Файл: modules/downloads/add_file.php
Строк: 303
<?php
/**
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) 2013, Taras Chornyi, Sergiy Mazurenko, Ivan Kotliar
* @link http://perf-engine.net
* @package PerfEngine
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
$locate = 'in_downloads';
$dir_id = (isset($_GET['id']) ? num($_GET['id']) : 0);
if($dir_id != 0 && $db->query("SELECT * FROM `downloads` WHERE `id` = '$dir_id'")->rowCount() == 0)
{
redirect('/downloads/');
}
if(!User::logged())
{
redirect('/');
}
if(($dir_id != 0 && $db->query("SELECT access FROM `downloads` WHERE `id` = '$dir_id'")->fetchColumn() == 0) && User::level() < 5)
{
redirect('/downloads/');
}
$err = false;
if(isset($_GET['add']))
{
import_lib('jimage.class');
if($_POST['type'] == 0 && $_FILES['dl_file']['tmp_name'])
{
$name = mb_substr(input($_POST['file_name']), 0, 100);
$desc = input($_POST['file_desc']);
$_name = cyrlat(input($_POST['file_name']));
$trans_name = strtolower($_name);
$root_dir = ($dir_id == 0 ? '' : $db->query("SELECT server_path FROM `downloads` WHERE `id` = '". $dir_id ."'")->fetchColumn());
$file_info = pathinfo($_FILES['dl_file']['name']);
$file_info['extension'] = strtolower($file_info['extension']);
if (!in_array($file_info['extension'], explode(';', Core::config('files_types'))))
{
$err = 'File extension not allowed.<br />';
}
$serv_name = cyrlat($file_info['filename']);
$servname = $serv_name.'.'.$file_info['extension'];
if (file_exists(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname))
{
$err = 'This is file exists<br />';
}
if($err == false && !empty($name))
{
mkdir(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name);
move_uploaded_file($_FILES['dl_file']['tmp_name'], ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname);
$db->query("INSERT INTO `downloads` SET `name` = '$name', `description` = '$desc', `type` = '1', `dir_id` = '$dir_id', `server_path` = ''");
// print_r($db->errorInfo());
$insertId = $db->lastInsertId();
$db->query("INSERT INTO `downloads_files` SET `name` = '$name', `description` = '$desc', `server_name` = '$servname', `server_dir`='$trans_name', `ext` = '".$file_info['extension']."', `user_id`='". User::Id() ."', `time` = '". time() ."', `ref_id` = '$dir_id', `from_id` = '". $insertId ."', `size` = '". $_FILES['dl_file']['size'] ."', `dl_times` = '0'");
// print_r($db->errorInfo());
$lastId = $db->lastInsertId();
if(preg_match('/png|jpg|jpeg|gif/i', $file_info['extension']))
{
copy(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname, ROOT.'/tmp/'.$servname);
$handle = new jimage();
$handle->thumb(ROOT.'/tmp/'.$servname, ROOT.'/cache/downloads_images/cache_'.$servname.'.png', 128, 160);
unlink(ROOT.'/tmp/'.$servname);
}
redirect('/downloads/dir/'.$dir_id);
}
}
elseif($_POST['type'] == 1 && !empty($_POST['file']))
{
$name = mb_substr(input($_POST['file_name']), 0, 100);
$desc = input($_POST['file_desc']);
$_name = cyrlat(input($_POST['file_name']));
$trans_name = preg_replace('/[^а-яА-Яa-zA-Z0-9_-]/isU', '', strtolower($_name));
$root_dir = ($dir_id == 0 ? '' : $db->query("SELECT server_path FROM `downloads` WHERE `id` = '". $dir_id ."'")->fetchColumn());
$headerInfo = get_headers(input($_POST['file']), 1);
// print_r($headerInfo);
// exit;
if($headerInfo[0] !='HTTP/1.1 200 OK')
{
$err = 'File Not Found';
}
$fileTypes = array('image/vnd.wap.wbmp',
'application/vnd.eri.thm',
'application/vnd.mophun.application',
'application/vnd.mophun.certificate',
'text/vnd.sun.j2me.app-descriptor',
'text/x-vmel',
'audio/imelody',
'application/vnd.smaf',
'text/x-vmel',
'audio/amr',
'audio/x-wav',
'application/x-tar',
'image/jpeg',
'image/jpg',
'image/gif',
'image/png',
'image/bmp',
'text/x-imelody',
'application/java-archive',
'application/vnd.symbian.install',
'audio/wav',
'audio/midi',
'audio/rmf',
'application/vnd.wap.mms-message',
'video/x-msvideo',
'audio/mpeg',
'video/flv',
'application/x-shockwave-flash',
'video/mp4',
'video/mpeg',
'video/3gpp',
'application/zip',
'application/apk',
// 'text/plain',
'application/vnd.openxmlformats-officedocument.wordprocessingml.document'
);
if(!in_array($headerInfo['Content-Type'], $fileTypes))
{
$err = 'Content-Type not allowed';
}
$urlinfo = pathinfo(parse_url(input($_POST['file']), PHP_URL_PATH));
$urlinfo['extension'] = strtolower($urlinfo['extension']);
$urlinfo['extension'] = preg_replace('/hmtl|xhtml|htm|php|pl|phps|asp|aspx|rb|py|xml|wml|pel|cgi|htaccess/i', 'txt', $urlinfo['extension']);
$serv_name = cyrlat($urlinfo['filename']);
$servname = $serv_name.'.'.$urlinfo['extension'];
if (file_exists(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname))
{
$err = 'This is file exists<br />';
}
if($err == false && !empty($name))
{
mkdir(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name);
copy(input($_POST['file']), ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname);
$filesize = filesize(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname);
$db->query("INSERT INTO `downloads` SET `name` = '$name', `type` = '1', `dir_id` = '$dir_id', `server_path` = '', `description` = ''");
// print_r($db->errorInfo());
$insertId = $db->lastInsertId();
$db->query("INSERT INTO `downloads_files` SET `name` = '$name', `description` = '$desc', `server_name` = '$servname', `server_dir`='$trans_name', `ext` = '".$urlinfo['extension']."', `user_id`='". User::Id() ."', `time` = '". time() ."', `ref_id` = '$dir_id', `from_id` = '". $insertId ."', `size` = '". $filesize ."', `dl_times` = '0'");
// print_r($db->errorInfo());
$lastId = $db->lastInsertId();
if(preg_match('/png|jpg|jpeg|gif/i', $urlinfo['extension']))
{
copy(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname, ROOT.'/tmp/'.$servname);
$handle = new jimage();
$handle->thumb(ROOT.'/tmp/'.$servname, ROOT.'/cache/downloads_images/cache_'.$servname.'_'.$lastId.'.png', 128, 160);
unlink(ROOT.'/tmp/'.$servname);
}
redirect('/downloads/dir/'.$dir_id);
}
}
// print_r($_POST);
}
include_header(_t('dl_add_file'));
echo ($err != false ? '<div class="error">'. $err .'</div>' : false);
echo '<div class="title">'. _t('dl_add_file') .'</div>';
echo '<div class="menu">
<form action="/downloads/add_file/?add'.($dir_id != 0 ? '&id='.$dir_id : NULL).'" method="post" enctype="multipart/form-data">
'._t('dl_file_name').':<br/>
<input type="text" name="file_name" /><br/>
<input type="radio" name="type" value="0" checked="checked" /> <b>'. _t('dl_choose_file') .'</b>:<br/>
<input name="dl_file" type="file" /><br/>
<input type="radio" name="type" value="1" /> <b>Import</b>:<br/>
<input name="file" type="text" value="http://" /><br/>
'._t('dl_file_desc').':<br/>
<textarea name="file_desc" rows="5" cols="25"></textarea><br/>
<input type="submit" value="'. _t('add') .'" />
</form>
</div>';
echo '<div class="block">'.($dir_id != 0 ? img('folder.png') .' <a href="/downloads/dir/'. $dir_id.'">'.$db->query("SELECT name FROM `downloads` WHERE `id` = '". $dir_id ."'")->fetchColumn().'</a><br/>' : img('folder.png') . ' <a href="/downloads/">'. _t('back') .'</a><br/>').'
'. img('downloads.png') . ' <a href="/downloads/index">'. _t('downloads') .'</a><br/>
'. img('home.png') .' <a href="/">'. _t('home') .'</a></div>';
include_footer();
?>