} else { $page = intval($_GET['page']); } $start = $page * 10 - 10; if ($count < $start + 10) { $end = $count; } else { $end = $start + 10; } for ($i = $start; $i < $end; $i++) { $sizefiles = explode("|", $sizelist); $selectfile = explode("|", $savelist); $path = $selectfile[$i]; $fname = ereg_replace(".*[\\/]", "", $path); $zdir = ereg_replace("[\\/]?[^\\/]*\$", "", $path); $tfl = strtolower(functions::format($fname)); $df = array("asp", "aspx", "shtml", "htd", "php", "php3", "php4", "php5", "phtml", "htt", "cfm", "tpl", "dtd", "hta", "pl", "js", "jsp"); if (in_array($tfl, $df)) { echo "{$zdir}/{$fname}"; } else { echo $zdir . '/<a href="' . $_SERVER['PHP_SELF'] . '?act=arc&file=' . $file . '&f=' . $i . '&start=' . $start . '">' . $fname . '</a>'; } if ($sizefiles[$i] != "0") { $sizekb = round($sizefiles[$i] / 1024, 2); echo " ({$sizekb} кб)"; } echo '<br/>'; } if ($count > 10) { echo "<hr/>"; $ba = ceil($count / 10);
$adrfile = mysql_fetch_array($file1); if ($file1 == 0 || !is_file("{$adrfile['adres']}/{$adrfile['name']}")) { echo functions::display_error($lng_dl['file_select_error'], '<a href="index.php">' . $lng['back'] . '</a>'); require_once '../incfiles/end.php'; exit; } if (isset($_POST['submit'])) { $scrname = $_FILES['screens']['name']; $scrsize = $_FILES['screens']['size']; $scsize = GetImageSize($_FILES['screens']['tmp_name']); $scwidth = $scsize[0]; $scheight = $scsize[1]; $ffot = strtolower($scrname); $dopras = array("gif", "jpg", "png"); if ($scrname != "") { $formfot = functions::format($ffot); if (!in_array($formfot, $dopras)) { echo $lng_dl['screenshot_upload_error'] . '<br/><a href="index.php?act=screen&file=' . $file . '">' . $lng['repeat'] . '</a><br/>'; require_once '../incfiles/end.php'; exit; } if ($scwidth > 320 || $scheight > 320) { echo $lng_dl['screenshot_size_error'] . '<br/><a href="index.php?act=screen&file=' . $file . '">' . $lng['repeat'] . '</a><br/>'; require_once '../incfiles/end.php'; exit; } if (preg_match("/[^\\da-z_\\-.]+/", $scrname)) { echo $lng_dl['screenshot_name_error'] . "<br/><a href='?act=screen&file=" . $file . "'>" . $lng['repeat'] . "</a><br/>"; require_once '../incfiles/end.php'; exit; }
*/ defined('_IN_JOHNCMS') or die('Error: restricted access'); require_once "../incfiles/head.php"; echo '<div class="phdr">' . $lng['new_files'] . '</div>'; $req = mysql_query("SELECT COUNT(*) FROM `download` WHERE `time` > '" . (time() - 259200) . "' AND `type` = 'file'"); $total = mysql_result($req, 0); if ($total > 0) { //////////////////////////////////////////////////////////// // Выводим список новых файлов // //////////////////////////////////////////////////////////// $req = mysql_query("SELECT * FROM `download` WHERE `time` > '" . (time() - 259200) . "' AND `type` = 'file' ORDER BY `time` DESC LIMIT {$start},{$kmess}"); while ($newf = mysql_fetch_array($req)) { echo $i % 2 ? '<div class="list2">' : '<div class="list1">'; $fsz = filesize("{$newf['adres']}/{$newf['name']}"); $fsz = round($fsz / 1024, 2); $ft = functions::format("{$newf['adres']}/{$newf['name']}"); switch ($ft) { case "mp3": $imt = "mp3.png"; break; case "zip": $imt = "rar.png"; break; case "jar": $imt = "jar.png"; break; case "gif": $imt = "gif.png"; break; case "jpg": $imt = "jpg.png";
$req_u = mysql_query("SELECT `id`, `name`, `sex`, `rights`, `lastdate`, `status`, `datereg`, `ip`, `browser` FROM `users` WHERE `id` = '" . $res['user_id'] . "'"); $res_u = mysql_fetch_assoc($req_u); echo $i % 2 ? '<div class="list2">' : '<div class="list1">'; // Выводим текст поста $text = mb_substr($res['text'], 0, 500); $text = functions::checkout($text, 1, 0); $text = preg_replace('#\\[c\\](.*?)\\[/c\\]#si', '', $text); $page = ceil(mysql_result(mysql_query("SELECT COUNT(*) FROM `forum` WHERE `refid` = '" . $res['topic'] . "' AND `id` " . ($set_forum['upfp'] ? ">=" : "<=") . " '" . $res['post'] . "'"), 0) / $kmess); $text = '<b><a href="index.php?id=' . $res['topic'] . '&page=' . $page . '">' . $res['topicname'] . '</a></b><br />' . $text; if (mb_strlen($res['text']) > 500) { $text .= '<br /><a href="index.php?act=post&id=' . $res['post'] . '">' . $lng_forum['read_all'] . ' >></a>'; } // Формируем ссылку на файл $fls = @filesize('../files/forum/attach/' . $res['filename']); $fls = round($fls / 1024, 0); $att_ext = strtolower(functions::format('./files/forum/attach/' . $res['filename'])); $pic_ext = array('gif', 'jpg', 'jpeg', 'png'); if (in_array($att_ext, $pic_ext)) { // Если картинка, то выводим предпросмотр $file = '<div><a href="index.php?act=file&id=' . $res['id'] . '">'; $file .= '<img src="thumbinal.php?file=' . urlencode($res['filename']) . '" alt="' . $lng_forum['click_to_view'] . '" /></a></div>'; } else { // Если обычный файл, выводим значок и ссылку $file = ($res['del'] ? '<img src="../images/del.png" width="16" height="16" />' : '') . '<img src="../images/system/' . $res['filetype'] . '.png" width="16" height="16" /> '; } $file .= '<a href="index.php?act=file&id=' . $res['id'] . '">' . htmlspecialchars($res['filename']) . '</a><br />'; $file .= '<small><span class="gray">' . $lng_forum['size'] . ': ' . $fls . ' kb.<br />' . $lng_forum['downloaded'] . ': ' . $res['dlcount'] . ' ' . $lng_forum['time'] . '</span></small>'; $arg = array('iphide' => 1, 'sub' => $file, 'body' => $text); echo functions::display_user($res_u, $arg); echo '</div>'; }
<input type="text" name="page" size="2"/><input type="submit" value="Go!"/></form></div>'; } break; case 'upload': $c = '../images/smileys/user/' . $do . '/'; if (!is_dir($c)) { echo functions::display_error($lng['error_wrong_data']); echo '<p><a href="index.php">' . $lng['admin_panel'] . '</a></p>'; require_once '../incfiles/end.php'; exit; } $name_cat = $lng_smileys[$do] ? $lng_smileys[$do] : $do; echo '<div class="mainblok"><div class="phdr"><a href="?act=smileys&do=' . $do . '&mod=show_cat"><b>' . htmlspecialchars($name_cat) . '</b></a> | Upload</div>'; if (isset($_POST['submit'])) { $format = functions::format($_FILES['smiley']['name']); $_FILES['smiley']['name'] = str_replace('.' . $format, '', strtolower($_FILES['smiley']['name'])); $name = $_POST['name'] ? $_POST['name'] : $_FILES['smiley']['name']; $name = functions::rus_lat($name); $name = preg_replace('/[^_a-z0-9]/i', '', $name); $glob = glob('../images/smileys/user/*/*.{gif,jpg,png}', GLOB_BRACE); foreach ($glob as $val) { $val = explode('/', $val); $val = array_pop($val); $val = str_replace('.' . $format, '', $val); if ($val == $name) { $i = 1; } } if ($i) { $error[] = 'Smile with the same name already exists.';
$quality = 100; $x_ratio = $razm / $width; $y_ratio = $razm / $height; if ($width <= $razm && $height <= $razm) { $tn_width = $width; $tn_height = $height; } else { if ($x_ratio * $height < $razm) { $tn_height = ceil($x_ratio * $height); $tn_width = $razm; } else { $tn_width = ceil($y_ratio * $width); $tn_height = $razm; } } $format = functions::format($infile); switch ($format) { case "gif": $im = ImageCreateFromGIF($infile); break; case "jpg": $im = ImageCreateFromJPEG($infile); break; case "jpeg": $im = ImageCreateFromJPEG($infile); break; case "png": $im = ImageCreateFromPNG($infile); break; } $im1 = imagecreatetruecolor($tn_width, $tn_height);
echo "ERROR<br/><a href='index.php'>Back</a><br/>"; require_once '../incfiles/end.php'; exit; } $rz = mysql_query("select * from `gallery` where type='rz' and id='" . $ms['refid'] . "';"); $rz1 = mysql_fetch_array($rz); if (!empty($_SESSION['uid']) && $rz1['user'] == 1 && $ms['text'] == $login || $rights >= 6) { $text = functions::check($_POST['text']); $dopras = array("gif", "jpg", "png"); $tff = implode(" ,", $dopras); $ftsz = $set['flsz'] / 5; $fname = $_FILES['fail']['name']; $fsize = $_FILES['fail']['size']; if ($fname != "") { $ffail = strtolower($fname); $formfail = functions::format($ffail); if (preg_match("/php/i", $ffail) or preg_match("/.pl/i", $fname) or $fname == ".htaccess") { echo "Trying to send a file type of prohibited.<br/><a href='index.php?act=upl&id=" . $id . "'>" . $lng['repeat'] . "</a><br/>"; require_once '../incfiles/end.php'; exit; } if ($fsize >= 1024 * $ftsz) { echo "Weight file exceeds {$ftsz} kB<br/><a href='index.php?act=upl&id=" . $id . "'>" . $lng['repeat'] . "</a><br/>"; require_once '../incfiles/end.php'; exit; } if (!in_array($formfail, $dopras)) { echo "Allowed only the following file types: {$tff} !.<br/><a href='index.php?act=upl&id=" . $id . "'>" . $lng['repeat'] . "</a><br/>"; require_once '../incfiles/end.php'; exit; }
defined('_IN_JOHNCMS') or die('Error: restricted access'); if (empty($_GET['n'])) { require '../incfiles/head.php'; echo functions::display_error($lng['error_wrong_data']); require '../incfiles/end.php'; exit; } $n = trim($_GET['n']); $o = opendir("../files/forum/topics"); while ($f = readdir($o)) { if ($f != "." && $f != ".." && $f != "index.php" && $f != ".htaccess") { $ff = functions::format($f); $f1 = str_replace(".{$ff}", "", $f); $a[] = $f; $b[] = $f1; } } $tt = count($a); if (!in_array($n, $b)) { require_once '../incfiles/head.php'; echo functions::display_error($lng['error_wrong_data']); require_once '../incfiles/end.php'; exit; } for ($i = 0; $i < $tt; $i++) { $tf = functions::format($a[$i]); $tf1 = str_replace(".{$tf}", "", $a[$i]); if ($n == $tf1) { header("Location: ../files/forum/topics/{$n}.{$tf}"); } }
// Считаем новые файлы в подкаталогах $req = mysql_query("SELECT COUNT(*) FROM `download` WHERE `type` = 'file' AND `adres` LIKE '" . ($zap2['adres'] . '/' . $zap2['name']) . "%' AND `time` > '" . (time() - 259200) . "'"); $g1 = mysql_result($req, 0); echo "({$g}"; if ($g1 != 0) { echo "/+{$g1})</div>"; } else { echo ")</div>"; } } //////////////////////////////////////////////////////////// // Выводим cписок файлов // //////////////////////////////////////////////////////////// if ($totalfile > 0 && $zap2['type'] == 'file') { echo '<div class="list2">'; $ft = functions::format($zap2['name']); switch ($ft) { case "mp3": $imt = "mp3.png"; break; case "zip": $imt = "rar.png"; break; case "jar": $imt = "jar.png"; break; case "gif": $imt = "gif.png"; break; case "jpg": $imt = "jpg.png";
$ms = mysql_fetch_array($typ); if ($id != 0 && $ms['type'] != "cat") { echo ""; require_once '../incfiles/end.php'; exit; } if ($ms['ip'] == 0) { if (isset($_POST['submit'])) { if (empty($_POST['name'])) { echo functions::display_error($lng['error_empty_title'], '<a href="index.php?act=load&id=' . $id . '">' . $lng['repeat'] . '</a>'); require_once '../incfiles/end.php'; exit; } $name = mb_substr($_POST['name'], 0, 50); $fname = $_FILES['fail']['name']; $ftip = functions::format($fname); $ftip = strtolower($ftip); if ($fname != "") { if (eregi("[^a-z0-9.()+_-]", $fname)) { echo "Invalid file name<br /><a href='index.php?act=load&id=" . $id . "'>" . $lng['repeat'] . "</a><br/>"; require_once '../incfiles/end.php'; exit; } if (preg_match("/.php/i", $fname) or preg_match("/.pl/i", $fname) or $fname == ".htaccess") { echo "Invalid file format<br/><a href='index.php?act=load&id=" . $id . "'>" . $lng['repeat'] . "</a><br/>"; require_once '../incfiles/end.php'; exit; } if ($ftip != "txt") { echo "This is not a text file<br/><a href='index.php?act=load&id=" . $id . "'>" . $lng['repeat'] . "</a><br/>"; require_once '../incfiles/end.php';
require_once "../incfiles/head.php"; if ($rights == 4 || $rights >= 6) { if (empty($_GET['cat'])) { $loaddir = $loadroot; } else { $cat = intval($_GET['cat']); provcat($cat); $cat1 = mysql_query("select * from `download` where type = 'cat' and id = '" . $cat . "';"); $adrdir = mysql_fetch_array($cat1); $loaddir = "{$adrdir['adres']}/{$adrdir['name']}"; } if (isset($_POST['submit'])) { $url = trim($_POST['url']); $opis = functions::check($_POST['opis']); $newn = functions::check($_POST['newn']); $tipf = functions::format($url); if (eregi("[^a-z0-9.()+_-]", $newn)) { echo "В новом названии файла <b>{$newn}</b> присутствуют недопустимые символы<br/>Разрешены только латинские символы, цифры и некоторые знаки ( .()+_- )<br /><a href='?act=import&cat=" . $cat . "'>Повторить</a><br/>"; require_once '../incfiles/end.php'; exit; } $import = "{$loaddir}/{$newn}.{$tipf}"; $files = file("{$import}"); if (!$files) { if (copy($url, $import)) { $ch = "{$newn}.{$tipf}"; echo "Файл успешно загружен<br/>"; mysql_query("insert into `download` values(0,'{$cat}','" . mysql_real_escape_string($loaddir) . "','" . time() . "','" . mysql_real_escape_string($ch) . "','file','','','','" . $opis . "','');"); } else { echo "Загрузка файла не удалась!<br/>"; }