API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 24th, 2017
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.47 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. function reArrayFiles(&$file_post) {
  4.  
  5. $file_ary = array();
  6. $file_count = count($file_post['name']);
  7. $file_keys = array_keys($file_post);
  8.  
  9. for ($i=0; $i<$file_count; $i++) {
  10. foreach ($file_keys as $key) {
  11. $file_ary[$i][$key] = $file_post[$key][$i];
  12. }
  13. }
  14. return $file_ary;
  15. }
  16.  
  17. $user = 'root';
  18. $password = 'root';
  19. $db = 'civils';
  20. $host = 'localhost';
  21.  
  22. $conn = new mysqli($host, $user, $password, $db);
  23.  
  24. if ($conn->connect_error) {
  25. die('Could not establish a connection: ' . $conn->connect_error);
  26. }
  27.  
  28. if (isset($_POST['submit'])) {
  29. if ($_FILES['userfile']) {
  30.  
  31. $projName = $_POST['project_name'];
  32. $target_dir = "Projects/Durnford";
  33. $file_ary = reArrayFiles($_FILES['userfile']);
  34.  
  35. $file_location = [];
  36.  
  37. foreach ($file_ary as $file) {
  38. // Check each file for validation
  39. try {
  40.  
  41. // Undefined | Multiple Files | $_FILES Corruption Attack
  42. // If this request falls under any of them, treat it invalid.
  43. if (
  44. !isset($file['error'])
  45. ) {
  46. throw new RuntimeException('Invalid parameters.');
  47. }
  48.  
  49. // Check $_FILES['upfile']['error'] value.
  50. switch ($file['error']) {
  51. case UPLOAD_ERR_OK:
  52. break;
  53. case UPLOAD_ERR_NO_FILE:
  54. throw new RuntimeException('No file sent.');
  55. case UPLOAD_ERR_INI_SIZE:
  56. case UPLOAD_ERR_FORM_SIZE:
  57. throw new RuntimeException('Exceeded filesize limit.');
  58. default:
  59. throw new RuntimeException('Unknown errors.');
  60. }
  61.  
  62. // You should also check filesize here.
  63. if ($file['size'] > 1000000) {
  64. throw new RuntimeException('Exceeded filesize limit.');
  65. }
  66.  
  67. // DO NOT TRUST $_FILES['upfile']['mime'] VALUE !!
  68. // Check MIME Type by yourself.
  69. $finfo = new finfo(FILEINFO_MIME_TYPE);
  70. if (false === $ext = array_search(
  71. $finfo->file($file['tmp_name']),
  72. array(
  73. 'jpg' => 'image/jpeg',
  74. 'png' => 'image/png',
  75. 'gif' => 'image/gif',
  76. ),
  77. true
  78. )) {
  79. throw new RuntimeException('Invalid file format.');
  80. }
  81.  
  82. // You should name it uniquely.
  83. // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !!
  84. // On this example, obtain safe unique name from its binary data.
  85. if (!move_uploaded_file(
  86. $file['tmp_name'],
  87. sprintf('../%s/%s.%s',
  88. $target_dir, sha1_file($file['tmp_name']), $ext )
  89.  
  90. ))
  91. {
  92. throw new RuntimeException('Failed to move uploaded file.');
  93. }
  94.  
  95. array_push($file_location, sprintf('%s/%s.%s', $target_dir, sha1_file($file['tmp_name']), $ext));
  96. //print_r($file_location);
  97.  
  98.  
  99. //echo ($file['tmp_name']);
  100.  
  101. } catch (RuntimeException $e) {
  102.  
  103. echo $e->getMessage();
  104.  
  105. }
  106. }
  107. } else {
  108. print 'Couldnt do anything.';
  109. }
  110. }
  111. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!