Browse Source

Made upload URL different than filename

tags/v1.3
Teknikode 5 years ago
parent
commit
d3dc60ea04
5 changed files with 37 additions and 25 deletions
  1. 16
    3
      includes/common.php
  2. 3
    2
      upload/delete_upload.php
  3. 6
    6
      upload/generate_delete_link.php
  4. 5
    6
      upload/lib/download.php
  5. 7
    8
      upload/main.php

+ 16
- 3
includes/common.php View File

@@ -186,8 +186,21 @@ function upload($files, $CONF, $db)
{
$iv = rand_string(32);
$targetFile = upload_file($files, $CONF['upload_dir'], $CONF['key'], $iv, $CONF['cipher']);
$file_used = true;
while ($file_used)
{
$randomString = rand_string(6);
$fileURL = $randomString;
$result = $db->select("uploads", "url=?", array($fileURL));
if (!$result)
{
$file_used = false;
}
}
$data = array(
"filename" => $targetFile,
"url" => $fileURL,
"type" => $file_type,
"user_id" => $user_id,
"upload_date" => date("Y-m-d H:i:s",time()),
@@ -196,8 +209,8 @@ function upload($files, $CONF, $db)
"cipher" => $CONF['cipher']
);
$db->insert($data, 'uploads');
$_SESSION[$targetFile] = $targetFile;
return array('results' => array('file' => array('name' => $targetFile, 'url' => get_page_url("u", $CONF).'/'.$targetFile, 'type' => $file_type, 'size' => $filesize)));
$_SESSION[$fileURL] = $fileURL;
return array('results' => array('file' => array('name' => $fileURL, 'url' => get_page_url("u", $CONF).'/'.$fileURL, 'type' => $file_type, 'size' => $filesize)));
}
return array('error' => $CONF['errors']['InvFile']);
}
@@ -212,7 +225,7 @@ function upload_file($file, $destination, $key, $iv, $cipher)
$file_used = true;
while ($file_used)
{
$randomString = rand_string(6);
$randomString = rand_string(12);
$targetFile = $randomString.'.'.$fileType;
if (!file_exists($destination.$targetFile))
{

+ 3
- 2
upload/delete_upload.php View File

@@ -7,7 +7,7 @@ if(isset($_GET))
{
$file = rawurldecode($_GET['file']);
$hash = rawurldecode($_GET['hash']);
$upload = $db->select('uploads', "filename=? LIMIT 1", array($file));
$upload = $db->select('uploads', "url=? LIMIT 1", array($file));
if ($upload)
{
$success = true;
@@ -20,12 +20,13 @@ if(isset($_GET))
if ($success)
{
$db->delete('uploads', 'id=?', array($upload['id']));
unlink($CONF['upload_dir'].$upload['filename']);
include('../templates/'.$CONF['template'].'/header.php');
?>
<div class="container">
<div class="row">
<div class="col-sm-12 text-center">
<h2><b><?php echo $upload['filename']; ?></b> has been successfully deleted.</h2>
<h2><b><?php echo $upload['url']; ?></b> has been successfully deleted.</h2>
</div>
</div>
</div>

+ 6
- 6
upload/generate_delete_link.php View File

@@ -3,20 +3,20 @@ include('../includes/config.php');
if(isset($_POST) && isset($_SESSION))
{
$filename = rawurldecode($_POST['uploadID']);
if (isset($_SESSION[$filename]) && $_SESSION[$filename] == $filename)
$file = rawurldecode($_POST['uploadID']);
if (isset($_SESSION[$file]) && $_SESSION[$file] == $file)
{
$file_db = $db->select('uploads', "filename=? LIMIT 1", array($filename));
$file_db = $db->select('uploads', "url=? LIMIT 1", array($file));
if ($file_db)
{
$delete_key = generate_code($file_db['filename'], $CONF);
$delete_key = generate_code($file_db['url'], $CONF);
$data = array(
"delete_key" => $delete_key
);
$post_id = $db->update($data, 'uploads', 'filename=?', array($filename));
$post_id = $db->update($data, 'uploads', 'url=?', array($file));
unset($_POST);
echo json_encode(array('result' => array('url' => get_page_url("u", $CONF).'/'.$file_db['filename'].'/'.$delete_key)));
echo json_encode(array('result' => array('url' => get_page_url("u", $CONF).'/'.$file_db['url'].'/'.$delete_key)));
}
else
{

+ 5
- 6
upload/lib/download.php View File

@@ -1,10 +1,9 @@
<?php
include('../../includes/config.php');
$path_parts = pathinfo($_GET['file']);
$file_name = $path_parts['basename'];
$file_path = $CONF['upload_dir'] . $file_name;
$file_db = $db->select('uploads', "filename=? LIMIT 1", array($file_name));
$temp_path = sys_get_temp_dir()."\\".$file_name;
$fileURL = $_GET['file'];
$file_db = $db->select('uploads', "url=? LIMIT 1", array($fileURL));
$file_path = $CONF['upload_dir'] . $file_db['filename'];
$temp_path = sys_get_temp_dir()."\\".$file_db['filename'];
if (file_exists($file_path) && $file_db)
{
@@ -21,7 +20,7 @@ if (file_exists($file_path) && $file_db)
$pattern = "/^((image)|(text)|(audio)|(video))\/(.*)$/";
if(!preg_match($pattern, $file_type))
{
header("Content-Disposition: attachment; filename=\"$file_name\"");
header("Content-Disposition: attachment; filename=\"".$file_db['filename']."\"");
header("Pragma: public");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header('Content-Type: '.$file_type);

+ 7
- 8
upload/main.php View File

@@ -54,27 +54,26 @@ Dropzone.options.TeknikUpload = {
});
this.on("success", function(file, responseText) {
obj = JSON.parse(responseText);
var full_name = obj.results.file.name;
var short_name = file.name.split(".")[0];
var name = obj.results.file.name;
$("#upload-links").css('display', 'inline', 'important');
$("#upload-links").prepend(' \
<div class="row link_'+short_name+'"> \
<div class="row link_'+name+'"> \
<div class="col-sm-6"> \
'+file.name+' \
</div> \
<div class="col-sm-3"> \
<a href="<?php echo get_page_url('u', $CONF); ?>/'+full_name+'" target="_blank" class="alert-link"><?php echo get_page_url('u', $CONF); ?>/'+full_name+'</a> \
<a href="<?php echo get_page_url('u', $CONF); ?>/'+name+'" target="_blank" class="alert-link"><?php echo get_page_url('u', $CONF); ?>/'+name+'</a> \
</div> \
<div class="col-sm-3"> \
<button type="button" class="btn btn-default btn-xs generate-delete-link-'+short_name+'" id="'+full_name+'">Generate Deletion URL</button> \
<button type="button" class="btn btn-default btn-xs generate-delete-link-'+name+'" id="'+name+'">Generate Deletion URL</button> \
</div> \
</div> \
');
linkUploadDelete('.generate-delete-link-'+short_name+'');
linkUploadDelete('.generate-delete-link-'+name+'');
});
this.on("removedfile", function(file) {
var short_name = file.name.split(".")[0];
$('.link_'+short_name).remove();
var name = file.name;
$('.link_'+name).remove();
});
this.on("reset", function(file, responseText) {
$("#upload_message").css('display', 'inline', 'important');

Loading…
Cancel
Save