API tools faq
paste
Guest User

Untitled

a guest
Jul 17th, 2018
104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.91 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include '../connect.php';
  3. if (!$allow_uploads){
  4. echo "<div style='font-size:45px; color: red; text-align: center;'>Uploads are Currently Disabled!</div>";
  5. exit;
  6. }
  7. if (!$_COOKIE['username']){
  8. echo "<div style='font-size:45px; color: red; text-align: center;'>You Must Be Logged In To Upload!</div>";
  9. exit;
  10. }
  11. //==============================================================================================//
  12. ini_set("max_execution_time", "18000");
  13. ini_set("max_input_time", "18000");
  14. ini_set("max_input_nesting_level", "64");
  15. ini_set("memory_limit", "3072M");
  16. ini_set("upload_max_filesize","1024M");
  17. ini_set("post_max_size","2048M");
  18. //==============================================================================================//
  19.  
  20. if(isset($_POST['Submit']) && $_REQUEST['addonName'] && $_REQUEST['addonDescription'] && $_REQUEST['addonTags'] && $_FILES['addonImage'] && $_FILES['addonFile']){
  21. // Gather Needed Information --> Put In Variables
  22. $fileName = $_REQUEST['addonName'];
  23. $fileName = strip_tags($fileName);
  24. $fileName = htmlspecialchars($fileName);
  25. $fileNameOrigional = $fileName;
  26. $fileName = str_replace(" ", "_", $fileName);
  27. $fileName = str_replace("\'", "", $fileName);
  28. $fileName = str_replace("'", "", $fileName);
  29.  
  30. $fileDescription = $_REQUEST['addonDescription'];
  31. $fileDescription = strip_tags($fileDescription);
  32. $fileDescription = htmlspecialchars($fileDescription);
  33. $fileDescription = str_replace("\n", "<br/>", $fileDescription);
  34.  
  35. $tags = $_REQUEST['addonTags'];
  36.  
  37.  
  38. // SQL Injection Prevention:
  39. $fileName = stripslashes($fileName);
  40. $fileName = mysql_real_escape_string($fileName);
  41.  
  42. $fileNameOrigional = stripslashes($fileNameOrigional);
  43. $fileNameOrigional = mysql_real_escape_string($fileNameOrigional);
  44.  
  45. $fileDescription = stripslashes($fileDescription);
  46. $fileDescription = mysql_real_escape_string($fileDescription);
  47.  
  48. $tags = stripslashes($tags);
  49. $tags = mysql_real_escape_string($tags);
  50.  
  51. $imagePath = "";
  52. $filePath = "";
  53. $filesize = "";
  54.  
  55. // Get The Username:
  56. $user = $_COOKIE['username'];
  57. $user = stripslashes($user);
  58. $user = mysql_escape_string($user);
  59.  
  60. // Define Allowed Extensions:
  61. $allowedImageExtensions = array("jpg","jpeg","gif","png");
  62. $allowedFileExtensions = array("zip");
  63.  
  64. // Set a Variable Containing the (Preprocessed) Uploaded Image and File:
  65. $addonImage = $_FILES['addonImage']['name'];
  66. $addonFile = $_FILES['addonFile']['name'];
  67.  
  68. // Get Origional Name and Type
  69. $image_filename = stripslashes($_FILES['addonImage']['name']);
  70. $file_filename = stripslashes($_FILES['addonFile']['name']);
  71. $image_type = stripslashes($_FILES['addonImage']['type']);
  72. $file_type = stripslashes($_FILES['addonFile']['type']);
  73.  
  74. // Get File Extensions
  75. $image_extension = end(explode(".", $image_filename));
  76. $file_extension = end(explode(".", $file_filename));
  77. $image_extension = strtolower($image_extension);
  78. $file_extension = strtolower($file_extension);
  79.  
  80. // Get File Size
  81. $filesize = $_FILES['addonFile']['size'];
  82.  
  83.  
  84. if (($file_extension == "php") || ($image_extension == "php") || ($file_extension == "exe") || ($image_extension == "exe")){
  85. header("location: ../upload/?m=ext2");
  86. exit;
  87. } elseif (!in_array($file_extension, $allowedFileExtensions)){
  88. header("location: ../upload/?m=ext2");
  89. exit;
  90. } elseif (!in_array($image_extension, $allowedImageExtensions)) {
  91. header("location: ../upload/?m=ext1");
  92. exit;
  93. } elseif ((!strpos($file_type, "zip"))){
  94. header("location: ../upload/?m=ns2");
  95. exit;
  96. } elseif ((!strstr($image_type, "image"))) {
  97. header("location: ../upload/?m=ns1");
  98. exit;
  99. } else {
  100. // Create Unique File and Image Name
  101. $image_name=$fileName . "_" . time().'.'.$image_extension;
  102. $file_name=$fileName . "_" . time().'.'.$file_extension;
  103. // Image Path:
  104. $image_newname="uploaded_files/images/".$image_name;
  105. $file_newname="uploaded_files/files/".$file_name;
  106. $image_thumb_newname = "uploaded_files/thumbs/" . $image_name;
  107. $imagePath = "../upload/" . $image_newname;
  108. $filePath = "../upload/" . $file_newname;
  109. $thumbPath = "../upload/" . $image_thumb_newname;
  110. // Verify The Files Were Uploaded
  111. $image_copied = copy($_FILES['addonImage']['tmp_name'], $image_newname);
  112. $file_copied = copy($_FILES['addonFile']['tmp_name'], $file_newname);
  113. $thumb_created = createThumb($imagePath, $thumbPath);
  114.  
  115. // Tag The Uploaded File:
  116. $fileTags = explode(",", $tags);
  117. $tagCount = count($fileTags);
  118.  
  119. for ($x = 0; $x < $tagCount; $x++){
  120. $tagName = $fileTags[$x];
  121. $tagName = strtolower($tagName);
  122. $tagName = trim($tagName);
  123. $existsQuery = mysql_query("SELECT * FROM tags WHERE tagname = '$tagName'");
  124.  
  125. if (mysql_num_rows($existsQuery) == 0){
  126. $query = mysql_query("INSERT INTO tags(tagname, tagtotal) VALUES('$tagName','1')");
  127. if ($query){
  128. $file_tagged = true;
  129. } else {
  130. $file_tagged = false;
  131. }
  132. } else {
  133. $countQuery = mysql_query("SELECT * FROM tags WHERE tagname = '$tagName'");
  134. $countResult = mysql_fetch_array($countQuery);
  135. $countResult = $countResult['tagtotal'];
  136. $count = $countResult + 1;
  137. $query = mysql_query("UPDATE tags SET tagtotal = '$count' WHERE tagname = '$tagName'");
  138. if ($query){
  139. $file_tagged = true;
  140. } else {
  141. $file_tagged = false;
  142. }
  143. }
  144. }
  145.  
  146. if ($image_copied && $file_copied && $thumb_created && $file_tagged){
  147. // Uploaded!
  148. mysql_query("INSERT INTO files (userid, title, description, filelocation, picturelocation, thumblocation, tags, filesize) VALUES('$user', '$fileNameOrigional', '$fileDescription', '$filePath', '$imagePath', '$thumbPath', '$tags', '$filesize')");
  149. mysql_close($conn);
  150. header("location: .././?message=success");
  151. } else {
  152. // Error Uploading
  153. //header("location: ../upload");
  154. echo "Image Uploaded: " . $image_copied . "<br/>";
  155. echo "File Uploaded: " . $file_copied . "<br/>";
  156. echo "Thumb Created: " . $thumb_created . "<br/>";
  157. echo "File Tagged: " . $file_tagged . "<br/>";
  158.  
  159. mysql_close($conn);
  160. exit;
  161. }
  162. }
  163.  
  164. } else {
  165. header("location: ../upload");
  166. mysql_close($conn);
  167. exit;
  168. }
  169.  
  170. function createThumb($img, $name){
  171. $constrain = true;
  172. $h = 10000;
  173. $w = 430;
  174.  
  175. // get image size of img
  176. $x = @getimagesize($img);
  177. // image width
  178. $sw = $x[0];
  179. // image height
  180. $sh = $x[1];
  181.  
  182. if(($sw != 0) && ($sh != 0)){
  183. if ($percent > 0) {
  184. // calculate resized height and width if percent is defined
  185. $percent = $percent * 0.01;
  186. $w = $sw * $percent;
  187. $h = $sh * $percent;
  188. } else {
  189. if (isset ($w) AND !isset ($h)) {
  190. // autocompute height if only width is set
  191. $h = (100 / ($sw / $w)) * .01;
  192. $h = @round ($sh * $h);
  193. } elseif (isset ($h) AND !isset ($w)) {
  194. // autocompute width if only height is set
  195. $w = (100 / ($sh / $h)) * .01;
  196. $w = @round ($sw * $w);
  197. } elseif (isset ($h) AND isset ($w) AND isset ($constrain)) {
  198. // get the smaller resulting image dimension if both height
  199. // and width are set and $constrain is also set
  200. $hx = (100 / ($sw / $w)) * .01;
  201. $hx = @round ($sh * $hx);
  202.  
  203. $wx = (100 / ($sh / $h)) * .01;
  204. $wx = @round ($sw * $wx);
  205.  
  206. if ($hx < $h) {
  207. $h = (100 / ($sw / $w)) * .01;
  208. $h = @round ($sh * $h);
  209. } else {
  210. $w = (100 / ($sh / $h)) * .01;
  211. $w = @round ($sw * $w);
  212. }
  213. }
  214. }
  215.  
  216.  
  217. $im = @ImageCreateFromJPEG ($img) or // Read JPEG Image
  218. $im = @ImageCreateFromPNG ($img) or // or PNG Image
  219. $im = @ImageCreateFromGIF ($img) or // or GIF Image
  220. $im = false; // If image is not JPEG, PNG, or GIF
  221.  
  222. if (!$im) {
  223. return false;
  224. } else {
  225. // Create the resized image destination
  226. $thumb = @ImageCreateTrueColor ($w, $h);
  227. // Copy from image source, resize it, and paste to image destination
  228. @ImageCopyResampled ($thumb, $im, 0, 0, 0, 0, $w, $h, $sw, $sh);
  229. // Output resized image.
  230. @ImageJPEG ($thumb, $name, 100);
  231. return true;
  232. }
  233. }
  234. }
  235.  
  236.  
  237. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!