$config['max_bytes']) {
$errors[] = $t['err_size'];
} else {
$ext = strtolower(pathinfo((string) $file['name'], PATHINFO_EXTENSION));
$finfo = new finfo(FILEINFO_MIME_TYPE);
$mime = $finfo->file($file['tmp_name']) ?: '';
if (!in_array($ext, $config['allowed_ext'], true)
|| !in_array($mime, $config['allowed_mime'], true)) {
$errors[] = $t['err_type'];
}
}
if (!$errors) {
$stmt = $db->prepare(
"SELECT COUNT(*) FROM submissions WHERE user_id = ? AND created_at > datetime('now','-1 hour')"
);
$stmt->execute([(int) $user['id']]);
if ((int) $stmt->fetchColumn() >= $config['rate_per_hour']) {
$errors[] = $t['err_rate'];
}
}
if (!$errors) {
if (!is_dir($config['quarantine'])) {
mkdir($config['quarantine'], 0750, true);
}
$stored = date('Ymd-His') . '-' . bin2hex(random_bytes(6)) . '.' . $ext;
$dest = $config['quarantine'] . '/' . $stored;
if (!move_uploaded_file($file['tmp_name'], $dest)) {
$errors[] = $t['err_generic'];
} else {
@chmod($dest, 0640);
$ins = $db->prepare(
"INSERT INTO submissions
(created_at, user_id, name, town, stored_name, orig_name, mime, bytes, ip, status)
VALUES (datetime('now'), ?, ?, ?, ?, ?, ?, ?, ?, 'pending')"
);
$ins->execute([
(int) $user['id'],
$user['name'] ?? null,
$town,
$stored,
substr((string) $file['name'], 0, 255),
$mime,
(int) $file['size'],
px_client_ip(),
]);
// Remember their town for next time.
if (empty($user['town'])) {
$db->prepare("UPDATE users SET town = ? WHERE id = ?")
->execute([$town, (int) $user['id']]);
}
$done = true;
}
}
}
px_header($t, $lang, $config, 'upload', $user);
?>
