';
// validation bits
$filesize = $_FILES['imgfile']['size'];
$tmpfile = $_FILES['imgfile']['tmp_name'];
$filename = $_FILES['imgfile']['name'];
$contenttype = $_FILES['imgfile']['type'];
$extension = pathinfo($_FILES['imgfile']['name']);
$extension = strtolower($extension[extension]);
if($filesize == 0) $error .= "Please specify a file to upload. ";
else {
// check extension/mimetype
$valid_mime_types = array();
$skipmime = FALSE;
foreach($valid_file_types AS $value) {
if($value[0] == $extension) {
if($value[1] == "{IGNORE}") $skipmime = TRUE;
$valid_mime_types[] = $value[1];
}
}
if($skipmime == FALSE) {
if(COUNT($valid_mime_types) == 0) $error .= "File types of '".$extension."' can not be uploaded to the site, please go here for all the valid file types. ";
else {
if(!in_array($contenttype, $valid_mime_types)) {
$error .= "File does not appear to be a supported type (".$contenttype."). Please try another format. ";
}
}
}
// max upload size
if($_SESSION[sess_memtype] == "premium") $max = $pre_max_upload_size;
else $max = $noa_max_upload_size;
// if not unlimited max upload size continue
if($max != 0) {
if($filesize > $max) $error .= "Uploaded file is greater than the maximum filesize. (".display_size($max).") ";
}
// check that user has not reached their upload limits
if($_SESSION[sess_memtype] == "premium") $max = $pre_max_storage_size;
else $max = $noa_max_storage_size;
// if not unlimited max upload size continue
if($max != 0) {
$userip = $_SERVER['REMOTE_ADDR'];
if($_SESSION[sess_loggedin] == TRUE) $get_total = mysql_query("SELECT SUM(filesize) AS total FROM files WHERE userid = ".$_SESSION[sess_userid]);
else $get_total = mysql_query("SELECT SUM(filesize) AS total FROM files WHERE originalip = '".preparedata($userip)."'");
$total = mysql_result($get_total, 0, total);
if($total > $max) $error .= "You have exceeded the upload quota. (".display_size($max).") To increase this, please signup for a premium account by clicking here or upgrading through your existing account. ";
}
}
if(strlen($error) > 0) echo "ERROR:
".$error."
back";
else {
$uploaddir = 'storage/';
$newfilename = MakeRandomString(29) . "." . $extension;
$imgdesc = $_POST['imgdesc'];
$uploadfile = $uploaddir . $newfilename;
if (!move_uploaded_file($_FILES['imgfile']['tmp_name'], $uploadfile)) {
$error .= "Could not upload file, please try again later. ";
echo $error;
}
else {
// add to db
$userip = $_SERVER['REMOTE_ADDR'];
// check for refreshes
if($_SESSION[sess_loggedin] == TRUE) $check_file = "SELECT id FROM files WHERE mimetype = '".preparedata($contenttype)."' AND originalfilename = '".preparedata($filename)."' AND filesize = '".preparedata($filesize)."' AND description='".preparedata($imgdesc)."' AND userid='".$_SESSION[sess_userid]."' LIMIT 1";
else $check_file = "SELECT id FROM files WHERE mimetype = '".preparedata($contenttype)."' AND originalfilename = '".preparedata($filename)."' AND filesize = '".preparedata($filesize)."' AND description='".preparedata($imgdesc)."' AND originalip='".preparedata($userip)."' LIMIT 1";
$do_check_file = @mysql_query($check_file);
if($do_check_file) {
if(mysql_numrows($do_check_file) > 0) {
$error .= "It looks like you've already added this file, please go back and upload a different one. ";
unlink($uploadfile);
}
}
if(strlen($error) > 0) echo "ERROR:
".$error."
back";
else {
$tracker = MakeRandomString(29);
if($_SESSION[sess_loggedin] == TRUE) {
$folder = $_POST['folder'];
$foldernew = trim($_POST['foldernew']);
if(strlen($foldernew) > 0) {
$check_folder = mysql_query("SELECT id FROM folders WHERE foldername = '".preparedata($foldernew)."' AND userid = ".$_SESSION[sess_userid]." LIMIT 1");
if(mysql_numrows($check_folder) == 1) {
$folder = mysql_result($check_folder, 0, id);
}
else {
$insert_folder = mysql_query("INSERT INTO folders (userid, foldername) VALUES (".$_SESSION[sess_userid].", '".preparedata($foldernew)."')");
if($insert_folder) $folder = mysql_insert_id();
else $error .= "There was a problem adding the new folder, please try again later.";
}
}
$insert_file = "INSERT INTO files (dateadded, mimetype, originalfilename, originalext, filename, filesize, description, originalip, lastaccessed, tracker, userid, userfolder) VALUES (NOW(), '".preparedata($contenttype)."', '".preparedata($filename)."', '".preparedata($extension)."', '".preparedata($newfilename)."', '".preparedata($filesize)."', '".preparedata($imgdesc)."', '".preparedata($userip)."', NOW(), '".preparedata($tracker)."', ".$_SESSION[sess_userid].", ".$folder.")";
}
else $insert_file = "INSERT INTO files (dateadded, mimetype, originalfilename, originalext, filename, filesize, description, originalip, lastaccessed, tracker) VALUES (NOW(), '".preparedata($contenttype)."', '".preparedata($filename)."', '".preparedata($extension)."', '".preparedata($newfilename)."', '".preparedata($filesize)."', '".preparedata($imgdesc)."', '".preparedata($userip)."', NOW(), '".preparedata($tracker)."')";
$do_insert_file = @mysql_query($insert_file);
$item_id = mysql_insert_id();
if(!$do_insert_file) $error .= "Can not update the database, please try again later or contact support.";
else {
echo "CONGRATULATIONS!
";
echo "Your file has now been uploaded to ".$site_name." and is ready for linking. ";
$originalfilename = $filename;
include_once("link_code.inc.php");
}
}
}
}
echo ' |
';
}
else {
?>