-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathblogupload.php
More file actions
45 lines (41 loc) · 1.37 KB
/
blogupload.php
File metadata and controls
45 lines (41 loc) · 1.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<?php
include_once '../private/db_connect.php';
include_once '../private/functions.php';
include_once '../private/register.inc.php';
sec_session_start();
if (login_check($mysqli) == "admin" || login_check($mysqli) == "blog") {
$target_dir = $_GET['dir'].'/';
//$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
$uploadOk = 1;
}
// Check if file already exists
if (file_exists($target_file)) {
echo "Sorry, file already exists.";
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
header("Location: ../blog.php?blog=".$_GET['dir']);
} else {
echo "Sorry, there was an error uploading your file.";
}
}
}else{
echo 'You are not authorised to upload files. Please login with an admin account';
}
?>