📄 upload.inc.php
字号:
<?php
##
# Project: PHPDisk
# This is NOT a freeware, use is subject to license terms.
#
# Site: http://www.phpdisk.com
#
# $Id: upload.inc.php 242 2009-03-08 15:30:19Z along $
#
# Copyright (C) 2008-2009 PHPDisk Team. All Rights Reserved.
#
##
if(!defined('IN_PHPDISK') || !defined('IN_MYDISK')) {
exit('[PHPDisk] Access Denied');
}
phpdisk_user();
define('SCRIPT_NAME',$item);
require_once lang(SCRIPT_NAME);
$lang = array_merge($pub_lang,$lang);
require_once PHPDISK_ROOT.'includes/zip.class.php';
require_once PHPDISK_ROOT.'includes/upload.func.php';
switch($action){
case 'index':
$group_set = $group_settings[$pd_gid];
$upload_max = get_byte_value(ini_get('upload_max_filesize'));
$post_max = get_byte_value(ini_get('post_max_size'));
$settings_max = $settings['max_file_size'] ? get_byte_value($settings['max_file_size']) : 0;
$max_php_file_size = min($upload_max, $post_max);
$max_file_size_byte = ($settings_max && $settings_max <= $max_php_file_size) ? $settings_max : $max_php_file_size;
if($group_set['max_filesize']){
$group_set_max_file_size = get_byte_value($group_set['max_filesize']);
$max_file_size_byte = ($group_set_max_file_size >=$max_file_size_byte) ? $max_file_size_byte : $group_set_max_file_size;
}
$max_user_file_size = get_size($max_file_size_byte,'B',0);
if($task == 'doupload'){
if($p_formhash != formhash()){
exit($lang['system_error']);
}
$folder_id = (int)gpc('folder_id','P',0);
$make_link = (int)gpc('make_link','P',0);
$extract_zip_files = (int)gpc('extract_zip_files','P',0);
$can_upload = true;
$errmsg = array();
$q = $db->query("select file_size from pd_files where userid='$pd_uid'");
while($rs = $db->fetch_array($q)){
$file_size_total += $rs['file_size'];
}
$db->free($q);
unset($rs);
if($group_set['max_storage'] && $file_size_total >= get_byte_value($group_set['max_storage'])){
$can_upload = false;
$errmsg[] = $lang['user_storage_exceeded'];
}
$rs = $db->fetch_one_array("select count(*) as total from pd_files where userid='$pd_uid'");
if($group_set['max_files'] && $rs['total'] >= $group_set['max_files']){
$can_upload = false;
$errmsg[] = $lang['user_files_exceeded'];
}
$rs = $db->fetch_one_array("select disk_id from pd_folders where folder_id='$folder_id'");
$disk_id = $rs['disk_id'] ? $rs['disk_id'] : 0;
$per_folder = 1000;
$folder_index = 0;
$rs = $db->fetch_one_array("select all_upload_num from pd_users where userid='$pd_uid'");
if($rs['all_upload_num'] >0){
$folder_index = floor($rs['all_upload_num']/$per_folder);
}
$user_dir = PHPDISK_ROOT.$settings['file_path'].'/'.$pd_uid.'/';
$v_user_dir = $settings['file_path'].'/'.$pd_uid;
$user_dir0 = $user_dir.$folder_index.'/';
$v_user_dir0 = $v_user_dir.'/'.$folder_index.'/';
if(!is_dir($user_dir)){
mkdir($user_dir ,0777);
write_file($user_dir.'index.htm','PHPDisk');
}
if(!is_dir($user_dir0)){
mkdir($user_dir0 ,0777);
write_file($user_dir0.'index.htm','PHPDisk');
}
if(isset($_POST) && isset($_FILES) && is_array($_FILES)){
while(list($name , $file) = each($_FILES)){
if(($file['name'] == 'batch.zip' || $extract_zip_files) && is_zip($file['tmp_name'])){
process_zip_file($file['tmp_name']);
unset($_FILES[$name]);
@unlink($file['tmp_name']);
}
}
reset ($_FILES);
$insert_num = 0;
while(list($name,$file) = each($_FILES)){
switch($file['error']){
case 0 :
$can_upload = true;
break;
case 1 :
$can_upload = false;
$errmsg[] = '<span class="txtred">'.$file['name'].' => '.$lang['upload_failure'].': '.$lang['exceed_php_max_size'].'</span>';
break;
case 2 :
$can_upload = false;
$errmsg[] = '<span class="txtred">'.$file['name'].' => '.$lang['upload_failure'].': '.$lang['exceed_form_max_size'].'</span>';
break;
case 3 :
$can_upload = false;
$errmsg[] = '<span class="txtred">'.$file['name'].' => '.$lang['upload_failure'].': '.$lang['partial_upload'].'</span>';
break;
}
if($file['size'] > $max_file_size_byte){
$can_upload = false;
$errmsg[] = '<span class="txtred">'.$file['name'].' => '.$lang['upload_failure'].': '.$lang['upload_file_exceed_max'].'</span>';
}
if($can_upload && $file['name'] != '' && $file['size'] >0 ){
$file_extension = $db->escape(get_extension($file['name']));
$esp = strlen($file_extension)+1;
if($file_extension){
$file_name = $db->escape(substr($file['name'],0,strlen($file['name'])-$esp));
}else{
$file_name = $db->escape($file['name']);
}
$file_key = random(8);
$file_mime = strtolower($db->escape($file['type']));
$mime_arr = array('image/gif','image/png','image/bmp','image/jpeg','image/pjpeg','image/tiff');
$extension_arr = array('gif','png','jpeg','jpg','jpe','bmp','tif','tiff');
if(in_array($file_extension,$extension_arr) || in_array($file_mime,$mime_arr)){
$is_image = 1;
}else{
$is_image = 0;
}
$file_real_name = md5(uniqid(mt_rand(),true).microtime());
$real_file = $user_dir0.$file_real_name;
if(upload_file($file['tmp_name'],$real_file)){
$error = false;
$sysmsg[] = '<span class="txtgreen">'.$file['name'].' -> '.$lang['upload_success'].'</span>';
$ins_str .= "('$file_name','$file_key','','$file_extension','$is_image','$file_mime','$folder_index','$file_real_name','".filesize($real_file)."','$timestamp','$pd_uid','$folder_id','$disk_id'),";
$insert_num++;
if($make_link){
$link_array[] = array(
'file_key' => $file_key,
'file_real_name' => $file_real_name,
);
}
}
}
@unlink ($file['tmp_name']);
} if(!$error && $ins_str){
$ins_str = substr($ins_str,0,-1);
$sql = "insert into pd_files(file_name,file_key,file_description,file_extension,is_image,file_mime,folder_index,file_real_name,file_size,file_time,userid,folder_id,disk_id) values $ins_str";
$db->query($sql);
$db->query_unbuffered("update pd_users set all_upload_num=all_upload_num+$insert_num where userid='$pd_uid'");
}
$sysmsg = array_merge($sysmsg,$errmsg);
if($make_link){
if(count($link_array) >0){
foreach($link_array as $k => $v){
$rs = $db->fetch_one_array("select file_id,file_name,file_key,file_extension from pd_files where file_real_name='".$v['file_real_name']."' and file_key='".$v['file_key']."' and userid='$pd_uid'");
if($rs){
$tmp_ext = $rs['file_extension'] ? '.'.$rs['file_extension'] : "";
$rs['file_name'] = $rs['file_name'].$tmp_ext;
$upl_array[] = array(
'file_name' => $rs['file_name'],
'file_link' => $settings['phpdisk_url'].urr("viewfile","file_id=".$rs['file_id']."&file_key=".$rs['file_key'].""),
);
}
unset($rs);
}
}
$action = 'get_link_code';
require_once template(SCRIPT_NAME,TPL_NAME);
}else{
redirect(urr("mydisk","item=upload&action=index"),$sysmsg,3000);
}
}else{
$sysmsg[] = $lang['upload_error'];
redirect(urr("mydisk","item=upload&action=index"),$sysmsg);
}
}else{
$disk_id = (int)gpc('disk_id','G',0);
$folder_id = (int)gpc('folder_id','G',0);
$q = $db->query("select * from pd_disks where userid='$pd_uid' order by disk_id asc");
$disk_array = array();
while($rs = $db->fetch_array($q)){
$rs['disk_icon'] = $rs['in_share'] ? 'share_disk' : 'disk';
$disk_array[] = $rs;
}
$db->free($q);
unset($rs);
if($disk_id){
$q = $db->query("select * from pd_folders where userid='$pd_uid' and disk_id='$disk_id'");
$folders_array = array();
while($rs = $db->fetch_array($q)){
$rs['selected'] = ifselected($rs['folder_id'],$folder_id);
$folders_array[] = $rs;
}
$db->free($q);
unset($rs);
}
require_once template(SCRIPT_NAME,TPL_NAME);
}
break;
default:
$sysmsg[] = $lang['upload_file_too_big'];
redirect(urr("mydisk","item=upload&action=index"),$sysmsg);
}
?>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -