Файл: modules/downloads/attach_files.php
Строк: 118
<?php
/**
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) 2013, Taras Chornyi, Sergiy Mazurenko, Ivan Kotliar
* @link http://perf-engine.net
* @package PerfEngine
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
$locate = 'in_downloads';
$file_id = abs(intval($_GET['id']));
if(!isset($_GET['id']) && $db->query("SELECT * FROM `downloads_files` WHERE `id` = '$file_id'")->rowCount() == 0 || !User::logged())
{
redirect('/downloads/');
}
if($db->query("SELECT user_id FROM `downloads_files` WHERE `id` = '$file_id'")->fetchColumn() != User::Id() && User::level() < 5)
{
redirect('/downloads/');
}
$filei = $db->query("SELECT * FROM `downloads_files` WHERE `id` = '". $file_id ."'")->fetch();
$root_dir = $db->query("SELECT server_path FROM `downloads` WHERE `id` = '". $filei['ref_id'] ."'")->fetchColumn();
if(isset($_POST['upload'])) {
$numf = substr(abs(intval($_POST['dl_num_files'])), 0, 2);
$err = false;
for($i=1;$i<=$numf;$i++)
{
if($_FILES['dl_num_file_'.$i]['tmp_name'] && !empty($_POST['dl_name_file_'.$i]))
{
$namef = mb_substr(input($_POST['dl_name_file_'.$i]), 0, 64);
$file_info = pathinfo($_FILES['dl_num_file_'.$i]['name']);
$file_info['extension'] = strtolower($file_info['extension']);
$servname = cyrlat($file_info['filename']).'.'.$file_info['extension'];
if (!in_array($file_info['extension'], explode(';', $system['files_types']))) { $err = 'File extension not allowed.<br />'; }
if($err == false)
{
move_uploaded_file($_FILES['dl_num_file_'.$i]['tmp_name'], ROOT.'/files/downloads/'.$root_dir.'/'.$filei['server_dir'].'/'.$servname);
$db->query("INSERT INTO `downloads_archive` SET `name` = '$namef', `file_id` = '$filei[id]', `server_name`='$servname', `size` = '".$_FILES['dl_num_file_'.$i]['size']."', `ext` = '".$file_info['extension']."'");
$db->query("UPDATE `downloads_files` SET `time` = '". time() ."' WHERE `id` = '$filei[id]'");
header('location: /downloads/file/'.$file_id);
exit;
}
else
{
echo $err;
}
}
}
}
$title = _t('dl_attach_files').' | '._t('downloads');
include_header($title);
$tpl->div('title', _t('dl_attach_files'));
echo '<div class="post">
<form action="/downloads/attach_files/'.$file_id.'?" method="post" enctype="multipart/form-data">
'._t('dl_num_files').': <input type="text" size="2" value="1" name="dl_num_files" />
<input type="submit" value="Go!" /><br/>';
$num_files = substr(abs(intval($_POST['dl_num_files'])), 0, 2);
if(isset($_POST['dl_num_files'])) {
for($i=1;$i<=$num_files;$i++)
{
echo _t('dl_file_name').' '.$i.':<br/>
<input type="text" name="dl_name_file_'.$i.'" /><br/>
'._t('dl_file').' '.$i.':<br/>
<input type="file" name="dl_num_file_'.$i.'" /><br/>';
}
echo ' <input name="upload" type="submit" value="'. _t('add') .'" />';
}
echo '</form>';
echo '</div>';
$tpl->div('block', img('nav.png') . ' <a href="/downloads/file/'.$file_id.'">'. _t('back') .'</a><br/>'
. img('download.png') . ' <a href="/downloads/">'. _t('downloads') .'</a><br/>'
. HICO .' <a href="/">'. _t('home') .'</a>');
include_footer();
?>