Strona główna Odkrywaj Pomoc
Zaloguj się
ThunderPerfectWitchcraft
/
Incoanhyto
Obserwuj 1
Polub 0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Gałąź: master
Gałęzie Tagi
Incoanhyto
/
upload.php

upload.php 2.9 KB
Bezpośredni odnośnik Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 
  1. <?php
    2. 

  2. session_start();
    3. 

  3. $upload=1;
    4. 

  4. include 'header.php';
    5. 

  5. echo "<br>";
    6. 

  6. echo '<main id="content">';
    7. 

  7. ?>
    8. 

  8. 

  9. 

  10. 

  11. <form action="upload.php" method="post" title="Upload Image" enctype="multipart/form-data">
    12. 

  12.   Select image to upload:
    13. 

  13.   <input type="file" name="fileToUpload" title="Select File" id="fileToUpload"> <br>License:
    14. 

  14.   <input type="text" name="license" title="License" value="CC By SA 4.0"> <br> Description (important for accessability!):
    15. 

  15.   <input type="text" name="alt" title="Alt Text of Image" onfocus="this.value=''" value="Please provide a short description of the image"> <br>
    16. 

  16.   <input type="submit" value="Upload Image" title="Submit" name="submit">
    17. 

  17. </form>
    18. 

  18. 

  19. 

  20.  <?php
    21. 

  21. if(isset($_POST['submit']))
    22. 

  22. {
    23. 

  23.  if($_SESSION['Name']!="" && $_SESSION['Level']>=$ImagePermissionLevel)
    24. 

  24.  {
    25. 

  25. 

  26. 

  27. 

  28.  
    29. 

  29. $target_dir = "images/";
    30. 

  30. $target_file = $target_dir . bin2hex(random_bytes(5)) . basename($_FILES["fileToUpload"]["name"]);
    31. 

  31. $uploadOk = 1;
    32. 

  32. $imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
    33. 

  33. 

  34. // Check if image file is a actual image or fake image
    35. 

  35. if(isset($_POST["submit"])) {
    36. 

  36.   $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    37. 

  37.   if($check !== false) {
    38. 

  38.     echo "File is an image - " . $check["mime"] . ".";
    39. 

  39.     $uploadOk = 1;
    40. 

  40.   } else {
    41. 

  41.     echo "File is not an image.";
    42. 

  42.     $uploadOk = 0;
    43. 

  43.   }
    44. 

  44. }
    45. 

  45. 

  46. // Check if file already exists
    47. 

  47. if (file_exists($target_file)) {
    48. 

  48.   echo "Sorry, file already exists.";
    49. 

  49.   $uploadOk = 0;
    50. 

  50. }
    51. 

  51. 

  52. // Check file size
    53. 

  53. if ($_FILES["fileToUpload"]["size"] > 500000) {
    54. 

  54.   echo "Sorry, your file is too large.";
    55. 

  55.   $uploadOk = 0;
    56. 

  56. }
    57. 

  57. 

  58. // Allow certain file formats
    59. 

  59. if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
    60. 

  60. && $imageFileType != "gif" ) {
    61. 

  61.   echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    62. 

  62.   $uploadOk = 0;
    63. 

  63. }
    64. 

  64. 

  65. // Check if $uploadOk is set to 0 by an error
    66. 

  66. if ($uploadOk == 0) {
    67. 

  67.   echo "Sorry, your file was not uploaded.";
    68. 

  68.   
    69. 

  69. // if everything is ok, try to upload file
    70. 

  70. } else {
    71. 

  71. 	$target_file = $target_dir . bin2hex(random_bytes(5)) . '.' . $imageFileType;
    72. 

  72.   if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
    73. 

  73. 	  $sql = "INSERT INTO Images (Link, Unlocked, Uploader, License, Alt) VALUES (?, '0', ?, ?, ?)";
    74. 

  74. 	  if($_SESSION['Level']>=$ImageAutoLevel)
    75. 

  75. 	  $sql = "INSERT INTO Images (Link, Unlocked, Uploader, License, Alt) VALUES (?, '1', ?, ?, ?)";
    76. 

  76. 	  $stmt = $conn->prepare($sql); 
    77. 

  77. 	  $in1=$target_file;
    78. 

  78. 	  $in2=intval($_SESSION['ID']);
    79. 

  79. 	  $in3=$_POST['license'];
    80. 

  80. 	  $in4=$_POST['alt'];
    81. 

  81. 	  $stmt->bind_param("siss", $in1, $in2, $in3, $in4);
    82. 

  82. 

  83. 	  $stmt->execute();
    84. 

  84. 	
    85. 

  85. 

  86.     echo "The file ". htmlspecialchars( basename( $_FILES["fileToUpload"]["name"])). " has been uploaded. It will appear in the gallery as soon as it has been checked by the moderation team.";
    87. 

  87.   } else {
    88. 

  88.     echo "Sorry, there was an error uploading your file.";
    89. 

  89.   }
    90. 

  90. }
    91. 

  91. }
    92. 

  92. else
    93. 

  93. {
    94. 

  94. 	echo "No permission for image upload";
    95. 

  95. }
    96. 

  96. }
    97. 

  97. ?> 
    98. 

  98. </main>
    99. 

  99. </body>
    100. 

  100. </html>
    101. 

  101.