Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- function reArrayFiles(&$file_post) {
- $file_ary = array();
- $file_count = count($file_post['name']);
- $file_keys = array_keys($file_post);
- for ($i=0; $i<$file_count; $i++) {
- foreach ($file_keys as $key) {
- $file_ary[$i][$key] = $file_post[$key][$i];
- }
- }
- return $file_ary;
- }
- $user = 'root';
- $password = 'root';
- $db = 'civils';
- $host = 'localhost';
- $conn = new mysqli($host, $user, $password, $db);
- if ($conn->connect_error) {
- die('Could not establish a connection: ' . $conn->connect_error);
- }
- if (isset($_POST['submit'])) {
- if ($_FILES['userfile']) {
- $projName = $_POST['project_name'];
- $target_dir = "Projects/Durnford";
- $file_ary = reArrayFiles($_FILES['userfile']);
- $file_location = [];
- foreach ($file_ary as $file) {
- // Check each file for validation
- try {
- // Undefined | Multiple Files | $_FILES Corruption Attack
- // If this request falls under any of them, treat it invalid.
- if (
- !isset($file['error'])
- ) {
- throw new RuntimeException('Invalid parameters.');
- }
- // Check $_FILES['upfile']['error'] value.
- switch ($file['error']) {
- case UPLOAD_ERR_OK:
- break;
- case UPLOAD_ERR_NO_FILE:
- throw new RuntimeException('No file sent.');
- case UPLOAD_ERR_INI_SIZE:
- case UPLOAD_ERR_FORM_SIZE:
- throw new RuntimeException('Exceeded filesize limit.');
- default:
- throw new RuntimeException('Unknown errors.');
- }
- // You should also check filesize here.
- if ($file['size'] > 1000000) {
- throw new RuntimeException('Exceeded filesize limit.');
- }
- // DO NOT TRUST $_FILES['upfile']['mime'] VALUE !!
- // Check MIME Type by yourself.
- $finfo = new finfo(FILEINFO_MIME_TYPE);
- if (false === $ext = array_search(
- $finfo->file($file['tmp_name']),
- array(
- 'jpg' => 'image/jpeg',
- 'png' => 'image/png',
- 'gif' => 'image/gif',
- ),
- true
- )) {
- throw new RuntimeException('Invalid file format.');
- }
- // You should name it uniquely.
- // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !!
- // On this example, obtain safe unique name from its binary data.
- if (!move_uploaded_file(
- $file['tmp_name'],
- sprintf('../%s/%s.%s',
- $target_dir, sha1_file($file['tmp_name']), $ext )
- ))
- {
- throw new RuntimeException('Failed to move uploaded file.');
- }
- array_push($file_location, sprintf('%s/%s.%s', $target_dir, sha1_file($file['tmp_name']), $ext));
- //print_r($file_location);
- //echo ($file['tmp_name']);
- } catch (RuntimeException $e) {
- echo $e->getMessage();
- }
- }
- } else {
- print 'Couldnt do anything.';
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement