 +34,13 @@ define("MKDIR_SUCCESS", 24);
define("MKDIR_OWNER", 25);
define("MKDIR_LOGIN", 26);
define("MKDIR_DATABASE", 27);
+
+define("UPLOAD_SUCCESS", 28);
+define("UPLOAD_DATABASE", 29);
+define("UPLOAD_LOGIN", 30);
+define("UPLOAD_UPLOAD", 31);
+define("UPLOAD_PARENTFOLDER", 32); // cur. tested if integer. Later should be if owner and uploader the same person
+define("UPLOAD_QUOTA", 33);
+define("UPLOAD_FILE_HANDLING", 34);
+define("UPLOAD_MOVING", 35);
+define("UPLOAD_DUPLICATE", 36);
diff --git a/www/createfolder.php b/www/createfolder.php
deleted file mode 100755
index 563f352..0000000
--- a/www/createfolder.php
+++ /dev/null
@@ -1,96 +0,0 @@
-query("SELECT id FROM user WHERE name='" . $sname . "';");
- $id_ar = $id_db->fetchArray(SQLITE3_NUM);
- $id = $id_ar[0];
-
- if(!preg_match("/[0-9]+/", $id)){
- database_error();
- }
-
- for($i=0; $i<$length; $i++){
- if(!empty($folder_array_unsafe[$i])){
- $folder_array[$i]=SQLite3::escapeString("$folder_array_unsafe[$i]");
- if($absolutpath){
- if($db->exec("
- INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (NULL, " . $k . ", " . $id . ", '" . $folder_array[$i] . "', '" . $type . "', 0, '" . $public . "', '');
- ")){
- $primary_key_db = $db->query("SELECT id FROM files WHERE name='" . $folder_array[$i] . "';");
- $primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
- $primary_key = $primary_key_ar[0];
- $k=$primary_key;
- } else {
- database_error();
- }
- } else {
- $primary_key_db = $db->query("SELECT id FROM files WHERE name='".$pwd."';"); //TODO That doesn't make any sense to me at all! //This makes sense in the context.
- $primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
- $primary_key = $primary_key_ar[0];
- if($db->exec("
- BEGIN TRANSACTION;
- INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (NULL, " . $primary_key . ", " . $id . ", '" . $folder_array[$i] . "', '" . $type . "', 0, '" . $public . "', '');
- COMMIT;
- ")){
- $pwd='$folder_array[$i]';
- } else {
- database_error();
- }
- }
- }
-
- }
-
- header("Refresh: 0; /" . $name);
-
-} else {
-
- echo "Hallo $_SESSION[username];
- ";
-
- echo "END";
-}
diff --git a/www/functions/func_upload.php b/www/functions/func_upload.php
new file mode 100755
index 0000000..55d9492
--- /dev/null
+++ b/www/functions/func_upload.php
@@ -0,0 +1,135 @@
+
+
+
+*/
+
+function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash){
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO files (id, parent, owner, name, folder, mime, size, share, hash) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."', '" . $filehash . "');
+ COMMIT;
+ ")){
+ return true;
+ } else {
+ return false;
+ }
+}
+
+function upload($db){
+
+ if(!$_SESSION["login"]){
+ return UPLOAD_LOGIN;
+ }
+
+ if($_FILES["userfile"]["error"] > 0 || !$_FILES['userfile']['size'] > 0 || empty($_FILES['userfile']['size'])){
+ return UPLOAD_UPLOAD;
+ }
+
+ $parentdir = SQLite3::escapeString("$_POST[pwd]");
+ if(!preg_match("/[0-9]+/", $parentdir)){
+ return UPLOAD_PARENTFOLDER;
+ }
+
+ $ownername = SQLite3::escapeString($_SESSION['username']);
+ $owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
+ $owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
+ $owner = $owner_ar[0];
+
+ $overall_size_db = $db->query("SELECT size FROM files WHERE owner=" . $owner . " AND size > 0;");
+ $overall_size = 0;
+ $count = 0;
+ while($row = $overall_size_db->fetchArray(SQLITE3_NUM)){
+ $overall_size = $overall_size + $row[$count];
+ $count++;
+ }
+
+ if($overall_size > 2147483648){ // == 2GB
+ return UPLOAD_QUOTA;
+ }
+
+ $filename = $_FILES['userfile']['name'];
+ $folder = "FILE";
+ $mime = $_FILES['userfile']['type'];
+ $size = $_FILES['userfile']['size'];
+ $share = SQLite3::escapeString($_POST['share']);
+
+ $uploaddir = "../files/";
+
+ //$filehash = hash_file("md5", $uploaddir . $filename);
+ $filehash = hash_file("md5", $_FILES['userfile']['tmp_name']);
+
+ $hashtest_db = $db->query("SELECT hash FROM files WHERE hash='" . $filehash ."';");
+ $hashtest_ar = $hashtest_db->fetchArray(SQLITE3_NUM);
+ if(empty($hashtest_ar[0])){
+
+ if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])){
+
+ if(database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
+ $gzfile = $uploaddir . $filehash . ".gz";
+ $fp = gzopen($gzfile, 'w9');
+
+ if(!gzwrite($fp, file_get_contents($uploaddir . $filename))){
+ return UPLOAD_FILE_HANDLING;
+ }
+
+ if(!gzclose($fp)){
+ return UPLOAD_FILE_HANDLING;
+ }
+
+ if(!unlink($uploaddir . $filename)){
+ return UPLOAD_FILE_HANDLING;
+ }
+
+ return UPLOAD_SUCCESS;
+
+ } else {
+ return UPLOAD_DATABASE;
+ }
+
+ } else {
+ return UPLOAD_MOVING;
+ }
+ } else {
+
+ $dupl_db = $db->query("SELECT parent FROM files WHERE hash='" . $filehash . "';");
+
+ while($row = $dupl_db->fetchArray(SQLITE3_NUM)){
+ if($row[0] == $parentdir){
+ return UPLOAD_DUPLICATE;
+ }
+ }
+
+ if(!database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
+ return UPLOAD_DATABASE;
+ }
+
+ if(!unlink($_FILES['userfile']['tmp_name'])){
+ return UPLOAD_FILE_HANDLING;
+ }
+
+ return UPLOAD_SUCCESS;
+ }
+}
+
+//not used atm
+
+//function web_upload($db){
+// $url = $_POST["url"];
+// if(preg_match("/^((https?|ftp)?://|www\.|ftp\.)?([-a-z0-9+&@#/%?=~_|!:,.;]+\.)+[a-z]{2}[a-z]*/i", $url)){
+// echo "hyperlink detected";
+// } else {
+// echo "no hyperlink";
+// }
+//}
+
diff --git a/www/upload.php b/www/upload.php
deleted file mode 100755
index 4cc056c..0000000
--- a/www/upload.php
+++ /dev/null
@@ -1,122 +0,0 @@
-";
- echo $reason;
- exit;
-}
-
-function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash){
- if($db->exec("
- BEGIN TRANSACTION;
- INSERT INTO files (id, parent, owner, name, folder, mime, size, share, hash) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."', '" . $filehash . "');
- COMMIT;
- ")){
- return true;
- } else {
- return false;
- }
-}
-
-function upload($db){
-
- if(!$_SESSION["login"]){
- error("Operation not permitted.");
- exit;
- }
-
- if($_FILES["userfile"]["error"] > 0 || !$_FILES['userfile']['size'] > 0 || empty($_FILES['userfile']['size'])){
- error("Error while proceding the upload: " . $_FILES['userfile']['error']);
- }
-
- $parentdir = SQLite3::escapeString("$_POST[pwd]");
- if(!preg_match("/[0-9]+/", $parentdir)){
- error("Invalid parent folder.");
- }
-
- $ownername = SQLite3::escapeString($_SESSION['username']);
- $owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
- $owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
- $owner = $owner_ar[0];
-
- $overall_size_db = $db->query("SELECT size FROM files WHERE owner=" . $owner . " AND size > 0;");
- $overall_size = 0;
- $count = 0;
- while($row = $overall_size_db->fetchArray(SQLITE3_NUM)){
- $overall_size = $overall_size + $row[$count];
- $count++;
- }
-
- if($overall_size > 2147483648){ // == 2GB
- error("Quota exceeded");
- }
-
- $filename = $_FILES['userfile']['name'];
- $folder = "FILE";
- $mime = $_FILES['userfile']['type'];
- $size = $_FILES['userfile']['size'];
- $share = SQLite3::escapeString($_POST['share']);
-
- $uploaddir = "../files/";
-
- //$filehash = hash_file("md5", $uploaddir . $filename);
- $filehash = hash_file("md5", $_FILES['userfile']['tmp_name']);
-
- $hashtest_db = $db->query("SELECT hash FROM files WHERE hash='" . $filehash ."';");
- $hashtest_ar = $hashtest_ar->fetchArray(SQLITE3_NUM);
- if(empty($hashtest_ar)){
-
- if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])){
-
- if(database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
- $gzfile = $uploaddir . $filehash . ".gz";
- $fp = gzopen($gzfile, 'w9');
-
- if(!gzwrite($fp, file_get_contents($uploaddir . $filename))){
- error("Something wrong writh the intern file handling.");
- }
-
- if(!gzclose($fp)){
- error("Something wrong writh the intern file handling.");
- }
-
- if(!unlink($uploaddir . $filename)){
- error("Something wrong writh the intern file handling.");
- }
-
- echo "Success!";
-
- } else {
- error("Database error.");
- }
-
- } else {
- error("Moving failed.");
- }
- } else {
- if(database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
-
- if(!unlink($_FILES['userfile']['tmp_name'])){
- error("Something wrong writh the intern file handling.");
- }
- echo "Success!";
-
- } else {
- error("Database error.");
- }
- }
-}
-
-function web_upload($db){ // no use atm
- $url = ;
- if(preg_match("/^((https?|ftp)?://|www\.|ftp\.)?([-a-z0-9+&@#/%?=~_|!:,.;]+\.)+[a-z]{2}[a-z]*/i", $url)){
- echo "hyperlink detected";
- } else {
- echo "no hyperlink";
- }
-}
-upload($db);
--
cgit v1.2.3