54 lines
1.6 KiB
PHP
54 lines
1.6 KiB
PHP
<?php
|
|
$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
|
|
|
|
include_once($COMMONS."/header.php");
|
|
|
|
// If the user does not have the 1000 0000 permission,
|
|
// throw a 403: Forbidden error.
|
|
if (!isset($_COOKIE["PHPSESSID"]) ||
|
|
!(bool)($_SESSION["current_user"]->permissions & 128)) {
|
|
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
|
|
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
|
|
include_once($COMMONS."/footer.php");
|
|
die();
|
|
}
|
|
|
|
display_header("Upload a file.");
|
|
|
|
if(isset($_POST["submit"])) {
|
|
$uploadDir = '/srv/http/assets/upload/';
|
|
$firstDir = bin2hex(random_bytes(16));
|
|
$secondDir = bin2hex(random_bytes(16));
|
|
$filename = bin2hex(random_bytes(16));
|
|
$extension = pathinfo($_FILES['userfile']['name'], PATHINFO_EXTENSION);;
|
|
$combinedPath = $firstDir."/".$secondDir."/".$filename.".".$extension;
|
|
|
|
mkdir($uploadDir.$firstDir, 0774);
|
|
mkdir($uploadDir.$firstDir."/".$secondDir, 0774);
|
|
|
|
echo "<pre>";
|
|
if (move_uploaded_file($_FILES['userfile']['tmp_name'],
|
|
$uploadDir.$combinedPath)) {
|
|
echo "File is valid, and was successfully uploaded.\n";
|
|
printf("location: https://assets.zdenekborovec.cz/upload/%s",
|
|
$combinedPath);
|
|
} else {
|
|
echo "File upload failed.\n";
|
|
}
|
|
echo "</pre>";
|
|
}
|
|
|
|
?>
|
|
|
|
<!-- The data encoding type, enctype, MUST be specified as below -->
|
|
<form method="post" enctype="multipart/form-data" action="<?php
|
|
htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
|
|
<!-- Name of input element determines name in $_FILES array -->
|
|
<label for="userfile">Send this file:</label>
|
|
<input name="userfile" type="file">
|
|
<input name="submit" type="submit" value="Send File">
|
|
</form>
|
|
|
|
<?php
|
|
include_once($COMMONS."/footer.php");
|
|
?>
|