Untitled

mail@pastecode.io avatarunknown
plain_text
a month ago
3.2 kB
1
Indexable
Never
HTTP/1.1 200 OK
Date: Tue, 29 Aug 2023 07:48:15 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Disposition: attachment; filename= ../upload_process.php
Content-Length: 2735
Connection: close
Content-Type: application/download

<?php
include './core/configuration.php';

session_start();

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);


// Check if user is not logged in, redirect to login page if true
if (!isset($_SESSION['id'])) {
    header("Location: ./");
    exit();
}

if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["filesubmit"])) {

    $session_id = $_SESSION['id'];

    $filename = $_FILES["fileUpload"]["name"];

    $fileexplode = explode('.', $filename);

    if(count($fileexplode) === 3) {
      if($fileexplode[2] !== "txt"){$_SESSION['error']="Sorry, only TXT files are allowed";header("Location: dashboard.php");exit();}
    }

    if($fileexplode[1] !== "txt"){$_SESSION['error']="Sorry, only TXT files are allowed";header("Location: dashboard.php");exit();}
 
    //exit();
    // Create a prepared statement
    $query = "SELECT * FROM data WHERE filename = ?";
    $stmt = $mysqli->prepare($query);

    // Bind the parameter
    $stmt->bind_param("s", $filename);

    // Execute the statement
    $stmt->execute();

    // Store the result
    $result = $stmt->get_result();

    if ($result->num_rows > 0) {
        $_SESSION['error']="File exists in the database";
        header("Location: dashboard.php");
    }

    $targetDir = "upload/";
    $targetFile = $targetDir . basename($_FILES["fileUpload"]["name"]);
    $uploadOk = 1;
    $fileType = strtolower(pathinfo($targetFile, PATHINFO_EXTENSION));

    //exit();
    // Check if the uploaded file is a txt file
    if ($fileType !== "txt") {
        $_SESSION['error'] = "Sorry, only TXT files are allowed.";
        //$uploadOk = 0;
        header("Location: dashboard.php");
    }

    // Check file size
    if ($_FILES["fileUpload"]["size"] > 500000) {
        $_SESSION['error'] = "Sorry, your file is too large.";
        $uploadOk = 0;
        header("Location: dashboard.php");
    }

    // Check if $uploadOk is set to 0 by an error
    if ($uploadOk == 0) {
        $_SESSION['error'] =  "Sorry, your file was not uploaded.";
        header("Location: dashboard.php");
    } else {
        if (move_uploaded_file($_FILES["fileUpload"]["tmp_name"], $targetFile)) {
            $_SESSION['error'] = "The file ". htmlentities(basename( $_FILES["fileUpload"]["name"])). " has been uploaded.";
            $sql = "INSERT INTO data (filename,pk) VALUES (?,?)";
            $stmt = $mysqli->prepare($sql);
            $stmt->bind_param("ss", $filename,$_SESSION['id']);
            $stmt->execute();
            header("Location: dashboard.php");

        } else {
            $_SEESION['error'] = "Sorry, there was an error uploading your file.";
            header("Location: dashboard.php");
        }
    }

}
?>