uploads.php

一个全功能的国外博客商业程序

<?
$page = "uploads.php";
include "header.php";

if($group_info[allow_uploads] != "1") { exit(); }

if(isset($_POST['task'])) { $task = $_POST['task']; } elseif(isset($_GET['task'])) { $task = $_GET['task']; } else { $task = "main"; }

if(isset($_POST['s'])) { $s = $_POST['s']; } elseif(isset($_GET['s'])) { $s = $_GET['s']; } else { $s = "dd"; }

$t = "t";
$d = "dd";
$f = "fd";

if($s == "d") {
$sort = "date";
$d = "dd";
} elseif($s == "dd") {
$sort = "date DESC";
$d = "d";
} elseif($s == "t") {
$sort = "filename";
$t = "td";
} elseif($s == "td") {
$sort = "filename DESC";
$t = "t";
} elseif($s == "f") {
$sort = "filesize";
$f = "fd";
} elseif($s == "fd") {
$sort = "filesize DESC";
$f = "f";
} else {
$sort = "date";
$d = "dd";
$s = "d";
}


if($task == "doupload") {
$file_name = $_FILES['file']['name'];
$file_type = $_FILES['file']['type'];
$file_size = $_FILES['file']['size'];
$file_tempname = $_FILES['file']['tmp_name'];
$file_error = $_FILES['file']['error'];

// REPLACE SPACES, STRIP OTHER BAD CHARS
$file_name = str_replace(" ", "_", $file_name);
$file_name = str_replace("?", "", $file_name);
$file_name = str_replace("&", "", $file_name);
$file_name = str_replace("=", "", $file_name);
$file_name = str_replace("#", "", $file_name);
$file_name = str_replace("%", "", $file_name);
$file_name = str_replace("'", "", $file_name);
$file_name = str_replace("\"", "", $file_name);
$file_name = stripslashes($file_name);


// GET NEW FILE EXTENSION
$ext = strtolower(strrchr($file_name, "."));
$ext = str_replace(".", "", $ext);

// CHECK THAT FIELD IS NOT EMPTY
if(!isset($file_name) OR $file_name == "") {
$errormsg = "<b>$uploads1</b>";
}

// GET EXTENSION LIST
if(!isset($errormsg)) {

$extensions_case = strtolower($group_info[uploads_extensions]);
$extensions = explode(",", $extensions_case);
$extlist = str_replace(",", ", ", $group_info['uploads_extensions']);
$extlist = str_replace(",  ", ", ", $extlist);

// SEARCH FOR NEW FILE EXTENSION IN THE EXTENSION LIST
if(!in_array($ext, $extensions)) {
$errormsg = "<b>$uploads2 $extlist</b>";
}
}



// CHECK COMMON FILES FOR CORRECT MIME TYPES
if(!isset($errormsg)) {
$type = strtolower($file_type);

if($ext == "jpg" OR $ext == "jpeg" OR $ext == "jpe") { 
if($type != "image/jpeg" AND $type != "image/jpg" AND $type != "image/jpe" AND $type != "image/pjpeg" AND $type != "image/pjpg" AND $type != "image/x-jpeg" AND $type != "image/x-jpg") {
$errormsg = $uploads27;
}}

elseif($ext == "gif") { 
if($type != "image/gif" AND $type != "image/x-gif") {
$errormsg = $uploads27;
}}

elseif($ext == "png") { 
if($type != "image/png" AND $type != "image/x-png") {
$errormsg = $uploads27;
}}

elseif($ext == "tiff") { 
if($type != "image/tif" AND $type != "image/tiff") {
$errormsg = $uploads27;
}}

elseif($ext == "bmp") { 
if($type != "image/bmp" AND $type != "image/x-bmp") {
$errormsg = $uploads27;
}}

elseif($ext == "html" OR $ext == "htm") { 
if($type != "text/html") {
$errormsg = $uploads27;
}}

elseif($ext == "css") { 
if($type != "text/css") {
$errormsg = $uploads27;
}}

elseif($ext == "txt") { 
if($type != "text/plain") {
$errormsg = $uploads27;
}}

elseif($ext == "xml") { 
if($type != "text/xml") {
$errormsg = $uploads27;
}}

elseif($ext == "mpeg" OR $ext == "mpg" OR $ext == "mpe") { 
if($type != "video/mpeg" AND $type != "video/x-mpeg") {
$errormsg = $uploads27;
}}

elseif($ext == "mp3" OR $ext == "mp2" OR $ext == "mpga") { 
if($type != "audio/mpeg" AND $type != "audio/x-mpeg") {
$errormsg = $uploads27;
}}

elseif($ext == "kar" OR $ext == "mid" OR $ext == "midi") { 
if($type != "audio/midi" AND $type != "audio/mid") {
$errormsg = $uploads27;
}}

elseif($ext == "aif" OR $ext == "aifc" OR $ext == "aiff") { 
if($type != "audio/x-aiff") {
$errormsg = $uploads27;
}}

elseif($ext == "wav") { 
if($type != "audio/x-wav" AND $type != "audio/wav") {
$errormsg = $uploads27;
}}

elseif($ext == "ram" OR $ext == "ra") { 
if($type != "audio/x-pn-realaudio") {
$errormsg = $uploads27;
}}

elseif($ext == "zip") { 
if($type != "application/zip" AND $type != "application/x-zip" AND $type != "application/x-zip-compressed") {
$errormsg = $uploads27;
}}

elseif($ext == "pdf") { 
if($type != "application/pdf") {
$errormsg = $uploads27;
}}

elseif($ext == "doc") { 
if($type != "application/msword") {
$errormsg = $uploads27;
}}

elseif($ext == "rtf") { 
if($type != "application/rtf") {
$errormsg = $uploads27;
}}

elseif($ext == "rtx") { 
if($type != "application/richtext") {
$errormsg = $uploads27;
}}

elseif($ext == "xls") { 
if($type != "application/x-excel") {
$errormsg = $uploads27;
}}

elseif($ext == "gz") { 
if($type != "application/x-gzip") {
$errormsg = $uploads27;
}}

elseif($ext == "js") { 
if($type != "application/x-javascript") {
$errormsg = $uploads27;
}}

elseif($ext == "pps" OR $ext == "ppt" OR $ext == "ppz") { 
if($type != "application/x-javascript") {
$errormsg = $uploads27;
}}

elseif($ext == "sit") { 
if($type != "application/x-stuffit") {
$errormsg = $uploads27;
}}

elseif($ext == "tar") { 
if($type != "application/x-tar") {
$errormsg = $uploads27;
}}

if(isset($errormsg)) { $errormsg = "<b>$errormsg</b>"; }
}

// CALCULATE SPACE ALLOWED
if(!isset($errormsg)) {
$space_allowed = $group_info[uploads_space] * 1024;

// CALCULATE SPACE USED, PLUS NEW FILE
$files = mysql_query("SELECT * FROM bhost_uploads WHERE u_id='$user_info[u_id]'");
$space_used = 0;
while($file = mysql_fetch_assoc($files)) {
$filesize = @filesize("../uploads/$file[filename]");
$space_used = $space_used + $filesize;
}
$space_used = $space_used + $file_size;

// SHOW ERROR IF OUT OF SPACE, OTHERWISE DO UPLOAD
if($space_used > $space_allowed) {
$errormsg = "<b>$uploads3</b>";
}
}

if(!isset($errormsg)) {
$nowdate = time();
$newfilename = "$user_info[username]_$file_name";
$path = "../uploads/$newfilename";

// FIRST, CHECK FOR AND DELETE ANY DUPLICATE ROWS IN bhost_uploads
$files = mysql_query("SELECT * FROM bhost_uploads WHERE u_id='$user_info[u_id]' AND filename='$newfilename'");
if(mysql_num_rows($files) != 0) {
mysql_query("DELETE FROM bhost_uploads WHERE u_id='$user_info[u_id]' AND filename='$newfilename'");
}

// UPLOAD FILE
if(move_uploaded_file($file_tempname, $path)) {
mysql_query("INSERT INTO bhost_uploads (u_id, filename, filesize, date) VALUES ('$user_info[u_id]', '$newfilename', '$file_size', '$nowdate')");

// GIVE FILE FULL PERMISSIONS
@chmod($path, 0777);

} else {
// FILE FAILED TO UPLOAD
$errormsg = "<b>$uploads4 $path</b>";
}
}

$task = "main";
}







if($task == "delete") {
$f_id = $_GET['f_id'];

if($f_id == "") { exit(); }

// CHECK THAT THIS USER OWNS THIS file
$files = mysql_query("SELECT * FROM bhost_uploads WHERE u_id='$user_info[u_id]' AND f_id='$f_id'");
if(mysql_num_rows($files) == 0) { exit(); }
$file_info = mysql_fetch_assoc($files);

// DELETE file FILE FIRST
if(unlink("../uploads/$file_info[filename]")) {

// NOW DELETE ITS MYSQL ROW
mysql_query("DELETE FROM bhost_uploads WHERE u_id='$user_info[u_id]' AND f_id='$f_id'");

} else {
$errormsg = "<b>$uploads5</b>";
}

$task = "main";
}








if($task == "handlemulti") {
$submit = $_POST['submit'];

// IF POSTING MULTIPLE FILES
if($submit == "$uploads28") {
$files = mysql_query("SELECT f_id, u_id, filename FROM bhost_uploads");
$insertstring = "add_entry.php?f_ids=";
$c = 0;
while($file = mysql_fetch_assoc($files)) {
$var = "handle_$file[f_id]";
  if(isset($_POST[$var])) {
    if($_POST[$var] == "yes") {
      $c++;
      if($c > 1) { $insertstring .= "_"; }
      $insertstring .= "$file[f_id]";
    }
  }
}
if($c > 20) {
$errormsg = "<b>$uploads29</b>";
$task = "main";
} else {
header("Location: $insertstring");
exit();
}}

// IF DELETING MULTIPLE FILES
if($submit == "$uploads24") {
$files = mysql_query("SELECT f_id, u_id, filename FROM bhost_uploads");
while($file = mysql_fetch_assoc($files)) {