<?include_once 'includes/config.php';include_once 'includes/db_connect.php

1. <?
2.  
3. include_once 'includes/config.php';
4. include_once 'includes/db_connect.php';
5. include_once 'includes/functions.php';
6.  
7. sec_session_start();
8.  
9. function getRandomCode()
10. {
11.     $an = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
12.     $su = strlen($an) - 1;
13.     return substr($an, rand(0, $su), 1) .
14.     substr($an, rand(0, $su), 1) .
15.     substr($an, rand(0, $su), 1) .
16.     substr($an, rand(0, $su), 1) .
17.     substr($an, rand(0, $su), 1) .
18.     substr($an, rand(0, $su), 1) .
19.     substr($an, rand(0, $su), 1) .
20.     substr($an, rand(0, $su), 1) .
21.     substr($an, rand(0, $su), 1);
22. }
23.  
24. function checkFileDir($mysqli)
25. {
26.     $temp_rand = getRandomCode();
27.     //Check to see if our $rand directory exists
28.     if($rand_stmt = $mysqli->prepare("SELECT file_dir FROM uploads WHERE file_dir = ?"))
29.     {
30.         $rand_stmt->bind_param('s', $temp_rand);  //Bind "$temp_rand" to parameter.
31.         $rand_stmt->execute();    // Execute the prepared query.
32.         $rand_stmt->store_result();
33.  
34.         if($rand_stmt->num_rows == 1)
35.         {
36.             checkFileDir();
37.         }
38.         else
39.         {
40.             return $temp_rand;
41.         }
42.     }
43. }
44.  
45. function get_client_ip_env()
46. {
47.     $ipaddress = '';
48.     if(getenv('HTTP_CLIENT_IP'))
49.         $ipaddress = getenv('HTTP_CLIENT_IP');
50.     else if(getenv('HTTP_X_FORWARDED_FOR'))
51.         $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
52.     else if(getenv('HTTP_X_FORWARDED'))
53.         $ipaddress = getenv('HTTP_X_FORWARDED');
54.     else if(getenv('HTTP_FORWARDED_FOR'))
55.         $ipaddress = getenv('HTTP_FORWARDED_FOR');
56.     else if(getenv('HTTP_FORWARDED'))
57.         $ipaddress = getenv('HTTP_FORWARDED');
58.     else if(getenv('REMOTE_ADDR'))
59.         $ipaddress = getenv('REMOTE_ADDR');
60.     else
61.         $ipaddress = 'UNKNOWN';
62.  
63.     return $ipaddress;
64. }
65.  
66. $target_dir = "uploads/";
67. $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
68. $uploadOk = 1;
69. $fileType = pathinfo($target_file,PATHINFO_EXTENSION);
70. $max_upload_size = 67108864;
71.  
72. if(isset($_POST["submit"]))
73. {
74.     $check = filesize($_FILES["fileToUpload"]["tmp_name"]);
75.  
76.     if($check !== false)
77.     {
78.         $rand = checkFileDir($mysqli);
79.  
80.         $ip = get_client_ip_env();
81.         $file = str_replace('uploads/', '', $target_file);
82.  
83.         if(login_check($mysqli) == true)
84.         {
85.  
86.             $account = $_SESSION['username'];
87.  
88.             //Check for username
89.             if($account_stmt = $mysqli->prepare("SELECT id, username FROM members WHERE username = ? LIMIT 1"))
90.             {
91.                 $account_stmt->bind_param('s', $account);  // Bind "$account" to parameter.
92.                 $account_stmt->execute();    // Execute the prepared query.
93.                 $account_stmt->store_result();
94.                 $account_stmt->bind_result($id, $dummy);
95.                 $account_stmt->fetch();
96.                 $account_stmt->close();
97.             }
98.  
99.             //Add file details to database under account
100.             if($insert_stmt = $mysqli->prepare("INSERT INTO uploads (file_id, file_name, file_dir, ip, account) VALUES (?, ?, ?, ?, ?)"))
101.             {
102.                 $insert_stmt->bind_param('sssss', $rand, $file, $rand, $ip, $id);
103.                 $insert_stmt->execute();
104.  
105.                 $uploadOk = 1;
106.  
107.                 $insert_stmt->close();
108.             }
109.         }
110.         else
111.         {
112.             //Add file details to database for non-account
113.             if($insert_stmt = $mysqli->prepare("INSERT INTO uploads (file_id, file_name, file_dir, ip) VALUES (?, ?, ?, ?)"))
114.             {
115.                 $insert_stmt->bind_param('ssss', $rand, $file, $rand, $ip);
116.                 $insert_stmt->execute();
117.  
118.                 $uploadOk = 1;
119.  
120.                 $insert_stmt->close();
121.             }
122.         }
123.        
124.     }
125.     else
126.     {
127.         $result = "File is not an allowed.<br /> <a href='javascript:history.back()'>Go Back</a>";
128.         $uploadOk = 0;
129.     }
130. }
131.  
132. // Check if file already exists
133. if(file_exists($target_file))
134. {
135.     $result = "Sorry, file already exists.<br /> <a href='javascript:history.back()'>Go Back</a>";
136.     $uploadOk = 0;
137. }
138.  
139. // Check file size
140. if($_FILES["fileToUpload"]["size"] > $max_upload_size)
141. {
142.     $result = "Sorry, your file is too large.<br /> <a href='javascript:history.back()'>Go Back</a>";
143.     $uploadOk = 0;
144. }
145.  
146. // Allow certain file formats
147. if($fileType != "gmz" && $fileType != "gmx" && $fileType != "gml" && $fileType != "gmez" && $fileType != "rar" && $fileType != "zip" && $fileType != "7z")
148. {
149.     $result = "Sorry, only GMZ, GMX, GML, GMEZ, RAR, ZIP and 7z files are allowed.<br /> <a href='javascript:history.back()'>Go Back</a>";
150.     $uploadOk = 0;
151. }
152.  
153. // Check if $uploadOk is set to 0 by an error
154. if($uploadOk == 0)
155. {
156.     $result = "Sorry, your file was not uploaded.<br /> <a href='javascript:history.back()'>Go Back</a>";
157. // if everything is ok, try to upload file
158. }
159. else
160. {
161.     mkdir("uploads/".$rand, 0700);
162.     fopen("uploads/".$rand.'/'."index.php", "w");
163.  
164.     if(move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_dir.'/'. $rand .'/'. basename($_FILES["fileToUpload"]["name"])))
165.     {
166.         $result = "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
167.     }
168.     else
169.     {
170.         $result = "Sorry, there was an error uploading your file.<br /> <a href='javascript:history.back()'>Go Back</a>";
171.     }
172. }
173.  
174. ?>
175.  
176. <!DOCTYPE html>
177. <html>
178. <link rel="stylesheet" type="text/css" href="styles/main.css" />
179. <link href='https://fonts.googleapis.com/css?family=Roboto+Slab' rel='stylesheet' type='text/css'>
180. <link href='https://fonts.googleapis.com/css?family=Oswald' rel='stylesheet' type='text/css'>
181. <link rel="icon" type="image/png" href="favicon.ico">
182. <title>GameMaker Projects - Upload</title>
183. <body>
184.  
185. <?
186.  
187. ob_start();
188. include('google.php');
189. ob_end_flush();
190.  
191. ?>
192.  
193. <div class="main">
194. <p><span class="title">GameMaker Projects</span></p>
195. </div>
196.  
197. <div class="main">
198. <?php if (login_check($mysqli) == true) : ?>
199.     <p>
200.         Welcome <?php echo htmlentities($_SESSION['username']); ?><br />
201.         <a href="index.php">Home</a>&nbsp;-&nbsp;<a href="files.php">My Uploads</a>&nbsp;-&nbsp;<a href="includes/logout.php">Logout</a>
202.     </p>
203. <?php else : ?>
204.     <a href="index.php">Home</a>&nbsp;-&nbsp;<a href="login.php">Login</a>&nbsp;-&nbsp;<a href="register.php">Register</a>
205. <?php endif; ?>
206. </div>
207.  
208. <div class="main">
209.     <div class="form-input">
210.         <p><? echo $result; ?></p>
211.         <?
212.         if ($uploadOk == 1)
213.         {
214.             echo '<p>Download Link:</p>
215.             <p><input onClick="this.select();" value="http://www.gmp.host/get.php?f='.$rand.'" size="50"><br /><br /> <a href="javascript:history.back()">Go Back</a></p>';
216.         }
217.         ?>
218.     </div>
219. </div>
220.  
221. </body>
222. </html>