Filopplasting/upload.php
2023-12-03 16:53:27 +01:00

70 lines
1.8 KiB
PHP
Executable File

<?php
session_start();
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
$public_url = 'https://filer.trygve.net/';
if(isset($_FILES['file'])) {
$file = $_FILES['file'];
$fileName = $_FILES['file']['name'];
$file_name = $file['name'];
$file_tmp = $file['tmp_name'];
$file_size = $file['size'];
$file_error = $file['error'];
$fileError = $_FILES['file']['error'];
$_SESSION['filename'] = $fileName;
$fileExt = explode('.', $fileName);
$fileActualExt = strtolower(end($fileExt));
$banned = array('php', 'js', 'php5', 'pht', 'phtml', 'shtml', 'asa', 'cer', 'asax', 'swf');
$allowed = array('zip', 'gz', 'tar', 'png', 'jpg', 'bmp', 'html', 'htm');
foreach ($banned as $url) {
if (strpos($fileActualExt, $url) !== FALSE) {
$fileError = 2;
}
}
if ($file_name === 'index.htm' || $file_name === 'index.html') {
$fileError = 2;
}
if (!empty($_POST['new_filename'])) {
$file_name = $_POST['new_filename'] . '.' .$fileActualExt;
}
if ($_POST['public'] == True) {
$file_destination = 'offentlig/' . $file_name;
}
else {
$file_destination = 'privat/' . $file_name;
}
if($fileError == 0)
{
if(move_uploaded_file($file_tmp, $file_destination))
{
$path = $public_url . $file_destination;
$filLink = '<a href=" ' . $path . '">' . $path . '</a>';
$buttonData = 'Filen ble lastet opp! <a href="' . $filLink . '" class="btn btn-info">Kopier lenke</a>';
$_SESSION['linkData'] = 'Filen ble lastet opp! ' . $filLink;
$_SESSION['link'] = $path;
$_SESSION['fileupload-response'] = 'success';
}
}
elseif($fileError === 2)
{
$_SESSION['fileupload-response'] = 'banned';
}
else
{
$_SESSION['fileupload-response'] = 'failed';
}
}
header("location:/");
?>