1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
<?php
function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash){
if($db->exec("
BEGIN TRANSACTION;
INSERT INTO files (id, parent, owner, name, folder, mime, size, share, hash) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."', '" . $filehash . "');
COMMIT;
")){
return true;
} else {
return false;
}
}
function upload($path){
$db = $GLOBALS["db"];
if(!$_SESSION["login"]){
return UPLOAD_LOGIN;
}
if($_FILES["userfile"]["error"] > 0 || !$_FILES['userfile']['size'] > 0 || empty($_FILES['userfile']['size'])){
return UPLOAD_UPLOAD;
}
$parentdir = select_file_id($db, $_SESSION["userid"], $path);
$folder_owner_db = $db->query("SELECT owner FROM files WHERE id=".$parentdir.";");
$folder_owner_ar = $folder_owner_db->fetchArray(SQLITE3_NUM);
if($folder_owner_ar[0] != $_SESSION["userid"]){
return UPLOAD_FOLDER_NOT_OWNER;
}
$owner = $_SESSION["userid"];
$overall_size_db = $db->query("SELECT size FROM files WHERE owner=" . $owner . " AND size > 0;");
$overall_size = 0;
$count = 0;
while($row = $overall_size_db->fetchArray(SQLITE3_NUM)){
$overall_size = $overall_size + $row[$count];
$count++;
}
if($overall_size > 2147483648){ // == 2GB
return UPLOAD_QUOTA;
}
$filename = $_FILES['userfile']['name'];
$folder = "FILE";
$mime = $_FILES['userfile']['type'];
$size = $_FILES['userfile']['size'];
$share = SQLite3::escapeString($_POST['share']);
$uploaddir = "../files/";
//$filehash = hash_file("md5", $uploaddir . $filename);
$filehash = hash_file("md5", $_FILES['userfile']['tmp_name']);
$hashtest_db = $db->query("SELECT hash FROM files WHERE hash='" . $filehash ."';");
$hashtest_ar = $hashtest_db->fetchArray(SQLITE3_NUM);
if(empty($hashtest_ar[0])){
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])){
if(database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
$gzfile = $uploaddir . $filehash . ".gz";
$fp = gzopen($gzfile, 'w9');
if(!gzwrite($fp, file_get_contents($uploaddir . $filename))){
return UPLOAD_FILE_HANDLING;
}
if(!gzclose($fp)){
return UPLOAD_FILE_HANDLING;
}
if(!unlink($uploaddir . $filename)){
return UPLOAD_FILE_HANDLING;
}
return UPLOAD_SUCCESS;
} else {
return UPLOAD_DATABASE;
}
} else {
return UPLOAD_MOVING;
}
} else {
$dupl_db = $db->query("SELECT parent FROM files WHERE hash='" . $filehash . "';");
while($row = $dupl_db->fetchArray(SQLITE3_NUM)){
if($row[0] == $parentdir){
return UPLOAD_DUPLICATE;
}
}
if(!database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
return UPLOAD_DATABASE;
}
if(!unlink($_FILES['userfile']['tmp_name'])){
return UPLOAD_FILE_HANDLING;
}
return UPLOAD_SUCCESS;
}
}
//not used atm
//function web_upload($db){
// $url = $_POST["url"];
// if(preg_match("/^((https?|ftp)?://|www\.|ftp\.)?([-a-z0-9+&@#/%?=~_|!:,.;]+\.)+[a-z]{2}[a-z]*/i", $url)){
// echo "hyperlink detected";
// } else {
// echo "no hyperlink";
// }
//}
|
