Location: PHPKode > projects > @1 File Store > confirm.php
<?
$MustLogin=2|4;
require_once("libs/header.php");
if(isset($_GET["folder"]) && $_GET["folder"]!="") {
 $folder=$_GET["folder"];
} else {
  exit("Bad Request");
 }
if(isset($_GET["id"]) && $_GET["id"]!="") {
 $id=$_GET["id"];
} else {
  exit("Bad Request");
 }

// Validate all inputs
// Added by SepedaTua on June 01, 2006 - http://www.sepedatua.info/
/********************** SepedaTua ****************************/

/* Fields:
$folder
$id
*/
$search = array ('@<script[^>]*?>.*?</script>@si',
                '@<[\/\!]*?[^<>]*?>@si',
                '@([\r\n])[\s]+@',
                '@&(quot|#34);@i',
                '@&(amp|#38);@i',
                '@&(lt|#60);@i',
                '@&(gt|#62);@i',
                '@&(nbsp|#160);@i',
                '@&(iexcl|#161);@i',
                '@&(cent|#162);@i',
                '@&(pound|#163);@i',
                '@&(copy|#169);@i',
                '@&#(\d+);@e');

$replace = array ('',
                 '',
                 '\1',
                 '"',
                 '&',
                 '<',
                 '>',
                 ' ',
                 chr(161),
                 chr(162),
                 chr(163),
                 chr(169),
                 'chr(\1)');

$ffolder = $folder;
$fid = $id;

$folder = preg_replace($search, $replace, $folder);
$id = preg_replace($search, $replace, $id);

if ($ffolder!=$folder or $fid!=$id) { exit("Bad Request"); }

/************************ eod ******************************/

$SQL="SELECT `".DB_PREFIX."users`.*, `".DB_PREFIX."file_list`.`filename`, `".DB_PREFIX."file_list`.`descript` ";
$SQL.=" FROM `".DB_PREFIX."file_list` LEFT JOIN `".DB_PREFIX."users` ON `".DB_PREFIX."file_list`.`user_id`=`".DB_PREFIX."users`.`id`";
$SQL.=" WHERE `".DB_PREFIX."file_list`.`id`='".$id."'";
if(!$mysql->query($SQL))
{
 exit($mysql->error);
}
if($mysql->num<=0)
{
 exit("Record not found");
}
$MAIL=sprintf($APP_FILE, $mysql->field("filename"), $mysql->field("descript"));
$email=$mysql->field("email");

$SQL="UPDATE `".DB_PREFIX."file_list` SET `confirm`='Y' WHERE `id`='".$id."'";
if(!$mysql->query($SQL))
{
 exit($mysql->error);
}
mail($email, "File accept", $MAIL, "From:".ADMIN_EMAIL);

// *start**************************************************************************
  // -- send email notification to users who subscribe -- added by niotech
  if((defined("PUBLIC_APPROVED")) &&  PUBLIC_APPROVED==1){
  	$smarty_subscription=new Smarty;

	$smarty_subscription->template_dir=$RootDir."templates";
	$smarty_subscription->compile_dir=$RootDir."templates_c";	
		
	//----------[build breadcrumbs]--------------	
	$breadcrumbs = "<a href=\"main.php?\">Index</a>";
	function currentLocationA( $fid ){
		global $smarty_subscription, $breadcrumbs ;
		
		$SQL = mysql_query("SELECT folder_name, id, parent FROM fstore_folders WHERE id=$fid ");
		$row = mysql_fetch_array( $SQL );
		if( $row['parent'] == 0 )
			$location = "  >>  <a href=\"folder.php?id={$row['id']}\">{$row['folder_name']}</a>";
		else
		{
			$location = "  >>  <a href=\"folder.php?id={$row['id']}\">{$row['folder_name']}</a>";
			currentLocationA( $row['parent'] );
		}
		$breadcrumbs .= $location ;
	}
		
	//---------------[end build breadcrumbs]---------------
	$file_id=$id;
	
	$table_suffix="file_list";
	$SQL="SELECT filename,download,folder_id,descript,file_type,user_id,filesize,dateadd FROM `".DB_PREFIX.$table_suffix."` WHERE `".DB_PREFIX.$table_suffix."`.id=$file_id";
	if(!$mysql->query($SQL)) {
		exit($mysql->error);
	}
	
	// create file signature (md5)
	if(!($f=fopen(UPLOAD_DIR.$mysql->field("download"),"r"))){
		exit("Failed reading uploaded file");
	}
  
	$buff=fread($f,$mysql->field("filesize"));
	fclose($f);
	$sig=md5($buff);
	
	// create direct download link
	$ddl=$site_config["SITE_URL"]; 
	if(substr($ddl,strlen($ddl)-1,1)!="/")
		$ddl.="/";
	$ddl.="download.php?id=".$file_id."&sig=".$sig;
	
	currentLocationA( $mysql->field("folder_id") );
	$smarty_subscription->assign("siteurl", $site_config["SITE_URL"]);	
	$smarty_subscription->assign("breadcrumbs", $breadcrumbs);
	$smarty_subscription->assign("filedescription", $mysql->field("descript"));
	$smarty_subscription->assign("uploaddate", $mysql->field("dateadd"));	
	$smarty_subscription->assign("filesize", $mysql->field("filesize"));
	$smarty_subscription->assign("filetype", $mysql->field("file_type"));
	$smarty_subscription->assign("ddl", $ddl);
	
	$table_suffix="users";
	$SQL="SELECT real_name,login,level FROM `".DB_PREFIX.$table_suffix."` WHERE `".DB_PREFIX.$table_suffix."`.id=".$mysql->field("user_id");	
	if(!$mysql->query($SQL)) {
		exit($mysql->error);
	}	
	$smarty_subscription->assign("uploader", $mysql->field("real_name"));
	$smarty_subscription->assign("uploaderlogin", $mysql->field("login"));	
	$email_content=$smarty_subscription->fetch("subscription_email.tpl");

	// grab users email
	if($mysql->field("level")==0 || $mysql->field("level")==-1){
		$SQL="SELECT `".DB_PREFIX."users`.email FROM `".DB_PREFIX."users` WHERE `".DB_PREFIX."users`.level=-1 OR `".DB_PREFIX."users`.level=0 ";
	}else{
		$SQL="SELECT `".DB_PREFIX."users`.email FROM `".DB_PREFIX."users`,`".DB_PREFIX."access_list`,`".DB_PREFIX."file_list` WHERE `".DB_PREFIX."file_list`.id=$file_id AND `".DB_PREFIX."users`.subscription='Y' AND `".DB_PREFIX."file_list`.folder_id=`".DB_PREFIX."access_list`.folder_id AND `".DB_PREFIX."access_list`.group_id=`".DB_PREFIX."users`.level ORDER BY `".DB_PREFIX."users`.id ";
	}
	if(!$mysql->query($SQL)) {
		exit($mysql->error);
	}
	$email_list=array();
	while(!$mysql->EOF) {
		$email_list[]=$mysql->arr[0];
		$mysql->movenext();
	}
		
	// email users
	if(count($email_list)){
		$bodycontent=SUBSCRIPTION_EMAIL_ADDITIONAL_HEADER.$email_content.SUBSCRIPTION_EMAIL_ADDITIONAL_FOOTER;
		foreach($email_list as $email){			
			mail(trim($email), SUBSCRIPTION_EMAIL_SUBJECT, $bodycontent, "From:".SUBSCRIPTION_EMAIL_ADMIN_EMAIL); 
		}
	}
	
	// grab admins/subadmins email
	$SQL="SELECT `".DB_PREFIX."users`.email FROM `".DB_PREFIX."users` WHERE `".DB_PREFIX."users`.subscription='Y' AND `".DB_PREFIX."users`.level<1 ORDER BY `".DB_PREFIX."users`.id ";
	
	if(!$mysql->query($SQL)) {
		exit($mysql->error);
	}
	$email_list=array();
	while(!$mysql->EOF) {
		$email_list[]=$mysql->arr[0];
		$mysql->movenext();
	}	
		
	// email admins/subadmins
	if(count($email_list)){
		$bodycontent=SUBSCRIPTION_EMAIL_ADDITIONAL_HEADER.$email_content.SUBSCRIPTION_EMAIL_ADDITIONAL_FOOTER;
		foreach($email_list as $email){			
			mail(trim($email), SUBSCRIPTION_EMAIL_SUBJECT, $bodycontent, "From:".SUBSCRIPTION_EMAIL_ADMIN_EMAIL); 
		}
	}
  }
  // *end**************************************************************************

if (isset($_GET['frm']) and $_GET['frm']=='pending') {
	Header("Location:pf.php");
	exit();
} else {
	Header("Location:folder.php?id=".$folder);
	exit();
}
?>
Return current item: @1 File Store