To help further I am posting the track.php file made by my friend for us to use...
<?php
$indexloaded = 1;
/**
* A game recording (track) file management system for MyGamingLadder
*
* @author JohnKelly <johnkelly@teamcombatleague.com>
* @copyright Copyright (c) 2008, Team Combat League
*/
include('config/config.php');
include("$dir[func]/global.php");
include("$dir[func]/loginforms.php");
define('STORAGE_DIR', '/home/teamcomb/public_html/tracks/');
$content = '';
$action = $_REQUEST['action'];
if ($action == 'upload_complete' && $_POST['upload_files'] != '') {
if ($plyr[id] != 0) {
$result = complete_file_upload($plyr[id]);
if ($result != 'SUCCESS!') {
$content .= $result;
} else {
$content .= 'File upload successful. <a href="/tracks.php">Continue</a>';
}
} else {
die ('Permissions error. You must log in.');
}
} else if ($action == 'delete_file' && $_GET['delete'] != '') {
if ($admn[id] != 0) {
$result = delete_file_id($_GET['delete']);
if ($result != 'SUCCESS!') {
$content .= $result . '<br>';
} else {
$content .= 'File deleted<br>';
}
$content .= '<a href="/tracks.php?action=admin_panel">Okay</a>';
} else {
die ('Permssions error. You must log in as an admin.');
}
} else if ($action == 'upload_start' && $plyr[id] != 0) {
$content .= get_upload_form_html($plyr[id], $_GET['matchid']);
} else if ($action == 'admin_panel' && $admn[id] != 0) {
$content .= get_all_tracks_table_admin();
$content .= '<a href="/tracks.php">Tracks Home</a>';
} else if ($action == 'viewmatch' && $_GET['matchid'] != '') {
$matchid = mysql_real_escape_string(stripslashes($_GET['matchid']));
$content .= get_match_tracks_table($matchid);
if (is_upload_allowed_match($plyr[id], $matchid)) {
$content .= "<br><form action='/tracks.php' method='GET'>
<input type='hidden' name='action' value='upload_start'>
<input type='hidden' name='matchid' value='$matchid'>
<input type='submit' value='Add a Track'>
</form>";
}
} else {
$content .= get_all_tracks_table();
if ($plyr[id] != 0) {
$content .= '<br><form action="/tracks.php" method="get">
<input type="hidden" name="action" value="upload_start">
<input type="submit" value="Upload New Track">
</form>';
}
if ($admn[id] != 0) {
$content .= '<br><a href="/tracks.php?action=admin_panel">Admin Panel</a>';
}
}
// html output
$tablehead=table_head("show","740","80","left");
$tablefoot=table_foot("show");
$bannerhead=table_head("show","488","80","center");
$bannerfoot=table_foot("show");
$out['title'] = 'Match Tracks Archive';
$out['keywords'] = 'tracks, acmi, tacview, archive, recordings, missions, tcl, team combat league, lock on, lomac' ;
$out['description'] = 'Tracks recordings available from Team Combat League';
// any more content
// <strong><font class='catfont'>Tracks</font></strong><br><hr class='catfont' size='1'>
$out[body]=$out[body]."<center> $bannerhead $out[banner] $bannerfoot <br>
$tablehead
$content
$tablefoot </center>";
include("$dir[curtheme]");
function is_upload_allowed_match($playerid, $matchid) {
if ($playerid <= 0) {
return false;
}
$result = mysql_query("SELECT matchdb.*
FROM matchdb
LEFT JOIN teammembers ON (matchdb.winnerid=teammembers.teamid) OR (matchdb.loserid=teammembers.teamid)
WHERE (matchdb.matchid='$matchid')
AND (teammembers.playerid=$playerid)");
return (mysql_numrows($result) > 0);
}
function get_upload_form_html($playerid, $matchid) {
$result = mysql_query( "SELECT teammembers.teamid, matchdb.*
FROM matchdb
LEFT JOIN teammembers ON (matchdb.winnerid=teammembers.teamid) OR (matchdb.loserid=teammembers.teamid)
WHERE (teammembers.playerid=$playerid)
ORDER BY matchdb.reportdate DESC");
if (mysql_numrows($result) <= 0) {
return 'NoMatches';
}
$script = '<script type="text/javascript">
function setDots(numDots) {
strDots = "";
for (i = 0; i < numDots; i++) {
strDots += ".";
}
document.getElementById("message").innerHTML="Uploading file, please be patient" + strDots;
if (++numDots >5) {
numDots = 1;
}
setTimeout("setDots(" + numDots + ")", 1000);
}
</script>';
$select = '<select name="file_matchid">';
while ($match = mysql_fetch_array($result)) {
$selected = $match['matchid'] == $matchid ? "selected='true'" : "";
$select .= "<option value='$match[matchid]' $selected>$match[winneralias] vs. $match[loseralias] ($match[laddername])</option>";
}
$select .= '</select>';
return $script . '<form enctype="multipart/form-data" action="http://www.teamcombatleague.com/tracks.php" method="POST">
<input type="hidden" name="action" value="upload_complete">
<table>
<tr>
<td>Select a match:</td><td>' . $select . '</td>
</tr>
<tr>
<td>Choose a file to upload:</td><td><input name="uploadedfile" type="file" title="Maximum file size is 30MB"/></td>
</tr>
<tr>
<td>Give the file a title:</td><td><input name="file_title" type="text" maxlength="40"/></td>
</tr>
<tr>
<td>Description (optional):</td><td><input name="file_desc" type="text" maxlength="500"></td>
</tr>
</table>
<div id="message"></div>
<input type="submit" name="upload_files" onClick=\'setDots(1)\' value="Upload File" />
</form>';
}
function complete_file_upload($playerid) {
$storagedir = STORAGE_DIR;
$currenttime = date("Y-m-d H:i:s");
$extension = strrchr($_FILES['uploadedfile']['name'], '.');
$allowedextentions = '/^\.(txt|acmi|zip|7z|rar|trk)$/i';
if (!preg_match($allowedextentions, $extension)) {
return 'FAIL: BAD_EXTENSION';
}
$filename = md5($currenttime . basename( $_FILES['uploadedfile']['name']));
$savename = $storagedir . $filename;
$matchinfo = array();
$matchid = mysql_real_escape_string(stripslashes($_POST['file_matchid']));
$matches = mysql_query("SELECT matchdb.*
FROM matchdb
LEFT JOIN teammembers ON (matchdb.winnerid=teammembers.teamid) OR (matchdb.loserid=teammembers.teamid)
WHERE (matchdb.matchid='$matchid')
AND (teammembers.playerid=$playerid)");
if (mysql_numrows($matches) <= 0) {
return 'FAIL: NOT_ON_TEAM_OR_NO_SUCH_MATCH';
}
$match = mysql_fetch_array($matches);
$matchinfo = array('wteamid' => $match['winnerid'], 'lteamid' => $match['loserid'], 'id' => $match['matchid'], 'ladderid' => $match['ladderid'], 'matchdate' => $match['reportdate']);
$allowed = "/[^a-z0-9\\040\\-\\_]/i";
$usersetname = preg_replace($allowed, '' ,$_POST['file_title']) . $extension;
if (strlen(trim($usersetname)) <= 0) {
$usersetname = 'noname' . $extension;
}
$description = mysql_real_escape_string(stripslashes($_POST['file_desc']));
if (strlen($description) > 1000) {
$description = substr($description, 0, 1000);
}
// everything is set, complete the upload
if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $savename)) {
chmod($savename, 0666);
mysql_query("INSERT INTO tracks VALUES ('', '$matchinfo[id]', '$matchinfo[ladderid]', '$matchinfo[matchdate]', '$playerid', '$matchinfo[wteamid]', '$matchinfo[lteamid]', '$filename', '$usersetname', '$description', '$currenttime')");
return 'SUCCESS!';
} else {
return 'FAIL: ' . $_FILES['uploadedfile']['error'];
}
}
// deletes a file from system, and removes record from database if successful.
function delete_file_id($id) {
$file = mysql_fetch_array(mysql_query("SELECT * FROM tracks WHERE id='$id'"));
if (!$file) {
return 'File not found';
} else {
$file_to_delete = STORAGE_DIR . $file['filename'];
if (unlink($file_to_delete)) {
mysql_query("DELETE FROM tracks WHERE id='$id'");
return 'SUCCESS!';
} else {
return 'File delete failed';
}
}
}
function get_match_tracks_table($matchid) {
$tracks = mysql_query("SELECT tracks.*, wteam.teamname AS wteamalias,
lteam.teamname AS lteamalias, ladders.laddername AS laddername,
users.alias AS uploaduseralias
FROM tracks
LEFT JOIN teams AS wteam ON (tracks.wteamid=wteam.id)
LEFT JOIN teams AS lteam ON (tracks.lteamid=lteam.id)
LEFT JOIN ladders ON (tracks.ladderid=ladders.id)
LEFT JOIN users ON (tracks.uploaduserid=users.id)
WHERE matchid='$matchid'
ORDER BY date ASC");
if (mysql_numrows($tracks) <= 0) {
return 'No tracks are available for this match.';
}
$match = mysql_fetch_array($tracks);
mysql_data_seek($tracks, 0);
$output = '<script type="text/javascript">
<!--
function confirm_download(uname) {
input_box=confirm("This file is the property of the original uploader. ("
+ uname + ")\nTCL does not check for malicious files, use at your own risk.");
return input_box;
}
-->
</script>';
$output .= "<a href='/teams.php?teamid=$match[wteamid]'>$match[wteamalias]</a>
<a href='/match.php?matchid=$match[matchid]' title='View Match'>vs.</a> <a href='/teams.php?teamid=$match[lteamid]'>$match[lteamalias]</a>
(<a href='/ladder.php?ladderid=$match[ladderid]'>$match[laddername]</a>)
<br><br>";
$rowclass = 'b';
$output .= '<script src="/includes/sorttable.js"></script>
<table class="sortable" width="100%" border="0" bordercolor="#000000" cellspacing="1" cellpadding="1">
<tr class="altcolor">
<td><strong class="catfont"> Track</strong></td><td width="40%"><strong class="catfont"> Description</strong></td>
<td><strong class="catfont"> Upload Time</strong></td><td><strong class="catfont"> Uploader</strong></td>
</tr>';
while ($track = mysql_fetch_array($tracks)) {
$track['date'] = date_format(new DateTime($track['date']), "n/j/Y g:i a");
$output .= "<tr class='altcolor$rowclass' cellpadding='10'>
<td> <a href='/tracks/$track[filename]/$track[title]' onClick='return confirm_download(\"$track[uploaduseralias]\")' title='Download Track'>$track[title]</a></td>
<td> $track[description]</td>
<td> $track[date]</td>
<td> <a href='/players.php?playerid=$track[uploaduserid]'>$track[uploaduseralias]</a></td>";
$rowclass = $rowclass == 'a' ? 'b' : 'a';
}
$output .= '</table>';
return $output;
}
function get_all_tracks_table() {
$matches = mysql_query('SELECT matchid, wteamid, lteamid, ladderid, matchdate, COUNT(filename) AS numtracks,
wteam.teamname AS wteamalias, lteam.teamname AS lteamalias, ladders.laddername AS laddername
FROM tracks
LEFT JOIN teams AS wteam ON (tracks.wteamid=wteam.id)
LEFT JOIN teams AS lteam ON (tracks.lteamid=lteam.id)
LEFT JOIN ladders ON (tracks.ladderid=ladders.id)
GROUP BY matchid
ORDER BY matchdate DESC');
$output = '<script src="/includes/sorttable.js"></script>
<table class="sortable" id="match_table" width="100%" border="0" bordercolor="#000000" cellspacing="1" cellpadding="1">
<tr class="altcolor">
<td><strong class="catfont"> Winner</strong></td><td><strong class="catfont"> Loser</strong></td>
<td><strong class="catfont"> League</strong></td><td><strong class="catfont"> Match Date</strong></td>
<td><strong class="catfont"> Tracks Available</strong></td>
</tr>';
$rowclass = 'b';
while ($match = mysql_fetch_array($matches)) {
$match['matchdate'] = date_format(new DateTime($match['matchdate']), "n/j/Y");
// <a href='/match.php?matchid=$match[matchid]' title='View Match'>vs.</a>
$output .= "<tr class='altcolor$rowclass' cellpadding='10'>
<td> <a href='/teams.php?teamid=$match[wteamid]'>$match[wteamalias]</a></td>
<td> <a href='/teams.php?teamid=$match[lteamid]'>$match[lteamalias]</a></td>
<td> <a href='/ladder.php?ladderid=$match[ladderid]'>$match[laddername]</a></td>
<td> $match[matchdate]</td>
<td> <a href='/tracks.php?action=viewmatch&matchid=$match[matchid]'>View Tracks (<font color='#0099FF'>$match[numtracks]</font>)</a></td>
</tr>";
$rowclass = $rowclass == 'a' ? 'b' : 'a';
}
$output .= '</table>';
return $output;
}
// debugging only
function get_all_tracks_table_admin() {
$tracks = mysql_query("SELECT * FROM tracks");
$trackshtml = '<table>';
if (mysql_numrows($tracks) < 1) {
$trackshtml .= "<tr><td>There are no tracks available for download yet.</td></tr>";
}
while ($track = mysql_fetch_array($tracks)) {
$trackshtml .= "<tr><td><a href='http://www.teamcombatleague.ca/tracks.php?action=viewmatch&matchid=$track[matchid]'>View Match</a></td>
<td><a href='/tracks/$track[filename]/$track[title]' title='$track[description]'>$track[title]</a></td>
<td><a href='/tracks.php?action=delete_file&delete=$track[id]'>Delete Track</a></td></tr>";
}
$trackshtml .= '</table>';
return $trackshtml;
}
?>