1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
<?
session_start();
$db = new SQLite3("../database/sqlite.db");
function error($reason){
echo "Failure! <br>";
echo $reason;
exit;
}
function database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash){
if($db->exec("
BEGIN TRANSACTION;
INSERT INTO files (id, parent, owner, name, folder, mime, size, share, hash) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."', '" . $filehash . "');
COMMIT;
")){
return true;
} else {
return false;
}
}
function upload($db){
if(!$_SESSION["login"]){
error("Operation not permitted.");
exit;
}
if($_FILES["userfile"]["error"] > 0 || !$_FILES['userfile']['size'] > 0 || empty($_FILES['userfile']['size'])){
error("Error while proceding the upload: " . $_FILES['userfile']['error']);
}
$parentdir = SQLite3::escapeString("$_POST[pwd]");
if(!preg_match("/[0-9]+/", $parentdir)){
error("Invalid parent folder.");
}
$ownername = SQLite3::escapeString($_SESSION['username']);
$owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
$owner = $owner_ar[0];
$overall_size_db = $db->query("SELECT size FROM files WHERE owner=" . $owner . " AND size > 0;");
$overall_size = 0;
$count = 0;
while($row = $overall_size_db->fetchArray(SQLITE3_NUM)){
$overall_size = $overall_size + $row[$count];
$count++;
}
if($overall_size > 2147483648){ // == 2GB
error("Quota exceeded");
}
$filename = $_FILES['userfile']['name'];
$folder = "FILE";
$mime = $_FILES['userfile']['type'];
$size = $_FILES['userfile']['size'];
$share = SQLite3::escapeString($_POST['share']);
$uploaddir = "../files/";
//$filehash = hash_file("md5", $uploaddir . $filename);
$filehash = hash_file("md5", $_FILES['userfile']['tmp_name']);
$hashtest_db = $db->query("SELECT hash FROM files WHERE hash='" . $filehash ."';");
$hashtest_ar = $hashtest_ar->fetchArray(SQLITE3_NUM);
if(empty($hashtest_ar)){
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])){
if(database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
$gzfile = $uploaddir . $filehash . ".gz";
$fp = gzopen($gzfile, 'w9');
if(!gzwrite($fp, file_get_contents($uploaddir . $filename))){
error("Something wrong writh the intern file handling.");
}
if(!gzclose($fp)){
error("Something wrong writh the intern file handling.");
}
if(!unlink($uploaddir . $filename)){
error("Something wrong writh the intern file handling.");
}
echo "Success!";
} else {
error("Database error.");
}
} else {
error("Moving failed.");
}
} else {
if(database_upload($db, $parentdir, $owner, $filename, $folder, $mime, $size, $share, $filehash)){
if(!unlink($_FILES['userfile']['tmp_name'])){
error("Something wrong writh the intern file handling.");
}
echo "Success!";
} else {
error("Database error.");
}
}
}
function web_upload($db){ // no use atm
$url = ;
if(preg_match("/^((https?|ftp)?://|www\.|ftp\.)?([-a-z0-9+&@#/%?=~_|!:,.;]+\.)+[a-z]{2}[a-z]*/i", $url)){
echo "hyperlink detected";
} else {
echo "no hyperlink";
}
}
upload($db);
|
