uploadfilter/upload.php

43 lines
1.7 KiB
PHP
Raw Normal View History

2019-02-23 12:55:43 +01:00
<?php
require_once('db.php');
foreach($_FILES as $file){
$fileHash = hash_file ('sha512' , $file['tmp_name']);
// TODO: file hash lookup for duplicate uploads
$filePath = $CONFIG['fileDir'] . basename($file['name']);
// TODO: duplicate file name check
move_uploaded_file($file['tmp_name'], $filePath);
$query = $db->prepare("INSERT INTO files (filePath,fileHash) VALUES (:filePath,:fileHash);");
$query->execute(array(':filePath' => $filePath, ':fileHash' => $fileHash));
$fileId = $db->lastInsertId();
$query = $db->prepare("SELECT * FROM emails WHERE id IN (SELECT id FROM emails ORDER BY RANDOM() LIMIT :limit);");
$query->execute(array(':limit' => $CONFIG['validationCount']));
$emails = $query->fetchAll(PDO::FETCH_ASSOC);
for($i = 0; $i < $CONFIG['validationCount']; $i++) {
$token = bin2hex(openssl_random_pseudo_bytes(32));
// TODO: duplicate token check
$email = $emails[$i]['email'];
$firstName = $emails[$i]['firstName'];
$lastName = $emails[$i]['lastName'];
$query = $db->prepare("INSERT INTO validations (fileId,email,token) VALUES (:fileId,:email,:token);");
$query->execute(array(':fileId' => $fileId, ':email' => $email, ':token' => $token));
$subject = 'Please validate file to satisfy copyright';
$template = file_get_contents($CONFIG['emailTemplate'], FILE_USE_INCLUDE_PATH);
$message = strtr($template, array('$firstName' => $firstName, '$lastName' => $lastName, '$token' => $token));
$headers = 'From: webmaster@example.com' . "\r\n" .
'Reply-To: webmaster@example.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($email, $subject, $message, $headers);
}
}