file2link/upload.php
Root srvweb f9d7fac852 - 0.2
- Mod gallery if images
- Passowrd for access
- Delete after first access OR define nb access (10, 20...)
- Bug Fix :
  - BUG day / days
  - BUG my files no work in html page
  - BUG delete file, but already in storage
- MyFiles Rewrite
2019-12-05 15:30:19 +01:00

90 lines
4 KiB
PHP

<?php
if (!isset($_POST['expire']) or !isset($_POST['item']) or !isset($_POST['key']) or !isset($_FILES) or !isset($_POST['random'])) {
exit('No hack 1');
}
//~ echo $_POST['access'];
//~ if ($_POST['password'] != 'false') {
//~ echo "post password";
//~ exit($_POST['password']);
//~ }
//~ exit($_POST['access']);
$config = yaml_parse_file('./config.yaml');
include('./lib/functions.php');
// Vérification si le calcul d'expiration est conforme à la config
// Complexe, dépend trop du temps d'upload côté client
/*if ($_POST['expire'] <= time()+$config['expireDay'][count($config['expireDay'])-1]*86400+5) {
exit('No hack 2');
}
*/
// Définition des variables
$uploadDir = $config['uploadDir'].'/'.$_POST['expire'].'-'.$_POST['random'];
$uploadFile = preg_replace("#[^a-zA-Z0-9.]#", "", basename($_FILES['file']['name']));
// Création du répertoire
if (!is_dir($uploadDir)) {
mkdir($uploadDir);
} else {
$fileAlreadyUploadSizeTotal=0;
foreach (scandir($uploadDir) as $fileAlreadyUpload) {
if (is_file($uploadDir.'/'.$fileAlreadyUpload)) {
$fileAlreadyUploadSizeTotal=filesize($uploadDir.'/'.$fileAlreadyUpload)+$fileAlreadyUploadSizeTotal;
}
}
}
if (!is_file($uploadDir.'/.key-'.$_POST['key'].'.cfg')) {
touch($uploadDir.'/.key-'.$_POST['key'].'.cfg');
}
if ($_POST['access'] != 'false' && preg_match('/^[0-9]+$/', $_POST['access'])) {
if (!is_file($uploadDir.'/.access.cfg')) {
file_put_contents($uploadDir.'/.access.cfg', $_POST['access']);
}
}
if ($_POST['password'] != 'false') {
if (!is_file($uploadDir.'/.password.cfg')) {
file_put_contents($uploadDir.'/.password.cfg', password_hash($config['passwordUniqKey'].$_POST['password'], PASSWORD_DEFAULT));
}
}
if (!checkMimeTypes($_FILES['file']['type'])) {
printf('<div class="highlight-1">'._('this type of file isn\'t allow').'</div>');
echo "<script>
$( '.progress-".$_POST['item']."').remove();
$('.file-".$_POST['item']."').append(' : <spam class=\"file-".$_POST['item']." uploadResult nok\">KO</spam>');
</script>";
} else if ($_FILES['file']['size'] > convertHumain2octect($config['maxUploadPerFile'])) {
printf('<div class="highlight-1">'.basename($_FILES['file']['name']).' : '._('this file exceeds the allowed size %s').'</div>', $config['maxUploadPerFile']);
echo "<script>
$( '.progress-".$_POST['item']."').remove();
$('.file-".$_POST['item']."').append(' : <spam class=\"file-".$_POST['item']." uploadResult nok\">KO</spam>');
</script>";
} else if ($fileAlreadyUploadSizeTotal > convertHumain2octect($config['maxUploadTotal'])) {
printf('<div class="highlight-1">'._('The total size of the files exceeds the allowed size %s').'</div>', $config['maxUploadTotal']);
echo "<script>
$( '.progress-".$_POST['item']."').remove();
$('.file-".$_POST['item']."').append(' : <spam class=\"file-".$_POST['item']." uploadResult nok\">KO</spam>');
</script>";
} else {
if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadDir.'/'.$uploadFile)
&& $_FILES['file']['error'] == 0) {
if (isset($_POST['resize']) && $_POST['resize'] != 0 && preg_match('/^image\/(jpeg|gif)$/', $_FILES['file']['type'])) {
@resize_image($uploadDir.'/'.$uploadFile , $uploadDir.'/'.$uploadFile.'.resize' , $_POST['resize'] , $_POST['resize']);
@rename($uploadDir.'/'.$uploadFile.'.resize', $uploadDir.'/'.$uploadFile);
}
echo "<script>
sessionStorage.setItem('uploadWait', Number(sessionStorage.getItem('uploadWait'))-1);
$( '.progress-".$_POST['item']."').remove();
$('.file-".$_POST['item']."').append(' : <spam class=\"file-".$_POST['item']." uploadResult ok\">Ok</spam>');
if (sessionStorage.getItem('uploadWait') <= 0) {
sessionStorage.removeItem('uploadWait');
window.location.href = Config_baseUrl + '".$_POST['expire']."-".$_POST['random']."/';
}
</script>";
} else {
printf('<div class="highlight-1">'._('Unknown error').'</div>');
echo "<script>sessionStorage.setItem('uploadWait', sessionStorage.getItem('uploadWait')+1);</script>";
}
}