/upload.php
PHP | 264 lines | 231 code | 14 blank | 19 comment | 36 complexity | 551c56c40f1c40483fdf27d026411a97 MD5 | raw file
- <?php
- define('RAPIDLEECH', 'yes');
- define('CONFIG_DIR', 'configs/');
- define('HOST_DIR', 'hosts/');
- error_reporting(0);
- set_time_limit(0);
- @ini_alter("memory_limit", "1024M");
- @ob_end_clean();
- ob_implicit_flush(TRUE);
- ignore_user_abort(1);
- clearstatcache();
- error_reporting(6135);
- $nn = "\r\n";
- require_once(CONFIG_DIR.'setup.php');
- require_once("classes/other.php");
- define ( 'TEMPLATE_DIR', 'templates/'.$options['template_used'].'/' );
- define('IMAGE_DIR', TEMPLATE_DIR . 'images/');
-
- login_check();
-
- include("classes/http.php");
-
- if(!defined('CRLF')) define('CRLF',"\r\n");
- $_REQUEST['filename']=base64_decode($_REQUEST['filename']);
-
- // Check if requested upload file is within our $options['download_dir']
- // We put basename() because we are quite sure that no one is able to upload things besides the download directory normally
- // htmlentities() prevents XSS attacks
- $_REQUEST['filename'] = htmlentities($options['download_dir'].basename($_REQUEST['filename']));
- $_REQUEST['uploaded'] = htmlentities($_REQUEST['uploaded']);
- // We want to check if the selected upload service is a valid ones
- $d = opendir ( HOST_DIR . "upload/" );
- while ( false !== ($modules = readdir ( $d )) ) {
- if ($modules != "." && $modules != "..") {
- if (is_file ( HOST_DIR . "upload/" . $modules )) {
- if (strpos ( $modules, ".index.php" ))
- include_once (HOST_DIR . "upload/" . $modules);
- }
- }
- }
- if (!in_array($_REQUEST['uploaded'],$upload_services) || !$_REQUEST['uploaded'] || !$_REQUEST['filename']) {
- html_error(lang(46));
- }
-
- $page_title = sprintf(lang(63),basename($_REQUEST['filename']),$_REQUEST['uploaded']);
- require(TEMPLATE_DIR.'/header.php');
- ?>
- <?php
- if (!file_exists($_REQUEST['filename']))
- {
- html_error(sprintf(lang(64),$filename));
- }
-
- if (is_readable($_REQUEST['filename']))
- {
- $lfile=$_REQUEST['filename'];
- $lname=basename($lfile);
- }
- else
- {
- html_error(sprintf(lang(65),$filename));
- }
-
- if (isset ( $_REQUEST ["useuproxy"] ) && (! $_REQUEST ["uproxy"] || ! strstr ( $_REQUEST ["uproxy"], ":" )))
- {
- html_error ( lang(324) );
- }
- else
- {
- $proxy = $_REQUEST ["uproxy"];
- }
-
- if ($_REQUEST ["upauth"])
- {
- $pauth = $_REQUEST ["upauth"];
- }
- else
- {
- $pauth = ($_REQUEST ["uproxyuser"] && $_REQUEST ["uproxypass"]) ? base64_encode ( $_REQUEST ["uproxyuser"] . ":" . $_REQUEST ["uproxypass"] ) : "";
- }
-
- $fsize = getSize($lfile);
-
- echo '<script type="text/javascript">var orlink="' . basename($_REQUEST['filename']) . ' to ' . $_REQUEST['uploaded'] . '";</script>';
-
- if (file_exists("hosts/upload/".$_REQUEST['uploaded'].".php")){
- include_once("hosts/upload/".$_REQUEST['uploaded'].".index.php");
- if ($max_file_size[$_REQUEST['uploaded']]!=false)
- if ($fsize > $max_file_size[$_REQUEST['uploaded']]*1024*1024)
- html_error(lang(66));
- include_once("hosts/upload/".$page_upload[$_REQUEST['uploaded']]);
- }
- else html_error(lang(67));
-
- if ($download_link || $delete_link || $stat_link || $adm_link)
- {
- //Protect down link with http://lix.in/
- /*
- if ($_REQUEST['protect']==1){
- unset($post);
- $post['url'] =$download_link;
- $post['button'] = 'Protect+Link';
- $post['op'] = 'crypt_single';
- $post['reset']='Clear';
- $page = geturl("lix.in",80,"/index.php","http://lix.in/",0,$post);
- $tmp = cut_str($page,"http://lix.in/","'");
- if (!empty($tmp)) $protect = "http://lix.in/".$tmp;
- }
- */
-
- echo "\n<table width=100% border=0>";
- echo ($download_link ? '<tr><td width="100" nowrap="nowrap" align="right"><b>'.lang(68).':</b><td width="80%"><input value="'.$download_link.'" class="upstyles-dllink" readonly="readonly" /></tr>' : '');
- echo ($delete_link ? '<tr><td width="100" nowrap="nowrap" align="right">'.lang(69).':<td width="80%"><input value="'.$delete_link.'" class="upstyles-dellink" readonly="readonly" /></tr>' : '');
- echo ($stat_link ? '<tr><td width="100" nowrap="nowrap" align="right">'.lang(70).':<td width="80%"><input value="'.$stat_link.'" class="upstyles-statlink" readonly="readonly" /></tr>' : '');
- echo ($adm_link ? '<tr><td width="100" nowrap="nowrap" align="right">'.lang(71).':<td width="80%"><input value="'.$adm_link.'" class="upstyles-admlink" readonly="readonly" /></tr>': '');
- echo ($user_id ? '<tr><td width="100" nowrap="nowrap" align="right">'.lang(72).':<td width="80%"><input value="'.$user_id.'" class="upstyles-userid" readonly="readonly" /></tr>': '');
- echo ($ftp_uplink ? '<tr><td width="100" nowrap="nowrap" align="right">'.lang(73).':<td width="80%"><input value="'.$ftp_uplink.'" class="upstyles-ftpuplink" readonly="readonly" /></tr>': '');
- echo ($access_pass ? '<tr><td width="100" nowrap="nowrap" align="right">'.lang(74).':<td width="80%"><input value="'.$access_pass.'" class="upstyles-accesspass" readonly="readonly" /></tr>': '');
- /*echo ($protect ? '<tr><td width="100" nowrap="nowrap" align="right">Protect link:<td width="80%"><input value="'.$protect.'" style="width:470px; border: 1px solid #55AAFF; background-color: #FFFFFF; padding:3px" readonly /></tr>': '');*/
- echo "</table>\n";
-
- if(!file_exists(trim($lfile).".upload.html") && !isset($_GET['auul']) && !$options['upload_html_disable'])
- {
- $html_header = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <title>'.lang(75).'</title>
- <style type="text/css">
- body {
- font-family: tahoma, arial, "times New Roman", georgia, verdana, sans-serif;
- font-size: 11px;
- color: #333333;
- background-color: #EFF0F4;
- margin: 0px;
- padding: 0px;
- }
- .linktitle {
- width: 576px;
- background-color: #C291F9;
- text-align: center;
- padding:3px;
- margin-top: 25px;
- margin-right: auto;
- margin-bottom: 0;
- margin-left: auto;
- border-top-width: 1px;
- border-right-width: 1px;
- border-bottom-width: 0px;
- border-left-width: 1px;
- border-top-style: solid;
- border-right-style: solid;
- border-bottom-style: solid;
- border-left-style: solid;
- border-top-color: #C7C4FB;
- border-right-color: #C7C4FB;
- border-bottom-color: #C7C4FB;
- border-left-color: #C7C4FB;
- }
- .bluefont {
- color: #0E078F;
- font-family: tahoma, arial, "times New Roman", georgia, verdana, sans-serif;
- font-size: 11px;
- }
- hr {
- border-top-width: 0px;
- border-right-width: 0px;
- border-bottom-width: 0px;
- border-left-width: 0px;
- border-top-style: solid;
- height: 1px;
- background-color: #046FC6;
- color: #046FC6;
- border-right-style: solid;
- border-bottom-style: solid;
- border-left-style: solid;
- width: 90%;
- }
- .host .links {
- width: 95%;
- margin:0 auto;
- text-align:left;
- padding:3px 0 3px 10px;
- border: 1px dashed #666666;
- background-color: #F2F1FE;
- }
- .host {
- width: 600px;
- margin: 10px auto 10px;
- }
- .host .links a {
- text-decoration:none;
- color: #666666;
- font-size: 11px;
- }
- .host .links a:hover {
- text-decoration:none;
- color:#E8740B
- }
- .host .title {
- width: 95%;
- margin:0 auto;
- text-align:left;
- padding:3px 0 3px 10px;
- background-color: #C7C4FB;
- color: #000000;
- border-top-width: 1px;
- border-right-width: 1px;
- border-bottom-width: 0px;
- border-left-width: 1px;
- border-top-style: dashed;
- border-right-style: dashed;
- border-bottom-style: dashed;
- border-left-style: dashed;
- border-top-color: #333333;
- border-right-color: #333333;
- border-bottom-color: #333333;
- border-left-color: #333333;
- font-size: 12px;
- font-family: Georgia, "Times New Roman", Times, serif;
- }
- </style>
- </head>
- <body>
- ';
- write_file(trim($lfile).".upload.html", $html_header.sprintf(lang(76),$lname,bytesToKbOrMb($fsize)), 0);
- if (!$options['upload_html_disable']) {
- $html_content = '<div class="host"><div class="title"><strong>'.$_REQUEST['uploaded'].'</strong> - <span class="bluefont">'.date("Y-m-d H:i:s").'</span></div>
- <div class="links">'.
- ($download_link ? '<strong>'.lang(68).': <a href="'.$download_link.'" target="_blank">'.$download_link.' </a></strong>' : '').
- ($delete_link ? '<br />'.lang(69).': <a href="'.$delete_link.'" target="_blank">'.$delete_link.' </a>' : '').
- ($stat_link ? '<br />'.lang(70).': <a href="'.$stat_link.'" target="_blank">'.$stat_link.' </a>' : '').
- ($adm_link ? '<br />'.lang(71).': <a href="'.$adm_link.'" target="_blank">'.$adm_link.' </a>' : '').
- ($user_id ? '<br />'.lang(72).': <a href="'.$user_id.'" target="_blank">'.$user_id.' </a>' : '').
- ($access_pass ? '<br />'.lang(74).': <a href="'.$access_pass.'" target="_blank">'.$access_pass.' </a>' : '').
- ($ftp_uplink ? '<br />'.lang(73).': <a href="'.$ftp_uplink.'" target="_blank">'.$ftp_uplink.' </a>' : '').
- '</div></div>';
- write_file(trim($lfile).".upload.html", $html_content, 0);
- }
- }
- }
- echo $not_done ? "" : '<p><center><b><a href="javascript:window.close();">'.lang(77).'</a></b></center>';
- ?>
- </body>
- </html>
- <?php
- if (isset($_GET['auul'])) {
- ?><script type="text/javascript">parent.nextlink<?php echo $_GET['auul']; ?>();</script><?php
- // Write links to a file
- $file = $options['download_dir']."myuploads.txt"; // Obviously it was a mistake not making it a variable earlier
- if (!$options['myuploads_disable']) {
- if (!$_GET['save_style'] && $_GET['save_style'] !== lang(51)) {
- $dash = "";
- for ($i=0;$i<=80;$i++) $dash.="=";
- write_file($file, $lname."\r\n".$dash."\r\n".$download_link."\r\n\r\n", 0);
- } else {
- $save_style = base64_decode($_GET['save_style']);
- $save_style = str_replace('{link}',$download_link,$save_style);
- $save_style = str_replace('{name}',$lname,$save_style);
- write_file($file, $save_style."\r\n", 0);
- }
- }
- }
- ?>