Untitled
plain_text
a month ago
3.2 kB
1
Indexable
Never
HTTP/1.1 200 OK Date: Tue, 29 Aug 2023 07:48:15 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Content-Disposition: attachment; filename= ../upload_process.php Content-Length: 2735 Connection: close Content-Type: application/download <?php include './core/configuration.php'; session_start(); ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); // Check if user is not logged in, redirect to login page if true if (!isset($_SESSION['id'])) { header("Location: ./"); exit(); } if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["filesubmit"])) { $session_id = $_SESSION['id']; $filename = $_FILES["fileUpload"]["name"]; $fileexplode = explode('.', $filename); if(count($fileexplode) === 3) { if($fileexplode[2] !== "txt"){$_SESSION['error']="Sorry, only TXT files are allowed";header("Location: dashboard.php");exit();} } if($fileexplode[1] !== "txt"){$_SESSION['error']="Sorry, only TXT files are allowed";header("Location: dashboard.php");exit();} //exit(); // Create a prepared statement $query = "SELECT * FROM data WHERE filename = ?"; $stmt = $mysqli->prepare($query); // Bind the parameter $stmt->bind_param("s", $filename); // Execute the statement $stmt->execute(); // Store the result $result = $stmt->get_result(); if ($result->num_rows > 0) { $_SESSION['error']="File exists in the database"; header("Location: dashboard.php"); } $targetDir = "upload/"; $targetFile = $targetDir . basename($_FILES["fileUpload"]["name"]); $uploadOk = 1; $fileType = strtolower(pathinfo($targetFile, PATHINFO_EXTENSION)); //exit(); // Check if the uploaded file is a txt file if ($fileType !== "txt") { $_SESSION['error'] = "Sorry, only TXT files are allowed."; //$uploadOk = 0; header("Location: dashboard.php"); } // Check file size if ($_FILES["fileUpload"]["size"] > 500000) { $_SESSION['error'] = "Sorry, your file is too large."; $uploadOk = 0; header("Location: dashboard.php"); } // Check if $uploadOk is set to 0 by an error if ($uploadOk == 0) { $_SESSION['error'] = "Sorry, your file was not uploaded."; header("Location: dashboard.php"); } else { if (move_uploaded_file($_FILES["fileUpload"]["tmp_name"], $targetFile)) { $_SESSION['error'] = "The file ". htmlentities(basename( $_FILES["fileUpload"]["name"])). " has been uploaded."; $sql = "INSERT INTO data (filename,pk) VALUES (?,?)"; $stmt = $mysqli->prepare($sql); $stmt->bind_param("ss", $filename,$_SESSION['id']); $stmt->execute(); header("Location: dashboard.php"); } else { $_SEESION['error'] = "Sorry, there was an error uploading your file."; header("Location: dashboard.php"); } } } ?>