Файл: world-faces.ru/world-faces.ru/obmen/inc/upload_act.php
Строк: 257
<?
if ($dir_id['upload']==1 && isset($access['obm_fl_upload']) && (!isset($set['obmen_limit_up']) || $set['obmen_limit_up']<=$user['balls'])){
if (isset($_GET['act']) && $_GET['act']=='upload' && isset($_GET['ok']) && $l!='/')
{
if (!isset($_FILES['file'])) $err[]='Ошибка при выгрузке файла';
elseif (strlen2($_POST['nazv'])<2) $err[]='Название минимум 2 символа!';
elseif (!isset($_FILES['file']['tmp_name']) || filesize($_FILES['file']['tmp_name'])>$dir_id['maxfilesize'])$err[]='Размер файла превышает установленные ограничения';
else
{
$file=esc(stripcslashes(htmlspecialchars($_FILES['file']['name'])));
$file=ereg_replace('(#|?)', NULL, $file);
$name=eregi_replace('.[^.]*$', NULL, $file); // имя файла без расширения
$ras=strtolower(eregi_replace('^.*.', NULL, $file));
$type=$_FILES['file']['type'];
$size=filesize($_FILES['file']['tmp_name']);
$rasss=explode(';', $dir_id['ras']);
$ras_ok=false;
for($i=0;$i<count($rasss);$i++)
{
if ($rasss[$i]!=NULL && $ras==$rasss[$i])$ras_ok=true;
}
if (!$ras_ok)$err='Неверное расширение файла';
}
$opis=NULL;
if (isset($_POST['opis']))
$opis=stripslashes(htmlspecialchars(esc($_POST['opis'])));
$nazv=NULL;
if (isset($_POST['nazv']))
$nazv=stripslashes(htmlspecialchars(esc($_POST['nazv'])));
$name .="_vmobe_net";
if (!isset($err))
{
mysql_query("INSERT INTO `obmennik_files` (`id_dir`, `name`, `ras`, `type`, `size`, `time`, `time_last`, `id_user`, `opis`, `nazv`)
VALUES ('$dir_id[id]', '$name', '$ras', '$type', '$size', '$time', '$time', '$user[id]', '$opis', '$nazv')");
$id_file=mysql_insert_id();
if (!@copy($_FILES['file']['tmp_name'], H."sys/obmen/files/$id_file.dat"))
{
mysql_query("DELETE FROM `obmennik_files` WHERE `id` = '$id_file' LIMIT 1");
$err[]='Ошибка при выгрузке';
}
}
if (!isset($err))
{
chmod(H."sys/obmen/files/$id_file.dat", 0666);
if (isset($_FILES['screen']) && $imgc=@imagecreatefromstring(file_get_contents($_FILES['screen']['tmp_name'])))
{
$img_x=imagesx($imgc);
$img_y=imagesy($imgc);
if ($img_x==$img_y)
{
$dstW=128; // ширина
$dstH=128; // высота
}
elseif ($img_x>$img_y)
{
$prop=$img_x/$img_y;
$dstW=128;
$dstH=ceil($dstW/$prop);
}
else
{
$prop=$img_y/$img_x;
$dstH=128;
$dstW=ceil($dstH/$prop);
}
$screen=imagecreatetruecolor($dstW, $dstH);
imagecopyresampled($screen, $imgc, 0, 0, 0, 0, $dstW, $dstH, $img_x, $img_y);
imagedestroy($imgc);
$screen=img_copyright($screen); // наложение копирайта
imagegif($screen,H."sys/obmen/screens/128/$id_file.gif");
imagedestroy($screen);
}
}
}
if ( $set['obmen_import'] && isset($_GET['act']) && $_GET['act'] == 'import' && isset($user) && isset($_POST['file']) ) {
#
function get_mime_type($ext) {
$mime_types = array(
'ez' => 'application/andrew-inset',
'hqx' => 'application/mac-binhex40',
'cpt' => 'application/mac-compactpro',
'doc' => 'application/msword',
'bin' => 'application/octet-stream',
'dms' => 'application/octet-stream',
'lha' => 'application/octet-stream',
'lzh' => 'application/octet-stream',
'exe' => 'application/octet-stream',
'class' => 'application/octet-stream',
'so' => 'application/octet-stream',
'dll' => 'application/octet-stream',
'oda' => 'application/oda',
'pdf' => 'application/pdf',
'ai' => 'application/postscript',
'eps' => 'application/postscript',
'ps' => 'application/postscript',
'smi' => 'application/smil',
'smil' => 'application/smil',
'wbxml' => 'application/vnd.wap.wbxml',
'wmlc' => 'application/vnd.wap.wmlc',
'wmlsc' => 'application/vnd.wap.wmlscriptc',
'bcpio' => 'application/x-bcpio',
'vcd' => 'application/x-cdlink',
'pgn' => 'application/x-chess-pgn',
'cpio' => 'application/x-cpio',
'csh' => 'application/x-csh',
'dcr' => 'application/x-director',
'dir' => 'application/x-director',
'dxr' => 'application/x-director',
'dvi' => 'application/x-dvi',
'spl' => 'application/x-futuresplash',
'gtar' => 'application/x-gtar',
'hdf' => 'application/x-hdf',
'js' => 'application/x-javascript',
'skp' => 'application/x-koan',
'skd' => 'application/x-koan',
'skt' => 'application/x-koan',
'skm' => 'application/x-koan',
'latex' => 'application/x-latex',
'nc' => 'application/x-netcdf',
'cdf' => 'application/x-netcdf',
'sh' => 'application/x-sh',
'shar' => 'application/x-shar',
'swf' => 'application/x-shockwave-flash',
'sit' => 'application/x-stuffit',
'sv4cpio' => 'application/x-sv4cpio',
'sv4crc' => 'application/x-sv4crc',
'tar' => 'application/x-tar',
'tcl' => 'application/x-tcl',
'tex' => 'application/x-tex',
'texinfo' => 'application/x-texinfo',
'texi' => 'application/x-texinfo',
't' => 'application/x-troff',
'tr' => 'application/x-troff',
'roff' => 'application/x-troff',
'man' => 'application/x-troff-man',
'me' => 'application/x-troff-me',
'ms' => 'application/x-troff-ms',
'ustar' => 'application/x-ustar',
'src' => 'application/x-wais-source',
'xhtml' => 'application/xhtml+xml',
'xht' => 'application/xhtml+xml',
'zip' => 'application/zip',
'7z' => 'application/7z',
'rar' => 'application/x-rar',
'gz' => 'application/gzip',
'au' => 'audio/basic',
'snd' => 'audio/basic',
'mid' => 'audio/midi',
'midi' => 'audio/midi',
'kar' => 'audio/midi',
'mpga' => 'audio/mpeg',
'mp2' => 'audio/mpeg',
'mp3' => 'audio/mpeg',
'aif' => 'audio/x-aiff',
'aiff' => 'audio/x-aiff',
'aifc' => 'audio/x-aiff',
'm3u' => 'audio/x-mpegurl',
'ram' => 'audio/x-pn-realaudio',
'rm' => 'audio/x-pn-realaudio',
'rpm' => 'audio/x-pn-realaudio-plugin',
'ra' => 'audio/x-realaudio',
'wav' => 'audio/x-wav',
'pdb' => 'chemical/x-pdb',
'xyz' => 'chemical/x-xyz',
'bmp' => 'image/bmp',
'gif' => 'image/gif',
'ief' => 'image/ief',
'jpeg' => 'image/jpeg',
'jpg' => 'image/jpeg',
'jpe' => 'image/jpeg',
'png' => 'image/png',
'tiff' => 'image/tiff',
'tif' => 'image/tif',
'djvu' => 'image/vnd.djvu',
'djv' => 'image/vnd.djvu',
'wbmp' => 'image/vnd.wap.wbmp',
'ras' => 'image/x-cmu-raster',
'pnm' => 'image/x-portable-anymap',
'pbm' => 'image/x-portable-bitmap',
'pgm' => 'image/x-portable-graymap',
'ppm' => 'image/x-portable-pixmap',
'rgb' => 'image/x-rgb',
'xbm' => 'image/x-xbitmap',
'xpm' => 'image/x-xpixmap',
'xwd' => 'image/x-windowdump',
'igs' => 'model/iges',
'iges' => 'model/iges',
'msh' => 'model/mesh',
'mesh' => 'model/mesh',
'silo' => 'model/mesh',
'wrl' => 'model/vrml',
'vrml' => 'model/vrml',
'css' => 'text/css',
'html' => 'text/html',
'htm' => 'text/html',
'asc' => 'text/plain',
'txt' => 'text/plain',
'php' => 'text/plain',
'cgi' => 'text/plain',
'pl' => 'text/plain',
'rtx' => 'text/richtext',
'rtf' => 'text/rtf',
'sgml' => 'text/sgml',
'sgm' => 'text/sgml',
'tsv' => 'text/tab-seperated-values',
'wml' => 'text/vnd.wap.wml',
'wmls' => 'text/vnd.wap.wmlscript',
'wmlsc' => 'application/vnd.wap.wmlscriptc',
'etx' => 'text/x-setext',
'xml' => 'text/xml',
'xsl' => 'text/xml',
'mpeg' => 'video/mpeg',
'mpg' => 'video/mpeg',
'mpe' => 'video/mpeg',
'qt' => 'video/quicktime',
'mov' => 'video/quicktime',
'mxu' => 'video/vnd.mpegurl',
'avi' => 'video/x-msvideo',
'movie' => 'video/x-sgi-movie',
'3gp' => 'video/3gpp',
'mp4' => 'video/mp4',
'flv' => 'video/flv',
'mms' => 'application/vnd.wap.mms-message',
'rmf' => 'audio/rmf',
'sis' => 'application/vnd.symbian.install',
'sisx' => 'application/vnd.symbian.install',
'jar' => 'application/java-archive',
'jad' => 'text/vnd.sun.j2me.app-descriptor',
'ics' => 'text/calendar',
'vcs' => 'text/x-vcalendar',
'vcf' => 'text/x-vcard',
'emy' => 'text/x-emelody',
'imy' => 'text/x-imelody',
'hid' => 'application/x-tar',
'mmf' => 'application/vnd.smaf',
'mpc' => 'application/vnd.mophun.certificate',
'mpn' => 'application/vnd.mophun.application',
'thm' => 'application/vnd.eri.thm',
'tpl' => 'application/vnd.sonyericsson.mms-template',
'ice' => 'x-conference-xcooltalk',
'ico' => 'image/favicon.ico'
);
return isset($mime_types[$ext]) ? $mime_types[$ext] : 'application/octet-stream';
}
#
$file = trim(stripslashes($_POST['file']));
$name = trim(stripslashes($_POST['name']));
$nazv = trim(stripslashes($_POST['nazv']));
$screen = trim(stripslashes($_POST['screen']));
$opis = mysql_real_escape_string(trim(stripslashes($_POST['opis'])));
$file_de = urldecode($file);
if ( preg_match('~^http://[a-z0-9.-]+.[a-z]{2,}/[a-z0-9.?=,/s-_]+$~i', $file_de) && preg_match('~(.*?).[a-z0-9]+$~i', $name) ) {
/*
if ( preg_match('~^http://[a-z0-9.?=&]+$~i', $file) && preg_match('~(.*?).[a-z0-9]+$~i', $name) ) {
*/
$file = file_get_contents($file);
if ( $file ) {
$name2 = preg_replace('~.[^.]*$~i', null, $name); // имя файла без расширения
$ras = strtolower(preg_replace('~^.*.~i', null, $name));
$type = get_mime_type($ras);
$rasss = explode(';', $dir_id['ras']);
$ras_ok=false;
$count = count($rasss);
for ( $i = 0; $i < $count; $i++ )
if ( $rasss[$i] != NULL && $ras == $rasss[$i] ) $ras_ok = true;
if ( $ras_ok ) {
mysql_query("INSERT INTO `obmennik_files` (`id_dir`, `name`, `ras`, `type`, `size`, `time`, `time_last`, `id_user`, `opis`, `nazv` )
VALUES ('$dir_id[id]', '".mysql_real_escape_string($name2)."', '".mysql_real_escape_string($ras)."', '".mysql_real_escape_string($type)."', '".mysql_real_escape_string($size)."', '$time', '$time', '$user[id]','".mysql_real_escape_string($nazv)."', '".mysql_real_escape_string($opis)."' )");
$id_file=mysql_insert_id();
file_put_contents(H."sys/obmen/files/$id_file.dat", $file);
$size = filesize(H."sys/obmen/files/$id_file.dat");
mysql_query("update `obmennik_files` set `size`='".$size."' where `id`='".$id_file."' limit 1;");
if ( !empty($screen) && preg_match('~^http://[a-z0-9.-]+.[a-z]{2,}/[a-z0-9.?=,/]+$~i', $screen) ) {
$imgc = imagecreatefromstring(file_get_contents($screen));
if ( $imgc ) {
$img_x=imagesx($imgc);
$img_y=imagesy($imgc);
if ($img_x==$img_y)
{
$dstW=128; // ширина
$dstH=128; // высота
}
elseif ($img_x>$img_y)
{
$prop=$img_x/$img_y;
$dstW=128;
$dstH=ceil($dstW/$prop);
}
else
{
$prop=$img_y/$img_x;
$dstH=128;
$dstW=ceil($dstH/$prop);
}
$screen=imagecreatetruecolor($dstW, $dstH);
imagecopyresampled($screen, $imgc, 0, 0, 0, 0, $dstW, $dstH, $img_x, $img_y);
imagedestroy($imgc);
$screen=img_copyright($screen); // наложение копирайта
imagegif($screen,H."sys/obmen/screens/128/$id_file.gif");
imagedestroy($screen);
}
if ( $imgc ) {
$img_x=imagesx($imgc);
$img_y=imagesy($imgc);
if ($img_x==$img_y)
{
$dstW=640; // ширина
$dstH=640; // высота
}
elseif ($img_x>$img_y)
{
$prop=$img_x/$img_y;
$dstW=640;
$dstH=ceil($dstW/$prop);
}
else
{
$prop=$img_y/$img_x;
$dstH=640;
$dstW=ceil($dstH/$prop);
}
$screen=imagecreatetruecolor($dstW, $dstH);
imagecopyresampled($screen, $imgc, 0, 0, 0, 0, $dstW, $dstH, $img_x, $img_y);
imagedestroy($imgc);
$screen=img_copyright($screen); // наложение копирайта
imagegif($screen,H."sys/obmen/screens/640/logo.png");
imagedestroy($screen);
}
}
}
else {
$err='Неверное расширение файла';
unset($file);
}
}
else $err[] = 'Файл не был импортирован';
}
else $err[] = 'Некорректный адрес';
}
}
?>