class_forumupload.php

/source/class/class_forumupload.php

https://github.com/sichen/hrmmdiscuz · PHP · 125 lines · 101 code · 18 blank · 6 comment · 35 complexity · e89da48403195419e5771bc09503f979 MD5 · raw file


<?php



/**

 *      [Discuz!] (C)2001-2099 Comsenz Inc.

 *      This is NOT a freeware, use is subject to license terms

 *

 *      $Id: class_forumupload.php 19297 2010-12-27 05:55:47Z monkey $

 */



class forum_upload {



	var $uid;

	var $aid;

	var $simple;

	var $statusid;

	var $attach;

	var $error_sizelimit;



	function forum_upload() {

		global $_G;



		$_G['uid'] = $this->uid = intval($_G['gp_uid']);

		$swfhash = md5(substr(md5($_G['config']['security']['authkey']), 8).$this->uid);

		$this->aid = 0;

		$this->simple = !empty($_G['gp_simple']) ? $_G['gp_simple'] : 0;



		if($_G['gp_hash'] != $swfhash) {

			$this->uploadmsg(10);

		}



		$_G['groupid'] = intval(DB::result_first("SELECT groupid FROM ".DB::table('common_member')." WHERE uid='".$this->uid."'"));

		loadcache('usergroup_'.$_G['groupid']);

		$_G['group'] = $_G['cache']['usergroup_'.$_G['groupid']];



		require_once libfile('class/upload');



		$upload = new discuz_upload();

		$upload->init($_FILES['Filedata'], 'forum');

		$this->attach = &$upload->attach;



		if($upload->error()) {

			$this->uploadmsg(2);

		}



		$allowupload = !$_G['group']['maxattachnum'] || $_G['group']['maxattachnum'] && $_G['group']['maxattachnum'] > getuserprofile('todayattachs');;

		if(!$allowupload) {

			$this->uploadmsg(6);

		}



		if($_G['group']['attachextensions'] && (!preg_match("/(^|\s|,)".preg_quote($upload->attach['ext'], '/')."($|\s|,)/i", $_G['group']['attachextensions']) || !$upload->attach['ext'])) {

			$this->uploadmsg(1);

		}



		if(empty($upload->attach['size'])) {

			$this->uploadmsg(2);

		}



		if($_G['group']['maxattachsize'] && $upload->attach['size'] > $_G['group']['maxattachsize']) {

			$this->error_sizelimit = $_G['group']['maxattachsize'];

			$this->uploadmsg(3);

		}



		if($type = DB::fetch_first("SELECT maxsize FROM ".DB::table('forum_attachtype')." WHERE extension='".addslashes($upload->attach['ext'])."'")) {

			if($type['maxsize'] == 0) {

				$this->error_sizelimit = 'ban';

				$this->uploadmsg(4);

			} elseif($upload->attach['size'] > $type['maxsize']) {

				$this->error_sizelimit = $type['maxsize'];

				$this->uploadmsg(5);

			}

		}



		if($upload->attach['size'] && $_G['group']['maxsizeperday']) {

			$todaysize = getuserprofile('todayattachsize') + $upload->attach['size'];

			if($todaysize >= $_G['group']['maxsizeperday']) {

				$this->error_sizelimit = 'perday|'.$_G['group']['maxsizeperday'];

				$this->uploadmsg(11);

			}

		}

		updatemembercount($_G['uid'], array('todayattachs' => 1, 'todayattachsize' => $upload->attach['size']));

		$upload->save();

		if($upload->error() == -103) {

			$this->uploadmsg(8);

		} elseif($upload->error()) {

			$this->uploadmsg(9);

		}

		$thumb = $remote = $width = 0;

		if($_G['gp_type'] == 'image' && !$upload->attach['isimage']) {

			$this->uploadmsg(7);

		}

		if($upload->attach['isimage']) {

			if($_G['setting']['thumbstatus']) {

				require_once libfile('class/image');

				$image = new image;

				$thumb = $image->Thumb($upload->attach['target'], '', $_G['setting']['thumbwidth'], $_G['setting']['thumbheight'], $_G['setting']['thumbstatus'], $_G['setting']['thumbsource']) ? 1 : 0;

				$width = $image->imginfo['width'];

			}

			if($_G['setting']['thumbsource'] || !$_G['setting']['thumbstatus']) {

				list($width) = @getimagesize($upload->attach['target']);

			}

		}

		if($_G['gp_type'] != 'image' && $upload->attach['isimage']) {

			$upload->attach['isimage'] = -1;

		}

		$this->aid = $aid = getattachnewaid($this->uid);

		DB::query("INSERT INTO ".DB::table('forum_attachment_unused')." (aid, dateline, filename, filesize, attachment, isimage, uid, thumb, remote, width)

			VALUES ('$aid', '$_G[timestamp]', '".$upload->attach['name']."', '".$upload->attach['size']."', '".$upload->attach['attachment']."', '".$upload->attach['isimage']."', '".$this->uid."', '$thumb', '$remote', '$width')");

		$this->uploadmsg(0);

	}



	function uploadmsg($statusid) {

		global $_G;

		$this->error_sizelimit = !empty($this->error_sizelimit) ? $this->error_sizelimit : 0;

		if($this->simple == 1) {

			echo 'DISCUZUPLOAD|'.$statusid.'|'.$this->aid.'|'.$this->attach['isimage'].'|'.$this->error_sizelimit;

		} elseif($this->simple == 2) {

			echo 'DISCUZUPLOAD|'.($_G['gp_type'] == 'image' ? '1' : '0').'|'.$statusid.'|'.$this->aid.'|'.$this->attach['isimage'].'|'.$this->attach['attachment'].'|'.$this->attach['name'].'|'.$this->error_sizelimit;

		} else {

			echo $statusid ? 'error' : $this->aid;

		}

		exit;

	}

}



?>

Alerts (19)

'var' Legacy var keyword detected; use public/private/protected for class properties
12 13 14 15 16 17
'global $' Use of global variables; prefer dependency injection or function parameters
20 112
'md5(' Weak hashing detected; use password_hash() with PASSWORD_DEFAULT for secure password storage
23
Complexity hotspot; lines 45 to 46 (total complexity: 3)
45 46
Complexity hotspot; line 50 (total complexity: 3)
50
Complexity hotspot; lines 63 to 64 (total complexity: 3)
63 64
Complexity hotspot; line 88 (total complexity: 3)
88
Complexity hotspot; line 102 (total complexity: 3)
102
Complexity hotspot; lines 116 to 118 (total complexity: 3)
116 117 118