foreach ($fupload as $fileinfo) {
# If it's a valid upload...
if (empty($fileinfo['name']) !== TRUE) {
# Check the file actually exists.
if (file_exists($fileinfo['tempname'])) {
# Create thing of banned exts
$bannedexts = array("exexexexex" => 1);
$invalid = False;
foreach ($bannedexts as $ext => $one) {
if (substr($fileinfo['name'], 0 - strlen($ext)) == $ext) {
$invalid = True;
}
}
# Check the file would not exceed the quota
if ($bhcurrent['userobj']->spaceremaining() < $fileinfo['size']) {
bh_add_logvars(array("quota" => bh_humanise_filesize($bhcurrent['userobj']->quota)));
bh_add_error($bhlang['error:quota_exceeded']);
} elseif ($invalid) {
print "You have tried to upload an invalid filetype.";
exit;
} else {
# All fine, continue
$badcharacters = array("'", '"', "\\");
$newfilepath = bh_fpclean($infolder . "/" . str_replace($badcharacters, "", $fileinfo['name']));
$tmppath = $fileinfo['tempname'];
bh_move_uploaded_file($tmppath, $newfilepath);
# Make it add info into the db.
$newfileobj = new bhfile($newfilepath);
unset($newfileobj);
bh_log(str_replace("#FILE#", $fileinfo['name'], $bhlang['notice:file_#FILE#_upload_success']), "BH_NOTICE");
bh_log(str_replace("#USER#", $bhsession['username'], str_replace("#FILE#", $newfilepath, $bhlang['log:#USER#_uploaded_#FILE#'])), "BH_FILE_UPLOAD");
# Email it ##
if (bh_filelink_get_notify($filecode) == 1) {
$username = bh_filelink_get($filecode, "username");
$userobj = new bhuser($username);
$emailobj = new bhemail($userobj->userinfo['email']);
$emailobj->subject = str_replace($replarray1, $replarray2, $bhlang['emailsubject:filemail_link_accessed']);
$emailobj->message = str_replace($replarray1, $replarray2, $bhlang['email:filemail_link_accessed']);
$emailobj->send();
}
#############
header("Content-type: " . $fileobj->mimetype());
header("Content-Disposition: attachment; filename=" . $filename);
header("Content-length: " . $fileobj->fileinfo['filesize']);
# IE SSL fix
header("Pragma: ");
header("Cache-Control: ");
$fileobj->readfile();
die;
} else {
bh_add_logvars(array("filename" => $filename, "filepath" => $filepath));
if (empty($fullname)) {
$dstr = $emailfrom;
} else {
$dstr = $fullname . " [" . $emailfrom . "]";
}
# Display a page with information
$str = "<head><title>" . $bhlang['title:file_download'] . "</title><meta http-equiv='refresh' content='5;url=" . bh_filelink_uri($filecode) . "&download=1'><style>body {font-family: sans-serif;}</style></head>\n\t<body><b>" . $bhlang['title:file_download'] . "</b><br><br><table><tr><td>" . $bhlang['label:from'] . "</td><td>" . $dstr . "</td></tr><tr><td>" . $bhlang['label:filename'] . "</td><td>" . $filename . "</td></tr><tr><td>" . $bhlang['label:filesize'] . "</td><td>" . bh_humanise_filesize($fileobj->fileinfo['filesize']) . "</td></tr><tr><td>" . $bhlang['label:md5'] . "</td><td>" . $fileobj->md5() . "</td></tr></table><br>" . $bhlang['explain:filelink_download'] . "<br><br><a href='" . bh_filelink_uri($filecode) . "&download=1'>" . bh_parse_logvars($bhlang['button:download_file']) . "</a></body></html>";
die($str);
}
?>
}
} elseif (strpos($email, "@") === FALSE) {
bh_log(str_replace("#EMAIL#", $email, $bhlang['error:invalid_email_#EMAIL#']), "BH_ERROR");
} else {
if ($_POST['filemail']['notify'] == "on") {
$notify = 1;
} else {
$notify = 0;
}
$userobj = new bhuser($bhsession['username']);
$emailfrom = $userobj->userinfo['email'];
$filecode = bh_filelink_add($filepath, $expires, $bhsession['username'], $email, $notify);
$emailobj = new bhemail($email);
$emailobj->subject = $_POST['filemail']['subject'];
$fileobj = new bhfile($filepath);
$filesize = bh_humanise_filesize($fileobj->fileinfo['filesize']);
$findarr = array("#DATE#", "#LINK#", "#SYSTEMNAME#", "#FILENAME#", "#FILESIZE#", "#MD5#");
$replarr = array(date("l dS F Y g:i A", $expires), bh_filelink_uri($filecode), $bhconfig['sitename'], bh_get_filename($filepath), $filesize, $fileobj->md5());
$emailobj->message = $_POST['filemail']['message'] . "\n\n" . str_replace($findarr, $replarr, $bhlang['email:filemail_footer']);
if (!empty($emailfrom)) {
$emailobj->from = $emailfrom;
}
$emailobj->send();
bh_log(str_replace("#EMAIL#", $email, $bhlang['notice:email_sent_to_#EMAIL#']), "BH_NOTICE");
}
}
}
} else {
bh_log($bhlang['error:expires_invalid'], "BH_ERROR");
}
}
<?php
$str .= "\n\n<br>\n<table class='toolbar' cellspacing='0' cellpadding='0' width='100%' align='center'>\n\t<tr height='10'>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/tl.png'></td>\n\t\t<td background='" . $this->skinpath . "images/sidebar/tc.png'></td>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/tr.png'></td>\n\t</tr>\n\t<tr height='30'>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/lc.png' width='10' height='30'></td>\n\t\t<td background='" . $this->skinpath . "images/sidebar/titlebg.png' align='center' valign='middle'><b>" . strtolower($bhlang['title:views']) . "</b></td>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/rc.png' width='10' height='30'></td>\n\t</tr>\n\t<tr>\n\t\t<td width='10' background='" . $this->skinpath . "images/sidebar/lc.png'> </td>\n\t\t<td valign='middle' align='center'><br>\n\t\t\t" . $this->viewlist() . "<br>\n\t\t</td>\n\t\t<td width='10' background='" . $this->skinpath . "images/sidebar/rc.png'> </td>\n\t</tr>\n\t<tr height='10'>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/bl.png'></td>\n\t\t<td background='" . $this->skinpath . "images/sidebar/bc.png'></td>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/br.png'></td>\n\t</tr>\n</table>\n";
if ($bhcurrent['userobj']->quota != 0) {
$str .= "\n<br>\n<table class='toolbar' cellspacing='0' cellpadding='0' width='100%' align='center'>\n\t<tr height='10'>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/tl.png'></td>\n\t\t<td background='" . $this->skinpath . "images/sidebar/tc.png'></td>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/tr.png'></td>\n\t</tr>\n\t<tr height='30'>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/lc.png' width='10' height='30'></td>\n\t\t<td background='" . $this->skinpath . "images/sidebar/titlebg.png' align='center' valign='middle'><b>" . strtolower($bhlang['title:quota']) . "</b></td>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/rc.png' width='10' height='30'></td>\n\t</tr>\n\t<tr>\n\t\t<td width='10' background='" . $this->skinpath . "images/sidebar/lc.png'> </td>\n\t\t<td valign='middle' align='center'><br>\n\t\t\t";
$a1 = array("#QUOTA#", "#QUOTAUSED#");
$a2 = array(bh_humanise_filesize($bhcurrent['userobj']->quota), bh_humanise_filesize($bhcurrent['userobj']->getusedspace()));
$str .= str_replace($a1, $a2, $bhlang['explain:you_have_used_some_quota']);
$str .= "<br><br>\n\t\t</td>\n\t\t<td width='10' background='" . $this->skinpath . "images/sidebar/rc.png'> </td>\n\t</tr>\n\t<tr height='10'>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/bl.png'></td>\n\t\t<td background='" . $this->skinpath . "images/sidebar/bc.png'></td>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/br.png'></td>\n\t</tr>\n</table>\n";
}
