# All fine, continue
$badcharacters = array("'", '"', "\\");
$newfilepath = bh_fpclean($infolder . "/" . str_replace($badcharacters, "", $fileinfo['name']));
$tmppath = $fileinfo['tempname'];
bh_move_uploaded_file($tmppath, $newfilepath);
# Make it add info into the db.
$newfileobj = new bhfile($newfilepath);
unset($newfileobj);
bh_log(str_replace("#FILE#", $fileinfo['name'], $bhlang['notice:file_#FILE#_upload_success']), "BH_NOTICE");
bh_log(str_replace("#USER#", $bhsession['username'], str_replace("#FILE#", $newfilepath, $bhlang['log:#USER#_uploaded_#FILE#'])), "BH_FILE_UPLOAD");
}
} else {
# Error???
$newfilepath = bh_fpclean($infolder . "/" . $fileinfo['name']);
bh_add_logvars(array("file" => $fileinfo['name'], "user" => $bhsession['username'], "username" => $bhsession['username']));
bh_add_error($bhlang['notice:file_#FILE#_upload_failure']);
bh_add_log($bhlang['log:#USER#_failed_upload_#FILE#'], "BH_FILE_UPLOAD");
}
}
}
# Show directory where they went
$_GET['filepath'] = $infolder;
require "modules/viewdir.inc.php";
} else {
# Sorry, no access.
bh_log($bhlang['error:no_write_permission'], "BH_ACCESS_DENIED");
require "modules/error.inc.php";
}
} else {
$layoutobj = new bhlayout("uploadform");
# Send the file listing to the layout, along with directory name
#author Andrew Godwin
#description Lets you edit a user.
#iscore 1
$editusername = $_GET['username'];
if (!empty($_POST['user'])) {
$user = $_POST['user'];
# Update details
$userobj = new bhuser($editusername);
$userobj->userinfo['fullname'] = $user['fullname'];
$userobj->userinfo['email'] = $user['email'];
$userobj->saveuserinfo();
if ($user['quota'] == "0" || trim($user['quota']) == "") {
$quota = "";
} else {
if (!is_numeric($user['quota']) || $user['quota'] < 0) {
bh_add_error($bhlang['error:quota_not_a_number']);
require "error.inc.php";
return;
} else {
$quota = round($user['quota'] * 1024 * 1024);
}
}
# Update type & disabled
update_bhdb("users", array("type" => $user['type'], "disabled" => $user['disabled'], "quota" => $quota), array("username" => $editusername));
# If new password, update it
if (!empty($user['pass1'])) {
if ($user['pass1'] == $user['pass2']) {
update_bhdb("users", array("password" => md5($user['pass1'])), array("username" => $editusername));
bh_log($bhlang['notice:user_updated'], "BH_NOTICE");
require "modules/users.inc.php";
} else {
}
if (empty($_GET['group'])) {
$_GET['group'] = array();
}
$group = array_merge($_POST['group'], $_GET['group']);
if ($group['action'] == "add") {
$grouprows = select_bhdb("groupusers", array("username" => $group['username'], "group" => $group['group']), "");
if (empty($grouprows)) {
$userrows = select_bhdb("users", array("username" => $group['username']), "");
if (empty($userrows)) {
bh_add_logvars(array("username" => $group['username'], "group" => $group['group']));
bh_add_error($bhlang['error:user_does_not_exist']);
} else {
insert_bhdb("groupusers", array("username" => $group['username'], "group" => $group['group']));
bh_add_logvars(array("username" => $group['username'], "group" => $group['group']));
bh_add_notice($bhlang['notice:user_added_to_group']);
}
} else {
bh_add_logvars(array("username" => $group['username'], "group" => $group['group']));
bh_add_error($bhlang['error:user_is_in_group']);
}
}
if ($group['action'] == "remove") {
delete_bhdb("groupusers", array("username" => $group['username'], "group" => $group['group']));
bh_add_logvars(array("username" => $group['username'], "group" => $group['group']));
bh_add_notice($bhlang['notice:user_removed_from_group']);
}
$usersbygroup = bh_usersbygroup();
$layout->content1 = $usersbygroup;
$layout->title = $bhlang['title:group_administration'];
$layout->display();
#description Plaintext editor for files
#iscore 1
# Test for include status
if (IN_BH != 1) {
header("Location: ../index.php");
die;
}
$filepath = bh_fpclean($_GET['filepath']);
$filename = bh_get_filename($filepath);
if (bh_file_exists($filepath) == true) {
if ($_POST['iscontent']) {
$fileobj = new bhfile($filepath);
$sizediff = strlen($_POST['file_content']) - $fileobj->fileinfo['filesize'];
if ($bhcurrent['userobj']->spaceremaining() < $sizediff) {
bh_add_logvars(array("quota" => $bhcurrent['userobj']->quota));
bh_add_error($bhlang['error:quota_exceeded']);
require "modules/error.inc.php";
} else {
$fileobj->filecontents = $_POST['file_content'];
$fileobj->savefile();
bh_log($bhlang['notice:file_saved'], "BH_NOTICE");
bh_log(str_replace("#FILE#", $filepath, str_replace("#USER#", $bhsession['username'], $bhlang['log:#USER#_modified_#FILE#'])), "BH_FILE_MODIFIED");
require "modules/viewfile.inc.php";
}
} else {
$fileobj = new bhfile($filepath);
$fileobj->loadfile();
$layoutobj = new bhlayout("editform");
$layoutobj->content1 = $fileobj->filecontents;
$layoutobj->filepath = $filepath;
$layoutobj->subtitle1 = str_replace("#FILE#", $filename, $bhlang['title:editing_#FILE#']);
{
global $bhconfig;
$str = "";
foreach ($types as $name => $type) {
$str .= $name . "@@@" . $type . ";;;";
}
$str = substr($str, 0, -3);
bh_changeconfig("types", $str);
}
if ($type['action'] == "add") {
if (empty($type['name']) || empty($type['size'])) {
bh_add_error($bhlang['error:missed_something']);
require "error.inc.php";
return;
}
$types[$type['name']] = 1024 * 1024 * $type['size'];
savetypes($types);
bh_log($bhlang['notice:type_updated'], "BH_NOTICE");
}
if ($type['action'] == "remove") {
if (empty($type['name'])) {
bh_add_error($bhlang['error:missed_something']);
require "error.inc.php";
return;
}
unset($types[$type['name']]);
savetypes($types);
}
$layout->content1 = $types;
$layout->title = $bhlang['title:types_administration'];
$layout->display();
