<?phpsession_start();echo('php user: ' . exec('whoami'));include('../con

1. <?php
2. session_start();
3. echo('php user: ' . exec('whoami'));
4.  
5. include('../config/srvConfig.php');
6.  
7. if (isset($_SESSION['loggedin']) && isset($_POST['update']) && isset($_FILES['file'])) {
8. // Get user information from POST
9. $user_id = $_POST['user_id'];
10. $username = $_POST['username'];
11. $hostname = $_POST['hostname'];
12. $title = $_POST['title'];
13. $content = $_POST['content'];
14. $dir = $_POST['dir'];
15. $scrot = $_POST['scrot'];
16.  
17. // Handle file upload
18. $uploadDir = '/var/www/html/uploads/' . $dir . '/';
19. $fileName = basename($_FILES['file']['name']);
20. $uploadFile = $uploadDir . $fileName;
21.  
22. // Create the upload directory if it does not exist
23. if (!is_dir($uploadDir)) {
24. if (!mkdir($uploadDir, 0777, true)) {
25. echo 'Failed to create upload directory: ' . $uploadDir;
26. exit();
27. }
28. }
29.  
30. // Attempt to move the uploaded file
31. if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadFile)) {
32. // Assuming $conn is your database connection object
33. $sql = 'INSERT INTO files (filename, user_id, username, date, dir, notes, scrotpath) VALUES (?, ?, ?, NOW(), ?, ?, ?)';
34. if ($stmt = $conn->prepare($sql)) {
35. $stmt->bind_param('sissss', $fileName, $user_id, $username, $dir, $content, $scrot);
36. $stmt->execute();
37. $stmt->close();
38. echo 'File uploaded and information saved successfully.';
39. } else {
40. echo 'Failed to save file information in the database.';
41. }
42. } else {
43. echo 'Failed to upload file. Error: ' . $_FILES['file']['error'];
44. }
45. } else {
46. echo 'You must be logged in and have permission to upload files.';
47. }
48.  
49. // Close the connection
50. $conn->close();
51. ?>
52.