foreach ($fupload as $fileinfo) { # If it's a valid upload... if (empty($fileinfo['name']) !== TRUE) { # Check the file actually exists. if (file_exists($fileinfo['tempname'])) { # Create thing of banned exts $bannedexts = array("exexexexex" => 1); $invalid = False; foreach ($bannedexts as $ext => $one) { if (substr($fileinfo['name'], 0 - strlen($ext)) == $ext) { $invalid = True; } } # Check the file would not exceed the quota if ($bhcurrent['userobj']->spaceremaining() < $fileinfo['size']) { bh_add_logvars(array("quota" => bh_humanise_filesize($bhcurrent['userobj']->quota))); bh_add_error($bhlang['error:quota_exceeded']); } elseif ($invalid) { print "You have tried to upload an invalid filetype."; exit; } else { # All fine, continue $badcharacters = array("'", '"', "\\"); $newfilepath = bh_fpclean($infolder . "/" . str_replace($badcharacters, "", $fileinfo['name'])); $tmppath = $fileinfo['tempname']; bh_move_uploaded_file($tmppath, $newfilepath); # Make it add info into the db. $newfileobj = new bhfile($newfilepath); unset($newfileobj); bh_log(str_replace("#FILE#", $fileinfo['name'], $bhlang['notice:file_#FILE#_upload_success']), "BH_NOTICE"); bh_log(str_replace("#USER#", $bhsession['username'], str_replace("#FILE#", $newfilepath, $bhlang['log:#USER#_uploaded_#FILE#'])), "BH_FILE_UPLOAD");
# Email it ## if (bh_filelink_get_notify($filecode) == 1) { $username = bh_filelink_get($filecode, "username"); $userobj = new bhuser($username); $emailobj = new bhemail($userobj->userinfo['email']); $emailobj->subject = str_replace($replarray1, $replarray2, $bhlang['emailsubject:filemail_link_accessed']); $emailobj->message = str_replace($replarray1, $replarray2, $bhlang['email:filemail_link_accessed']); $emailobj->send(); } ############# header("Content-type: " . $fileobj->mimetype()); header("Content-Disposition: attachment; filename=" . $filename); header("Content-length: " . $fileobj->fileinfo['filesize']); # IE SSL fix header("Pragma: "); header("Cache-Control: "); $fileobj->readfile(); die; } else { bh_add_logvars(array("filename" => $filename, "filepath" => $filepath)); if (empty($fullname)) { $dstr = $emailfrom; } else { $dstr = $fullname . " [" . $emailfrom . "]"; } # Display a page with information $str = "<head><title>" . $bhlang['title:file_download'] . "</title><meta http-equiv='refresh' content='5;url=" . bh_filelink_uri($filecode) . "&download=1'><style>body {font-family: sans-serif;}</style></head>\n\t<body><b>" . $bhlang['title:file_download'] . "</b><br><br><table><tr><td>" . $bhlang['label:from'] . "</td><td>" . $dstr . "</td></tr><tr><td>" . $bhlang['label:filename'] . "</td><td>" . $filename . "</td></tr><tr><td>" . $bhlang['label:filesize'] . "</td><td>" . bh_humanise_filesize($fileobj->fileinfo['filesize']) . "</td></tr><tr><td>" . $bhlang['label:md5'] . "</td><td>" . $fileobj->md5() . "</td></tr></table><br>" . $bhlang['explain:filelink_download'] . "<br><br><a href='" . bh_filelink_uri($filecode) . "&download=1'>" . bh_parse_logvars($bhlang['button:download_file']) . "</a></body></html>"; die($str); } ?>
} } elseif (strpos($email, "@") === FALSE) { bh_log(str_replace("#EMAIL#", $email, $bhlang['error:invalid_email_#EMAIL#']), "BH_ERROR"); } else { if ($_POST['filemail']['notify'] == "on") { $notify = 1; } else { $notify = 0; } $userobj = new bhuser($bhsession['username']); $emailfrom = $userobj->userinfo['email']; $filecode = bh_filelink_add($filepath, $expires, $bhsession['username'], $email, $notify); $emailobj = new bhemail($email); $emailobj->subject = $_POST['filemail']['subject']; $fileobj = new bhfile($filepath); $filesize = bh_humanise_filesize($fileobj->fileinfo['filesize']); $findarr = array("#DATE#", "#LINK#", "#SYSTEMNAME#", "#FILENAME#", "#FILESIZE#", "#MD5#"); $replarr = array(date("l dS F Y g:i A", $expires), bh_filelink_uri($filecode), $bhconfig['sitename'], bh_get_filename($filepath), $filesize, $fileobj->md5()); $emailobj->message = $_POST['filemail']['message'] . "\n\n" . str_replace($findarr, $replarr, $bhlang['email:filemail_footer']); if (!empty($emailfrom)) { $emailobj->from = $emailfrom; } $emailobj->send(); bh_log(str_replace("#EMAIL#", $email, $bhlang['notice:email_sent_to_#EMAIL#']), "BH_NOTICE"); } } } } else { bh_log($bhlang['error:expires_invalid'], "BH_ERROR"); } }
<?php $str .= "\n\n<br>\n<table class='toolbar' cellspacing='0' cellpadding='0' width='100%' align='center'>\n\t<tr height='10'>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/tl.png'></td>\n\t\t<td background='" . $this->skinpath . "images/sidebar/tc.png'></td>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/tr.png'></td>\n\t</tr>\n\t<tr height='30'>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/lc.png' width='10' height='30'></td>\n\t\t<td background='" . $this->skinpath . "images/sidebar/titlebg.png' align='center' valign='middle'><b>" . strtolower($bhlang['title:views']) . "</b></td>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/rc.png' width='10' height='30'></td>\n\t</tr>\n\t<tr>\n\t\t<td width='10' background='" . $this->skinpath . "images/sidebar/lc.png'> </td>\n\t\t<td valign='middle' align='center'><br>\n\t\t\t" . $this->viewlist() . "<br>\n\t\t</td>\n\t\t<td width='10' background='" . $this->skinpath . "images/sidebar/rc.png'> </td>\n\t</tr>\n\t<tr height='10'>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/bl.png'></td>\n\t\t<td background='" . $this->skinpath . "images/sidebar/bc.png'></td>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/br.png'></td>\n\t</tr>\n</table>\n"; if ($bhcurrent['userobj']->quota != 0) { $str .= "\n<br>\n<table class='toolbar' cellspacing='0' cellpadding='0' width='100%' align='center'>\n\t<tr height='10'>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/tl.png'></td>\n\t\t<td background='" . $this->skinpath . "images/sidebar/tc.png'></td>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/tr.png'></td>\n\t</tr>\n\t<tr height='30'>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/lc.png' width='10' height='30'></td>\n\t\t<td background='" . $this->skinpath . "images/sidebar/titlebg.png' align='center' valign='middle'><b>" . strtolower($bhlang['title:quota']) . "</b></td>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/rc.png' width='10' height='30'></td>\n\t</tr>\n\t<tr>\n\t\t<td width='10' background='" . $this->skinpath . "images/sidebar/lc.png'> </td>\n\t\t<td valign='middle' align='center'><br>\n\t\t\t"; $a1 = array("#QUOTA#", "#QUOTAUSED#"); $a2 = array(bh_humanise_filesize($bhcurrent['userobj']->quota), bh_humanise_filesize($bhcurrent['userobj']->getusedspace())); $str .= str_replace($a1, $a2, $bhlang['explain:you_have_used_some_quota']); $str .= "<br><br>\n\t\t</td>\n\t\t<td width='10' background='" . $this->skinpath . "images/sidebar/rc.png'> </td>\n\t</tr>\n\t<tr height='10'>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/bl.png'></td>\n\t\t<td background='" . $this->skinpath . "images/sidebar/bc.png'></td>\n\t\t<td width='10'><img src='" . $this->skinpath . "images/sidebar/br.png'></td>\n\t</tr>\n</table>\n"; }