function check_mime_type($mime, $this_is_image, $file_path) { //This code for images only //it's must be improved for all files in future ! if ($this_is_image == false) { return true; } $return = false; $s_items = @explode(':', 'image:png:jpg:gif:bmp:jpeg'); foreach ($s_items as $r) { if (strpos($mime, $r) !== false) { $return = true; break; } } //onther check //$w = @getimagesize($file_path); //$return = ($w && (strpos($w['mime'], 'image') !== false)) ? true : false; //another check if ($return == true) { if (@kleeja_filesize($file_path) > 4 * (1000 * 1024)) { return true; } //check for bad things inside files ... //<.? i cant add it here cuz alot of files contain it $maybe_bad_codes_are = array('<script', 'zend', 'base64_decode'); if (!($data = @file_get_contents($file_path))) { return true; } foreach ($maybe_bad_codes_are as $i) { if (strpos(strtolower($data), $i) !== false) { $return = false; break; } } } ($hook = kleeja_run_hook('kleeja_check_mime_func')) ? eval($hook) : null; //run hook return $return; }
#end login //ummm let's say it's illegal action if ($_SERVER['REQUEST_METHOD'] == 'POST' && defined('STOP_CSRF')) { $t_reff = explode('/', $_SERVER['HTTP_REFERER']); $t_host = explode('/', $_SERVER['HTTP_HOST']); if ($t_reff[2] != $t_host[0]) { $usrcp->logout_cp(); if (isset($_GET['_ajax_'])) { //echo_ajax(999, ''); } redirect($config['siteurl']); $SQL->close(); exit; } } $gt = kleeja_filesize(PATH . 'includes/st' . 'yl' . 'e.php'); if (!empty($gt) && $gt != 10235) { exit(kleeja_base64_decode('V2hlcmUgVGhlIENvcHlyaWdodHMgOikgLi4u')); } !defined('LAST_VISIT') ? define('LAST_VISIT', time() - 3600 * 12) : ''; //last visit $last_visit = defined('LAST_VISIT') && preg_match('/[0-9]{10}/', LAST_VISIT) ? kleeja_date(LAST_VISIT) : false; //path of admin extensions $path_adm = PATH . 'includes/adm'; //exception extentions $ext_expt = array(); $ext_expt[] = 'start'; $ext_expt[] = 'php_info'; $ext_expt[] = 'b_lgoutcp'; $ext_expt[] = 'i_exts'; //confirm msgs
if (defined('MAKE_DOPHP_301_HEADER')) { header('HTTP/1.1 301 Moved Permanently'); header('Location: ' . $path_file); exit; } //start download ,, if (!is_readable($path_file)) { ($hook = kleeja_run_hook('down_file_not_exists')) ? eval($hook) : null; //run hook if ($is_image) { $path_file = 'images/not_exists.jpg'; } else { big_error($lang['FILE_NO_FOUNDED'], $lang['NOT_FOUND']); } } if (!($size = @kleeja_filesize($path_file))) { $size = $d_size; } $name = empty($rn) ? $n : $rn; if (is_browser('mozilla')) { $h_name = "filename*=UTF-8''" . rawurlencode(htmlspecialchars_decode($name)); } else { if (is_browser('opera, safari, konqueror')) { $h_name = 'filename="' . str_replace('"', '', htmlspecialchars_decode($name)) . '"'; } else { $h_name = 'filename="' . rawurlencode(htmlspecialchars_decode($name)) . '"'; } } //Figure out the MIME type (if not specified) $ext = array_pop(explode('.', $path_file)); $mime_type = get_mime_for_header($ext);