16th Feb 2009: File uploads now working again."; } if ($_GET["logout"] == 1) { session_destroy(); unset($_SESSION); header("Location: index.php"); end(); } $lname = $_POST["loginname"]; $lpass = crypt($_POST["loginpass"],'$1$rasmusle$'); if (empty($lname)) { $lname = $_SESSION["lname"]; $lpass = $_SESSION["lpass"]; } if (!empty($lname) && trim($lname) != "") { $lname = mysql_real_escape_string(strip_tags($lname)); $sql = "SELECT * FROM Users WHERE Name = '$lname';"; $res = querydb($sql); $num = mysql_num_rows($res); if ($num == FALSE) { $sql = "INSERT INTO Users (Name,Passhash,Access) VALUES ('$lname','$lpass','0');"; querydb($sql); $_SESSION["status"] .= "Requested access for user $lname."; } else { $cr = mysql_result($res,0,"Passhash"); if ($lpass == $cr) { $access = mysql_result($res,0,"Access"); if ($access == 0) { $_SESSION["status"] .= "Account not active."; } else { $_SESSION["lname"] = mysql_result($res,0,"Name"); $_SESSION["lpass"] = $lpass; } } else { $_SESSION["status"] .= "Incorrect password."; } } } $user = $_SESSION["lname"]; $count = $_POST["outstanding"]; if ($access == 2 && $count > 0) { for ($i = 0; $i < $count; $i++) { $ack = $_POST["ack$i"]; $del = $_POST["del$i"]; if (!($ack > 0 && $del > 0)) { if ($ack > 0) { $sql = "UPDATE Users SET Access = '1' WHERE ID = '$ack';"; } else { $sql = "DELETE FROM Users WHERE ID = '$del';"; } querydb($sql); } } } $fileid = $_GET["fileid"]; if ($fileid > 0) { $sql = "SELECT * FROM Contents WHERE ID = '$fileid' AND Hidden = '0';"; $res = querydb($sql); $num = mysql_num_rows($res); if ($num === FALSE) { $_SESSION["status"] .= "File associated with quicklink does not exist or is hidden."; } else { $owner = mysql_result($res,0,"User"); $file = mysql_result($res,0,"Name"); $location = "http://www.uptome.co.uk/uploads/$owner/$file"; if (!empty($owner) && !empty($file)) { header("Location: $location"); } else { $_SESSION["status"] .= "File associated with quicklink does not exist or is hidden."; } } } $notallowed = array("php", "asp", "inc"); $uname = $_FILES['uploadfile']['name']; $e = ext($uname); $ok = 1; foreach ($notallowed as $no) { if ($no == $e) { $ok = 0; } } if ($ok == 0) { $_SESSION["status"] .= "Cannot upload files of type .$e."; } else { if (!empty($uname) && !empty($user) && trim($uname) != "" && trim($user) != "") { $dest = $basedir . "/" . $user; if (!file_exists($dest)) { mkdir($dest); } $file = basename($_FILES['uploadfile']['name']); $dest .= "/" . $file; $ufile = $_FILES['uploadfile']['tmp_name']; $comm = $_POST["uploadcomm"]; $hid = $_POST["uploadhidden"]; if ($hid != "1") { $hid = "0"; } if(move_uploaded_file($ufile, $dest)) { // if(copy($ufile, $dest)) { $_SESSION["status"] .= "The file $file has been uploaded."; $date = time(); $comm = mysql_real_escape_string(strip_tags($comm)); $sql = "SELECT * FROM Contents WHERE Name = '$file' AND User = '$user';"; $res = querydb($sql); if (mysql_num_rows($res) != FALSE) { $sql = "DELETE FROM Contents WHERE Name = '$file' AND User = '$user';"; querydb($sql); } $sql = "INSERT INTO Contents (`Name`,`User`,`Datestamp`,`Comment`,`Hidden`) VALUES ('$file','$user','$date','$comm','$hid');"; querydb($sql); } else { $_SESSION["status"] .= "There was an error uploading the file (" . $_FILES['uploadfile']['error'] . "). $dest"; } } } $del = $_GET["del"]; if ($del > 0) { $sql = "SELECT * FROM Contents WHERE ID = '$del';"; $res = querydb($sql); $owner = mysql_result($res,0,"User"); $file = $basedir . "/$owner/" . mysql_result($res,0,"Name"); if (file_exists($file) && ($owner == $user || $access == 2)) { unlink($file); $sql = "DELETE FROM Contents WHERE ID = '$del';"; querydb($sql); $_SESSION["status"] .= "File deleted"; } } $status = $_SESSION["status"]; ?> UpToMe
"); pr(" Name","Size","Uploaded","Owner","Extra"); $p[0] = "panelone"; $p[1] = "paneltwo"; $panel = 1; $total = 0; for ($i = 0; $i < $num; $i++) { $item = mysql_fetch_array($res); $owner = $item["User"]; $dest = "uploads/$owner/" . $item["Name"]; $info = stat($dest); $total += $info[7]; $size = number_format($info[7]); $panel = 1 - $panel; $s = $p[$panel]; $ext = ext($item["Name"]); pr(""); pr(""); $keys = array_keys($ex); $icon = "unknown"; foreach ($keys as $key) { $extensions = explode(",",$ex[$key]); foreach ($extensions as $extension) { if ($ext == $extension) { $icon = $key; } } } pr(""); pr(""); pr("","",$item["Name"],"",""); pr("",$size,""); $dt = date("d/m/y H:i",$item["Datestamp"]); pr("",$dt,""); pr("",$owner,""); pr(""); $id = $item["ID"]; if ($owner == $user || $access >= 2) { pr("Delete "); } else { pr(""); } if ($item["Hidden"] == 1) { pr("Hidden from others "); } else { pr("Visible to all "); } // pr("File details "); if ($item["Hidden"] == "0") { pr("Quicklink $id - right click, copy link/shortcut "); } else { pr(""); } pr(""); pr(""); } $total = number_format($total); pr(" "," ","$total"," "," "," "); pr(""); } else if ($page == "info") { include("info.php"); } // $page endif ?>

UpToMe
beta
browse | faqs | contact
Choose a file to upload:
(5Mb limit)

Comment:

Hidden

Logged in as:

Log out ","Outstanding requests
","(One tick per user)"); pr("
"); pr(""); pr("","","","",""); for ($i = 0; $i < $num; $i++) { $req = mysql_fetch_array($res); $name = $req["Name"]; $id = $req["ID"]; pr(""); pr(""); pr(""); pr(""); pr(""); } pr("
NameAckDel
$name
","
"); pr(""); pr(""); pr("
"); } } } else { ?> Log in / Request account

Username:

Password: