personal-website/docs/www/fileupload.php
2024-05-13 18:56:31 +02:00

52 lines
1.5 KiB
PHP

<?php
$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
include_once($COMMONS."/header.php");
// If the user does not have the 1000 0000 permission,
// throw a 403: Forbidden error.
if (!isset($_COOKIE["PHPSESSID"]) ||
!(bool)($_SESSION["current_user"]->permissions & 128)) {
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
include_once($COMMONS."/footer.php");
die();
}
display_header("Upload a file.");
if(isset($_POST["submit"])) {
$uploadDir = '/srv/http/assets/upload/';
$firstDir = bin2hex(random_bytes(16));
$secondDir = bin2hex(random_bytes(16));
$filename = bin2hex(random_bytes(16));
$combinedPath = $firstDir."/".$secondDir."/".$filename;
mkdir($uploadDir.$firstDir, 0774);
mkdir($uploadDir.$firstDir."/".$secondDir, 0774);
echo "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'],
$uploadDir.$combinedPath)) {
echo "File is valid, and was successfully uploaded.\n";
printf("location: assets.zdenekborovec.cz/upload/%s", $combinedPath);
} else {
echo "File upload failed.\n";
}
echo "</pre>";
}
?>
<!-- The data encoding type, enctype, MUST be specified as below -->
<form method="post" enctype="multipart/form-data" action="<?php
htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<!-- Name of input element determines name in $_FILES array -->
<label for="userfile">Send this file:</label>
<input name="userfile" type="file">
<input name="submit" type="submit" value="Send File">
</form>
<?php
include_once($COMMONS."/footer.php");
?>