diff --git a/img/imgup.php b/img/imgup.php deleted file mode 100755 index c5f973c..0000000 --- a/img/imgup.php +++ /dev/null @@ -1,142 +0,0 @@ - - - - - - - - - -<?php echo $websitename; ?> - -

-
- - - - - - - - - - - - - - - - - - - - -
- Allowed Types:
- Max size per file: kb. -
Select File:
Comment:
- -   - -
-
- - - - -
UnPS-GAMA IMGShare
- - diff --git a/img/upload.php b/img/upload.php deleted file mode 100644 index f4df9af..0000000 --- a/img/upload.php +++ /dev/null @@ -1,96 +0,0 @@ -"); - $output = strip_tags($input); - $output = stripslashes($output); - $output = mysql_real_escape_string($output); - $output = strtolower($output); - return $output; - } - - function cln_file_name($string) { - $cln_filename_find=array("/\.[^\.]+$/", "/[^\d\w\s-]/", "/\s\s+/", "/[-]+/", "/[_]+/"); - $cln_filename_repl=array("", ""," ", "-", "_"); - $string=preg_replace($cln_filename_find, $cln_filename_repl, $string); - return trim($string); - } - - function get_ext($name) { - $name = substr(strrchr($key, "."), 1); - return $name; - } - - $location = 'Pictures'; // set upload location - static directory - $extensions = array('png', 'gif', 'jpg', 'jpeg', 'bmp'); // allowed extensions - - echo ' - - - - -
- - To UnPS-GAMA -
'; - - if(!isset($_POST['submit'])) die("You didn't upload anything"); // check if submit has been posted if not then we know no upload is coming - if(!isset($_POST['comment'])){ // check to see if there was a comment, if not print no comment - $comment = "No Comment"; - }else{ - $comment = $_POST['comment']; - } - if(!isset($_SESSION['myusername'])){ // used later when login system is implemented allow anonymous uploads - $username = 'Anonymous Coward'; // a little joke that stems from /. - }else{ - $username = $_SESSION['myusername']; // username is username - } - - $name = $_FILES["file"]["name"]; // shorten these array parts to variables - $type = $_FILES["file"]["type"]; - $size = ($_FILES["file"]["size"] / 1024); // get size of file in Kb - $time = date("d/j/y - g:i:s a"); // current date - time - - $name = cln_file_name($name); - $type = sanatize($type); // people can spoof their mime types to have bad stuff in them - it's a stretch but better safe than sorry - $size = sanatize($size); // just in case the size is not mysql safe clean it anyways - $comment = sanatize($comment); // clean comment as it's user entered data - - $size = round($size, 2)." Kb"; // shorten size to #.## instead of longer - - $file_ext = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION); - if(!in_array($file_ext, $extensions))die("Wrong or no file extension"); // stop the upload if it's wrong - $name = rand().".".$file_ext; - - if (($_FILES["file"]["size"] < 400000000)){ - if ($_FILES["file"]["error"] > 0){ - echo "Return Code: " . $_FILES["file"]["error"] . "
"; - }else{ - if (file_exists("Pictures/" . $name)){ - echo $name." already exists. "; - }else{ - if(preg_match('/php/i', $name) || preg_match('/phtml/i', $name) || preg_match('/htaccess/i', $name)){ - echo $name." is not allowed, sorry about that..."; - }else{ - $sql="INSERT INTO $tbl_name (name, location, type, size, time, comment, username) VALUES ('$name', '$location', '$type', '$size', '$time', '$comment', '$username')"; - $result=mysql_query($sql); - if($result){ - move_uploaded_file($_FILES["file"]["tmp_name"], "Pictures/" . $name); - echo "Stored at: ". $name.""; - }else { - echo "There was a problem trying to upload your file - Could be a database error"; - } - } - } - } - }else{ - die("File too big!"); - } - echo ' -
- - - '; -?>