if (!empty($p) and !is_dir(NV_ROOTDIR . '/' . NV_UPLOADS_DIR . '/' . $cp . $p)) { $mk = nv_mkdir(NV_ROOTDIR . '/' . NV_UPLOADS_DIR . '/' . $cp, $p); if ($mk[0] > 0) { $upload_real_dir_page = $mk[2]; } } elseif (!empty($p)) { $upload_real_dir_page = NV_ROOTDIR . '/' . NV_UPLOADS_DIR . '/' . $cp . $p; } $cp .= $p . '/'; } } } $currentpath = str_replace(NV_ROOTDIR . '/', '', $upload_real_dir_page); require_once NV_ROOTDIR . "/includes/class/image.class.php"; foreach ($imageMatch as $imageSrc) { if (nv_check_url($imageSrc)) { $_image = new image($imageSrc); if ($_image->fileinfo['width'] > 50) { if ($_image->fileinfo['width'] > NV_MAX_WIDTH) { $_image->resizeXY(NV_MAX_WIDTH, NV_MAX_HEIGHT); } $basename = explode(".", basename($imageSrc)); array_pop($basename); $basename = implode("-", $basename); $basename = preg_replace('/^\\W+|\\W+$/', '', $basename); $basename = preg_replace('/[ ]+/', '_', $basename); $basename = strtolower(preg_replace('/\\W-/', '', $basename)); $basename .= '.' . $_image->fileinfo['ext']; $thumb_basename = $basename; $i = 1; while (file_exists(NV_ROOTDIR . '/' . $currentpath . '/' . $thumb_basename)) {
$ls = explode("<br />", $ls); $ls = array_map("trim", $ls); foreach ($ls as $l) { if (!empty($l)) { $links[] = $l; } } } } } if (!empty($links)) { foreach ($links as $link) { if (!nv_is_url($link)) { die("NO_" . $id); } if (!nv_check_url($link)) { die("NO_" . $id); } } } die("OK_" . $id); } //Del if ($nv_Request->isset_request('del', 'post')) { if (!defined('NV_IS_AJAX')) { die('Wrong URL'); } $id = $nv_Request->get_int('id', 'post', 0); if (!$id) { die("NO"); }
$url = substr($url, strlen(NV_BASE_SITEURL)); $url = NV_ROOTDIR . '/' . $url; if (!file_exists($url)) { die($lang_module['file_checkUrl_error']); } } else { $url = trim($url); $url = nv_nl2br($url, '<br />'); $url = explode('<br />', $url); $url = array_map('trim', $url); foreach ($url as $l) { if (!empty($l)) { if (!nv_is_url($l)) { die($lang_module['file_checkUrl_error']); } if (!nv_check_url($l)) { die($lang_module['file_checkUrl_error']); } } } } die($lang_module['file_checkUrl_ok']); } // Download file if ($nv_Request->isset_request('fdownload', 'get')) { $file = $nv_Request->get_string('fdownload', 'get', ''); if (!empty($file)) { $file = substr($file, strlen(NV_BASE_SITEURL)); $file = NV_ROOTDIR . '/' . $file; $download = new NukeViet\Files\Download($file, NV_UPLOADS_REAL_DIR); $download->download_file();
$key = $nv_Request->get_int('id', 'post', 0); // Neu da dang nhap thi khong duoc phep doi ten dang nhap $username = !empty($user_info['username']) ? $user_info['username'] : $user; $userid = !empty($user_info['userid']) ? $user_info['userid'] : 0; // Kiem tra thoi gian $timeout = $nv_Request->get_int($module_name . '_error_' . $where . "_" . $key, 'cookie', 0); if ($timeout == 0 or NV_CURRENTTIME - $timeout > 90) { $check = 0; // Neu day la ba hat va kiem tra loi khong ton tai if ($where == 'song' and $root_error == "check") { $song = getsongbyID($key); $url = outputURL($song['server'], $song['duongdan']); if ($song['server'] == 1) { $url = NV_MY_DOMAIN . $url; } if (nv_check_url($url)) { $ok = 1; die($lang_module['send_error_not']); } else { $ok = 0; } $check = 1; } $nv_Request->set_Cookie($module_name . '_error_' . $where . "_" . $key, NV_CURRENTTIME); if ($check == 0 or $check == 1 and $ok == 0) { $sql = "INSERT INTO `" . NV_PREFIXLANG . "_" . $module_data . "_error` VALUES (\n\t\t\t\tNULL, \n\t\t\t\t" . $key . ", \n\t\t\t\t" . $userid . ", \n\t\t\t\t" . $db->dbescape($username) . ", \n\t\t\t\t" . $db->dbescape($root_error . " | " . $body) . ", \n\t\t\t\t" . $db->dbescape($where) . ", \n\t\t\t\t" . NV_CURRENTTIME . ", \n\t\t\t\t" . $db->dbescape($client_info['ip']) . ", 1\n\t\t\t)"; if ($db->sql_query_insert_id($sql)) { die($lang_module['send_error_suc']); } else { die($lang_module['send_error_error']); }
/** * nv_check_url() * * @param string $url * @param bool $is_200 * @return */ function nv_check_url($url, $is_200 = 0) { if (empty($url)) { return false; } $url = str_replace(' ', '%20', $url); $allow_url_fopen = ini_get('allow_url_fopen') == '1' || strtolower(ini_get('allow_url_fopen')) == 'on' ? 1 : 0; if (nv_function_exists('get_headers') and $allow_url_fopen == 1) { $res = get_headers($url); } elseif (nv_function_exists('curl_init') and nv_function_exists('curl_exec')) { $url_info = @parse_url($url); $port = isset($url_info['port']) ? intval($url_info['port']) : 80; $userAgents = array('Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9) Gecko/2008052906 Firefox/3.0', 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)', 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)', 'Mozilla/4.8 [en] (Windows NT 6.0; U)', 'Opera/9.25 (Windows NT 6.0; U; en)'); $open_basedir = ini_get('open_basedir') == '1' || strtolower(ini_get('open_basedir')) == 'on' ? 1 : 0; srand((double) microtime() * 10000000); $rand = array_rand($userAgents); $agent = $userAgents[$rand]; $curl = curl_init($url); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_NOBODY, true); curl_setopt($curl, CURLOPT_PORT, $port); if ($open_basedir) { curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); } curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_TIMEOUT, 15); curl_setopt($curl, CURLOPT_USERAGENT, $agent); $response = curl_exec($curl); curl_close($curl); if ($response === false) { trigger_error(curl_error($curl), E_USER_WARNING); return false; } else { $res = explode('\\n', $response); } } elseif (nv_function_exists('fsockopen') and nv_function_exists('fgets')) { $res = array(); $url_info = parse_url($url); $port = isset($url_info['port']) ? intval($url_info['port']) : 80; $fp = fsockopen($url_info['host'], $port, $errno, $errstr, 15); if (!$fp) { trigger_error($errstr, E_USER_WARNING); return false; } $path = !empty($url_info['path']) ? $url_info['path'] : '/'; $path .= !empty($url_info['query']) ? '?' . $url_info['query'] : ''; fputs($fp, "HEAD " . $path . " HTTP/1.0\r\n"); fputs($fp, "Host: " . $url_info['host'] . ":" . $port . "\r\n"); fputs($fp, "Connection: close\r\n\r\n"); while (!feof($fp)) { if ($header = trim(fgets($fp, 1024))) { $res[] = $header; } } @fclose($fp); } else { trigger_error('error server no support check url', E_USER_WARNING); return false; } if (empty($res)) { return false; } if (preg_match('/(200)/', $res[0])) { return true; } if ($is_200 > 5) { return false; } if (preg_match('/(301)|(302)|(303)/', $res[0])) { foreach ($res as $k => $v) { if (preg_match('/location:\\s(.*?)$/is', $v, $matches)) { ++$is_200; $location = trim($matches[1]); return nv_check_url($location, $is_200); } } } return false; }
* @Createdate 3-6-2010 0:30 */ if (!defined('NV_IS_MOD_DOWNLOAD')) { die('Stop!!!'); } if (!$nv_Request->isset_request('session_files', 'session')) { die('Wrong URL'); } $session_files = $nv_Request->get_string('session_files', 'session', ''); if (empty($session_files)) { die('Wrong URL'); } $session_files = unserialize($session_files); if ($nv_Request->isset_request('code', 'get')) { $code = $nv_Request->get_string('code', 'get', ''); if (empty($code) or !preg_match("/^([a-z0-9]{32})\$/i", $code) or !isset($session_files['linkdirect'][$code]) or !nv_check_url($session_files['linkdirect'][$code]['link'])) { die('Wrong URL'); } $sql = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "` SET `download_hits`=download_hits+1 WHERE `id`=" . intval($session_files['linkdirect'][$code]['id']); $db->sql_query($sql); $content = "<br /><img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n"; $content .= sprintf($lang_module['download_wait2'], $session_files['linkdirect'][$code]['link']); $content .= "<meta http-equiv=\"refresh\" content=\"5;url=" . $session_files['linkdirect'][$code]['link'] . "\" />"; nv_info_die($lang_module['download_detail'], $lang_module['download_wait'], $content); die; } if (!$nv_Request->isset_request('file', 'get')) { die('Wrong URL'); } $file = $nv_Request->get_string('file', 'get', ''); if (empty($file)) {
$image = substr($image, $lu); } } if (!empty($url)) { if (!preg_match("#^(http|https|ftp|gopher)\\:\\/\\/#", $url)) { $url = "http://" . $url; } } $admin_phone = ""; $admin_email = ""; $note = ""; $description = filter_text_textarea('description', '', NV_ALLOWED_HTML_TAGS); $description = defined('NV_EDITOR') ? nv_editor_nl2br($description) : nv_nl2br($description, '<br />'); $status = $nv_Request->get_int('status', 'post') == 1 ? 1 : 0; // check url if (empty($url) || !nv_is_url($url) || !check_url($id, $url) || !nv_check_url($url)) { $error = $lang_module['error_url']; } elseif (empty($title)) { $error = $lang_module['error_title']; } elseif (strip_tags($description) == "") { $error = $lang_module['error_description']; } else { if ($id > 0) { $sql = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_rows` SET `catid`=" . $catid . ", `title`=" . $db->dbescape($title) . ", `alias` = " . $db->dbescape($alias) . ", `url` = " . $db->dbescape($url) . ", `urlimg` = " . $db->dbescape($image) . ", `description`=" . $db->dbescape($description) . ", `edit_time` = UNIX_TIMESTAMP(), `status`=" . $status . " WHERE `id` =" . $id; $db->sql_query($sql); if ($db->sql_affectedrows() > 0) { nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['weblink_edit_link'], $title, $admin_info['userid']); Header("Location: " . NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name); die; } else { $error = $lang_module['errorsave'];
/** * nv_check_url() * * @param mixed $url * @param bool $is_200 * @return */ function nv_check_url($url, $is_200 = false) { if (empty($url)) { return false; } $res = get_headers($url); if (!$res) { return false; } if (preg_match("/(200)/", $res[0])) { return true; } if ($is_200) { return false; } if (preg_match("/(301)|(302)|(303)/", $res[0])) { foreach ($res as $k => $v) { unset($matches); if (preg_match("/location:\\s(.*?)\$/is", $v, $matches)) { $location = trim($matches[1]); return nv_check_url($location, true); } } } return false; }