Ok, I had a more barebones version of this script working, but when I
tried to put it in with my larger script, it broke. I think the problem
lies somewhere in the uploading, but I'm not sure of this. Anyway,
here's what I have:
index.php
---------------------------------
<?
include("header.inc");
if (!isset($_SESSION['username']) or ($_SESSION['username'] == "Guest")) {
header ("Location: http://www.thisisfake.com/index.php");
}
dbconnect();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Upload</title>
</head>
<body>
<center>
<?
if($id) {
switch ($action) {
case "delete":
$data = mysql_query("SELECT id,uploader FROM files WHERE id = '$id'");
$id = mysql_result($data,0,"id");
$uploader = mysql_result($data,0,"uploader");
if ($_SESSION["username"] == $uploader || $_SESSION["level"] ==
"admin") {
mysql_query("DELETE FROM files WHERE id = '$id'");
echo "File deleted";
echo '<META HTTP-EQUIV="refresh"
content="2;URL=http://www.thisisfake.com/upload/">';
} else {echo "Invalid permissions";}
break;
default: //Echo contents if image, else send as file download
$query = "select mimetype, data from files where id = $id";
$result = mysql_query($query);
$data = mysql_result($result,0,"data");
$type = mysql_result($result,0,"mimetype");
if ($type == "image/pjeg" || $type == "image/jpeg" || $type ==
"image/x-png" || $type == "image/png" || $type == "image/gif"|| $type ==
"image/bmp") {
echo base64_decode($data);
} else {
get($id); //This send the file as a download, instead of echoing the
contents
}
break;
}
} else {
// Listing of files and the form
echo"
<form method=POST action=upload.php enctype=multipart/form-data>
<p>File to upload:<br>
<input type=file name=file>
<input type='submit' name='submit' value='Upload'>
</form>
";
//All this stuff works
echo "<p></p>";
if ($data = getInfo()) {
echo '<table border="0" align="center">
<tr bgcolor="#bad1d1">
<td>File Name</td>
<td><center>File Size</center></td>
<td><center>Mime Type</center></td>
<td><center>Checksum</center></td>
<td><center>Extension</center></td>
<td><center>Uploader</center></td>
<td><center>Date</center></td>
<td><center>Option</center></td>
</tr>
';
for ($i=0; $i<count($data); $i++) {
echo '
<tr bgcolor=#CCCCCC>
<td><a
href="view.php?id='.$data[$i]["id"].'">'.$data[$i]["file_name"].'</a></td>
<td>'.$data[$i]["file_size"].'</td>
<td>'.$data[$i]["mimetype"].'</td>
<td>'.$data[$i]["checksum"].'</td>
<td>'.$data[$i]["extension"].'</td>
<td>'.$data[$i]["uploader"].'</td>
<td>'.$data[$i]["date"].'</td>';
if ($_SESSION["username"] == $data[$i]["uploader"] ||
$_SESSION["level"] == "admin") {
echo '<td><a
href="index.php?action=delete&id='.$data[$i]["id"].'">Delete</a></td>';}
echo '</tr>
';
}
echo '</table>';
echo '<br>';
echo 'Number of files: ';
echo blobcount();
echo '<br>';
}
}
?>
</center>
</body>
</html>
upload.php
----------------------------------------------
<?
include('header.inc');
dbconnect();
$type = $file_type;
if ($type == "image/pjeg" || $type == "image/jpeg" || $type ==
"image/x-png" || $type == "image/png" || $type == "image/gif") {
$handle = fopen($file,'rb');
$file_content = fread($handle,filesize($file));
fclose($handle);
$encoded = chunk_split(base64_encode($file_content));
$uploader = $_SESSION['username'];
$sql = "INSERT INTO files (id, file_name, data, file_size, mimetype,
extension, checksum, uploader, date) VALUES ('', '".$file_name."',
'".$encoded."', '".filesize($file)."', '".$file_type."',
'".getExtension($blob_name)."', '".generate_sfv_checksum($file)."',
'".$uploader."', NOW())";
mysql_query($sql);
} else {
$handle = fopen($file,'rb');
$file_content = fread($handle,filesize($file));
fclose($handle);
$encoded = chunk_split(base64_encode($file_content));
$uploader = $_SESSION['username'];
$sql = "INSERT INTO files (id, file_name, data, file_size, mimetype,
extension, checksum, uploader, date) VALUES ('', '".$file_name."',
'".$encoded."', '".filesize($file)."', '".$file_type."',
'".getExtension($blob_name)."', '".generate_sfv_checksum($file)."',
'".$uploader."', NOW())";
mysql_query($sql);
}
//}
header ("Location: http://www.thisisfake.com/upload");
?>
view.php
---------------------------------------------------------
<?
echo '<img src="http://www.thisisfake.com/upload/index.php?id='.$id.'">';
?>
I may have broken it further after the initial breaking, so if something
seems doubly broken that might be it. If you need more information just ask.