Файл: public_html/modules/up/index.php
Строк: 128
<?php
$locate = 'in_obmen';
if(isset($_POST['add']) && $_GET['act'] == 'add' && isset($user))
{
$file_dir = ROOT .'/files/up/';
$screen_dir = ROOT .'/files/preview/';
if ($_FILES['file']['tmp_name'])
{
$file_name = (isset($_POST['name']) ? mb_substr(input($_POST['name']), 0, 90) : false);
if($file_name == false || empty($file_name))
{
$err = 'Name is empty';
}
$file_text = (isset($_POST['about']) ? mb_substr(input($_POST['about']), 0, 5500) : false);
$parol = mb_substr(input($_POST['parol']), 0, 200);
if($file_text == false || empty($file_text))
{
$err = 'Text is empty';
}
$patch = pathinfo($_FILES['file']['name']);
$patch['extension'] = strtolower($patch['extension']);
$patch['extension'] = preg_replace('/hmtl|xhtml|htm|php|pl|phps|asp|aspx|rb|py|xml|wml|.htaccess/i', 'txt', $patch['extension']);
$ext = explode(';', $system['files_types']);
if (!in_array($patch['extension'], $ext))
{
$err = 'File extension not allowed.<br />';
}
$name_start = cyrlat($patch['filename']);
$name_short = trim($name_start).'_'.time();
$name_end = mb_convert_encoding($name_short, "UTF-8");
$name = 'cssliga_ru_'.$name_end.'.'. $patch['extension'];
if (file_exists($file_dir . $name))
{
$err = 'This file exists<br />';
}
if($_FILES['screen']['tmp_name'])
{
$screenp = pathinfo($_FILES['screen']['name']);
if (!preg_match('/jpg|gif|jpeg|png/i', $screenp['extension'])) { $err = 'File extension not allowed.<br />'; }
move_uploaded_file($_FILES['screen']['tmp_name'], $screen_dir . $name .'.png');
}
if(!isset($err))
{
move_uploaded_file($_FILES['file']['tmp_name'], $file_dir . $name);
if (empty($file_name)) $file_name = str_replace('.'. $patch['extension'], '', $patch['basename']);
$db->query("INSERT INTO `up_files` SET `time` = '". time() ."', `name` = '". input($file_name) ."', `size` = '". $_FILES['file']['size'] ."', `path_name` = '". $name."', `ext` = '$patch[extension]', `path` = '$file_dir', `user_id` = '". $user['id'] ."', `text` = '". input($file_text) ."', `moderate` = '0', `parol` = '$parol', `dload_times` = '0'");
// print_r($db->errorInfo());
$info = $db->query("SELECT * FROM `up_files` WHERE `id` = '". $db->lastInsertId() ."'")->fetch();
$title = 'Обменник';
require_once(SYS.'/view/header.php');
$tpl->div('title', 'Обменник');
echo '
<div class="menu">Файл '.$info['name'].' успешно загружен</div>
'.($info['parol'] != '' ? '<div class="menu">Пароль: '.$info['parol'].'</div>':NULL).'
<div class="menu">Ссылка:<br/><input type="text" name="name" value="http://cssliga.ru/up/file/'.$info['id'].'"/></div>
<div class="menu"><a href="/up/file/'.$info['id'].'">Перейти к файлу</a></div>';
$tpl->div('block', HICO .'<a href="/">'. $lang->word('home').'</a>');
require_once(SYS.'/view/footer.php');
exit;
}
else
{
echo $err;
}
}
}
$title = 'Обменник';
require_once(SYS.'/view/header.php');
$tpl->div('title', 'Обменник');
if(isset($user)) {
echo '<form action="/up/index/?act=add" method="post" enctype="multipart/form-data">
<div class="menu">
<b>'. $lang->word('name') .'</b>:<br/>
<input type="text" name="name" /><br/>
<b>Пароль(если надо)</b>:<br/>
<input type="text" name="parol" /><br/>
<b>'. $lang->word('choose_file') .'</b>:<br/>
<input name="file" type="file" /><br/>
<b>'.$lang->word('screenshot_add').'</b>:<br/>
<input name="screen" type="file" /><br/>
<b>'. $lang->word('about') .'</b>:<br/>
<textarea name="about" rows="5" cols="26"></textarea><br/>
<input name="add" type="submit" value="'. $lang->word('upload') .'" /><br/>
</div>
</form>';
}
$files = $db->query("SELECT * FROM `up_files` ")->rowCount();
$tpl->div('menu', img('folder.png') .'<a href="/up/folder/">Каталог файлов</a> ('.$files.')');
$tpl->div('block', HICO .'<a href="/">'. $lang->word('home').'</a>');
require_once(SYS.'/view/footer.php');
?>