111 lines
3.3 KiB
PHP
111 lines
3.3 KiB
PHP
<?php
|
|
/*
|
|
* smzint/* (c) schmamazon.com 2025
|
|
*/
|
|
|
|
|
|
include('../Auth/index.php');
|
|
|
|
if ($uid != 0) {
|
|
die("403");
|
|
}
|
|
|
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
|
|
|
$fileName = filter_var($_POST["fileName"], FILTER_SANITIZE_STRING);
|
|
$fileDesc = filter_var($_POST["fileDesc"], FILTER_SANITIZE_STRING);
|
|
$fileType = filter_var($_POST["fileType"], FILTER_SANITIZE_STRING);
|
|
$public = $_POST["public"];
|
|
$fileId = getId();
|
|
$target_dir = "data/";
|
|
$target_file = $target_dir . $fileId;
|
|
$fileHash = hash_file("ADLER32", $_FILES["fileToUpload"]["tmp_name"]);
|
|
hashCheck($fileHash);
|
|
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file);
|
|
|
|
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
|
|
if ($conn->connect_error) {
|
|
die("Server Error");
|
|
}
|
|
$sql = "INSERT INTO smz_files_data (id, name, description, public, type, hash) VALUES ('$fileId', '$fileName', '$fileDesc', '$public', '$fileType', '$fileHash')";
|
|
|
|
if ($conn->query($sql) === TRUE) {
|
|
echo "New record created successfully";
|
|
} else {
|
|
echo "Error: " . $sql . "<br>" . $conn->error;
|
|
}
|
|
|
|
$conn->close();
|
|
}
|
|
|
|
function getId() {
|
|
include('../Auth/random.php');
|
|
$id = random_int(0, 65535);
|
|
|
|
global $dbservername;
|
|
global $dbusername;
|
|
global $dbpassword;
|
|
global $dbname;
|
|
|
|
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
|
|
if ($conn->connect_error) {
|
|
die("Connection failed: " . $conn->connect_error);
|
|
}
|
|
|
|
$sql = "SELECT id FROM smz_files_data WHERE id='$id'";
|
|
$result = $conn->query($sql);
|
|
$conn->close();
|
|
if ($result->num_rows > 0) {
|
|
getId();
|
|
} else {
|
|
return $id;
|
|
}
|
|
}
|
|
|
|
function hashCheck($hash) {
|
|
global $dbservername;
|
|
global $dbusername;
|
|
global $dbpassword;
|
|
global $dbname;
|
|
|
|
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
|
|
if ($conn->connect_error) {
|
|
die("Connection failed: " . $conn->connect_error);
|
|
}
|
|
|
|
$sql = "SELECT id FROM smz_files_data WHERE hash='$hash'";
|
|
$result = $conn->query($sql);
|
|
$conn->close();
|
|
if ($result->num_rows > 0) {
|
|
while ($row = $result->fetch_assoc()) {
|
|
die("Datei Existiert schon (siehe <a href=display.php?file=" . $row["id"] . ">" . $row["id"] . "</a>).");
|
|
}
|
|
} else {
|
|
return true;
|
|
}
|
|
}
|
|
?>
|
|
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<title>smzint/Files - UPLOAD</title>
|
|
</head>
|
|
<body>
|
|
<form action="upload.php" method="post" enctype="multipart/form-data">
|
|
<p><input type="radio" id="public" name="public" value="1">
|
|
<label for="user_by_id">Öffentlich</label></p>
|
|
<p><input type="radio" id="public" name="public" value="0"><br>
|
|
<label for="user_by_id">Privat</label></p>
|
|
<p><label for="fileName">Name</label><br>
|
|
<input type="text" name="fileName" id="fileName"></p>
|
|
<p><label for="fileDesc">Beschreibung</label><br>
|
|
<textarea name="fileDesc" id="fileDesc"></textarea></p>
|
|
<p><label for="fileType">Type</label><br>
|
|
<input type="text" name="fileType" id="fileType"></p>
|
|
<p>Select File to upload:
|
|
<input type="file" name="fileToUpload" id="fileToUpload"></p>
|
|
<input type="submit">
|
|
</form>
|
|
</body>
|
|
</html>
|