bh_log("Fatal error in upload notification system", "BH_ERROR"); } } elseif (count($fupload) > 0) { # Notify the popup to close $uploadrows = select_bhdb("uploads", array("sessionid" => session_id()), 1); if (empty($uploadrows)) { insert_bhdb("uploads", array("sessionid" => session_id(), "status" => "finished")); } else { update_bhdb("uploads", array("status" => "finished"), array("sessionid" => session_id())); } # Calculate used bandwidth foreach ($fupload as $fileinfo) { bh_bandwidth($bhsession['username'], "up", $fileinfo['size']); } # Check they can write to the destination directory if (bh_checkrights($infolder, $bhsession['username']) >= 2) { foreach ($fupload as $fileinfo) { # If it's a valid upload... if (empty($fileinfo['name']) !== TRUE) { # Check the file actually exists. if (file_exists($fileinfo['tempname'])) { # Create thing of banned exts $bannedexts = array("exexexexex" => 1); $invalid = False; foreach ($bannedexts as $ext => $one) { if (substr($fileinfo['name'], 0 - strlen($ext)) == $ext) { $invalid = True; } } # Check the file would not exceed the quota if ($bhcurrent['userobj']->spaceremaining() < $fileinfo['size']) {
function bh_checkmodulefilepath($module, $filepath, $username) { $accesslevel = bh_checkrights($filepath, $username); if ($accesslevel == 0) { return 0; } $modulepermrows = select_bhdb("modulesaccesslevel", array("module" => $module, "accesslevel" => $accesslevel), ""); $status = $modulepermrows[0]['status']; switch ($status) { case "y": case "1": case "ok": case "TRUE": case "true": return 1; break; default: return 0; } }
function loadfile() { global $bhconfig, $bhsession; # Check if it's a directory. # For directories, loadfile still returns the contents of the filepath - the directory listing. Everything is a file. if ($this->is_dir()) { $files = array(); $handle = opendir($this->absfilepath); while (false !== ($file = readdir($handle))) { # Open and close the file, to assign permissions to new files. $tempfileobj = new bhfile($this->filepath . "/" . $file); unset($tempfileobj); if (bh_checkrights($this->filepath . "/" . $file, $bhsession['username']) > 0) { if ($bhconfig['hidedotfiles'] == 1) { if (!preg_match("/^\\.{1,2}/", $file)) { $files[] = array("filename" => $file, "filepath" => $this->filepath . "/" . $file, "filesize" => filesize($this->absfilepath . "/" . $file), "filedate" => filemtime($this->absfilepath . "/" . $file), "absfilepath" => $this->absfilepath . "/" . $file); } } else { if (!preg_match("/^\\.{1,2}\$/", $file)) { $files[] = array("filename" => $file, "filepath" => $this->filepath . "/" . $file, "filesize" => filesize($this->absfilepath . "/" . $file), "filedate" => filemtime($this->absfilepath . "/" . $file), "absfilepath" => $this->absfilepath . "/" . $file); } } } } closedir($handle); $this->filecontents = $files; return $files; } else { # Check to use file_get_contents (apparentely faster) or fread (compatable) if (function_exists("file_get_contents")) { $this->filecontents = file_get_contents($this->absfilepath); } else { $filepointer0 = fopen($this->absfilepath, "rb"); $this->filecontents = fread($filepointer0, filesize($this->filecontents)); fclose($filepointer0); } } }
function COPY(&$options) { global $bhsession; $destfilepath = bh_fpclean($options['dest']); $filepath = bh_fpclean($options['path']); $infolder = bh_get_parent($destfilepath); $fileexist = bh_user_file_exists($filepath); if (!$fileexist) { return "404 Not Found"; } if (bh_checkrights(bh_fpclean($infolder), $bhsession['username']) <= 1) { return "403 Forbidden"; } $fileobj = new bhfile($filepath); $fileobj->copyto($destfilepath); return "204 No Content"; }
} if (empty($infolder)) { $infolder = $_GET['infolder']; } if (empty($infolder)) { $infolder = $_POST['infolder']; } if (empty($infolder)) { $infolder = $_SESSION['lastdir']; } if (empty($infolder)) { $infolder = $bhcurrent['userobj']->homedir; } if (!empty($_POST['foldername'])) { # Check they have permission to write in the folder if (bh_checkrights(bh_fpclean($infolder), $bhsession['username']) >= 2) { bh_mkdir(bh_fpclean($infolder . "/" . $_POST['foldername'])); $fileobj = new bhfile(bh_fpclean($infolder . "/" . $_POST['foldername'])); unset($fileobj); bh_log($bhlang['notice:folder_created'], "BH_NOTICE"); bh_log(str_replace("#USER#", $bhsession['username'], str_replace("#FOLDER#", bh_fpclean($infolder . "/" . $_POST['foldername']), $bhlang['log:#USER#_created_#FOLDER#'])), "BH_FOLDER_CREATED"); $_GET['filepath'] = bh_fpclean($infolder . "/" . $_POST['foldername']); require "modules/viewdir.inc.php"; } else { bh_log($bhlang['error:access_denied'], "BH_ERROR"); bh_log(str_replace("#USER#", $bhsession['username'], str_replace("#PAGE#", $_SERVER['REQUEST_URI'], $bhlang['log:#USER#_denied_#PAGE#'])), "BH_ACCESS_DENIED"); require "modules/error.inc.php"; } } else { # Open layout object $layoutobj = new bhlayout("addfolderform");