function handleUpload($FILE, $params)
{
global $auth, $locale, $dataDir, $db, $defaults, $passHasher;
// fix file size overflow (when possible) in php 5.4-5.5
if ($FILE['size'] < 0) {
$FILE['size'] = filesize($FILE["tmp_name"]);
if ($FILE['size'] < 0) {
logError($FILE["tmp_name"] . ": uncorrectable PHP file size overflow");
return false;
}
}
// generate new unique id/file name
list($id, $tmpFile) = genTicketId();
$tmpFile = preg_replace('/(\\/.*\\/)/', "\\1{$FILE['name']}_", $tmpFile);
if (!move_uploaded_file($FILE["tmp_name"], $tmpFile)) {
logError("cannot move file " . $FILE["tmp_name"] . " into {$tmpFile}");
return handleUploadFailure($tmpFile);
}
// check DB connection after upload
reconnectDB();
// prepare data
$sql = "INSERT INTO ticket (id, user_id, name, path, size, cmt, pass_ph" . ", time, expire, last_time, expire_dln, notify_email, sent_email, locale) VALUES (";
$sql .= $db->quote($id);
$sql .= ", " . $auth['id'];
$sql .= ", " . $db->quote(mb_sane_base($FILE["name"]));
$sql .= ", " . $db->quote($tmpFile);
$sql .= ", " . $FILE["size"];
$sql .= ", " . (empty($params["comment"]) ? 'NULL' : $db->quote($params["comment"]));
$sql .= ", " . (empty($params["pass"]) ? 'NULL' : $db->quote($passHasher->HashPassword($params["pass"])));
$sql .= ", " . time();
if (@$params["permanent"]) {
$sql .= ", NULL";
$sql .= ", NULL";
$sql .= ", NULL";
} else {
if (!isset($params["ticket_total"]) && !isset($params["ticket_lastdl"]) && !isset($params["ticket_maxdl"])) {
$params["ticket_total"] = $defaults['ticket']['total'];
$params["ticket_lastdl"] = $defaults['ticket']['lastdl'];
$params["ticket_maxdl"] = $defaults['ticket']['maxdl'];
}
$sql .= ", " . (empty($params["ticket_total"]) ? 'NULL' : time() + $params["ticket_total"]);
$sql .= ", " . (empty($params["ticket_lastdl"]) ? 'NULL' : $params["ticket_lastdl"]);
$sql .= ", " . (empty($params["ticket_maxdl"]) ? 'NULL' : (int) $params["ticket_maxdl"]);
}
$sql .= ", " . (empty($params["notify"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["notify"])));
$sql .= ", " . (empty($params["send_to"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["send_to"])));
$sql .= ", " . $db->quote($locale);
$sql .= ")";
if ($db->exec($sql) != 1) {
logDBError($db, "cannot commit new ticket to database");
return handleUploadFailure($tmpFile);
}
// fetch defaults
$sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
$DATA = $db->query($sql)->fetch();
$DATA['pass'] = empty($params["pass"]) ? NULL : $params["pass"];
// trigger creation hooks
onTicketCreate($DATA);
return $DATA;
}
if (ob_get_level()) {
ob_end_flush();
}
// contents
$left = $size;
fseek($fd, $range[1]);
while ($left) {
$data = fread($fd, 16384);
$left -= strlen($data);
print $data;
flush();
}
fclose($fd);
if ($last && !connection_aborted()) {
++$DATA["downloads"];
reconnectDB();
// set default locale for notifications
switchLocale($defLocale);
// trigger download hooks
onTicketDownload($DATA);
// check for validity after download
if (isTicketExpired($DATA)) {
ticketPurge($DATA);
} else {
// update download count
$now = time();
$sql = "UPDATE ticket SET last_stamp = {$now}" . ", downloads = downloads + 1 WHERE id = " . $db->quote($id);
$db->exec($sql);
}
// kill the session ASAP
if ($auth === false) {
