static function getBannedType() { $userIP = getUsersIPAddress(); $db = Database::getDatabase(true); $row = $db->getRow('SELECT banType FROM banned_ips WHERE ipAddress = ' . $db->quote($userIP)); if (!is_array($row)) { return false; } return $row['banType']; }
static function create($username, $password, $email, $title, $firstname, $lastname, $accType = 'user') { $dbInsert = new DBObject("users", array("username", "password", "email", "title", "firstname", "lastname", "datecreated", "createdip", "status", "level", "paymentTracker")); $dbInsert->username = $username; $dbInsert->password = MD5($password); $dbInsert->email = $email; $dbInsert->title = $title; $dbInsert->firstname = $firstname; $dbInsert->lastname = $lastname; $dbInsert->datecreated = sqlDateTime(); $dbInsert->createdip = getUsersIPAddress(); $dbInsert->status = 'active'; $dbInsert->level = 'free user'; $dbInsert->paymentTracker = MD5(time() . $username); if ($dbInsert->insert()) { return $dbInsert; } return false; }
require_once 'includes/master.inc.php'; // setup page define("PAGE_NAME", t("report_abuse_page_name", "Report Abuse")); define("PAGE_DESCRIPTION", t("report_abuse_meta_description", "Report Abuse or Copyright Infringement")); define("PAGE_KEYWORDS", t("report_abuse_meta_keywords", "report, abuse, copyright, infringement, file, hosting")); // send report if submitted if ((int) $_REQUEST['submitme']) { if (!strlen(trim($_REQUEST['fileDetails']))) { setError(t("report_abuse_error_no_content", "Please enter the details of the reported file.")); } else { $subject = "New abuse report on " . SITE_CONFIG_SITE_NAME; $plainMsg = "There is a new abuse report on " . SITE_CONFIG_SITE_NAME . " with the following details:\n\n"; $plainMsg .= "***************************************\n"; $plainMsg .= trim($_REQUEST['fileDetails']) . "\n"; $plainMsg .= "***************************************\n"; $plainMsg .= "Submitted IP: " . getUsersIPAddress() . "\n"; $plainMsg .= "***************************************\n\n"; $plainMsg .= "Please login via " . WEB_ROOT . "/admin/ to investigate further."; send_html_mail(SITE_CONFIG_REPORT_ABUSE_EMAIL, $subject, str_replace("\n", "<br/>", $plainMsg), SITE_CONFIG_REPORT_ABUSE_EMAIL, $plainMsg); redirect(WEB_ROOT); } } require_once '_header.php'; ?> <div class="contentPageWrapper"> <?php if (isErrors()) { echo outputErrors(); }
private function handle_file_upload($uploaded_file, $name, $size, $type, $error) { $fileUpload = new stdClass(); $fileUpload->name = basename(stripslashes($name)); $fileUpload->size = intval($size); $fileUpload->type = $type; $fileUpload->error = null; $extension = end(explode(".", $fileUpload->name)); $fileUpload->error = $this->has_error($uploaded_file, $fileUpload, $error); if (!$fileUpload->error) { if (strlen(trim($fileUpload->name)) == 0) { $fileUpload->error = 'Filename not found.'; } } elseif (intval($size) == 0) { $fileUpload->error = 'File received has zero size.'; } elseif (intval($size) > $this->options['max_file_size']) { $fileUpload->error = 'File received is larger than permitted.'; } if (!$fileUpload->error && $fileUpload->name) { if ($fileUpload->name[0] === '.') { $fileUpload->name = substr($fileUpload->name, 1); } $newFilename = MD5(microtime()); // figure out upload type $file_size = 0; // select server from pool $uploadServerId = getAvailableServerId(); $db = Database::getDatabase(true); $uploadServerDetails = $db->getRow('SELECT * FROM file_server WHERE id = ' . $db->quote($uploadServerId)); // override storage path if (strlen($uploadServerDetails['storagePath'])) { $this->options['upload_dir'] = $uploadServerDetails['storagePath']; if (substr($this->options['upload_dir'], strlen($this->options['upload_dir']) - 1, 1) == '/') { $this->options['upload_dir'] = substr($this->options['upload_dir'], 0, strlen($this->options['upload_dir']) - 1); } $this->options['upload_dir'] .= '/'; } // move remotely via ftp if ($uploadServerDetails['serverType'] == 'remote') { // connect ftp $conn_id = ftp_connect($uploadServerDetails['ipAddress'], $uploadServerDetails['ftpPort'], 30); if ($conn_id === false) { $fileUpload->error = 'Could not connect to file server ' . $uploadServerDetails['ipAddress']; } // authenticate if (!$fileUpload->error) { $login_result = ftp_login($conn_id, $uploadServerDetails['ftpUsername'], $uploadServerDetails['ftpPassword']); if ($login_result === false) { $fileUpload->error = 'Could not authenticate with file server ' . $uploadServerDetails['ipAddress']; } } // create the upload folder if (!$fileUpload->error) { $uploadPathDir = $this->options['upload_dir'] . substr($newFilename, 0, 2); if (!ftp_mkdir($conn_id, $uploadPathDir)) { // Error reporting removed for now as it causes issues with existing folders. Need to add a check in before here // to see if the folder exists, then create if not. // $fileUpload->error = 'There was a problem creating the storage folder on '.$uploadServerDetails['ipAddress']; } } // upload via ftp if (!$fileUpload->error) { $file_path = $uploadPathDir . '/' . $newFilename; clearstatcache(); if ($uploaded_file && is_uploaded_file($uploaded_file)) { // initiate ftp $ret = ftp_nb_put($conn_id, $file_path, $uploaded_file, FTP_BINARY, FTP_AUTORESUME); while ($ret == FTP_MOREDATA) { // continue uploading $ret = ftp_nb_continue($conn_id); } if ($ret != FTP_FINISHED) { $fileUpload->error = 'There was a problem uploading the file to ' . $uploadServerDetails['ipAddress']; } else { $file_size = filesize($uploaded_file); @unlink($uploaded_file); } } } // close ftp connection ftp_close($conn_id); } else { // create the upload folder $uploadPathDir = $this->options['upload_dir'] . substr($newFilename, 0, 2); @mkdir($uploadPathDir); $file_path = $uploadPathDir . '/' . $newFilename; clearstatcache(); if ($uploaded_file && is_uploaded_file($uploaded_file)) { move_uploaded_file($uploaded_file, $file_path); } $file_size = filesize($file_path); } // check filesize uploaded matches tmp uploaded if ($file_size === $fileUpload->size) { $fileUpload->url = $this->options['upload_url'] . rawurlencode($fileUpload->name); // insert into the db $fileUpload->size = $file_size; $fileUpload->delete_url = '~d?' . $this->options['delete_hash']; $fileUpload->info_url = '~i?' . $this->options['delete_hash']; $fileUpload->delete_type = 'DELETE'; // create delete hash, make sure it's unique $deleteHash = md5($fileUpload->name . getUsersIPAddress() . microtime()); $existingFile = file::loadByDeleteHash($deleteHash); while ($existingFile != false) { $deleteHash = md5($fileUpload->name . getUsersIPAddress() . microtime()); $existingFile = file::loadByDeleteHash($deleteHash); } // store in db $db = Database::getDatabase(true); $dbInsert = new DBObject("file", array("originalFilename", "shortUrl", "fileType", "extension", "fileSize", "localFilePath", "userId", "totalDownload", "uploadedIP", "uploadedDate", "statusId", "deleteHash", "serverId")); $dbInsert->originalFilename = $fileUpload->name; $dbInsert->shortUrl = 'temp'; $dbInsert->fileType = $fileUpload->type; $dbInsert->extension = $extension; $dbInsert->fileSize = $fileUpload->size; $dbInsert->localFilePath = substr($file_path, strlen($this->options['upload_dir']), 99999); // add user id if user is logged in $dbInsert->userId = NULL; $Auth = Auth::getAuth(); if ($Auth->loggedIn()) { $dbInsert->userId = (int) $Auth->id; } $dbInsert->totalDownload = 0; $dbInsert->uploadedIP = getUsersIPAddress(); $dbInsert->uploadedDate = sqlDateTime(); $dbInsert->statusId = 1; $dbInsert->deleteHash = $deleteHash; $dbInsert->serverId = $uploadServerId; if (!$dbInsert->insert()) { $fileUpload->error = 'abort'; } // create short url $tracker = 1; $shortUrl = file::createShortUrlPart($tracker . $dbInsert->id); $fileTmp = file::loadByShortUrl($shortUrl); while ($fileTmp) { $shortUrl = file::createShortUrlPart($tracker . $dbInsert->id); $fileTmp = file::loadByShortUrl($shortUrl); $tracker++; } // update short url file::updateShortUrl($dbInsert->id, $shortUrl); // update fileUpload with file location $file = file::loadByShortUrl($shortUrl); $fileUpload->url = $file->getFullShortUrl(); $fileUpload->delete_url = $file->getDeleteUrl(); $fileUpload->info_url = $file->getInfoUrl(); $fileUpload->stats_url = $file->getStatisticsUrl(); $fileUpload->short_url = $shortUrl; } else { if ($this->options['discard_aborted_uploads']) { //@TODO - made ftp compatible @unlink($file_path); @unlink($uploaded_file); if (!isset($fileUpload->error)) { $fileUpload->error = 'maxFileSize'; } } } } return $fileUpload; }
<?php // checked whether user is logged in if ($Auth->loggedIn()) { // load recent from account $files = file::loadAllRecentByAccount($Auth->id, true); } else { // load recent from IP $files = file::loadAllRecentByIp(getUsersIPAddress(), true); } ?> <div class="rightContentWrapper ui-corner-all"> <div class="rightContent"> <div id="pageHeader"> <h2><?php echo t("your_recent_files", "Your Files"); ?> <?php echo COUNT($files) ? '(' . COUNT($files) . ')' : ''; ?> </h2> </div> <p> <?php // load all urls for current user if (COUNT($files)) { $tracker = 0; foreach ($files as $url) { $class = 'divOdd'; if ($tracker % 2 == 1) {