Файл: public_html/modules/downloads/add_file.php
Строк: 146
<?php
/**********************************
* @package: PerfCMS *
* @year: 2012 *
* @author: Artas *
* @link: http://perfcms.net *
* ------------------------------- *
* @package: PerfCMS Ultra *
* @year: 2013 *
* @author: wanya26ua & Tesla *
* @link: http://perfclub.ru *
**********************************/
$locate = 'in_downloads';
$dir_id = (isset($_GET['dir_id']) ? abs(intval($_GET['dir_id'])) : 0);
if($dir_id != 0 && $db->query("SELECT * FROM `downloads` WHERE `id` = '$dir_id'")->rowCount() == 0 || $user['level'] < 4)
{
header('location: /downloads/');
exit;
}
if(isset($_GET['act']) && $_GET['act'] == 'add')
{
$err = false;
$name = mb_substr(input($_POST['file_name']), 0, 100);
$desc = input($_POST['file_desc']);
$trans_name = cyrlat(input($_POST['file_name']));
$root_dir = $db->query("SELECT server_path FROM `downloads` WHERE `id` = '". $dir_id ."'")->fetchColumn();
if ($_FILES['dl_file']['tmp_name'])
{
$file_info = pathinfo($_FILES['dl_file']['name']);
$file_info['extension'] = strtolower($file_info['extension']);
if (!in_array($file_info['extension'], explode(';', $system['files_types']))) { $err = 'File extension not allowed.<br />'; }
$servname = cyrlat($file_info['filename']).'.'.$file_info['extension'];
if (file_exists(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname)) { $err = 'This is file exists<br />'; }
if($err == false && !empty($name) && !empty($desc))
{
mkdir(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name);
move_uploaded_file($_FILES['dl_file']['tmp_name'], ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname);
$db->query("INSERT INTO `downloads` SET `name` = '$name', `type` = '1', `dir_id` = '$dir_id', `server_path` = '', `description` = ''");
// print_r($db->errorInfo());
$db->query("INSERT INTO `downloads_files` SET `name` = '$name', `description` = '$desc', `server_name` = '$servname', `server_dir`='$trans_name', `ext` = '".$file_info['extension']."', `user_id`='". $user['id'] ."', `time` = '". time() ."', `ref_id` = '$dir_id', `from_id` = '". $db->lastInsertId() ."', `size` = '". $_FILES['dl_file']['size'] ."', `dl_times` = '0'");
// print_r($db->errorInfo());
if(preg_match('/png|jpg|jpeg|gif/i', $file_info['extension'])) {
copy(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname, ROOT.'/tmp/'.$servname);
import_lib('upload.class');
$handle = new upload(ROOT.'/tmp/'.$servname);
if ($handle->uploaded) {
$handle->allowed = array('image/*');
$handle->file_new_name_body = 'cache_'.$servname;
$handle->image_convert = 'png';
$handle->image_resize = true;
$handle->image_x = 100;
$handle->image_y = 140;
$handle->process(ROOT.'/cache/downloads_images/');
if ($handle->processed) {
// echo 'image resized';
$handle->clean();
}
else {
echo 'error : ' . $handle->error;
}
}
}
header('location: /downloads/dir/'.$dir_id);
exit;
}
}
}
$title = $lang->word('dl_add_file').' | '.$lang->word('downloads');
require_once(SYS.'/view/header.php');
$tpl->div('title', $lang->word('dl_add_file'));
echo '<div class="menu">
<form action="/downloads/add_file?act=add'.($dir_id != 0 ? '&dir_id='.$dir_id : NULL).'" method="post" enctype="multipart/form-data">
'.$lang->word('dl_file_name').':<br/>
<input type="text" name="file_name" /><br/>
<b>'. $lang->word('dl_choose_file') .'</b>:<br/>
<input name="dl_file" type="file" /><br/>
'.$lang->word('dl_file_desc').':<br/>
<textarea name="file_desc" rows="5" cols="25"></textarea><br/>
<input type="submit" value="'. $lang->word('add') .'" />
</form>
</div>';
$tpl->div('block', ($dir_id != 0 ? img('folder.png') .' <a href="/downloads/dir/'. $dir_id.'">'.$db->query("SELECT name FROM `downloads` WHERE `id` = '". $dir_id ."'")->fetchColumn().'</a><br/>' : img('folder.png') . ' <a href="/downloads/">'. $lang->word('back') .'</a><br/>').'
'. img('download.png') . ' <a href="/downloads/">'. $lang->word('downloads') .'</a><br/>'
. HICO .' <a href="/">'. $lang->word('home') .'</a>');
require_once(SYS.'/view/footer.php');
?>