-
Notifications
You must be signed in to change notification settings - Fork 3
/
fileupload.php
66 lines (57 loc) · 2.24 KB
/
fileupload.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php
$errors = "";
include 'admincheck.php';
/* Take and upload the user's file */
/* If a file was uploaded */
if($_FILES['file']['name']) {
/* Do something with the file */
if(!$_FILES['file']['error']) {
if(isset($_POST['isPlugin'])) {
$newFileName = $_FILES['file']['name'];
} else {
$newFileName = strtolower(rand(100,10000) . $_FILES['file']['name']); /* Create a temporary file name and append a random number */
}
if($_FILES['file']['size'] > 1000000000) { //if file is bigger than a GB
echo "<script>alert('Sorry. Files can't be above 1GB')</script>";
header("Location: index.php?error=1");
die("ERROR");
/* Catch this in case execution of script continues for some reason */
}
/* otherwise, continue*/
if(!isset($_POST['isPlugin'])) {
move_uploaded_file($_FILES['file']['tmp_name'], "content/" . $newFileName);
} else {
move_uploaded_file($_FILES['file']['tmp_name'], "plugins/" . $newFileName);
}
/* Move the file */
echo "ALL GOOD!";
/* The above message should never show, because now we will redirect to the addapp page where the user
can enter information for the file and post it as an app */
if(!isset($_POST['isPlugin'])) {
header("Location: addapp.php?f=" . $newFileName);
}
} else {
/* Send to error page */
header("Location: index.php?error=1");
}
} else {
/* handle no file error */
echo "ERROR";
}
// If it was a plugin, unzip it and delete the archive
if(isset($_POST['isPlugin']))
{
$zip = new ZipArchive;
if ($zip->open("plugins/" . $newFileName) === TRUE) {
$zip->extractTo("plugins/" . preg_replace('/\\.[^.\\s]{3,4}$/', '', $newFileName) . ".plugin");
$zip->close();
echo 'ok';
} else {
$errors .= '<br>ZIP extraction failed! Things to check <li>That the file actually is a ZIP file</li><li>That the file was uploaded properly</li><li>That file uploads are enabled in your PHP settings</li>';
}
if(!unlink("plugins/" . $newFileName)) {
$errors .= "<br>Could not delete ZIP file (" . "plugins/" . $newFileName . ")";
}
if($errors == "") { header("Location: index.php?success"); } else { die("The following errors were enoucntered while uploading your file: " . $erros); }
}
?>