Help with Olate Download script

Kinjiro · March 30, 2010

I recently downloaded Olate (http://sourceforge.net/projects/olatedownload/files/) for use for my upcoming Game Save website. The script works great for what I need, but I was hoping to get some help on 2 issues I would like to have, in order to help reduce other uploads and help build a community. Here are the 2 issues I would hope to have help with:

1. phpBB registration login to upload. Basically I would like to make it so people have to be members of the GameSave community in order to upload/download gamesaves.

2. file size limit. For whatever reason, Olate didnt put a section to alter the limit on uploading files. I would like to set it to 300kb or so, which is likely far high for a memory card or gamesave, but should eliminate anyone trying to upload a rom.

The main thing I need help with is file size limits, though if it isnt hard to integrate the phpbb login that would be diamond as well. Here is the upload php page:

<?php

/**********************************
* Olate Download 3.4.1
* http://www.olate.co.uk/od3
**********************************
* Copyright Olate Ltd 2005
*
* @author $Author: dsalisbury $ (Olate Ltd)
* @version $Revision: 259 $
* @package od
*
* Updated: $Date: 2006-10-10 20:27:12 +0100 (Tue, 10 Oct 2006) $
*/

// Initialisation
require('./includes/init.php');

// Show categories
$fcm->show_cats();

validate_types($input, array('name' => 'STR', 'description_small' => 'STR',
							 'description_big' => 'STR', 'category' => 'INT',
							 'downloads' => 'INT', 'size' => 'INT', 
							 'agreement' => 'INT', 'password' => 'STR', 'upload' => 'INT',
							 'convert_newlines' => 'INT', 'filesize_format' => 'STR'));

if ($site_config['enable_useruploads'] == 1)
{
// Upload file
if (isset($_FILES['uploadfile']))
{		
	$ext = strrchr($_FILES['uploadfile']['name'], '.');
	$allowed_ext = explode(',', $site_config['uploads_allowed_ext']);

	// It's like finding a needle in a haystack...
	if (in_array($ext, $allowed_ext))
	{
		$time = time();

		if (move_uploaded_file($_FILES['uploadfile']['tmp_name'], './uploads/upload-'.$time.'-'.basename($_FILES['uploadfile']['name']))) 
		{
			// Get various variables
			if (!empty($input['password']))
			{
				$password = md5($input['password']);
			}
			else
			{
				$password = '';
			}

			if (!empty($input['convert_newlines']) && $input['convert_newlines'] === 1)
			{
				$convert_newlines = $input['convert_newlines'];
			}
			else
			{
				$convert_newlines = 0;
			}

			// Gigabyte?
			if ($input['filesize_format'] == 'gb')
			{
				$filesize = $input['size'] * pow(1024,3);
			}
			// Megabyte?
			elseif ($input['filesize_format'] == 'mb')
			{
				$filesize = $input['size'] * pow(1024,2);
			}
			// Kilobyte?
			elseif ($input['filesize_format'] == 'kb')
			{
				$filesize = $input['size'] * 1024;
			}
			// Byte, or otherwise
			else
			{
				$filesize = $input['size'];
			}

			$dbim->query('INSERT INTO '.DB_PREFIX.'files
							SET category_id = "'.$input['category'].'", 
								name = "'.$input['name'].'", 
								description_small = "'.$input['description_small'].'", 
								description_big = "'.$input['description_big'].'", 
								downloads = "'.$input['downloads'].'", 
								size = "'.$input['size'].'", 
								date = "'.$time.'",
								agreement_id = "'.$input['agreement'].'",
								password = "'.$password.'",
								status = 0,
								convert_newlines = '.$convert_newlines);

			$file_id = $dbim->insert_id();

			// File was uploaded successfully - add as a mirror
			$dbim->query('INSERT INTO '.DB_PREFIX.'mirrors
							SET file_id = '.$file_id.', 
								name = "Mirror 1", 
								location = "Earth", 
								url = "'.$site_config['url'].'uploads/upload-'.$time.'-'.basename($_FILES['uploadfile']['name']).'"');			

			// Get filesize in bytes
			$filesize = filesize('./uploads/upload-'.$time.'-'.basename($_FILES['uploadfile']['name']));

			// Update file size
			$dbim->query('UPDATE '.DB_PREFIX.'files
							SET size = '.$filesize.'
							WHERE id = '.$file_id);

			// Template
			$add_file = $uim->fetch_template('files/userupload_add');

			if ($site_config['userupload_always_approve'])
			{
				// Set file as active
				$dbim->query('UPDATE '.DB_PREFIX.'files
								SET status = 1
								WHERE id = '.$file_id);

				$success = true; // For redirect EOF
				$add_file->assign_var('id', $file_id);
				$add_file->assign_var('success', true);

			}
			else
			{
				$error = $lm->language('admin', 'upload_error_0');
			}

			// E-mail admin to let them know
			$message = "Hello,\n\nA user (".$_SERVER['REMOTE_ADDR'].") has just added a file to your site.";

			if ($site_config['userupload_always_approve'] == 0)
			{
				 $message .= " For security reasons, it is not yet viewable - you must first enable it by editing the file at \n\n".$site_config['url']."admin.php?cmd=files_edit_file&action=file_select&file_id=".$file_id;
			}
			else
			{
				$message .= " You can see it at \n\n".$site_config['url']."details.php?file=".$file_id;

				$dbim->query('UPDATE '.DB_PREFIX.'files
								SET status = 1
								WHERE id = '.$file_id);
			}

			// Send
			mail($site_config['admin_email'], 'New File Added', $message, 'From: '.$site_config['admin_email']);
		}
		else 
		{
			switch ($_FILES['uploadfile']['error'])
			{
				case 1:
					$error = $lm->language('admin', 'upload_error_1');
					break;
				case 3:
					$error = $lm->language('admin', 'upload_error_3');
					break;
				case 4:
					$error = $lm->language('admin', 'upload_error_4');
					break;
			}
		}
	}
	else
	{
		$error = $lm->language('admin', 'upload_error_ext');
	}

	if (!isset($add_file))
	{
		// Template
		$add_file = $uim->fetch_template('files/userupload_upload');

		// Any error?
		if (!empty($error))
		{
			$add_file->assign_var('error', $error);
			$add_file->assign_var('success', false);
		}

	}
}

// Has the form been submitted?
if (isset($input['submit']) && !empty($input['name']) && !isset($_FILES['uploadfile']))
{
	if (isset($input['upload']))
	{	
		// Use this in place of an ID for the time being... (no pun)			
		$time = time();

		// Template
		$add_file = $uim->fetch_template('files/userupload_upload');

		// These are the fields we need to pass on to the upload section
		$wanted_elements = array('name', 'description_small', 'description_big', 
									'convert_newlines', 'category', 'size',
									'filesize_format');

		foreach ($input as $key => $value)
		{
			if (in_array($key, $wanted_elements) || (strpos($key, 'custom_field') !== false))
			{
				$add_file->assign_var('key', $key);
				$add_file->assign_var('value', $value);
				$add_file->use_block('submitted_data');
			}
		}

		// Display the max filesize that can be uploaded
		$max_upload_size = "300 KB";
		$add_file->assign_var('max_upload_size', $max_upload_size);
	}
	else
	{
		for ($i = 1; $i <= $site_config['mirrors']; $i++)
		{
			validate_types($input, array('mirror'.$i.'_name' => 'STR', 'mirror'.$i.'_location' => 'STR', 'mirror'.$i.'_url' => 'STR'));

			if (!empty($input['mirror'.$i.'_name']) && !empty($input['mirror'.$i.'_location'])&& !empty($input['mirror'.$i.'_url']))
			{
				// Have we inserted into the database yet?
				if (empty($inserted))
				{
					// Get various variables
					if (!empty($input['password']))
					{
						$password = md5($input['password']);
					}
					else
					{
						$password = '';
					}

					if (!empty($input['convert_newlines']) && $input['convert_newlines'] === 1)
					{
						$convert_newlines = $input['convert_newlines'];
					}
					else
					{
						$convert_newlines = 0;
					}

					// Gigabyte
					if ($input['filesize_format'] == 'gb')
					{
						$filesize = floatval($input['size'] * pow(1024,3));
					}
					// Megabyte
					elseif ($input['filesize_format'] == 'mb')
					{
						$filesize = floatval($input['size'] * pow(1024,2));
					}
					// Kilobyte
					elseif ($input['filesize_format'] == 'kb')
					{
						$filesize = floatval($input['size'] * 1024);
					}
					// Byte, or otherwise
					else
					{
						$filesize = floatval($input['size']);
					}

					$dbim->query('INSERT INTO '.DB_PREFIX.'files
									SET category_id = "'.$input['category'].'", 
										name = "'.$input['name'].'", 
										description_small = "'.$input['description_small'].'", 
										description_big = "'.$input['description_big'].'", 
										downloads = "'.$input['downloads'].'", 
										size = "'.$filesize.'", 
										date = "'.time().'",
										agreement_id = "'.$input['agreement'].'",
										password = "'.$password.'",
										status = 0,
										convert_newlines = '.$convert_newlines);

					$file_id = $dbim->insert_id();

					// We have now, and don't want to do it again
					$inserted = true;
				}

				$dbim->query('INSERT INTO '.DB_PREFIX.'mirrors
								SET file_id = '.$file_id.', 
									name = "'.$input['mirror'.$i.'_name'].'", 
									location = "'.$input['mirror'.$i.'_location'].'", 
									url = "'.$input['mirror'.$i.'_url'].'"');
				$success = true;
			}
		}	

		// Don't do anything unless row has been inserted
		if (!empty($inserted))
		{
			// Add the new custom field value
			for ($i = 1; $i <= $input['custom_field_total']; $i++)
			{			 
				if (!empty($input['custom_field_'.$i.'_value']))
				{
					validate_types($input, array('custom_field_'.$i.'_value' => 'STR'));

					// Add
					$dbim->query('INSERT INTO '.DB_PREFIX.'customfields_data
									SET field_id = '.$input['custom_field_'.$i.'_field_id'].',
									file_id = '.$file_id.',
									value = "'.$input['custom_field_'.$i.'_value'].'"');
				}
			}

			// E-mail admin to let them know
			$message = "Hello,\n\nA user (".$_SERVER['REMOTE_ADDR'].") has just added a file to your site.";

			if ($site_config['userupload_always_approve'] == 0)
			{
				 $message .= " For security reasons, it is not yet viewable - you must first enable it by editing the file at \n\n".$site_config['url']."admin.php?cmd=files_edit_file&action=file_select&file_id=".$file_id;
			}
			else
			{
				$message .= " You can see it at \n\n".$site_config['url']."details.php?file=".$file_id;

				$dbim->query('UPDATE '.DB_PREFIX.'files
								SET status = 1
								WHERE id = '.$file_id);
			}

			// Send
			mail($site_config['admin_email'], 'New File Added', $message, 'From: '.$site_config['admin_email']);
		}
		else
		{
			$success = false;
		}

		// Template
		$add_file = $uim->fetch_template('files/userupload_add');

		#$success = true; // For redirect EOF
		$add_file->assign_var('id', $file_id);
		$add_file->assign_var('success', $success);
	}
}

if (!isset($add_file))
{
	// Template
	$add_file = $uim->fetch_template('files/userupload_add');
}

$fcm->generate_category_list($add_file, 'category', 'cats');

// Get the agreements
$agreements_result = $dbim->query('SELECT id, name, contents
									FROM '.DB_PREFIX.'agreements');

while ($agreement = $dbim->fetch_array($agreements_result))
{
	$add_file->assign_var('agreement', $agreement);
	$add_file->use_block('agreements');
}

// Custom fields
$custom_query = $dbim->query('SELECT id, label, value
								FROM '.DB_PREFIX.'customfields');

$rows = $dbim->num_rows($custom_query);  
$add_file->assign_var('custom_field_total', $rows);  
$id = 1;

while ($custom_fields = $dbim->fetch_array($custom_query))
{
	$custom_fields['uid'] = $id;
	$add_file->assign_var('custom_field', $custom_fields);
	$add_file->use_block('custom_fields');
	$id++;
}

// Show mirror entry forms
$mirror_amount = $site_config['mirrors'];
$current_mirror = 1;

while ($current_mirror <= $mirror_amount)
{
	$add_file->assign_var('mirror', $current_mirror);
	$add_file->use_block('mirror');

	$current_mirror++;
}

// Use FCKeditor or not?
if (use_fckeditor())
{
	$add_file->assign_var('use_fckeditor', true);

	// Module
	include_once ('FCKeditor/fckeditor.php');

	// Small description
	$fck_desc_small = new FCKeditor('description_small');
	$fck_desc_small->BasePath = $site_config['url'].'FCKeditor/';
	$fck_desc_small->ToolbarSet = 'od';
	$fck_desc_small->Width = '90%';
	$fck_desc_small->Height = '200';
	$desc_small_html = $fck_desc_small->CreateHtml();
	$add_file->assign_var('desc_small_html', $desc_small_html);

	// Big description
	$fck_desc_big = new FCKeditor('description_big');
	$fck_desc_big->BasePath = $site_config['url'].'FCKeditor/';
	$fck_desc_big->ToolbarSet = 'od';
	$fck_desc_big->Width = '90%';
	$fck_desc_big->Height = '200';
	$desc_big_html = $fck_desc_big->CreateHtml();
	$add_file->assign_var('desc_big_html', $desc_big_html);
}
else
{
	$add_file->assign_var('use_fckeditor', false);
}

$add_file->show();
}
else
{
$add_file = $uim->fetch_template('files/userupload_disabled');
$add_file->show();
}

// End table
$end = $uim->fetch_template('global/end');
$end->show();

// Show everything
$uim->generate(TITLE_PREFIX.$lm->language('admin', 'add_file'));

?>

As you can see they have a file extension variable where you can only have whatever you place for allowed extentions, but no file size variable.

This is the error message for if a file exceeds the maximum allowed:

$error = $lm->language('admin', 'upload_error_1');

but again, I cannot find where you would be able to set a file size limit

If a webhost can alter a php.ini file per website, I will likely just go that route and have the file limited that way (unless the php.ini file is available to me). Should I do that I can still upload via ftp larger size files right (mainly my logo or a database query)?

Kinjiro · April 1, 2010

I was able to restrict the file size that could be uploaded, thankfully, by using the htaccess.

I will probably not worry about the phpbb integration.

Sign In

Help with Olate Download script

Recommended Posts

Kinjiro

Link to comment

Share on other sites

Kinjiro

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information