1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
<?
session_start();
$db = new SQLite3("../database/sqlite.db");
function error($reason){
echo "Failure! <br>";
echo $reason;
exit;
}
function upload($db){
if(!$_SESSION["login"]){
error("Operation not permitted.");
exit;
}
if($_FILES["userfile"]["error"] > 0 || !$_FILES['userfile']['size'] > 0 || empty($_FILES['userfile']['size'])){
error("Error while proceding the upload: " . $_FILES['userfile']['error']);
}
$parentdir = SQLite3::escapeString("$_POST[pwd]");
if(!preg_match("/[0-9]+/", $parentdir)){
error("Invalid parent folder.");
}
$ownername = SQLite3::escapeString($_SESSION['username']);
$owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
$owner = $owner_ar[0];
$filename = $_FILES['userfile']['name'];
$folder = "FILE";
$mime = $_FILES['userfile']['type'];
$size = $_FILES['userfile']['size'];
$share = SQLite3::escapeString('$_POST[share]');
$uploaddir = "../files/";
if($db->exec("
BEGIN TRANSACTION;
INSERT INTO files (id, parent, owner, name, folder, mime, size, share) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."');
COMMIT;
")){
$id = $db->lastInsertRowID();
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])){
if(rename($uploaddir . $filename, $uploaddir . $id)){
echo "Success!";
} else {
error("Moving failed.");
}
} else {
error("Upload failed");
exit;
}
} else{
error("Database error.");
}
}
upload($db);
|
