Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include '../connect.php';
- if (!$allow_uploads){
- echo "<div style='font-size:45px; color: red; text-align: center;'>Uploads are Currently Disabled!</div>";
- exit;
- }
- if (!$_COOKIE['username']){
- echo "<div style='font-size:45px; color: red; text-align: center;'>You Must Be Logged In To Upload!</div>";
- exit;
- }
- //==============================================================================================//
- ini_set("max_execution_time", "18000");
- ini_set("max_input_time", "18000");
- ini_set("max_input_nesting_level", "64");
- ini_set("memory_limit", "3072M");
- ini_set("upload_max_filesize","1024M");
- ini_set("post_max_size","2048M");
- //==============================================================================================//
- if(isset($_POST['Submit']) && $_REQUEST['addonName'] && $_REQUEST['addonDescription'] && $_REQUEST['addonTags'] && $_FILES['addonImage'] && $_FILES['addonFile']){
- // Gather Needed Information --> Put In Variables
- $fileName = $_REQUEST['addonName'];
- $fileName = strip_tags($fileName);
- $fileName = htmlspecialchars($fileName);
- $fileNameOrigional = $fileName;
- $fileName = str_replace(" ", "_", $fileName);
- $fileName = str_replace("\'", "", $fileName);
- $fileName = str_replace("'", "", $fileName);
- $fileDescription = $_REQUEST['addonDescription'];
- $fileDescription = strip_tags($fileDescription);
- $fileDescription = htmlspecialchars($fileDescription);
- $fileDescription = str_replace("\n", "<br/>", $fileDescription);
- $tags = $_REQUEST['addonTags'];
- // SQL Injection Prevention:
- $fileName = stripslashes($fileName);
- $fileName = mysql_real_escape_string($fileName);
- $fileNameOrigional = stripslashes($fileNameOrigional);
- $fileNameOrigional = mysql_real_escape_string($fileNameOrigional);
- $fileDescription = stripslashes($fileDescription);
- $fileDescription = mysql_real_escape_string($fileDescription);
- $tags = stripslashes($tags);
- $tags = mysql_real_escape_string($tags);
- $imagePath = "";
- $filePath = "";
- $filesize = "";
- // Get The Username:
- $user = $_COOKIE['username'];
- $user = stripslashes($user);
- $user = mysql_escape_string($user);
- // Define Allowed Extensions:
- $allowedImageExtensions = array("jpg","jpeg","gif","png");
- $allowedFileExtensions = array("zip");
- // Set a Variable Containing the (Preprocessed) Uploaded Image and File:
- $addonImage = $_FILES['addonImage']['name'];
- $addonFile = $_FILES['addonFile']['name'];
- // Get Origional Name and Type
- $image_filename = stripslashes($_FILES['addonImage']['name']);
- $file_filename = stripslashes($_FILES['addonFile']['name']);
- $image_type = stripslashes($_FILES['addonImage']['type']);
- $file_type = stripslashes($_FILES['addonFile']['type']);
- // Get File Extensions
- $image_extension = end(explode(".", $image_filename));
- $file_extension = end(explode(".", $file_filename));
- $image_extension = strtolower($image_extension);
- $file_extension = strtolower($file_extension);
- // Get File Size
- $filesize = $_FILES['addonFile']['size'];
- if (($file_extension == "php") || ($image_extension == "php") || ($file_extension == "exe") || ($image_extension == "exe")){
- header("location: ../upload/?m=ext2");
- exit;
- } elseif (!in_array($file_extension, $allowedFileExtensions)){
- header("location: ../upload/?m=ext2");
- exit;
- } elseif (!in_array($image_extension, $allowedImageExtensions)) {
- header("location: ../upload/?m=ext1");
- exit;
- } elseif ((!strpos($file_type, "zip"))){
- header("location: ../upload/?m=ns2");
- exit;
- } elseif ((!strstr($image_type, "image"))) {
- header("location: ../upload/?m=ns1");
- exit;
- } else {
- // Create Unique File and Image Name
- $image_name=$fileName . "_" . time().'.'.$image_extension;
- $file_name=$fileName . "_" . time().'.'.$file_extension;
- // Image Path:
- $image_newname="uploaded_files/images/".$image_name;
- $file_newname="uploaded_files/files/".$file_name;
- $image_thumb_newname = "uploaded_files/thumbs/" . $image_name;
- $imagePath = "../upload/" . $image_newname;
- $filePath = "../upload/" . $file_newname;
- $thumbPath = "../upload/" . $image_thumb_newname;
- // Verify The Files Were Uploaded
- $image_copied = copy($_FILES['addonImage']['tmp_name'], $image_newname);
- $file_copied = copy($_FILES['addonFile']['tmp_name'], $file_newname);
- $thumb_created = createThumb($imagePath, $thumbPath);
- // Tag The Uploaded File:
- $fileTags = explode(",", $tags);
- $tagCount = count($fileTags);
- for ($x = 0; $x < $tagCount; $x++){
- $tagName = $fileTags[$x];
- $tagName = strtolower($tagName);
- $tagName = trim($tagName);
- $existsQuery = mysql_query("SELECT * FROM tags WHERE tagname = '$tagName'");
- if (mysql_num_rows($existsQuery) == 0){
- $query = mysql_query("INSERT INTO tags(tagname, tagtotal) VALUES('$tagName','1')");
- if ($query){
- $file_tagged = true;
- } else {
- $file_tagged = false;
- }
- } else {
- $countQuery = mysql_query("SELECT * FROM tags WHERE tagname = '$tagName'");
- $countResult = mysql_fetch_array($countQuery);
- $countResult = $countResult['tagtotal'];
- $count = $countResult + 1;
- $query = mysql_query("UPDATE tags SET tagtotal = '$count' WHERE tagname = '$tagName'");
- if ($query){
- $file_tagged = true;
- } else {
- $file_tagged = false;
- }
- }
- }
- if ($image_copied && $file_copied && $thumb_created && $file_tagged){
- // Uploaded!
- mysql_query("INSERT INTO files (userid, title, description, filelocation, picturelocation, thumblocation, tags, filesize) VALUES('$user', '$fileNameOrigional', '$fileDescription', '$filePath', '$imagePath', '$thumbPath', '$tags', '$filesize')");
- mysql_close($conn);
- header("location: .././?message=success");
- } else {
- // Error Uploading
- //header("location: ../upload");
- echo "Image Uploaded: " . $image_copied . "<br/>";
- echo "File Uploaded: " . $file_copied . "<br/>";
- echo "Thumb Created: " . $thumb_created . "<br/>";
- echo "File Tagged: " . $file_tagged . "<br/>";
- mysql_close($conn);
- exit;
- }
- }
- } else {
- header("location: ../upload");
- mysql_close($conn);
- exit;
- }
- function createThumb($img, $name){
- $constrain = true;
- $h = 10000;
- $w = 430;
- // get image size of img
- $x = @getimagesize($img);
- // image width
- $sw = $x[0];
- // image height
- $sh = $x[1];
- if(($sw != 0) && ($sh != 0)){
- if ($percent > 0) {
- // calculate resized height and width if percent is defined
- $percent = $percent * 0.01;
- $w = $sw * $percent;
- $h = $sh * $percent;
- } else {
- if (isset ($w) AND !isset ($h)) {
- // autocompute height if only width is set
- $h = (100 / ($sw / $w)) * .01;
- $h = @round ($sh * $h);
- } elseif (isset ($h) AND !isset ($w)) {
- // autocompute width if only height is set
- $w = (100 / ($sh / $h)) * .01;
- $w = @round ($sw * $w);
- } elseif (isset ($h) AND isset ($w) AND isset ($constrain)) {
- // get the smaller resulting image dimension if both height
- // and width are set and $constrain is also set
- $hx = (100 / ($sw / $w)) * .01;
- $hx = @round ($sh * $hx);
- $wx = (100 / ($sh / $h)) * .01;
- $wx = @round ($sw * $wx);
- if ($hx < $h) {
- $h = (100 / ($sw / $w)) * .01;
- $h = @round ($sh * $h);
- } else {
- $w = (100 / ($sh / $h)) * .01;
- $w = @round ($sw * $w);
- }
- }
- }
- $im = @ImageCreateFromJPEG ($img) or // Read JPEG Image
- $im = @ImageCreateFromPNG ($img) or // or PNG Image
- $im = @ImageCreateFromGIF ($img) or // or GIF Image
- $im = false; // If image is not JPEG, PNG, or GIF
- if (!$im) {
- return false;
- } else {
- // Create the resized image destination
- $thumb = @ImageCreateTrueColor ($w, $h);
- // Copy from image source, resize it, and paste to image destination
- @ImageCopyResampled ($thumb, $im, 0, 0, 0, 0, $w, $h, $sw, $sh);
- // Output resized image.
- @ImageJPEG ($thumb, $name, 100);
- return true;
- }
- }
- }
- ?>
Add Comment
Please, Sign In to add comment