Файл: modules/domens/add_file.php
Строк: 256
<?php
/**********************************
* @package: PerfCMS *
* @year: 2012 *
* @author: Artas *
* @link: http://perfcms.ru *
**********************************/
$locate = 'in_share';
$cat_id = abs(intval($_GET['cat_id']));
if(!isset($user) || !isset($_GET['cat_id']))
{
header('Location:/');
exit;
}
if($db->query("SELECT * FROM `share_c` WHERE `id` = '". $cat_id ."'")->rowCount() == 0)
{
header('Location:/domens/');
exit;
}
if(isset($_POST['import']) && $_GET['act'] == 'import')
{
$file_dir = ROOT .'/files/domens/';
if (!empty($_POST['file']))
{
$file_name = (isset($_POST['name']) ? mb_substr(input($_POST['name']), 0, 90) : false);
if($file_name == false || empty($file_name))
{
$err = 'Name is empty';
}
$file_reg = (isset($_POST['reg']) ? mb_substr(input($_POST['reg']), 0, 90) : false);
if($file_reg == false || empty($file_reg))
{
$err = 'Name is empty';
}
$file_panel = (isset($_POST['panel']) ? mb_substr(input($_POST['panel']), 0, 90) : false);
if($file_panel == false || empty($file_panel))
{
$err = 'Name is empty';
}
$file_data = (isset($_POST['data']) ? mb_substr(input($_POST['data']), 0, 90) : false);
if($file_data == false || empty($file_data))
{
$err = 'Name is empty';
}
$file_do = (isset($_POST['do']) ? mb_substr(input($_POST['do']), 0, 90) : false);
if($file_do == false || empty($file_do))
{
$err = 'Name is empty';
}
$file_cena = (isset($_POST['cena']) ? mb_substr(input($_POST['cena']), 0, 90) : false);
if($file_cena == false || empty($file_cena))
{
$err = 'Name is empty';
}
$file_text = (isset($_POST['about']) ? mb_substr(input($_POST['about']), 0, 5500) : false);
if($file_text == false || empty($file_text))
{
$err = 'Text is empty';
}
$headersInfo = get_headers(input($_POST['file']));
if($headerInfo[0] !='HTTP/1.1 200 OK')
{
$err = 'File Not Found';
}
$fileTypes = array('image/vnd.wap.wbmp',
'application/vnd.eri.thm',
'application/vnd.mophun.application',
'application/vnd.mophun.certificate',
'text/vnd.sun.j2me.app-descriptor',
'text/x-vmel',
'audio/imelody',
'application/vnd.smaf',
'text/x-vmel',
'audio/amr',
'audio/x-wav',
'application/x-tar',
'image/jpeg',
'image/gif',
'image/png',
'image/bmp',
'text/x-imelody',
'application/java-archive',
'application/vnd.symbian.install',
'audio/wav',
'audio/midi',
'audio/rmf',
'application/vnd.wap.mms-message',
'video/x-msvideo',
'audio/mpeg',
'video/flv',
'application/x-shockwave-flash',
'video/mp4',
'video/mpeg',
'video/3gpp',
'application/zip',
'application/apk',
'text/plain',
'application/vnd.openxmlformats-officedocument.wordprocessingml.document');
if(!in_array($headerInfo['content-type'], $fileTypes))
{
$err = 'Content-Type not allowed';
}
$urlinfo = pathinfo(parse_url(input($_POST['file']), PHP_URL_PATH));
$urlinfo['extension'] = strtolower($urlinfo['extension']);
$urlinfo['extension'] = preg_replace('/hmtl|xhtml|htm|php|pl|phps|asp|aspx|rb|py|xml|wml|.htaccess/i', 'txt', $urlinfo['extension']);
$name = 'perfcms_'.cyrlat($urlinfo['filename']).time().'.'.$urlinfo['extension'];
if (file_exists($file_dir . $name))
{
$err = 'This file exists<br />';
}
copy(input($_POST['file']), ROOT.'/files/domens/'.$name);
$filesize = filesize(ROOT.'/files/domens/'.$name);
if(!isset($err))
{
if (empty($file_name)) $file_name = $name;
$db->query("INSERT INTO `share_files` SET `time` = '". time() ."', `name` = '". input($file_name) ."', `reg` = '". input($file_reg) ."', `panel` = '". input($file_panel) ."', `data` = '". input($file_data) ."', `do` = '". input($file_do) ."', `cena` = '". input($file_cena) ."', `size` = '". $filesize ."', `path_name` = '". $name."', `ext` = '$urlinfo[extension]', `path` = '$file_dir', `user_id` = '". $user['id'] ."', `text` = '". input($file_text) ."', `cat_id` = '". $cat_id ."', `moderate` = '0'");
// print_r($db->errorInfo());
header('Location:/domens/file/'. $db->lastInsertId() .'/');
exit;
}
else
{
echo $err;
}
}
}
elseif(isset($_POST['add']) && $_GET['act'] == 'add')
{
$file_dir = ROOT .'/files/domens/';
$screen_dir = ROOT .'/files/preview/';
$file_name = (isset($_POST['name']) ? mb_substr(input($_POST['name']), 0, 90) : false);
if($file_name == false || empty($file_name))
{
$err = 'Name is empty';
}
$file_reg = (isset($_POST['reg']) ? mb_substr(input($_POST['reg']), 0, 90) : false);
if($file_reg == false || empty($file_reg))
{
$err = 'Name is empty';
}
$file_panel = (isset($_POST['panel']) ? mb_substr(input($_POST['panel']), 0, 90) : false);
if($file_panel == false || empty($file_panel))
{
$err = 'Name is empty';
}
$file_data = (isset($_POST['data']) ? mb_substr(input($_POST['data']), 0, 90) : false);
if($file_data == false || empty($file_data))
{
$err = 'Name is empty';
}
$file_do = (isset($_POST['do']) ? mb_substr(input($_POST['do']), 0, 90) : false);
if($file_do == false || empty($file_do))
{
$err = 'Name is empty';
}
$file_cena = (isset($_POST['cena']) ? mb_substr(input($_POST['cena']), 0, 90) : false);
if($file_cena == false || empty($file_cena))
{
$err = 'Name is empty';
}
$file_text = (isset($_POST['about']) ? mb_substr(input($_POST['about']), 0, 5500) : false);
if($file_text == false || empty($file_text))
{
$err = 'Text is empty';
}
if($_FILES['screen']['tmp_name'])
{
$screenp = pathinfo($_FILES['screen']['name']);
if (!preg_match('/jpg|gif|jpeg|png/i', $screenp['extension'])) { $err = 'File extension not allowed.<br />'; }
move_uploaded_file($_FILES['screen']['tmp_name'], $screen_dir . $name .'.png');
}
if(!isset($err))
{
if (empty($file_name)) $file_name = str_replace('.'. $patch['extension'], '', $patch['basename']);
$db->query("INSERT INTO `share_files` SET `time` = '". time() ."', `name` = '". input($file_name) ."', `reg` = '". input($file_reg) ."', `panel` = '". input($file_panel) ."', `data` = '". input($file_data) ."', `do` = '". input($file_do) ."', `cena` = '". input($file_cena) ."', `size` = '". $filesize ."', `path_name` = '". $name."', `ext` = '$urlinfo[extension]', `path` = '$file_dir', `user_id` = '". $user['id'] ."', `text` = '". input($file_text) ."', `cat_id` = '". $cat_id ."', `moderate` = '0'");
// print_r($db->errorInfo());
header('Location:/domens/file/'. $db->lastInsertId() .'/');
exit;
}
else
{
echo $err;
}
}
if(isset($_GET['type']) && $_GET['type'] == 'import')
{
$title = $lang->word('import');
require_once(SYS.'/view/header.php');
$tpl->div('title', $lang->word('import'));
echo '<form action="/domens/add_file/'. $cat_id .'/?act=import" method="post">
<div class="menu">
<b>'. $lang->word('name') .'</b>:<br/>
<input type="text" name="name" /><br/>
<b>'. $lang->word('import_adress') .'</b>:<br/>
<input name="file" type="text" value="http://"/><br/>
<b>'. $lang->word('about') .'</b>:<br/>
<textarea name="about" rows="5" cols="26"></textarea><br/>
<input name="import" type="submit" value="'. $lang->word('import') .'" /><br/>
</div>
</form>';
$tpl->div('block', img('upload.png'). '<a href="/domens/add_file/'. $cat_id .'/">'.$lang->word('upload').'</a><br/>'. NAV .'<a href="/domens/">'. $lang->word('share') .'</a><br/>' . HICO .'<a href="/">'. $lang->word('home').'</a>');
require_once(SYS.'/view/footer.php');
exit;
}
$title = $lang->word('add_file');
require_once(SYS.'/view/header.php');
$tpl->div('title', $lang->word('add_file'));
echo '<form action="/domens/add_file/'. $cat_id .'/?act=add" method="post" enctype="multipart/form-data">
<div class="menu">
<b>'. $lang->word('name') .'</b>:<br/>
<input type="text" name="name" /><br/>
<b>Регистратор</b>:<br/>
<input type="text" name="reg" /><br/>
<b>Панель</b>:<br/>
<input type="text" name="panel" /><br/>
<b>Дата регистрации</b>:<br/>
<input type="text" name="data" /><br/>
<b>Оплачен до</b>:<br/>
<input type="text" name="do" /><br/>
<b>Цена</b> (.руб):<br/>
<input type="text" name="cena" /><br/>
<b>'. $lang->word('about') .'</b>:<br/>
<textarea name="about" rows="5" cols="26"></textarea><br/>
<input name="add" type="submit" value="Добавить" /><br/>
</div>
</form>';
$tpl->div('block', NAV .'<a href="/domens/">'. $lang->word('share') .'</a><br/>' . HICO .'<a href="/">'. $lang->word('home').'</a>');
require_once(SYS.'/view/footer.php');
?>