summaryrefslogtreecommitdiff
path: root/www/upload.php
blob: 1c64fa199fc73a81762c7cd92599b115e7e756dd (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

<?

session_start();

$db = new SQLite3("../database/sqlite.db");

function error($reason){
	echo "Failure! <br>";
	echo $reason;
	exit;
}

function upload($db){

	if(!$_SESSION["login"]){
		error("Operation not permitted.");
		exit;
	}
	
	if($_FILES["userfile"]["error"] > 0 || !$_FILES['userfile']['size'] > 0 || empty($_FILES['userfile']['size'])){
		error("Error while proceding the upload: " . $_FILES['userfile']['error']);
	}

	$parentdir = SQLite3::escapeString("$_POST[pwd]");
	if(!preg_match("/[0-9]+/", $parentdir)){
		error("Invalid parent folder.");
	}

	$ownername = SQLite3::escapeString($_SESSION['username']);
	$owner_db = $db->query("SELECT id FROM user WHERE name='" . $ownername . "';");
	$owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
	$owner = $owner_ar[0];

	$overall_size_db = $db->query("SELECT size FROM files WHERE owner=" . $owner . " AND size > 0;");
	$overall_size = 0;
	$count = 0;
	while($row = $overall_size_db->fetchArray(SQLITE3_NUM)){
		$overall_size = $overall_size + $row[$count];
		$count++;
	}

	if($overall_size > 2147483648){		// == 2GB
		error("Quota exceeded");
	}

	$filename = $_FILES['userfile']['name'];
	$folder = "FILE";
	$mime = $_FILES['userfile']['type'];
	$size = $_FILES['userfile']['size'];
	$share = SQLite3::escapeString('$_POST[share]');

	$uploaddir = "../files/";

	if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])){
		if($db->exec("
			BEGIN TRANSACTION;
			INSERT INTO files (id, parent, owner, name, folder, mime, size, share) VALUES (NULL, " . $parentdir . ", " . $owner . ", '" . $filename . "', '" . $folder . "', '" . $mime . "', '" . $size . "', '" . $share ."');
			COMMIT;
		")){
			$id = $db->lastInsertRowID();
			$gzfile = $uploaddir . $id . ".gz";
			$fp = gzopen($gzfile, 'w9');
			if(gzwrite($fp, file_get_contents($uploaddir . $filename))){
				if(!gzclose($fp)){
					error("Something wrong writh the intern file handling.");
				}
				if(!unlink($uploaddir . $filename)){
					error("Something wrong writh the intern file handling.");
				}
				echo "Success!";
			} else {
				error("Something wrong writh the intern file handling.");
			}

		} else {
			error("Database error.");
		}
	} else{
		error("Upload failed");
	}
}

upload($db);