Diss/05_Database/PHP/upload_secure.php

<?php

function getParameter($par, $default = -1){
	if (isset($_GET[$par]) && strlen($_GET[$par])) return $_GET[urldecode ($par)];
	elseif (isset($_POST[$par]) && strlen($_POST[$par])) 
		return $_POST[urldecode ($par)];
	else return $default;
}

$key = getParameter("key");

$target_dir = "uploads/";
$target_file_name = $target_dir .basename($_FILES["file"]["name"]);

// Check if image file is a actual image or fake image
if ($key == "GPS!project26")
{
	if (!empty($_FILES["file"])  )
	{
		move_uploaded_file($_FILES["file"]["tmp_name"], $target_file_name);

		$buffer_size = 4096; // read 4kb at a time
		$out_file_name = str_replace('.gzip', '', $target_file_name);

		// Open our files (in binary mode)
		$file = gzopen($target_file_name, 'rb');
		$out_file = fopen($out_file_name, 'wb'); 

		// Keep repeating until the end of the input file
		while (!gzeof($file)) {
			// Read buffer-size bytes
			// Both fwrite and gzread and binary-safe
			fwrite($out_file, gzread($file, $buffer_size));
		}

		// Files are done, close files
		fclose($out_file);
		gzclose($file);
		// Delete gzip file!
		unlink($target_file_name);

		//Lets start to push into database
		require("save_to_database.php");
		// Current filename is: $out_file_name
		// just for info, next php script will need it
	}       
} else {
	HttpResponse::forbidden()->set_and_exit();
}
// vim: set tabstop=4 shiftwidth=4 noexpandtab :
?>
update 2 years ago			`<?php`

			`function getParameter($par, $default = -1){`
			`if (isset($_GET[$par]) && strlen($_GET[$par])) return $_GET[urldecode ($par)];`
			`elseif (isset($_POST[$par]) && strlen($_POST[$par]))`
			`return $_POST[urldecode ($par)];`
			`else return $default;`
			`}`

			`$key = getParameter("key");`

			`$target_dir = "uploads/";`
			`$target_file_name = $target_dir .basename($_FILES["file"]["name"]);`

			`// Check if image file is a actual image or fake image`
			`if ($key == "GPS!project26")`
			`{`
			`if (!empty($_FILES["file"]) )`
			`{`
			`move_uploaded_file($_FILES["file"]["tmp_name"], $target_file_name);`

			`$buffer_size = 4096; // read 4kb at a time`
			`$out_file_name = str_replace('.gzip', '', $target_file_name);`

			`// Open our files (in binary mode)`
			`$file = gzopen($target_file_name, 'rb');`
			`$out_file = fopen($out_file_name, 'wb');`

			`// Keep repeating until the end of the input file`
			`while (!gzeof($file)) {`
			`// Read buffer-size bytes`
			`// Both fwrite and gzread and binary-safe`
			`fwrite($out_file, gzread($file, $buffer_size));`
			`}`

			`// Files are done, close files`
			`fclose($out_file);`
			`gzclose($file);`
			`// Delete gzip file!`
			`unlink($target_file_name);`

			`//Lets start to push into database`
			`require("save_to_database.php");`
			`// Current filename is: $out_file_name`
			`// just for info, next php script will need it`
			`}`
			`} else {`
			`HttpResponse::forbidden()->set_and_exit();`
			`}`
			`// vim: set tabstop=4 shiftwidth=4 noexpandtab :`
			`?>`