<?php
session_start();
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');

$public_url = 'https://filer.trygve.net/';

if(isset($_FILES['file'])) {
  $file = $_FILES['file'];
  $fileName = $_FILES['file']['name'];
  $file_name = $file['name'];
  $file_tmp = $file['tmp_name'];
  $file_size = $file['size'];
  $file_error = $file['error'];
  $fileError = $_FILES['file']['error'];
  $_SESSION['filename'] = $fileName;


  $fileExt = explode('.', $fileName);
  $fileActualExt = strtolower(end($fileExt));

  $banned = array('php', 'js', 'php5', 'pht', 'phtml', 'shtml', 'asa', 'cer', 'asax', 'swf');
  $allowed = array('zip', 'gz', 'tar', 'png', 'jpg', 'bmp', 'html', 'htm');

  foreach ($banned as $url) {
      if (strpos($fileActualExt, $url) !== FALSE) {
          $fileError = 2;
      }
  }

  if ($file_name === 'index.htm' || $file_name === 'index.html') {
      $fileError = 2;
  }

  if (!empty($_POST['new_filename'])) {
    $file_name = $_POST['new_filename'] . '.' .$fileActualExt;
  }

  if ($_POST['public'] == True) {
    $file_destination = 'offentlig/' . $file_name;
  }
  else {
    $file_destination = 'privat/' . $file_name;
  }

  if($fileError == 0) 
  {
    if(move_uploaded_file($file_tmp, $file_destination))
    {
      $path = $public_url . $file_destination;
      $filLink = '<a href=" ' . $path . '">' . $path . '</a>';
      $buttonData = 'Filen ble lastet opp! <a href="' . $filLink . '" class="btn btn-info">Kopier lenke</a>';
      $_SESSION['linkData'] = 'Filen ble lastet opp! ' . $filLink;
      $_SESSION['link'] = $path;
      $_SESSION['fileupload-response'] = 'success';
    }
  }
  elseif($fileError === 2)
  {
    $_SESSION['fileupload-response'] = 'banned';
  }
  else
  {
    $_SESSION['fileupload-response'] = 'failed';
  }
}

header("location:/");
?>