Advertisement
Guest User

Untitled

a guest
May 3rd, 2017
74
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 4.14 KB | None | 0 0
  1. <?php
  2. if((! (
  3.     isset($_FILES['file']) &&
  4.     isset($_POST['title']) &&
  5.     isset($_POST['type_upload']) &&
  6.     isset($_FILES['thumbnail']) &&
  7.     isset($_FILES['alt_1']) &&
  8.     isset($_FILES['alt_2']) &&
  9.     isset($_POST['description'])
  10.     )) ||
  11.     (! (
  12.     isset($_POST['scout_upload']) ||
  13.     isset($_POST['soldier_upload']) ||
  14.     isset($_POST['pyro_upload']) ||
  15.     isset($_POST['demoman_upload']) ||
  16.     isset($_POST['heavy_upload']) ||
  17.     isset($_POST['engineer_upload']) ||
  18.     isset($_POST['medic_upload']) ||
  19.     isset($_POST['sniper_upload']) ||
  20.     isset($_POST['spy_upload'])
  21.     ))
  22.     )
  23.     {
  24.             die("not everything is filled in");
  25.     }
  26.  
  27. $allowed_mod_types = array('zip','rar');
  28. $allowed_image_types = array('jpg','jpeg','png');
  29.  
  30. if(!in_array(file_ext($_FILES['file']['name']),$allowed_mod_types)) { die("file not zip or rar"); }
  31. if(!in_array(file_ext($_FILES['thumbnail']['name']),$allowed_image_types)) { die("thumbnail not jpg or png"); }
  32. if(!in_array(file_ext($_FILES['alt_1']['name']),$allowed_image_types)) { die("alt1 not jpg or png"); }
  33. if(!in_array(file_ext($_FILES['alt_2']['name']),$allowed_image_types)) { die("alt2 not jpg or png"); }
  34.  
  35. if($_FILES['file']['size'] > 5242880) { die("file too large"); }
  36.  
  37. list($w, $h, , )=getimagesize($_FILES['thumbnail']['tmp_name']); if($w != 165 || $h != 165) { die("wrong thumbnail image size"); }
  38.  
  39. function file_ext($filename) {
  40.     return end(explode(".", strtolower($filename)));
  41. }
  42.  
  43.  
  44. $server = 'localhost';
  45. $username = 'root';
  46. $password = '';
  47. $database = 'tf2emp';
  48. $link = new mysqli($server,$username,$password,$database);
  49.    
  50. $title = $link->real_escape_string($_POST['title']);
  51. $type_upload = $link->real_escape_string($_POST['type_upload']);
  52. $description = $link->real_escape_string($_POST['description']);
  53.  
  54. $scout = isset($_POST['scout_upload']) ? '1' : '0';
  55. $soldier = isset($_POST['soldier_upload']) ? '1' : '0';
  56. $pyro = isset($_POST['pyro_upload']) ? '1' : '0';
  57. $demoman = isset($_POST['demoman_upload']) ? '1' : '0';
  58. $heavy = isset($_POST['heavy_upload']) ? '1' : '0';
  59. $engineer = isset($_POST['engineer_upload']) ? '1' : '0';
  60. $medic = isset($_POST['medic_upload']) ? '1' : '0';
  61. $sniper = isset($_POST['sniper_upload']) ? '1' : '0';
  62. $spy = isset($_POST['spy_upload']) ? '1' : '0';
  63.  
  64. $file_dir = "files/mods/";
  65. $image_dir = "files/gallery_images/";
  66. $file_basename = $file_dir . basename($_FILES['file']['name']);
  67.  
  68. $mod_name = basename($_FILES['file']['name']);
  69. $mod_location = $file_dir . $mod_name;
  70. do { $mod_name = md5(rand().$mod_name) . '.' . file_ext($mod_location); $mod_location = $file_dir . $mod_name; } while ( file_exists($mod_location) );
  71. $thumb_name = basename($_FILES['thumbnail']['name']);
  72. $thumb_location = $image_dir . $thumb_name;
  73. do { $thumb_name = md5(rand().$thumb_name) . '.' . file_ext($thumb_location); $thumb_location = $image_dir . $thumb_name; } while ( file_exists($thumb_location) );
  74. $alt1_name = basename($_FILES['alt_1']['name']);
  75. $alt1_location = $image_dir . $alt1_name;
  76. do { $alt1_name = md5(rand().$alt1_name) . '.' . file_ext($alt1_location); $alt1_location = $image_dir . $alt1_name; } while( file_exists($alt1_location) );
  77. $alt2_name =  basename($_FILES['alt_1']['name']);
  78. $alt2_location = $image_dir . basename($_FILES['alt_2']['name']);
  79. do { $alt2_name = md5(rand().$alt2_name) . '.' .  file_ext($alt2_location); $alt2_location = $image_dir . $alt2_name; } while( file_exists($alt2_location) );
  80.  
  81. move_uploaded_file($_FILES['file']['tmp_name'], $mod_location);
  82. move_uploaded_file($_FILES['thumbnail']['tmp_name'], $thumb_location);
  83. move_uploaded_file($_FILES['alt_1']['tmp_name'], $alt1_location);
  84. move_uploaded_file($_FILES['alt_2']['tmp_name'], $alt2_location);
  85.  
  86. $sql = "INSERT INTO `tf2emp`.`mods` (`id`, `userid`, `timestamp`, `title`, `description`, `category`, `url`, `thumbnail`, `alt1`, `alt2`, `downloads`, `soldier`, `scout`, `pyro`, `demoman`, `heavy`, `engineer`, `medic`, `sniper`, `spy`, `featured`) VALUES (NULL, '-1', CURRENT_TIMESTAMP, '$title', '$description', '$type_upload', '$mod_name', '$thumb_name', '$alt1_name', '$alt2_name', '0', '$soldier', '$scout', '$pyro', '$demoman', '$heavy', '$engineer', '$medic', '$sniper', '$spy', '0')";
  87.  
  88. $link->query($sql);
  89. $link->close();
  90.  
  91. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement