--- a/msite.inc.php	Mon Nov 24 22:43:22 2014 +0200
+++ b/msite.inc.php	Mon Nov 24 22:48:10 2014 +0200
@@ -1088,6 +1088,118 @@
 }
 
 
+//
+// File upload handling
+//
+function stHandleGenericFileUpload($userID)
+{
+  global $errorSet;
+
+  // Check basics
+  if (!stChkRequestItem("type", $uploadType,
+      array(CHK_TYPE, VT_STR, "Invalid upload type."),
+      array(CHK_ARRAY, VT_STR, array("entry", "preview"), "Invalid upload type.") ||
+      !stChkRequestItem("entry_id", $entryID,
+      array(CHK_TYPE, VT_INT, "Invalid entry ID."))
+    return FALSE;
+
+  // Check entry existence
+  if (($entry = stFetchSQL("SELECT * FROM entries WHERE id=".$entryID)) === false)
+    return stError("Entry ID #".$entryID." does not exist??");
+
+  if (($compo = stFetchSQL("SELECT * FROM compos WHERE id=".$entry["compo_id"])) === false)
+    return stError("Compo ID does not exist??");
+
+  // Check permissions for non-admins
+  if ($userID != 0)
+  {
+    // Check if the user even exists, just in case
+    if (($user = stFetchSQL("SELECT * FROM attendees WHERE id=".$userID) === false)
+      return stError("User ID #".$userID." does not exist??");
+
+    if ($entry["owner_id"] != $userID)
+      return stError("Attempted to upload file to entry not owned by user.");
+  }
+
+  // Check file status data
+  $fileEntry = $uploadType."Upload";
+  $maxFileSize = stGetSetting($uploadType."MaxSize");
+  $fileSize = $_FILES[$fileEntry]["size"];
+  if ($fileSize > $maxFileSize)
+    stError("File size ".$fileSize." exceeds FAPWeb's size of ".$maxFileSize." bytes for ".$uploadType." uploads.");
+
+  if ($fileSize < 128)
+    stError("File size ".$fileSize." is less than 128 bytes. This can't be right.");
+
+  switch ($_FILES[$fileEntry]["error"])
+  {
+    case UPLOAD_ERR_INI_SIZE:
+      stError("File size exceeds PHP's max upload size.");
+      break;
+
+    case UPLOAD_ERR_PARTIAL:
+      stError("File only partially uploaded.");
+      break;
+
+    case UPLOAD_ERR_NO_FILE:
+      stError("No file data received!");
+      break;
+
+    case UPLOAD_ERR_NO_TMP_DIR:
+      stError("Internal error: Temporary file directory not available!");
+      break;
+
+    case UPLOAD_ERR_CANT_WRITE:
+      stError("Internal error: PHP could not write the file to disk.");
+      break;
+
+    case UPLOAD_ERR_OK:
+      break;
+
+    default:
+      stError("Unknown PHP file error occured.");
+      break;
+  }
+
+  if ($errorSet)
+    return FALSE;
+
+
+  // Check file properties ..
+  $tmpFilename = $_FILES[$fileEntry]["tmp_name"];
+  if (($fileInfo = stProbeFileInfo($tmpFilename)) === false)
+    return FALSE;
+
+  if ($uploadType == "preview" && !isset($fileInfo["type"]))
+    return stError("Preview file upload is not one of the supported preview file types.");
+
+  // Add file entry
+  if (!stAddFileEntry($_FILES[$fileEntry]["name"], $fileSize, $userID, $uploadType, $entry, $fileID))
+    return FALSE;
+
+  // Set rest of the data ..
+  if (!stSetFileEntryFilename($fileID, $uploadType, $entry, $fileInfo["fext"], $fileInfo["id"], $filename))
+    return FALSE;
+
+  // Set permissions before moving the file
+  if (chmod($tmpFilename, stGetSetting($uploadType."PathPerms")) === false)
+  {
+    error_log("Could not set permissions for uploaded file '".$tmpFilename."'.\n");
+    return stError("Could not set permissions for uploaded file.");
+  }
+
+  // Move file to its destination
+  $fullFile = stMakePath(FALSE, FALSE, array(stGetSetting($uploadType."Path"), $compo["cpath"], $filename);
+  if (@move_uploaded_file($tmpFilename, $fullFile) === false)
+  {
+    error_log("Could not move uploaded file '".$tmpFilename."' to '".$fullFile."'.\n");
+    return stError("Deploying uploaded file failed.");
+  }
+
+  return TRUE;
+}
+
+
 // Get link helper function
 function stGetMainPageLink($id, $name, $show = TRUE)
 {