$author = $songs[intval($doot) - 1]['author']; print "--=> " . $author . " <=- Did not vote\n"; } } print "\n\n"; print "-----<O>-----\n"; print "This results were generated with LazyVote. (c) 2010 coda and Saga Musix. http://wiki.s3m.us"; $text = ob_get_clean(); $outFileName = UPLOAD_DIR . $compo . '.txt'; file_put_contents($outFileName, $text); @chmod($outFileName, 0755); $arc = new ArchiveFile(UPLOAD_DIR . $compo); $resultsTxt = UPLOAD_DIR . 'results.txt'; $arc->PrepareReplace($resultsTxt); if (copy($outFileName, $resultsTxt)) { $arc->Add($resultsTxt); } @unlink($resultsTxt); $arc->Close(); redirect(BASEDIR . "results/{$compo}.txt"); } ?> <script src="https://code.jquery.com/jquery-1.12.4.min.js" integrity="sha384-nvAa0+6Qg9clwYCGGPpDQLVpLNn0fRaROjHqs13t4Ggj3Ez50XnGQqc/r8MhnRDZ" crossorigin="anonymous"></script> <script src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js" integrity="sha384-Dziy8F2VlJQLMShA6FHWNul/veM9bCkRUaLqr199K94ntO5QUrLJBEbYegdSkkqX" crossorigin="anonymous"></script> <script type="text/javascript">var BASEDIR = "{{BASE}}";</script> <script src="{{BASE}}js/lazyvote.js" type="text/javascript"></script> <h2>Entries</h2> <?php if ($isActive) { echo '<p>Warning: Uploading is still active for this compo! First disable uploading before processing votes!</p>'; }
function processUpload() { global $mysqli; $compo = intval($_POST["compo"]); if (isset($_POST["token"]) && $_POST["token"] > 0) { // Remove upload token $stmt = $mysqli->prepare('DELETE FROM `uploading` WHERE `idupload` = ? AND `author` = ? AND `idcompo` = ? ') or die('query failed'); $stmt->bind_param('isi', intval($_POST["token"]), $_POST["author"], $compo); $stmt->execute() or die('query failed'); } $result = $mysqli->query("SELECT * FROM `compos` WHERE (`idcompo` = {$compo}) AND (`active` != 0)") or die('query failed'); $isClosed = $result->num_rows == 0; $result->free(); if ($isClosed) { uploadError("Sorry, but uploading for this compo is closed."); return; } if ($_POST["author"] == "") { uploadError("You forgot to enter your name!"); return; } else { if ($_FILES['userfile']['size'] > MAX_UPLOAD_SIZE || $_FILES['userfile']['error'] === UPLOAD_ERR_INI_SIZE) { uploadError("Your <s>penis</s> file is too big!"); return; } else { if ($_FILES['userfile']['size'] < 100) { uploadError("Your <s>penis</s> file is too small!"); return; } } } setcookie("author", $_POST["author"], time() + 60 * 60 * 24 * 365, "/"); $arc = new ArchiveFile(UPLOAD_DIR . $compo); if ($arc->Open() === FALSE) { echo "<p>Can't update the pack, please contact the technical support!</p>"; return; } $safeName = safeFilename($_FILES['userfile']['name']); $lastDot = strrpos($safeName, '.'); if (strlen($safeName) <= MAX_FILENAME_LENGTH || $lastDot === FALSE) { $db_filename = substr($safeName, 0, MAX_FILENAME_LENGTH); } else { // Need to trim filename $extension = substr($safeName, $lastDot); $db_filename = substr($safeName, 0, MAX_FILENAME_LENGTH - strlen($extension)) . $extension; } // Get mod title $modTitle = getModTitle($_FILES['userfile']['tmp_name'], $db_filename); $insert = TRUE; // duplicate filename? $stmt = $mysqli->prepare('SELECT * FROM `entries` WHERE (`idcompo` = ?) AND (`filename` = ?)') or die('query failed'); $stmt->bind_param('is', $compo, $db_filename); $stmt->execute() or die('query failed'); $result = $stmt->get_result(); if ($result->num_rows > 0) { $row = $result->fetch_assoc(); //if(isset($_SESSION["upload-" . $row["identry"]]) && $_SESSION["upload-" . $row["identry"]] == $_POST["author"]) if ($row["author"] == $_POST["author"]) { // replace file $entryID = $row["identry"]; $stmtRep = $mysqli->prepare('UPDATE `entries` SET `title` = ?, `altered` = 1, `date` = CURRENT_TIMESTAMP WHERE `identry` = ?') or die('query failed'); $stmtRep->bind_param('si', $modTitle, $entryID); $stmtRep->execute() or die('query failed'); $stmtRep->close(); @unlink(UPLOAD_DIR . $entryID); $arc->PrepareReplace($db_filename); $insert = FALSE; } else { // this is not ours, invent new filename $db_filename = substr(dechex(mt_rand(0, 255)) . '-' . $db_filename, 0, MAX_FILENAME_LENGTH); } } $result->free(); $stmt->close(); if ($insert) { $stmt = $mysqli->prepare('INSERT INTO `entries` (`author`, `filename`, `title`, `idcompo`, `altered`) VALUES (?, ?, ?, ?, 0)') or die('query failed'); $stmt->bind_param('sssi', $_POST["author"], $db_filename, $modTitle, $compo); $stmt->execute() or die('query failed'); $entryID = $stmt->insert_id; $stmt->close(); } $_SESSION["upload-{$entryID}"] = $_POST["author"]; $_SESSION["compo-{$compo}"] = TRUE; if (move_uploaded_file($_FILES['userfile']['tmp_name'], UPLOAD_DIR . $db_filename)) { $arc->Add(UPLOAD_DIR . $db_filename); $arc->Close(); @unlink(UPLOAD_DIR . $db_filename); echo '<h2>...go!</h2>'; if ($insert) { echo '<p>OK, ', htmlspecialchars($_POST["author"]), ', all done. Good luck!</p>'; } else { echo '<p>OK, ', htmlspecialchars($_POST["author"]), ', your file has been <strong>updated</strong>. Good luck!</p>'; } echo '<p>If you need to replace your file, upload it using exactly the same file name (', htmlspecialchars($db_filename), ') and handle (', htmlspecialchars($_POST["author"]), ') as this one.</p>'; } else { $arc->Close(); uploadError("Captain, the machinery failed! Please contact the technical support!"); return; } }