/01.Source/01.CORE/modules/download/funcs/upload.php
PHP | 313 lines | 262 code | 45 blank | 6 comment | 33 complexity | 51d420bf5bf2cae03d0a99d64880cd7b MD5 | raw file
Possible License(s): BSD-3-Clause
- <?php
-
- /**
- * @Project NUKEVIET 3.0
- * @Author VINADES.,JSC (contact@vinades.vn)
- * @Copyright (C) 2010 VINADES., JSC. All rights reserved
- * @Createdate 3-6-2010 0:30
- */
-
- if ( ! defined( 'NV_IS_MOD_DOWNLOAD' ) ) die( 'Stop!!!' );
-
- $page_title = $lang_module['upload'];
-
- $download_config = initial_config_data();
-
- if ( ! $download_config['is_addfile_allow'] )
- {
- Header( "Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name );
- exit();
- }
-
- $list_cats = nv_list_cats( false, false );
-
- if ( empty( $list_cats ) )
- {
- Header( "Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name );
- exit();
- }
-
- $is_error = false;
- $error = "";
-
- if ( $nv_Request->isset_request( 'addfile', 'post' ) )
- {
- @require_once ( NV_ROOTDIR . "/includes/class/upload.class.php" );
-
- $addfile = $nv_Request->get_string( 'addfile', 'post', '' );
-
- if ( empty( $addfile ) or $addfile != md5( $client_info['session_id'] ) )
- {
- Header( "Location: " . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name );
- exit();
- }
-
- $array = array();
-
- $array['catid'] = $nv_Request->get_int( 'upload_catid', 'post', 0 );
- $array['title'] = filter_text_input( 'upload_title', 'post', '', 1, 255 );
- $array['description'] = filter_text_textarea( 'upload_description', '', NV_ALLOWED_HTML_TAGS );
- $array['introtext'] = filter_text_textarea( 'upload_introtext', '', NV_ALLOWED_HTML_TAGS );
- $array['author_name'] = filter_text_input( 'upload_author_name', 'post', '', 1, 100 );
- $array['author_email'] = filter_text_input( 'upload_author_email', 'post', '', 60 );
- $array['author_url'] = filter_text_input( 'upload_author_url', 'post', '', 0, 255 );
- $array['linkdirect'] = filter_text_textarea( 'upload_linkdirect', '' );
- $array['version'] = filter_text_input( 'upload_version', 'post', '', 1, 20 );
- $array['filesize'] = $nv_Request->get_int( 'upload_filesize', 'post', 0 );
- $array['copyright'] = filter_text_input( 'upload_copyright', 'post', '', 1, 255 );
- $array['user_name'] = filter_text_input( 'upload_user_name', 'post', '', 1, 100 );
- $array['user_id'] = 0;
- $seccode = filter_text_input( 'upload_seccode', 'post', '' );
-
- if ( defined( 'NV_IS_USER' ) )
- {
- $array['user_name'] = $user_info['username'];
- $array['user_id'] = $user_info['userid'];
- }
-
- if ( ! empty( $array['author_url'] ) )
- {
- if ( ! preg_match( "#^(http|https|ftp|gopher)\:\/\/#", $array['author_url'] ) )
- {
- $array['author_url'] = "http://" . $array['author_url'];
- }
- }
-
- if ( ! empty( $array['linkdirect'] ) )
- {
- $linkdirect = $array['linkdirect'];
- $linkdirect = nv_nl2br( $linkdirect, "<br />" );
- $linkdirect = explode( "<br />", $linkdirect );
- $linkdirect = array_map( "trim", $linkdirect );
- $linkdirect = array_unique( $linkdirect );
-
- $array['linkdirect'] = array();
- foreach ( $linkdirect as $link )
- {
- if ( ! preg_match( "#^(http|https|ftp|gopher)\:\/\/#", $link ) )
- {
- $link = "http://" . $link;
- }
-
- if ( nv_is_url( $link ) )
- {
- $array['linkdirect'][] = $link;
- }
- }
-
- $array['linkdirect'] = ! empty( $array['linkdirect'] ) ? implode( "\n", $array['linkdirect'] ) : "";
- }
-
- $alias = change_alias( $array['title'] );
-
- $sql = "SELECT COUNT(*) FROM `" . NV_PREFIXLANG . "_" . $module_data . "` WHERE `alias`=" . $db->dbescape( $alias );
- $result = $db->sql_query( $sql );
- list( $is_exists ) = $db->sql_fetchrow( $result );
-
- if ( ! $is_exists )
- {
- $sql = "SELECT COUNT(*) FROM `" . NV_PREFIXLANG . "_" . $module_data . "_tmp` WHERE `title`=" . $db->dbescape( $array['title'] );
- $result = $db->sql_query( $sql );
- list( $is_exists ) = $db->sql_fetchrow( $result );
- }
-
- if ( ! nv_capcha_txt( $seccode ) )
- {
- $is_error = true;
- $error = $lang_module['upload_error1'];
- } elseif ( empty( $array['user_name'] ) )
- {
- $is_error = true;
- $error = $lang_module['upload_error2'];
- } elseif ( empty( $array['title'] ) )
- {
- $is_error = true;
- $error = $lang_module['file_error_title'];
- } elseif ( $is_exists )
- {
- $is_error = true;
- $error = $lang_module['file_title_exists'];
- } elseif ( ! $array['catid'] or ! isset( $list_cats[$array['catid']] ) )
- {
- $is_error = true;
- $error = $lang_module['file_catid_exists'];
- } elseif ( ! empty( $array['author_email'] ) and ( $check_valid_email = nv_check_valid_email( $array['author_email'] ) ) != "" )
- {
- $is_error = true;
- $error = $check_valid_email;
- } elseif ( ! empty( $array['author_url'] ) and ! nv_is_url( $array['author_url'] ) )
- {
- $is_error = true;
- $error = $lang_module['file_error_author_url'];
- }
- else
- {
- $fileupload = "";
- if ( $download_config['is_upload_allow'] )
- {
- if ( isset( $_FILES['upload_fileupload'] ) and is_uploaded_file( $_FILES['upload_fileupload']['tmp_name'] ) )
- {
- $upload = new upload( $global_config['file_allowed_ext'], $global_config['forbid_extensions'], $global_config['forbid_mimes'], $download_config['maxfilesize'], NV_MAX_WIDTH, NV_MAX_HEIGHT );
- $upload_info = $upload->save_file( $_FILES['upload_fileupload'], NV_UPLOADS_REAL_DIR . '/' . $module_name . '/' . $download_config['temp_dir'], false );
-
- @unlink( $_FILES['upload_fileupload']['tmp_name'] );
-
- if ( empty( $upload_info['error'] ) )
- {
- if ( in_array( $upload_info['ext'], $download_config['upload_filetype'] ) )
- {
- mt_srand( ( double )microtime() * 1000000 );
- $maxran = 1000000;
- $random_num = mt_rand( 0, $maxran );
- $random_num = md5( $random_num );
- $nv_pathinfo_filename = nv_pathinfo_filename( $upload_info['name'] );
- $new_name = NV_UPLOADS_REAL_DIR . '/' . $module_name . '/' . $download_config['temp_dir'] . '/' . $nv_pathinfo_filename . '.' . $random_num . '.' . $upload_info['ext'];
-
- $rename = nv_renamefile( $upload_info['name'], $new_name );
-
- if ( $rename[0] == 1 )
- {
- $fileupload = $new_name;
- }
- else
- {
- $fileupload = $upload_info['name'];
- }
-
- @chmod( $fileupload, 0644 );
- $fileupload = str_replace( NV_ROOTDIR . '/', "", $fileupload );
- $fileupload = NV_BASE_SITEURL . $fileupload;
- $array['filesize'] = $upload_info['size'];
- }
- else
- {
- @nv_deletefile( $upload_info['name'] );
- $is_error = true;
- $error = $lang_module['upload_error4'];
- }
- }
- else
- {
- $is_error = true;
- $error = $upload_info['error'];
- }
-
- unset( $upload, $upload_info );
- }
- }
-
- if ( ! $is_error )
- {
- if ( empty( $fileupload ) and empty( $array['linkdirect'] ) )
- {
- $is_error = true;
- $error = $lang_module['file_error_fileupload'];
- }
- else
- {
- $fileimage = "";
- if ( isset( $_FILES['upload_fileimage'] ) and is_uploaded_file( $_FILES['upload_fileimage']['tmp_name'] ) )
- {
- $upload = new upload( array( 'images' ), $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, NV_MAX_WIDTH, NV_MAX_HEIGHT );
- $upload_info = $upload->save_file( $_FILES['upload_fileimage'], NV_UPLOADS_REAL_DIR . '/' . $module_name . '/' . $download_config['temp_dir'], false );
-
- @unlink( $_FILES['upload_fileimage']['tmp_name'] );
-
- if ( empty( $upload_info['error'] ) )
- {
- mt_srand( ( double )microtime() * 1000000 );
- $maxran = 1000000;
- $random_num = mt_rand( 0, $maxran );
- $random_num = md5( $random_num );
- $nv_pathinfo_filename = nv_pathinfo_filename( $upload_info['name'] );
- $new_name = NV_UPLOADS_REAL_DIR . '/' . $module_name . '/' . $download_config['temp_dir'] . '/' . $nv_pathinfo_filename . '.' . $random_num . '.' . $upload_info['ext'];
-
- $rename = nv_renamefile( $upload_info['name'], $new_name );
-
- if ( $rename[0] == 1 )
- {
- $fileimage = $new_name;
- }
- else
- {
- $fileimage = $upload_info['name'];
- }
-
- @chmod( $fileimage, 0644 );
- $fileimage = str_replace( NV_ROOTDIR . "/", "", $fileimage );
- $fileimage = NV_BASE_SITEURL . $fileimage;
- }
- }
-
- $array['description'] = nv_nl2br( $array['description'], "<br />" );
- $array['introtext'] = nv_nl2br( $array['introtext'], "<br />" );
- $array['linkdirect'] = nv_nl2br( $array['linkdirect'], "<br />" );
-
- $sql = "INSERT INTO `" . NV_PREFIXLANG . "_" . $module_data . "_tmp` VALUES (
- NULL,
- " . $array['catid'] . ",
- " . $db->dbescape( $array['title'] ) . ",
- " . $db->dbescape( $array['description'] ) . ",
- " . $db->dbescape( $array['introtext'] ) . ",
- " . NV_CURRENTTIME . ",
- " . $array['user_id'] . ",
- " . $db->dbescape( $array['user_name'] ) . ",
- " . $db->dbescape( $array['author_name'] ) . ",
- " . $db->dbescape( $array['author_email'] ) . ",
- " . $db->dbescape( $array['author_url'] ) . ",
- " . $db->dbescape( $fileupload ) . ",
- " . $db->dbescape( $array['linkdirect'] ) . ",
- " . $db->dbescape( $array['version'] ) . ",
- " . $array['filesize'] . ",
- " . $db->dbescape( $fileimage ) . ",
- " . $db->dbescape( $array['copyright'] ) . ")";
-
- if ( ! $db->sql_query_insert_id( $sql ) )
- {
- $is_error = true;
- $error = $lang_module['upload_error3'];
- }
- else
- {
- $contents = "<div class=\"info_exit\">" . $lang_module['file_upload_ok'] . "</div>";
- $contents .= "<meta http-equiv=\"refresh\" content=\"2;url=" . NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "\" />";
-
- include ( NV_ROOTDIR . "/includes/header.php" );
- echo nv_site_theme( $contents );
- include ( NV_ROOTDIR . "/includes/footer.php" );
- exit;
- }
- }
- }
- }
- }
- else
- {
- $array['catid'] = $array['filesize'] = 0;
- $array['title'] = $array['description'] = $array['introtext'] = $array['author_name'] = $array['author_email'] = $array['author_url'] = $array['linkdirect'] = $array['version'] = $array['copyright'] = $array['user_name'] = "";
- if ( defined( 'NV_IS_USER' ) )
- {
- $array['user_name'] = $user_info['username'];
- $array['user_id'] = $user_info['userid'];
- }
- }
-
- if ( ! $array['filesize'] ) $array['filesize'] = '';
-
- if ( ! empty( $array['description'] ) ) $array['description'] = nv_htmlspecialchars( $array['description'] );
- if ( ! empty( $array['introtext'] ) ) $array['introtext'] = nv_htmlspecialchars( $array['introtext'] );
-
- $array['disabled'] = "";
- if ( defined( 'NV_IS_USER' ) )
- {
- $array['disabled'] = " disabled=\"disabled\"";
- }
- $array['addfile'] = md5( $client_info['session_id'] );
-
- $contents = theme_upload( $array, $list_cats, $download_config, $error );
-
- include ( NV_ROOTDIR . "/includes/header.php" );
- echo nv_site_theme( $contents );
- include ( NV_ROOTDIR . "/includes/footer.php" );
-
- ?>