query("SELECT * FROM `downloads` WHERE `id` = '$dir_id'")->rowCount() == 0) { redirect('/downloads/'); } if(!User::logged()) { redirect('/'); } if(($dir_id != 0 && $db->query("SELECT access FROM `downloads` WHERE `id` = '$dir_id'")->fetchColumn() == 0) && User::level() < 5) { redirect('/downloads/'); } $err = false; if(isset($_GET['add'])) { import_lib('jimage.class'); if($_POST['type'] == 0 && $_FILES['dl_file']['tmp_name']) { $name = mb_substr(input($_POST['file_name']), 0, 100); $desc = input($_POST['file_desc']); $_name = cyrlat(input($_POST['file_name'])); $trans_name = strtolower($_name); $root_dir = ($dir_id == 0 ? '' : $db->query("SELECT server_path FROM `downloads` WHERE `id` = '". $dir_id ."'")->fetchColumn()); $file_info = pathinfo($_FILES['dl_file']['name']); $file_info['extension'] = strtolower($file_info['extension']); if (!in_array($file_info['extension'], explode(';', Core::config('files_types')))) { $err = 'File extension not allowed.
'; } $serv_name = cyrlat($file_info['filename']); $servname = $serv_name.'.'.$file_info['extension']; if (file_exists(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname)) { $err = 'This is file exists
'; } if($err == false && !empty($name)) { mkdir(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name); move_uploaded_file($_FILES['dl_file']['tmp_name'], ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname); $db->query("INSERT INTO `downloads` SET `name` = '$name', `description` = '$desc', `type` = '1', `dir_id` = '$dir_id', `server_path` = ''"); // print_r($db->errorInfo()); $insertId = $db->lastInsertId(); $db->query("INSERT INTO `downloads_files` SET `name` = '$name', `description` = '$desc', `server_name` = '$servname', `server_dir`='$trans_name', `ext` = '".$file_info['extension']."', `user_id`='". User::Id() ."', `time` = '". time() ."', `ref_id` = '$dir_id', `from_id` = '". $insertId ."', `size` = '". $_FILES['dl_file']['size'] ."', `dl_times` = '0'"); // print_r($db->errorInfo()); $lastId = $db->lastInsertId(); if(preg_match('/png|jpg|jpeg|gif/i', $file_info['extension'])) { copy(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname, ROOT.'/tmp/'.$servname); $handle = new jimage(); $handle->thumb(ROOT.'/tmp/'.$servname, ROOT.'/cache/downloads_images/cache_'.$servname.'.png', 128, 160); unlink(ROOT.'/tmp/'.$servname); } redirect('/downloads/dir/'.$dir_id); } } elseif($_POST['type'] == 1 && !empty($_POST['file'])) { $name = mb_substr(input($_POST['file_name']), 0, 100); $desc = input($_POST['file_desc']); $_name = cyrlat(input($_POST['file_name'])); $trans_name = preg_replace('/[^а-яА-Яa-zA-Z0-9_-]/isU', '', strtolower($_name)); $root_dir = ($dir_id == 0 ? '' : $db->query("SELECT server_path FROM `downloads` WHERE `id` = '". $dir_id ."'")->fetchColumn()); $headerInfo = get_headers(input($_POST['file']), 1); // print_r($headerInfo); // exit; if($headerInfo[0] !='HTTP/1.1 200 OK') { $err = 'File Not Found'; } $fileTypes = array('image/vnd.wap.wbmp', 'application/vnd.eri.thm', 'application/vnd.mophun.application', 'application/vnd.mophun.certificate', 'text/vnd.sun.j2me.app-descriptor', 'text/x-vmel', 'audio/imelody', 'application/vnd.smaf', 'text/x-vmel', 'audio/amr', 'audio/x-wav', 'application/x-tar', 'image/jpeg', 'image/jpg', 'image/gif', 'image/png', 'image/bmp', 'text/x-imelody', 'application/java-archive', 'application/vnd.symbian.install', 'audio/wav', 'audio/midi', 'audio/rmf', 'application/vnd.wap.mms-message', 'video/x-msvideo', 'audio/mpeg', 'video/flv', 'application/x-shockwave-flash', 'video/mp4', 'video/mpeg', 'video/3gpp', 'application/zip', 'application/apk', // 'text/plain', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document' ); if(!in_array($headerInfo['Content-Type'], $fileTypes)) { $err = 'Content-Type not allowed'; } $urlinfo = pathinfo(parse_url(input($_POST['file']), PHP_URL_PATH)); $urlinfo['extension'] = strtolower($urlinfo['extension']); $urlinfo['extension'] = preg_replace('/hmtl|xhtml|htm|php|pl|phps|asp|aspx|rb|py|xml|wml|pel|cgi|htaccess/i', 'txt', $urlinfo['extension']); $serv_name = cyrlat($urlinfo['filename']); $servname = $serv_name.'.'.$urlinfo['extension']; if (file_exists(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname)) { $err = 'This is file exists
'; } if($err == false && !empty($name)) { mkdir(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name); copy(input($_POST['file']), ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname); $filesize = filesize(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname); $db->query("INSERT INTO `downloads` SET `name` = '$name', `type` = '1', `dir_id` = '$dir_id', `server_path` = '', `description` = ''"); // print_r($db->errorInfo()); $insertId = $db->lastInsertId(); $db->query("INSERT INTO `downloads_files` SET `name` = '$name', `description` = '$desc', `server_name` = '$servname', `server_dir`='$trans_name', `ext` = '".$urlinfo['extension']."', `user_id`='". User::Id() ."', `time` = '". time() ."', `ref_id` = '$dir_id', `from_id` = '". $insertId ."', `size` = '". $filesize ."', `dl_times` = '0'"); // print_r($db->errorInfo()); $lastId = $db->lastInsertId(); if(preg_match('/png|jpg|jpeg|gif/i', $urlinfo['extension'])) { copy(ROOT.'/files/downloads/'.$root_dir.'/'.$trans_name.'/'.$servname, ROOT.'/tmp/'.$servname); $handle = new jimage(); $handle->thumb(ROOT.'/tmp/'.$servname, ROOT.'/cache/downloads_images/cache_'.$servname.'_'.$lastId.'.png', 128, 160); unlink(ROOT.'/tmp/'.$servname); } redirect('/downloads/dir/'.$dir_id); } } // print_r($_POST); } include_header(_t('dl_add_file')); echo ($err != false ? '
'. $err .'
' : false); echo '
'. _t('dl_add_file') .'
'; echo '
'._t('dl_file_name').':

'. _t('dl_choose_file') .':

Import:

'._t('dl_file_desc').':

'; echo '
'.($dir_id != 0 ? img('folder.png') .' '.$db->query("SELECT name FROM `downloads` WHERE `id` = '". $dir_id ."'")->fetchColumn().'
' : img('folder.png') . ' '. _t('back') .'
').' '. img('downloads.png') . ' '. _t('downloads') .'
'. img('home.png') .' '. _t('home') .'
'; include_footer(); ?>