Kinjiro Posted March 30, 2010 Share Posted March 30, 2010 I recently downloaded Olate (http://sourceforge.net/projects/olatedownload/files/) for use for my upcoming Game Save website. The script works great for what I need, but I was hoping to get some help on 2 issues I would like to have, in order to help reduce other uploads and help build a community. Here are the 2 issues I would hope to have help with: 1. phpBB registration login to upload. Basically I would like to make it so people have to be members of the GameSave community in order to upload/download gamesaves. 2. file size limit. For whatever reason, Olate didnt put a section to alter the limit on uploading files. I would like to set it to 300kb or so, which is likely far high for a memory card or gamesave, but should eliminate anyone trying to upload a rom. The main thing I need help with is file size limits, though if it isnt hard to integrate the phpbb login that would be diamond as well. Here is the upload php page: <?php /********************************** * Olate Download 3.4.1 * http://www.olate.co.uk/od3 ********************************** * Copyright Olate Ltd 2005 * * @author $Author: dsalisbury $ (Olate Ltd) * @version $Revision: 259 $ * @package od * * Updated: $Date: 2006-10-10 20:27:12 +0100 (Tue, 10 Oct 2006) $ */ // Initialisation require('./includes/init.php'); // Show categories $fcm->show_cats(); validate_types($input, array('name' => 'STR', 'description_small' => 'STR', 'description_big' => 'STR', 'category' => 'INT', 'downloads' => 'INT', 'size' => 'INT', 'agreement' => 'INT', 'password' => 'STR', 'upload' => 'INT', 'convert_newlines' => 'INT', 'filesize_format' => 'STR')); if ($site_config['enable_useruploads'] == 1) { // Upload file if (isset($_FILES['uploadfile'])) { $ext = strrchr($_FILES['uploadfile']['name'], '.'); $allowed_ext = explode(',', $site_config['uploads_allowed_ext']); // It's like finding a needle in a haystack... if (in_array($ext, $allowed_ext)) { $time = time(); if (move_uploaded_file($_FILES['uploadfile']['tmp_name'], './uploads/upload-'.$time.'-'.basename($_FILES['uploadfile']['name']))) { // Get various variables if (!empty($input['password'])) { $password = md5($input['password']); } else { $password = ''; } if (!empty($input['convert_newlines']) && $input['convert_newlines'] === 1) { $convert_newlines = $input['convert_newlines']; } else { $convert_newlines = 0; } // Gigabyte? if ($input['filesize_format'] == 'gb') { $filesize = $input['size'] * pow(1024,3); } // Megabyte? elseif ($input['filesize_format'] == 'mb') { $filesize = $input['size'] * pow(1024,2); } // Kilobyte? elseif ($input['filesize_format'] == 'kb') { $filesize = $input['size'] * 1024; } // Byte, or otherwise else { $filesize = $input['size']; } $dbim->query('INSERT INTO '.DB_PREFIX.'files SET category_id = "'.$input['category'].'", name = "'.$input['name'].'", description_small = "'.$input['description_small'].'", description_big = "'.$input['description_big'].'", downloads = "'.$input['downloads'].'", size = "'.$input['size'].'", date = "'.$time.'", agreement_id = "'.$input['agreement'].'", password = "'.$password.'", status = 0, convert_newlines = '.$convert_newlines); $file_id = $dbim->insert_id(); // File was uploaded successfully - add as a mirror $dbim->query('INSERT INTO '.DB_PREFIX.'mirrors SET file_id = '.$file_id.', name = "Mirror 1", location = "Earth", url = "'.$site_config['url'].'uploads/upload-'.$time.'-'.basename($_FILES['uploadfile']['name']).'"'); // Get filesize in bytes $filesize = filesize('./uploads/upload-'.$time.'-'.basename($_FILES['uploadfile']['name'])); // Update file size $dbim->query('UPDATE '.DB_PREFIX.'files SET size = '.$filesize.' WHERE id = '.$file_id); // Template $add_file = $uim->fetch_template('files/userupload_add'); if ($site_config['userupload_always_approve']) { // Set file as active $dbim->query('UPDATE '.DB_PREFIX.'files SET status = 1 WHERE id = '.$file_id); $success = true; // For redirect EOF $add_file->assign_var('id', $file_id); $add_file->assign_var('success', true); } else { $error = $lm->language('admin', 'upload_error_0'); } // E-mail admin to let them know $message = "Hello,\n\nA user (".$_SERVER['REMOTE_ADDR'].") has just added a file to your site."; if ($site_config['userupload_always_approve'] == 0) { $message .= " For security reasons, it is not yet viewable - you must first enable it by editing the file at \n\n".$site_config['url']."admin.php?cmd=files_edit_file&action=file_select&file_id=".$file_id; } else { $message .= " You can see it at \n\n".$site_config['url']."details.php?file=".$file_id; $dbim->query('UPDATE '.DB_PREFIX.'files SET status = 1 WHERE id = '.$file_id); } // Send mail($site_config['admin_email'], 'New File Added', $message, 'From: '.$site_config['admin_email']); } else { switch ($_FILES['uploadfile']['error']) { case 1: $error = $lm->language('admin', 'upload_error_1'); break; case 3: $error = $lm->language('admin', 'upload_error_3'); break; case 4: $error = $lm->language('admin', 'upload_error_4'); break; } } } else { $error = $lm->language('admin', 'upload_error_ext'); } if (!isset($add_file)) { // Template $add_file = $uim->fetch_template('files/userupload_upload'); // Any error? if (!empty($error)) { $add_file->assign_var('error', $error); $add_file->assign_var('success', false); } } } // Has the form been submitted? if (isset($input['submit']) && !empty($input['name']) && !isset($_FILES['uploadfile'])) { if (isset($input['upload'])) { // Use this in place of an ID for the time being... (no pun) $time = time(); // Template $add_file = $uim->fetch_template('files/userupload_upload'); // These are the fields we need to pass on to the upload section $wanted_elements = array('name', 'description_small', 'description_big', 'convert_newlines', 'category', 'size', 'filesize_format'); foreach ($input as $key => $value) { if (in_array($key, $wanted_elements) || (strpos($key, 'custom_field') !== false)) { $add_file->assign_var('key', $key); $add_file->assign_var('value', $value); $add_file->use_block('submitted_data'); } } // Display the max filesize that can be uploaded $max_upload_size = "300 KB"; $add_file->assign_var('max_upload_size', $max_upload_size); } else { for ($i = 1; $i <= $site_config['mirrors']; $i++) { validate_types($input, array('mirror'.$i.'_name' => 'STR', 'mirror'.$i.'_location' => 'STR', 'mirror'.$i.'_url' => 'STR')); if (!empty($input['mirror'.$i.'_name']) && !empty($input['mirror'.$i.'_location'])&& !empty($input['mirror'.$i.'_url'])) { // Have we inserted into the database yet? if (empty($inserted)) { // Get various variables if (!empty($input['password'])) { $password = md5($input['password']); } else { $password = ''; } if (!empty($input['convert_newlines']) && $input['convert_newlines'] === 1) { $convert_newlines = $input['convert_newlines']; } else { $convert_newlines = 0; } // Gigabyte if ($input['filesize_format'] == 'gb') { $filesize = floatval($input['size'] * pow(1024,3)); } // Megabyte elseif ($input['filesize_format'] == 'mb') { $filesize = floatval($input['size'] * pow(1024,2)); } // Kilobyte elseif ($input['filesize_format'] == 'kb') { $filesize = floatval($input['size'] * 1024); } // Byte, or otherwise else { $filesize = floatval($input['size']); } $dbim->query('INSERT INTO '.DB_PREFIX.'files SET category_id = "'.$input['category'].'", name = "'.$input['name'].'", description_small = "'.$input['description_small'].'", description_big = "'.$input['description_big'].'", downloads = "'.$input['downloads'].'", size = "'.$filesize.'", date = "'.time().'", agreement_id = "'.$input['agreement'].'", password = "'.$password.'", status = 0, convert_newlines = '.$convert_newlines); $file_id = $dbim->insert_id(); // We have now, and don't want to do it again $inserted = true; } $dbim->query('INSERT INTO '.DB_PREFIX.'mirrors SET file_id = '.$file_id.', name = "'.$input['mirror'.$i.'_name'].'", location = "'.$input['mirror'.$i.'_location'].'", url = "'.$input['mirror'.$i.'_url'].'"'); $success = true; } } // Don't do anything unless row has been inserted if (!empty($inserted)) { // Add the new custom field value for ($i = 1; $i <= $input['custom_field_total']; $i++) { if (!empty($input['custom_field_'.$i.'_value'])) { validate_types($input, array('custom_field_'.$i.'_value' => 'STR')); // Add $dbim->query('INSERT INTO '.DB_PREFIX.'customfields_data SET field_id = '.$input['custom_field_'.$i.'_field_id'].', file_id = '.$file_id.', value = "'.$input['custom_field_'.$i.'_value'].'"'); } } // E-mail admin to let them know $message = "Hello,\n\nA user (".$_SERVER['REMOTE_ADDR'].") has just added a file to your site."; if ($site_config['userupload_always_approve'] == 0) { $message .= " For security reasons, it is not yet viewable - you must first enable it by editing the file at \n\n".$site_config['url']."admin.php?cmd=files_edit_file&action=file_select&file_id=".$file_id; } else { $message .= " You can see it at \n\n".$site_config['url']."details.php?file=".$file_id; $dbim->query('UPDATE '.DB_PREFIX.'files SET status = 1 WHERE id = '.$file_id); } // Send mail($site_config['admin_email'], 'New File Added', $message, 'From: '.$site_config['admin_email']); } else { $success = false; } // Template $add_file = $uim->fetch_template('files/userupload_add'); #$success = true; // For redirect EOF $add_file->assign_var('id', $file_id); $add_file->assign_var('success', $success); } } if (!isset($add_file)) { // Template $add_file = $uim->fetch_template('files/userupload_add'); } $fcm->generate_category_list($add_file, 'category', 'cats'); // Get the agreements $agreements_result = $dbim->query('SELECT id, name, contents FROM '.DB_PREFIX.'agreements'); while ($agreement = $dbim->fetch_array($agreements_result)) { $add_file->assign_var('agreement', $agreement); $add_file->use_block('agreements'); } // Custom fields $custom_query = $dbim->query('SELECT id, label, value FROM '.DB_PREFIX.'customfields'); $rows = $dbim->num_rows($custom_query); $add_file->assign_var('custom_field_total', $rows); $id = 1; while ($custom_fields = $dbim->fetch_array($custom_query)) { $custom_fields['uid'] = $id; $add_file->assign_var('custom_field', $custom_fields); $add_file->use_block('custom_fields'); $id++; } // Show mirror entry forms $mirror_amount = $site_config['mirrors']; $current_mirror = 1; while ($current_mirror <= $mirror_amount) { $add_file->assign_var('mirror', $current_mirror); $add_file->use_block('mirror'); $current_mirror++; } // Use FCKeditor or not? if (use_fckeditor()) { $add_file->assign_var('use_fckeditor', true); // Module include_once ('FCKeditor/fckeditor.php'); // Small description $fck_desc_small = new FCKeditor('description_small'); $fck_desc_small->BasePath = $site_config['url'].'FCKeditor/'; $fck_desc_small->ToolbarSet = 'od'; $fck_desc_small->Width = '90%'; $fck_desc_small->Height = '200'; $desc_small_html = $fck_desc_small->CreateHtml(); $add_file->assign_var('desc_small_html', $desc_small_html); // Big description $fck_desc_big = new FCKeditor('description_big'); $fck_desc_big->BasePath = $site_config['url'].'FCKeditor/'; $fck_desc_big->ToolbarSet = 'od'; $fck_desc_big->Width = '90%'; $fck_desc_big->Height = '200'; $desc_big_html = $fck_desc_big->CreateHtml(); $add_file->assign_var('desc_big_html', $desc_big_html); } else { $add_file->assign_var('use_fckeditor', false); } $add_file->show(); } else { $add_file = $uim->fetch_template('files/userupload_disabled'); $add_file->show(); } // End table $end = $uim->fetch_template('global/end'); $end->show(); // Show everything $uim->generate(TITLE_PREFIX.$lm->language('admin', 'add_file')); ?> As you can see they have a file extension variable where you can only have whatever you place for allowed extentions, but no file size variable. This is the error message for if a file exceeds the maximum allowed: $error = $lm->language('admin', 'upload_error_1'); but again, I cannot find where you would be able to set a file size limit If a webhost can alter a php.ini file per website, I will likely just go that route and have the file limited that way (unless the php.ini file is available to me). Should I do that I can still upload via ftp larger size files right (mainly my logo or a database query)? Quote Link to comment Share on other sites More sharing options...
Kinjiro Posted April 1, 2010 Author Share Posted April 1, 2010 I was able to restrict the file size that could be uploaded, thankfully, by using the htaccess. I will probably not worry about the phpbb integration. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.