Файл: public_html/modules/downloads/attach_files.php
Строк: 107
<?php
/**********************************
* @package: PerfCMS *
* @year: 2012 *
* @author: Artas *
* @link: http://perfcms.net *
* ------------------------------- *
* @package: PerfCMS Ultra *
* @year: 2013 *
* @author: wanya26ua & Tesla *
* @link: http://perfclub.ru *
**********************************/
$locate = 'in_downloads';
$file_id = abs(intval($_GET['id']));
if(!isset($file_id) && $db->query("SELECT * FROM `downloads_files` WHERE `id` = '$file_id'")->rowCount() == 0 || $user['level'] < 4)
{
header('location: /downloads/');
exit;
}
$filei = $db->query("SELECT * FROM `downloads_files` WHERE `id` = '". $file_id ."'")->fetch();
$root_dir = $db->query("SELECT server_path FROM `downloads` WHERE `id` = '". $filei['ref_id'] ."'")->fetchColumn();
if(isset($_POST['upload'])) {
$numf = substr(abs(intval($_POST['dl_num_files'])), 0, 2);
$err = false;
for($i=1;$i<=$numf;$i++)
{
if($_FILES['dl_num_file_'.$i]['tmp_name'] && !empty($_POST['dl_name_file_'.$i]))
{
$namef = mb_substr(input($_POST['dl_name_file_'.$i]), 0, 64);
$file_info = pathinfo($_FILES['dl_num_file_'.$i]['name']);
$file_info['extension'] = strtolower($file_info['extension']);
$servname = cyrlat($file_info['filename']).'.'.$file_info['extension'];
if (!in_array($file_info['extension'], explode(';', $system['files_types']))) { $err = 'File extension not allowed.<br />'; }
if($err == false)
{
move_uploaded_file($_FILES['dl_num_file_'.$i]['tmp_name'], ROOT.'/files/downloads/'.$root_dir.'/'.$filei['server_dir'].'/'.$servname);
$db->query("INSERT INTO `downloads_archive` SET `name` = '$namef', `file_id` = '$filei[id]', `server_name`='$servname', `size` = '".$_FILES['dl_num_file_'.$i]['size']."', `ext` = '".$file_info['extension']."'");
$db->query("UPDATE `downloads_files` SET `time` = '". time() ."' WHERE `id` = '$filei[id]'");
header('location: /downloads/file/'.$file_id);
exit;
}
else
{
echo $err;
}
}
}
}
$title = $lang->word('dl_attach_files').' | '.$lang->word('downloads');
require_once(SYS.'/view/header.php');
$tpl->div('title', $lang->word('dl_attach_files'));
echo '<div class="menu">
<form action="/downloads/attach_files/'.$file_id.'?" method="post" enctype="multipart/form-data">
'.$lang->word('dl_num_files').': <input type="text" size="2" value="1" name="dl_num_files" />
<input type="submit" value="Go!" /><br/>';
$num_files = substr(abs(intval($_POST['dl_num_files'])), 0, 2);
if(isset($_POST['dl_num_files'])) {
for($i=1;$i<=$num_files;$i++)
{
echo $lang->word('dl_file_name').' '.$i.':<br/>
<input type="text" name="dl_name_file_'.$i.'" /><br/>
'.$lang->word('dl_file').' '.$i.':<br/>
<input type="file" name="dl_num_file_'.$i.'" /><br/>';
}
echo ' <input name="upload" type="submit" value="'. $lang->word('add') .'" />';
}
echo '</form>';
echo '</div>';
$tpl->div('block', img('nav.png') . ' <a href="/downloads/file/'.$file_id.'">'. $lang->word('back') .'</a><br/>'
. img('download.png') . ' <a href="/downloads/">'. $lang->word('downloads') .'</a><br/>'
. HICO .' <a href="/">'. $lang->word('home') .'</a>');
require_once(SYS.'/view/footer.php');
?>