Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- include_once 'includes/config.php';
- include_once 'includes/db_connect.php';
- include_once 'includes/functions.php';
- sec_session_start();
- function getRandomCode()
- {
- $an = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
- $su = strlen($an) - 1;
- return substr($an, rand(0, $su), 1) .
- substr($an, rand(0, $su), 1) .
- substr($an, rand(0, $su), 1) .
- substr($an, rand(0, $su), 1) .
- substr($an, rand(0, $su), 1) .
- substr($an, rand(0, $su), 1) .
- substr($an, rand(0, $su), 1) .
- substr($an, rand(0, $su), 1) .
- substr($an, rand(0, $su), 1);
- }
- function checkFileDir($mysqli)
- {
- $temp_rand = getRandomCode();
- //Check to see if our $rand directory exists
- if($rand_stmt = $mysqli->prepare("SELECT file_dir FROM uploads WHERE file_dir = ?"))
- {
- $rand_stmt->bind_param('s', $temp_rand); //Bind "$temp_rand" to parameter.
- $rand_stmt->execute(); // Execute the prepared query.
- $rand_stmt->store_result();
- if($rand_stmt->num_rows == 1)
- {
- checkFileDir();
- }
- else
- {
- return $temp_rand;
- }
- }
- }
- function get_client_ip_env()
- {
- $ipaddress = '';
- if(getenv('HTTP_CLIENT_IP'))
- $ipaddress = getenv('HTTP_CLIENT_IP');
- else if(getenv('HTTP_X_FORWARDED_FOR'))
- $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
- else if(getenv('HTTP_X_FORWARDED'))
- $ipaddress = getenv('HTTP_X_FORWARDED');
- else if(getenv('HTTP_FORWARDED_FOR'))
- $ipaddress = getenv('HTTP_FORWARDED_FOR');
- else if(getenv('HTTP_FORWARDED'))
- $ipaddress = getenv('HTTP_FORWARDED');
- else if(getenv('REMOTE_ADDR'))
- $ipaddress = getenv('REMOTE_ADDR');
- else
- $ipaddress = 'UNKNOWN';
- return $ipaddress;
- }
- $target_dir = "uploads/";
- $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
- $uploadOk = 1;
- $fileType = pathinfo($target_file,PATHINFO_EXTENSION);
- $max_upload_size = 67108864;
- if(isset($_POST["submit"]))
- {
- $check = filesize($_FILES["fileToUpload"]["tmp_name"]);
- if($check !== false)
- {
- $rand = checkFileDir($mysqli);
- $ip = get_client_ip_env();
- $file = str_replace('uploads/', '', $target_file);
- if(login_check($mysqli) == true)
- {
- $account = $_SESSION['username'];
- //Check for username
- if($account_stmt = $mysqli->prepare("SELECT id, username FROM members WHERE username = ? LIMIT 1"))
- {
- $account_stmt->bind_param('s', $account); // Bind "$account" to parameter.
- $account_stmt->execute(); // Execute the prepared query.
- $account_stmt->store_result();
- $account_stmt->bind_result($id, $dummy);
- $account_stmt->fetch();
- $account_stmt->close();
- }
- //Add file details to database under account
- if($insert_stmt = $mysqli->prepare("INSERT INTO uploads (file_id, file_name, file_dir, ip, account) VALUES (?, ?, ?, ?, ?)"))
- {
- $insert_stmt->bind_param('sssss', $rand, $file, $rand, $ip, $id);
- $insert_stmt->execute();
- $uploadOk = 1;
- $insert_stmt->close();
- }
- }
- else
- {
- //Add file details to database for non-account
- if($insert_stmt = $mysqli->prepare("INSERT INTO uploads (file_id, file_name, file_dir, ip) VALUES (?, ?, ?, ?)"))
- {
- $insert_stmt->bind_param('ssss', $rand, $file, $rand, $ip);
- $insert_stmt->execute();
- $uploadOk = 1;
- $insert_stmt->close();
- }
- }
- }
- else
- {
- $result = "File is not an allowed.<br /> <a href='javascript:history.back()'>Go Back</a>";
- $uploadOk = 0;
- }
- }
- // Check if file already exists
- if(file_exists($target_file))
- {
- $result = "Sorry, file already exists.<br /> <a href='javascript:history.back()'>Go Back</a>";
- $uploadOk = 0;
- }
- // Check file size
- if($_FILES["fileToUpload"]["size"] > $max_upload_size)
- {
- $result = "Sorry, your file is too large.<br /> <a href='javascript:history.back()'>Go Back</a>";
- $uploadOk = 0;
- }
- // Allow certain file formats
- if($fileType != "gmz" && $fileType != "gmx" && $fileType != "gml" && $fileType != "gmez" && $fileType != "rar" && $fileType != "zip" && $fileType != "7z")
- {
- $result = "Sorry, only GMZ, GMX, GML, GMEZ, RAR, ZIP and 7z files are allowed.<br /> <a href='javascript:history.back()'>Go Back</a>";
- $uploadOk = 0;
- }
- // Check if $uploadOk is set to 0 by an error
- if($uploadOk == 0)
- {
- $result = "Sorry, your file was not uploaded.<br /> <a href='javascript:history.back()'>Go Back</a>";
- // if everything is ok, try to upload file
- }
- else
- {
- mkdir("uploads/".$rand, 0700);
- fopen("uploads/".$rand.'/'."index.php", "w");
- if(move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_dir.'/'. $rand .'/'. basename($_FILES["fileToUpload"]["name"])))
- {
- $result = "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
- }
- else
- {
- $result = "Sorry, there was an error uploading your file.<br /> <a href='javascript:history.back()'>Go Back</a>";
- }
- }
- ?>
- <!DOCTYPE html>
- <html>
- <link rel="stylesheet" type="text/css" href="styles/main.css" />
- <link href='https://fonts.googleapis.com/css?family=Roboto+Slab' rel='stylesheet' type='text/css'>
- <link href='https://fonts.googleapis.com/css?family=Oswald' rel='stylesheet' type='text/css'>
- <link rel="icon" type="image/png" href="favicon.ico">
- <title>GameMaker Projects - Upload</title>
- <body>
- <?
- ob_start();
- include('google.php');
- ob_end_flush();
- ?>
- <div class="main">
- <p><span class="title">GameMaker Projects</span></p>
- </div>
- <div class="main">
- <?php if (login_check($mysqli) == true) : ?>
- <p>
- Welcome <?php echo htmlentities($_SESSION['username']); ?><br />
- <a href="index.php">Home</a> - <a href="files.php">My Uploads</a> - <a href="includes/logout.php">Logout</a>
- </p>
- <?php else : ?>
- <a href="index.php">Home</a> - <a href="login.php">Login</a> - <a href="register.php">Register</a>
- <?php endif; ?>
- </div>
- <div class="main">
- <div class="form-input">
- <p><? echo $result; ?></p>
- <?
- if ($uploadOk == 1)
- {
- echo '<p>Download Link:</p>
- <p><input onClick="this.select();" value="http://www.gmp.host/get.php?f='.$rand.'" size="50"><br /><br /> <a href="javascript:history.back()">Go Back</a></p>';
- }
- ?>
- </div>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement