Code: Select all
echo"<script>
alert(\"test!\");
</script>";
return;Code: Select all
//file is mp3
if($_POST["selection"]==2){
# edit #
$username=$_POST["username"];
$max_filesize = 4024000;
$uploads = "../usercontent/$username/audio";
$types_array = array('audio/mpeg','audio/mpeg3','audio/mpg','audio/mp3');
# end edit #
if($_FILES['file']['name'] == "")
{
echo"<script>
alert(\"Please select a file to upload!\");
</script>";
return;
}
$finfo = finfo_open(FILEINFO_MIME_TYPE);
if(!in_array(finfo_file($finfo, $_FILES['file']['tmp_name']), $types_array)) {
echo"<script>
alert(\"Only Mp3s are allowed!\");
</script>";
return;// error
}
finfo_close($finfo);
$blacklist = array(".php", ".phtml", ".php3", ".php4", ".js", ".shtml", ".pl" ,".py");
foreach ($blacklist as $item) {
if(preg_match("/$item\$/i", $_FILES['file']['name'])) {
echo "We do not allow uploading of this type of file\n";
echo"<script>
alert(\"We do not allow uploading of this type of file. Your account has been flagged!\");
</script>";
return;
}
}
$max_filesize_kb = ($max_filesize / 1024);
if($_FILES['file']['size'] > $max_filesize)
{
echo"<script>
alert(\"Your file is too large it must be.$max_filesize_kb.kb\");
</script>";
return;
}
$mp3=urlencode($_FILES['file']['name']);
$length=strlen($mp3);
if ($length>55){
echo"<script>
alert(\"Please shorten your filename.\");
</script>";
return;
}
$checkmp3="SELECT * FROM mp3 WHERE mp3='$mp3' AND username='$username'";
$querymp3=mysql_query($checkmp3) or die('Error, select query failed');
$countmp3 = mysql_num_rows($querymp3);
if ($countmp3>=1){
echo"<script>
alert(\"This file already exists in your file.\");
</script>";
return;
}
$checkmp3="SELECT * FROM mp3 WHERE username='$username'";
$querymp3=mysql_query($checkmp3) or die('Error, select query failed');
$countmp3 = mysql_num_rows($querymp3);
if ($countmp3==3){
echo"<script>
alert(\"You can only store 3 mp3 files at once.\");
</script>";
return;
}
else{
$mp3=$_FILES['file']['name'];
$second_query = "INSERT INTO mp3
(username, mp3) VALUES('$username', '$mp3')";
mysql_query($second_query) or die('Error, insert query failed');
move_uploaded_file($_FILES['file']['tmp_name'], $uploads.'/'.$_FILES['file']['name'])
or die ("Couldn't upload ".$_FILES['file']['name']."\n");
echo"<script>
alert(\"File uploaded Refresh the page to view it\");
</script>";
return;
}
}