📄 ok.php
字号:
<?php
$MAX_SIZE = 20000000;
$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'
,'image/png','application/msword');
$FILE_EXTS = array('.torrent');
//是否允许删除已上传的文件? no, 如果只允许上传。
$DELETABLE = no;
//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
// 如果对代码不精通,请不要修改以下代码。
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/************************************************************
* 设置变量
************************************************************/
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";
/************************************************************
* 创建上传目录
************************************************************/
if (!is_dir("files")) {
if (!mkdir($upload_dir))
die ("upload_files directory doesn't exist and creation failed");
if (!chmod($upload_dir,0755))
die ("change permission to 755 failed.");
}
/************************************************************
* 用户请求进程
************************************************************/
if ($_REQUEST[del] && $DELETABLE) {
$resource = fopen("log.txt","a");
fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
fclose($resource);
if (strpos($_REQUEST[del],"/.")>0); //可能遭到攻击
else if (strpos($_REQUEST[del],"files/") === false); //可能遭到攻击
else if (substr($_REQUEST[del],0,6)=="files/") {
unlink($_REQUEST[del]);
print "<script>window.location.href='$url_this?message=deleted successfully'</script>";
}
}
else if ($_FILES['userfile']) {
$resource = fopen("log.txt","a");
fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
.$_FILES['userfile']['name']." "
.$_FILES['userfile']['type']."\n");
fclose($resource);
$file_type = $_FILES['userfile']['type'];
$file_name = $_FILES['userfile']['name'];
$file_ext = substr($file_name,strrpos($file_name,"."));
//文件大小检查
if ( $_FILES['userfile']['size'] > $MAX_SIZE)
$message = "The file size is over 2MB.";
//文件类型/扩展名检查
else if (!in_array($file_type, $FILE_MIMES)
&& !in_array($file_ext, $FILE_EXTS) )
$message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
else
$message = do_upload($upload_dir, $upload_url);
print "<script>window.location.href='$url_this?message=$message'</script>";
}
else if (!$_FILES['userfile']);
else
$message = "Invalid File Specified.";
/************************************************************
* 列出文件
************************************************************/
function do_upload($upload_dir, $upload_url) {
$temp_name = $_FILES['userfile']['tmp_name'];
$file_name = date("ymdhis").".torrent";
$file_path = $upload_dir.$file_name;
//文件名字检查
if ( $file_name =="") {
$message = "Invalid File Name Specified";
return $message;
}
$result = move_uploaded_file($temp_name, $file_path);
if (!chmod($file_path,0755))
$message = "change permission to 755 failed.";
else
$message = ($result)?"/$file_path" :
"Somthing is wrong with uploading a file.";
return $message;
}
//list.php article子目录中
require "lib.php";
$db = db_connect();
global $db;
if ($fl == "1")
{
$fl = "3gp连续剧";
}
if ($fl == "2")
{
$fl = "3gp电影";
}
if ($fl == "3")
{
$fl = "3gp动漫";
}
if ($fl == "4")
{
$fl = "其他";
}
if ($title != "")
{
//String_dowith, text_dowith分别调用了以前的函数
$title = string_dowith($title);
$content = text_dowith($content);
$importtime = date("Y-m-d H:i:s");
$click = 1;
//将文章写入数据库表
$sql = "insert into article ";
$sql = $sql."(title,content,importtime,writer,click,parent,adda,fl)";
$sql = $sql." values('$title','$content','$importtime','$writer','$click','$parent','$message','$fl')";
$result = mysql_query($sql, $db) or db_error();
}
?>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=1.php"> ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -