TRex2003

1. <?
2.  
3. /**
4.  * PHP Upload Tool
5.  * Dateien hochladen, die dann mit Link
6.  * und Passwort wieder heruntergeladen
7.  * werden k�nnen. (todo)
8.  *
9.  * very quick, very dirty, very unsecure....
10.  *
11. **/
12.  
13. /**
14.  *
15.  * SQL:
16.  *
17.  * CREATE TABLE `fileupload`.`files` (
18.  *  `ID` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
19.  *  `filename` VARCHAR( 160 ) NOT NULL ,
20.  *  `filemd5` VARCHAR( 40 ) NOT NULL ,
21.  *  `password` VARCHAR( 20 ) NOT NULL,
22.  *  UNIQUE (
23.  *      `filemd5`
24.  *  )
25.  * ) ENGINE = MYISAM ;
26.  *
27. **/
28.  
29.  
30. // config stuff
31.  
32. // where to save files
33. // do not forget trailing slash
34.  
35. $base_up_folder = '/var/fileupload/';
36.  
37. // db access
38.  
39. $db_host    = 'localhost';
40. $db_user    = 'fileupload';
41. $db_passwd  = 'af7whnj2';
42. $db_name    = 'fileupload';
43. $db_table   = 'files';
44.  
45. // other config
46.  
47. /* reserved */
48.  
49. // methods of mass destraction
50.  
51. // just check, if we want to do anything
52. if (isset($_FILES['file']) && (null != $_FILES['file']))
53. {
54.  
55.     $md5 = md5_file($_FILES['file']['tmp_name']);
56.     if (@mkdir($base_up_folder.$md5, 0700))
57.     {
58.         $db = new mysqli($db_host, $db_user, $db_passwd, $db_name);
59.  
60.         $upload_location = $base_up_folder.$md5.'/'. $db->real_escape_string( $_FILES['file']['name'] );
61.  
62.         if (move_uploaded_file($_FILES['file']['tmp_name'], $upload_location))
63.         {
64.             // file uploaded and moved to correct location, now create db entries
65.             $generated_pass = mt_rand(912453, mt_getrandmax()); // lowest value possible..just some random number
66.  
67.             $sql = 'INSERT INTO '.$db_table.' (filename, filemd5, password) VALUES ("'.$upload_location.'","'.$md5.'","'.$generated_pass.'")';
68.  
69.             $result = $db->query($sql);
70.  
71.             if ($result)
72.             {
73.                 echo('Datei hochgeladen. Zum Herunterladen benutze diesen <a href="get.php?get='.$md5.'">Link</a> und dieses Passwort: '.$generated_pass);
74.             }
75.             else
76.             {
77.                 echo("query fehlgeschlagen..<pre>".mysqli_error($db).'</pre>');
78.             }
79.         }
80.     }
81.     else
82.     {
83.         echo("<p>Program failure, exiting. Maybe the file is already uploaded.</p>");
84.     }
85.  
86. }
87. else
88. {
89.     echo("Incorrect Parameters, exiting.");
90.     var_dump($_POST);
91. }
92.  
93. ?>