$maxupload) throw new Exception('geuploade file te groot, daarnaast is de MAX_FILE_SIZE parameter waarschijnlijk gemanipuleerd'); $naam = htmlspecialchars($_FILES['uploadedfile']['name'], ENT_QUOTES); if (strlen($naam) > 128) regular_error('upload.php', (array) NULL, 'De filename van de geuploade file is te lang'); try { mysql_query_safe("INSERT INTO files ( file_sha1, file_naam, ". "file_mimetype, file_size, ppl_id ) ". "VALUES ( '%s', '%s', '%s', '%s', '{$_SESSION['ppl_id']}' )", sha1_file($_FILES['uploadedfile']['tmp_name']), mysql_escape_safe($naam), mysql_escape_safe($_FILES['uploadedfile']['type']), $_FILES['uploadedfile']['size']); } catch (Exception $e) { if (mysql_errno() != 1062) throw($e); regular_error('upload.php', (array) NULL, 'Je hebt al een file met de naam '.$naam.' op het klassenboek staan.'); } $file_id = mysql_insert_id(); $quotum = sprint_singular("SELECT quotum FROM ppl WHERE ppl_id = {$_SESSION['ppl_id']}"); $usage = sprint_singular("SELECT SUM(file_size) FROM files WHERE ppl_id = {$_SESSION['ppl_id']}"); if ($usage > $quotum) { mysql_query("DELETE FROM files WHERE file_id = $file_id"); regular_error('upload.php', (array) NULL, 'De file past niet, je hebt te weinig ruimte over'); } // alles is in orde, we kunnen de file verplaatsen if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], 'store/data/'.$file_id)) { mysql_query("DELETE FROM files WHERE file_id = $file_id"); regular_error('upload.php', (array) NULL, 'Het opslaan van de geuploade file is niet gelukt'); } mysql_query("UPDATE files SET busy = 0 WHERE file_id = '$file_id'"); $_SESSION['successmsg'] = 'File geupload'; header('Location: upload.php') ?>