setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->exec("CREATE TABLE IF NOT EXISTS files(
id INTEGER PRIMARY KEY AUTOINCREMENT,
filename TEXT,
zipname TEXT,
password TEXT,
token TEXT UNIQUE,
expire_at INTEGER,
downloads INTEGER DEFAULT 0
)");
/* ========= HELPERS ========= */
function clean($v){ return htmlspecialchars($v, ENT_QUOTES, 'UTF-8'); }
function token(){ return bin2hex(random_bytes(32)); }
/* ========= UPLOAD ========= */
if(isset($_POST['upload'])){
if(!isset($_FILES['file'])) die("No file");
if($_FILES['file']['size'] > MAX_FILE_SIZE) die("File too large");
$password = $_POST['password'] ?? '';
$expireHours = (int)($_POST['expire'] ?? 24);
if(strlen($password) < 6) die("Password too short");
$fileTmp = $_FILES['file']['tmp_name'];
$original = basename($_FILES['file']['name']);
$secureToken = token();
$expireTime = time() + ($expireHours * 3600);
$passwordHash = password_hash($password, PASSWORD_BCRYPT);
$zipName = $secureToken . '.zip';
$zipFullPath = ZIP_PATH . '/' . $zipName;
$zip = new ZipArchive();
if($zip->open($zipFullPath, ZipArchive::CREATE) !== TRUE){
die("Zip error");
}
$zip->addFile($fileTmp, $original);
$zip->close();
$stmt = $db->prepare("INSERT INTO files(filename, zipname, password, token, expire_at) VALUES(?,?,?,?,?)");
$stmt->execute([$original, $zipName, $passwordHash, $secureToken, $expireTime]);
header("Location: ?success=1&token=".$secureToken);
exit;
}
/* ========= DOWNLOAD ========= */
if(isset($_GET['download'])){
$token = $_GET['download'];
$stmt = $db->prepare("SELECT * FROM files WHERE token=?");
$stmt->execute([$token]);
$file = $stmt->fetch(PDO::FETCH_ASSOC);
if(!$file) die("Invalid link");
if($file['expire_at'] < time()) die("Expired");
if($_SERVER['REQUEST_METHOD']==='POST'){
if(password_verify($_POST['password'], $file['password'])){
$db->prepare("UPDATE files SET downloads = downloads+1 WHERE id=?")
->execute([$file['id']]);
$path = ZIP_PATH.'/'.$file['zipname'];
header("Content-Type: application/zip");
header("Content-Disposition: attachment; filename=\"".$file['filename'].".zip\"");
readfile($path);
exit;
} else {
$error = "Wrong password";
}
}
}
?>
GurenNova Secure Transfer
Secure Transfer
by GurenNovaNetwork
".$error."
"; ?>