Example #1
0
    $message = urlencode("The file did not upload because of {$_FILES['file']['error']}.");
    header("Location: error.php?error={$message}");
    exit;
}
//if the file uploaded is larger then 20mb don't allow the upload to continue into database
if ($_FILES['file']['size'] > 20000000) {
    $message = urlencode("The file did not upload because the file is too large.");
    header("Location: error.php?error={$message}");
    exit;
}
//open resource to get actual mime type from the file
$finfo = finfo_open(FILEINFO_MIME_TYPE);
//get the mime type from the file information on the server( doesn't use info sent by client)
$mime = finfo_file($finfo, $_FILES['file']['tmp_name']);
//if the mime type is not a PDF file, then ignore the file
if (Database::verifyFileType($mime) !== TRUE) {
    $message = urlencode("{$mime} is not an allowed type.");
    header("Location: error.php?error={$message}");
    exit;
}
if (!isset($_POST['token'])) {
    $message = urlencode("No token was provided.");
    header("Location: error.php?error={$message}");
    exit;
}
if (!isset($_POST['date'])) {
    $message = urlencode("No date was provided.");
    header("Location: error.php?error={$message}");
    exit;
}
if (!Session::verifyToken($_POST['token'])) {