Файл: modules/index.php
Строк: 73
<?php
/*
*
* @author (Макс) Freedom <by_freedom@bk.ru>
* ICQ 286-0-666
*
*/
func::head('Файлообменник');
echo '<div class="container">';
if ($set['add'] == 2) {
func::err('Выгрузка файлов временно приостановлена!');
echo '</div>';
func::foot();
die();
}
if (isset($_POST['add'])) {
$kod = abs((int)$_POST['kod']);
$pass = func::check($_POST['pass']);
$FileName = func::retrans($_FILES['object']['name']);
$FileSize = $_FILES['object']['size'];
$format = array('.zip','.rar','.7z','.tar','.gz','.apk','.mp3','.amr','.wav','.txt','.pdf','.doc','.docx','.rtf','.djvu','.xls','.xlsx','.sis','.sisx','.jad','.jar','.nth','.jpg','.jpeg','.gif','.png','.bmp','.sis','.sisx','.3gp','.avi','.flv','.mpeg','.mp4','.exe','.msi','.wmf');
$FileName = str_replace("'", "", $FileName);
$FileName = str_replace("#", "", $FileName);
$FileName = str_replace(",", "", $FileName);
$time = DB::$dbs->query("SELECT * FROM files WHERE ip = ? ORDER BY time DESC", [$ip]);
while($t = $time -> fetch()) {
if ((time() - $t['time']) < 10) {
func::err('Нельзя так часто загружать файлы!');
func::foot();
die();
}
}
$ext = strtolower(strrchr($FileName, '.'));
if ($FileSize > (1024 * $set['mb'] * 1024)) {
func::err($lang['files_size'].' '.$set['mb'].' Mb!');
} elseif (empty($FileName)) {
func::err($lang['not_file'].'!');
} elseif (preg_match('/(.php|.pl|.htaccess)/i', $FileName) || !in_array($ext, $format)) {
func::err($lang['format'].'!');
} else {
$sha = sha1($pass.'freed');
$pass = (empty($pass) ? '' : $sha);
$code = sha1(rand(10000,99999).'freed');
$NameFile = 'files/' . mt_rand(1000000, 9999999) . '_' .$FileName;
copy($_FILES['object']['tmp_name'], $_SERVER['DOCUMENT_ROOT'].'/'.$NameFile);
if ($set['auto_del'] != 0) {
$t = time()+$set['auto_del']*24*60*60;
} else {
$t = '';
}
DB::$dbs->query("INSERT INTO `files` SET `url` = ?, `time` = ?, `name` = ?, `size` = ?, `del_time` = ?, `pass` = ?, `ip` = ?, `soft` = ?, `code_del` = ?", array($NameFile,time(),$FileName,$FileSize,$t,$pass,$ip,$soft,$code));
$last = DB::$dbs->lastInsertId();
echo '<div class="list-group"><div class="list-group-item">'.$lang['file_upl'].'!<br/><a href="/'.$last.'">'.$lang['go'].'</a><br/>'.$lang['link_to_del'].':<br/><input type="text" value="http://'.homeurl.'/delfile/'.$code.'" class="form-control"></div></div>';
echo '</div>';
func::foot();
die();
}
}
echo '<div class="list-group-item"><form role="form" action="" method="POST" enctype="multipart/form-data">
<div class="form-group">
<label class="control-label">'.$lang['file'].'</label>
(<font color="red">'.$set['mb'].' мб</font>)
<input type="file" name="object"/>
</div>
<div class="form-group">
<label class="control-label">'.$lang['pass'].'</label>
<input type="text" name="pass" class="form-control" placeholder="'.$lang['not_nec'].'"/></div><button type="submit" name="add" class="btn btn-success">'.$lang['upload'].'</button></form></div>';
echo '<h1 class="text-center">'.$lang['recen_files'].'</h1>
<div class="row">
<div class="col-sm-4">
<div class="list-group">';
$sql = DB::$dbs->query("SELECT * FROM files WHERE pass = ? ORDER BY time DESC LIMIT 10", array(''));
if ($sql -> rowCount() > 0) {
while($a = $sql -> fetch()) {
$format = pathinfo('../'.$a['url']);
echo '<a href="/'.$a['id'].'" class="list-group-item"><img src="/design/ext/'.strtolower($format['extension']).'.png" alt="'.$format['extension'].'" width="16" height="16"/> '.$a['name'].' <span class="badge">'.func::size($a['size']).'</span></a>';
}
}
echo '</div></div></div></div>';
func::foot();
?>