folders.php

一款文件上传程序

<?php
define ( 'FOLDERS_PHP', 1 );
require_once 'includes/commons.inc.php';
require_once 'includes/messages_folders.inc.php';
$tpl_folders = new Template ( TPL_DIR .  '/tpl_folders.php' );
$tpl_error = new Template ( TPL_DIR .  '/tpl_error.php' );

// User directory and URL
$user_root = $UPL['SETTINGS']['userfiles_dir'] . $UPL['USER']['userid'] . '/';
$user_url  = $UPL['SETTINGS']['userfiles_url'] . $UPL['USER']['userid'] . '/';

// Check user's folder
if ( !is_dir ( $user_root ) )
{
	$tpl_message->set ( 'message', parse ( $lang_folders['folder_no_exists'], '{username}', $UPL['USER']['username'] ) );
	$tpl_uploader->setr ( 'content', $tpl_message, 1 );
	exit;
}

// get user folders
$user_contents = get_contents ( $user_root );
$user_files    =& $user_contents['files'];
$user_folders  =& $user_contents['dirs'];
$user_folders_count = count ( $user_folders );

$rebuild_array = false;
for ( $i = 0; $i < $user_folders_count; $i++ )
{
	if ( $user_folders[$i]['name'] == 'thumbs' )
	{
		unset ( $user_folders[$i] );
		$rebuild_array = true;
		continue;
	}
	if ( $user_folders[$i]['name'] == '<MAIN_FOLDER>' ) $user_folders[$i]['name'] = $lang_misc['main_folder'];
	$user_folders[$i] = array_merge ( $user_folders[$i], get_folder_info ( $user_root . $user_folders[$i]['path'] ) );
	$user_folders[$i]['is_selected'] = false;
	$user_folders[$i]['folder_url'] = 'myfiles.php' . ( $user_folders[$i]['path'] != '' ? '?folder=' . path_encode ( $user_folders[$i]['path'] ) : '' );
	$user_folders[$i]['edit_url'] 	= 'folders.php?action=edit' . ( $user_folders[$i]['path'] != '' ? '&amp;folder=' . path_encode ( $user_folders[$i]['path'] ) : '' );
	$user_folders[$i]['delete_url'] = 'folders.php?action=delete&amp;folder=' . path_encode ( $user_folders[$i]['path'] );
	$user_folders[$i]['path'] = path_encode ( $user_folders[$i]['path'] );
	$user_folders[$i]['size'] = get_size ( $user_folders[$i]['size'], 'B', 1 );
	$user_folders[$i]['tog_public_url'] = 'folders.php?action=togpublic&amp;folder=' . path_encode ( $user_folders[$i]['path'] );
}
if ( $rebuild_array ) $user_folders = array_values ( $user_folders );
$user_folders_count = count ( $user_folders );

// main folder stats
$mf_size = 0;
$mf_files =& $user_contents['files']['<MAIN_FOLDER>'];
$mf_files_cnt = count ( $mf_files );
for ( $i = 0; $i < $mf_files_cnt; $i++ ) $mf_size += $mf_files[$i]['size'];
$main_folder = array ( 'folder_url'=> 'myfiles.php', 'edit_url'	=> 'folders.php?action=edit', 'files' => count ( $user_contents['files']['<MAIN_FOLDER>'] ), 'size'	=> get_size ( $mf_size, 'B', 1 ) );

// to template
$tpl_folders->set ( 'action', $action );
$tpl_folders->set ( 'user_folders', $user_folders );

// wut doing?
switch ( $action )
{
	case 'togpublic':
	{
		$folder = path_decode ( gpc ( 'folder', 'G' ) );
		if ( !is_dir ( $user_root . '/' . $folder ) || !check_path ( $user_root, $user_root . '/' . $folder ) )
		{
			exit;
		}
		$folder_info = get_folder_info ( $user_root . '/' . $folder );
		$folder_info['is_public'] = (int)!$folder_info['is_public'];
		set_folder_info ( $user_root . '/' . $folder, $folder_info );
		$has_public = has_public_folders ( $user_root ) ? 1 : 0;
		if ( !$mysqlDB->query ( "UPDATE uploader_users SET fl_has_public={$has_public} WHERE userid={$UPL['USER']['userid']} LIMIT 1;" ) ) exit ( $mysqlDB->error() );
		print 'OK';
	}
	break;

	case 'update_description':
	{
		header('Cache-control: max-age=0');
		header('Expires: '.gmdate('D, d M Y H:i:s \G\M\T',time()-2592000));
		$description = trim ( gpc ( 'description', 'G', '' ) );
		$folder = gpc ( 'folder', 'G', '' );
		if ( is_dir ( $user_root . $folder ) && check_path ( $user_root, $user_root . $folder ) )
		{
			$folder_info = get_folder_info ( $user_root . $folder );
			$folder_info['description'] = substr ( $description, 0, 255 );
			set_folder_info ( $user_root . $folder, $folder_info );
			print 'OK';
		}
		else
		{
			print 'FAILED';
		}
	}
	break;

	case 'edit':
	{
		if ( $task == 'edit' )
		{
			// get folder info
			$folder_path = path_decode ( gpc ( 'folder_path', 'P', '' ) );
			$folder_name = gpc ( 'folder_name', 'P', '' );
			$folder_public = (bool)gpc ( 'folder_public', 'P', 0 );
			$folder_description = trim ( gpc ( 'folder_description', 'P', '' ) );

			// check it
			if ( !is_dir ( $user_root . $folder_path ) || !check_path ( $user_root, $user_root . $folder_path ) )
			{
				exit ( SECURITY_ERROR );
			}
			$folder_info = get_folder_info ( $user_root . $folder_path );

			// check for folder change
			if ( $folder_path != '' && basename ( $folder_path ) != $folder_name )
			{
				// change name
				$new_folder_path = dir_name ( $folder_path ) . '/' . $folder_name;

				// check for errors
				if ( $folder_name == '' ) $error = $lang_folders['folder_no_name'];
				elseif ( strlen ( $folder_name ) > $UPL['CONFIGS']['FOLDER_MAX_LEN'] ) $error = parse ( $lang_folders['folder_long_name'], '{length}', $UPL['CONFIGS']['FOLDER_MAX_LEN'] );
				elseif ( strlen ( $folder_name ) < $UPL['CONFIGS']['FOLDER_MIN_LEN'] ) $error = parse ( $lang_folders['folder_short_name'], '{length}', $UPL['CONFIGS']['FOLDER_MIN_LEN'] );
				elseif ( count ( $UPL['CONFIGS']['RESERVED_FOLDERNAMES'] ) && in_array ( strtolower ( $folder_name ), $UPL['CONFIGS']['RESERVED_FOLDERNAMES'] ) ) $error = parse ( $lang_folders['folder_name_reserved'], '{folder}', $folder_name );
				elseif ( preg_match ( '#[^a-z0-9_\s]#i', $folder_name ) ) $error = $lang_folders['folder_bad_char'];
				elseif ( file_exists ( $user_root . '/' . $new_folder_path ) ) $error = $lang_folders['folder_exists'];
				elseif ( !@rename ( $user_root . '/' . $folder_path, $user_root . '/' . $new_folder_path ) ) $error = 'Internal error, rename() failed.';
				else $error = 'none';

				if ( $error != 'none' )
				{
					// show error messages
					$tpl_error->set ( 'error', $error );
					$tpl_folders->set ( 'error', $tpl_error );
					$tpl_folders->set ( 'folder_path', rawurlencode ( $folder_path ) );
					$tpl_folders->set ( 'folder_name', htmlentities ( $folder_name ) );
					$tpl_folders->set ( 'folder_public', $folder_info['is_public'] );
					$tpl_folders->set ( 'folder_description', $folder_info['description'] );
					exit ( $tpl_uploader->setr ( 'content', $tpl_folders, 1 ) );
				}
				$folder_path = $new_folder_path;
				clear_contents_cache ( $user_root );
			}
			$folder_info['is_public'] = $folder_public;
			$folder_info['description'] = substr ( $folder_description, 0, 200 );
			set_folder_info ( $user_root . $folder_path, $folder_info );
			$has_public = has_public_folders ( $user_root ) ? 1 : 0;
			if ( !$mysqlDB->query ( "UPDATE uploader_users SET fl_has_public={$has_public} WHERE userid={$UPL['USER']['userid']} LIMIT 1;" ) ) exit ( $mysqlDB->error() );
			go_to ( 'folders.php' );
		}
		else
		{
			// get folder name from the URL
			$folder = trim ( gpc ( 'folder', 'G', '' ) );
			// check it
			if ( !is_dir ( $user_root . '/' . $folder ) || !check_path ($user_root, $user_root . $folder ) )
			{
				$tpl_message->set ( 'message', parse ( $lang_folders['folder_invalid'], '{folder}', $folder ) );
				exit ( $tpl_uploader->setr ( 'content', $tpl_message, 1 ) );
			}
			$folder_info = get_folder_info ( $user_root . $folder );
			$tpl_folders->set ( 'folder_path', rawurlencode ( $folder ) );
			$tpl_folders->set ( 'folder_name', htmlentities ( basename ( $folder ) ) );
			$tpl_folders->set ( 'folder_public', $folder_info['is_public'] );
			$tpl_folders->set ( 'folder_description', $folder_info['description'] );
			$tpl_uploader->setr ( 'content', $tpl_folders, 1 );
		}
	}
	break;

	case 'delete':
	{
		$folder = trim ( gpc ( 'folder', 'G', '' ), ' ./' );
		$folder_path = $user_root . '/' . $folder;
		if ( $folder != '' && is_dir ( $folder_path ) && check_path ( $user_root, $folder_path ) )
		{
			if ( is_folder_empty ( $folder_path ) )
			{
				delete_dir ( $folder_path );
				clear_contents_cache ( $user_root );
				$has_public = has_public_folders ( $user_root ) ? 1 : 0;
				$mysqlDB->query ( "UPDATE uploader_users SET fl_has_public={$has_public} WHERE userid={$UPL['USER']['userid']} LIMIT 1;" );
				go_to ( 'folders.php' );
			}
			else
			{
				$tpl_message->set ( 'message', $lang_folders['folder_cant_delete'] );
				$tpl_message->set ( 'back_url', 'folders.php' );
				$tpl_uploader->set ( 'page_title', $lang_misc['error'] );
				$tpl_uploader->set ( 'content', $tpl_message, 1 );

			}
		}
	}
	break;

	case 'create':
	{
		// init
		$user_folders =& $user_contents['dirs'];
		$folder_name = trim ( gpc ( 'new_folder_name', 'P', '' ) );
		$folder_public = (bool)gpc ( 'folder_public', 'P', 0 );
		$folder_gallery = (bool)gpc ( 'folder_gallery', 'P', 0 );
		$folder_description = trim ( gpc ( 'folder_description', 'P', '' ) );

		// permission to create?
		$create_perm = $UPL['USER']['fl_allow_folders'];
		$create_max =  $UPL['USER']['fl_max_folders'];

		if ( !$create_perm || ( ( $create_max > 0 ) && count ( $user_folders ) > $create_max ) )
		{
			if ( !$create_perm ) $tpl_message->set ( 'message', $lang_folders['folder_no_perm_create'] );
			else $tpl_message->set ( 'message', $lang_folders['folder_limit'] );
			$tpl_message->set ( 'back_url', 'folders.php' );
			$tpl_uploader->setr ( 'content', $tpl_message, 1 );
			exit;
		}

		// do create
		if ( $task == 'create' )
		{
			$create_in = path_decode ( gpc ( 'create_in', 'P', '' ) );
			if ( strstr ( $create_in, '../' ) ) exit ( SECURITY_ERROR );
			// select the folder
			for ( $i = 0; $i < $user_folders_count; $i++ )
			{
				$user_folders[$i]['is_selected'] = ( path_decode ( $user_folders[$i]['path'] ) == $create_in );
			}
			// create check
			if ( $folder_name == '' ) $error = $lang_folders['folder_no_name'];
			elseif ( preg_match ( '#[^a-z0-9_\s]|\s{2,}#i', $folder_name ) ) $error = $lang_folders['folder_bad_char'];
			elseif ( strlen ( $folder_name ) > $UPL['CONFIGS']['FOLDER_MAX_LEN'] ) $error = parse ( $lang_folders['folder_long_name'], '{length}', $UPL['CONFIGS']['FOLDER_MAX_LEN'] );
			elseif ( strlen ( $folder_name ) < $UPL['CONFIGS']['FOLDER_MIN_LEN'] ) $error = parse ( $lang_folders['folder_short_name'], '{length}', $UPL['CONFIGS']['FOLDER_MIN_LEN'] );
			elseif ( count ( $UPL['CONFIGS']['RESERVED_FOLDERNAMES'] ) && in_array ( strtolower ( $folder_name ), $UPL['CONFIGS']['RESERVED_FOLDERNAMES'] ) ) $error = parse ( $lang_folders['folder_name_reserved'], '{folder}', $folder_name );
			elseif ( file_exists ( $user_root . $create_in . '/' . $folder_name ) ) $error = $lang_folders['folder_exists'];
			else $error = 'none';

			// create
			if ( $error == 'none' )
			{
				$new_folder_path = $user_root . $create_in . '/' . $folder_name;

				if ( !make_dir ( $new_folder_path, $UPL['CONFIGS']['CHMOD_TO'] ) ) exit ( 'Internal error: mkdir failed in folders.php on line ' . __LINE__ );

				if ( $folder_gallery && !make_dir ( $new_folder_path . '/thumbs', $UPL['CONFIGS']['CHMOD_TO'] ) ) exit ( 'Internal error: mkdir filed in folders.php on line ' . __LINE__ );

				$folder_info = array
				(
					'is_public'	=> $folder_public,
					'is_gallery' => $folder_gallery,
					'description' => substr ( $folder_description, 0, 200 )
				);
				set_folder_info ( $new_folder_path, $folder_info );
				clear_contents_cache ( $user_root );
				$has_public = has_public_folders ( $user_root ) ? 1 : 0;
				if ( !$mysqlDB->query ( "UPDATE uploader_users SET fl_has_public={$has_public} WHERE userid={$UPL['USER']['userid']} LIMIT 1;" ) ) exit ( $mysqlDB->error() );
				go_to ( 'folders.php' );
			}
			else
			{
				$tpl_folders->set ( 'user_folders', $user_folders );
				$tpl_folders->set ( 'folder_name', htmlentities ( $folder_name ) );
				$tpl_error->set ( 'error', $error );
				$tpl_folders->set ( 'error', $tpl_error );
				$tpl_uploader->setr ( 'content', $tpl_folders, 1 );
				exit;
			}
		}
		else
		{
			$tpl_folders->set ( 'folder_name', '' );
			$tpl_uploader->setr ( 'content', $tpl_folders, 1 );
		}
	}
	break;

	default:
	{
		$tpl_folders->set ( 'main_folder', $main_folder );
		$tpl_uploader->setr ( 'content', $tpl_folders );
		$tpl_uploader->set ( 'page_title', $lang_titles['mf_fld_title2'], 1 );
	}
}
?>