// Todo:
//
//
include("functions.php");
$_SESSION["status"] = "";
if (date("m",time()) < 4 && date("Y",time()) == 2009) {
$_SESSION["status"] = "
16th Feb 2009: File uploads now working again.
";
}
if ($_GET["logout"] == 1) {
session_destroy();
unset($_SESSION);
header("Location: index.php");
end();
}
$lname = $_POST["loginname"];
$lpass = crypt($_POST["loginpass"],'$1$rasmusle$');
if (empty($lname)) {
$lname = $_SESSION["lname"];
$lpass = $_SESSION["lpass"];
}
if (!empty($lname) && trim($lname) != "") {
$lname = mysql_real_escape_string(strip_tags($lname));
$sql = "SELECT * FROM Users WHERE Name = '$lname';";
$res = querydb($sql);
$num = mysql_num_rows($res);
if ($num == FALSE) {
$sql = "INSERT INTO Users (Name,Passhash,Access) VALUES ('$lname','$lpass','0');";
querydb($sql);
$_SESSION["status"] .= "Requested access for user $lname.";
} else {
$cr = mysql_result($res,0,"Passhash");
if ($lpass == $cr) {
$access = mysql_result($res,0,"Access");
if ($access == 0) {
$_SESSION["status"] .= "Account not active.";
} else {
$_SESSION["lname"] = mysql_result($res,0,"Name");
$_SESSION["lpass"] = $lpass;
}
} else {
$_SESSION["status"] .= "Incorrect password.";
}
}
}
$user = $_SESSION["lname"];
$count = $_POST["outstanding"];
if ($access == 2 && $count > 0) {
for ($i = 0; $i < $count; $i++) {
$ack = $_POST["ack$i"];
$del = $_POST["del$i"];
if (!($ack > 0 && $del > 0)) {
if ($ack > 0) {
$sql = "UPDATE Users SET Access = '1' WHERE ID = '$ack';";
} else {
$sql = "DELETE FROM Users WHERE ID = '$del';";
}
querydb($sql);
}
}
}
$fileid = $_GET["fileid"];
if ($fileid > 0) {
$sql = "SELECT * FROM Contents WHERE ID = '$fileid' AND Hidden = '0';";
$res = querydb($sql);
$num = mysql_num_rows($res);
if ($num === FALSE) {
$_SESSION["status"] .= "File associated with quicklink does not exist or is hidden.";
} else {
$owner = mysql_result($res,0,"User");
$file = mysql_result($res,0,"Name");
$location = "http://www.uptome.co.uk/uploads/$owner/$file";
if (!empty($owner) && !empty($file)) {
header("Location: $location");
} else {
$_SESSION["status"] .= "File associated with quicklink does not exist or is hidden.";
}
}
}
$notallowed = array("php", "asp", "inc");
$uname = $_FILES['uploadfile']['name'];
$e = ext($uname);
$ok = 1;
foreach ($notallowed as $no) {
if ($no == $e) {
$ok = 0;
}
}
if ($ok == 0) {
$_SESSION["status"] .= "Cannot upload files of type .$e.";
} else {
if (!empty($uname) && !empty($user) && trim($uname) != "" && trim($user) != "") {
$dest = $basedir . "/" . $user;
if (!file_exists($dest)) {
mkdir($dest);
}
$file = basename($_FILES['uploadfile']['name']);
$dest .= "/" . $file;
$ufile = $_FILES['uploadfile']['tmp_name'];
$comm = $_POST["uploadcomm"];
$hid = $_POST["uploadhidden"];
if ($hid != "1") {
$hid = "0";
}
if(move_uploaded_file($ufile, $dest)) {
// if(copy($ufile, $dest)) {
$_SESSION["status"] .= "The file $file has been uploaded.";
$date = time();
$comm = mysql_real_escape_string(strip_tags($comm));
$sql = "SELECT * FROM Contents WHERE Name = '$file' AND User = '$user';";
$res = querydb($sql);
if (mysql_num_rows($res) != FALSE) {
$sql = "DELETE FROM Contents WHERE Name = '$file' AND User = '$user';";
querydb($sql);
}
$sql = "INSERT INTO Contents (`Name`,`User`,`Datestamp`,`Comment`,`Hidden`) VALUES ('$file','$user','$date','$comm','$hid');";
querydb($sql);
} else {
$_SESSION["status"] .= "There was an error uploading the file (" . $_FILES['uploadfile']['error'] . "). $dest";
}
}
}
$del = $_GET["del"];
if ($del > 0) {
$sql = "SELECT * FROM Contents WHERE ID = '$del';";
$res = querydb($sql);
$owner = mysql_result($res,0,"User");
$file = $basedir . "/$owner/" . mysql_result($res,0,"Name");
if (file_exists($file) && ($owner == $user || $access == 2)) {
unlink($file);
$sql = "DELETE FROM Contents WHERE ID = '$del';";
querydb($sql);
$_SESSION["status"] .= "File deleted";
}
}
$status = $_SESSION["status"];
?>
//print_r($_FILES);
$page = $_GET["page"];
if (empty($page)) {
$sql = "SELECT * FROM Contents WHERE Hidden = 0 OR User = '$user' ORDER BY Datestamp DESC;";
if ($access == 2) {
$sql = "SELECT * FROM Contents ORDER BY Datestamp DESC;";
}
$res = querydb($sql);
$num = mysql_num_rows($res);
pr("
");
pr(" | Name | ","Size | ","Uploaded | ","Owner | ","Extra | ");
$p[0] = "panelone"; $p[1] = "paneltwo"; $panel = 1; $total = 0;
for ($i = 0; $i < $num; $i++) {
$item = mysql_fetch_array($res);
$owner = $item["User"];
$dest = "uploads/$owner/" . $item["Name"];
$info = stat($dest);
$total += $info[7];
$size = number_format($info[7]);
$panel = 1 - $panel;
$s = $p[$panel];
$ext = ext($item["Name"]);
pr("");
pr("");
$keys = array_keys($ex);
$icon = "unknown";
foreach ($keys as $key) {
$extensions = explode(",",$ex[$key]);
foreach ($extensions as $extension) {
if ($ext == $extension) {
$icon = $key;
}
}
}
pr("");
pr(" | ");
pr("","",$item["Name"],""," | ");
pr("",$size," | ");
$dt = date("d/m/y H:i",$item["Datestamp"]);
pr("",$dt," | ");
pr("",$owner," | ");
pr("");
$id = $item["ID"];
if ($owner == $user || $access >= 2) {
pr(" ");
} else {
pr("");
}
if ($item["Hidden"] == 1) {
pr(" ");
} else {
pr(" ");
}
// pr(" ");
if ($item["Hidden"] == "0") {
pr(" ");
} else {
pr("");
}
pr(" | ");
pr("
");
}
$total = number_format($total);
pr(" | "," | ","$total | "," | "," | "," | ");
pr("
");
} else if ($page == "info") {
include("info.php");
} // $page endif
?>
UpToMe
beta
browse |
faqs |
contact
if (!empty($user)) {
?>
Logged in as:
Log out
if ($access == 2) {
$sql = "SELECT * FROM Users WHERE Access = '0' ORDER BY Name;";
$res = querydb($sql);
$num = mysql_num_rows($res);
if ($num != FALSE) {
pr("
","Outstanding requests
","(One tick per user)");
pr("
");
}
}
} else {
?>
Log in / Request account
}
?>
unset($_SESSION["status"]);
closedb();
?>