-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathajaxUpload.php
More file actions
70 lines (49 loc) · 1.96 KB
/
ajaxUpload.php
File metadata and controls
70 lines (49 loc) · 1.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<?php
require_once("config/connect.php");
require_once("config/imagine.php");
$name = sanitizeString(post('name'), true);
$email = post('email');
$phone = post('phone');
$user = post('user');
$group = post('group');
$detail = sanitizeString(post('detail'), true);
$os = sanitizeString(post('os'));
$revision = post('revision');
$file = sanitizeString(post('file'));
$size = post('size');//Grab Vars
validateInputs($email, $phone, $user, $group, $revision, $size);
$sql = "SELECT `name` FROM users WHERE `id`=".$user;
$dat = mysql_query($sql);//Get user name of currently logged on user
$arr = mysql_fetch_array($dat);
$user = $arr['name'];
$sql = "INSERT INTO files (`file_name`, `file_size`, `upload_date`, `group_id`,";
$sql .= " `name`, `email`, `phone`, `upload_by`, `detail`, `os`, `is_revision`";
$sql .= ") VALUES (";
$sql .= stringify($file).stringify($size)."CURRENT_TIMESTAMP, ".stringify($group);
$sql .= stringify($name).stringify($email).stringify($phone).stringify($user);
$sql .= stringify($detail).stringify($os).stringify($revision, true).")";
mysql_query($sql);//Insert the file into database
$id = mysql_insert_id();
$preview = makePreview($id, $uploadDir.$file);
if(in_array(get_ext(basename($file)), $available_extensions)) {
$sql = "UPDATE files SET `has_preview`=1 WHERE `id`=".$id;
mysql_query($sql);
}
function stringify($data, $end = false) {
$fini = "'".$data."'";//Format string for sql insertion
if(!$end)
$fini .= ", ";//Don't add comment if it's the last field
return $fini;
}
function validateInputs($email, $phone, $user, $group, $revision, $size) {
$passed = true;
$passed = is_numeric($user) ? $passed : false;
$passed = is_numeric($group) ? $passed : false;
$passed = is_numeric($revision) ? $passed : false;
$passed = is_numeric($size) ? $passed : false;
$passed = verifyEmail($email) ? $passed : false;
$passed = verifyPhone($phone) ? $passed : false;
if(!$passed)
error("Invalid Inputs");
}
?>