Location: PHPKode > projects > @1 File Store > upload.php
<?
$Mustlogin=1|2|4;
require_once("libs/header.php");

if(!$CurUser->can_upload())
{
 $smarty->assign("message", "cannot");
 $smarty->display("message.tpl");
 exit();
}
if(isset($_GET["action"]) && $_GET["action"]=="done")
{
 $smarty->assign("message", "upload");
 $smarty->display("message.tpl");
 exit();
}
//get folderid
$folderid="";
if($_SERVER["REQUEST_METHOD"]=="POST")
{
 if(isset($_POST["folder"]))
 {
  $folderid=$_POST["folder"];
 }
}else
 {
  if(isset($_GET["folder"]))
  {
   $folderid=$_GET["folder"];
  }
 }
if($folderid=="")
{
 exit("Bad request");
}
$userlevel=$CurUser->getlevel();
$check=check_folder($mysql, $folderid, $userlevel);
if(is_array($check))
{
 $smarty->assign("folder", $check);
}else
 {
  $smarty->assign("message", $check);
  $smarty->display("message.tpl");
  exit();
 }
if($check["admin_only"]=="Y" && $userlevel>0)
{
 $smarty->assign("message", "admin_only");
 $smarty->display("message.tpl");
 exit();
}
//form
$form=array(
	"method"=>"POST",
	"action"=>"upload.php",
	"message"=>"",
	"enctype"=>"multipart/form-data",
	"errorcount"=>0,
	"fields"=>$UPLOAD_FORM,
	"submit"=>$lang['upload2'],
	"hidden_fields"=>array("folder"=>$folderid)
);
$userform=new UserForms($form["fields"]);
if($_SERVER["REQUEST_METHOD"]==$form["method"])
{
 $userform->load($form["fields"], $_POST);
 $form["fields"]["filename"]["value"]=$_FILES["filename"]["name"]; // Fixed by niotech: changing all $HTTP_POST_FILE ==> $_FILES. Use php version >= 4.10
 $form["errorcount"]=$userform->check($form["fields"]);

// Validate all inputs
// Added by SepedaTua on June 01, 2006 - http://www.sepedatua.info/
/********************** SepedaTua ****************************/

/* Fields:
$form["fields"]["filename"]["value"]
$form["fields"]["descript"]["value"]
*/
$search = array ('@<script[^>]*?>.*?</script>@si',
                '@<[\/\!]*?[^<>]*?>@si',
                '@([\r\n])[\s]+@',
                '@&(quot|#34);@i',
                '@&(amp|#38);@i',
                '@&(lt|#60);@i',
                '@&(gt|#62);@i');

$replace = array ('',
                 '',
                 '\1',
                 '"',
                 '&',
                 '<',
                 '>');

$ffilename = $form["fields"]["filename"]["value"];
$fdescript = $form["fields"]["descript"]["value"];

$form["fields"]["filename"]["value"] = preg_replace($search, $replace, $form["fields"]["filename"]["value"]);
$form["fields"]["descript"]["value"] = preg_replace($search, $replace, $form["fields"]["descript"]["value"]);

if ($ffilename!=$form["fields"]["filename"]["value"] or $fdescript!=$form["fields"]["descript"]["value"]) { exit("Bad Request"); }
//if ($ffilename!=$form["fields"]["filename"]["value"]) { exit("Bad Request"); }

/************************ eod ******************************/


 $size=$_FILES["filename"]["size"];
 if($size>$upload_config["max_size"])
 {
  $form["errorcount"]++;
  $form["message"].="Large file";
 }
 $type=strtolower($_FILES["filename"]["name"]);
 $type=substr($type, strrpos($type, ".")+1);
 if($_FILES["filename"]["error"] || $_FILES["filename"]["size"]==0)
 {
  $form["errorcount"]++;
  $form["message"].= $lang['php_ini'];
 }
 if(!in_array($type, $upload_config["ext"]))
 {
  $form["errorcount"]++;
  $form["message"].=$lang['type_not_allowed'];
 }
 $name=strval(time())."u".$CurUser->getid().".dat";
 if($form["errorcount"]==0) {
  if($userlevel==-1 || $userlevel==0 || (defined("PUBLIC_APPROVED") &&  PUBLIC_APPROVED==0))
  {
   $conf="Y";
  }else
   {
    $conf="N";
   }
  $SQL="INSERT INTO `".DB_PREFIX."file_list` SET ".$userform->sql($form["fields"]);
  $SQL.=", `filesize`='".$size."', `user_id`='".$CurUser->getid()."'";
  $SQL.=", `folder_id`='".$folderid."', `dateadd`=NOW(), `file_type`='".$type."'";
  $SQL.=", `download`='".$name."', `confirm`='".$conf."'";
 
  if(!$mysql->query($SQL))
  {
   exit($mysql->error);
  }
  move_uploaded_file($_FILES["filename"]["tmp_name"], UPLOAD_DIR.$name);
  
  // *start**************************************************************************
  // -- send email notification to users who subscribe -- added by niotech
  if((defined("PUBLIC_APPROVED")) &&  ((PUBLIC_APPROVED==0) || (PUBLIC_APPROVED==1 && ($userlevel==-1 || $userlevel==0)))){
  	$smarty_subscription=new Smarty;

	$smarty_subscription->template_dir=$RootDir."templates";
	$smarty_subscription->compile_dir=$RootDir."templates_c";	
		
	//----------[build breadcrumbs]--------------	
	$breadcrumbs = "<a href=\"main.php?\">".$lang['index']."</a>";
	function currentLocationA( $fid ){
		global $smarty_subscription, $breadcrumbs ;
		
		$SQL = mysql_query("SELECT folder_name, id, parent FROM fstore_folders WHERE id=$fid ");
		$row = mysql_fetch_array( $SQL );
		if( $row['parent'] == 0 )
			$location = "  >>  <a href=\"folder.php?id={$row['id']}\">{$row['folder_name']}</a>";
		else
		{
			$location = "  >>  <a href=\"folder.php?id={$row['id']}\">{$row['folder_name']}</a>";
			currentLocationA( $row['parent'] );
		}
		$breadcrumbs .= $location ;
	}
		
	//---------------[end build breadcrumbs]---------------
	$file_id=mysql_insert_id($mysql->connect); // get last id created (file id) last active mysql connection
	
	$table_suffix="file_list";
	$SQL="SELECT filename,download,folder_id,descript,file_type,user_id,filesize,dateadd FROM `".DB_PREFIX.$table_suffix."` WHERE `".DB_PREFIX.$table_suffix."`.id=$file_id";
	if(!$mysql->query($SQL)) {
		exit($mysql->error);
	}
	
	// create file signature (md5)
	if(!($f=fopen(UPLOAD_DIR.$name,"r"))){
		exit("Failed reading uploaded file");
	}
  
	$buff=fread($f,$mysql->field("filesize"));
	fclose($f);
	$sig=md5($buff);
	
	// create direct download link
	$ddl=$site_config["SITE_URL"]; 
	if(substr($ddl,strlen($ddl)-1,1)!="/")
		$ddl.="/";
	$ddl.="download.php?id=".$file_id."&sig=".$sig;
	
	currentLocationA( $mysql->field("folder_id") );
	$smarty_subscription->assign("siteurl", $site_config["SITE_URL"]);	
	$smarty_subscription->assign("breadcrumbs", $breadcrumbs);
	$smarty_subscription->assign("filedescription", $mysql->field("descript"));
	$smarty_subscription->assign("uploaddate", $mysql->field("dateadd"));	
	$smarty_subscription->assign("filesize", $mysql->field("filesize"));
	$smarty_subscription->assign("filetype", $mysql->field("file_type"));
	$smarty_subscription->assign("ddl", $ddl);
	
	$table_suffix="users";
	$SQL="SELECT real_name,login,level FROM `".DB_PREFIX.$table_suffix."` WHERE `".DB_PREFIX.$table_suffix."`.id=".$mysql->field("user_id");	
	if(!$mysql->query($SQL)) {
		exit($mysql->error);
	}	
	$smarty_subscription->assign("uploader", $mysql->field("real_name"));
	$smarty_subscription->assign("uploaderlogin", $mysql->field("login"));	
	$email_content=$smarty_subscription->fetch("subscription_email.tpl");
		
	// grab users email
	$SQL="SELECT `".DB_PREFIX."users`.email FROM `".DB_PREFIX."users`,`".DB_PREFIX."access_list`,`".DB_PREFIX."file_list` WHERE `".DB_PREFIX."file_list`.id=$file_id AND `".DB_PREFIX."users`.subscription='Y' AND `".DB_PREFIX."file_list`.folder_id=`".DB_PREFIX."access_list`.folder_id AND `".DB_PREFIX."access_list`.group_id=`".DB_PREFIX."users`.level ORDER BY `".DB_PREFIX."users`.id ";
	
	if(!$mysql->query($SQL)) {
		exit($mysql->error);
	}
	$email_list=array();
	while(!$mysql->EOF) {
		$email_list[]=$mysql->arr[0];
		$mysql->movenext();
	}	
	
	// email users email
	if(count($email_list)){
		$bodycontent=SUBSCRIPTION_EMAIL_ADDITIONAL_HEADER.$email_content.SUBSCRIPTION_EMAIL_ADDITIONAL_FOOTER;
		foreach($email_list as $email){			
			mail(trim($email), SUBSCRIPTION_EMAIL_SUBJECT, $bodycontent, "From:".SUBSCRIPTION_EMAIL_ADMIN_EMAIL); 
		}
	}
	
	// grab admins/subadmins email
	$SQL="SELECT `".DB_PREFIX."users`.email FROM `".DB_PREFIX."users` WHERE `".DB_PREFIX."users`.subscription='Y' AND `".DB_PREFIX."users`.level<1 ORDER BY `".DB_PREFIX."users`.id ";
	
	if(!$mysql->query($SQL)) {
		exit($mysql->error);
	}
	$email_list=array();
	while(!$mysql->EOF) {
		$email_list[]=$mysql->arr[0];
		$mysql->movenext();
	}	
		
	// email admins/subadmins
	if(count($email_list)){
		$bodycontent=SUBSCRIPTION_EMAIL_ADDITIONAL_HEADER.$email_content.SUBSCRIPTION_EMAIL_ADDITIONAL_FOOTER;
		foreach($email_list as $email){			
			mail(trim($email), SUBSCRIPTION_EMAIL_SUBJECT, $bodycontent, "From:".SUBSCRIPTION_EMAIL_ADMIN_EMAIL); 
		}
	}
  }
  // *end**************************************************************************
  
	$mffid = $folderid;
	$fpath = " Index /";
	function currentLocation( $fid ) {
		global $smarty, $fpath ;
		$SQL = mysql_query("SELECT folder_name, id, parent FROM fstore_folders WHERE id=$fid ");
		$row = mysql_fetch_array( $SQL );
		if( $row['parent'] == 0 ) 
			$location = " {$row['folder_name']} /";
		else {
			$location = " {$row['folder_name']} /";
			currentLocation( $row['parent'] );
		}
		$fpath .= $location ;
	}
	currentLocation( $mffid );

  $log->log("U", $CurUser->getid(), $fpath.' '.$_FILES["filename"]["name"]);
  if($conf=="N")
  {

      $MAIL=sprintf($NEW_FILE, $form["fields"]["filename"]["value"],
      			       $form["fields"]["descript"]["value"],
      			       $folderid
      		   );
      send_to_admin($mysql, "New file on site", $MAIL);
  Header("Location:upload.php?action=done");
  }else
   {
    Header("Location:folder.php?id=".$folderid);
   }
  exit();
 }
}

//$smarty->debugging=true;
$smarty->assign("form", $form);
$smarty->display("upload.tpl");
?>
Return current item: @1 File Store