5 changed files with 37 additions and 25 deletions
+ 16
- 3
includes/common.php
View File
| @@ -186,8 +186,21 @@ function upload($files, $CONF, $db) | |||
| { | |||
| $iv = rand_string(32); | |||
| $targetFile = upload_file($files, $CONF['upload_dir'], $CONF['key'], $iv, $CONF['cipher']); | |||
| $file_used = true; | |||
| while ($file_used) | |||
| { | |||
| $randomString = rand_string(6); | |||
| $fileURL = $randomString; | |||
| $result = $db->select("uploads", "url=?", array($fileURL)); | |||
| if (!$result) | |||
| { | |||
| $file_used = false; | |||
| } | |||
| } | |||
| $data = array( | |||
| "filename" => $targetFile, | |||
| "url" => $fileURL, | |||
| "type" => $file_type, | |||
| "user_id" => $user_id, | |||
| "upload_date" => date("Y-m-d H:i:s",time()), | |||
| @@ -196,8 +209,8 @@ function upload($files, $CONF, $db) | |||
| "cipher" => $CONF['cipher'] | |||
| ); | |||
| $db->insert($data, 'uploads'); | |||
| $_SESSION[$targetFile] = $targetFile; | |||
| return array('results' => array('file' => array('name' => $targetFile, 'url' => get_page_url("u", $CONF).'/'.$targetFile, 'type' => $file_type, 'size' => $filesize))); | |||
| $_SESSION[$fileURL] = $fileURL; | |||
| return array('results' => array('file' => array('name' => $fileURL, 'url' => get_page_url("u", $CONF).'/'.$fileURL, 'type' => $file_type, 'size' => $filesize))); | |||
| } | |||
| return array('error' => $CONF['errors']['InvFile']); | |||
| } | |||
| @@ -212,7 +225,7 @@ function upload_file($file, $destination, $key, $iv, $cipher) | |||
| $file_used = true; | |||
| while ($file_used) | |||
| { | |||
| $randomString = rand_string(6); | |||
| $randomString = rand_string(12); | |||
| $targetFile = $randomString.'.'.$fileType; | |||
| if (!file_exists($destination.$targetFile)) | |||
| { | |||
+ 3
- 2
upload/delete_upload.php
View File
| @@ -7,7 +7,7 @@ if(isset($_GET)) | |||
| { | |||
| $file = rawurldecode($_GET['file']); | |||
| $hash = rawurldecode($_GET['hash']); | |||
| $upload = $db->select('uploads', "filename=? LIMIT 1", array($file)); | |||
| $upload = $db->select('uploads', "url=? LIMIT 1", array($file)); | |||
| if ($upload) | |||
| { | |||
| $success = true; | |||
| @@ -20,12 +20,13 @@ if(isset($_GET)) | |||
| if ($success) | |||
| { | |||
| $db->delete('uploads', 'id=?', array($upload['id'])); | |||
| unlink($CONF['upload_dir'].$upload['filename']); | |||
| include('../templates/'.$CONF['template'].'/header.php'); | |||
| ?> | |||
| <div class="container"> | |||
| <div class="row"> | |||
| <div class="col-sm-12 text-center"> | |||
| <h2><b><?php echo $upload['filename']; ?></b> has been successfully deleted.</h2> | |||
| <h2><b><?php echo $upload['url']; ?></b> has been successfully deleted.</h2> | |||
| </div> | |||
| </div> | |||
| </div> | |||
+ 6
- 6
upload/generate_delete_link.php
View File
| @@ -3,20 +3,20 @@ include('../includes/config.php'); | |||
| if(isset($_POST) && isset($_SESSION)) | |||
| { | |||
| $filename = rawurldecode($_POST['uploadID']); | |||
| if (isset($_SESSION[$filename]) && $_SESSION[$filename] == $filename) | |||
| $file = rawurldecode($_POST['uploadID']); | |||
| if (isset($_SESSION[$file]) && $_SESSION[$file] == $file) | |||
| { | |||
| $file_db = $db->select('uploads', "filename=? LIMIT 1", array($filename)); | |||
| $file_db = $db->select('uploads', "url=? LIMIT 1", array($file)); | |||
| if ($file_db) | |||
| { | |||
| $delete_key = generate_code($file_db['filename'], $CONF); | |||
| $delete_key = generate_code($file_db['url'], $CONF); | |||
| $data = array( | |||
| "delete_key" => $delete_key | |||
| ); | |||
| $post_id = $db->update($data, 'uploads', 'filename=?', array($filename)); | |||
| $post_id = $db->update($data, 'uploads', 'url=?', array($file)); | |||
| unset($_POST); | |||
| echo json_encode(array('result' => array('url' => get_page_url("u", $CONF).'/'.$file_db['filename'].'/'.$delete_key))); | |||
| echo json_encode(array('result' => array('url' => get_page_url("u", $CONF).'/'.$file_db['url'].'/'.$delete_key))); | |||
| } | |||
| else | |||
| { | |||
+ 5
- 6
upload/lib/download.php
View File
| @@ -1,10 +1,9 @@ | |||
| <?php | |||
| include('../../includes/config.php'); | |||
| $path_parts = pathinfo($_GET['file']); | |||
| $file_name = $path_parts['basename']; | |||
| $file_path = $CONF['upload_dir'] . $file_name; | |||
| $file_db = $db->select('uploads', "filename=? LIMIT 1", array($file_name)); | |||
| $temp_path = sys_get_temp_dir()."\\".$file_name; | |||
| $fileURL = $_GET['file']; | |||
| $file_db = $db->select('uploads', "url=? LIMIT 1", array($fileURL)); | |||
| $file_path = $CONF['upload_dir'] . $file_db['filename']; | |||
| $temp_path = sys_get_temp_dir()."\\".$file_db['filename']; | |||
| if (file_exists($file_path) && $file_db) | |||
| { | |||
| @@ -21,7 +20,7 @@ if (file_exists($file_path) && $file_db) | |||
| $pattern = "/^((image)|(text)|(audio)|(video))\/(.*)$/"; | |||
| if(!preg_match($pattern, $file_type)) | |||
| { | |||
| header("Content-Disposition: attachment; filename=\"$file_name\""); | |||
| header("Content-Disposition: attachment; filename=\"".$file_db['filename']."\""); | |||
| header("Pragma: public"); | |||
| header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); | |||
| header('Content-Type: '.$file_type); | |||
+ 7
- 8
upload/main.php
View File
| @@ -54,27 +54,26 @@ Dropzone.options.TeknikUpload = { | |||
| }); | |||
| this.on("success", function(file, responseText) { | |||
| obj = JSON.parse(responseText); | |||
| var full_name = obj.results.file.name; | |||
| var short_name = file.name.split(".")[0]; | |||
| var name = obj.results.file.name; | |||
| $("#upload-links").css('display', 'inline', 'important'); | |||
| $("#upload-links").prepend(' \ | |||
| <div class="row link_'+short_name+'"> \ | |||
| <div class="row link_'+name+'"> \ | |||
| <div class="col-sm-6"> \ | |||
| '+file.name+' \ | |||
| </div> \ | |||
| <div class="col-sm-3"> \ | |||
| <a href="<?php echo get_page_url('u', $CONF); ?>/'+full_name+'" target="_blank" class="alert-link"><?php echo get_page_url('u', $CONF); ?>/'+full_name+'</a> \ | |||
| <a href="<?php echo get_page_url('u', $CONF); ?>/'+name+'" target="_blank" class="alert-link"><?php echo get_page_url('u', $CONF); ?>/'+name+'</a> \ | |||
| </div> \ | |||
| <div class="col-sm-3"> \ | |||
| <button type="button" class="btn btn-default btn-xs generate-delete-link-'+short_name+'" id="'+full_name+'">Generate Deletion URL</button> \ | |||
| <button type="button" class="btn btn-default btn-xs generate-delete-link-'+name+'" id="'+name+'">Generate Deletion URL</button> \ | |||
| </div> \ | |||
| </div> \ | |||
| '); | |||
| linkUploadDelete('.generate-delete-link-'+short_name+''); | |||
| linkUploadDelete('.generate-delete-link-'+name+''); | |||
| }); | |||
| this.on("removedfile", function(file) { | |||
| var short_name = file.name.split(".")[0]; | |||
| $('.link_'+short_name).remove(); | |||
| var name = file.name; | |||
| $('.link_'+name).remove(); | |||
| }); | |||
| this.on("reset", function(file, responseText) { | |||
| $("#upload_message").css('display', 'inline', 'important'); | |||
Loading…