# All fine, continue $badcharacters = array("'", '"', "\\"); $newfilepath = bh_fpclean($infolder . "/" . str_replace($badcharacters, "", $fileinfo['name'])); $tmppath = $fileinfo['tempname']; bh_move_uploaded_file($tmppath, $newfilepath); # Make it add info into the db. $newfileobj = new bhfile($newfilepath); unset($newfileobj); bh_log(str_replace("#FILE#", $fileinfo['name'], $bhlang['notice:file_#FILE#_upload_success']), "BH_NOTICE"); bh_log(str_replace("#USER#", $bhsession['username'], str_replace("#FILE#", $newfilepath, $bhlang['log:#USER#_uploaded_#FILE#'])), "BH_FILE_UPLOAD"); } } else { # Error??? $newfilepath = bh_fpclean($infolder . "/" . $fileinfo['name']); bh_add_logvars(array("file" => $fileinfo['name'], "user" => $bhsession['username'], "username" => $bhsession['username'])); bh_add_error($bhlang['notice:file_#FILE#_upload_failure']); bh_add_log($bhlang['log:#USER#_failed_upload_#FILE#'], "BH_FILE_UPLOAD"); } } } # Show directory where they went $_GET['filepath'] = $infolder; require "modules/viewdir.inc.php"; } else { # Sorry, no access. bh_log($bhlang['error:no_write_permission'], "BH_ACCESS_DENIED"); require "modules/error.inc.php"; } } else { $layoutobj = new bhlayout("uploadform"); # Send the file listing to the layout, along with directory name
#author Andrew Godwin #description Lets you edit a user. #iscore 1 $editusername = $_GET['username']; if (!empty($_POST['user'])) { $user = $_POST['user']; # Update details $userobj = new bhuser($editusername); $userobj->userinfo['fullname'] = $user['fullname']; $userobj->userinfo['email'] = $user['email']; $userobj->saveuserinfo(); if ($user['quota'] == "0" || trim($user['quota']) == "") { $quota = ""; } else { if (!is_numeric($user['quota']) || $user['quota'] < 0) { bh_add_error($bhlang['error:quota_not_a_number']); require "error.inc.php"; return; } else { $quota = round($user['quota'] * 1024 * 1024); } } # Update type & disabled update_bhdb("users", array("type" => $user['type'], "disabled" => $user['disabled'], "quota" => $quota), array("username" => $editusername)); # If new password, update it if (!empty($user['pass1'])) { if ($user['pass1'] == $user['pass2']) { update_bhdb("users", array("password" => md5($user['pass1'])), array("username" => $editusername)); bh_log($bhlang['notice:user_updated'], "BH_NOTICE"); require "modules/users.inc.php"; } else {
} if (empty($_GET['group'])) { $_GET['group'] = array(); } $group = array_merge($_POST['group'], $_GET['group']); if ($group['action'] == "add") { $grouprows = select_bhdb("groupusers", array("username" => $group['username'], "group" => $group['group']), ""); if (empty($grouprows)) { $userrows = select_bhdb("users", array("username" => $group['username']), ""); if (empty($userrows)) { bh_add_logvars(array("username" => $group['username'], "group" => $group['group'])); bh_add_error($bhlang['error:user_does_not_exist']); } else { insert_bhdb("groupusers", array("username" => $group['username'], "group" => $group['group'])); bh_add_logvars(array("username" => $group['username'], "group" => $group['group'])); bh_add_notice($bhlang['notice:user_added_to_group']); } } else { bh_add_logvars(array("username" => $group['username'], "group" => $group['group'])); bh_add_error($bhlang['error:user_is_in_group']); } } if ($group['action'] == "remove") { delete_bhdb("groupusers", array("username" => $group['username'], "group" => $group['group'])); bh_add_logvars(array("username" => $group['username'], "group" => $group['group'])); bh_add_notice($bhlang['notice:user_removed_from_group']); } $usersbygroup = bh_usersbygroup(); $layout->content1 = $usersbygroup; $layout->title = $bhlang['title:group_administration']; $layout->display();
#description Plaintext editor for files #iscore 1 # Test for include status if (IN_BH != 1) { header("Location: ../index.php"); die; } $filepath = bh_fpclean($_GET['filepath']); $filename = bh_get_filename($filepath); if (bh_file_exists($filepath) == true) { if ($_POST['iscontent']) { $fileobj = new bhfile($filepath); $sizediff = strlen($_POST['file_content']) - $fileobj->fileinfo['filesize']; if ($bhcurrent['userobj']->spaceremaining() < $sizediff) { bh_add_logvars(array("quota" => $bhcurrent['userobj']->quota)); bh_add_error($bhlang['error:quota_exceeded']); require "modules/error.inc.php"; } else { $fileobj->filecontents = $_POST['file_content']; $fileobj->savefile(); bh_log($bhlang['notice:file_saved'], "BH_NOTICE"); bh_log(str_replace("#FILE#", $filepath, str_replace("#USER#", $bhsession['username'], $bhlang['log:#USER#_modified_#FILE#'])), "BH_FILE_MODIFIED"); require "modules/viewfile.inc.php"; } } else { $fileobj = new bhfile($filepath); $fileobj->loadfile(); $layoutobj = new bhlayout("editform"); $layoutobj->content1 = $fileobj->filecontents; $layoutobj->filepath = $filepath; $layoutobj->subtitle1 = str_replace("#FILE#", $filename, $bhlang['title:editing_#FILE#']);
{ global $bhconfig; $str = ""; foreach ($types as $name => $type) { $str .= $name . "@@@" . $type . ";;;"; } $str = substr($str, 0, -3); bh_changeconfig("types", $str); } if ($type['action'] == "add") { if (empty($type['name']) || empty($type['size'])) { bh_add_error($bhlang['error:missed_something']); require "error.inc.php"; return; } $types[$type['name']] = 1024 * 1024 * $type['size']; savetypes($types); bh_log($bhlang['notice:type_updated'], "BH_NOTICE"); } if ($type['action'] == "remove") { if (empty($type['name'])) { bh_add_error($bhlang['error:missed_something']); require "error.inc.php"; return; } unset($types[$type['name']]); savetypes($types); } $layout->content1 = $types; $layout->title = $bhlang['title:types_administration']; $layout->display();