function handleUpload($FILE, $params) { global $auth, $locale, $dataDir, $db, $defaults, $passHasher; // fix file size overflow (when possible) in php 5.4-5.5 if ($FILE['size'] < 0) { $FILE['size'] = filesize($FILE["tmp_name"]); if ($FILE['size'] < 0) { logError($FILE["tmp_name"] . ": uncorrectable PHP file size overflow"); return false; } } // generate new unique id/file name list($id, $tmpFile) = genTicketId(); $tmpFile = preg_replace('/(\\/.*\\/)/', "\\1{$FILE['name']}_", $tmpFile); if (!move_uploaded_file($FILE["tmp_name"], $tmpFile)) { logError("cannot move file " . $FILE["tmp_name"] . " into {$tmpFile}"); return handleUploadFailure($tmpFile); } // check DB connection after upload reconnectDB(); // prepare data $sql = "INSERT INTO ticket (id, user_id, name, path, size, cmt, pass_ph" . ", time, expire, last_time, expire_dln, notify_email, sent_email, locale) VALUES ("; $sql .= $db->quote($id); $sql .= ", " . $auth['id']; $sql .= ", " . $db->quote(mb_sane_base($FILE["name"])); $sql .= ", " . $db->quote($tmpFile); $sql .= ", " . $FILE["size"]; $sql .= ", " . (empty($params["comment"]) ? 'NULL' : $db->quote($params["comment"])); $sql .= ", " . (empty($params["pass"]) ? 'NULL' : $db->quote($passHasher->HashPassword($params["pass"]))); $sql .= ", " . time(); if (@$params["permanent"]) { $sql .= ", NULL"; $sql .= ", NULL"; $sql .= ", NULL"; } else { if (!isset($params["ticket_total"]) && !isset($params["ticket_lastdl"]) && !isset($params["ticket_maxdl"])) { $params["ticket_total"] = $defaults['ticket']['total']; $params["ticket_lastdl"] = $defaults['ticket']['lastdl']; $params["ticket_maxdl"] = $defaults['ticket']['maxdl']; } $sql .= ", " . (empty($params["ticket_total"]) ? 'NULL' : time() + $params["ticket_total"]); $sql .= ", " . (empty($params["ticket_lastdl"]) ? 'NULL' : $params["ticket_lastdl"]); $sql .= ", " . (empty($params["ticket_maxdl"]) ? 'NULL' : (int) $params["ticket_maxdl"]); } $sql .= ", " . (empty($params["notify"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["notify"]))); $sql .= ", " . (empty($params["send_to"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["send_to"]))); $sql .= ", " . $db->quote($locale); $sql .= ")"; if ($db->exec($sql) != 1) { logDBError($db, "cannot commit new ticket to database"); return handleUploadFailure($tmpFile); } // fetch defaults $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); $DATA['pass'] = empty($params["pass"]) ? NULL : $params["pass"]; // trigger creation hooks onTicketCreate($DATA); return $DATA; }
if (ob_get_level()) { ob_end_flush(); } // contents $left = $size; fseek($fd, $range[1]); while ($left) { $data = fread($fd, 16384); $left -= strlen($data); print $data; flush(); } fclose($fd); if ($last && !connection_aborted()) { ++$DATA["downloads"]; reconnectDB(); // set default locale for notifications switchLocale($defLocale); // trigger download hooks onTicketDownload($DATA); // check for validity after download if (isTicketExpired($DATA)) { ticketPurge($DATA); } else { // update download count $now = time(); $sql = "UPDATE ticket SET last_stamp = {$now}" . ", downloads = downloads + 1 WHERE id = " . $db->quote($id); $db->exec($sql); } // kill the session ASAP if ($auth === false) {