/** * Handles the uploading and db entry for a file * * @param UploadedFile $file * @return array */ function upload_file($file) { global $db; // Handle file errors if ($file->error) { throw new UploadException($file->error); } // Check if a file with the same hash and size (a file which is the same) does already exist in // the database; if it does, delete the file just uploaded and return the proper link and data. $q = $db->prepare('SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash) ' . 'AND size = (:size)'); $q->bindValue(':hash', $file->get_sha1(), PDO::PARAM_STR); $q->bindValue(':size', $file->size, PDO::PARAM_INT); $q->execute(); $result = $q->fetch(); if ($result['count'] > 0) { unlink($file->tempfile); return array('hash' => $file->get_sha1(), 'name' => $file->name, 'url' => POMF_URL . $result['filename'], 'size' => $file->size); } // Generate a name for the file $newname = generate_name($file); // Attempt to move it to the static directory if (move_uploaded_file($file->tempfile, POMF_FILES_ROOT . $newname)) { // Need to change permissions for the new file to make it world readable if (chmod(POMF_FILES_ROOT . $newname, 0644)) { // Add it to the database if (empty($_SESSION['id'])) { // Query if user is NOT logged in $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ' . 'expire, delid) VALUES (:hash, :orig, :name, :size, :date, ' . ':exp, :del)'); } else { // Query if user is logged in (insert user id together with other data) $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ' . 'expire, delid, user) VALUES (:hash, :orig, :name, :size, ' . ':date, :expires, :delid, :user)'); $q->bindValue(':user', $_SESSION['id'], PDO::PARAM_INT); } // Common parameters binding $q->bindValue(':hash', $file->get_sha1(), PDO::PARAM_STR); $q->bindValue(':orig', strip_tags($file->name), PDO::PARAM_STR); $q->bindValue(':name', $newname, PDO::PARAM_STR); $q->bindValue(':size', $file->size, PDO::PARAM_INT); $q->bindValue(':date', date('Y-m-d'), PDO::PARAM_STR); $q->bindValue(':exp', null, PDO::PARAM_STR); $q->bindValue(':del', sha1($file->tempfile), PDO::PARAM_STR); $q->execute(); return array('hash' => $file->get_sha1(), 'name' => $file->name, 'url' => POMF_URL . $newname, 'size' => $file->size); } else { throw new Exception('Failed to change file permissions', 500); } } else { throw new Exception('Failed to move file to destination', 500); } }
/** * Handles the uploading and db entry for a file. * * @param UploadedFile $file * * @return array */ function upload_file($file) { global $db; // Handle file errors if ($file->error) { throw new UploadException($file->error); } // Check if a file with the same hash and size (a file which is the same) does already exist in // the database; if it does, delete the file just uploaded and return the proper link and data. $q = $db->prepare('SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash) ' . 'AND size = (:size)'); $q->bindValue(':hash', $file->get_sha1(), PDO::PARAM_STR); $q->bindValue(':size', $file->size, PDO::PARAM_INT); $q->execute(); $result = $q->fetch(); if ($result['count'] > 0) { unlink($file->tempfile); return array('hash' => $file->get_sha1(), 'name' => $file->name, 'url' => POMF_URL . $result['filename'], 'size' => $file->size); } // Generate a name for the file $newname = generate_name($file); // Attempt to move it to the static directory if (move_uploaded_file($file->tempfile, POMF_FILES_ROOT . $newname)) { // Need to change permissions for the new file to make it world readable if (chmod(POMF_FILES_ROOT . $newname, 0644)) { // Add it to the database $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ' . 'expire, delid) VALUES (:hash, :orig, :name, :size, :date, ' . ':exp, :del)'); //Adds expire date to database for removal via python script and cron $expTime = date("Y-m-d H:i:s", time() + 9001 * 60 * 60); if ($_POST['Time'] == '1') { $expTime = date("Y-m-d H:i:s", time() + 9001 * 60 * 60); } if ($_POST['Time'] == '2') { $expTime = date("Y-m-d H:i:s", time() + 6 * 60 * 60); } if ($_POST['Time'] == '3') { $expTime = date("Y-m-d H:i:s", time() + 24 * 60 * 60); } if ($_POST['Time'] == '4') { $expTime = date("Y-m-d H:i:s", time() + 48 * 60 * 60); } if ($_POST['Time'] == '5') { $expTime = date("Y-m-d H:i:s", time() + 168 * 60 * 60); } if ($_POST['Time'] == '6') { $expTime = date("Y-m-d H:i:s", time() + 720 * 60 * 60); } // Common parameters binding $q->bindValue(':hash', $file->get_sha1(), PDO::PARAM_STR); $q->bindValue(':orig', strip_tags($file->name), PDO::PARAM_STR); $q->bindValue(':name', $newname, PDO::PARAM_STR); $q->bindValue(':size', $file->size, PDO::PARAM_INT); $q->bindValue(':date', date('Y-m-d'), PDO::PARAM_STR); $q->bindValue(':exp', $expTime, PDO::PARAM_STR); $q->bindValue(':del', sha1($file->tempfile), PDO::PARAM_STR); $q->execute(); return array('hash' => $file->get_sha1(), 'name' => $file->name, 'url' => POMF_URL . $newname, 'size' => $file->size); } else { throw new Exception('Failed to change file permissions', 500); } } else { throw new Exception('Failed to move file to destination', 500); } }