personal-website/docs/www/fileupload.php

55 lines
1.6 KiB
PHP
Raw Normal View History

2024-05-08 12:58:57 +02:00
<?php
2024-05-10 17:20:25 +02:00
$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
include_once($COMMONS."/header.php");
2024-05-08 12:58:57 +02:00
// If the user does not have the 1000 0000 permission,
// throw a 403: Forbidden error.
2024-05-13 18:56:31 +02:00
if (!isset($_COOKIE["PHPSESSID"]) ||
!(bool)($_SESSION["current_user"]->permissions & 128)) {
2024-05-08 12:58:57 +02:00
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
2024-05-10 17:20:25 +02:00
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
include_once($COMMONS."/footer.php");
2024-05-08 12:58:57 +02:00
die();
}
display_header("Upload a file.");
if(isset($_POST["submit"])) {
$uploadDir = '/srv/http/assets/upload/';
$firstDir = bin2hex(random_bytes(16));
$secondDir = bin2hex(random_bytes(16));
$filename = bin2hex(random_bytes(16));
2024-06-23 05:41:18 +02:00
$extension = pathinfo($_FILES['userfile']['name'], PATHINFO_EXTENSION);;
$combinedPath = $firstDir."/".$secondDir."/".$filename.".".$extension;
2024-05-08 12:58:57 +02:00
mkdir($uploadDir.$firstDir, 0774);
mkdir($uploadDir.$firstDir."/".$secondDir, 0774);
echo "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'],
$uploadDir.$combinedPath)) {
echo "File is valid, and was successfully uploaded.\n";
printf("location: https://assets.zdenekborovec.cz/upload/%s",
$combinedPath);
2024-05-08 12:58:57 +02:00
} else {
echo "File upload failed.\n";
}
echo "</pre>";
}
?>
<!-- The data encoding type, enctype, MUST be specified as below -->
<form method="post" enctype="multipart/form-data" action="<?php
htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<!-- Name of input element determines name in $_FILES array -->
<label for="userfile">Send this file:</label>
<input name="userfile" type="file">
<input name="submit" type="submit" value="Send File">
</form>
2024-05-10 17:20:25 +02:00
<?php
include_once($COMMONS."/footer.php");
?>