function FileUpload()
{
global $config, $db, $lang, $member_id, $user_group;
$_IP = get_ip();
$added_time = time() + $config['date_adjust'] * 60;
if (!is_dir(ROOT_DIR . "/uploads/posts/" . FOLDER_PREFIX)) {
@mkdir(ROOT_DIR . "/uploads/posts/" . FOLDER_PREFIX, 0777);
@chmod(ROOT_DIR . "/uploads/posts/" . FOLDER_PREFIX, 0777);
@mkdir(ROOT_DIR . "/uploads/posts/" . FOLDER_PREFIX . "thumbs", 0777);
@chmod(ROOT_DIR . "/uploads/posts/" . FOLDER_PREFIX . "thumbs", 0777);
}
if (!is_dir(ROOT_DIR . "/uploads/files/" . FOLDER_PREFIX)) {
@mkdir(ROOT_DIR . "/uploads/files/" . FOLDER_PREFIX, 0777);
@chmod(ROOT_DIR . "/uploads/files/" . FOLDER_PREFIX, 0777);
}
if (!is_dir(ROOT_DIR . "/uploads/posts/" . FOLDER_PREFIX)) {
return $this->msg_error($lang['upload_error_0'] . " /uploads/posts/" . FOLDER_PREFIX, 403);
}
if (!is_dir(ROOT_DIR . "/uploads/files/" . FOLDER_PREFIX)) {
return $this->msg_error($lang['upload_error_0'] . " /uploads/files/" . FOLDER_PREFIX, 403);
}
if (!is_writable(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX)) {
return $this->msg_error($lang['upload_error_1'] . " /uploads/" . $this->upload_path . FOLDER_PREFIX . " " . $lang['upload_error_2'], 403);
}
if (!is_writable(ROOT_DIR . "/uploads/files/" . FOLDER_PREFIX)) {
return $this->msg_error($lang['upload_error_1'] . " /uploads/files/" . FOLDER_PREFIX . " " . $lang['upload_error_2'], 403);
}
if (!is_writable(ROOT_DIR . "/uploads/posts/" . FOLDER_PREFIX . "thumbs")) {
return $this->msg_error($lang['upload_error_1'] . " /uploads/posts/" . FOLDER_PREFIX . "thumbs/ " . $lang['upload_error_2'], 403);
}
if (!$this->file) {
return $this->msg_error($lang['upload_error_3'], 405);
}
$filename = $this->check_filename($this->file->getFileName());
$size = $this->file->getFileSize();
if (!$filename) {
return $this->msg_error($lang['upload_error_4'], 405);
}
$filename_arr = explode(".", $filename);
$type = end($filename_arr);
if (!$type) {
return $this->msg_error($lang['upload_error_4'], 405);
}
$error_code = $this->file->getErrorCode();
if ($error_code) {
return $this->msg_error($error_code, 405);
}
if ($size == 0) {
return $this->msg_error($lang['upload_error_5'], 403);
}
if ($config['files_allow'] == "yes" and $user_group[$member_id['user_group']]['allow_file_upload'] and in_array($type, $this->allowed_files)) {
if (intval($user_group[$member_id['user_group']]['max_file_size']) and $size > $user_group[$member_id['user_group']]['max_file_size'] * 1024) {
return $this->msg_error($lang['files_too_big'], 500);
}
if ($this->area != "template" and $user_group[$member_id['user_group']]['max_files']) {
$row = $db->super_query("SELECT COUNT(*) as count FROM " . PREFIX . "_files WHERE author = '{$this->author}' AND news_id = '{$this->news_id}'");
$count_files = $row['count'];
if ($count_files and $count_files >= $user_group[$member_id['user_group']]['max_files']) {
return $this->msg_error($lang['error_max_files'], 403);
}
}
$uploaded_filename = $this->file->saveFile(ROOT_DIR . "/uploads/files/" . FOLDER_PREFIX, $filename, $this->use_prefix);
if ($uploaded_filename) {
@chmod(ROOT_DIR . "/uploads/files/" . FOLDER_PREFIX . $uploaded_filename, 0666);
$added_time = time() + $config['date_adjust'] * 60;
if ($user_group[$member_id['user_group']]['allow_admin']) {
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$added_time}', '{$_IP}', '36', '{$uploaded_filename}')");
}
if ($this->area == "template") {
$db->query("INSERT INTO " . PREFIX . "_static_files (static_id, author, date, name, onserver) values ('{$this->news_id}', '{$this->author}', '{$added_time}', '{$filename}', '" . FOLDER_PREFIX . "{$uploaded_filename}')");
$id = $db->insert_id();
if (in_array($type, $this->allowed_video)) {
if ($type == "mp3") {
$file_link = $config['http_home_url'] . "engine/skins/images/mp3_file.png";
$data_url = $config['http_home_url'] . "uploads/files/" . FOLDER_PREFIX . $uploaded_filename;
$file_play = "audio";
} elseif ($type == "swf") {
$file_link = $config['http_home_url'] . "engine/skins/images/file_flash.png";
$data_url = $config['http_home_url'] . "uploads/files/" . FOLDER_PREFIX . $uploaded_filename;
$file_play = "flash";
} else {
$file_link = $config['http_home_url'] . "engine/skins/images/video_file.png";
$data_url = $config['http_home_url'] . "uploads/files/" . FOLDER_PREFIX . $uploaded_filename;
$file_play = "video";
}
} else {
$file_link = $config['http_home_url'] . "engine/skins/images/all_file.png";
$data_url = "#";
$file_play = "";
}
$return_box = "<div class=\"uploadedfile\"><div class=\"info\">{$filename}</div><div class=\"uploadimage\"><a class=\"uploadfile\" href=\"{$data_url}\" data-src=\"{$id}:{$filename}\" data-type=\"file\" data-play=\"{$file_play}\"><img style=\"width:auto;height:auto;max-width:100px;max-height:90px;\" src=\"" . $file_link . "\" /></a></div><div class=\"info\"><input type=\"checkbox\" id=\"file\" name=\"static_files[]\" value=\"{$id}\" data-type=\"file\"> " . formatsize($size) . "</div></div>";
} else {
$db->query("INSERT INTO " . PREFIX . "_files (news_id, name, onserver, author, date) values ('{$this->news_id}', '{$filename}', '" . FOLDER_PREFIX . "{$uploaded_filename}', '{$this->author}', '{$added_time}')");
$id = $db->insert_id();
if (in_array($type, $this->allowed_video)) {
if ($type == "mp3") {
$file_link = $config['http_home_url'] . "engine/skins/images/mp3_file.png";
$data_url = $config['http_home_url'] . "uploads/files/" . FOLDER_PREFIX . $uploaded_filename;
$file_play = "audio";
} elseif ($type == "swf") {
$file_link = $config['http_home_url'] . "engine/skins/images/file_flash.png";
$data_url = $config['http_home_url'] . "uploads/files/" . FOLDER_PREFIX . $uploaded_filename;
$file_play = "flash";
} else {
$file_link = $config['http_home_url'] . "engine/skins/images/video_file.png";
$data_url = $config['http_home_url'] . "uploads/files/" . FOLDER_PREFIX . $uploaded_filename;
$file_play = "video";
}
} else {
$file_link = $config['http_home_url'] . "engine/skins/images/all_file.png";
$data_url = "#";
$file_play = "";
}
$return_box = "<div class=\"uploadedfile\"><div class=\"info\">{$filename}</div><div class=\"uploadimage\"><a class=\"uploadfile\" href=\"{$data_url}\" data-src=\"{$id}:{$filename}\" data-type=\"file\" data-play=\"{$file_play}\"><img style=\"width:auto;height:auto;max-width:100px;max-height:90px;\" src=\"" . $file_link . "\" /></a></div><div class=\"info\"><input type=\"checkbox\" id=\"file\" name=\"files[]\" value=\"{$id}\" data-type=\"file\"> " . formatsize($size) . "</div></div>";
}
} else {
return $this->msg_error($lang['images_uperr_3'], 403);
}
} elseif (in_array($type, $this->allowed_extensions) and $user_group[$member_id['user_group']]['allow_image_upload']) {
if (intval($config['max_up_size']) and $size > $config['max_up_size'] * 1024 and !$config['max_up_side']) {
return $this->msg_error($lang['images_big'], 500);
}
if ($this->area != "template" and $this->area != "adminupload" and $user_group[$member_id['user_group']]['max_images']) {
$row = $db->super_query("SELECT images FROM " . PREFIX . "_images WHERE author = '{$this->author}' AND news_id = '{$this->news_id}'");
if ($row['images']) {
$count_images = count(explode("|||", $row['images']));
} else {
$count_images = false;
}
if ($count_images and $count_images >= $user_group[$member_id['user_group']]['max_images']) {
return $this->msg_error($lang['error_max_images'], 403);
}
}
$uploaded_filename = $this->file->saveFile(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX, $filename, $this->use_prefix);
if ($uploaded_filename) {
$added_time = time() + $config['date_adjust'] * 60;
@chmod(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename, 0666);
$i_info = @getimagesize(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename);
if (!in_array($i_info[2], array(1, 2, 3))) {
@unlink(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename);
return $this->msg_error($lang['upload_error_6'], 500);
}
$thumb = new thumbnail(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename);
if ($this->area != "template" and $this->area != "adminupload") {
$row = $db->super_query("SELECT COUNT(*) as count FROM " . PREFIX . "_images WHERE news_id = '{$this->news_id}' AND author = '{$this->author}'");
if (!$row['count']) {
$inserts = FOLDER_PREFIX . $uploaded_filename;
$db->query("INSERT INTO " . PREFIX . "_images (images, author, news_id, date) values ('{$inserts}', '{$this->author}', '{$this->news_id}', '{$added_time}')");
} else {
$row = $db->super_query("SELECT images FROM " . PREFIX . "_images WHERE news_id = '{$this->news_id}' AND author = '{$this->author}'");
if ($row['images'] == "") {
$listimages = array();
} else {
$listimages = explode("|||", $row['images']);
}
foreach ($listimages as $dataimages) {
if ($dataimages == FOLDER_PREFIX . $uploaded_filename) {
$error_image = "stop";
}
}
if ($error_image != "stop") {
$listimages[] = FOLDER_PREFIX . $uploaded_filename;
$row['images'] = implode("|||", $listimages);
$db->query("UPDATE " . PREFIX . "_images SET images='{$row['images']}' WHERE news_id = '{$this->news_id}' AND author = '{$this->author}'");
}
}
}
if ($this->area == "template") {
$inserts = FOLDER_PREFIX . $uploaded_filename;
$db->query("INSERT INTO " . PREFIX . "_static_files (static_id, author, date, name) values ('{$this->news_id}', '{$this->author}', '{$added_time}', '{$inserts}')");
$id = $db->insert_id();
}
if ($user_group[$member_id['user_group']]['allow_admin']) {
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$added_time}', '{$_IP}', '36', '{$uploaded_filename}')");
}
if ($this->make_thumb) {
if ($thumb->size_auto($this->t_size, $this->t_seite)) {
$thumb->jpeg_quality($config['jpeg_quality']);
if ($this->make_watermark) {
$thumb->insert_watermark($config['max_watermark']);
}
$thumb->save(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . "thumbs/" . $uploaded_filename);
@chmod(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . "thumbs/" . $uploaded_filename, 0666);
}
}
if ($member_id['user_group'] == 1) {
if ($this->make_watermark or $config['max_up_side']) {
$thumb = new thumbnail(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename);
$thumb->jpeg_quality($config['jpeg_quality']);
$re_save = false;
if (intval($config['max_up_side']) > 1 and $thumb->size_auto($config['max_up_side'], $config['o_seite'])) {
$re_save = true;
}
if ($this->make_watermark) {
$thumb->insert_watermark($config['max_watermark']);
$re_save = true;
}
if ($re_save) {
$thumb->save(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename);
}
}
} else {
$thumb = new thumbnail(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename);
$thumb->jpeg_quality($config['jpeg_quality']);
if ($config['max_up_side']) {
$thumb->size_auto($config['max_up_side'], $config['o_seite']);
}
if ($this->make_watermark) {
$thumb->insert_watermark($config['max_watermark']);
}
$thumb->save(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename);
}
if ($config['max_up_side']) {
$i_info = @getimagesize(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename);
}
if (file_exists(ROOT_DIR . "/uploads/" . $this->upload_path . FOLDER_PREFIX . "thumbs/" . $uploaded_filename)) {
$img_url = $config['http_home_url'] . "uploads/" . $this->upload_path . FOLDER_PREFIX . "thumbs/" . $uploaded_filename;
$thumb_data = "yes";
} else {
$img_url = $config['http_home_url'] . "uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename;
$thumb_data = "no";
}
$data_url = $config['http_home_url'] . "uploads/" . $this->upload_path . FOLDER_PREFIX . $uploaded_filename;
if ($this->area != "template") {
$return_box = "<div class=\"uploadedfile\"><div class=\"info\">{$filename}</div><div class=\"uploadimage\"><a class=\"uploadfile\" href=\"{$data_url}\" data-src=\"{$data_url}\" data-thumb=\"{$thumb_data}\" data-type=\"image\"><img style=\"width:auto;height:auto;max-width:100px;max-height:90px;\" src=\"" . $img_url . "\" /></a></div><div class=\"info\"><input type=\"checkbox\" name=\"images[" . FOLDER_PREFIX . $uploaded_filename . "]\" value=\"" . FOLDER_PREFIX . $uploaded_filename . "\" data-thumb=\"{$thumb_data}\" data-type=\"image\" data-src=\"{$data_url}\"> {$i_info[0]}x{$i_info[1]}</div></div>";
} else {
$return_box = "<div class=\"uploadedfile\"><div class=\"info\">{$filename}</div><div class=\"uploadimage\"><a class=\"uploadfile\" href=\"{$data_url}\" data-src=\"{$data_url}\" data-thumb=\"{$thumb_data}\" data-type=\"image\"><img style=\"width:auto;height:auto;max-width:100px;max-height:90px;\" src=\"" . $img_url . "\" /></a></div><div class=\"info\"><input type=\"checkbox\" name=\"static_files[]\" value=\"{$id}\" data-thumb=\"{$thumb_data}\" data-type=\"image\" data-src=\"{$data_url}\"> {$i_info[0]}x{$i_info[1]}</div></div>";
}
} else {
return $this->msg_error($lang['images_uperr_3'], 403);
}
} else {
return $this->msg_error($lang['images_uperr_2'], 403);
}
$return_box = addcslashes($return_box, "\t\n\r\"\\/");
return htmlspecialchars("{\"success\":true, \"returnbox\":\"{$return_box}\"}", ENT_NOQUOTES, $config['charset']);
}
