<?php
define ( 'UPLOAD_PHP', 1 );
require_once ( 'includes/commons.inc.php' );
$tpl_upload = new Template ( TPL_DIR . 'tpl_upload.php' );
$tpl_img = new Template ( TPL_DIR . 'tpl_img.php' );
$tpl_error = new Template ( TPL_DIR . 'tpl_error.php' );
$zip_enabled = function_exists ( 'zip_open' );
$tpl_upload->set ( 'zip_enabled', $zip_enabled );
function validate_uploaded_file ( &$file, &$errors, &$uploaded )
{
global $lang_upload, $UPL, $user_root, $upload_to, $overwrite, $max_storage, $space_used, $max_file_size, $file_types, $images_only, $dest_path;
// exceeds php limit
if ( $file['error'] == 1 )
{
$errors [] = parse ( $lang_upload['upl_php_exceed'], array ( '{filename}' => $file['name'], '{max_file_size}' => ini_get ( 'upload_max_filesize' ) ) );
return false;
}
// Skip empty fields
if ( $file['error'] == 4 || ( $file['size'] == 0 && $file['tmp_name'] == '' ) )
{
return false;
}
// partial upload
if ( $file['error'] == 3 )
{
$errors [] = parse ( $lang_upload['upl_partial_upload'], '{filename}', $file['name'] );
return false;
}
// empty files
if ( $file['size'] == 0 )
{
$errors [] = parse ( $lang_upload['upl_empty_file'], '{filename}', $file['name'] );
return false;
}
// no PHP errors, check for user restrictions and other stuffs below.
// where file will go to
$dest_path = $user_root . $upload_to . '/' . $file['name'];
// file exists
if ( file_exists ( $dest_path ) )
{
// come up with a new name for the file
if ( $overwrite == 'rename' )
{
$fname = get_filename ( $file['name'] );
$fext = get_extension ( $file['name'] );
$try = $fname . '(1)' . ( $fext != '' ? '.' . $fext : '' );
// keep trying until file does not exists
for ( $i = 2; file_exists ( $user_root . $upload_to . '/' . $try ); $i++ )
{
$try = $fname . "($i)" . ( $fext != '' ? '.' . $fext : '' );
}
// set current name to new name
$dest_path = $user_root . $upload_to . '/' . $try;
$file['name'] = $try;
}
elseif ( $overwrite == 'skip' )
{
$errors [] = parse ( $lang_upload['upl_skipped'], '{filename}', $file['name'] );
// go on to next file
return false;
}
}
// no more space
if ( $max_storage > 0 && $space_used >= $max_storage )
{
$errors [] = parse ( $lang_upload['upl_storage_full'], '{filename}', $file['name'] );
return false;
}
// bad file extension
if ( $UPL['SETTINGS']['filetypes'] != '' && in_array ( get_extension ( $file['name'] ), explode ( ',', $UPL['SETTINGS']['filetypes'] ) ) )
{
$errors [] = parse ( $lang_upload['upl_bad_extension'], '{filename}', $file['name'] );
return false;
}
// filename is invalid, cannot start with a dot
if ( !preg_match ( '#[a-z0-9]#i', $file['name'][0] ) )
{
$errors [] = parse ( $lang_upload['upl_bad_name_start'], '{filename}', $file['name'] );
return false;
}
// filename is invalid (no bad characters)
if ( preg_match ( $UPL['CONFIGS']['REGEX_INVALID_CHARS'], $file['name'] ) )
{
$errors [] = parse ( $lang_upload['upl_bad_chars'], '{filename}', $file['name'] );
return false;
}
// file is too big
if ( $max_file_size > 0 && $file['size'] >= $max_file_size )
{
$errors [] = parse ( $lang_upload['upl_max_size'], array ( '{filename}' => $file['name'], '{max_file_size}' => get_size ( $max_file_size, 'B', 0 ) ) );
return false;
}
// file type allowed?
if ( !$images_only && $file_types != '' && ( !in_array ( get_extension ( $file['name'] ), explode ( ',', $file_types ) ) ) )
{
$errors [] = parse ( $lang_upload['upl_ext_not_alllowed'], '{filename}', $file['name'] );
return false;
}
// is file an image?
if ( $images_only && !is_image ( $file['tmp_name'] ) )
{
$errors [] = parse ( $lang_upload['upl_not_image'], '{filename}', $file['name'] );
return false;
}
return true;
}
function process_zip_file ( $file )
{
$zip = @zip_open ( $file );
if ( !$zip )
{
return false;
}
else
{
while ( $zip_entry = zip_read ( $zip ) )
{
if ( zip_entry_open ( $zip, $zip_entry, 'r' ) )
{
$tmp_name = tempnam ( "/tmp", "zip" );
$buf = zip_entry_read ( $zip_entry, zip_entry_filesize ( $zip_entry ) );
$fp = fopen ( $tmp_name, 'ab' );
if ( !$fp ) exit ( 'Could not create temporary file' );
fwrite ( $fp, $buf );
fclose ( $fp );
$_FILES[] = array
(
'name' => str_replace ( '/', '_', zip_entry_name ( $zip_entry ) ),
'size' => zip_entry_filesize ( $zip_entry ),
'tmp_name' => $tmp_name,
'type' => 'none',
'error' => 0
);
zip_entry_close ( $zip_entry );
}
}
zip_close ( $zip );
}
}
// user paths
$user_root = $UPL['SETTINGS']['userfiles_dir'] . $UPL['USER']['id'] . '/';
$user_url = $UPL['SETTINGS']['userfiles_url'] . $UPL['USER']['id'] . '/';
if ( !is_dir ( $user_root ) )
{
$tpl_message->set ( 'message', parse ( $lang_upload['upl_folder_no_exists'], '{username}', $UPL['USER']['name'] ) );
$tpl_uploader->setr ( 'content', $tpl_message );
exit ( $tpl_uploader->display ( ) );
}
// get user inputs
$upload_to = gpc ( 'upload_to', 'G', '' );
// user contents
$user_contents = get_contents ( $user_root );
$space_used = $user_contents['total_size'];
// folders
$user_folders =& $user_contents['dirs'];
$count = count ( $user_folders );
for ( $i = 0; $i < $count; $i++ )
{
$user_folders[$i]['selected'] = $user_folders[$i]['path'] == $upload_to;
$user_folders[$i]['path'] = path_encode ( $user_folders[$i]['path'] );
}
$tpl_upload->setr ( 'user_folders', $user_folders );
// user restrictions, all sizes are in Bytes
$max_storage = $UPL['USER']['fl_max_storage'] * 1024 * 1024;
$file_types = $UPL['USER']['fl_allowed_filetypes'];
$images_only = $UPL['USER']['fl_images_only'];
$max_file_size = $UPL['USER']['fl_max_filesize'] * 1024;
$restr = array
(
'max_file_size' => $max_file_size > 0 ? get_size ( $max_file_size, 'B', 0 ) : $lang_misc['unlimited'],
'file_types' => str_replace ( ',', ', ', $file_types ),
'images_only' => $images_only,
);
$tpl_upload->setr ( 'restrictions', $restr );
// User exceeded storage limit?
if ( ( $max_storage > 0 ) && $space_used >= $max_storage )
{
$tpl_message->set ( 'message', $lang_upload['upl_storage_limit'] );
$tpl_uploader->setr ( 'content', $tpl_message );
exit ( $tpl_uploader->display ( ) );
}
// Now it's ok to upload. Wut doing?
if ( $action == 'checkfile' )
{
// check if a file exists in the "upload_to" folder
$file = gpc ( 'file', 'G', '' );
$folder = path_decode ( gpc ( 'folder', 'G', '' ) );
$file = basename ( str_replace ( '\\', '/', $file ) );
$path = $user_root . '/' . $folder . '/' . $file;
if ( is_file ( $path ) )
{
print parse ( $lang_upload['upl_file_exists_warn'], array ( '{file}' => htmlentities ( $file ), '{folder}' => ( $folder == '' ? $lang_misc['main_folder'] : basename ( $folder ) ) ) );
}
}
elseif ( $action == 'upload' )
{
// options
$overwrite = gpc ( 'overwrite_option', 'P', 'skip' );
$post_action = gpc ( 'post_action', 'P', '' );
$upload_to = path_decode ( gpc ( 'upload_to', 'P' ) );
$create_thumbs = gpc ( 'create_thumbnails', 'P', 0 );
$create_img_tags = gpc ( 'create_img_tags', 'P', 0 );
$extract_zip_files = gpc ( 'extract_zip_files', 'P', 0 );
// security check
if ( strstr ( "/$upload_to/", '../' ) )
{
exit ( SECURITY_ERROR );
}
$errors = array ( );
$uploaded = array ( );
// Process zip files
if ( $zip_enabled && $extract_zip_files )
{
while ( list ( $name , $file ) = each ( $_FILES ) )
{
if ( is_zip ( $file['tmp_name'] ) )
{
process_zip_file ( $file['tmp_name'] );
unset ( $_FILES[$name] );
}
}
reset ( $_FILES );
}
while ( list ( $name, $file ) = each ( $_FILES ) )
{
if ( !validate_uploaded_file ( $file, $errors, $uploaded ) )
{
if ( is_file ( $file['tmp_name'] ) )
{
unlink ( $file['tmp_name'] );
}
continue;
}
if ( is_file ( $dest_path ) ) unlink ( $dest_path );
if ( !rename ( $file['tmp_name'], $dest_path ) )
{
$errors [] = parse ( $lang_upload['upl_cant_move'], '{file}', $file['name'] );
}
else
{
// clear cache
clear_contents_cache ( $user_root );
// chmod the file
@change_mode ( $dest_path, $UPL['CONFIGS']['CHMOD_TO'] );
// watermark the file if it's an image
if ( ( $UPL['SETTINGS']['wm'] == 'always' || ( $UPL['SETTINGS']['wm'] == 'user' && $UPL['USER']['fl_watermark'] ) ) && is_image ( $dest_path, true ) )
{
img_wmark ( $dest_path, $UPL['SETTINGS']['wm_path'], $UPL['CONFIGS']['WATERMARK_TOP'], $UPL['CONFIGS']['WATERMARK_LEFT'] );
}
// create thumbnails?
if ( $create_thumbs && is_image ( $dest_path, true ) )
{
$image_inf = getimagesize ( $dest_path );
$image_ratio = $image_inf[1] / $image_inf[0];
$new_width = $UPL['CONFIGS']['THUMBNAIL_WIDTH'];
$new_height= ceil ( $new_width * $image_ratio );
$thumb_name = get_filename ( $dest_path ) . '_thumb.' . get_extension ( $dest_path );
$thumb_created = true;
$thumb_url = $UPL['SETTINGS']['userfiles_url'] . $UPL['USER']['id'] . '/' . ( $upload_to != '' ? $upload_to . '/' : '' ) . rawurlencode ( basename ( $thumb_name ) );
if ( img_resize ( $dest_path, $thumb_name, $new_width, $new_height, $UPL['CONFIGS']['THUMBNAIL_BORDER'] ) )
{
$space_used += filesize ( $thumb_name );
}
}
else
{
$thumb_created = false;
$thumb_url = '';
}
// upload successul
$space_used += $file['size'];
//log upload
if ( $UPL['SETTINGS']['log'] >= 1 )
{
$log_file = LOGS_DIR . date ( 'M_d_Y' ) . '.log';
$fp = fopen ( $log_file, 'a+' );
if ( $fp )
{
fwrite ( $fp, sprintf ( "%s(%s) uploaded %s at %s\r\n", $UPL['USER']['name'], $_SERVER['REMOTE_ADDR'], $file['name'], date ( 'h:mA' ) ) );
fclose ( $fp );
}
}
// list of uploaded files
$uploaded [] = array ( 'name' => $file['name'], 'url' => $UPL['SETTINGS']['userfiles_url'] . $UPL['USER']['id'] . '/' . ( $upload_to != '' ? $upload_to . '/' : '' ) . rawurlencode ( $file['name'] ), 'size' => get_size ( $file['size'] ), 'has_thumb' => $thumb_created, 'thumb_url' => $thumb_url );
}
} // end uploaded files loop
// any errors to show?
if ( count ( $errors ) )
{
$tpl_message->set ( 'message', implode ( $errors, '<br />' ) );
$tpl_message->set ( 'back_url', 'upload.php' );
$tpl_uploader->setr ( 'content', $tpl_message );
$tpl_uploader->display ( );
}
elseif ( count ( $uploaded ) )
{
// img tags?
if ( $create_img_tags )
{
// show img tags
$tpl_img->setr ( 'images', $uploaded );
$tpl_img->set ( 'back_url', 'myfiles.php?sb=date&so=dsc' . ( $upload_to == '' ? '' : '&folder=' . path_encode ( $upload_to ) ) );
$tpl_uploader->set ( 'page_title', '[IMG] Tags' );
$tpl_uploader->setr ( 'content', $tpl_img );
$tpl_uploader->display ( );
}
else
{
// go back to myfiles
header ( 'Location: myfiles.php?sb=date&so=dsc' . ( $upload_to == '' ? '' : '&folder=' . path_encode ( $upload_to ) ) );
}
}
else
{
header ( 'Location: upload.php?upload_to=' . path_encode ( $upload_to ) );
}
}
else
{
// display upload form
$tpl_upload->set ( 'cancel_url', 'myfiles.php' . ( $upload_to != '' ? '?folder=' . path_encode ( $upload_to ) : '' ) );
$tpl_upload->set ( 'upload_to', rawurlencode ( $upload_to ) );
$tpl_uploader->set ( 'page_title', 'File upload' );
$tpl_uploader->set ( 'content', $tpl_upload );
$tpl_uploader->display ( );
}
?>