Jump to content

Recommended Posts

I recently downloaded Olate (http://sourceforge.net/projects/olatedownload/files/) for use for my upcoming Game Save website. The script works great for what I need, but I was hoping to get some help on 2 issues I would like to have, in order to help reduce other uploads and help build a community. Here are the 2 issues I would hope to have help with:

 

1. phpBB registration login to upload. Basically I would like to make it so people have to be members of the GameSave community in order to upload/download gamesaves.

 

2. file size limit. For whatever reason, Olate didnt put a section to alter the limit on uploading files. I would like to set it to 300kb or so, which is likely far high for a memory card or gamesave, but should eliminate anyone trying to upload a rom.

 

The main thing I need help with is file size limits, though if it isnt hard to integrate the phpbb login that would be diamond as well.  Here is the upload php page:

 

<?php

/**********************************
* Olate Download 3.4.1
* http://www.olate.co.uk/od3
**********************************
* Copyright Olate Ltd 2005
*
* @author $Author: dsalisbury $ (Olate Ltd)
* @version $Revision: 259 $
* @package od
*
* Updated: $Date: 2006-10-10 20:27:12 +0100 (Tue, 10 Oct 2006) $
*/

// Initialisation
require('./includes/init.php');

// Show categories
$fcm->show_cats();

validate_types($input, array('name' => 'STR', 'description_small' => 'STR',
							 'description_big' => 'STR', 'category' => 'INT',
							 'downloads' => 'INT', 'size' => 'INT', 
							 'agreement' => 'INT', 'password' => 'STR', 'upload' => 'INT',
							 'convert_newlines' => 'INT', 'filesize_format' => 'STR'));

if ($site_config['enable_useruploads'] == 1)
{
// Upload file
if (isset($_FILES['uploadfile']))
{		
	$ext = strrchr($_FILES['uploadfile']['name'], '.');
	$allowed_ext = explode(',', $site_config['uploads_allowed_ext']);

	// It's like finding a needle in a haystack...
	if (in_array($ext, $allowed_ext))
	{
		$time = time();

		if (move_uploaded_file($_FILES['uploadfile']['tmp_name'], './uploads/upload-'.$time.'-'.basename($_FILES['uploadfile']['name']))) 
		{
			// Get various variables
			if (!empty($input['password']))
			{
				$password = md5($input['password']);
			}
			else
			{
				$password = '';
			}

			if (!empty($input['convert_newlines']) && $input['convert_newlines'] === 1)
			{
				$convert_newlines = $input['convert_newlines'];
			}
			else
			{
				$convert_newlines = 0;
			}

			// Gigabyte?
			if ($input['filesize_format'] == 'gb')
			{
				$filesize = $input['size'] * pow(1024,3);
			}
			// Megabyte?
			elseif ($input['filesize_format'] == 'mb')
			{
				$filesize = $input['size'] * pow(1024,2);
			}
			// Kilobyte?
			elseif ($input['filesize_format'] == 'kb')
			{
				$filesize = $input['size'] * 1024;
			}
			// Byte, or otherwise
			else
			{
				$filesize = $input['size'];
			}

			$dbim->query('INSERT INTO '.DB_PREFIX.'files
							SET category_id = "'.$input['category'].'", 
								name = "'.$input['name'].'", 
								description_small = "'.$input['description_small'].'", 
								description_big = "'.$input['description_big'].'", 
								downloads = "'.$input['downloads'].'", 
								size = "'.$input['size'].'", 
								date = "'.$time.'",
								agreement_id = "'.$input['agreement'].'",
								password = "'.$password.'",
								status = 0,
								convert_newlines = '.$convert_newlines);

			$file_id = $dbim->insert_id();

			// File was uploaded successfully - add as a mirror
			$dbim->query('INSERT INTO '.DB_PREFIX.'mirrors
							SET file_id = '.$file_id.', 
								name = "Mirror 1", 
								location = "Earth", 
								url = "'.$site_config['url'].'uploads/upload-'.$time.'-'.basename($_FILES['uploadfile']['name']).'"');			

			// Get filesize in bytes
			$filesize = filesize('./uploads/upload-'.$time.'-'.basename($_FILES['uploadfile']['name']));

			// Update file size
			$dbim->query('UPDATE '.DB_PREFIX.'files
							SET size = '.$filesize.'
							WHERE id = '.$file_id);

			// Template
			$add_file = $uim->fetch_template('files/userupload_add');

			if ($site_config['userupload_always_approve'])
			{
				// Set file as active
				$dbim->query('UPDATE '.DB_PREFIX.'files
								SET status = 1
								WHERE id = '.$file_id);

				$success = true; // For redirect EOF
				$add_file->assign_var('id', $file_id);
				$add_file->assign_var('success', true);

			}
			else
			{
				$error = $lm->language('admin', 'upload_error_0');
			}

			// E-mail admin to let them know
			$message = "Hello,\n\nA user (".$_SERVER['REMOTE_ADDR'].") has just added a file to your site.";

			if ($site_config['userupload_always_approve'] == 0)
			{
				 $message .= " For security reasons, it is not yet viewable - you must first enable it by editing the file at \n\n".$site_config['url']."admin.php?cmd=files_edit_file&action=file_select&file_id=".$file_id;
			}
			else
			{
				$message .= " You can see it at \n\n".$site_config['url']."details.php?file=".$file_id;

				$dbim->query('UPDATE '.DB_PREFIX.'files
								SET status = 1
								WHERE id = '.$file_id);
			}

			// Send
			mail($site_config['admin_email'], 'New File Added', $message, 'From: '.$site_config['admin_email']);
		}
		else 
		{
			switch ($_FILES['uploadfile']['error'])
			{
				case 1:
					$error = $lm->language('admin', 'upload_error_1');
					break;
				case 3:
					$error = $lm->language('admin', 'upload_error_3');
					break;
				case 4:
					$error = $lm->language('admin', 'upload_error_4');
					break;
			}
		}
	}
	else
	{
		$error = $lm->language('admin', 'upload_error_ext');
	}

	if (!isset($add_file))
	{
		// Template
		$add_file = $uim->fetch_template('files/userupload_upload');

		// Any error?
		if (!empty($error))
		{
			$add_file->assign_var('error', $error);
			$add_file->assign_var('success', false);
		}

	}
}

// Has the form been submitted?
if (isset($input['submit']) && !empty($input['name']) && !isset($_FILES['uploadfile']))
{
	if (isset($input['upload']))
	{	
		// Use this in place of an ID for the time being... (no pun)			
		$time = time();

		// Template
		$add_file = $uim->fetch_template('files/userupload_upload');

		// These are the fields we need to pass on to the upload section
		$wanted_elements = array('name', 'description_small', 'description_big', 
									'convert_newlines', 'category', 'size',
									'filesize_format');

		foreach ($input as $key => $value)
		{
			if (in_array($key, $wanted_elements) || (strpos($key, 'custom_field') !== false))
			{
				$add_file->assign_var('key', $key);
				$add_file->assign_var('value', $value);
				$add_file->use_block('submitted_data');
			}
		}

		// Display the max filesize that can be uploaded
		$max_upload_size = "300 KB";
		$add_file->assign_var('max_upload_size', $max_upload_size);
	}
	else
	{
		for ($i = 1; $i <= $site_config['mirrors']; $i++)
		{
			validate_types($input, array('mirror'.$i.'_name' => 'STR', 'mirror'.$i.'_location' => 'STR', 'mirror'.$i.'_url' => 'STR'));

			if (!empty($input['mirror'.$i.'_name']) && !empty($input['mirror'.$i.'_location'])&& !empty($input['mirror'.$i.'_url']))
			{
				// Have we inserted into the database yet?
				if (empty($inserted))
				{
					// Get various variables
					if (!empty($input['password']))
					{
						$password = md5($input['password']);
					}
					else
					{
						$password = '';
					}

					if (!empty($input['convert_newlines']) && $input['convert_newlines'] === 1)
					{
						$convert_newlines = $input['convert_newlines'];
					}
					else
					{
						$convert_newlines = 0;
					}

					// Gigabyte
					if ($input['filesize_format'] == 'gb')
					{
						$filesize = floatval($input['size'] * pow(1024,3));
					}
					// Megabyte
					elseif ($input['filesize_format'] == 'mb')
					{
						$filesize = floatval($input['size'] * pow(1024,2));
					}
					// Kilobyte
					elseif ($input['filesize_format'] == 'kb')
					{
						$filesize = floatval($input['size'] * 1024);
					}
					// Byte, or otherwise
					else
					{
						$filesize = floatval($input['size']);
					}

					$dbim->query('INSERT INTO '.DB_PREFIX.'files
									SET category_id = "'.$input['category'].'", 
										name = "'.$input['name'].'", 
										description_small = "'.$input['description_small'].'", 
										description_big = "'.$input['description_big'].'", 
										downloads = "'.$input['downloads'].'", 
										size = "'.$filesize.'", 
										date = "'.time().'",
										agreement_id = "'.$input['agreement'].'",
										password = "'.$password.'",
										status = 0,
										convert_newlines = '.$convert_newlines);

					$file_id = $dbim->insert_id();

					// We have now, and don't want to do it again
					$inserted = true;
				}

				$dbim->query('INSERT INTO '.DB_PREFIX.'mirrors
								SET file_id = '.$file_id.', 
									name = "'.$input['mirror'.$i.'_name'].'", 
									location = "'.$input['mirror'.$i.'_location'].'", 
									url = "'.$input['mirror'.$i.'_url'].'"');
				$success = true;
			}
		}	

		// Don't do anything unless row has been inserted
		if (!empty($inserted))
		{
			// Add the new custom field value
			for ($i = 1; $i <= $input['custom_field_total']; $i++)
			{			 
				if (!empty($input['custom_field_'.$i.'_value']))
				{
					validate_types($input, array('custom_field_'.$i.'_value' => 'STR'));

					// Add
					$dbim->query('INSERT INTO '.DB_PREFIX.'customfields_data
									SET field_id = '.$input['custom_field_'.$i.'_field_id'].',
									file_id = '.$file_id.',
									value = "'.$input['custom_field_'.$i.'_value'].'"');
				}
			}

			// E-mail admin to let them know
			$message = "Hello,\n\nA user (".$_SERVER['REMOTE_ADDR'].") has just added a file to your site.";

			if ($site_config['userupload_always_approve'] == 0)
			{
				 $message .= " For security reasons, it is not yet viewable - you must first enable it by editing the file at \n\n".$site_config['url']."admin.php?cmd=files_edit_file&action=file_select&file_id=".$file_id;
			}
			else
			{
				$message .= " You can see it at \n\n".$site_config['url']."details.php?file=".$file_id;

				$dbim->query('UPDATE '.DB_PREFIX.'files
								SET status = 1
								WHERE id = '.$file_id);
			}

			// Send
			mail($site_config['admin_email'], 'New File Added', $message, 'From: '.$site_config['admin_email']);
		}
		else
		{
			$success = false;
		}

		// Template
		$add_file = $uim->fetch_template('files/userupload_add');

		#$success = true; // For redirect EOF
		$add_file->assign_var('id', $file_id);
		$add_file->assign_var('success', $success);
	}
}

if (!isset($add_file))
{
	// Template
	$add_file = $uim->fetch_template('files/userupload_add');
}

$fcm->generate_category_list($add_file, 'category', 'cats');

// Get the agreements
$agreements_result = $dbim->query('SELECT id, name, contents
									FROM '.DB_PREFIX.'agreements');

while ($agreement = $dbim->fetch_array($agreements_result))
{
	$add_file->assign_var('agreement', $agreement);
	$add_file->use_block('agreements');
}

// Custom fields
$custom_query = $dbim->query('SELECT id, label, value
								FROM '.DB_PREFIX.'customfields');

$rows = $dbim->num_rows($custom_query);  
$add_file->assign_var('custom_field_total', $rows);  
$id = 1;

while ($custom_fields = $dbim->fetch_array($custom_query))
{
	$custom_fields['uid'] = $id;
	$add_file->assign_var('custom_field', $custom_fields);
	$add_file->use_block('custom_fields');
	$id++;
}

// Show mirror entry forms
$mirror_amount = $site_config['mirrors'];
$current_mirror = 1;

while ($current_mirror <= $mirror_amount)
{
	$add_file->assign_var('mirror', $current_mirror);
	$add_file->use_block('mirror');

	$current_mirror++;
}

// Use FCKeditor or not?
if (use_fckeditor())
{
	$add_file->assign_var('use_fckeditor', true);

	// Module
	include_once ('FCKeditor/fckeditor.php');

	// Small description
	$fck_desc_small = new FCKeditor('description_small');
	$fck_desc_small->BasePath = $site_config['url'].'FCKeditor/';
	$fck_desc_small->ToolbarSet = 'od';
	$fck_desc_small->Width = '90%';
	$fck_desc_small->Height = '200';
	$desc_small_html = $fck_desc_small->CreateHtml();
	$add_file->assign_var('desc_small_html', $desc_small_html);

	// Big description
	$fck_desc_big = new FCKeditor('description_big');
	$fck_desc_big->BasePath = $site_config['url'].'FCKeditor/';
	$fck_desc_big->ToolbarSet = 'od';
	$fck_desc_big->Width = '90%';
	$fck_desc_big->Height = '200';
	$desc_big_html = $fck_desc_big->CreateHtml();
	$add_file->assign_var('desc_big_html', $desc_big_html);
}
else
{
	$add_file->assign_var('use_fckeditor', false);
}

$add_file->show();
}
else
{
$add_file = $uim->fetch_template('files/userupload_disabled');
$add_file->show();
}

// End table
$end = $uim->fetch_template('global/end');
$end->show();

// Show everything
$uim->generate(TITLE_PREFIX.$lm->language('admin', 'add_file'));

?>

 

As you can see they have a file extension variable where you can only have whatever you place for allowed extentions, but no file size variable.

 

This is the error message for if a file exceeds the maximum allowed:

$error = $lm->language('admin', 'upload_error_1');

but again, I cannot find where you would be able to set a file size limit :(

 

If a webhost can alter a php.ini file per website, I will likely just go that route and have the file limited that way (unless the php.ini file is available to me). Should I do that I can still upload via ftp larger size files right (mainly my logo or a database query)?

Link to comment
https://forums.phpfreaks.com/topic/196935-help-with-olate-download-script/
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.