| [ Index ] |
|
Code source de e107 0.7.8 |
1 <?php 2 /* 3 +---------------------------------------------------------------+ 4 | e107 website system 5 | /classes/upload_class.php 6 | 7 | ©Steve Dunstan 2001-2002 8 | http://e107.org 9 | jalist@e107.org 10 | 11 | Released under the terms and conditions of the 12 | GNU General Public License (http://gnu.org). 13 | 14 | $Source: /cvsroot/e107/e107_0.7/e107_handlers/upload_handler.php,v $ 15 | $Revision: 1.22 $ 16 | $Date: 2006/11/28 23:41:23 $ 17 | $Author: mcfly_e107 $ 18 +---------------------------------------------------------------+ 19 */ 20 21 if (!defined('e107_INIT')) { exit; } 22 23 @include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_upload_handler.php"); 24 @include_once(e_LANGUAGEDIR."English/lan_upload_handler.php"); 25 function file_upload($uploaddir, $avatar = FALSE, $fileinfo = "", $overwrite = "") 26 { 27 28 global $pref, $sql, $tp; 29 30 if (!$uploaddir) {$uploaddir = e_FILE."public/";} 31 if($uploaddir == e_THEME) {$pref['upload_storagetype'] = 1;} 32 33 if (is_readable(e_ADMIN.'filetypes.php')) { 34 $a_filetypes = trim(file_get_contents(e_ADMIN.'filetypes.php')); 35 $a_filetypes = explode(',', $a_filetypes); 36 foreach ($a_filetypes as $ftype) { 37 $allowed_filetypes[] = '.'.trim(str_replace('.', '', $ftype)); 38 } 39 } 40 41 if ($pref['upload_storagetype'] == "2" && $avatar == FALSE) 42 { 43 extract($_FILES); 44 for($c = 0; $c <= 1; $c++) 45 { 46 if ($file_userfile['tmp_name'][$c]) 47 { 48 $fileext1 = substr(strrchr($file_userfile['name'][$c], "."), 1); 49 $fileext2 = substr(strrchr($file_userfile['name'][$c], "."), 0); // in case user has left off the . in allowed_filetypes 50 if (!in_array($fileext1, $allowed_filetypes) && !in_array(strtolower($fileext1), $allowed_filetypes) && !in_array(strtolower($file_userfile['type'][$c]), $allowed_filetypes)) 51 { 52 if (!in_array($fileext2, $allowed_filetypes) && !in_array(strtolower($fileext2), $allowed_filetypes) && !in_array(strtolower($file_userfile['type'][$c]), $allowed_filetypes)) 53 { 54 require_once(e_HANDLER."message_handler.php"); 55 message_handler("MESSAGE", "".LANUPLOAD_1." '".$file_userfile['type'][$c]."' ".LANUPLOAD_2.""); 56 return FALSE; 57 require_once(FOOTERF); 58 exit; 59 } 60 } 61 set_magic_quotes_runtime(0); 62 $data = mysql_escape_string(fread(fopen($file_userfile['tmp_name'][$c], "rb"), filesize($file_userfile['tmp_name'][$c]))); 63 set_magic_quotes_runtime(get_magic_quotes_gpc()); 64 $file_name = preg_replace("/[^a-z0-9._]/", "", str_replace(" ", "_", str_replace("%20", "_", strtolower($file_userfile['name'][$c])))); 65 $sql->db_Insert("rbinary", "0, '".$tp -> toDB($file_name, true)."', '".$tp -> toDB($file_userfile['type'][$c], true)."', '$data' "); 66 $uploaded[$c]['name'] = "Binary ".mysql_insert_id()."/".$file_name; 67 $uploaded[$c]['type'] = $file_userfile['type'][$c]; 68 $uploaded[$c]['size'] = $file_userfile['size'][$c]; 69 } 70 } 71 return $uploaded; 72 } 73 /* 74 if (ini_get('open_basedir') != ''){ 75 require_once(e_HANDLER."message_handler.php"); 76 message_handler("MESSAGE", "'open_basedir' restriction is in effect, unable to move uploaded file, deleting ...", __LINE__, __FILE__); 77 return FALSE; 78 } 79 */ 80 81 // echo "<pre>"; print_r($_FILES); echo "</pre>"; exit; 82 83 $files = $_FILES['file_userfile']; 84 if (!is_array($files)) 85 { 86 return FALSE; 87 } 88 89 $c = 0; 90 foreach($files['name'] as $key => $name) 91 { 92 93 if ($files['size'][$key]) 94 { 95 $filesize[] = $files['size'][$key]; 96 $name = preg_replace("/[^a-z0-9._-]/", "", str_replace(" ", "_", str_replace("%20", "_", strtolower($name)))); 97 if ($avatar == "attachment") { 98 $name = time()."_".USERID."_".$fileinfo.$name; 99 } 100 101 $destination_file = getcwd()."/".$uploaddir."/".$name; 102 if ($avatar == "unique" && file_exists($destination_file)) 103 { 104 $name = time()."_".$name; 105 $destination_file = getcwd()."/".$uploaddir."/".$name; 106 } 107 if (file_exists($destination_file) && !$overwrite) 108 { 109 require_once(e_HANDLER."message_handler.php"); 110 message_handler("MESSAGE", LANUPLOAD_10, __LINE__, __FILE__); // duplicate file 111 $f_message .= LANUPLOAD_10 . __LINE__ . __FILE__; 112 $dupe_found = TRUE; 113 } 114 else 115 { 116 $uploadfile = $files['tmp_name'][$key]; 117 $fileext1 = substr(strrchr($files['name'][$key], "."), 1); 118 $fileext2 = substr(strrchr($files['name'][$key], "."), 0); 119 if (!in_array($fileext1, $allowed_filetypes) && !in_array(strtolower($fileext1), $allowed_filetypes) && !in_array(strtolower($files['type'][$c]), $allowed_filetypes)) 120 { 121 if (!in_array($fileext2, $allowed_filetypes) && !in_array(strtolower($fileext2), $allowed_filetypes) && !in_array(strtolower($files['type'][$c]), $allowed_filetypes)) 122 { 123 require_once(e_HANDLER."message_handler.php"); 124 message_handler("MESSAGE", LANUPLOAD_1." ".$files['type'][$key]." ".LANUPLOAD_2.".", __LINE__, __FILE__); 125 $f_message .= LANUPLOAD_1." ".$files['type'][$key]." ".LANUPLOAD_2."." . __LINE__ . __FILE__; 126 return FALSE; 127 require_once(FOOTERF); 128 exit; 129 } 130 } 131 132 $uploaded[$c]['name'] = $name; 133 $uploaded[$c]['type'] = $files['type'][$key]; 134 $uploaded[$c]['size'] = 0; 135 136 $method = (OPEN_BASEDIR == FALSE ? "copy" : "move_uploaded_file"); 137 138 if (@$method($uploadfile, $destination_file)) 139 { 140 @chmod($destination_file, 0644); 141 $_tmp = explode('.', $name); 142 $fext = array_pop($_tmp); 143 $fname = basename($name, '.'.$fext); 144 $tmp = pathinfo($name); 145 $rename = substr($fname, 0, 15).".".time().".".$fext; 146 if (@rename(e_FILE."public/avatars/".$name, e_FILE."public/avatars/".$rename)) 147 { 148 $uploaded[$c]['name'] = $rename; 149 } 150 151 if ($method == "copy") 152 { 153 @unlink($uploadfile); 154 } 155 156 if(!$dupe_found) 157 { // don't display 'success message' when duplicate file found. 158 require_once(e_HANDLER."message_handler.php"); 159 message_handler("MESSAGE", "".LANUPLOAD_3." '".$files['name'][$key]."'", __LINE__, __FILE__); 160 $f_message .= "".LANUPLOAD_3." '".$files['name'][$key]."'.<br />"; 161 } 162 $uploaded[$c]['size'] = $files['size'][$key]; 163 164 } 165 else 166 { 167 $uploaded[$c]['error'] = $files['error'][$key]; 168 switch ($files['error'][$key]) 169 { 170 case 0: 171 $error = LANUPLOAD_4." [".str_replace("../", "", $uploaddir)."]"; 172 break; 173 case 1: 174 $error = LANUPLOAD_5; 175 break; 176 case 2: 177 $error = LANUPLOAD_6; 178 break; 179 case 3: 180 $error = LANUPLOAD_7; 181 break; 182 case 4: 183 $error = LANUPLOAD_8; 184 break; 185 case 5: 186 $error = LANUPLOAD_9; 187 break; 188 } 189 require_once(e_HANDLER."message_handler.php"); 190 message_handler("MESSAGE", LANUPLOAD_11." '".$files['name'][$key]."' <br />".LANUPLOAD_12.": ".$error, __LINE__, __FILE__); 191 $f_message .= LANUPLOAD_11." '".$files['name'][$key]."' <br />".LANUPLOAD_12.": ".$error . __LINE__ . __FILE__; 192 193 } 194 } 195 } 196 $c++; 197 } 198 define("F_MESSAGE", "<br />".$f_message); 199 200 return $uploaded; 201 } 202 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Apr 1 01:23:32 2007 | par Balluche grâce à PHPXref 0.7 |