<?php
# ***** BEGIN LICENSE BLOCK *****
#
# This file is part of CodingTeam.
# CodingTeam is the legal property of Erwan Briand <xbright2005@gmail.com>
# Copyright (c) 2007 Erwan Briand
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# ***** END LICENSE BLOCK *****
session_start();
include('include/config.inc.php');
include('include/members.inc.php');

if(IsLogged())
{
  $content_dir = 'upload/';
  $tmp_file = $_FILES['fichier']['tmp_name'];

  if( !is_uploaded_file($tmp_file) )
    exit("ERROR : Not found.");

  if(preg_match('#[\x00-\x1F\x7F-\x9F/\\\\]#', $_FILES['fichier']['name']))
    exit('ERROR : Unidentified error occurred');

  $type_file = $_FILES['fichier']['type'];

  //if (!strstr($type_file,in_array(strtolower($type_file), array('jpg','jpeg','png','gif','bmp','zip','tar','tar.gz','tar.bz2'))))
  if( !strstr($type_file, 'jpg') && !strstr($type_file, 'jpeg') && !strstr($type_file, 'bmp') && !strstr($type_file, 'gif') && !strstr($type_file, 'png') && !strstr($type_file, 'tar') && !strstr($type_file, 'tar.gz') && !strstr($type_file, 'tar.bz2')  && !strstr($type_file, 'zip') )
    exit('ERROR : Filetype not compatible.');

  $hash = substr(md5(md5($_FILES['fichier']['name']).mt_rand()), 0, 6);
  $end_filename = '-'.$_FILES['fichier']['name'];

  while(file_exists($content_dir.$hash.$end_filename))
    $hash = substr(md5(md5($hash).mt_rand()), 0, 6);

  if( !move_uploaded_file($tmp_file, $content_dir.$hash.$name_file.$end_filename) )
    exit('ERROR: $content_dir not writable.');

  $ip = $_SERVER['REMOTE_ADDR'];
  $date = date('d/m/Y');
  $heure = date('H:i:s');
  mysql_query('INSERT INTO BHIST_ct2_upload (fichier,pseudo,ip,heure,date) VALUES ("'.$name_file.'","'.$pseudo.'","'.$ip.'","'.$heure.'","'.$date.'") ') or die (mysql_error()); 
  exit('Your file is : '.$racine.'/'.$content_dir.$hash.$name_file.$end_filename);
}
else
  exit('ERROR : AUTHENTIFICATION.');
?>