Файл: 4mast/profmas.ru/pages/shop/incfiles/zip.php
Строк: 191
<?php
define('ROOT', $_SERVER['DOCUMENT_ROOT'].'/');
require_once(ROOT.'includes/Headers.php');
require_once(ROOT.'includes/PDO_func.php');
if ($us['level']<4) {
header('location:/');
die();
}
require_once(ROOT.'pages/shop/lib/pclzip.lib.php');
/* не трогать функции */
function win_to_utf($str){
if(function_exists('mb_convert_encoding')) return mb_convert_encoding($str, 'utf-8', 'windows-1251');
if (function_exists('iconv')) return iconv('windows-1251', 'utf-8', $str);
$win1251utf8 = array(
"xC0"=>"А","xC1"=>"Б","xC2"=>"В","xC3"=>"Г","xC4"=>"Д","xC5"=>"Е","xA8"=>"Ё","xC6"=>"Ж","xC7"=>"З","xC8"=>"И","xC9"=>"Й","xCA"=>"К","xCB"=>"Л","xCC"=>"М",
"xCD"=>"Н","xCE"=>"О","xCF"=>"П","xD0"=>"Р","xD1"=>"С","xD2"=>"Т","xD3"=>"У","xD4"=>"Ф","xD5"=>"Х","xD6"=>"Ц","xD7"=>"Ч","xD8"=>"Ш","xD9"=>"Щ","xDA"=>"Ъ",
"xDB"=>"Ы","xDC"=>"Ь","xDD"=>"Э","xDE"=>"Ю","xDF"=>"Я","xE0"=>"а","xE1"=>"б","xE2"=>"в","xE3"=>"г","xE4"=>"д","xE5"=>"е","xB8"=>"ё","xE6"=>"ж","xE7"=>"з",
"xE8"=>"и","xE9"=>"й","xEA"=>"к","xEB"=>"л","xEC"=>"м","xED"=>"н","xEE"=>"о","xEF"=>"п","xF0"=>"р","xF1"=>"с","xF2"=>"т","xF3"=>"у","xF4"=>"ф","xF5"=>"х",
"xF6"=>"ц","xF7"=>"ч","xF8"=>"ш","xF9"=>"щ","xFA"=>"ъ","xFB"=>"ы","xFC"=>"ь","xFD"=>"э","xFE"=>"ю","xFF"=>"я");
return strtr($str, $win1251utf8);
}
function is_utf($str)
{
$c = 0;
$b = 0;
$bits = 0;
$len = strlen($str);
for($i = 0; $i < $len; $i++)
{
$c = ord($str[$i]);
if($c > 128) {
if (($c >= 254)) return false;
elseif ($c >= 252) $bits = 6;
elseif ($c >= 248) $bits = 5;
elseif ($c >= 240) $bits = 4;
elseif ($c >= 224) $bits = 3;
elseif ($c >= 192) $bits = 2;
else return false;
if (($i + $bits) > $len) return false;
while ($bits > 1) {
$i++;
$b = ord($str[$i]);
if ($b < 128 || $b > 191) return false;
$bits--;
}
}
}
return true;
}
/* Подсвечиваем код */
function hightlight($code) {
$code = stripslashes($code);
if(!strpos($code,"<?") && substr($code,0,2)!="<?"){
$code="<?php
".trim($code)."
?>";}
$code = trim($code);
$code=highlight_string($code,true);
return '<div class="code">'.$code.'</div>';
}
//---------------//
$onpage = 10;
$id = abs(intval($_GET['id']));
$page = abs(intval($_GET['page']));
$start = abs(intval($_GET['start']));
$act = (isset($_GET['act']) && $_GET['act'] == 'preview') ? htmlspecialchars($_GET['act']) : NULL;
$d = DB::$dbs->queryFetch("SELECT * FROM `magazin_file` WHERE `id` = ?",[$id]);
$di = ROOT.'files/mag_file/'.$d['file'];
if (!file_exists($di)) {
header('location:/');
exit();
}
H('Просмотр товара '.$d['name'], '<a href="/pages/shop/file/'.$d['id'].'"><font color="white">'.$d['name'].'</font></a> | Просмотр товара '.$d['name']);
/* Получаем каталог */
$filename = pathinfo($di);
$ext = strtolower($filename['extension']);
if ($ext != 'zip') die('Файл не является ZIP архивом');
$dir = $filename['dirname'] . '/';
$back = DB::$dbs->queryFetch("SELECT * FROM `magazin_file` WHERE `file` = ?",[$dir]);
/* Содержимоe */
if (!$act){
$zip = new PclZip($di);
if (!$list = $zip->listContent()) die('Ошибка: '.$zip->errorInfo(true));
for($i = 0; $i < sizeof($list); ++$i){
for(reset($list[$i]); $key = key($list[$i]); next($list[$i]))
{
$zfilesize = strstr($listcontent, '--size');
$zfilesize = str_replace('--size:', '', $zfilesize);
$zfilesize = str_replace($zfilesize, $zfilesize . '|', $zfilesize);
$sizelist .= $zfilesize;
$listcontent = "[$i]--$key:" . $list[$i][$key];
$zfile = strstr($listcontent, '--filename');
$zfile = str_replace('--filename:', '', $zfile);
$zfile = str_replace($zfile, $zfile . '|', $zfile);
$savelist .= $zfile;
}
}
$sizefiles2 = explode('|', $sizelist);
$sizelist2 = array_sum($sizefiles2);
$obkb = round($sizelist2 / 1024, 2);
$preview = $savelist;
$preview = explode('|', $preview);
$count = count($preview) - 1;
echo'<div class="list1">Всего файлов: ' .$count . '<br/>Вес распакованного архива: ' . $obkb . ' kb</div>';
if (!isset($page)) $page = 1;
$n = 0;
$pages = ceil($count / $onpage);
if (!$pages) $pages = 1;
if ($page) $n = ($onpage * $page) - $onpage;
if ($count == 0) echo 'Пусто...';
$sizefiles = explode('|', $sizelist);
$selectfile = explode('|', $savelist);
$open = htmlspecialchars($_GET['open']);
for ($i = 1; $i <= $onpage; ++$i)
{
if (empty($selectfile[$n]))
{
$n++;
continue;
}
$path = $selectfile[$n];
$fname = $path;
#$zdir = preg_replace('/[/]?[^/]*$/', '', $path);
echo '<div class="lst">';
echo '<a href="/pages/shop/zip/preview/'.$id.'?open='.$path.'">' . $fname.'</a>';
if ($sizefiles[$n] != 0) echo ' (' . round($sizefiles[$n] / 1024, 2) . 'kb)';
echo '<br/>';
echo'</div>';
$n++;
}
echo '<div class="lst">';
echo 'Страницы: ';
$asd = $page - 2;
$asd2 = $page + 3;
if ($asd < $count && $asd > 0 && $page > 3) echo '<a href="/pages/shop/zip/'.$id.'?page=1">1</a> ... ';
for($i = $asd; $i < $asd2; $i++)
{
if ($i < $count && $i > 0)
{
if ($i > $pages) break;
if ($page == $i) echo '<b>[' . $i . ']</b> ';
else echo '<a href="/pages/shop/zip/'.$id.'?page='.$i.'">' . $i . '</a> ';
}
}
if ($i <= $pages)
{
if ($asd2 < $count) echo ' ... <a href="/pages/shop/zip/'.$id.'?page='.$pages.'">' . $pages . '</a>';
}
echo '</div>';
}
/* Просмотр файла */
if ($act == 'preview')
{
$open = htmlspecialchars(trim($_GET['open']));
if (strpos($open , '..') !== false or strpos($open , './') !== false)
{
echo 'В хакера решил поиграть?';
require_once(ROOT.'includes/Footers.php');
exit();
}
$zip = new PclZip($di);
$content = $zip->extract(PCLZIP_OPT_BY_NAME, $open, PCLZIP_OPT_EXTRACT_AS_STRING);
$content = $content[0]['content'];
$preview2 = explode("n", $content);
$count = count($preview2);
echo '<div class="list1"><b>Файл: ' . $open . '</b></div>';
$eX = strtolower(strrchr($open, '.'));
$php = array('.php', '.pl', '.js', '.jsp', '.html', '.xhtml', '.xml', '.wml', '.asp', '.aspx');
$txt = array('.txt', '.sql', '.dat', '.css', '.ini', '.function', '.htaccess', '.tpl');
$img = array('.gif', '.jpg', '.jpeg', '.png', '.bmp', '.wbmp', '.ico', '.swf');
if (empty($content)) die('Файл пуст.');
if (isset($_GET['img'])){
$ext = strtolower(substr($open, strrpos($open, '.') + 1));
ob_end_clean();
ob_clean();
header("Content-type: image/$ext");
header("Content-Length: " . strlen($content));
header('Content-Disposition: inline; filename="' . $open . '"');
echo $content;
exit();
}
if (in_array($eX, $php))
{
echo (!empty($content) ? '<div class="list1">Строк: ' . $count . '</div>' : '');
if (is_utf($content)) echo '<div class="lst">' . hightlight($content).'</div>';
else echo ' <div class="lst">' . hightlight(win_to_utf($content)). '</div>';
}
elseif (in_array($eX, $txt))
{
$content = htmlspecialchars($content);
echo (!empty($content) ? '<div class="list1">Строк: ' . $count . '</div>' : '');
if ($content) echo '<div class="lst">' . nl2br($content) . '</div>';
else echo '<div class="lst">' . win_to_utf(nl2br($content)) . '</div>';
}
elseif (in_array($eX, $img)){
echo '<div class="lst"><img src="/pages/shop/zip/preview/'.$id.'?open='.$open.'&img" alt=""/></div>';
}
else
{
die('Невозможно прочесть файл!');
}
}
echo '<div class="block">« <a href="/pages/shop/file/'.$id.'">К файлу</a></div>';
if (isset($_GET['act'])) echo '<div class="block">« <a href="/pages/shop/zip/'.$id.'">К просмотру архива</a></div>';
require_once(ROOT.'includes/Footers.php');
?>