function cot_sbr_sendpost($id, $text, $to, $from = 0, $type = '', $mail = false, $rfiles = array()) { global $db, $db_sbr_posts, $db_sbr, $db_sbr_files, $db_users, $sys, $cfg, $L, $R; $rpost['post_sid'] = $id; $rpost['post_text'] = $text; $rpost['post_date'] = $sys['now']; $rpost['post_from'] = $from; $rpost['post_to'] = $to; $rpost['post_type'] = $type; /* === Hook === */ foreach (cot_getextplugins('sbr.post.add.query') as $pl) { include $pl; } /* ===== */ if ($db->insert($db_sbr_posts, $rpost)) { $postid = $db->lastInsertId(); $sbr_path = $cfg['plugin']['sbr']['filepath'] . '/' . $id . '/'; if (!file_exists($sbr_path)) { mkdir($sbr_path); @chmod($sbr_path, $cfg['dir_perms']); } for ($j = 0; $j < 10; $j++) { if ($rfiles['size'][$j] > 0 && $rfiles['error'][$j] == 0) { $u_tmp_name_file = $rfiles['tmp_name'][$j]; $u_type_file = $rfiles['type'][$j]; $u_name_file = $rfiles['name'][$j]; $u_size_file = $rfiles['size'][$j]; $u_name_file = str_replace("\\'", '', $u_name_file); $u_name_file = trim(str_replace("\"", '', $u_name_file)); $dotpos = strrpos($u_name_file, ".") + 1; $f_extension = substr($u_name_file, $dotpos, 5); if (!empty($u_tmp_name_file)) { $fcheck = cot_file_check($u_tmp_name_file, $u_name_file, $f_extension); if ($fcheck == 1) { if (in_array($f_extension, explode(',', $cfg['plugin']['sbr']['extensions']))) { $u_newname_file = $postid . "_" . md5(uniqid(rand(), true)) . "." . $f_extension; $file = $sbr_path . $u_newname_file; move_uploaded_file($u_tmp_name_file, $file); @chmod($file, 0766); $rfile['file_sid'] = $id; $rfile['file_url'] = $file; $rfile['file_title'] = $u_name_file; $rfile['file_area'] = 'post'; $rfile['file_code'] = $postid; $rfile['file_ext'] = $f_extension; $rfile['file_size'] = floor($u_size_file / 1024); $db->insert($db_sbr_files, $rfile); } } } } } // Отправка сообщения на почту! if ($mail) { $sbr = $db->query("SELECT * FROM {$db_sbr} WHERE sbr_id=" . $id)->fetch(); if (!empty($to)) { $recipients[] = $db->query("SELECT * FROM {$db_users} WHERE user_id=" . $to)->fetch(); } else { $recipients[] = $db->query("SELECT * FROM {$db_users} WHERE user_id=" . $sbr['sbr_performer'])->fetch(); $recipients[] = $db->query("SELECT * FROM {$db_users} WHERE user_id=" . $sbr['sbr_employer'])->fetch(); } if (!empty($from)) { $sender = $db->query("SELECT * FROM {$db_users} WHERE user_id=" . $from)->fetch(); } foreach ($recipients as $recipient) { if (!empty($from)) { $rsubject = cot_rc($L['sbr_mail_posts_header'], array('sbr_id' => $id, 'sbr_title' => $sbr['sbr_title'])); $rbody = cot_rc($L['sbr_mail_posts_body'], array('user_name' => $recipient['user_name'], 'sender_name' => $sender['user_name'], 'post_text' => $text, 'sitename' => $cfg['maintitle'], 'link' => COT_ABSOLUTE_URL . cot_url('sbr', "id=" . $id, '', true))); } else { $rsubject = cot_rc($L['sbr_mail_notification_header'], array('sbr_id' => $id, 'sbr_title' => $sbr['sbr_title'])); $rbody = cot_rc($L['sbr_mail_notification_body'], array('user_name' => $recipient['user_name'], 'post_text' => $text, 'sitename' => $cfg['maintitle'], 'link' => COT_ABSOLUTE_URL . cot_url('sbr', "id=" . $id, '', true))); } cot_mail($recipient['user_email'], $rsubject, $rbody, '', false, null, true); } } /* === Hook === */ foreach (cot_getextplugins('sbr.post.add.done') as $pl) { include $pl; } /* ===== */ return $db->lastInsertId(); } return false; }
*/ defined('COT_CODE') or die('Wrong URL'); require_once cot_incfile('userimages', 'plug'); $userimages = cot_userimages_config_get(); if ($_FILES) { @clearstatcache(); foreach ($userimages as $code => $settings) { if (!$_FILES[$code]) { continue; } $file = $_FILES[$code]; if (!empty($file['tmp_name']) && $file['size'] > 0 && is_uploaded_file($file['tmp_name'])) { $gd_supported = array('jpg', 'jpeg', 'png', 'gif'); $var = explode(".", $file['name']); $file_ext = strtolower(array_pop($var)); $fcheck = cot_file_check($file['tmp_name'], $file['name'], $file_ext); if (in_array($file_ext, $gd_supported) && $fcheck == 1) { $file['name'] = cot_safename($file['name'], true); $filename_full = $usr['id'] . '-' . strtolower($file['name']); $filepath = $code == 'avatar' ? $cfg['avatars_dir'] . '/' . $filename_full : $cfg['photos_dir'] . '/' . $filename_full; if (file_exists($filepath)) { unlink($filepath); } move_uploaded_file($file['tmp_name'], $filepath); cot_imageresize($filepath, $filepath, $settings['width'], $settings['height'], $settings['crop'], '', 100); @chmod($filepath, $cfg['file_perms']); /* === Hook === */ foreach (cot_getextplugins('profile.update.' . $code) as $pl) { include $pl; } /* ===== */
/** * Upload one or more files, return parent folder ID * * @param int $userid User ID * @param int $folderid Folder ID * @return int */ function cot_pfs_upload($userid, $folderid = '') { global $db, $cfg, $sys, $cot_extensions, $gd_supported, $maxfile, $maxtotal, $db_pfs, $db_pfs_folders, $L, $err_msg; if ($folderid === '') { $folderid = cot_import('folderid', 'P', 'INT'); } $ndesc = cot_import('ndesc', 'P', 'ARR'); $npath = cot_pfs_folderpath($folderid); /* === Hook === */ foreach (cot_getextplugins('pfs.upload.first') as $pl) { include $pl; } /* ===== */ cot_die($npath === FALSE); for ($ii = 0; $ii < $cfg['pfs']['pfsmaxuploads']; $ii++) { $disp_errors = ''; $u_tmp_name = $_FILES['userfile']['tmp_name'][$ii]; $u_type = $_FILES['userfile']['type'][$ii]; $u_name = $_FILES['userfile']['name'][$ii]; $u_size = $_FILES['userfile']['size'][$ii]; $u_name = str_replace("\\'", '', $u_name); $u_name = trim(str_replace("\"", '', $u_name)); if (!empty($u_name)) { $disp_errors .= $u_name . ' : '; $u_name = mb_strtolower($u_name); $dotpos = mb_strrpos($u_name, ".") + 1; $f_extension = mb_substr($u_name, $dotpos); $f_extension_ok = 0; $desc = $ndesc[$ii]; if ($cfg['pfs']['pfstimename']) { $u_name = time() . '_' . $u_name; } if (!$cfg['pfs']['pfsuserfolder']) { $u_name = $usr['id'] . '_' . $u_name; } $u_newname = cot_safename($u_name, true); $u_sqlname = $db->prep($u_newname); if ($f_extension != 'php' && $f_extension != 'php3' && $f_extension != 'php4' && $f_extension != 'php5') { foreach ($cot_extensions as $k => $line) { if (mb_strtolower($f_extension) == $line[0]) { $f_extension_ok = 1; } } } if (is_uploaded_file($u_tmp_name) && $u_size > 0 && $u_size < $maxfile && $f_extension_ok && $pfs_totalsize + $u_size < $maxtotal) { $fcheck = cot_file_check($u_tmp_name, $u_name, $f_extension); if ($fcheck == 1) { $pfs_dir_user = cot_pfs_path($userid); $thumbs_dir_user = cot_pfs_thumbpath($userid); if (!file_exists($pfs_dir_user . $npath . $u_newname)) { $is_moved = true; if ($cfg['pfs']['pfsuserfolder']) { if (!is_dir($pfs_dir_user)) { $is_moved &= mkdir($pfs_dir_user, $cfg['dir_perms']); } if (!is_dir($thumbs_dir_user)) { $is_moved &= mkdir($thumbs_dir_user, $cfg['dir_perms']); } } $is_moved &= move_uploaded_file($u_tmp_name, $pfs_dir_user . $npath . $u_newname); $is_moved &= chmod($pfs_dir_user . $npath . $u_newname, $cfg['file_perms']); $u_size = filesize($pfs_dir_user . $npath . $u_newname); if ($is_moved && (int) $u_size > 0) { /* === Hook === */ foreach (cot_getextplugins('pfs.upload.moved') as $pl) { include $pl; } /* ===== */ $db->insert($db_pfs, array('pfs_userid' => (int) $userid, 'pfs_date' => (int) $sys['now'], 'pfs_file' => $u_sqlname, 'pfs_extension' => $f_extension, 'pfs_folderid' => (int) $folderid, 'pfs_desc' => $desc, 'pfs_size' => (int) $u_size, 'pfs_count' => 0)); $db->update($db_pfs_folders, array('pff_updated' => $sys['now']), 'pff_id="' . $folderid . '"'); $disp_errors .= $L['Yes']; $pfs_totalsize += $u_size; /* === Hook === */ foreach (cot_getextplugins('pfs.upload.done') as $pl) { include $pl; } /* ===== */ if (in_array($f_extension, $gd_supported) && $cfg['pfs']['th_amode'] != 'Disabled' && file_exists($pfs_dir_user . $u_newname)) { @unlink($thumbs_dir_user . $npath . $u_newname); $th_colortext = array(hexdec(substr($cfg['pfs']['th_colortext'], 0, 2)), hexdec(substr($cfg['pfs']['th_colortext'], 2, 2)), hexdec(substr($cfg['pfs']['th_colortext'], 4, 2))); $th_colorbg = array(hexdec(substr($cfg['pfs']['th_colorbg'], 0, 2)), hexdec(substr($cfg['pfs']['th_colorbg'], 2, 2)), hexdec(substr($cfg['pfs']['th_colorbg'], 4, 2))); cot_imageresize($pfs_dir_user . $npath . $u_newname, $cfg['pfs']['thumbs_dir_user'] . $npath . $u_newname, $cfg['pfs']['th_x'], $cfg['pfs']['th_y'], '', $th_colorbg, $cfg['pfs']['th_jpeg_quality'], true); } } else { @unlink($pfs_dir_user . $npath . $u_newname); $disp_errors .= $L['pfs_filenotmoved']; } } else { $disp_errors .= $L['pfs_fileexists']; } } elseif ($fcheck == 2) { $disp_errors .= sprintf($L['pfs_filemimemissing'], $f_extension); } else { $disp_errors .= sprintf($L['pfs_filenotvalid'], $f_extension); } } else { $disp_errors .= $L['pfs_filetoobigorext']; } $err_msg[] = $disp_errors; } } return $folderid; }
/** * Process uploaded user images files for certain User * * @param number $uid User ID for uploads to be attached * @return boolean|number Number of uploaded images or false for incorrect $uid */ function cot_userimages_process_uploads($uid = null) { global $cfg, $usr, $m; $files = 0; if ($_FILES) { if (is_null($uid) || empty($uid)) { $uid = $usr['id']; } if (!is_numeric($uid) || $uid != (int) $uid || $uid < 1) { return false; } if ($uid != $usr['id'] || $m == 'edit') { list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('users', 'a'); if (!$usr['isadmin']) { return 0; } $usermode = true; } @clearstatcache(); $userimages = cot_userimages_config_get(); foreach ($userimages as $code => $settings) { $file = $_FILES[$usermode ? $code . ':' . $uid : $code]; if (!$file) { continue; } if (!empty($file['tmp_name']) && $file['size'] > 0 && is_uploaded_file($file['tmp_name'])) { $gd_supported = array('jpg', 'jpeg', 'png', 'gif'); $var = explode(".", $file['name']); $file_ext = strtolower(array_pop($var)); $fcheck = cot_file_check($file['tmp_name'], $file['name'], $file_ext); if (in_array($file_ext, $gd_supported) && $fcheck == 1) { $file['name'] = cot_safename($file['name'], true); $path = $code == 'avatar' ? $cfg['avatars_dir'] : $cfg['photos_dir']; $filename_full = $uid . '-' . strtolower($code != 'avatar' ? $code . '-' . $file['name'] : $file['name']); $filepath = $path . '/' . $filename_full; if (file_exists($filepath)) { unlink($filepath); } move_uploaded_file($file['tmp_name'], $filepath); cot_imageresize($filepath, $filepath, $settings['width'], $settings['height'], $settings['crop'], '', 100); @chmod($filepath, $cfg['file_perms']); /* === Hook === */ foreach (cot_getextplugins('profile.update.' . $code) as $pl) { include $pl; } /* ===== */ $sql = cot::$db->query("SELECT user_" . cot::$db->prep($code) . " FROM " . cot::$db->users . " WHERE user_id=" . $uid); if ($oldimage = $sql->fetchColumn()) { if (file_exists($oldimage)) { unlink($oldimage); } } $sql = cot::$db->update(cot::$db->users, array("user_" . $code => $filepath), "user_id='" . $uid . "'"); $files++; } elseif ($fcheck == 2) { cot_error(sprintf($L['pfs_filemimemissing'], $file_ext), $code); } else { cot_error(sprintf($L['userimages_' . $code . 'notvalid'], $file_ext), $code); } } } } return $files; }
$desc = $ndesc[$ii]; if ($cfg['pfs']['pfstimename']) { $u_newname = time() . '_' . cot_unique(6) . '_' . $userid . '.' . $f_extension; } else { $u_newname = cot_safename($u_name, true, '_' . $userid); } $u_sqlname = $db->prep($u_newname); if ($f_extension != 'php' && $f_extension != 'php3' && $f_extension != 'php4' && $f_extension != 'php5') { foreach ($cot_extensions as $k => $line) { if (mb_strtolower($f_extension) == $line[0]) { $f_extension_ok = 1; } } } if (is_uploaded_file($u_tmp_name) && $u_size > 0 && $u_size < $maxfile && $f_extension_ok && $pfs_totalsize + $u_size < $maxtotal) { $fcheck = cot_file_check($u_tmp_name, $u_name, $f_extension); if ($fcheck == 1) { if (!file_exists($pfs_dir_user . $u_newname)) { $is_moved = true; if ($cfg['pfs']['pfsuserfolder']) { if (!is_dir($pfs_dir_user)) { $is_moved &= mkdir($pfs_dir_user, $cfg['dir_perms']); } if (!is_dir($thumbs_dir_user)) { $is_moved &= mkdir($thumbs_dir_user, $cfg['dir_perms']); } } $is_moved &= move_uploaded_file($u_tmp_name, $pfs_dir_user . $u_newname); $is_moved &= chmod($pfs_dir_user . $u_newname, $cfg['file_perms']); $u_size = filesize($pfs_dir_user . $u_newname); if ($is_moved && (int) $u_size > 0) {