1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
<?
function error($reason){
echo "Failure! <br>";
echo $reason;
exit;
}
function upload($db){
if(!$_SESSION["login"]){
error("Operation not permitted.");
exit;
}
if($_FILES["userfile"]["error"] > 0 || !$_FILE['userfile']['size'] > 0 || empty($_FILE['userfile']['size'])){
error("Error while proceding the upload: " . $_FILES['userfile']['error']);
}
$parentdir = SQLite3::escapeString("$_POST[pwd]");
if(!preg_match("/[0-9]+/", $parentdir)){
error("Invalid parent folder.");
}
$ownername = SQLite3::escapeString($_SESSION['username']);
$owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
$owner = $owner_ar[0];
$filename = $_FILE['userfile']['name'];
$folder = "FILE";
$mime = $_FILE['userfile']['type'];
$size = $_FILE['userfile']['size'];
$share = SQLite3::escapeString('$_POST[share]');
$uploaddir = "../files/";
if($db->exec("
BEGIN TRANSACTION;
INSERT INTO files (id, parent, owner, name, folder, mime, size, share) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."');
COMMIT;
")){
$id = SQLite3::lastInsertRowID();
if(move_uploaded_file($_FILE['userfile']['tmp_username'], $uploaddir . $_FILE['userfile']['name'])){
if(rename($uploaddir . $filename, $uploaddir . $id)){
echo "Success!";
} else {
echo "Failure!";
}
} else {
error("Upload failed");
exit;
}
}
}
|
