public.php

一款文件上传程序

<?php
define('UPLOAD_PHP',1);
define('NO_AUTH_CHECK',1);
require_once 'includes/commons.inc.php';
require_once 'includes/messages_upload.inc.php';

$db = new DB;
if ( !$db->open ( PUBLIC_SETTINGS ) ) exit ( 'Unable to load public settings ' . PUBLIC_SETTINGS );
$UPL['PUBLIC_SETTINGS'] = $db->all();
$db->close();

$public_dir = $UPL['PUBLIC_SETTINGS']['public_files_dir'];
$public_url = $UPL['PUBLIC_SETTINGS']['public_files_url'];
$uploader_view = $UPL['PUBLIC_SETTINGS']['uploader_view'];
$public_enabled = $UPL['PUBLIC_SETTINGS']['enabled'];

//$zip_enabled = function_exists ( 'zip_open' );
$zip_enabled = 1;

$tpl_upload = new Template ( TPL_DIR . 'tpl_public.php' );
$tpl_upload->set ( 'action', $action );

if ( $action == 'upload' )
{
	if ( !$public_enabled ) exit ( 'Public uploading not enabled' );
	require_once 'includes/functions_upload.inc.php';
	require_once 'includes/functions_img.inc.php';
	$upload = gpc ( 'upload', 'P', array ( ) );
	$upload_key = get_rand ( 10 );

	if ( !isset ( $upload['thumbnail_size'] ) ) $upload['thumbnail_size'] = 'no_thumbnail';

	$insert = array
	(
		'upload_id'			=> NULL,
		'upload_name'		=> isset ( $upload['name'] ) ? $mysqlDB->escape ( substr ( $upload['name'], 0, 64 ) ) : '',
		'upload_date'		=> time(),
		'upload_comments'	=> isset ( $upload['comments'] ) ? $mysqlDB->escape ( substr ( $upload['comments'], 0, 255 ) ) : '',
		'upload_key'		=> md5 ( $upload_key ),
		'upload_ip'			=> $_SERVER['REMOTE_ADDR']
	);
	if ( $mysqlDB->query ( 'INSERT INTO uploader_puploads SET ' . $mysqlDB->buildInsertStatement ( $insert ) ) )
	{
		$upload_id = $mysqlDB->getInsertId();
	}
	else exit ( $mysqlDB->error ( __LINE__, __FILE__ ) );

	// Files
	$uploaded = array();
	$errors = array();

	// Process batch zip files
	while ( list ( $name , $file ) = each ( $_FILES ) )
	{
		if ( ( $file['name'] == 'upload.zip' || $file['name'] == 'batch.zip' ) && is_zip ( $file['tmp_name'] ) )
		{
			process_zip_file ( $file['tmp_name'] );
			@unlink ( $file['tmp_name'] );
			unset ( $_FILES[$name] );
		}
	}
	reset ( $_FILES );

	while ( list ( $fname, $file ) = each ( $_FILES ) )
	{
		if ( !validate_public_uploaded_file ( $file, $errors, $uploaded ) )
		{
			if ( is_file ( $file['tmp_name'] ) )
			{
				@unlink ( $file['tmp_name'] );
			}
			continue;
		}

		// Generate unique name
		do
		{
			$uniq_name = str_replace ( '.', '', uniqid ( '', 1 ) ) . '.' . get_extension ( $file['name'] );
			clearstatcache();
		}
		while ( is_file ( $public_dir . $uniq_name ) );

		if ( rename ( $file['tmp_name'], $public_dir . $uniq_name ) )
		{
			$has_thumb = false;
			$is_image =  is_image ( $public_dir . $uniq_name );

			if ( $UPL['PUBLIC_SETTINGS']['allow_thumbnails'] && $is_image && $upload['thumbnail_size'] != 'no_thumbnail' )
			{
				switch ( $upload['thumbnail_size'] )
				{
					case 'small': list ( $thumb_width, $thumb_height ) = explode ( 'x', $UPL['PUBLIC_SETTINGS']['thumb_small'] ); break;
					case 'large': list ( $thumb_width, $thumb_height ) = explode ( 'x', $UPL['PUBLIC_SETTINGS']['thumb_large'] ); break;
					default: $thumb_width = 0;
				}
				if ( $thumb_width )
				{
					$has_thumb = img_resize ( $public_dir . $uniq_name, $public_dir . 'thumb_' . $uniq_name, $thumb_width, $thumb_height, $UPL['PUBLIC_SETTINGS']['thumb_border'] );
				}
			}

			// Add to database
			$insert = array
			(
				'file_id'		=> NULL,
				'file_name'		=> $mysqlDB->escape ( $file['name'] ),
				'file_rname'	=> $mysqlDB->escape ( $uniq_name ),
				'file_size'		=> (int)$file['size'],
				'file_views'	=> 0,
				'file_isimage'	=> $is_image,
				'file_hasthumb'	=> (int)$has_thumb,
				'upload_id'		=> $upload_id
			);
			if ( !$mysqlDB-> query ( 'INSERT INTO uploader_pfiles SET ' . $mysqlDB->buildInsertStatement ( $insert ) ) ) exit ( $mysqlDB->error ( __LINE__, __FILE__ ) );

			$uploaded[] = $file;
		}
		else exit ( 'Internal error: rename() failed on line ' . __LINE__ );
	}

	if ( count ( $uploaded ) )
	{
		$view_url = MOD_REWRITE ? implode ( '/', array ( 'pupload', 'view', $upload_id ) ) : $UPL['SETTINGS']['uploader_url'] . 'public.php?action=view&amp;upload_id=' . $upload_id;
		$manage_url = MOD_REWRITE ? implode ( '/', array ( 'pupload', 'manage', $upload_id, $upload_key ) ) : $UPL['SETTINGS']['uploader_url'] . 'public.php?action=manage&amp;key=' . $upload_key . '&amp;upload_id=' . $upload_id;
		$tpl_upload->set ( 'view_url', $view_url );
		$tpl_upload->set ( 'manage_url', $manage_url );
	}
	else
	{
		$mysqlDB->query ( "DELETE FROM uploader_puploads WHERE upload_id={$upload_id};" );
	}

	// done
	$tpl_upload->setr ( 'errors', $errors );
	$tpl_upload->setr ( 'uploaded', $uploaded );
	$tpl_upload->set ( 'action', 'uploaded' );
	$tpl_uploader->set ( 'content', $tpl_upload, 1 );
}
elseif ( $action == 'view' )
{
	$tpl_upload = new Template ( TPL_DIR . 'tpl_public_view.php' );
	$upload_id = abs ( (int)gpc ( 'upload_id', 'G', '' ) );
	$view_mode = gpc ( 'mode', 'G', 'gallery' );

	$mysqlDB->query ( "SELECT * FROM uploader_puploads WHERE upload_id={$upload_id} LIMIT 1;" );


	if ( $mysqlDB->getRowCount() )
	{
		$all = $mysqlDB->getAssoc();
		$mysqlDB->free();
		$upload['date'] = date ( $UPL['CONFIGS']['TIME_FORMAT'], $all['upload_date'] );
		$upload['comments'] = htmlentities ( $all['upload_comments'] );
		$upload['name'] = htmlentities ( $all['upload_name'] );

		$mysqlDB->query ( "SELECT * FROM uploader_pfiles WHERE upload_id={$upload_id};" );
		if ( $mysqlDB->getRowCount() )
		{
			while ( false !== ( $file = $mysqlDB->getAssoc ( ) ) )
			{
				$upload['files'][] = $file;
			}
		}
		else $upload['files'] = array ( );

		$files =& $upload['files'];
		$count = count ( $files );
		for ( $i = 0; $i < $count; ++$i )
		{
			$files[$i]['size'] = get_size ( $files[$i]['file_size'], 'B', 0 );
			$files[$i]['ext'] = get_extension ( $files[$i]['file_name'] );
			if ( $uploader_view && $files[$i]['file_isimage'] )
				$files[$i]['url'] = MOD_REWRITE ? ( ( $public_url . 'pview/' .$files[$i]['file_id'] ) . '/' . rawurlencode ( $files[$i]['file_name'] ) ) : $UPL['SETTINGS']['uploader_url'] . 'pview.php?fid=' . $files[$i]['file_id'] . '&amp;fname=' . $files[$i]['file_name'];
			else
				$files[$i]['url'] = MOD_REWRITE ? $public_url . $files[$i]['file_id'] . '/' . rawurlencode ( $files[$i]['file_name'] ) : $public_url . $files[$i]['file_rname'];
			$files[$i]['thumb_url'] = $files[$i]['file_hasthumb'] ? $public_url . 'thumb_' . $files[$i]['file_rname'] : '';
			$files[$i]['data_transferred'] = get_size ( $files[$i]['file_views'] * filesize ( $public_dir . $files[$i]['file_rname'] ), 'B', 1 );
		}

		$tpl_upload->set ( 'view_mode', $view_mode );
		$tpl_upload->setr ( 'upload', $upload );
		$tpl_upload->set ( 'action', 'view' );
		$tpl_uploader->set ( 'content', $tpl_upload, 1 );
	}
	else
	{
		$tpl_message->set ( 'message', 'Sorry, this upload ID is invalid. Perhaps it was deleted.' );
		$tpl_message->set ( 'back_url', 'public.php' );
		$tpl_uploader->set ( 'content', $tpl_message, 1 );
	}
}
elseif ( $action == 'browse' )
{
	$current_page = abs ( (int)gpc ( 'page', 'G', 1 ) );
	$per_page = 25;

	$mysqlDB->query ( "SELECT COUNT(file_id) as total_images FROM uploader_pfiles WHERE file_hasthumb=1 ORDER BY file_id;" );
	if ( $mysqlDB->getRowCount() )
	{
		$result = $mysqlDB->getAssoc();
		$total_images = $result['total_images'];
	}
	else $total_images = 0;

	$total_pages = ceil ( $total_images / $per_page );
	if ( $current_page < 1 ) $current_page = 1;
	elseif ( $current_page > $total_pages ) $current_page = $total_pages;

	$offset = ( $current_page - 1 ) * $per_page;
	$r=$mysqlDB->query ( "SELECT file_id, file_name, file_rname, file_size, file_hasthumb, file_isimage, file_views FROM uploader_pfiles WHERE file_hasthumb=1 ORDER BY file_id DESC LIMIT $offset, $per_page;" );
	$files = array ( );

	if ( $mysqlDB->getRowCount() )
	{
		$files = array ( );

		while ( false !== ( $file = $mysqlDB->getAssoc() ) )
		{
			$file['thumb_url'] = $file['file_hasthumb'] ? $public_url . 'thumb_' . $file['file_rname'] : '';
			$file['ext'] = get_extension ( $file['file_name'] );
			$file['size'] = get_size ( $file['file_size'], 'B', 0 );
			if ( $uploader_view && $file['file_isimage'] )
				$file['url'] = MOD_REWRITE ? ( ( $public_url . 'pview/' .$file['file_id'] ) . '/' . rawurlencode ( $file['file_name'] ) ) : $UPL['SETTINGS']['uploader_url'] . 'pview.php?fid=' . $file['file_id'] . '&amp;fname=' . $file['file_name'];
			else
				$file['url'] = MOD_REWRITE ? $public_url . $file['file_id'] . '/' . rawurlencode ( $file['file_name'] ) : $public_url . $file['file_rname'];
			$files [] = $file;
		}
		$mysqlDB->free();
	}

	$next_page_url = MOD_REWRITE ? ( UPLOADER_URL . 'pupload/browse/' . ( $current_page + 1 ) ) : 'public.php?action=browse&page=' . ( $current_page + 1 );
	$prev_page_url = MOD_REWRITE ? ( UPLOADER_URL . 'pupload/browse/' . ( $current_page - 1 ) ) : 'public.php?action=browse&page=' . ( $current_page - 1 );

	$tpl_upload = new Template ( TPL_DIR . 'tpl_public_browse.php' );
	$tpl_upload->set ( 'total_images', $total_images );
	$tpl_upload->set ( 'current_page', $current_page );
	$tpl_upload->set ( 'total_pages', $total_pages );
	$tpl_upload->set ( 'next_page_url', $next_page_url );
	$tpl_upload->set ( 'prev_page_url', $prev_page_url );
	$tpl_upload->setr ( 'files', $files );
	$tpl_uploader->set ( 'content', $tpl_upload, 1 );
}
else
{
	if ( !$public_enabled )
	{
		$tpl_message->set ( 'message', $lang_public['disabled'] );
		$tpl_uploader->set ( 'content', $tpl_message, 1 );
		exit;
	}
	$tpl_upload = new Template ( TPL_DIR . 'tpl_public_upload.php' );
	$files_count = 0;
	$mysqlDB->query ( "SELECT COUNT(file_id) AS files_count FROM uploader_pfiles;" );
	if ( $mysqlDB->getRowCount() )
	{
		$result = $mysqlDB->getAssoc();
		$files_count = $result['files_count'];
		$mysqlDB->free();
	}
	$tpl_upload->set ( 'browse_url', MOD_REWRITE ? 'pupload/browse' : 'public.php?action=browse' );
	$tpl_upload->set ( 'settings', $UPL['PUBLIC_SETTINGS'] );
	$tpl_upload->set ( 'files_count', $files_count );
	$tpl_uploader->set ( 'page_title', $lang_upload['ptitle1'] );
	$tpl_uploader->set ( 'content', $tpl_upload, 1 );
}
?>