function FileUpload() { global $config, $db, $lang, $member_id, $user_group; $_IP = get_ip(); $added_time = time() + $config['date_adjust'] * 60; if (!is_dir(ROOT_DIR . "/uploads/posts/" . FOLDER_PREFIX)) { @mkdir(ROOT_DIR . "/uploads/posts/" . FOLDER_PREFIX, 0777); @chmod(ROOT_DIR . "/uploads/posts/" . FOLDER_PREFIX, 0777); @mkdir(ROOT_DIR . "/uploads/posts/" . FOLDER_PREFIX . "thumbs", 0777); @chmod(ROOT_DIR . "/uploads/posts/" . FOLDER_PREFIX . "thumbs", 0777); } if (!is_dir(ROOT_DIR . "/uploads/files/" . FOLDER_PREFIX)) { @mkdir(ROOT_DIR . "/uploads/files/" . FOLDER_PREFIX, 0777); @chmod(ROOT_DIR . "/uploads/files/" . FOLDER_PREFIX, 0777); } if (!is_dir(ROOT_DIR . "/uploads/posts/" . FOLDER_PREFIX)) { return $this->msg_error($lang['upload_error_0'] . " /uploads/posts/" . FOLDER_PREFIX, 403); } if (!is_dir(ROOT_DIR . "/uploads/files/" . FOLDER_PREFIX)) { return $this->msg_error($lang['upload_error_0'] . " /uploads/files/" . FOLDER_PREFIX, 403); } if (!is_writable(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX)) { return $this->msg_error($lang['upload_error_1'] . " /uploads/" . $this->upload_path . FOLDER_PREFIX . " " . $lang['upload_error_2'], 403); } if (!is_writable(ROOT_DIR . "/uploads/files/" . FOLDER_PREFIX)) { return $this->msg_error($lang['upload_error_1'] . " /uploads/files/" . FOLDER_PREFIX . " " . $lang['upload_error_2'], 403); } if (!is_writable(ROOT_DIR . "/uploads/posts/" . FOLDER_PREFIX . "thumbs")) { return $this->msg_error($lang['upload_error_1'] . " /uploads/posts/" . FOLDER_PREFIX . "thumbs/ " . $lang['upload_error_2'], 403); } if (!$this->file) { return $this->msg_error($lang['upload_error_3'], 405); } $filename = $this->check_filename($this->file->getFileName()); $size = $this->file->getFileSize(); if (!$filename) { return $this->msg_error($lang['upload_error_4'], 405); } $filename_arr = explode(".", $filename); $type = end($filename_arr); if (!$type) { return $this->msg_error($lang['upload_error_4'], 405); } $error_code = $this->file->getErrorCode(); if ($error_code) { return $this->msg_error($error_code, 405); } if ($size == 0) { return $this->msg_error($lang['upload_error_5'], 403); } if ($config['files_allow'] == "yes" and $user_group[$member_id['user_group']]['allow_file_upload'] and in_array($type, $this->allowed_files)) { if (intval($user_group[$member_id['user_group']]['max_file_size']) and $size > $user_group[$member_id['user_group']]['max_file_size'] * 1024) { return $this->msg_error($lang['files_too_big'], 500); } if ($this->area != "template" and $user_group[$member_id['user_group']]['max_files']) { $row = $db->super_query("SELECT COUNT(*) as count FROM " . PREFIX . "_files WHERE author = '{$this->author}' AND news_id = '{$this->news_id}'"); $count_files = $row['count']; if ($count_files and $count_files >= $user_group[$member_id['user_group']]['max_files']) { return $this->msg_error($lang['error_max_files'], 403); } } $uploaded_filename = $this->file->saveFile(ROOT_DIR . "/uploads/files/" . FOLDER_PREFIX, $filename, $this->use_prefix); if ($uploaded_filename) { @chmod(ROOT_DIR . "/uploads/files/" . FOLDER_PREFIX . $uploaded_filename, 0666); $added_time = time() + $config['date_adjust'] * 60; if ($user_group[$member_id['user_group']]['allow_admin']) { $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$added_time}', '{$_IP}', '36', '{$uploaded_filename}')"); } if ($this->area == "template") { $db->query("INSERT INTO " . PREFIX . "_static_files (static_id, author, date, name, onserver) values ('{$this->news_id}', '{$this->author}', '{$added_time}', '{$filename}', '" . FOLDER_PREFIX . "{$uploaded_filename}')"); $id = $db->insert_id(); if (in_array($type, $this->allowed_video)) { if ($type == "mp3") { $file_link = $config['http_home_url'] . "engine/skins/images/mp3_file.png"; $data_url = $config['http_home_url'] . "uploads/files/" . FOLDER_PREFIX . $uploaded_filename; $file_play = "audio"; } elseif ($type == "swf") { $file_link = $config['http_home_url'] . "engine/skins/images/file_flash.png"; $data_url = $config['http_home_url'] . "uploads/files/" . FOLDER_PREFIX . $uploaded_filename; $file_play = "flash"; } else { $file_link = $config['http_home_url'] . "engine/skins/images/video_file.png"; $data_url = $config['http_home_url'] . "uploads/files/" . FOLDER_PREFIX . $uploaded_filename; $file_play = "video"; } } else { $file_link = $config['http_home_url'] . "engine/skins/images/all_file.png"; $data_url = "#"; $file_play = ""; } $return_box = "<div class=\"uploadedfile\"><div class=\"info\">{$filename}</div><div class=\"uploadimage\"><a class=\"uploadfile\" href=\"{$data_url}\" data-src=\"{$id}:{$filename}\" data-type=\"file\" data-play=\"{$file_play}\"><img style=\"width:auto;height:auto;max-width:100px;max-height:90px;\" src=\"" . $file_link . "\" /></a></div><div class=\"info\"><input type=\"checkbox\" id=\"file\" name=\"static_files[]\" value=\"{$id}\" data-type=\"file\"> " . formatsize($size) . "</div></div>"; } else { $db->query("INSERT INTO " . PREFIX . "_files (news_id, name, onserver, author, date) values ('{$this->news_id}', '{$filename}', '" . FOLDER_PREFIX . "{$uploaded_filename}', '{$this->author}', '{$added_time}')"); $id = $db->insert_id(); if (in_array($type, $this->allowed_video)) { if ($type == "mp3") { $file_link = $config['http_home_url'] . "engine/skins/images/mp3_file.png"; $data_url = $config['http_home_url'] . "uploads/files/" . FOLDER_PREFIX . $uploaded_filename; $file_play = "audio"; } elseif ($type == "swf") { $file_link = $config['http_home_url'] . "engine/skins/images/file_flash.png"; $data_url = $config['http_home_url'] . "uploads/files/" . FOLDER_PREFIX . $uploaded_filename; $file_play = "flash"; } else { $file_link = $config['http_home_url'] . "engine/skins/images/video_file.png"; $data_url = $config['http_home_url'] . "uploads/files/" . FOLDER_PREFIX . $uploaded_filename; $file_play = "video"; } } else { $file_link = $config['http_home_url'] . "engine/skins/images/all_file.png"; $data_url = "#"; $file_play = ""; } $return_box = "<div class=\"uploadedfile\"><div class=\"info\">{$filename}</div><div class=\"uploadimage\"><a class=\"uploadfile\" href=\"{$data_url}\" data-src=\"{$id}:{$filename}\" data-type=\"file\" data-play=\"{$file_play}\"><img style=\"width:auto;height:auto;max-width:100px;max-height:90px;\" src=\"" . $file_link . "\" /></a></div><div class=\"info\"><input type=\"checkbox\" id=\"file\" name=\"files[]\" value=\"{$id}\" data-type=\"file\"> " . formatsize($size) . "</div></div>"; } } else { return $this->msg_error($lang['images_uperr_3'], 403); } } elseif (in_array($type, $this->allowed_extensions) and $user_group[$member_id['user_group']]['allow_image_upload']) { if (intval($config['max_up_size']) and $size > $config['max_up_size'] * 1024 and !$config['max_up_side']) { return $this->msg_error($lang['images_big'], 500); } if ($this->area != "template" and $this->area != "adminupload" and $user_group[$member_id['user_group']]['max_images']) { $row = $db->super_query("SELECT images FROM " . PREFIX . "_images WHERE author = '{$this->author}' AND news_id = '{$this->news_id}'"); if ($row['images']) { $count_images = count(explode("|||", $row['images'])); } else { $count_images = false; } if ($count_images and $count_images >= $user_group[$member_id['user_group']]['max_images']) { return $this->msg_error($lang['error_max_images'], 403); } } $uploaded_filename = $this->file->saveFile(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX, $filename, $this->use_prefix); if ($uploaded_filename) { $added_time = time() + $config['date_adjust'] * 60; @chmod(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename, 0666); $i_info = @getimagesize(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename); if (!in_array($i_info[2], array(1, 2, 3))) { @unlink(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename); return $this->msg_error($lang['upload_error_6'], 500); } $thumb = new thumbnail(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename); if ($this->area != "template" and $this->area != "adminupload") { $row = $db->super_query("SELECT COUNT(*) as count FROM " . PREFIX . "_images WHERE news_id = '{$this->news_id}' AND author = '{$this->author}'"); if (!$row['count']) { $inserts = FOLDER_PREFIX . $uploaded_filename; $db->query("INSERT INTO " . PREFIX . "_images (images, author, news_id, date) values ('{$inserts}', '{$this->author}', '{$this->news_id}', '{$added_time}')"); } else { $row = $db->super_query("SELECT images FROM " . PREFIX . "_images WHERE news_id = '{$this->news_id}' AND author = '{$this->author}'"); if ($row['images'] == "") { $listimages = array(); } else { $listimages = explode("|||", $row['images']); } foreach ($listimages as $dataimages) { if ($dataimages == FOLDER_PREFIX . $uploaded_filename) { $error_image = "stop"; } } if ($error_image != "stop") { $listimages[] = FOLDER_PREFIX . $uploaded_filename; $row['images'] = implode("|||", $listimages); $db->query("UPDATE " . PREFIX . "_images SET images='{$row['images']}' WHERE news_id = '{$this->news_id}' AND author = '{$this->author}'"); } } } if ($this->area == "template") { $inserts = FOLDER_PREFIX . $uploaded_filename; $db->query("INSERT INTO " . PREFIX . "_static_files (static_id, author, date, name) values ('{$this->news_id}', '{$this->author}', '{$added_time}', '{$inserts}')"); $id = $db->insert_id(); } if ($user_group[$member_id['user_group']]['allow_admin']) { $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$added_time}', '{$_IP}', '36', '{$uploaded_filename}')"); } if ($this->make_thumb) { if ($thumb->size_auto($this->t_size, $this->t_seite)) { $thumb->jpeg_quality($config['jpeg_quality']); if ($this->make_watermark) { $thumb->insert_watermark($config['max_watermark']); } $thumb->save(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . "thumbs/" . $uploaded_filename); @chmod(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . "thumbs/" . $uploaded_filename, 0666); } } if ($member_id['user_group'] == 1) { if ($this->make_watermark or $config['max_up_side']) { $thumb = new thumbnail(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename); $thumb->jpeg_quality($config['jpeg_quality']); $re_save = false; if (intval($config['max_up_side']) > 1 and $thumb->size_auto($config['max_up_side'], $config['o_seite'])) { $re_save = true; } if ($this->make_watermark) { $thumb->insert_watermark($config['max_watermark']); $re_save = true; } if ($re_save) { $thumb->save(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename); } } } else { $thumb = new thumbnail(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename); $thumb->jpeg_quality($config['jpeg_quality']); if ($config['max_up_side']) { $thumb->size_auto($config['max_up_side'], $config['o_seite']); } if ($this->make_watermark) { $thumb->insert_watermark($config['max_watermark']); } $thumb->save(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename); } if ($config['max_up_side']) { $i_info = @getimagesize(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename); } if (file_exists(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . "thumbs/" . $uploaded_filename)) { $img_url = $config['http_home_url'] . "uploads/" . $this->upload_path . FOLDER_PREFIX . "thumbs/" . $uploaded_filename; $thumb_data = "yes"; } else { $img_url = $config['http_home_url'] . "uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename; $thumb_data = "no"; } $data_url = $config['http_home_url'] . "uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename; if ($this->area != "template") { $return_box = "<div class=\"uploadedfile\"><div class=\"info\">{$filename}</div><div class=\"uploadimage\"><a class=\"uploadfile\" href=\"{$data_url}\" data-src=\"{$data_url}\" data-thumb=\"{$thumb_data}\" data-type=\"image\"><img style=\"width:auto;height:auto;max-width:100px;max-height:90px;\" src=\"" . $img_url . "\" /></a></div><div class=\"info\"><input type=\"checkbox\" name=\"images[" . FOLDER_PREFIX . $uploaded_filename . "]\" value=\"" . FOLDER_PREFIX . $uploaded_filename . "\" data-thumb=\"{$thumb_data}\" data-type=\"image\" data-src=\"{$data_url}\"> {$i_info[0]}x{$i_info[1]}</div></div>"; } else { $return_box = "<div class=\"uploadedfile\"><div class=\"info\">{$filename}</div><div class=\"uploadimage\"><a class=\"uploadfile\" href=\"{$data_url}\" data-src=\"{$data_url}\" data-thumb=\"{$thumb_data}\" data-type=\"image\"><img style=\"width:auto;height:auto;max-width:100px;max-height:90px;\" src=\"" . $img_url . "\" /></a></div><div class=\"info\"><input type=\"checkbox\" name=\"static_files[]\" value=\"{$id}\" data-thumb=\"{$thumb_data}\" data-type=\"image\" data-src=\"{$data_url}\"> {$i_info[0]}x{$i_info[1]}</div></div>"; } } else { return $this->msg_error($lang['images_uperr_3'], 403); } } else { return $this->msg_error($lang['images_uperr_2'], 403); } $return_box = addcslashes($return_box, "\t\n\r\"\\/"); return htmlspecialchars("{\"success\":true, \"returnbox\":\"{$return_box}\"}", ENT_NOQUOTES, $config['charset']); }