File :

PWD:

Share:

*/ function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash){ if($db->exec(" BEGIN TRANSACTION; INSERT INTO files (id, parent, owner, name, folder, mime, size, share, hash) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."', '" . $filehash . "'); COMMIT; ")){ return true; } else { return false; } } function upload($db){ if(!$_SESSION["login"]){ return UPLOAD_LOGIN; } if($_FILES["userfile"]["error"] > 0 || !$_FILES['userfile']['size'] > 0 || empty($_FILES['userfile']['size'])){ return UPLOAD_UPLOAD; } $parentdir = SQLite3::escapeString("$_POST[pwd]"); if(!preg_match("/[0-9]+/", $parentdir)){ return UPLOAD_PARENTFOLDER; } $ownername = SQLite3::escapeString($_SESSION['username']); $owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';"); $owner_ar = $owner_db->fetchArray(SQLITE3_NUM); $owner = $owner_ar[0]; $overall_size_db = $db->query("SELECT size FROM files WHERE owner=" . $owner . " AND size > 0;"); $overall_size = 0; $count = 0; while($row = $overall_size_db->fetchArray(SQLITE3_NUM)){ $overall_size = $overall_size + $row[$count]; $count++; } if($overall_size > 2147483648){ // == 2GB return UPLOAD_QUOTA; } $filename = $_FILES['userfile']['name']; $folder = "FILE"; $mime = $_FILES['userfile']['type']; $size = $_FILES['userfile']['size']; $share = SQLite3::escapeString($_POST['share']); $uploaddir = "../files/"; //$filehash = hash_file("md5", $uploaddir . $filename); $filehash = hash_file("md5", $_FILES['userfile']['tmp_name']); $hashtest_db = $db->query("SELECT hash FROM files WHERE hash='" . $filehash ."';"); $hashtest_ar = $hashtest_db->fetchArray(SQLITE3_NUM); if(empty($hashtest_ar[0])){ if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])){ if(database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){ $gzfile = $uploaddir . $filehash . ".gz"; $fp = gzopen($gzfile, 'w9'); if(!gzwrite($fp, file_get_contents($uploaddir . $filename))){ return UPLOAD_FILE_HANDLING; } if(!gzclose($fp)){ return UPLOAD_FILE_HANDLING; } if(!unlink($uploaddir . $filename)){ return UPLOAD_FILE_HANDLING; } return UPLOAD_SUCCESS; } else { return UPLOAD_DATABASE; } } else { return UPLOAD_MOVING; } } else { $dupl_db = $db->query("SELECT parent FROM files WHERE hash='" . $filehash . "';"); while($row = $dupl_db->fetchArray(SQLITE3_NUM)){ if($row[0] == $parentdir){ return UPLOAD_DUPLICATE; } } if(!database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){ return UPLOAD_DATABASE; } if(!unlink($_FILES['userfile']['tmp_name'])){ return UPLOAD_FILE_HANDLING; } return UPLOAD_SUCCESS; } } //not used atm //function web_upload($db){ // $url = $_POST["url"]; // if(preg_match("/^((https?|ftp)?://|www\.|ftp\.)?([-a-z0-9+&@#/%?=~_|!:,.;]+\.)+[a-z]{2}[a-z]*/i", $url)){ // echo "hyperlink detected"; // } else { // echo "no hyperlink"; // } //}