Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if((! (
- isset($_FILES['file']) &&
- isset($_POST['title']) &&
- isset($_POST['type_upload']) &&
- isset($_FILES['thumbnail']) &&
- isset($_FILES['alt_1']) &&
- isset($_FILES['alt_2']) &&
- isset($_POST['description'])
- )) ||
- (! (
- isset($_POST['scout_upload']) ||
- isset($_POST['soldier_upload']) ||
- isset($_POST['pyro_upload']) ||
- isset($_POST['demoman_upload']) ||
- isset($_POST['heavy_upload']) ||
- isset($_POST['engineer_upload']) ||
- isset($_POST['medic_upload']) ||
- isset($_POST['sniper_upload']) ||
- isset($_POST['spy_upload'])
- ))
- )
- {
- die("not everything is filled in");
- }
- $allowed_mod_types = array('zip','rar');
- $allowed_image_types = array('jpg','jpeg','png');
- if(!in_array(file_ext($_FILES['file']['name']),$allowed_mod_types)) { die("file not zip or rar"); }
- if(!in_array(file_ext($_FILES['thumbnail']['name']),$allowed_image_types)) { die("thumbnail not jpg or png"); }
- if(!in_array(file_ext($_FILES['alt_1']['name']),$allowed_image_types)) { die("alt1 not jpg or png"); }
- if(!in_array(file_ext($_FILES['alt_2']['name']),$allowed_image_types)) { die("alt2 not jpg or png"); }
- if($_FILES['file']['size'] > 5242880) { die("file too large"); }
- list($w, $h, , )=getimagesize($_FILES['thumbnail']['tmp_name']); if($w != 165 || $h != 165) { die("wrong thumbnail image size"); }
- function file_ext($filename) {
- return end(explode(".", strtolower($filename)));
- }
- $server = 'localhost';
- $username = 'root';
- $password = '';
- $database = 'tf2emp';
- $link = new mysqli($server,$username,$password,$database);
- $title = $link->real_escape_string($_POST['title']);
- $type_upload = $link->real_escape_string($_POST['type_upload']);
- $description = $link->real_escape_string($_POST['description']);
- $scout = isset($_POST['scout_upload']) ? '1' : '0';
- $soldier = isset($_POST['soldier_upload']) ? '1' : '0';
- $pyro = isset($_POST['pyro_upload']) ? '1' : '0';
- $demoman = isset($_POST['demoman_upload']) ? '1' : '0';
- $heavy = isset($_POST['heavy_upload']) ? '1' : '0';
- $engineer = isset($_POST['engineer_upload']) ? '1' : '0';
- $medic = isset($_POST['medic_upload']) ? '1' : '0';
- $sniper = isset($_POST['sniper_upload']) ? '1' : '0';
- $spy = isset($_POST['spy_upload']) ? '1' : '0';
- $file_dir = "files/mods/";
- $image_dir = "files/gallery_images/";
- $file_basename = $file_dir . basename($_FILES['file']['name']);
- $mod_name = basename($_FILES['file']['name']);
- $mod_location = $file_dir . $mod_name;
- do { $mod_name = md5(rand().$mod_name) . '.' . file_ext($mod_location); $mod_location = $file_dir . $mod_name; } while ( file_exists($mod_location) );
- $thumb_name = basename($_FILES['thumbnail']['name']);
- $thumb_location = $image_dir . $thumb_name;
- do { $thumb_name = md5(rand().$thumb_name) . '.' . file_ext($thumb_location); $thumb_location = $image_dir . $thumb_name; } while ( file_exists($thumb_location) );
- $alt1_name = basename($_FILES['alt_1']['name']);
- $alt1_location = $image_dir . $alt1_name;
- do { $alt1_name = md5(rand().$alt1_name) . '.' . file_ext($alt1_location); $alt1_location = $image_dir . $alt1_name; } while( file_exists($alt1_location) );
- $alt2_name = basename($_FILES['alt_1']['name']);
- $alt2_location = $image_dir . basename($_FILES['alt_2']['name']);
- do { $alt2_name = md5(rand().$alt2_name) . '.' . file_ext($alt2_location); $alt2_location = $image_dir . $alt2_name; } while( file_exists($alt2_location) );
- move_uploaded_file($_FILES['file']['tmp_name'], $mod_location);
- move_uploaded_file($_FILES['thumbnail']['tmp_name'], $thumb_location);
- move_uploaded_file($_FILES['alt_1']['tmp_name'], $alt1_location);
- move_uploaded_file($_FILES['alt_2']['tmp_name'], $alt2_location);
- $sql = "INSERT INTO `tf2emp`.`mods` (`id`, `userid`, `timestamp`, `title`, `description`, `category`, `url`, `thumbnail`, `alt1`, `alt2`, `downloads`, `soldier`, `scout`, `pyro`, `demoman`, `heavy`, `engineer`, `medic`, `sniper`, `spy`, `featured`) VALUES (NULL, '-1', CURRENT_TIMESTAMP, '$title', '$description', '$type_upload', '$mod_name', '$thumb_name', '$alt1_name', '$alt2_name', '0', '$soldier', '$scout', '$pyro', '$demoman', '$heavy', '$engineer', '$medic', '$sniper', '$spy', '0')";
- $link->query($sql);
- $link->close();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement