X-Git-Url: https://git.mxchange.org/?p=simple-upload.git;a=blobdiff_plain;f=index.php;h=39abc27ccc62bba3b31702fe9e6614bfc161cac2;hp=c1606d151cff401a4d8751bf4e8e8ca52c1badc1;hb=9a9f90ba01f7b0e6c4d26120a6339f599d916f5d;hpb=9e789a4b2915934ff104f530125e6e8d276ffaa2

diff --git a/index.php b/index.php
index c1606d1..39abc27 100644
--- a/index.php
+++ b/index.php
@@ -64,15 +64,21 @@
 		'ignores' => array('.', '..', 'LICENSE', 'README.md'),
 
 		// Language code
-		'lang' => 'en_GB',
+		'lang' => 'en',
 
 		// Language direction
 		'lang_dir' => 'ltr',
+
+		// Remove old files?
+		'remove_old_files' => true,
+
+		// Privacy: Allow external references (the "fork me" ribbon)
+		'allow_external_refs' => true,
 	);
 	// =============={ Configuration End }==============
 
 	// Is the local config file there?
-	if (file_exists('config-local.php')) {
+	if (isReadableFile('config-local.php')) {
 		// Load it then
 		include('config-local.php');
 	}
@@ -94,7 +100,7 @@
 	$data['ignores'][] = $data['scriptname'];
 
 	// Use canonized path
-	$data['uploaddir'] = realpath($settings['uploaddir']);
+	$data['uploaddir'] = realpath(dirname(__FILE__) . DIRECTORY_SEPARATOR . $settings['uploaddir']);
 
 	// Maximum upload size, set by system
 	$data['max_upload_size'] = ini_get('upload_max_filesize');
@@ -106,7 +112,7 @@
 
 		// 'User ID'
 		if (!isset($_SESSION['upload_user_id']))
-			$_SESSION['upload_user_id'] = rand(100000, 999999);
+			$_SESSION['upload_user_id'] = mt_rand(100000, 999999);
 
 		// List of filenames that were uploaded by this user
 		if (!isset($_SESSION['upload_user_files']))
@@ -136,7 +142,7 @@
 	}
 
 	// Format file size
-	function FormatSize ($bytes) {
+	function formatSize ($bytes) {
 		$units = array('B', 'KB', 'MB', 'GB', 'TB');
 
 		$bytes = max($bytes, 0);
@@ -149,7 +155,7 @@
 	}
 
 	// Rotating a two-dimensional array
-	function DiverseArray ($vector) {
+	function diverseArray ($vector) {
 		$result = array();
 		foreach ($vector as $key1 => $value1)
 			foreach ($value1 as $key2 => $value2)
@@ -158,10 +164,8 @@
 	}
 
 	// Handling file upload
-	function UploadFile ($file_data) {
-		global $settings;
-		global $data;
-		global $_SESSION;
+	function uploadFile ($file_data) {
+		global $settings, $data;
 
 		$file_data['uploaded_file_name'] = basename($file_data['name']);
 		$file_data['target_file_name'] = $file_data['uploaded_file_name'];
@@ -171,15 +175,15 @@
 			do {
 				$file_data['target_file_name'] = '';
 				while (strlen($file_data['target_file_name']) < $settings['random_name_len'])
-					$file_data['target_file_name'] .= $settings['random_name_alphabet'][rand(0, strlen($settings['random_name_alphabet']) - 1)];
+					$file_data['target_file_name'] .= $settings['random_name_alphabet'][mt_rand(0, strlen($settings['random_name_alphabet']) - 1)];
 				if ($settings['random_name_keep_type'])
 					$file_data['target_file_name'] .= '.' . pathinfo($file_data['uploaded_file_name'], PATHINFO_EXTENSION);
-			} while (file_exists($file_data['target_file_name']));
+			} while (isReadableFile($file_data['target_file_name']));
 		}
 		$file_data['upload_target_file'] = $data['uploaddir'] . DIRECTORY_SEPARATOR . $file_data['target_file_name'];
 
 		// Do now allow to overwriting files
-		if (file_exists($file_data['upload_target_file'])) {
+		if (isReadableFile($file_data['upload_target_file'])) {
 			echo 'File name already exists' . "\n";
 			return;
 		}
@@ -194,66 +198,103 @@
 		}
 	}
 
+	// Delete file
+	function deleteFile ($file) {
+		global $data;
+
+		if (in_array(substr($file, 1), $_SESSION['upload_user_files']) || in_array($file, $_SESSION['upload_user_files'])) {
+			$fqfn = $data['uploaddir'] . DIRECTORY_SEPARATOR . $file;
+			if (!in_array($file, $data['ignores']) && isReadableFile($fqfn)) {
+				unlink($fqfn);
+				echo 'File has been removed';
+				exit;
+			}
+		}
+	}
+
+	// Mark/unmark file as hidden
+	function markUnmarkHidden ($file) {
+		global $data;
+
+		if (in_array(substr($file, 1), $_SESSION['upload_user_files']) || in_array($file, $_SESSION['upload_user_files'])) {
+			$fqfn = $data['uploaddir'] . DIRECTORY_SEPARATOR . $file;
+			if (!in_array($file, $data['ignores']) && isReadableFile($fqfn)) {
+				if (substr($file, 0, 1) === '.') {
+					rename($fqfn, substr($fqfn, 1));
+					echo 'File has been made visible';
+				} else {
+					rename($fqfn, $data['uploaddir'] . DIRECTORY_SEPARATOR . '.' . $file);
+					echo 'File has been hidden';
+				}
+				exit;
+			}
+		}
+	}
+
+	// Checks if the given file is a file and is readable
+	function isReadableFile ($file) {
+		return (is_file($file) && is_readable($file));
+	}
 
 	// Files are being POSEed. Uploading them one by one.
 	if (isset($_FILES['file'])) {
 		header('Content-type: text/plain');
 		if (is_array($_FILES['file'])) {
-			$file_array = DiverseArray($_FILES['file']);
+			$file_array = diverseArray($_FILES['file']);
 			foreach ($file_array as $file_data)
-				UploadFile($file_data);
+				uploadFile($file_data);
 		} else
-			UploadFile($_FILES['file']);
+			uploadFile($_FILES['file']);
 		exit;
 	}
 
 	// Other file functions (delete, private).
 	if (isset($_POST)) {
-		if ($settings['allow_deletion'])
-			if (isset($_POST['action']) && $_POST['action'] === 'delete')
-				if (in_array(substr($_POST['target'], 1), $_SESSION['upload_user_files']) || in_array($_POST['target'], $_SESSION['upload_user_files']))
-					if (file_exists($_POST['target'])) {
-						unlink($_POST['target']);
-						echo 'File has been removed';
-						exit;
-					}
+		if ($settings['allow_deletion'] && (isset($_POST['target'])) && isset($_POST['action']) && $_POST['action'] === 'delete')
+			deleteFile($_POST['target']);
 
-		if ($settings['allow_private'])
-			if (isset($_POST['action']) && $_POST['action'] === 'privatetoggle')
-				if (in_array(substr($_POST['target'], 1), $_SESSION['upload_user_files']) || in_array($_POST['target'], $_SESSION['upload_user_files']))
-					if (file_exists($_POST['target'])) {
-						if ($_POST['target'][0] === '.') {
-							rename($_POST['target'], substr($_POST['target'], 1));
-							echo 'File has been made visible';
-						} else {
-							rename($_POST['target'], '.' . $_POST['target']);
-							echo 'File has been hidden';
-						}
-						exit;
-					}
+		if ($settings['allow_private'] && (isset($_POST['target'])) && isset($_POST['action']) && $_POST['action'] === 'privatetoggle')
+			markUnmarkHidden($_POST['target']);
 	}
 
 	// List files in a given directory, excluding certain files
-	function ListFiles ($dir, $exclude) {
+	function createArrayFromPath ($dir) {
+		global $data;
+
 		$file_array = array();
 		$dh = opendir($dir);
-			while (false !== ($filename = readdir($dh)))
-				if (is_file($filename) && !in_array($filename, $exclude))
-					$file_array[filemtime($filename)] = $filename;
+			while ($filename = readdir($dh)) {
+				$fqfn = $dir . DIRECTORY_SEPARATOR . $filename;
+				if (isReadableFile($fqfn) && !in_array($filename, $data['ignores']))
+					$file_array[filemtime($fqfn)] = $filename;
+			}
+
 		ksort($file_array);
 		$file_array = array_reverse($file_array, true);
 		return $file_array;
 	}
 
-	$file_array = ListFiles($settings['uploaddir'], $data['ignores']);
+	// Removes old files
+	function removeOldFiles ($dir) {
+		global $file_array, $settings;
+
+		foreach ($file_array as $file) {
+			$fqfn = $dir . DIRECTORY_SEPARATOR . $file;
+			if ($settings['time_limit'] < time() - filemtime($fqfn))
+				unlink($fqfn);
+		}
+	}
 
-	// Removing old files
-	foreach ($file_array as $file)
-		if ($settings['time_limit'] < time() - filemtime($file))
-			unlink($file);
+	// Only read files if the feature is enabled
+	if ($settings['listfiles']) {
+		$file_array = createArrayFromPath($data['uploaddir']);
 
-	$file_array = ListFiles($settings['uploaddir'], $data['ignores']);
+		// Removing old files
+		if ($settings['remove_old_files'])
+			removeOldFiles($data['uploaddir']);
 
+		$file_array = createArrayFromPath($data['uploaddir']);
+	}
 ?>
 <!DOCTYPE html>
 <html lang="<?=$settings['lang']?>" dir="<?=$settings['lang_dir']?>">
@@ -378,12 +419,13 @@
 			<ul id="simpleupload-ul">
 				<?php
 					foreach ($file_array as $mtime => $filename) {
+						$fqfn = $data['uploaddir'] . DIRECTORY_SEPARATOR . $filename;
 						$file_info = array();
 						$file_owner = false;
 						$file_private = $filename[0] === '.';
 
 						if ($settings['listfiles_size'])
-							$file_info[] = FormatSize(filesize($filename));
+							$file_info[] = formatSize(filesize($fqfn));
 
 						if ($settings['listfiles_size'])
 							$file_info[] = date($settings['listfiles_date_format'], $mtime);
@@ -404,7 +446,9 @@
 						if (!$file_private || $file_owner) {
 							echo "<li class=\"' . $class . '\">";
 
-							echo "<a href=\"$filename\" target=\"_blank\">$filename<span>$file_info</span></a>";
+							$url = str_replace('/./', '/', sprintf('%s%s/%s', $settings['url'], $settings['uploaddir'], $filename));
+
+							echo "<a href=\"$url\" target=\"_blank\">$filename<span>$file_info</span></a>";
 
 							if ($file_owner) {
 								if ($settings['allow_deletion'])
@@ -422,9 +466,21 @@
 					}
 				?>
 			</ul>
-		<?php } ?>
-		<a href="https://github.com/muchweb/simple-php-upload"><img style="position: absolute; top: 0; right: 0; border: 0;" src="https://camo.githubusercontent.com/38ef81f8aca64bb9a64448d0d70f1308ef5341ab/68747470733a2f2f73332e616d617a6f6e6177732e636f6d2f6769746875622f726962626f6e732f666f726b6d655f72696768745f6461726b626c75655f3132313632312e706e67" alt="Fork me on GitHub" data-canonical-src="https://s3.amazonaws.com/github/ribbons/forkme_right_darkblue_121621.png"></a>
-		<script charset="utf-8">
+		<?php
+		}
+
+		if ($settings['allow_external_refs']) {
+		?>
+			<a href="https://github.com/muchweb/simple-php-upload" target="_blank"><img style="position: absolute; top: 0; right: 0; border: 0;" src="https://camo.githubusercontent.com/38ef81f8aca64bb9a64448d0d70f1308ef5341ab/68747470733a2f2f73332e616d617a6f6e6177732e636f6d2f6769746875622f726962626f6e732f666f726b6d655f72696768745f6461726b626c75655f3132313632312e706e67" alt="Fork me on GitHub" data-canonical-src="https://s3.amazonaws.com/github/ribbons/forkme_right_darkblue_121621.png"></a>
+		<?php
+		} else {
+		?>
+			<a href="https://github.com/muchweb/simple-php-upload" target="_blank">Fork me on GitHub</a>
+		<?php
+		}
+		?>
+		<script type="text/javascript">
+		<!--
 			var target_form = document.getElementById('simpleupload-form'),
 				target_ul = document.getElementById('simpleupload-ul'),
 				target_input = document.getElementById('simpleupload-input');
@@ -479,6 +535,7 @@
 				AddFileLi('Uploading...', '');
 				target_form.submit();
 			};
+		//-->
 		</script>
 	</body>
 </html>