Use ===

[uguu.git] / includes / core.php

diff --git a/includes/core.php b/includes/core.php
index 3d74e8c8f15be4751b616c626b4466f7f0421e85..5aca11bbfb753d4bf7a23c0efe4136ab093dfbb6 100644 (file)
--- a/includes/core.php
+++ b/includes/core.php
@@ -1,24 +1,18 @@
 <?php
+//Loading configuration file
+require_once "config.php";
+
+//Saving the file on the server
 function save_file ($file, $name, $arg, $type){
-    //Where to save
-    $path='/home/neku/www/files/';
-    $block = array('exe', 'scr', 'rar', 'zip', 'com', 'vbs', 'bat', 'cmd', 'html', 'htm', 'msi');
     //Generate name depending on arg
     switch($arg){
         case 'random':
             $ext = pathinfo($file.$name, PATHINFO_EXTENSION);
             $ext = strtolower($ext);
-            if(in_array($ext, $block)){
-                if($type==='normal'){
-                include_once('error_meow.php');
-                exit(0);
-                }else{
-                    exit('File type not allowed.');
-                }
-                }
+            verify_extension($ext, $type);
             $file_name = gen_name('random', $ext);
-            while(file_exists($path.$file_name)){
-                $file_name = gen_name('random', $ext);
+            while(file_exists(CONFIG_FILES_PATH.$file_name)){
+              $file_name = gen_name('random', $ext);
             }
             break;
         case 'custom_original':
@@ -27,38 +21,37 @@ function save_file ($file, $name, $arg, $type){
                 $file_name = gen_name('custom_original', $name);
                 $ext = pathinfo($file_name, PATHINFO_EXTENSION);
                 $ext = strtolower($ext);
-                if(in_array($ext, $block)){
-                if($type==='normal'){
-                include_once('error_meow.php');
-                exit(0);
-                }else{
-                    exit('File type not allowed.');
-                }
-                }
-            while(file_exists($path.$file_name)){
+                verify_extension($ext, $type);
+            while(file_exists(CONFIG_FILES_PATH.$file_name)){
                 $file_name = gen_name('custom_original', $name);
             }
             break;
     }
     //Move the file to the above location with said filename
-    move_uploaded_file($file,$path.$file_name);
+    move_uploaded_file($file,CONFIG_FILES_PATH.$file_name);
     //Check if html or plain text should be returned
     if($type==='tool'){
     //Return url+filename to the user (plain text)
-    echo 'http://a.uguu.se/'.urlencode($file_name);
+    if(CONFIG_SUBUPLOAD_URL_ENABLED == "true"){
+    echo CONFIG_SUBUPLOAD_URL.'/'.urlencode($file_name);
+    }else{
+    echo CONFIG_ROOT_URL.'/files/'.urlencode($file_name);
+    }
     exit(0);
     }elseif($type==='normal'){
     //Return url+filename to the user (HTML)
     $n=urlencode($file_name);
-    include_once('/home/neku/www/page/public/upload-done.php');
+    include_once(CONFIG_ROOT_PATH.'upload-done.php');
     exit(0);
     }
 }
+
+#Generate a random name for the uploaded file
 function gen_name($arg, $in){
-    $chars = 'abcdefghijklmnopqrstuvwxyz';
+    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
     $name = '';
-    for ($i = 0; $i < 6; $i++) {
-    $name .= $chars[mt_rand(0, 25)];
+    for ($i = 0; $i < CONFIG_RANDOM_LENGTH; $i++) {
+    $name .= $chars[mt_rand(0, 60)];
         }
     switch($arg){
         case 'random':
@@ -69,3 +62,21 @@ function gen_name($arg, $in){
             break;
     }
 }
+
+//Verify that the extension is allowed
+function verify_extension($ext, $type){
+    if(CONFIG_EXTENSION_BLOCKING_MODE === "WHITELIST") {
+        $allowed = in_array($ext, unserialize(CONFIG_ALLOWED_EXTENSIONS));
+    }else{
+        $allowed = !in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS));
+    }
+
+    if(!$allowed){
+        if($type==='normal'){
+            include_once(CONFIG_ROOT_PATH.'error_meow.php');
+            exit(0);
+        }else{
+            exit('File type not allowed.');
+        }
+    }
+}