file2link/upload.php

75 lines
3.4 KiB
PHP
Raw Normal View History

2019-11-18 00:19:13 +00:00
<?php
if (!isset($_POST['expire']) or !isset($_POST['item']) or !isset($_POST['key']) or !isset($_FILES) or !isset($_POST['random'])) {
exit('No hack 1');
}
$config = yaml_parse_file('./config.yaml');
include('./lib/functions.php');
// Vérification si le calcul d'expiration est conforme à la config
// Complexe, dépend trop du temps d'upload côté client
/*if ($_POST['expire'] <= time()+$config['expireDay'][count($config['expireDay'])-1]*86400+5) {
exit('No hack 2');
}
*/
// Définition des variables
$uploadDir = $config['uploadDir'].'/'.$_POST['expire'].'-'.$_POST['random'];
$uploadFile = preg_replace("#[^a-zA-Z0-9.]#", "", basename($_FILES['file']['name']));
// Création du répertoire
if (!is_dir($uploadDir)) {
mkdir($uploadDir);
} else {
$fileAlreadyUploadSizeTotal=0;
foreach (scandir($uploadDir) as $fileAlreadyUpload) {
if (is_file($uploadDir.'/'.$fileAlreadyUpload)) {
$fileAlreadyUploadSizeTotal=filesize($uploadDir.'/'.$fileAlreadyUpload)+$fileAlreadyUploadSizeTotal;
}
}
}
if (!is_file($uploadDir.'/.key-'.$_POST['key'])) {
touch($uploadDir.'/.key-'.$_POST['key']);
}
if (!checkMimeTypes($_FILES['file']['type'])) {
printf('<div class="highlight-1">'._('this type of file isn\'t allow').'</div>');
echo "<script>
$( '.progress-".$_POST['item']."').remove();
$('.file-".$_POST['item']."').append(' : <spam class=\"file-".$_POST['item']." uploadResult nok\">KO</spam>');
</script>";
} else if ($_FILES['file']['size'] > convertHumain2octect($config['maxUploadPerFile'])) {
printf('<div class="highlight-1">'.basename($_FILES['file']['name']).' : '._('this file exceeds the allowed size %s').'</div>', $config['maxUploadPerFile']);
echo "<script>
$( '.progress-".$_POST['item']."').remove();
$('.file-".$_POST['item']."').append(' : <spam class=\"file-".$_POST['item']." uploadResult nok\">KO</spam>');
</script>";
} else if ($fileAlreadyUploadSizeTotal > convertHumain2octect($config['maxUploadTotal'])) {
printf('<div class="highlight-1">'._('The total size of the files exceeds the allowed size %s').'</div>', $config['maxUploadTotal']);
echo "<script>
$( '.progress-".$_POST['item']."').remove();
$('.file-".$_POST['item']."').append(' : <spam class=\"file-".$_POST['item']." uploadResult nok\">KO</spam>');
</script>";
} else {
if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadDir.'/'.$uploadFile)
&& $_FILES['file']['error'] == 0) {
if (isset($_POST['resize']) && $_POST['resize'] != 0) {
@resize_image($uploadDir.'/'.$uploadFile , $uploadDir.'/'.$uploadFile.'.resize' , $_POST['resize'] , $_POST['resize']);
@rename($uploadDir.'/'.$uploadFile.'.resize', $uploadDir.'/'.$uploadFile);
}
echo "<script>
sessionStorage.setItem('uploadWait', Number(sessionStorage.getItem('uploadWait'))-1);
$( '.progress-".$_POST['item']."').remove();
$('.file-".$_POST['item']."').append(' : <spam class=\"file-".$_POST['item']." uploadResult ok\">Ok</spam>');
if (sessionStorage.getItem('uploadWait') <= 0) {
sessionStorage.removeItem('uploadWait');
window.location.href = Config_baseUrl + '".$_POST['expire']."-".$_POST['random']."/';
}
</script>";
} else {
printf('<div class="highlight-1">'._('Unknown error').'</div>');
echo "<script>sessionStorage.setItem('uploadWait', sessionStorage.getItem('uploadWait')+1);</script>";
}
}