View file Spiderwap.in File Hosting/upload.php

World Fastest and Cheapest Hosting
Buy Cheapest Web Domains
File size: 5.76Kb 
<?php
require ('sys/config.php');
session_start();
set_time_limit(0);
$kats = $sql->query('SELECT * FROM `cat`');
if($kats->num_rows==0){
$smarty->assign('title','Upoading prohibited');
$smarty->assign('error','Downloading files is prohibited');
$smarty->assign('back','index.php');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');
}

class upfile {
	var $type,$name,$ext,$size,$tmp;
	function upfile($file){
	$this->type = $file['type'];
	$this->size = $file['size'];
	$this->ext = strtolower(PATHINFO($file['name'],PATHINFO_EXTENSION));
	$this->name = str_replace('.'.$this->ext,'',$file['name']);
	$this->tmp = $file['tmp_name'];
	}
}


if(!isset($_POST['add']))
{
$_SESSION['mt1'] = mt_rand(11,99);
$_SESSION['mt2'] = mt_rand(11,99);

while($cats = $kats->fetch_assoc())$cat[] = $cats;
$smarty->assign('title','Upload file');
$smarty->assign('file',$cat);
$smarty->display('header.tpl');
$smarty->display('upload.tpl');
$smarty->display('footer.tpl');
} else {

$_POST['name'] = fil($_POST['name'],'str');
$_POST['opis'] = fil($_POST['opis'],'str');
$_POST['cat'] = fil($_POST['cat'],'int');
$file = new upfile($_FILES['file']);

if(empty($_POST['name']) && (!preg_match('|^[a-zA-Z0-9\ \_\.\(\)]+$|si',$file->name) || mb_strlen($file->name)<3 || mb_strlen($file->name)>30)){
	$error = 'File Name can contain only alphabetical characters and tsifry.Vernises back and rename the file or type the name manually in the mentioned field';}
if($sql->result('SELECT COUNT(*) FROM `cat` WHERE `id`="'.$_POST['cat'].'"')==0){
	$error = 'This category does not exist';}
if(!empty($_POST['opis']) && (mb_strlen($_POST['opis'])<3 || mb_strlen($_POST['opis'])>255)){
	$error = 'Description length must be between 3 and 255 characters';}
if(!empty($_POST['name']) && (mb_strlen($_POST['name'])<3 || mb_strlen($_POST['name'])>50)){
	$error = 'The length of the name must be between 3 and 50 characters';}

	$yes = $sql->query('SELECT `ros`,`max`,`user` FROM `cat` WHERE `id`="'.$_POST['cat'].'"')->fetch_assoc();

if(!in_array($file->ext,split(',',$yes['ros']))){
	$error = 'File of this format is prohibited for download in this category';}
if($file->size/1024>$yes['max']){
	$error = 'Maximum file size for this section '.$yes['max'].' Kb';}

if(!is_uploaded_file($file->tmp)){
	$error = 'File not uploaded';}

if(empty($user['id']) && $_POST['kod']!=$_SESSION['mt1'].$_SESSION['mt2']){
$err = 'Code from the picture is incorrect';}

if($yes['user']==0){
	$error = 'The error in this section is prohibited to upload files';}
elseif($yes['user']==1 && !isset($user)){
	$error = 'Only registered users can upload files in this section<br/><a href="/reg.php">Registration</a>
	<br/><a href="/enter.php">Login</a>';}

if(isset($error)){
$smarty->assign('title','Error');
$smarty->assign('error',$error);
$smarty->assign('back','/upload.php');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');
}  else {

$real = strtolower($_SERVER['HTTP_HOST']).'_'.md5(time().mt_rand(11111,99999)).'.'.$file->ext;
$us_id = isset($user['id'])?$user['id']:'00';
$na_file = !empty($_POST['name'])?$_POST['name']:$file->name;
$pass = !empty($_POST['pass'])?md5($_POST['pass']):'';

if(is_uploaded_file($_FILES['scrin']['tmp_name'])){
if(!in_array(strtolower(PATHINFO($_FILES['scrin']['name'],PATHINFO_EXTENSION)),array('jpg','png','gif'))){
$smarty->assign('title','Error');
$smarty->assign('error','Prohibited format screenshot');
$smarty->assign('back','/upload.php');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl'); }
if(($_FILES['scrin']['size']/1024)>300){
$smarty->assign('title','Error');
$smarty->assign('error','he maximum size of 300KB ScreenshotT');
$smarty->assign('back','/upload.php');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl'); }
if(!move_uploaded_file($_FILES['scrin']['tmp_name'],'screens/'.$real.'.'.strtolower(PATHINFO($_FILES['scrin']['name'],PATHINFO_EXTENSION)))){
$smarty->assign('title','Error');
$smarty->assign('error','There was an error, contact your administrator');
$smarty->assign('back','/upload.php');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');}
}
$add = !empty($_FILES['scrin']['tmp_name'])?strtolower(PATHINFO($_FILES['scrin']['name'],PATHINFO_EXTENSION)):'';
if(!move_uploaded_file($file->tmp,'files/'.$real)){
$smarty->assign('title','Error');
$smarty->assign('error','There was an error, contact your administrator');
$smarty->assign('back','/upload.php');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');} else {
if($sql->query('INSERT INTO `files` SET
`cat_id`="'.$_POST['cat'].'",
`user_id`="'.$us_id.'",
`name`="'.$na_file.'",
`opis`="'.$_POST['opis'].'",
`real`="'.$real.'",
`add`="'.$add.'",
`time`="'.time().'",
`pass`="'.$pass.'",
`size`="'.$file->size.'",
`ext`="'.$file->ext.'"')){
$id = $sql->insert_id;

if($us_id!='00'){
$bals = $sql->query('SELECT `balls` FROM `config`')->fetch_assoc();
$sql->query('UPDATE `acc` SET `balls`=`balls`+"'.$bals['balls'].'",`lastfile`="'.time().'" WHERE `id`="'.$user['id'].'" ');
}
$smarty->assign('title','Finish');
$smarty->assign('back','/file-'.$id);
$smarty->assign('ok','File successfully uploaded');
$smarty->assign('nz','Back to File');
$smarty->display('header.tpl');
$smarty->display('ok.tpl');
$smarty->display('footer.tpl');
} else {
$smarty->assign('title','Error');
$smarty->assign('error','There was an error, contact your administrator');
$smarty->assign('back','/upload.php');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');

}
}
}

}

?>