Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Upload Errors ** NOTE: There is no error number 5. It was an old error, removed. **
- $uploadErrors = array(
- 1 => 'The uploaded file exceeds the Server\'s Maximum Allowable File Size',
- 2 => 'The uploaded file exceeds the Form\'s Maximum Allowable File Size.',
- 3 => 'The uploaded file was only partially uploaded, then interrupted or the connection was dropped.',
- 4 => 'No file was uploaded.',
- 6 => 'Missing a temporary folder. The server requires a temporary folder for file uploads.', // Internal Operations Error
- 7 => 'Failed to write file to disk.', // Internal Server Error
- 8 => 'A PHP extension stopped the file upload.' // PHP Extension Library stopped the upload.
- );
- $allowableFileExts = Array('pdf'); // Allowed file extensions, extensions and content-types can be spooffed. So it's not a hundred percent.
- // Functions
- function cleanString($s){
- // To help protect from MySQL Injection attacks. Not 100% but better than nothing.
- if(get_magic_quotes_gpc()){
- return mysql_real_escape_string(stripslashes($s));
- }else{
- return mysql_real_escape_string($s);
- }
- }
- function logDetails($title,$description,$content_type,$target){
- $text = 'Time: ' . date('D M j, Y @ H:i:s [e]') . '(Server Time)' . PHP_EOL;
- $text .= 'Title: ' . $title . PHP_EOL;
- $text .= 'Description: ' . $description . PHP_EOL;
- $text .= 'Content-Type: ' . $content_type . PHP_EOL;
- $text .= 'Server Filename (target): ' . $target . PHP_EOL;
- $text .= str_pad('', 60, '_') . PHP_EOL;
- $fh = fopen('log_databaseInputFails.txt','a');
- fwrite($fh,$text);
- fclose($fh);
- }
- // Processing
- if($_FILES['content_file']['error'] !== UPLOAD_ERR_OK){ // If the upload's error is not 0 or Upload Ok
- die('There was an error uploading the file.<br />Error: ' . $uploadErrors[$_FILES['content_file']['error']]);
- }else{
- $ext = pathinfo($_FILES['content_file']['name'], PATHINFO_EXTENSION) ;
- if( !in_array($ext, $allowableFileExts)){
- die('This file type is not permitted');
- }
- $conn = mysql_connect("..........") or die(mysql_error()) ;
- mysql_select_db(".......") or die(mysql_error()) ;
- while(file_exists(($target = "files/" . rand() . '.' . $ext))){}; // If the file exists, then it will try another file name. Otherwise you could get files over written onto other files.
- $title = cleanString($_POST['title']);
- $description = cleanString($_POST['description']);
- $content_type = cleanString($_POST['content_type']);
- $content_file = cleanString($_FILES['content_file']['tmp_name']);
- // You need to be storing the $target in your database as well.
- // $semester ??? Should that be $description ???
- $result = mysql_query("INSERT INTO `materials` VALUES ('$title', '$description', '$content_type', '$target')") ;
- $moved = move_uploaded_file($content_file, $target);
- if($result && $moved){
- // The Data has been Added to the Database and the upload was stored successfully.
- echo "The file " . basename( $_FILES['uploadedfile']['name']) . " has been uploaded, and your information has been added to the directory";
- }else if($result && !$moved){
- // Data Added, but error with file.
- mysql_query("DELETE FROM materials WHERE title='{$title}' LIMIT 1");
- echo 'There was an error Uploading your file, please try again.';
- }else if (!$result && $moved){
- // The File has been uploaded successfully, but not added to the database. Log details for admin addition to the database.
- logDetails($title,$description,$content_type,$target);
- echo "The file " . basename( $_FILES['uploadedfile']['name']) . " has been uploaded, but has yet to be added to the database. It will be added once the Database is online.";
- } else {
- echo "Sorry, there was a problem completing the uploading of your file. Please Try Again Later.";
- }
- }
- ?>
- The display script:
- <?php
- mysql_connect("...........") or die(mysql_error()) ;
- mysql_select_db("..........") or die(mysql_error()) ;
- $data = mysql_query("SELECT * FROM materials") or die(mysql_error());
- while($info = mysql_fetch_array( $data )){
- echo '<a href="http://www.mysite.com/files/' . $info['target'] . '">' . $info['title'] . "</a> <br>";
- echo "<b>Description:</b> " . $info['description'] . " <br>";
- echo "<b>Content Type:</b> " . $info['content_type'] . " <hr>";
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement