<?phpinclude('Connection.php');class Upload{ public function

1. <?php
2.  
3. include('Connection.php');
4.  
5. class Upload
6. {
7.  
8.  
9.     public function getUpload($filename, $filesize, $filetype, $tmp)
10.     {
11.  
12.         // special keywords replace with ""
13.         $filename = preg_replace("/[^a-zA-Z0-9.]/", "", $filename);
14.  
15.         // possible max rand number
16.         $maxuid = getrandmax();
17.         $uid = rand(0, $maxuid);
18.        
19.  
20.         // check all types of files that are allowed
21.         $allowed_extensions = array(
22.             'mp3', 'mp4', 'doc', 'zip', 'rar',
23.             'docx', 'ppt', 'pps', 'pptx', 'txt',
24.             'png', 'jpg', 'jpeg', 'gif', 'pdf', 'exe',
25.             'php', 'htm', 'html', 'dll', 'aup'
26.         );
27.  
28.         // special keywords that need a transformation
29.         $extra_extensions = array(
30.             'php'
31.         );
32.  
33.         $error_report = array(
34.             'notallowed' => "You can't upload this file type!",
35.             'filesize' => "Your file is to big to upload. You can only upload max 1GB!"
36.         );
37.  
38.         // check if filetype is not in array
39.         if (!in_array(pathinfo($filename, PATHINFO_EXTENSION), $allowed_extensions)) {
40.             echo '<div class="errormessage"><h4>' . $error_report['notallowed'] . '</h4></div>';
41.             return false;
42.         } elseif ($filesize > 500000) {
43.             echo '<div class="errormessage">' . $error_report['filesize'] . '</div>';
44.             return false;
45.         } else {
46.             // Asking if filename have .php
47.             if (in_array(pathinfo($filename, PATHINFO_EXTENSION), $extra_extensions)) {
48.                 // change the file ending from .php to .txt - new value to $filename
49.                 $info = pathinfo($filename);
50.                 $filename = $info['filename'] . '.txt';
51.  
52.                 // create automaticly a folder with a random uid
53.                 $createfolder = mkdir('./files/' . $uid);
54.                 // movedir get the new full target with the created uid from createfolder
55.                 $movedir = './files/'. $uid . '/';
56.                
57.                 // give new filename a new basename to upload correctly
58.                 $phptargetdir = $movedir . basename($filename);
59.  
60.                 // move tmp path to targetdir var
61.                 move_uploaded_file($tmp, $phptargetdir);
62.                 Connection::DB()->query("INSERT INTO files (filename, uid) VALUES ('$filename', '$uid')");
63.                 header('Location: download.php?id='. $uid . '&file=' . $filename);
64.             } else {
65.                
66.                 $createfolder = mkdir('./files/' . $uid);
67.                 $movedir = './files/'. $uid . '/';
68.                
69.                 $targetdir = $movedir . basename($filename);
70.                 // move tmp path to targetdir var
71.                 move_uploaded_file($tmp, $targetdir);
72.                 Connection::DB()->query("INSERT INTO files (filename, uid) VALUES ('$filename', '$uid')");
73.                 header('Location: download.php?id='. $uid . '&file=' . $filename);
74.  
75.             }
76.         }
77.     }
78. }