uploads.php

一个全功能的国外博客商业程序

$var = "handle_$file[f_id]";
  if(isset($_POST[$var])) {
    if($_POST[$var] == "yes") {
      if(unlink("../uploads/$file[filename]")) {
       mysql_query("DELETE FROM bhost_uploads WHERE u_id='$user_info[u_id]' AND f_id='$file[f_id]'");
      }
    }
  }
}
$task = "main";
}


}








if($task == "rename") {
$f_id = $_GET['f_id'];

if($f_id == "") { exit(); }

// CHECK THAT THIS USER OWNS THIS file
$files = mysql_query("SELECT * FROM bhost_uploads WHERE u_id='$user_info[u_id]' AND f_id='$f_id'");
if(mysql_num_rows($files) == 0) { exit(); }
$file_info = mysql_fetch_assoc($files);
$filename_stripped = str_replace("$user_info[username]_", "", $file_info[filename]);

$ext = strrchr($filename_stripped, ".");
$ext = str_replace(".", "", $ext);

$filename_stripped = str_replace(".$ext", "", $filename_stripped);

echo $head;
echo "
<h2>$uploads6</h2>
$uploads7
<br><br>
<table cellpadding='0' cellspacing='0'>
<form action='uploads.php' method='POST'>
<tr>
<td>
<b>$user_info[username]_</b>
<input type='text' class='text' name='newfilename' size='20' value='$filename_stripped'>
<b>.$ext</b>
</td>
</tr>
</table>
<br>
<input type='submit' name='submit' class='button' value='$uploads8'>
<input type='submit' name='submit' class='button' value='$uploads9'>
<input type='hidden' name='task' value='dorename'>
<input type='hidden' name='f_id' value='$f_id'>
<input type='hidden' name='ext' value='$ext'>
<input type='hidden' name='s' value='$s'>
</form>
";
echo $foot;
exit();
}






if($task == "dorename") {
$f_id = $_POST['f_id'];
$ext = $_POST['ext'];
$newfilename = "$user_info[username]_$_POST[newfilename].$ext";
$submit = $_POST['submit'];

if($submit == "$uploads9") {
header("Location: uploads.php");
exit();
}

if($f_id == "") { exit(); }

// CHECK THAT THIS USER OWNS THIS file
$files = mysql_query("SELECT * FROM bhost_uploads WHERE u_id='$user_info[u_id]' AND f_id='$f_id'");
if(mysql_num_rows($files) == 0) { exit(); }
$file_info = mysql_fetch_assoc($files);

// REPLACE SPACES, STRIP OTHER BAD CHARS
$newfilename = str_replace(" ", "_", $newfilename);
$newfilename = str_replace("?", "", $newfilename);
$newfilename = str_replace("&", "", $newfilename);
$newfilename = str_replace("=", "", $newfilename);
$newfilename = str_replace("#", "", $newfilename);
$newfilename = str_replace("%", "", $newfilename);
$newfilename = str_replace("'", "", $newfilename);
$newfilename = str_replace("\"", "", $newfilename);
$newfilename = stripslashes($newfilename);

// RENAME FILE FIRST, UPDATE DATABASE IF SUCCESSFUL
if(rename("../uploads/$file_info[filename]", "../uploads/$newfilename")) {

// NOW RENAME FILE IN MYSQL ROW
mysql_query("UPDATE bhost_uploads SET filename='$newfilename' WHERE u_id='$user_info[u_id]' AND f_id='$f_id'");

} else {
$errormsg = "<b>$uploads10</b>";
}

$task = "main";
}






if($task == "main") {
echo $head;

$files = mysql_query("SELECT * FROM bhost_uploads WHERE u_id='$user_info[u_id]'");

// CALCULATE SPACE ALLOWED
$space_allowed = $group_info[uploads_space];
if($space_allowed >= 1024) { 
$space_allowed = $space_allowed / 1024;
$space_allowed = round($space_allowed, 2); 
$unit2 = "MB"; 
} else { 
$space_allowed = round($space_allowed, 0); 
$unit2 = "KB"; 
}

// CALCULATE SPACE USED
$space_used = 0;
while($file = mysql_fetch_assoc($files)) {
$filesize = @filesize("../uploads/$file[filename]");
$space_used = $space_used + $filesize;
}

$space_used = $space_used / 1024;

if($unit2 == "MB") {
$space_used = $space_used / 1024;
$space_used = round($space_used, 2);
$unit1 = "MB";
} elseif($unit2 == "KB") {
$space_used = round($space_used, 0);
$unit1 = "KB";
}

if($space_used >= $space_allowed) {
$redfont1 = "<font color='#FF0000'>";
$redfont2 = "</font>";
}



// GET EXTENSION LIST
$ext_list = str_replace(",", ", ", $group_info[uploads_extensions]);

echo "
<h2>$uploads11</h2>
$uploads12
<br>$uploads13 <i>$ext_list</i>
<br>$uploads14 $redfont1<b>$space_used $unit1 </b>/<b> $space_allowed $unit2</b>$redfont2
<br><br>

<table cellpadding='0' cellspacing='0'>
<form action='uploads.php' method='POST' name='uploadform' onSubmit='doupload()' enctype='multipart/form-data'>
<tr>
<td NOWRAP>$uploads15&nbsp;</td>
<td><input type='file' name='file' size='50'>&nbsp;</td>
<td><input type='submit' value='$uploads16' name='submit'></td>
<td><input type='text' name='status' class='status' READONLY></td>
</tr>
<input type='hidden' name='task' value='doupload'>
<input type='hidden' name='MAX_FILE_SIZE' value='5000000'>
</form>
</table>

<br>

<script language='JavaScript'> 
<!--
var checkboxcount = 1;
function doCheckAll() {
if(checkboxcount == 0) {
with (document.filesform) {
for (var i=0; i < elements.length; i++) {
if (elements[i].type == 'checkbox') {
elements[i].checked = false;
}}
checkboxcount = checkboxcount + 1;
window.document.filesform.check.alt='$index7';
}
} else
with (document.filesform) {
for (var i=0; i < elements.length; i++) {
if (elements[i].type == 'checkbox') {
elements[i].checked = true;
}}
checkboxcount = checkboxcount - 1;
window.document.filesform.check.alt='$index18';
}}

function changeAlt(imgObj,newAlt){
imgObj.alt = newAlt;
}

function doupload() {
document.uploadform.submit.disabled = true;
document.uploadform.status.value = \"$uploads17\";
window.setTimeout(\"doMsg1()\", 400);
}

function doMsg1() {
document.uploadform.status.value  = document.uploadform.status.value + '.';
if(document.uploadform.status.value == '$uploads17....') { document.uploadform.status.value = '$uploads17'; }
window.setTimeout(\"doMsg1()\", 400);
}

// -->
</SCRIPT>
";


if(isset($errormsg) AND $errormsg != "") {
echo "
$errormsg<br><br>
";
}



$files = mysql_query("SELECT * FROM bhost_uploads WHERE u_id='$user_info[u_id]' ORDER BY $sort");

$count = 0;
while($file = mysql_fetch_assoc($files)) {
$fileurl = "../uploads/$file[filename]";
if(file_exists($fileurl)) {
$count++;

if($count == 1) {
echo "
<table cellpadding='0' cellspacing='0'>
<form action='uploads.php' method='POST' name='filesform'>
<tr>
<td width='1%' class='header2' style='padding-bottom: 5px;'><a href='javascript:doCheckAll()'><img src='../images/check.gif' id='check' border='0'></a></td>
<td width='96%' class='header2' NOWRAP><a href='uploads.php?s=$t' title='Sort By Title'>$uploads18</a></td>
<td width='1%' class='header2' NOWRAP><a href='uploads.php?s=$f' title='Sort By Size'>$uploads19</a></td>
<td width='1%' class='header2' NOWRAP><a href='uploads.php?s=$d' title='Sort By Date'>$uploads20</a></td>
<td width='1%' class='header'>$uploads21</td>
</tr>
";
}

if($count % 2) { $c = "2"; } else { $c = "1"; }
$date = cdate("n/j/y g:i A", timezone($file[date]));

// GET FILESIZE IN BYTES
$filesize = $file[filesize];

if($filesize < 1024) { 
$filesize = round(($filesize / 1024), 2);
$unit = "KB";
} elseif($filesize >= 1048576) { 
$filesize = round((($filesize / 1024) / 1024), 2);
$unit = "MB";
} else {
$filesize = round(($filesize / 1024), 0);
$unit = "KB";
}

$ext = strrchr($file[filename], ".");
$ext = strtolower(str_replace(".", "", $ext));

if($ext == "jpg" OR $ext == "jpeg") { $icon = "uploads_jpg.gif"; }
elseif($ext == "gif" OR $ext == "png") { $icon = "uploads_gif.gif"; }
elseif($ext == "mpg" OR $ext == "mov" OR $ext == "avi" OR $ext == "wmv" OR $ext == "divx" OR $ext == "mpeg" OR $ext == "swf" OR $ext == "wav" OR $ext == "mp3" OR $ext == "mp4") { $icon = "uploads_media.gif"; }
elseif($ext == "pdf") { $icon = "uploads_pdf.gif"; }
elseif($ext == "doc" OR $ext == "rtf") { $icon = "uploads_doc.gif"; }
elseif($ext == "zip" OR $ext == "rar") { $icon = "uploads_zip.gif"; }
elseif($ext == "txt" OR $ext == "html" OR $ext == "htm") { $icon = "uploads_txt.gif"; }
else { $icon = "uploads_file.gif"; }

$icon = "../images/$icon";

echo "
<tr>
<td class='list"."$c"."a' style='padding: 3px;'><input type='checkbox' name='handle_$file[f_id]' value='yes'></td>
<td class='list"."$c"."a'><a href='$fileurl' target='_blank'><img src='$icon' border='0' style='vertical-align: middle;'></a> <a href='$fileurl' target='_blank'>$file[filename]</a></td>
<td class='list"."$c"."a' NOWRAP>$filesize $unit</td>
<td class='list"."$c"."a' NOWRAP>$date</td>
<td class='list"."$c"."b' NOWRAP><a href='add_entry.php?f_ids=$file[f_id]'>$uploads26</a> <font class='gray'>|</font> <a href='uploads.php?task=rename&f_id=$file[f_id]&s=$s'>$uploads22</a> <font class='gray'>|</font> <a href='uploads.php?task=delete&f_id=$file[f_id]&s=$s'>$uploads23</a></td>
</tr>
";
}
}

if($count != 0) { 
echo "
</table>
<br>
<input type='submit' name='submit' class='button' value='$uploads28'>
<input type='submit' name='submit' class='button' value='$uploads24'>
<input type='hidden' name='task' value='handlemulti'>
<input type='hidden' name='s' value='$s'>
</form>
"; 
}

if(mysql_num_rows($files) == 0 OR $count == 0) {
echo "
<table cellpadding='0' cellspacing='0'>
<tr>
<td class='empty' colspan='4'>
$uploads25
</td>
</tr>
</table>
";
}




echo $foot;
}

?>