@@ -186,8 +186,21 @@ function upload($files, $CONF, $db) | |||
{ | |||
$iv = rand_string(32); | |||
$targetFile = upload_file($files, $CONF['upload_dir'], $CONF['key'], $iv, $CONF['cipher']); | |||
$file_used = true; | |||
while ($file_used) | |||
{ | |||
$randomString = rand_string(6); | |||
$fileURL = $randomString; | |||
$result = $db->select("uploads", "url=?", array($fileURL)); | |||
if (!$result) | |||
{ | |||
$file_used = false; | |||
} | |||
} | |||
$data = array( | |||
"filename" => $targetFile, | |||
"url" => $fileURL, | |||
"type" => $file_type, | |||
"user_id" => $user_id, | |||
"upload_date" => date("Y-m-d H:i:s",time()), | |||
@@ -196,8 +209,8 @@ function upload($files, $CONF, $db) | |||
"cipher" => $CONF['cipher'] | |||
); | |||
$db->insert($data, 'uploads'); | |||
$_SESSION[$targetFile] = $targetFile; | |||
return array('results' => array('file' => array('name' => $targetFile, 'url' => get_page_url("u", $CONF).'/'.$targetFile, 'type' => $file_type, 'size' => $filesize))); | |||
$_SESSION[$fileURL] = $fileURL; | |||
return array('results' => array('file' => array('name' => $fileURL, 'url' => get_page_url("u", $CONF).'/'.$fileURL, 'type' => $file_type, 'size' => $filesize))); | |||
} | |||
return array('error' => $CONF['errors']['InvFile']); | |||
} | |||
@@ -212,7 +225,7 @@ function upload_file($file, $destination, $key, $iv, $cipher) | |||
$file_used = true; | |||
while ($file_used) | |||
{ | |||
$randomString = rand_string(6); | |||
$randomString = rand_string(12); | |||
$targetFile = $randomString.'.'.$fileType; | |||
if (!file_exists($destination.$targetFile)) | |||
{ |
@@ -7,7 +7,7 @@ if(isset($_GET)) | |||
{ | |||
$file = rawurldecode($_GET['file']); | |||
$hash = rawurldecode($_GET['hash']); | |||
$upload = $db->select('uploads', "filename=? LIMIT 1", array($file)); | |||
$upload = $db->select('uploads', "url=? LIMIT 1", array($file)); | |||
if ($upload) | |||
{ | |||
$success = true; | |||
@@ -20,12 +20,13 @@ if(isset($_GET)) | |||
if ($success) | |||
{ | |||
$db->delete('uploads', 'id=?', array($upload['id'])); | |||
unlink($CONF['upload_dir'].$upload['filename']); | |||
include('../templates/'.$CONF['template'].'/header.php'); | |||
?> | |||
<div class="container"> | |||
<div class="row"> | |||
<div class="col-sm-12 text-center"> | |||
<h2><b><?php echo $upload['filename']; ?></b> has been successfully deleted.</h2> | |||
<h2><b><?php echo $upload['url']; ?></b> has been successfully deleted.</h2> | |||
</div> | |||
</div> | |||
</div> |
@@ -3,20 +3,20 @@ include('../includes/config.php'); | |||
if(isset($_POST) && isset($_SESSION)) | |||
{ | |||
$filename = rawurldecode($_POST['uploadID']); | |||
if (isset($_SESSION[$filename]) && $_SESSION[$filename] == $filename) | |||
$file = rawurldecode($_POST['uploadID']); | |||
if (isset($_SESSION[$file]) && $_SESSION[$file] == $file) | |||
{ | |||
$file_db = $db->select('uploads', "filename=? LIMIT 1", array($filename)); | |||
$file_db = $db->select('uploads', "url=? LIMIT 1", array($file)); | |||
if ($file_db) | |||
{ | |||
$delete_key = generate_code($file_db['filename'], $CONF); | |||
$delete_key = generate_code($file_db['url'], $CONF); | |||
$data = array( | |||
"delete_key" => $delete_key | |||
); | |||
$post_id = $db->update($data, 'uploads', 'filename=?', array($filename)); | |||
$post_id = $db->update($data, 'uploads', 'url=?', array($file)); | |||
unset($_POST); | |||
echo json_encode(array('result' => array('url' => get_page_url("u", $CONF).'/'.$file_db['filename'].'/'.$delete_key))); | |||
echo json_encode(array('result' => array('url' => get_page_url("u", $CONF).'/'.$file_db['url'].'/'.$delete_key))); | |||
} | |||
else | |||
{ |
@@ -1,10 +1,9 @@ | |||
<?php | |||
include('../../includes/config.php'); | |||
$path_parts = pathinfo($_GET['file']); | |||
$file_name = $path_parts['basename']; | |||
$file_path = $CONF['upload_dir'] . $file_name; | |||
$file_db = $db->select('uploads', "filename=? LIMIT 1", array($file_name)); | |||
$temp_path = sys_get_temp_dir()."\\".$file_name; | |||
$fileURL = $_GET['file']; | |||
$file_db = $db->select('uploads', "url=? LIMIT 1", array($fileURL)); | |||
$file_path = $CONF['upload_dir'] . $file_db['filename']; | |||
$temp_path = sys_get_temp_dir()."\\".$file_db['filename']; | |||
if (file_exists($file_path) && $file_db) | |||
{ | |||
@@ -21,7 +20,7 @@ if (file_exists($file_path) && $file_db) | |||
$pattern = "/^((image)|(text)|(audio)|(video))\/(.*)$/"; | |||
if(!preg_match($pattern, $file_type)) | |||
{ | |||
header("Content-Disposition: attachment; filename=\"$file_name\""); | |||
header("Content-Disposition: attachment; filename=\"".$file_db['filename']."\""); | |||
header("Pragma: public"); | |||
header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); | |||
header('Content-Type: '.$file_type); |
@@ -54,27 +54,26 @@ Dropzone.options.TeknikUpload = { | |||
}); | |||
this.on("success", function(file, responseText) { | |||
obj = JSON.parse(responseText); | |||
var full_name = obj.results.file.name; | |||
var short_name = file.name.split(".")[0]; | |||
var name = obj.results.file.name; | |||
$("#upload-links").css('display', 'inline', 'important'); | |||
$("#upload-links").prepend(' \ | |||
<div class="row link_'+short_name+'"> \ | |||
<div class="row link_'+name+'"> \ | |||
<div class="col-sm-6"> \ | |||
'+file.name+' \ | |||
</div> \ | |||
<div class="col-sm-3"> \ | |||
<a href="<?php echo get_page_url('u', $CONF); ?>/'+full_name+'" target="_blank" class="alert-link"><?php echo get_page_url('u', $CONF); ?>/'+full_name+'</a> \ | |||
<a href="<?php echo get_page_url('u', $CONF); ?>/'+name+'" target="_blank" class="alert-link"><?php echo get_page_url('u', $CONF); ?>/'+name+'</a> \ | |||
</div> \ | |||
<div class="col-sm-3"> \ | |||
<button type="button" class="btn btn-default btn-xs generate-delete-link-'+short_name+'" id="'+full_name+'">Generate Deletion URL</button> \ | |||
<button type="button" class="btn btn-default btn-xs generate-delete-link-'+name+'" id="'+name+'">Generate Deletion URL</button> \ | |||
</div> \ | |||
</div> \ | |||
'); | |||
linkUploadDelete('.generate-delete-link-'+short_name+''); | |||
linkUploadDelete('.generate-delete-link-'+name+''); | |||
}); | |||
this.on("removedfile", function(file) { | |||
var short_name = file.name.split(".")[0]; | |||
$('.link_'+short_name).remove(); | |||
var name = file.name; | |||
$('.link_'+name).remove(); | |||
}); | |||
this.on("reset", function(file, responseText) { | |||
$("#upload_message").css('display', 'inline', 'important'); |