-
Notifications
You must be signed in to change notification settings - Fork 0
/
upload.php
105 lines (67 loc) · 2.66 KB
/
upload.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<?php
include('functions.php');
$query = "SELECT * FROM ms_users WHERE id=" . $_SESSION['user']['id'];
$result = mysqli_query($db, $query);
while($row = mysqli_fetch_array($result)){
$unique = $row['idunique'];
$idutente = $row['id'];
}
// DA FIXARE
function uploadOK(){
global $db, $file_count, $idutente;
$query = "SELECT id FROM uploads WHERE owner = $idutente ORDER BY id DESC LIMIT $file_count ";
$result = mysqli_query($db, $query);
while($row = mysqli_fetch_array($result)){
$rows[] = $row;
}
//array of uploaded files id
foreach($rows as list($a))
{
$upids .= $a . ",";
}
//remove last comma
$upids = rtrim($upids,',');
//redirect to home page with uploaded IDs on link
header('location: home.php?uploaded=' . $upids . '');
}
if (!isset($_FILES["item_file"]))
die ("Error: no files uploaded!");
$file_count = count($_FILES["item_file"]['name']);
echo $file_count . " file(s) sent... <BR><BR>";
if(count($_FILES["item_file"]['name'])>0) { //check if any file uploaded
for($j=0; $j < count($_FILES["item_file"]['name']); $j++) { //loop the uploaded file array
$filen = $_FILES["item_file"]['name'][$j];
// get file name (not including path)
$filename = @basename($_FILES["item_file"]['name'][$j]);
// filename of temp uploaded file
$tmp_filename = $_FILES["item_file"]['tmp_name'][$j];
$file_ext = @strtolower(@strrchr($filename,"."));
if (@strpos($file_ext,'.') === false) { // no dot? strange
$errors[] = "Suspicious file name or could not determine file extension.";
break;
}
$file_ext = @substr($file_ext, 1); // remove dot
// destination filename, rename if set to
$dest_filename = $filename;
$dest_filename = md5(uniqid(rand(), true)) . '.' . $file_ext;
// get size
$filesize = filesize($tmp_filename); // filesize($tmp_filename);
// ingore empty input fields
if ($filename!="")
{
// destination path - you can choose any file name here (e.g. random)
$path = "uploads/". $unique . "/" . $dest_filename;
if(move_uploaded_file($_FILES["item_file"]['tmp_name']["$j"],$path)) {
// db file registration
$query = "INSERT INTO uploads (owner, filename, size, ext, date, origname) VALUES ('$idutente', '$dest_filename', '$filesize', '$file_ext', '$time', '$filen')";
mysqli_query($db, $query);
$_SESSION['success'] = "File caricati con successo!";
} else
{
array_push($errors, "Errore nel caricare i file!");
header('location: home.php');
}
}
} uploadOK();
}
?>