kvkgfuxx

· 7 years ago · Jan 13, 2019, 05:26 AM
1PHP iFrame Upload Confirmation
2<iframe class="iframe" name="my_iframe" src="upload_file.php" style="display:none;"></iframe>
3<form id="uploadForm" action="upload_file.php" method="post" enctype="multipart/form-data" target="my_iframe">
4	
5<?php
6    ini_set('display_errors', 'On');
7    error_reporting(E_ALL | E_STRICT);
8    session_start();
9    $allowedExts = array("doc", "docx");
10    $extension = pathinfo( $_FILES["upload"]["name"],PATHINFO_EXTENSION);
11    $username = $_SESSION["username"];
12
13    if (($_FILES["upload"]["size"] < 200000)
14    && in_array($extension, $allowedExts)) {
15        if ($_FILES["upload"]["error"] > 0)
16        {
17            echo "Return Code: " . $_FILES["upload"]["error"] . "<br />";
18        }
19        else
20        {
21            echo "Upload: " . $_FILES["upload"]["name"] . "<br />";
22            echo "Type: " . $_FILES["upload"]["type"] . "<br />";
23            echo "Size: " . ($_FILES["upload"]["size"] / 1024) . " Kb<br />";
24            echo "Temp file: " . $_FILES["upload"]["tmp_name"] . "<br />";
25
26            $dir_exists = is_dir("/disks/*/*/*/*/". $_SESSION["FirstName"] ."-".$_SESSION["username"]."/");
27            $file_exists = file_exists("/disks/*/*/*/*/".$_SESSION["FirstName"] ."-".$_SESSION["username"]."/" . $_FILES["upload"]["name"]);
28            $folderName=$_SESSION["FirstName"];
29            $baseDir = "/disks/*/*/*/*/";
30            // Create directory if it does not exist
31            if (! $dir_exists) {
32                if (is_writable($baseDir)) {
33                    mkdir($baseDir . $_SESSION["FirstName"]."-".$_SESSION["username"]);
34                } else {
35                    trigger_error($baseDir.  " is not writeable");
36                }
37            }
38
39
40            if ($file_exists) {
41                echo $_FILES["upload"]["name"] . " already exists. ";
42            } else {
43                $link = new PDO('mysql:host=***;dbname=***;charset=UTF-8','***','***');
44                $proptype = $_POST["prop_cat"];
45                $stmt = $link->prepare("UPDATE Table SET `PType`=:proptype WHERE Username=:username");
46                $stmt->bindParam(':username', $username);
47                $stmt->bindParam(':proptype', $proptype);
48                $stmt->execute();
49                move_uploaded_file($_FILES["upload"]["tmp_name"],
50                $baseDir. $_SESSION["FirstName"] ."-".$_SESSION["username"]."/". $_FILES["upload"]["name"]);
51                echo "Stored in: " . $baseDir. $_SESSION["FirstName"] ."-".$_SESSION["username"]."/". $_FILES["upload"]["name"];
52            }
53        }
54    } else {
55        echo "Invalid file";
56    }
57?>
58	
59if ($file_exists) {
60            echo $_FILES["upload"]["name"] . " already exists. ";
61        } else {
62            $link = new PDO('mysql:host=***;dbname=***;charset=UTF-8','***','***');
63            $proptype = $_POST["prop_cat"];
64            $stmt = $link->prepare("UPDATE Table SET `PType`=:proptype WHERE Username=:username");
65            $stmt->bindParam(':username', $username);
66            $stmt->bindParam(':proptype', $proptype);
67            $stmt->execute();
68            move_uploaded_file($_FILES["upload"]["tmp_name"],
69            $baseDir. $_SESSION["FirstName"] ."-".$_SESSION["username"]."/". $_FILES["upload"]["name"]);
70            echo "Stored in: " . $baseDir. $_SESSION["FirstName"] ."-".$_SESSION["username"]."/". $_FILES["upload"]["name"];
71
72            /// load the iframe now ///////////////
73            echo '<iframe class="iframe" name="my_iframe" src="upload_file.php"></iframe>';
74            ///////////////////////////////////////
75         }