public function upload($username) { if (!get('_csrf') or !csrf(get('_csrf'))) { return response::error('unauthenticated access'); } $user = $this->user($username); if (!$user) { return response::error(l('users.avatar.error.missing')); } if (!site()->user()->isAdmin() and !$user->isCurrent()) { return response::error('You are not allowed to upload an avatar for this user'); } $root = $user->avatar() ? $user->avatar()->root() : $user->avatarRoot('{safeExtension}'); $upload = new Upload($root, array('accept' => function ($upload) { if ($upload->type() != 'image') { throw new Error(l('users.avatar.error.type')); } })); if ($upload->file()) { thumb::$defaults['root'] = dirname($upload->file()->root()); $thumb = new Thumb($upload->file(), array('filename' => $upload->file()->filename(), 'overwrite' => true, 'width' => 256, 'height' => 256, 'crop' => true)); kirby()->trigger('panel.avatar.upload', $user->avatar()); return response::success(l('users.avatar.success')); } else { return response::error($upload->error()->getMessage()); } }
public function upload(array $file, array $types = array(), $max_size = NULL) { $filename = Upload::file($file, NULL, NULL, $types, $max_size); $tmp_file = TMPPATH . trim($filename); if (!file_exists($tmp_file) or is_dir($tmp_file)) { throw new Kohana_Exception('Tempory file not exists :file', array(':file' => $tmp_file)); } $path = 'media' . DIRECTORY_SEPARATOR . substr($filename, 0, 3) . DIRECTORY_SEPARATOR; $abs_path = PUBLICPATH . $path; if (!is_dir($abs_path)) { mkdir($abs_path, 0777, TRUE); chmod($abs_path, 0777); } $file = $abs_path . $filename; if (!copy($tmp_file, $file)) { throw new Kohana_Exception("Can't copy file :file", array(':file' => $tmp_file)); } chmod($file, 0777); unlink($tmp_file); try { $content_type = 'image'; $params = getimagesize($file); } catch (Exception $ex) { $content_type = 'file'; $params = array(); } return $this->set('size', filesize($abs_path))->set('content_type', $content_type)->set('filename', str_replace(array('/', '\\'), '/', $path) . $filename)->set('params', $params)->save(); }
public function replace($id = null) { if (!get('_csrf') or !csrf(get('_csrf'))) { return response::error('unauthenticated access'); } $filename = get('filename'); $file = $this->file($id, $filename); $blueprint = blueprint::find($this->page($id)); $upload = new Upload($file->root(), array('overwrite' => true, 'accept' => function ($upload) use($file) { if ($upload->mime() != $file->mime()) { throw new Error(l('files.replace.error.type')); } })); if ($file = $upload->file()) { try { $this->checkUpload($file, $blueprint); kirby()->trigger('panel.file.replace', $file); return response::success('success'); } catch (Exception $e) { $file->delete(); return response::error($e->getMessage()); } } else { return response::error($upload->error()->getMessage()); } }
public function upload($username) { $user = $this->user($username); if (!$user) { return response::error(l('users.avatar.error.missing')); } $root = $user->avatar() ? $user->avatar()->root() : $user->avatarRoot('{safeExtension}'); $upload = new Upload($root, array('accept' => function ($upload) { if ($upload->type() != 'image') { throw new Error(l('users.avatar.error.type')); } })); if ($upload->file()) { thumb::$defaults['root'] = dirname($upload->file()->root()); thumb::$defaults['driver'] = 'im'; $thumb = new Thumb($upload->file(), array('filename' => $upload->file()->filename(), 'overwrite' => true, 'width' => 256, 'height' => 256, 'crop' => true)); return response::success(l('users.avatar.success')); } else { return response::error($upload->error()->getMessage()); } }
public function replace($id) { $filename = get('filename'); $file = $this->file($id, $filename); $upload = new Upload($file->root(), array('overwrite' => true, 'accept' => function ($upload) use($file) { if ($upload->mime() != $file->mime()) { throw new Error(l('files.replace.error.type')); } })); if ($upload->file()) { return response::success('success'); } else { return response::error($upload->error()->getMessage()); } }
redirect(HOST . DIR . '/admin/admin_ranks.php'); } else { redirect(HOST . DIR . '/admin/admin_ranks_add.php?error=incomplete#errorh'); } } elseif (!empty($_FILES['upload_ranks']['name'])) { @clearstatcache(); $dir = PATH_TO_ROOT . '/templates/' . get_utheme() . '/images/ranks/'; if (!is_writable($dir)) { $is_writable = @chmod($dir, 0777) ? true : false; } @clearstatcache(); $error = ''; if (is_writable($dir)) { import('io/upload'); $Upload = new Upload($dir); if (!$Upload->file('upload_ranks', '`([a-z0-9_ -])+\\.(jpg|gif|png|bmp)+$`i')) { $error = $Upload->error; } } else { $error = 'e_upload_failed_unwritable'; } $error = !empty($error) ? '?error=' . $error : ''; redirect(HOST . SCRIPT . $error); } else { $Template->set_filenames(array('admin_ranks_add' => 'admin/admin_ranks_add.tpl')); $get_error = retrieve(GET, 'error', ''); $array_error = array('e_upload_invalid_format', 'e_upload_max_weight', 'e_upload_error', 'e_upload_failed_unwritable'); if (in_array($get_error, $array_error)) { $Errorh->handler($LANG[$get_error], E_USER_WARNING); } if ($get_error == 'incomplete') {
$user_born = strtodate(retrieve(POST, 'user_born', '0'), $LANG['date_birth_parse']); import('util/captcha'); $Captcha = new Captcha(); $Captcha->set_difficulty($CONFIG_USER['verif_code_difficulty']); if (!($CONFIG_USER['verif_code'] == '1') || $Captcha->is_valid()) { if (strlen($login) >= 3 && strlen($password) >= 6 && strlen($password_bis) >= 6) { if (!empty($login) && !empty($user_mail) && $password_hash === $password_bis_hash) { ####Vérification de la validité de l'avatar#### $user_avatar = ''; //Gestion upload d'avatar. $dir = '../images/avatars/'; import('io/upload'); $Upload = new Upload($dir); if (is_writable($dir) && $CONFIG_USER['activ_up_avatar'] == 1) { if ($_FILES['avatars']['size'] > 0) { $Upload->file('avatars', '`([a-z0-9()_-])+\\.(jpg|gif|png|bmp)+$`i', UNIQ_NAME, $CONFIG_USER['weight_max'] * 1024); if (!empty($Upload->error)) { redirect(HOST . DIR . '/member/register' . url('.php?erroru=' . $Upload->error) . '#errorh'); } else { $path = $dir . $Upload->filename['avatars']; $error = $Upload->validate_img($path, $CONFIG_USER['width_max'], $CONFIG_USER['height_max'], DELETE_ON_ERROR); if (!empty($error)) { redirect(HOST . DIR . '/member/register' . url('.php?erroru=' . $error) . '#errorh'); } else { $user_avatar = $path; } } } } $path = retrieve(POST, 'avatar', ''); if (!empty($path)) {
<?php include "models/function.php"; $id = $_GET['id']; $param = "dop"; $records = DB::select($param); if (isset($_POST["go"])) { $arrayDop = array("name" => $_POST['name'], "id_kurs" => $_POST['kurs']); $dopSrcTmp = Upload::file($_FILES['file'], "materials"); if ($dopSrcTmp || $_POST['url']) { if ($dopSrcTmp) { $arrayDop += array("src" => $dopSrcTmp); } else { $arrayDop += array("src" => ""); } if ($_POST['url']) { $arrayDop += array("url" => $_POST['url']); } else { $arrayDop += array("url" => ""); } } if ($_POST["go"] == "save") { DB::insert(DB::insertSql($param, $arrayDop), $arrayDop); } else { $idKurs = $_POST["go"]; DB::update(DB::updateSql($param, $arrayDop), $arrayDop, $idKurs); } header("Location: materials.php"); } if (isset($_GET["delete"])) { Delete::del($_GET["title"], $_GET["delete"]);
require_once '../admin/admin_header.php'; $Cache->load('gallery'); include_once '../gallery/gallery.class.php'; $Gallery = new Gallery(); $idcat = !empty($_GET['cat']) ? numeric($_GET['cat']) : 0; $idcat_post = !empty($_POST['idcat_post']) ? numeric($_POST['idcat_post']) : 0; $add_pic = !empty($_GET['add']) ? numeric($_GET['add']) : 0; $nbr_pics_post = !empty($_POST['nbr_pics']) ? numeric($_POST['nbr_pics']) : 0; if (isset($_FILES['gallery']) && isset($_POST['idcat_post'])) { $dir = 'pics/'; import('io/upload'); $Upload = new Upload($dir); $idpic = 0; if (is_writable($dir)) { if ($_FILES['gallery']['size'] > 0) { $Upload->file('gallery', '`([a-z0-9()_-])+\\.(jpg|gif|png)+$`i', UNIQ_NAME, $CONFIG_GALLERY['weight_max']); if (!empty($Upload->error)) { redirect(HOST . DIR . '/gallery/admin_gallery_add.php?error=' . $Upload->error . '#errorh'); } else { $path = $dir . $Upload->filename['gallery']; $error = $Upload->validate_img($path, $CONFIG_GALLERY['width_max'], $CONFIG_GALLERY['height_max'], DELETE_ON_ERROR); if (!empty($error)) { redirect(HOST . DIR . '/gallery/admin_gallery_add.php?error=' . $error . '#errorh'); } else { $Gallery->Resize_pics($path); if (!empty($Gallery->error)) { redirect(HOST . DIR . '/gallery/admin_gallery_add.php?error=' . $Gallery->error . '#errorh'); } $name = !empty($_POST['name']) ? strprotect($_POST['name']) : ''; $idpic = $Gallery->Add_pics($idcat_post, $name, $Upload->filename['gallery'], $User->get_attribute('user_id')); if (!empty($Gallery->error)) {
} } elseif ($home_folder) { //Retour à la racine. AppContext::get_response()->redirect('/admin/admin_files.php'); } elseif (!empty($_FILES['upload_file']['name']) && $folder) { //Si le dossier n'est pas en écriture on tente un CHMOD 777 @clearstatcache(); $dir = PATH_TO_ROOT . '/upload/'; if (!is_writable($dir)) { $is_writable = @chmod($dir, 0777); } @clearstatcache(); $error = ''; if (is_writable($dir)) { $Upload = new Upload($dir); $Upload->file('upload_file', '`([a-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', FileUploadConfig::load()->get_authorized_extensions())) . ')+$`i', Upload::UNIQ_NAME); if ($Upload->get_error() != '') { //Erreur, on arrête ici AppContext::get_response()->redirect('/admin/admin_files.php?f=' . $folder . '&erroru=' . $Upload->get_error() . '#message_helper'); } else { $check_user_folder = 0; try { $check_user_folder = PersistenceContext::get_querier()->get_column_value(DB_TABLE_UPLOAD_CAT, 'user_id', 'WHERE id=:id', array('id' => $folder)); } catch (RowNotFoundException $e) { } $user_id = $check_user_folder <= 0 ? -1 : AppContext::get_current_user()->get_id(); $user_id = max($user_id, $folder_member); $result = PersistenceContext::get_querier()->insert(DB_TABLE_UPLOAD, array('idcat' => $folder, 'name' => $Upload->get_original_filename(), 'path' => $Upload->get_filename(), 'user_id' => $user_id, 'size' => $Upload->get_human_readable_size(), 'type' => $Upload->get_extension(), 'timestamp' => time())); $id_file = $result->get_last_inserted_id(); } } else {
redirect(HOST . DIR . '/admin/admin_themes_add.php?error=e_theme_already_exist#errorh'); } } elseif (!empty($_FILES['upload_theme']['name'])) { @clearstatcache(); $dir = '../templates/'; if (!is_writable($dir)) { $is_writable = @chmod($dir, 0777) ? true : false; } @clearstatcache(); $error = ''; if (is_writable($dir)) { $check_theme = $Sql->query("SELECT COUNT(*) FROM " . DB_TABLE_THEMES . " WHERE theme = '" . strprotect($_FILES['upload_theme']['name']) . "'", __LINE__, __FILE__); if (empty($check_theme) && !is_dir('../templates/' . $_FILES['upload_theme']['name'])) { import('io/upload'); $Upload = new Upload($dir); if ($Upload->file('upload_theme', '`([a-z0-9()_-])+\\.(gzip|zip)+$`i')) { $archive_path = '../templates/' . $Upload->filename['upload_theme']; if ($Upload->extension['upload_theme'] == 'gzip') { import('lib/pcl/pcltar', LIB_IMPORT); if (!($zip_files = PclTarExtract($Upload->filename['upload_theme'], '../templates/'))) { $error = $Upload->error; } } elseif ($Upload->extension['upload_theme'] == 'zip') { import('lib/pcl/pclzip', LIB_IMPORT); $Zip = new PclZip($archive_path); if (!($zip_files = $Zip->extract(PCLZIP_OPT_PATH, '../templates/', PCLZIP_OPT_SET_CHMOD, 0666))) { $error = $Upload->error; } } else { $error = 'e_upload_invalid_format'; }
$error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } //Niveau d'autorisation de la catégorie, accès en écriture. if (!$Gallery->auth_upload_pics(AppContext::get_current_user()->get_id(), AppContext::get_current_user()->get_level())) { AppContext::get_response()->redirect('/gallery/gallery' . url('.php?add=1&cat=' . $id_category . '&error=upload_limit', '-' . $id_category . '.php?add=1&error=upload_limit', '&') . '#message_helper'); } $dir = 'pics/'; $authorized_pictures_extensions = FileUploadConfig::load()->get_authorized_picture_extensions(); $error = ''; if (!empty($authorized_pictures_extensions)) { $Upload = new Upload($dir); $idpic = 0; $idcat_post = retrieve(POST, 'cat', ''); $name_post = retrieve(POST, 'name', '', TSTRING_AS_RECEIVED); if (!$Upload->file('gallery', '`([a-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', $authorized_pictures_extensions)) . ')+$`i', Upload::UNIQ_NAME, $config->get_max_weight())) { $error = $Upload->get_error(); } } else { $error = 'e_upload_invalid_format'; } if ($error != '') { AppContext::get_response()->redirect(GalleryUrlBuilder::get_link_cat_add($id_category, $error) . '#message_helper'); } else { $path = $dir . $Upload->get_filename(); $error = $Upload->check_img($config->get_max_width(), $config->get_max_height(), Upload::DELETE_ON_ERROR); if (!empty($error)) { //Erreur, on arrête ici AppContext::get_response()->redirect(GalleryUrlBuilder::get_link_cat_add($id_category, $error) . '#message_helper'); } else { //Enregistrement de l'image dans la bdd.
$unlimited_data = $group_limit === -1 || AppContext::get_current_user()->check_level(User::ADMIN_LEVEL); $member_memory_used = Uploads::Member_memory_used(AppContext::get_current_user()->get_id()); if ($member_memory_used >= $group_limit && !$unlimited_data) { $error = 'e_max_data_reach'; } else { //Si le dossier n'est pas en écriture on tente un CHMOD 777 @clearstatcache(); $dir = PATH_TO_ROOT . '/upload/'; if (!is_writable($dir)) { $is_writable = @chmod($dir, 0777); } @clearstatcache(); if (is_writable($dir)) { $weight_max = $unlimited_data ? 100000000 : $group_limit - $member_memory_used; $Upload = new Upload($dir); $Upload->file('upload_file', '`([a-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', $files_upload_config->get_authorized_extensions())) . ')+$`i', Upload::UNIQ_NAME, $weight_max); if ($Upload->get_error() != '') { $error = $Upload->get_error(); if ($Upload->get_error() == 'e_upload_max_weight') { $error = 'e_max_data_reach'; } AppContext::get_response()->redirect('/user/upload.php?f=' . $folder . '&erroru=' . $error . '&' . $popup_noamp . '#message_helper'); } else { $result = PersistenceContext::get_querier()->insert(DB_TABLE_UPLOAD, array('idcat' => $folder, 'name' => $Upload->get_original_filename(), 'path' => $Upload->get_filename(), 'user_id' => AppContext::get_current_user()->get_id(), 'size' => $Upload->get_human_readable_size(), 'type' => $Upload->get_extension(), 'timestamp' => time())); $id_file = $result->get_last_inserted_id(); } } else { $error = 'e_upload_failed_unwritable'; } } $anchor = !empty($error) ? '&error=' . $error . '&' . $popup_noamp . '#message_helper' : '&' . $popup_noamp . (!empty($id_file) ? '#fi1' . $id_file : '');
<?php include "models/function.php"; $param = "kurs"; if (isset($_POST["go"])) { $arrayKurs = array("name" => $_POST['name'], "text" => $_POST['text']); $kursSrcTmp = Upload::file($_FILES['preview'], "kurs"); if ($kursSrcTmp) { $arrayKurs += array("src" => $kursSrcTmp); } else { if ($_POST["go"] == "save") { $arrayKurs += array("src" => ""); } } if ($_POST["go"] == "save") { $idKurs = DB::insert(DB::insertSql($param, $arrayKurs), $arrayKurs); } else { $idKurs = $_POST["go"]; DB::update(DB::updateSql($param, $arrayKurs), $arrayKurs, $idKurs); } header("Location: " . $param . ".php"); } $records = DB::select($param); require_once 'view/tpl_top.php'; ?> <div class="app app-header-fixed "> <?php include "view/header.php"; include "view/tpl_popup_kurs.php"; $active_e = "class=\"active\""; include "view/nav.php";
private function upload_module() { $modules_folder = PATH_TO_ROOT . '/'; if (!is_writable($modules_folder)) { $is_writable = @chmod($dir, 0755); } else { $is_writable = true; } if ($is_writable) { $uploaded_file = $this->form->get_value('file'); if ($uploaded_file !== null) { $upload = new Upload($modules_folder); if ($upload->file('upload_module_file', '`([a-z0-9()_-])+\\.(gz|zip)+$`i')) { $archive = $modules_folder . $upload->get_filename(); if ($upload->get_extension() == 'gz') { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pcltar.lib.php'; $archive_content = PclTarList($upload->get_filename()); } else { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pclzip.lib.php'; $zip = new PclZip($archive); $archive_content = $zip->listContent(); } $archive_root_content = array(); $required_files = array('/config.ini', '/index.php'); foreach ($archive_content as $element) { if (substr($element['filename'], -1) == '/') { $element['filename'] = substr($element['filename'], 0, -1); } if (substr_count($element['filename'], '/') == 0) { $archive_root_content[] = array('filename' => $element['filename'], 'folder' => isset($element['folder']) && $element['folder'] == 1 || isset($element['typeflag']) && $element['typeflag'] == 5); } if (isset($archive_root_content[0])) { $name_in_archive = str_replace($archive_root_content[0]['filename'] . '/', '/', $element['filename']); if (in_array($name_in_archive, $required_files)) { unset($required_files[array_search($name_in_archive, $required_files)]); } } } if (count($archive_root_content) == 1 && $archive_root_content[0]['folder'] && empty($required_files)) { $module_id = $archive_root_content[0]['filename']; if (!ModulesManager::is_module_installed($module_id)) { if ($upload->get_extension() == 'gz') { PclTarExtract($upload->get_filename(), $modules_folder); } else { $zip->extract(PCLZIP_OPT_PATH, $modules_folder, PCLZIP_OPT_SET_CHMOD, 0755); } $this->install_module($module_id, true); } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('element.already_exists', 'status-messages-common'), MessageHelper::NOTICE)); } } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('error.invalid_archive_content', 'status-messages-common'), MessageHelper::NOTICE)); } $uploaded_file = new File($archive); $uploaded_file->delete(); } else { $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_invalid_format'], MessageHelper::NOTICE)); } } else { $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_error'], MessageHelper::NOTICE)); } } }
} elseif ($del_mbr && !empty($user_id) && !empty($idgroup)) { $Session->csrf_get_protect(); $Group->remove_member($user_id, $idgroup); redirect(HOST . DIR . '/admin/admin_groups.php?id=' . $idgroup . '#add'); } elseif (!empty($_FILES['upload_groups']['name'])) { @clearstatcache(); $dir = '../images/group/'; if (!is_writable($dir)) { $is_writable = @chmod($dir, 0777) ? true : false; } @clearstatcache(); $error = ''; if (is_writable($dir)) { import('io/upload'); $Upload = new Upload($dir); if (!$Upload->file('upload_groups', '`([a-z0-9()_-])+\\.(jpg|gif|png|bmp)+$`i')) { $error = $Upload->error; } } else { $error = 'e_upload_failed_unwritable'; } $error = !empty($error) ? '&error=' . $error : ''; redirect(HOST . SCRIPT . '?add=1' . $error); } elseif (!empty($idgroup)) { $Template->set_filenames(array('admin_groups_management2' => 'admin/admin_groups_management2.tpl')); $group = $Sql->query_array(DB_TABLE_GROUP, 'id', 'name', 'img', 'color', 'auth', 'members', "WHERE id = '" . $idgroup . "'", __LINE__, __FILE__); if (!empty($group['id'])) { $get_error = retrieve(GET, 'error', ''); if ($get_error == 'incomplete') { $Errorh->handler($LANG['e_incomplete'], E_USER_NOTICE); } elseif ($get_error == 'already_group') {
private function upload_avatar($form, $member_extended_field) { $avatar = $form->get_value('upload_avatar'); $user_accounts_config = UserAccountsConfig::load(); $authorized_pictures_extensions = FileUploadConfig::load()->get_authorized_picture_extensions(); if (empty($authorized_pictures_extensions)) { return new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_invalid_format', 'errors')); } if ($form->get_value('link_avatar')) { if (preg_match('`([A-Za-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', $authorized_pictures_extensions)) . ')+$`i', $form->get_value('link_avatar'))) { $image = new Image($form->get_value('link_avatar')); if ($image->get_width() > $user_accounts_config->get_max_avatar_width() || $image->get_height() > $user_accounts_config->get_max_avatar_height()) { if ($user_accounts_config->is_avatar_auto_resizing_enabled()) { $directory = '/images/avatars/' . Url::encode_rewrite($image->get_name() . '_' . $this->key_hash()) . '.' . $image->get_extension(); $resizer = new ImageResizer(); $resizer->resize_with_max_values($image, $user_accounts_config->get_max_avatar_width(), $user_accounts_config->get_max_avatar_height(), PATH_TO_ROOT . $directory); $this->delete_old_avatar($member_extended_field); return $directory; } throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_max_dimension', 'errors')); } $this->delete_old_avatar($member_extended_field); return $form->get_value('link_avatar'); } else { throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_invalid_format', 'errors')); } } elseif (!empty($avatar)) { if (UserAccountsConfig::load()->is_avatar_upload_enabled()) { $dir = '/images/avatars/'; if ($user_accounts_config->is_avatar_auto_resizing_enabled()) { $image = new Image($avatar->get_temporary_filename()); $resizer = new ImageResizer(); $explode = explode('.', $avatar->get_name()); $extension = array_pop($explode); if (!in_array($extension, $authorized_pictures_extensions)) { return new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_invalid_format', 'errors')); } $explode = explode('.', $avatar->get_name()); $name = $explode[0]; $directory = $dir . Url::encode_rewrite($name . '_' . $this->key_hash()) . '.' . $extension; try { $resizer->resize_with_max_values($image, $user_accounts_config->get_max_avatar_width(), $user_accounts_config->get_max_avatar_height(), PATH_TO_ROOT . $directory); $this->delete_old_avatar($member_extended_field); return $directory; } catch (UnsupportedOperationException $e) { throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_invalid_format', 'errors')); } } else { $Upload = new Upload(PATH_TO_ROOT . $dir); $Upload->file($form->get_html_id() . '_upload_avatar', '`([A-Za-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', $authorized_pictures_extensions)) . ')+$`i', Upload::UNIQ_NAME, $user_accounts_config->get_max_avatar_weight() * 1024); $upload_error = $Upload->get_error(); if (!empty($upload_error)) { throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message($upload_error, 'errors')); } $error = $Upload->check_img($user_accounts_config->get_max_avatar_width(), $user_accounts_config->get_max_avatar_height(), Upload::DELETE_ON_ERROR); if (!empty($error)) { throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message($error, 'errors')); } else { $this->delete_old_avatar($member_extended_field); return $dir . $Upload->get_filename(); } } } } else { return MemberExtendedFieldsService::return_field_member($member_extended_field->get_field_name(), $member_extended_field->get_user_id()); } }
private function upload_smiley() { $folder_phpboost_smileys = $this->smileys_path; if (!is_writable($folder_phpboost_smileys)) { $is_writable = @chmod($folder_phpboost_smileys, 0777); } else { $is_writable = true; } if ($is_writable) { $uploaded_file = $this->upload_form->get_value('file'); if ($uploaded_file !== null) { $authorized_pictures_extensions = FileUploadConfig::load()->get_authorized_picture_extensions(); if (empty($authorized_pictures_extensions)) { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('e_upload_invalid_format', 'errors'), MessageHelper::NOTICE)); } $upload = new Upload($this->smileys_path); if ($upload->file('upload_smiley_file', '`([a-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', $authorized_pictures_extensions)) . ')+$`i')) { // TODO : gérer les archives de smileys (possibilité d'uploader un zip + case à cocher si on veut créer directement chaque smiley avec :nom_du_smiley comme code) } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message($upload->get_error(), 'errors'), MessageHelper::NOTICE)); } } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('process.error', 'status-messages-common'), MessageHelper::NOTICE)); } } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('e_upload_failed_unwritable', 'errors'), MessageHelper::WARNING)); } }
<?php include "models/function.php"; $lesson = $_SESSION['lessons']; $id = $_GET['id']; $less = DB::selectID("lessons", $id); $video = DB::selectParam("video", "id_lessons", $id); if (isset($_POST['go'])) { $today = DB::today(); $array = array("id_lessons" => $lesson, "id_clients" => $_SESSION['user_id'], "text" => $_POST['text'], "date" => $today, "piple" => "user"); if ($_FILES["answer_materials"]["error"] == UPLOAD_ERR_OK) { $materials = Upload::file($_FILES["answer_materials"], "answer_materials"); if ($materials) { $array += array("src" => $materials); } else { if ($_POST["go"] == "save") { $array += array("src" => ""); } } } DB::insert(DB::insertSql("answer", $array), $array); header("Location: view_lessons.php?id=" . $_POST['id'] . "#chat"); } $dz = DB::selectParam("homework", "id_lessons", $id); $answer = DB::selectSql("SELECT * FROM answer WHERE id_lessons={$id} AND (id_clients={$_SESSION['user_id']} OR id_clients=0)"); require_once 'view/tpl_top.php'; ?> <div class="app app-header-fixed"> <?php include "view/tpl_popup_events.php"; include "view/header.php";
<?php include "models/function.php"; include "classes/Upload.php"; $param = "settings"; if (isset($_POST["go"])) { $res_file = Upload::file($_FILES['oferta']); $id = array_pop($_POST); DB::update(DB::updateSql($param, $_POST), $_POST, $id); header("Location: " . $_SERVER['REQUEST_URI']); } $record = DB::select($param); require_once 'view/tpl_top.php'; ?> <div class="app app-header-fixed "> <?php include "view/header.php"; $active_g = "class=\"active\""; include "view/nav.php"; ?> <!-- content --> <div id="content" class="app-content" role="main"> <div class="app-content-body "> <div class="hbox hbox-auto-xs hbox-auto-sm"> <div class="col"> <div class="bg-light lter b-b wrapper-md wrapper-md__i"> <h1 class="m-n font-thin h3 inline">Настройки сайта</h1> </div> <div class="wrapper-md"> <form method="post" enctype="multipart/form-data"> <div class="row">
private function upload_theme() { $folder_phpboost_themes = PATH_TO_ROOT . '/templates/'; if (!is_writable($folder_phpboost_themes)) { $is_writable = @chmod($folder_phpboost_themes, 0777); } else { $is_writable = true; } if ($is_writable) { $uploaded_file = $this->form->get_value('file'); if ($uploaded_file !== null) { $upload = new Upload($folder_phpboost_themes); if ($upload->file('upload_theme_file', '`([A-Za-z0-9-_]+)\\.(gz|zip)+$`i')) { $archive = $folder_phpboost_themes . $upload->get_filename(); if ($upload->get_extension() == 'gz') { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pcltar.lib.php'; $archive_content = PclTarList($upload->get_filename()); } else { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pclzip.lib.php'; $zip = new PclZip($archive); $archive_content = $zip->listContent(); } $archive_root_content = array(); $required_files = array('/config.ini', '/body.tpl', '/frame.tpl', '/theme/content.css', '/theme/design.css', '/theme/global.css'); foreach ($archive_content as $element) { if (substr($element['filename'], -1) == '/') { $element['filename'] = substr($element['filename'], 0, -1); } if (substr_count($element['filename'], '/') == 0) { $archive_root_content[] = array('filename' => $element['filename'], 'folder' => isset($element['folder']) && $element['folder'] == 1 || isset($element['typeflag']) && $element['typeflag'] == 5); } if (isset($archive_root_content[0])) { $name_in_archive = str_replace($archive_root_content[0]['filename'] . '/', '/', $element['filename']); if (in_array($name_in_archive, $required_files)) { unset($required_files[array_search($name_in_archive, $required_files)]); } } } if (count($archive_root_content) == 1 && $archive_root_content[0]['folder'] && empty($required_files)) { $theme_id = $archive_root_content[0]['filename']; if (!ThemesManager::get_theme_existed($theme_id)) { if ($upload->get_extension() == 'gz') { PclTarExtract($upload->get_filename(), $folder_phpboost_themes); } else { $zip->extract(PCLZIP_OPT_PATH, $folder_phpboost_themes, PCLZIP_OPT_SET_CHMOD, 0755); } $this->install_theme($theme_id, array('r-1' => 1, 'r0' => 1, 'r1' => 1)); } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('element.already_exists', 'status-messages-common'), MessageHelper::NOTICE)); } } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('error.invalid_archive_content', 'status-messages-common'), MessageHelper::NOTICE)); } $uploaded_file = new File($archive); $uploaded_file->delete(); } else { $this->view->put('MSG', MessageHelper::display($this->lang['themes.upload_invalid_format'], MessageHelper::NOTICE)); } } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('process.error', 'status-messages-common'), MessageHelper::NOTICE)); } } }
AppContext::get_response()->redirect('/forum/admin_ranks_add.php?error=incomplete#message_helper'); } } elseif (!empty($_FILES['upload_ranks']['name'])) { //Si le dossier n'est pas en écriture on tente un CHMOD 777 @clearstatcache(); $dir = PATH_TO_ROOT . '/forum/templates/images/ranks/'; if (!is_writable($dir)) { $is_writable = @chmod($dir, 0777) ? true : false; } $error = ''; if (is_writable($dir)) { $authorized_pictures_extensions = FileUploadConfig::load()->get_authorized_picture_extensions(); if (!empty($authorized_pictures_extensions)) { $Upload = new Upload($dir); $Upload->disableContentCheck(); if (!$Upload->file('upload_ranks', '`([a-z0-9_ -])+\\.(' . implode('|', array_map('preg_quote', $authorized_pictures_extensions)) . ')+$`i')) { $error = $Upload->get_error(); } } else { $error = 'e_upload_invalid_format'; } } else { $error = 'e_upload_failed_unwritable'; } $error = !empty($error) ? '?error=' . $error : ''; AppContext::get_response()->redirect(HOST . SCRIPT . $error); } else { $template = new FileTemplate('forum/admin_ranks_add.tpl'); //Gestion erreur. $get_error = retrieve(GET, 'error', ''); $array_error = array('e_upload_invalid_format', 'e_upload_max_weight', 'e_upload_error', 'e_upload_php_code', 'e_upload_failed_unwritable');
<?php include "models/function.php"; if (isset($_POST["go"])) { $array_lessons = array("name" => $_POST['name'], "id_kurs" => $_POST['kurs'], "text" => $_POST['opisanie']); $lessons_src_tmp = Upload::file($_FILES['preview'], "lessons"); if ($lessons_src_tmp) { $array_lessons += array("src" => $lessons_src_tmp); } else { if ($_POST["go"] == "save") { $array_lessons += array("src" => ""); } } if ($_POST["go"] == "save") { $id_lessons = DB::insert(DB::insertSql("lessons", $array_lessons), $array_lessons); } else { $id_lessons = $_POST["go"]; DB::update(DB::updateSql("lessons", $array_lessons), $array_lessons, $id_lessons); } $materials = Upload::files($_FILES["materials"], "materials"); if ($materials) { foreach ($materials as $materials_src_tmp) { $array_materials = array("id_lessons" => $id_lessons, "src" => $materials_src_tmp); DB::insert(DB::insertSql("materials", $array_materials), $array_materials); } } if ($_POST['video']) { $video = explode("|", $_POST['video']); foreach ($video as $video_tmp) { $array_video = array("id_lessons" => $id_lessons, "src" => $video_tmp); DB::insert(DB::insertSql("video", $array_video), $array_video);
} } else { redirect(HOST . DIR . '/admin/admin_smileys_add.php?error=incomplete#errorh'); } } elseif (!empty($_FILES['upload_smiley']['name'])) { @clearstatcache(); $dir = '../images/smileys/'; if (!is_writable($dir)) { $is_writable = @chmod($dir, 0777) ? true : false; } @clearstatcache(); $error = ''; if (is_writable($dir)) { import('io/upload'); $Upload = new Upload($dir); if (!$Upload->file('upload_smiley', '`[a-z0-9_ -]+\\.(jpg|gif|png|bmp)+$`i')) { $error = $Upload->error; } } else { $error = 'e_upload_failed_unwritable'; } $error = !empty($error) ? '?error=' . $error : ''; redirect(HOST . SCRIPT . $error); } else { $Template->set_filenames(array('admin_smileys_add' => 'admin/admin_smileys_add.tpl')); $get_error = retrieve(GET, 'error', ''); $array_error = array('e_upload_invalid_format', 'e_upload_max_weight', 'e_upload_error', 'e_upload_failed_unwritable', 'e_smiley_already_exist'); if (in_array($get_error, $array_error)) { $Errorh->handler($LANG[$get_error], E_USER_WARNING); } if ($get_error == 'incomplete') {
JOIN users ON offensive_uploads.userid = users.userid WHERE offensive_uploads.type= 'image' AND offensive_uploads.status = 'normal' AND users.account_status != 'locked' ORDER BY offensive_uploads.timestamp DESC, offensive_uploads.id DESC LIMIT $page_limit_clause, 15"; $result = tmbo_query($sql); while( $image = mysql_fetch_assoc( $result ) ) { $upload = new Upload($image); $filepath = $upload->file(); ?> <!-- loopy --> <span class="filesize"> File: <a href="<?= Link::upload($upload) ?>"><?= htmlEscape($upload->filename()) ?></a> - (<?= byte_format(filesize($filepath))?>, <? $info = getimagesize($filepath); echo $info[0]."x".$info[1]; ?>) </span> <br>
private function upload_module() { $modules_folder = PATH_TO_ROOT . '/'; if (!is_writable($modules_folder)) { $is_writable = @chmod($dir, 0755); } else { $is_writable = true; } if ($is_writable) { $file = $this->form->get_value('file'); if ($file !== null) { $modules_id = $file->get_name_without_extension(); if (ModulesManager::is_module_installed($modules_id)) { $upload = new Upload($modules_folder); $upload->disableContentCheck(); if ($upload->file('upload_module_file', '`([A-Za-z0-9-_]+)\\.(gz|zip)+$`i', false, 100000000, false)) { $archive_path = $modules_folder . $upload->get_filename(); if ($upload->get_extension() == 'gz') { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pcltar.lib.php'; PclTarExtract($upload->get_filename(), $modules_folder); $file = new File($archive_path); $file->delete(); } else { if ($upload->get_extension() == 'zip') { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pclzip.lib.php'; $zip = new PclZip($archive_path); $zip->extract(PCLZIP_OPT_PATH, $modules_folder, PCLZIP_OPT_SET_CHMOD, 0755); $file = new File($archive_path); $file->delete(); } else { $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_invalid_format'], MessageHelper::NOTICE, 4)); } } $this->upgrade_module($modules_id); } else { $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_error'], MessageHelper::NOTICE, 4)); } } else { $this->view->put('MSG', MessageHelper::display($this->lang['modules.not_installed_module'], MessageHelper::NOTICE, 4)); } } else { $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_error'], MessageHelper::NOTICE, 4)); } } }
} } elseif ($home_folder) { redirect(HOST . DIR . '/admin/admin_files.php'); } elseif (!empty($_FILES['upload_file']['name']) && isset($_GET['f'])) { @clearstatcache(); $dir = '../upload/'; if (!is_writable($dir)) { $is_writable = @chmod($dir, 0777) ? true : false; } @clearstatcache(); $error = ''; if (is_writable($dir)) { $Cache->load('uploads'); import('io/upload'); $Upload = new Upload($dir); $Upload->file('upload_file', '`([a-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', $CONFIG_UPLOADS['auth_extensions'])) . ')+$`i', UNIQ_NAME); if (!empty($Upload->error)) { redirect(HOST . DIR . '/admin/admin_files.php?f=' . $folder . '&erroru=' . $Upload->error . '#errorh'); } else { $check_user_folder = $Sql->query("SELECT user_id FROM " . DB_TABLE_UPLOAD_CAT . " WHERE id = '" . $folder . "'", __LINE__, __FILE__); $user_id = $check_user_folder <= 0 ? -1 : $User->get_attribute('user_id'); $user_id = max($user_id, $folder_member); $Sql->query_inject("INSERT INTO " . DB_TABLE_UPLOAD . " (idcat, name, path, user_id, size, type, timestamp) VALUES ('" . $folder . "', '" . addslashes($_FILES['upload_file']['name']) . "', '" . addslashes($Upload->filename['upload_file']) . "', '" . $user_id . "', '" . numeric(number_round($_FILES['upload_file']['size'] / 1024, 1), 'float') . "', '" . $Upload->extension['upload_file'] . "', '" . time() . "')", __LINE__, __FILE__); } } else { $error = 'e_upload_failed_unwritable'; } $error = !empty($error) ? '&error=' . $error . '#errorh' : ''; redirect(HOST . DIR . '/admin/admin_files.php?f=' . $folder . ($folder_member > 0 ? '&fm=' . $folder_member : '') . $error); } elseif (!empty($del_folder)) { $Session->csrf_get_protect();
public function install() { include_once ROOT . DS . 'includes' . DS . 'upload.php'; include_once ROOT . DS . 'includes' . DS . 'functions.php'; $dg = new dg(); $upload = array('error' => 0, 'msg' => ''); $data = array(); // check key if (isset($_POST['key']) && isset($_FILES['file'])) { if (isset($_FILES['file']['name']) && $_FILES['file']['name'] != '' && $_POST['key'] != '') { $check_key = 0; $key = $_POST['key']; $index = explode('-api-tshirtecommerce-', $key); if (count($index) > 1 && $index[0] != '') { // check key $args = array('woo_sl_action' => 'install', 'licence_key' => $key, 'product_unique_id' => $index[0], 'domain' => $_SERVER['HTTP_HOST']); $result = $dg->sendPostData($this->api_url, $args); if ($result != false && $result != '') { $addon = json_decode($result); if (isset($addon->status) && $addon->status == 'success') { $check_key = 1; // upload file $up = new Upload(); $up->path = dirname(dirname(ROOT)); $up->file_size = 20971520; // 20Mb $up->file_type = array(0 => 'zip'); // zip file type. $upload = $up->file($_FILES['file']); // unzip file if ($upload['error'] == 0 && $upload['msg'] != '') { if (file_exists($upload['full_path'])) { $zip = new ZipArchive(); if (!is_writable($upload['full_path'])) { chmod($upload['full_path'], 755); } if ($zip->open($upload['full_path']) === TRUE) { $zip->extractTo($upload['path']); $zip->close(); unlink($upload['full_path']); $file = dirname(ROOT) . DS . 'addons' . DS . 'install' . DS . $index[0] . '.json'; if (file_exists($file)) { $content = file_get_contents($file); if ($content != false) { $arr = json_decode($content); $arr->key = $key; $dg->WriteFile($file, json_encode($arr)); $dg->redirect('index.php/addon/installed'); } } else { $check_key = -3; } } else { $check_key = -2; } } } else { $check_key = -1; } } } } if ($check_key == 0) { $data['error'] = 'Your key not found! Please check your key and try again.'; } else { if ($check_key == -1) { $data['error'] = 'Your system not allow upload file. Please set permission 755 to ROOT flder.'; } else { if ($check_key == -2) { $data['error'] = 'Your system not allow upload file. Please set permission 755 to ROOT flder.'; } else { if ($check_key == -3) { $data['error'] = 'Your system not allow write file. Please set permission 755 to Folder_your_site/tshirtecommerce/addons/install.'; } } } } } else { $data['error'] = 'Please add your key and upload file install!'; } } $data['upload'] = $upload; $data['title'] = lang('breadcrumb_install', true); $data['breadcrumb'] = lang('breadcrumb_install', true); $data['sub_title'] = lang('breadcrumb_manager', true); $this->view('install', $data); }