-/**
- * Require the settings and DB files.
- */
-require_once 'classes/Response.class.php';
-require_once 'classes/UploadException.class.php';
-require_once 'classes/UploadedFile.class.php';
-require_once 'includes/database.inc.php';
-
-/**
- * Generates name and checks in DB
- * Also adds to DB.
- */
-function generateName($file)
-{
- global $db;
- global $doubledots;
-
- // We start at N retries, and --N until we give up
- $tries = POMF_FILES_RETRIES;
- $length = POMF_FILES_LENGTH;
- //Get EXT
- $ext = pathinfo($file->name, PATHINFO_EXTENSION);
- //Get mime
- $finfo = finfo_open(FILEINFO_MIME_TYPE);
- $type_mime = finfo_file($finfo, $file->tempfile);
- finfo_close($finfo);
-
- // Check if extension is a double-dot extension and, if true, override $ext
- $revname = strrev($file->name);
- foreach ($doubledots as $ddot) {
- if (stripos($revname, $ddot) === 0) {
- $ext = strrev($ddot);
- }
- }
-
- do {
- // Iterate until we reach the maximum number of retries
- if ($tries-- === 0) {
- throw new Exception(
- 'Gave up trying to find an unused name',
- 500
- ); // HTTP status code "500 Internal Server Error"
- }
-
- $chars = ID_CHARSET;
- $name = '';
- for ($i = 0; $i < $length; ++$i) {
- $name .= $chars[mt_rand(0, strlen($chars))];
- }
-
- // Add the extension to the file name
- if (isset($ext) && $ext !== '') {
- $name .= '.'.$ext;
- }
-
- //Check if mime is blacklisted
- if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
- throw new Exception('Extension type not allowed.');
- exit(0);
- }
-
- //Check if EXT is blacklisted
- if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
- throw new Exception('Extension type not allowed.');
- exit(0);
- }
-
- // Check if a file with the same name does already exist in the database
- $q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
- $q->bindValue(':name', $name, PDO::PARAM_STR);
- $q->execute();
- $result = $q->fetchColumn();
- // If it does, generate a new name
- } while ($result > 0);
-
- return $name;
-}
-
-/**
- * Handles the uploading and db entry for a file.