Файл: modules/plugin/imp.php
Строк: 63
<?php
/*
*
* @author (Макс) Freedom <by_freedom@bk.ru>
* ICQ 286-0-666
*
*/
func::head($lang['import']);
echo '<div class="container">';
if ($set['add'] == 2) {
func::err('Выгрузка файлов временно приостановлена!');
echo '</div>';
func::foot();
die();
}
echo '<div class="list-group"><div class="list-group-item">'.$lang['prav'] . '!</div></div>';
if (isset($_POST['add'])) {
$url = htmlentities($_POST['url']);
$pass = func::check($_POST['pass']);
$kod = func::check($_POST['kod']);
$file = func::getWithOutPath($url);
$format = strtolower(strrchr($file, '.'));
$ext = array('.zip','.rar','.7z','.tar','.gz','.apk','.mp3','.amr','.wav','.txt','.pdf','.doc','.docx','.rtf','.djvu','.xls','.xlsx','.sis','.sisx','.jad','.jar','.nth','.jpg','.jpeg','.gif','.png','.bmp','.sis','.sisx','.3gp','.avi','.flv','.mpeg','.mp4','.exe','.msi','.wmf');
$time = DB::$dbs->query("SELECT * FROM files WHERE ip = ? ORDER BY time DESC", [$ip]);
while($t = $time -> fetch()) {
if ((time() - $t['time']) < 10) {
func::err('Нельзя так часто загружать файлы!');
func::foot();
die();
}
}
$f = fopen($url, 'r');
while($c = fread($f, 1024)) $filedata .= $c;
if (!$f)
{
func::err($lang['error_import']);
}
elseif (preg_match('/(.php|.pl|.htaccess)/i', $file) || !in_array($format, $ext))
{
func::err($lang['format']);
} elseif (strlen($filedata) > (1024 * $set['mb'] * 1024)) {
func::err($lang['files_size'].' '.$set['mb'].' mb!');
} else {
$file = func::retrans($file);
$file = str_replace("'", "", $file);
$file = str_replace("#", "", $file);
$file = str_replace(",", "", $file);
$NameFile = 'files/' . mt_rand(1000000, 9999999) . '_' . $file;
file_put_contents($NameFile, $filedata);
$sha = sha1($pass.'freed');
$pass = (empty($pass) ? '' : $sha);
if ($set['auto_del'] != 0) {
$t = time()+$set['auto_del']*24*60*60;
} else {
$t = '';
}
$code = sha1(rand(10000,99999).'freed');
$size = filesize($_SERVER['DOCUMENT_ROOT'].'/'.$NameFile);
DB::$dbs->query("INSERT INTO `files` SET `url` = ?, `time` = ?,`name` = ?, `size` = ?, `del_time` = ?, `pass` = ?, `ip` = ?, `soft` = ?, `code_del` = ?", array($NameFile,time(),$file,$size,$t,$pass,$ip,$soft,$code));
$last = DB::$dbs->lastInsertId();
echo '<div class="list-group"><div class="list-group-item">'.$lang['file_upl'].'!<br/><a href="/'.$last.'">'.$lang['go'].'</a><br/>'.$lang['link_to_del'].':<br/><input type="text" value="http://'.homeurl.'/delfile/'.$code.'" class="form-control"></div></div>';
echo '</div>';
func::foot();
die();
}
}
echo '<div class="list-group-item"><form role="form" action="" method="POST" enctype="multipart/form-data"> <div class="form-group">
<label for="import">'.$lang['link_to_import'].':</label>
(<font color="red">'.$set['mb'].' мб</font>)
<input type="text" value="http://" name="url" class="form-control"/></div>
<div class="form-group">
<label for="pass">'.$lang['pass'].'</label>
<input type="password" name="pass" class="form-control" id="pass" placeholder="'.$lang['not_nec'].'"/></div>
<button type="submit" class="btn btn-success" name="add">'.$lang['upload'].'</button></form></div>';
echo '</div>';
func::foot();
?>