'; // validation bits $filesize = $_FILES['imgfile']['size']; $tmpfile = $_FILES['imgfile']['tmp_name']; $filename = $_FILES['imgfile']['name']; $contenttype = $_FILES['imgfile']['type']; $extension = pathinfo($_FILES['imgfile']['name']); $extension = strtolower($extension[extension]); if($filesize == 0) $error .= "Please specify a file to upload.
"; else { // check extension/mimetype $valid_mime_types = array(); $skipmime = FALSE; foreach($valid_file_types AS $value) { if($value[0] == $extension) { if($value[1] == "{IGNORE}") $skipmime = TRUE; $valid_mime_types[] = $value[1]; } } if($skipmime == FALSE) { if(COUNT($valid_mime_types) == 0) $error .= "File types of '".$extension."' can not be uploaded to the site, please go here for all the valid file types.
"; else { if(!in_array($contenttype, $valid_mime_types)) { $error .= "File does not appear to be a supported type (".$contenttype."). Please try another format.
"; } } } // max upload size if($_SESSION[sess_memtype] == "premium") $max = $pre_max_upload_size; else $max = $noa_max_upload_size; // if not unlimited max upload size continue if($max != 0) { if($filesize > $max) $error .= "Uploaded file is greater than the maximum filesize. (".display_size($max).")
"; } // check that user has not reached their upload limits if($_SESSION[sess_memtype] == "premium") $max = $pre_max_storage_size; else $max = $noa_max_storage_size; // if not unlimited max upload size continue if($max != 0) { $userip = $_SERVER['REMOTE_ADDR']; if($_SESSION[sess_loggedin] == TRUE) $get_total = mysql_query("SELECT SUM(filesize) AS total FROM files WHERE userid = ".$_SESSION[sess_userid]); else $get_total = mysql_query("SELECT SUM(filesize) AS total FROM files WHERE originalip = '".preparedata($userip)."'"); $total = mysql_result($get_total, 0, total); if($total > $max) $error .= "You have exceeded the upload quota. (".display_size($max).") To increase this, please signup for a premium account by clicking here or upgrading through your existing account.
"; } } if(strlen($error) > 0) echo "ERROR:

".$error."

back"; else { $uploaddir = 'storage/'; $newfilename = MakeRandomString(29) . "." . $extension; $imgdesc = $_POST['imgdesc']; $uploadfile = $uploaddir . $newfilename; if (!move_uploaded_file($_FILES['imgfile']['tmp_name'], $uploadfile)) { $error .= "Could not upload file, please try again later.
"; echo $error; } else { // add to db $userip = $_SERVER['REMOTE_ADDR']; // check for refreshes if($_SESSION[sess_loggedin] == TRUE) $check_file = "SELECT id FROM files WHERE mimetype = '".preparedata($contenttype)."' AND originalfilename = '".preparedata($filename)."' AND filesize = '".preparedata($filesize)."' AND description='".preparedata($imgdesc)."' AND userid='".$_SESSION[sess_userid]."' LIMIT 1"; else $check_file = "SELECT id FROM files WHERE mimetype = '".preparedata($contenttype)."' AND originalfilename = '".preparedata($filename)."' AND filesize = '".preparedata($filesize)."' AND description='".preparedata($imgdesc)."' AND originalip='".preparedata($userip)."' LIMIT 1"; $do_check_file = @mysql_query($check_file); if($do_check_file) { if(mysql_numrows($do_check_file) > 0) { $error .= "It looks like you've already added this file, please go back and upload a different one.
"; unlink($uploadfile); } } if(strlen($error) > 0) echo "ERROR:

".$error."

back"; else { $tracker = MakeRandomString(29); if($_SESSION[sess_loggedin] == TRUE) { $folder = $_POST['folder']; $foldernew = trim($_POST['foldernew']); if(strlen($foldernew) > 0) { $check_folder = mysql_query("SELECT id FROM folders WHERE foldername = '".preparedata($foldernew)."' AND userid = ".$_SESSION[sess_userid]." LIMIT 1"); if(mysql_numrows($check_folder) == 1) { $folder = mysql_result($check_folder, 0, id); } else { $insert_folder = mysql_query("INSERT INTO folders (userid, foldername) VALUES (".$_SESSION[sess_userid].", '".preparedata($foldernew)."')"); if($insert_folder) $folder = mysql_insert_id(); else $error .= "There was a problem adding the new folder, please try again later."; } } $insert_file = "INSERT INTO files (dateadded, mimetype, originalfilename, originalext, filename, filesize, description, originalip, lastaccessed, tracker, userid, userfolder) VALUES (NOW(), '".preparedata($contenttype)."', '".preparedata($filename)."', '".preparedata($extension)."', '".preparedata($newfilename)."', '".preparedata($filesize)."', '".preparedata($imgdesc)."', '".preparedata($userip)."', NOW(), '".preparedata($tracker)."', ".$_SESSION[sess_userid].", ".$folder.")"; } else $insert_file = "INSERT INTO files (dateadded, mimetype, originalfilename, originalext, filename, filesize, description, originalip, lastaccessed, tracker) VALUES (NOW(), '".preparedata($contenttype)."', '".preparedata($filename)."', '".preparedata($extension)."', '".preparedata($newfilename)."', '".preparedata($filesize)."', '".preparedata($imgdesc)."', '".preparedata($userip)."', NOW(), '".preparedata($tracker)."')"; $do_insert_file = @mysql_query($insert_file); $item_id = mysql_insert_id(); if(!$do_insert_file) $error .= "Can not update the database, please try again later or contact support."; else { echo "CONGRATULATIONS!

"; echo "Your file has now been uploaded to ".$site_name." and is ready for linking. "; $originalfilename = $filename; include_once("link_code.inc.php"); } } } } echo ''; } else { ?>

Use the form below to upload your file to . Multiple file uploader tool here. Please note the following before uploading: Max File Size: . No copyrighted files. By uploading you are agreeing to the Terms of Service. Select your file: (max - supported files) "; echo "Choose folder: "; echo ""; $get_folders = mysql_query("SELECT id, foldername FROM folders WHERE userid = ".$_SESSION[sess_userid]); while($row2 = mysql_fetch_array($get_folders)) { echo "".$row2[foldername].""; } echo " "; echo "or add new: "; echo ""; echo ""; } ?> Enter a description: (optional) Upload now: or use the Multiple File Uploader Tool.