-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathprocess.php
More file actions
99 lines (81 loc) · 3.17 KB
/
process.php
File metadata and controls
99 lines (81 loc) · 3.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<?php
// We need to use sessions, so you should always start sessions using the below code.
session_start();
// If the user is not logged in redirect to the login page...
if (!isset($_SESSION['loggedin'])) {
header('Location: index.php');
exit();
}
?>
<?php
// connect to database
$conn = mysqli_connect('localhost', 'root', '', 'filestorage');
$sql = "SELECT * FROM files";
$result = mysqli_query($conn, $sql);
$files = mysqli_fetch_all($result, MYSQLI_ASSOC);
// Uploads files
if (isset($_POST['save'])) { // if save button on the form is clicked
// name of the uploaded file
$filename = $_FILES['myfile']['name'];
$category = $_POST['category'];
$description = $_POST['description'];
// destination of the file on the server
$destination = 'uploads/' . $filename;
// get the file extension
$extension = pathinfo($filename, PATHINFO_EXTENSION);
// the physical file on a temporary uploads directory on the server
$file = $_FILES['myfile']['tmp_name'];
$size = $_FILES['myfile']['size'];
if (!in_array($extension, ['doc','docx','pdf','ppt','pptx','txt','xls','xlsx','xps'])) {
header('Location: upload.php#failed');
} elseif ($_FILES['myfile']['size'] > 5000000) { // file shouldn't be larger than 5 Megabyte
header('Location: upload.php#failed');
} else {
// move the uploaded (temporary) file to the specified destination
if (move_uploaded_file($file, $destination)) {
$sql = "INSERT INTO files (name, size, category, description, downloads) VALUES ('$filename', $size, '$category', '$description', 0)";
if (mysqli_query($conn, $sql)) {
header('Location: upload.php#success');
}
} else {
header('Location: upload.php#failed');
}
}
}
// Downloads files
if (isset($_GET['file_id'])) {
$id = $_GET['file_id'];
// fetch file to download from database
$sql = "SELECT * FROM files WHERE id=$id";
$result = mysqli_query($conn, $sql);
$file = mysqli_fetch_assoc($result);
$filepath = 'uploads/' . $file['name'];
if (file_exists($filepath)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($filepath));
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize('uploads/' . $file['name']));
readfile('uploads/' . $file['name']);
// Now update downloads count
$newCount = $file['downloads'] + 1;
$updateQuery = "UPDATE files SET downloads=$newCount WHERE id=$id";
mysqli_query($conn, $updateQuery);
exit;
}
}
//Delete files
if(isset($_GET['delete_id']))
{
$id = $_GET['delete_id'];
$sql = "SELECT * FROM files WHERE id=$id";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
unlink("uploads/".$row['name']);
$sql = "DELETE FROM files WHERE id=$id";
$result = mysqli_query($conn, $sql);
header("Location: files.php");
}
?>