$message = urlencode("The file did not upload because of {$_FILES['file']['error']}."); header("Location: error.php?error={$message}"); exit; } //if the file uploaded is larger then 20mb don't allow the upload to continue into database if ($_FILES['file']['size'] > 20000000) { $message = urlencode("The file did not upload because the file is too large."); header("Location: error.php?error={$message}"); exit; } //open resource to get actual mime type from the file $finfo = finfo_open(FILEINFO_MIME_TYPE); //get the mime type from the file information on the server( doesn't use info sent by client) $mime = finfo_file($finfo, $_FILES['file']['tmp_name']); //if the mime type is not a PDF file, then ignore the file if (Database::verifyFileType($mime) !== TRUE) { $message = urlencode("{$mime} is not an allowed type."); header("Location: error.php?error={$message}"); exit; } if (!isset($_POST['token'])) { $message = urlencode("No token was provided."); header("Location: error.php?error={$message}"); exit; } if (!isset($_POST['date'])) { $message = urlencode("No date was provided."); header("Location: error.php?error={$message}"); exit; } if (!Session::verifyToken($_POST['token'])) {