} else {
# All fine, continue
$badcharacters = array("'", '"', "\\");
$newfilepath = bh_fpclean($infolder . "/" . str_replace($badcharacters, "", $fileinfo['name']));
$tmppath = $fileinfo['tempname'];
bh_move_uploaded_file($tmppath, $newfilepath);
# Make it add info into the db.
$newfileobj = new bhfile($newfilepath);
unset($newfileobj);
bh_log(str_replace("#FILE#", $fileinfo['name'], $bhlang['notice:file_#FILE#_upload_success']), "BH_NOTICE");
bh_log(str_replace("#USER#", $bhsession['username'], str_replace("#FILE#", $newfilepath, $bhlang['log:#USER#_uploaded_#FILE#'])), "BH_FILE_UPLOAD");
}
} else {
# Error???
$newfilepath = bh_fpclean($infolder . "/" . $fileinfo['name']);
bh_add_logvars(array("file" => $fileinfo['name'], "user" => $bhsession['username'], "username" => $bhsession['username']));
bh_add_error($bhlang['notice:file_#FILE#_upload_failure']);
bh_add_log($bhlang['log:#USER#_failed_upload_#FILE#'], "BH_FILE_UPLOAD");
}
}
}
# Show directory where they went
$_GET['filepath'] = $infolder;
require "modules/viewdir.inc.php";
} else {
# Sorry, no access.
bh_log($bhlang['error:no_write_permission'], "BH_ACCESS_DENIED");
require "modules/error.inc.php";
}
} else {
$layoutobj = new bhlayout("uploadform");
#author Andrew Godwin
#description Plaintext editor for files
#iscore 1
# Test for include status
if (IN_BH != 1) {
header("Location: ../index.php");
die;
}
$filepath = bh_fpclean($_GET['filepath']);
$filename = bh_get_filename($filepath);
if (bh_file_exists($filepath) == true) {
if ($_POST['iscontent']) {
$fileobj = new bhfile($filepath);
$sizediff = strlen($_POST['file_content']) - $fileobj->fileinfo['filesize'];
if ($bhcurrent['userobj']->spaceremaining() < $sizediff) {
bh_add_logvars(array("quota" => $bhcurrent['userobj']->quota));
bh_add_error($bhlang['error:quota_exceeded']);
require "modules/error.inc.php";
} else {
$fileobj->filecontents = $_POST['file_content'];
$fileobj->savefile();
bh_log($bhlang['notice:file_saved'], "BH_NOTICE");
bh_log(str_replace("#FILE#", $filepath, str_replace("#USER#", $bhsession['username'], $bhlang['log:#USER#_modified_#FILE#'])), "BH_FILE_MODIFIED");
require "modules/viewfile.inc.php";
}
} else {
$fileobj = new bhfile($filepath);
$fileobj->loadfile();
$layoutobj = new bhlayout("editform");
$layoutobj->content1 = $fileobj->filecontents;
$layoutobj->filepath = $filepath;
}
if (empty($_GET['group'])) {
$_GET['group'] = array();
}
$group = array_merge($_POST['group'], $_GET['group']);
if ($group['action'] == "add") {
$grouprows = select_bhdb("groupusers", array("username" => $group['username'], "group" => $group['group']), "");
if (empty($grouprows)) {
$userrows = select_bhdb("users", array("username" => $group['username']), "");
if (empty($userrows)) {
bh_add_logvars(array("username" => $group['username'], "group" => $group['group']));
bh_add_error($bhlang['error:user_does_not_exist']);
} else {
insert_bhdb("groupusers", array("username" => $group['username'], "group" => $group['group']));
bh_add_logvars(array("username" => $group['username'], "group" => $group['group']));
bh_add_notice($bhlang['notice:user_added_to_group']);
}
} else {
bh_add_logvars(array("username" => $group['username'], "group" => $group['group']));
bh_add_error($bhlang['error:user_is_in_group']);
}
}
if ($group['action'] == "remove") {
delete_bhdb("groupusers", array("username" => $group['username'], "group" => $group['group']));
bh_add_logvars(array("username" => $group['username'], "group" => $group['group']));
bh_add_notice($bhlang['notice:user_removed_from_group']);
}
$usersbygroup = bh_usersbygroup();
$layout->content1 = $usersbygroup;
$layout->title = $bhlang['title:group_administration'];
$layout->display();
}
}
# Sets logging variables to parse lang strings.
function bh_add_logvars($vars)
{
global $bhlogvars;
if (is_array($vars)) {
if (is_array($bhlogvars)) {
$bhlogvars = array_merge($vars, $bhlogvars);
} else {
$bhlogvars = $vars;
}
}
}
# Set some on script inclusion
bh_add_logvars(array("ip" => $_SERVER['REMOTE_ADDR']));
# Will parse a string and replace #THESE# with their logvar, if found.
function bh_parse_logvars($string)
{
global $bhlogvars;
if (is_array($bhlogvars)) {
foreach ($bhlogvars as $var => $val) {
$string = str_replace("#" . strtoupper($var) . "#", $val, $string);
}
}
return $string;
}
# Displays a notice
function bh_add_notice($message)
{
global $bherrors, $bhlogvars;
# Email it ##
if (bh_filelink_get_notify($filecode) == 1) {
$username = bh_filelink_get($filecode, "username");
$userobj = new bhuser($username);
$emailobj = new bhemail($userobj->userinfo['email']);
$emailobj->subject = str_replace($replarray1, $replarray2, $bhlang['emailsubject:filemail_link_accessed']);
$emailobj->message = str_replace($replarray1, $replarray2, $bhlang['email:filemail_link_accessed']);
$emailobj->send();
}
#############
header("Content-type: " . $fileobj->mimetype());
header("Content-Disposition: attachment; filename=" . $filename);
header("Content-length: " . $fileobj->fileinfo['filesize']);
# IE SSL fix
header("Pragma: ");
header("Cache-Control: ");
$fileobj->readfile();
die;
} else {
bh_add_logvars(array("filename" => $filename, "filepath" => $filepath));
if (empty($fullname)) {
$dstr = $emailfrom;
} else {
$dstr = $fullname . " [" . $emailfrom . "]";
}
# Display a page with information
$str = "<head><title>" . $bhlang['title:file_download'] . "</title><meta http-equiv='refresh' content='5;url=" . bh_filelink_uri($filecode) . "&download=1'><style>body {font-family: sans-serif;}</style></head>\n\t<body><b>" . $bhlang['title:file_download'] . "</b><br><br><table><tr><td>" . $bhlang['label:from'] . "</td><td>" . $dstr . "</td></tr><tr><td>" . $bhlang['label:filename'] . "</td><td>" . $filename . "</td></tr><tr><td>" . $bhlang['label:filesize'] . "</td><td>" . bh_humanise_filesize($fileobj->fileinfo['filesize']) . "</td></tr><tr><td>" . $bhlang['label:md5'] . "</td><td>" . $fileobj->md5() . "</td></tr></table><br>" . $bhlang['explain:filelink_download'] . "<br><br><a href='" . bh_filelink_uri($filecode) . "&download=1'>" . bh_parse_logvars($bhlang['button:download_file']) . "</a></body></html>";
die($str);
}
?>
