Hi I would like to create a file upload system but got stuck and can not afford to upload win rar
PHP Code:
require_once("include/bittorrent.php");
dbconn();
loggedinorreturn();
maxsysop();
if(!function_exists(safe)){
function safe($var) {
return str_replace(array('&', '>', '<', '"', '\'' ), array('&', '>', '<', '"', ''' ), str_replace(array('>', '<', '"', ''', '&'), array('>', '<', '"', '\'', '&'), $var));
}
}
$updir = "subs"; $maxsize = 2048 * 1024;
$action = (isset($_GET["action"]) ? safe($_GET["action"]) : (isset($_POST["action"]) ? safe($_POST["action"]) : ''));
$mode = (isset($_GET["mode"]) ? safe($_GET["mode"]) : "");
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if ($action == "upload" || $action == "edit")
{
$lang = isset($_POST["language"]) ? safe($_POST["language"]) : "";
if (empty($lang))
stderr("Upload failed","No language selected");
$releasename = isset($_POST["releasename"]) ? safe($_POST["releasename"]) : "";
if (empty($releasename))
stderr("Upload failed","Use a descriptive name for you subtitle");
$imdb = isset($_POST["imdb"]) ? safe($_POST["imdb"]) : "";
if (empty($imdb))
stderr("Upload failed","You forgot to add the imdb link");
$comment = isset($_POST["comment"]) ? safe($_POST["comment"]) : "";
$poster = isset($_POST["poster"]) ? safe($_POST["poster"]) : "";
$fps = isset($_POST["fps"]) ? safe($_POST["fps"]) : "";
$cd = isset($_POST["cd"]) ? safe($_POST["cd"]) : "";
if ($action == "upload") {
$file = $_FILES["sub"];
if (!isset($file))
stderr("Upload failed","The file can't be empty!");
if ($file["size"] > $maxsize)
stderr("Upload failed","What the hell did you upload?");
$fname = $file["name"];
$temp_name = $file["tmp_name"];
$ext = (substr($fname ,-3));
$allowed = array("srt", "sub","txt","zip");
if (!in_array($ext,$allowed))
stderr("Upload failed","File not allowed only .srt , .sub , .txt , .zip files");
$new_name = md5(time());
$filename = "$new_name.$ext";
$date = get_date_time();
$owner = $CURUSER["id"];
mysql_query("INSERT INTO subtitles (name , filename,imdb,comment, lang, fps, poster, cds, added, owner ) VALUES (" .implode(",", array_map("sqlesc", array($releasename, $filename,$imdb,$comment, $lang, $fps,$poster, $cd , $date, $owner ))).")") or sqlerr(__FILE__, __LINE__);
move_uploaded_file($temp_name, "$updir/$filename");
$id = mysql_insert_id();
header("Refresh: 0; url=subtitles.php?mode=details&id=$id");
}//end upload
if ($action == "edit"){
$id = isset($_POST["id"]) ? 0 + $_POST["id"] : 0;
if ($id == 0)
stderr("Err","Not a valid id");
else
{
$res = mysql_query("SELECT * FROM subtitles WHERE id={$id} ") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
if (mysql_num_rows($res) == 0)
stderr("Sorry","There is no subtitle with that id");
if ($CURUSER["id"] != $arr["owner"] && get_user_class() < UC_MODERATOR)
bark("You're not the owner! How did that happen?\n");
$updateset = array();
if ($arr["name"] != $releasename)
$updateset[] = "name = " . sqlesc($releasename);
if ($arr["imdb"] != $imdb)
$updateset[] = "imdb = " . sqlesc($imdb);
if ($arr["lang"] != $lang)
$updateset[] = "lang = " . sqlesc($lang);
if ($arr["poster"] != $poster)
$updateset[] = "poster = " . sqlesc($poster);
if ($arr["fps"] != $fps)
$updateset[] = "fps = " . sqlesc($fps);
if ($arr["cds"] != $cd)
$updateset[] = "cds = " . sqlesc($cd);
if ($arr["comment"] != $comment)
$updateset[] = "comment = " . sqlesc($comment);
if (count($updateset) > 0)
mysql_query("UPDATE subtitles SET " . join(",", $updateset) . " WHERE id ={$id} ") or sqlerr(__FILE__, __LINE__);
header("Refresh: 0; url=subtitles.php?mode=details&id=$id");
}
}//end edit
}//end upload && edit
}//end POST
if($mode == "upload" || $mode == "edit")
{
if ($mode == "edit"){
$id = isset($_GET["id"]) ? 0 + $_GET["id"] : 0;
if ($id == 0)
stderr("Err","Not a valid id");
else
{
$res = mysql_query("SELECT id, name, imdb, poster, fps, comment, cds, lang FROM subtitles WHERE id={$id} ") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
if (mysql_num_rows($res) == 0)
stderr("Sorry","There is no subtitle with that id");
}
}
if (get_user_class() < UC_USER)
stderr("Error", "No access!");
stdhead("".($mode == "upload" ? "Upload new Subtitle" : "Edit subtitle ".$arr["name"]."")."");
begin_main_frame();
begin_frame("".($mode == "upload" ? "New Subtitle" : "Edit subtitle ".$arr["name"]."")."");?>
<script type="text/javascript">
function checkext(upload_field)
{
var re_text = /\.sub|\.srt|\.txt|\.zip/i;
var filename = upload_field.value;
/* Checking file type */
if (filename.search(re_text) == -1)
{
alert("File does not have allowed (sub, srt, txt) extension");
upload_field.form.reset();
return false;
}
}
</script>
<form enctype="multipart/form-data" method="post" action="<?$PHP_SELF?>">
<table style="width:400px; border:solid 1px #000000;" align="center" cellpadding="5" cellspacing="0" >
<? if ($mode == "upload") {?>
<tr><td colspan="2" align="center" class="colhead"><font color="red"><b>Only .srt, .sub, .txt, .zip file are accepted<br>Max file size <?=mksize($maxsize)?><b></font></td></tr>
<? } ?>
<tr><td class="rowhead" style="border:none">Language <font color="red">*</font></td><td style="border:none"><select name="language" title="Select the subtitle language">
<option value="">- Select -</option>
<option value="rom" <?=($mode == "edit" && $arr["lang"] == "rom" ? "selected=\"selected\"" : "")?>>Romana</option>
<option value="eng" <?=($mode == "edit" && $arr["lang"] == "eng" ? "selected=\"selected\"" : "")?>>English</option>
<option value="dan" <?=($mode == "edit" && $arr["lang"] == "dan" ? "selected=\"selected\"" : "")?>>Danish</option>
<option value="nor" <?=($mode == "edit" && $arr["lang"] == "nor" ? "selected=\"selected\"" : "")?>>Norwegian</option>
<option value="fin" <?=($mode == "edit" && $arr["lang"] == "fin" ? "selected=\"selected\"" : "")?>>Finnish</option>
<option value="spa" <?=($mode == "edit" && $arr["lang"] == "spa" ? "selected=\"selected\"" : "")?>>Spanish</option>
<option value="fre" <?=($mode == "edit" && $arr["lang"] == "fre" ? "selected=\"selected\"" : "")?>>French</option>
</select>
</td></tr>
<tr><td class="rowhead" style="border:none" >Release Name <font color="red">*</font></td><td style="border:none" ><input type="text" name="releasename" size="50" value="<?=($mode == "edit" ? $arr["name"] : "")?>" title="The releasename of the movie (Example:Disturbia.2007.DVDRip.XViD-aAF)"/></td></tr>
<tr><td class="rowhead" style="border:none" >IMDB link <font color="red">*</font></td><td style="border:none" ><input type="text" name="imdb" size="50" value="<?=($mode == "edit" ? $arr["imdb"] : "")?>" title="Copy&Paste the link from IMDB for this movie"/></td></tr>
<? if ($mode == "upload") {?>
<tr><td class="rowhead" style="border:none" >SubFile <font color="red">*</font></td><td style="border:none" ><input type="file" name="sub" size="36" onChange="checkext(this)" title="Only .rar and .zip file allowed"/></td></tr>
<? }?>
<tr><td class="rowhead" style="border:none" >Poster</td><td style="border:none" ><input type="text" name="poster" size="50" value="<?=($mode == "edit" ? $arr["poster"] : "")?>" title="Direct link to a picture"/></td></tr>
<tr><td class="rowhead" style="border:none" >Comments</td><td style="border:none" ><textarea rows="5" cols="45" name="comment" title="Any specific details about this subtitle we need to know"><?=($mode == "edit" ? $arr["comment"] : "")?></textarea>
<tr><td class="rowhead" style="border:none" >FPS</td><td style="border:none"><select name="fps">
<option value="0">- Select -</option>
<option value="23.976" <?=($mode == "edit" && $arr["fps"] == "23.976" ? "selected=\"selected\"" : "")?> >23.976</option>
<option value="23.980" <?=($mode == "edit" && $arr["fps"] == "23.980" ? "selected=\"selected\"" : "")?>>23.980</option>
<option value="24.000" <?=($mode == "edit" && $arr["fps"] == "24.000" ? "selected=\"selected\"" : "")?>>24.000</option>
<option value="25.000" <?=($mode == "edit" && $arr["fps"] == "25.000" ? "selected=\"selected\"" : "")?>>25.000</option>
<option value="29.970" <?=($mode == "edit" && $arr["fps"] == "29.970" ? "selected=\"selected\"" : "")?>>29.970</option>
<option value="30.000" <?=($mode == "edit" && $arr["fps"] == "30.000" ? "selected=\"selected\"" : "")?>>30.000</option>
</select>
</td></tr>
<tr><td class="rowhead" style="border:none" >CD<br/>number</td><td style="border:none" ><select name="cd">
<option value="0" >- Select -</option>
<option value="1" <?=($mode == "edit" && $arr["cds"] == "1" ? "selected=\"selected\"" : "")?>>1CD</option>
<option value="2" <?=($mode == "edit" && $arr["cds"] == "2" ? "selected=\"selected\"" : "")?>>2CD</option>
<option value="3" <?=($mode == "edit" && $arr["cds"] == "3" ? "selected=\"selected\"" : "")?>>3CD</option>
<option value="4" <?=($mode == "edit" && $arr["cds"] == "4" ? "selected=\"selected\"" : "")?>>4CD</option>
<option value="5" <?=($mode == "edit" && $arr["cds"] == "5" ? "selected=\"selected\"" : "")?>>5CD</option>
<option value="6" <?=($mode == "edit" && $arr["cds"] == "6" ? "selected=\"selected\"" : "")?>>DVD</option>
<option value="255" <?=($mode == "edit" && $arr["cds"] == "255" ? "selected=\"selected\"" : "")?>>More</option>
</select>
</td></tr>
<tr><td colspan="2" align="center" class="colhead">
<? if($mode == "upload") {?>
<input type="submit" value="Upload it" />
<input type="hidden" name="action" value="upload">
<? } else { ?>
<input type="submit" value="Edit it"/>
<input type="hidden" name="action" value="edit" />
<input type="hidden" name="id" value="<?=$arr["id"]?>" />
<?}?>
</td></tr>
</table>
</form>
<?
end_frame();
end_main_frame();
stdfoot();
}
//delete subtitle
elseif ($mode == "delete")
{
$id = isset($_GET["id"]) ? 0 + $_GET["id"] : 0;
if ($id == 0)
stderr("Err","Not a valid id");
else
{
$res = mysql_query("SELECT id, name, filename FROM subtitles WHERE id={$id} ") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
if (mysql_num_rows($res) == 0)
stderr("Sorry","There is no subtitle with that id");
$sure = (isset($_GET["sure"]) && $_GET["sure"] == "yes") ? "yes" : "no" ;
if ($sure == "no" )
stderr("Sanity check...","Your are about to delete subtitile <b>".safe($arr["name"])."</b> . Click <a href=subtitles.php?mode=delete&id=$id&sure=yes>here</a> if you are sure.",false) ;
else{
mysql_query("DELETE FROM subtitles WHERE id={$id} ") or sqlerr(__FILE__,__LINE__);
$file = $updir.'/'.$arr["filename"];
@unlink($file);
header("Refresh: 0; url=subtitles.php");
}
}
}
//end delete subtitle
elseif ($mode == "details")
{
$id = isset($_GET["id"]) ? 0 + $_GET["id"] : 0;
if ($id == 0)
stderr("Err","Not a valid id");
else
{
$res = mysql_query("SELECT s.id, s.name,s.lang, s.imdb,s.fps,s.poster,s.cds,s.hits,s.added,s.owner,s.comment, u.username FROM subtitles AS s LEFT JOIN users AS u ON s.owner=u.id WHERE s.id={$id} ") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
if (mysql_num_rows($res) == 0)
stderr("Sorry","There is no subtitle with that id");
if ($arr["lang"] == "rom")
$lang = "<img src=\"pic/flag/romania.gif\" border=\"0\" alt=\"Romana\" title=\"Romana\" />";
elseif ($arr["lang"] == "eng")
$lang = "<img src=\"pic/flag/england.gif\" border=\"0\" alt=\"English\" title=\"English\" />";
elseif ($arr["lang"] == "dan")
$lang = "<img src=\"pic/flag/denmark.gif\" border=\"0\" alt=\"Danish\" title=\"Danish\" />";
elseif ($arr["lang"] == "nor")
$lang = "<img src=\"pic/flag/norway.gih\" border=\"0\" alt=\"Norwegian\" title=\"Norwegian\" />";
elseif ($arr["lang"] == "fin")
$lang = "<img src=\"pic/flag/finland.gif\" border=\"0\" alt=\"Finnish\" title=\"Finnish\" />";
elseif ($arr["lang"] == "spa")
$lang = "<img src=\"pic/flag/spain.gif\" border=\"0\" alt=\"Spanish\" title=\"Spanish\" />";
elseif ($arr["lang"] == "fre")
$lang = "<img src=\"pic/flag/france.gif\" border=\"0\" alt=\"French\" title=\"French\" />";
else
$lang = "<b>Unknown</b>";
stdhead("Details for ".safe($arr["name"])."");
begin_main_frame();
?>
<table width="750" cellpadding="5" cellspacing="0" border="1" align="center" style="border-collapse:collapse;">
<tr><td width="150" rowspan="10" valign="top" align="center">
<img src="<?=(empty($arr["poster"]) ? "pic/no_poster.gif" : $arr["poster"])?>" width="150" height="195" alt="<?=$arr["name"]?>" />
<br/><br/><form action="downloadsub.php" method="post">
<input type="hidden" name="sid" value="<?=$arr["id"]?>" />
<input type="submit" value=" " style="background:url(pic/down.png) no-repeat; width:124px;height:25px;border:none;" />
<input type="hidden" name="action" value="download" />
<tr><td align="left">Name : <b><?=safe($arr["name"])?></b></td></tr>
<tr><td align="left">IMDb : <a href="<?=safe($arr["imdb"])?>" target="_blank" ><?=safe($arr["imdb"])?></a></td></tr>
<tr><td align="left">Language : <?=$lang?></td></tr>
<?
if (!empty($arr["comment"])) {
?>
<tr><td align="left"><fieldset><legend><b>Comment</b></legend> <?=safe($arr["comment"])?></fieldset></td></tr>
<?}?>
<tr><td align="left">FPS : <b><? print($arr["fps"] == 0 ? "Unknow" : safe($arr["fps"]));?></b></td></tr>
<tr><td align="left">Cd# : <b><? print($arr["cds"] == 0 ? "Unknow" : ($arr["cds"] == 255 ? "More than 5 " : safe($arr["cds"])) );?></b></td></tr>
<tr><td align="left">Hits : <b><?=$arr["hits"]?></b></td></tr>
<tr><td align="left">Uploader : <b><a href="userdetails.php?id=<?=$arr["owner"]?>" target="_blank"><?=$arr["username"]?></a>
<? if ($arr["owner"] == $CURUSER["id"] || get_user_class() > UC_MODERATOR) { ?>
<a href="subtitles.php?mode=edit&id=<?=$arr["id"]?>"><img src="pic/edit.png" title="Edit Sub" style="border:none;padding:2px;" /></a>
<a href="subtitles.php?mode=delete&id=<?=$arr["id"]?>"><img src="pic/drop.png" title="Delete Sub" style="border:none;padding:2px;" /></a>
<? }?>
</td></tr>
<tr><td align="left">Added : <b><?=display_date_time($arr["added"])?></b></td></tr>
</table>
<?
end_main_frame();
stdfoot();
}
}
elseif ($mode== "preview")
{
$id = isset($_GET["id"]) ? 0 + $_GET["id"] : 0;
if ($id == 0)
stderr("Err","Not a valid id");
else
{
$res = mysql_query("SELECT id, name,filename FROM subtitles WHERE id={$id} ") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
if (mysql_num_rows($res) == 0)
stderr("Sorry","There is no subtitle with that id");
$file = $updir."/".$arr["filename"];
$fileContent = file_get_contents($file);
print("<html><title>Preview for - ".$arr["name"]."</title>
<body bgcolor=\"#CCCCCC\">
<div style=\"white-space:pre; color:#333333;font-family:tahoma; font-size:12px;\">".safe($fileContent)."</div></body></html>");
}
}
else
{
stdhead("Subtitles");
//begin_frame();
$s = (isset($_GET["s"]) ? safe($_GET["s"]) : "");
$w = (isset($_GET["w"]) ? safe($_GET["w"]) : "");
if ($s && $w == "name")
$where = "WHERE s.name LIKE ".sqlesc("%".$s."%");
elseif ($s && $w == "imdb")
$where = "WHERE s.imdb LIKE ".sqlesc("%".$s."%");
elseif ($s && $w == "comment")
$where = "WHERE s.comment LIKE ".sqlesc("%".$s."%");
else $where = "";
$link = ($s && $w ? "s=$s&w=$w&" : "");
$count = get_row_count("subtitles AS s","$where");
if ($count == 0 && !$s && !$w)
stdmsg ("","There is no subtitle, go <a href=\"subtitles.php?mode=upload\">here</a> and start uploading.",false);
$perpage = 20;
list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "subtitles.php?".$link);
$res = mysql_query("SELECT s.id, s.name,s.lang, s.imdb,s.fps,s.poster,s.cds,s.hits,s.added,s.owner,s.comment, u.username FROM subtitles AS s LEFT JOIN users AS u ON s.owner=u.id $where ORDER BY s.added DESC $limit ") or sqlerr(__FILE__, __LINE__);
?>
<table class=tab width="880" cellpadding="5" cellspacing="0" border="0" align="center" style="font-weight:bold" >
<tr><td style="border:none" valign="middle">
<fieldset style="text-align:center; border:#0066CC solid 1px; background-color:#999999">
<legend style="text-align:center; border:#0066CC solid 1px ; background-color:#999999;font-size:13px;"><b>Search</b></legend>
<form action="subtitles.php" method="get">
<input size="50" value="<?=$s?>" name="s" type="text" />
<select name="w" >
<option value="name" <?=($w == "name" ? "selected" : "")?>>Name</option>
<option value="imdb" <?=($w == "imdb" ? "selected" : "")?>>IMDb</option>
<option value="comment" <?=($w == "comment" ? "selected" : "")?> >Comments</option>
</select>
<input type="submit" value="Search" /> <input type="button" onClick="window.location.href='subtitles.php?mode=upload'" value="Upload" />
</form>
</td></tr>
<? if ($s) {?>
<tr><td style="border:none;">Search result for <i>"<?=$s?>"</i><br/>
<?=(mysql_num_rows($res) == 0 ? "Nothing found! Try again with a refined search string." : "" )?>
</td></tr>
<?}?>
</fieldset>
</table>
<br/>
<?
if (mysql_num_rows($res) > 0) {
if ($count > $perpage )
print("<div align=\"center\" style=\"padding:5px\">$pagertop</div>");
?>
<table width="880" cellpadding="5" cellspacing="0" border="0" align="center" style="font-weight:bold" >
<tr><td class="type" align="center">Lang</td>
<td class="middle" align="left" style="width:50%">Name</td>
<td class="middle" align="center">IMDb</td>
<td class="middle" align="center">Added</td>
<td class="middle" align="center">Hits</td>
<td class="middle" align="center">FPS</td>
<td class="middle" align="center">CD#</td>
<? if ($arr["owner"] == $CURUSER["id"] || get_user_class() > UC_EMODERATOR) { ?>
<td class="middle" align="center">Tools</td>
<? } ?>
<td class="upped" align="center">Upper</td></tr>
<? while ($arr = mysql_fetch_assoc($res)) {
if ($arr["lang"] == "rom")
$lang = "<img src=\"pic/flag/romania.gif\" border=\"0\" alt=\"Romana\" title=\"Romana\" />";
elseif ($arr["lang"] == "eng")
$lang = "<img src=\"pic/flag/england.gif\" border=\"0\" alt=\"English\" title=\"English\" />";
elseif ($arr["lang"] == "dan")
$lang = "<img src=\"pic/flag/denmark.gif\" border=\"0\" alt=\"Danish\" title=\"Danish\" />";
elseif ($arr["lang"] == "nor")
$lang = "<img src=\"pic/flag/norway.gih\" border=\"0\" alt=\"Norwegian\" title=\"Norwegian\" />";
elseif ($arr["lang"] == "fin")
$lang = "<img src=\"pic/flag/finland.gif\" border=\"0\" alt=\"Finnish\" title=\"Finnish\" />";
elseif ($arr["lang"] == "spa")
$lang = "<img src=\"pic/flag/spain.gif\" border=\"0\" alt=\"Spanish\" title=\"Spanish\" />";
elseif ($arr["lang"] == "fre")
$lang = "<img src=\"pic/flag/france.gif\" border=\"0\" alt=\"French\" title=\"French\" />";
else
$lang = "<b>Unknown</b>";
//=======change colors
if($count == 0)
{
$count = $count+1;
$class = "clearalt6";
}
else
{
$count = 0;
$class = "clearalt7";
}
//=======end
?>
<tr class="browse" valign="middle">
<td class="clearalt6" align="center"><?=$lang?></td>
<td><a href="subtitles.php?mode=details&id=<?=$arr["id"]?>" onmouseover="Tip('<img src=\'<?=$arr["poster"]?>\' width=\'160\'>')" onmouseout="UnTip()" ><?=safe($arr["name"])?></a></td>
<td align="center"><a href="<?=safe($arr["imdb"])?> " target="_blank"><img src="pic/imdb.gif" border="0"/></a></td>
<td align="center"><?=str_replace(" ", "<br/>", display_date_time($arr["added"]))?></td>
<td align="center"><?=$arr["hits"]?></td>
<td align="center"><?=($arr["fps"] == 0 ? "Unknow" : safe($arr["fps"]));?></td>
<td align="center"><?=($arr["cds"] == 0 ? "Unknow" : ($arr["cds"] == 255 ? "More than 5 " : safe($arr["cds"])) );?></td>
<? if ($arr["owner"] == $CURUSER["id"] || get_user_class() > UC_ADMINISTRATOR) { ?>
<td align="center" nowrap="nowrap">
<a href="subtitles.php?mode=edit&id=<?=$arr["id"]?>"><img src="pic/edit.png" title="Edit Sub" style="border:none;padding:2px;" /></a>
<a href="subtitles.php?mode=delete&id=<?=$arr["id"]?>"><img src="pic/drop.png" title="Delete Sub" style="border:none;padding:2px;" /></a>
</td>
<? } ?>
<td align="center"><a href="userdetails.php?id=<?=$arr["owner"]?>"><?=safe($arr["username"])?></a></td>
</tr>
<? } ?>
</table>
<? }
//end_frame();
stdfoot();
}
?>