Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // dont use passwd through GET, and a file can only be send through POST method :)
- // enctype="multipart/form-data <-= use this in the html form
- function getRealIpAddr() {
- if (!empty($_SERVER['HTTP_CLIENT_IP'])) { //check ip from share internet
- $ip=$_SERVER['HTTP_CLIENT_IP'];
- } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { //to check ip is pass from proxy
- $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
- } else {
- $ip=$_SERVER['REMOTE_ADDR'];
- }
- return $ip;
- }
- function connect_db($user, $pass) {
- $link = mysql_connect('localhost', $user, $pass);
- if (!$link) {
- die('error: '. mysql_error());
- }
- mysql_select_db("db", $link);
- return $link
- }
- function check_login($link, $username, $password) {
- $query = sprintf("SELECT * FROM user WHERE username='%s'",
- mysql_real_escape_string($username));
- $result = mysql_query($query, $link);
- if ($result) {
- // check user
- $row = mysql_fetch_array($result, MYSQL_ASSOC);
- if ($row['password'] == $password) {
- $query = sprintf("UPDATE 'user' SET lastIP="%d" WHERE username='%s'", getRealIpAddr(),
- mysql_real_escape_string($username));
- mysql_query($query, $link);
- } else {
- ?> error, incorrect password <?php
- }
- } else {
- // add new user
- $query = sprintf("INSERT INTO table 'user' VALUES \(%s, %s, 0\)",
- mysql_real_escape_string($username),
- mysql_real_escape_string($password));
- mysql_query($query, $link);
- }
- }
- function update_count_db_upload($link, $username) {
- // retrieve user upload count
- $query = sprintf("SELECT 'count' FROM user WHERE username='%s'",
- mysql_real_escape_string($username));
- $result = mysql_query($query, $link);
- if ($result) {
- $row = mysql_fetch_array($result, MYSQL_ASSOC);
- $row['count']++;
- // update user upload count
- $query = sprintf("UPDATE 'user' SET count="%d" WHERE username='%s'", $row['count']
- mysql_real_escape_string($username));
- mysql_query($query, $link);
- } else {
- echo "bloody hell, you shouldn't be here, you are here bc it let you go in but didn't find you";
- }
- }
- function save_file($file, $username) {
- $fname = "/uploads/schematics/".addslashes($username)."_filename.schematic";
- move_uploaded_file($file['tmp_name'], $fname);
- echo "done uploading");
- }
- function list_schematics() {
- if ($handle = opendir('/uploads/schematics/')) {
- echo "Directory handle: $handle\n <br />";
- echo "Entries:\n <br />";
- /* This is the correct way to loop over the directory. */
- while (false !== ($entry = readdir($handle))) {
- echo "$entry\n <br />";
- }
- closedir($handle);
- }
- }
- // -------------------------------------------------------------
- $link = connect_db($db_username,$db_password);
- $username = $_GET['username'];
- $password = $_GET['password'];
- $file = $_FILES['file'];
- if !empty($username) {
- check_login($link, $username, $password);
- if !empty($file) {
- save_file($file, $username);
- update_count_db_upload($link, $username);
- } else {
- ?> error in .schematic file <?php
- }
- } else {
- list_schematics();
- }
- ?>
Add Comment
Please, Sign In to add comment