Free-File-Storage/submit.php at main · tedead/Free-File-Storage · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<?php

	session_start();

	$user = $_SESSION['user'];

	$category = $_POST['category'];

	if ($_FILES["file"]["error"] > 0)
	{
	  header('Location: upload.php?succeed=0&reason=er');
	}
	else
	{
		if (file_exists("./User Directories/$user/$category/". $_FILES["file"]["name"])) {

		  header('Location: upload.php?succeed=0&reason=ex');

		} else {

			$db = new mysqli('localhost','user_insert','userPass','file_storage');

			if (mysqli_connect_errno()) {

				echo 'Error: Could not connect to the database.';

				exit;

			}

			move_uploaded_file($_FILES["file"]["tmp_name"], "./User Directories/$user/$category/". $_FILES["file"]["name"]);

			$guid = com_create_guid();

			$fileName = addslashes($_FILES["file"]["name"]);

			$fileSize = addslashes($_FILES["file"]["size"]);

			$fileType = addslashes($_FILES["file"]["type"]);

			if (!file_exists("./User Directories/$user/$category"))
			{
				mkdir("./User Directories/$user/$category");
			}

			$location = addslashes("./User Directories/$user/$category/". $_FILES["file"]["name"]);

			$today = date("F j, Y, g:i a");

			$sql = "INSERT INTO files(FileID, Name, Size, Type, Location, DateCreated) VALUES('$guid','$fileName','$fileSize','$fileType', '$location', CURDATE())";

			$result = $db->query($sql);

			$db->close();

			//Get userid from login

			$con = mysqli_connect("localhost", "user_select", "userPass") or die(mysqli_error());

			mysqli_select_db($con, "file_storage") or die(mysql_error($con));

			$data = mysqli_query($con, "SELECT UserID FROM users WHERE UserName = '$user'") or die(mysqli_error($con));

			$row = mysqli_fetch_row($data);

			$userID = $row[0];

			$db = new mysqli('localhost','user_insert','userPass','file_storage');

			$sql = "INSERT INTO user_files (FileID, UserID, DateCreated) VALUES('$guid','$userID', CURDATE())";

			$results = $db->query($sql);

			$db->close();

			if($results)
			{
				header('Location: upload.php?succeed=1');
			}
			else
			{
				header('Location: upload.php?succeed=0&reason=ni');
			}
		}
	}
?>