-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprocess.php
More file actions
110 lines (91 loc) · 3.5 KB
/
process.php
File metadata and controls
110 lines (91 loc) · 3.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?php
// Catch all output (suppress any whitespace from includes)
ob_start();
// Show all errors for debugging
error_reporting(E_ALL);
ini_set('display_errors', 1);
require_once("includes/config.php");
// Clean any output from includes before sending our response
ob_clean();
// Always return plain text
header('Content-Type: text/plain');
$username = isset($_POST['username']) ? trim($_POST['username']) : '';
$tool_id = isset($_POST['id']) ? trim($_POST['id']) : '';
$marks = isset($_POST['totalMarks']) ? trim($_POST['totalMarks']) : '';
if ($username === '' || $tool_id === '' || $marks === '') {
echo "Data Missing! Username: " . htmlspecialchars($username) . ", Tool: " . htmlspecialchars($tool_id) . ", Marks: " . htmlspecialchars($marks);
exit;
}
// Check file upload
if (!isset($_FILES['pdfFile'])) {
echo "No file received by server!";
exit;
}
$uploadError = $_FILES['pdfFile']['error'];
if ($uploadError !== UPLOAD_ERR_OK) {
$uploadErrors = [
UPLOAD_ERR_INI_SIZE => 'File exceeds server upload limit (upload_max_filesize).',
UPLOAD_ERR_FORM_SIZE => 'File exceeds form upload limit.',
UPLOAD_ERR_PARTIAL => 'File was only partially uploaded.',
UPLOAD_ERR_NO_FILE => 'No file was uploaded.',
UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.',
UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk.',
UPLOAD_ERR_EXTENSION => 'File upload stopped by extension.',
];
echo isset($uploadErrors[$uploadError]) ? $uploadErrors[$uploadError] : "Upload error code: $uploadError";
exit;
}
$file = $_FILES['pdfFile'];
// Validate extension (avoid finfo dependency issues)
$ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
if ($ext !== 'pdf') {
echo "Only PDF files are allowed! Uploaded: .$ext";
exit;
}
// Check file size (max 10 MB)
if ($file['size'] > 10 * 1024 * 1024) {
echo "File size must be 10 MB or less!";
exit;
}
// Check if already submitted
$query = $con->prepare("SELECT id FROM tools_assignment_filelink WHERE username=:username AND tool_id=:tool_id");
$query->bindValue(":username", $username);
$query->bindValue(":tool_id", $tool_id);
$query->execute();
if ($query->rowCount() > 0) {
echo "File already submitted!";
exit;
}
// Build unique filename and save
$uploadDir = __DIR__ . '/uploads/assignments/';
if (!is_dir($uploadDir)) {
if (!mkdir($uploadDir, 0755, true)) {
echo "Could not create uploads directory.";
exit;
}
}
$safeBase = preg_replace('/[^a-zA-Z0-9_-]/', '_', pathinfo($file['name'], PATHINFO_FILENAME));
$newFilename = $username . '_' . $tool_id . '_' . time() . '_' . $safeBase . '.pdf';
$destination = $uploadDir . $newFilename;
if (!move_uploaded_file($file['tmp_name'], $destination)) {
echo "Failed to save file to server. Check folder permissions.";
exit;
}
$filePath = 'uploads/assignments/' . $newFilename;
// Insert into DB
$insert = $con->prepare(
"INSERT INTO tools_assignment_filelink (username, tool_id, fileLink, filePath, totalMarks)
VALUES(:username, :tool_id, :fileLink, :filePath, :totalMarks)"
);
$insert->bindValue(":username", $username);
$insert->bindValue(":tool_id", $tool_id);
$insert->bindValue(":fileLink", $file['name']);
$insert->bindValue(":filePath", $filePath);
$insert->bindValue(":totalMarks", $marks);
if ($insert->execute()) {
echo "File submitted Successfully!";
} else {
$err = $insert->errorInfo();
echo "Database error. Please try again. " . $err[2];
}
?>