} elseif (!$field['unchangeable'] || !$member[$field_key]) {
$fieldadd[] = "{$field_key}='" . dhtmlspecialchars($field_val) . "'";
}
}
$memberfieldsql = implode(', ', $fieldadd);
} elseif ($typeid == 4) {
if ($maxsigsize) {
if (strlen($signaturenew) > $maxsigsize) {
showmessage('profile_sig_toolong');
}
} else {
$signaturenew = '';
}
$avataradd = $avatar = '';
$avatarimagesize = array();
if ($allowavatar == 3 && disuploadedfile($_FILES['customavatar']['tmp_name']) && $_FILES['customavatar']['tmp_name'] != 'none' && $_FILES['customavatar']['tmp_name'] && trim($_FILES['customavatar']['name'])) {
$_FILES['customavatar']['name'] = daddslashes($_FILES['customavatar']['name']);
$avatarext = strtolower(fileext($_FILES['customavatar']['name']));
if (is_array($avatarextarray) && !in_array($avatarext, $avatarextarray)) {
showmessage('profile_avatar_invalid');
}
$avatar = 'customavatars/' . $discuz_uid . '.' . $avatarext;
$avatartarget = DISCUZ_ROOT . './' . $avatar;
if (!@copy($_FILES['customavatar']['tmp_name'], $avatartarget)) {
@move_uploaded_file($_FILES['customavatar']['tmp_name'], $avatartarget);
}
$avatarimagesize = @getimagesize($avatartarget);
if (!$avatarimagesize || $maxavatarsize && @filesize($avatartarget) > $maxavatarsize) {
@unlink($avatartarget);
showmessage($avatarimagesize ? 'profile_avatar_toobig' : 'profile_avatar_invalid');
}
function attach_upload($varname = 'attach', $multi = 0)
{
global $db, $tablepre, $extension, $typemaxsize, $allowsetattachperm, $attachperm, $maxprice, $attachprice, $attachdesc, $attachsave, $attachdir, $thumbstatus, $thumbwidth, $thumbheight, $maxattachsize, $maxsizeperday, $maxattachnum, $attachextensions, $watermarkstatus, $watermarktype, $watermarktrans, $watermarkquality, $watermarktext, $_FILES, $discuz_uid, $imageexists;
$attachments = $attacharray = array();
$imageexists = 0;
static $safeext = array('jpg', 'jpeg', 'gif', 'png', 'swf', 'bmp', 'txt', 'zip', 'rar', 'doc', 'mp3');
static $imgext = array('jpg', 'jpeg', 'gif', 'png', 'bmp');
if ($multi) {
if (isset($_FILES[$varname]) && is_array($_FILES[$varname])) {
foreach ($_FILES[$varname] as $key => $var) {
foreach ($var as $id => $val) {
$attachments[$id][$key] = $val;
}
}
}
} else {
$attachments[0] = $_FILES[$varname];
}
if (empty($attachments)) {
return FALSE;
}
$allowuploadnum = count($attachments);
if ($maxattachnum) {
$allowuploadnum = $maxattachnum - $db->result_first("SELECT count(*) FROM {$tablepre}attachments WHERE uid='{$GLOBALS['discuz_uid']}' AND dateline>'{$GLOBALS['timestamp']}'-86400");
$allowuploadnum = $allowuploadnum < 0 ? 0 : $allowuploadnum;
}
foreach ($attachments as $key => $attach) {
$attach_saved = false;
$attach['uid'] = $discuz_uid;
if ($allowuploadnum == 0 || !disuploadedfile($attach['tmp_name']) || !($attach['tmp_name'] != 'none' && $attach['tmp_name'] && $attach['name'])) {
continue;
}
$filename = daddslashes($attach['name']);
$attach['ext'] = strtolower(fileext($attach['name']));
$extension = in_array($attach['ext'], $safeext) ? $attach['ext'] : 'attach';
if (in_array($attach['ext'], $imgext)) {
$attach['isimage'] = $attach['isimage'] ? $attach['isimage'] : 1;
$imageexists = 1;
} else {
$attach['isimage'] = 0;
}
$attach['thumb'] = 0;
$attach['name'] = htmlspecialchars($attach['name'], ENT_QUOTES);
if (strlen($attach['name']) > 90) {
$attach['name'] = 'abbr_' . md5($attach['name']) . '.' . $attach['ext'];
}
if ($attachextensions && (!preg_match("/(^|\\s|,)" . preg_quote($attach['ext'], '/') . "(\$|\\s|,)/i", $attachextensions) || !$attach['ext'])) {
if ($multi) {
upload_error('post_attachment_ext_notallowed', $attacharray);
} else {
return 1;
}
}
if (empty($attach['size'])) {
if ($multi) {
upload_error('post_attachment_size_invalid', $attacharray);
} else {
return 2;
}
}
if ($maxattachsize && $attach['size'] > $maxattachsize) {
if ($multi) {
upload_error('post_attachment_toobig', $attacharray);
} else {
return 3;
}
}
if ($type = $db->fetch_first("SELECT maxsize FROM {$tablepre}attachtypes WHERE extension='" . addslashes($attach['ext']) . "'")) {
if ($type['maxsize'] == 0) {
if ($multi) {
upload_error('post_attachment_ext_notallowed', $attacharray);
} else {
return 4;
}
} elseif ($attach['size'] > $type['maxsize']) {
require_once DISCUZ_ROOT . './include/attachment.func.php';
$typemaxsize = sizecount($type['maxsize']);
if ($multi) {
upload_error('post_attachment_type_toobig', $attacharray);
} else {
return 5;
}
}
}
if ($attach['size'] && $maxsizeperday) {
if (!isset($todaysize)) {
$todaysize = intval($db->result_first("SELECT SUM(filesize) FROM {$tablepre}attachments\r\n\t\t\t\t\tWHERE uid='{$GLOBALS['discuz_uid']}' AND dateline>'{$GLOBALS['timestamp']}'-86400"));
}
$todaysize += $attach['size'];
if ($todaysize >= $maxsizeperday) {
$maxsizeperday = $maxsizeperday / 1048576 >= 1 ? round($maxsizeperday / 1048576, 1) . 'MB' : round($maxsizeperday / 1024) . 'KB';
if ($multi) {
upload_error('post_attachment_quota_exceed', $attacharray);
} else {
return 6;
}
}
}
if ($attachsave) {
if ($multi) {
switch ($attachsave) {
case 1:
$attach_subdir = 'forumid_' . $GLOBALS['fid'];
break;
case 2:
$attach_subdir = 'ext_' . $extension;
break;
case 3:
$attach_subdir = 'month_' . date('ym');
break;
case 4:
$attach_subdir = 'day_' . date('ymd');
break;
}
} else {
$attach_subdir = 'swfupload';
}
$attach_dir = $attachdir . '/' . $attach_subdir;
if (!is_dir($attach_dir)) {
@mkdir($attach_dir, 0777);
@fclose(fopen($attach_dir . '/index.htm', 'w'));
}
$attach['attachment'] = $attach_subdir . '/';
} else {
$attach['attachment'] = '';
}
$attach['attachment'] .= preg_replace("/(php|phtml|php3|php4|jsp|exe|dll|asp|cer|asa|shtml|shtm|aspx|asax|cgi|fcgi|pl)(\\.|\$)/i", "_\\1\\2", date('ymdHi') . substr(md5($filename . microtime() . random(6)), 8, 16) . '.' . $extension);
$target = $attachdir . '/' . $attach['attachment'];
if (@copy($attach['tmp_name'], $target) || function_exists('move_uploaded_file') && @move_uploaded_file($attach['tmp_name'], $target)) {
@unlink($attach['tmp_name']);
$attach_saved = true;
}
if (!$attach_saved && @is_readable($attach['tmp_name'])) {
@($fp = fopen($attach['tmp_name'], 'rb'));
@flock($fp, 2);
@($attachedfile = fread($fp, $attach['size']));
@fclose($fp);
@($fp = fopen($target, 'wb'));
@flock($fp, 2);
if (@fwrite($fp, $attachedfile)) {
@unlink($attach['tmp_name']);
$attach_saved = true;
}
@fclose($fp);
}
if ($attach_saved) {
@chmod($target, 0644);
$width = $height = $type = 0;
if ($attach['isimage'] || $attach['ext'] == 'swf') {
$imagesize = @getimagesize($target);
list($width, $height, $type) = (array) $imagesize;
$size = $width * $height;
if ($size > 16777216 || $size < 4 || empty($type) || $attach['isimage'] && !in_array($type, array(1, 2, 3, 6, 13))) {
@unlink($target);
if ($multi) {
upload_error('post_attachment_image_checkerror', $attacharray);
} else {
return 7;
}
}
}
if ($attach['isimage'] && ($thumbstatus || $watermarkstatus)) {
require_once DISCUZ_ROOT . './include/image.class.php';
$image = new Image($target, $attach);
if ($image->imagecreatefromfunc && $image->imagefunc) {
$image->Thumb($thumbwidth, $thumbheight);
$multi && $image->Watermark();
$attach = $image->attach;
}
}
$attach['width'] = 0;
if ($attach['isimage'] || $attach['ext'] == 'swf') {
$imagesize = @getimagesize($target);
list($width) = (array) $imagesize;
$attach['width'] = $width;
}
$attach['remote'] = $multi ? ftpupload($target, $attach) : 0;
$attach['perm'] = $allowsetattachperm ? intval($attachperm[$key]) : 0;
$attach['description'] = cutstr(dhtmlspecialchars($attachdesc[$key]), 100);
$attach['price'] = $maxprice ? intval($attachprice[$key]) <= $maxprice ? intval($attachprice[$key]) : $maxprice : 0;
$attacharray[$key] = $attach;
$allowuploadnum--;
} else {
if ($multi) {
upload_error('post_attachment_save_error', $attacharray);
} else {
return 8;
}
}
}
return !empty($attacharray) ? $attacharray : false;
}
// --------------------------------------------------------------//
// 本程序主页:http://www.sablog.net
// ==============================================================//
if (!defined('SABLOG_ROOT') || !isset($php_self) || !preg_match("/[\\/\\\\]cp\\.php\$/", $php_self)) {
exit('Access Denied');
}
permission(array(1, 2));
$max_upload_size = max_upload_size();
$max_upload_size_unit = sizecount($max_upload_size);
$attachments = $attach_data = array();
if ($uploadmode == 'swf') {
if (isset($_FILES["Filedata"]) && is_array($_FILES["Filedata"])) {
$attach = $_FILES["Filedata"];
}
$gd_version = gd_version();
if (disuploadedfile($attach['tmp_name']) || !($attach['tmp_name'] != 'none' && $attach['tmp_name'] && $attach['name'])) {
$attach['name'] = strtolower($attach['name']);
$attach['ext'] = getextension($attach['name']);
$attach['type'] = mime_content_type($attach['name']);
$fnamehash = md5(uniqid(microtime()));
$attachsubdir = '/date_' . sadate('Ym') . '/';
// 取得附件目录的绝对路径
$attach_dir = SABLOG_ROOT . $options['attachments_dir'] . $attachsubdir;
if (!is_dir($attach_dir)) {
mkdir($attach_dir, 0777);
@chmod($attach_dir, 0777);
fclose(fopen($attach_dir . 'index.htm', 'w'));
}
// 判断上传的类型
// path变量为管理目录相对路径,后台操作用
// filepath变量为跟目录相对路径,前台读取用
