exit('[PHPDisk] Access Deny!'); } } */ $str = $_SERVER['QUERY_STRING']; if (!$str) { exit('[PHPDisk] Access Denied'); } $title = $settings['site_title']; //include PHPDISK_ROOT."./includes/header.inc.php"; if ($action == 'upload') { include PHPDISK_ROOT . "./includes/header.inc.php"; require_once template_echo('upload', $user_tpl_dir); include PHPDISK_ROOT . "./includes/footer.inc.php"; } else { if ($settings['close_guest_upload'] && !$pd_uid) { die(__('close_guest_upload_tips')); } else { $max_user_file_size = str_replace(' ', '', get_user_file_size($pd_gid)); $rand = random($settings[encrypt_key] ? strlen($settings[encrypt_key]) : 9); $guest_upload_url = urr("mydisk", "item=upload¶m={$rand}" . base64_encode("ts={$timestamp}&uid={$pd_uid}&folder_id={$folder_id}&sess_id={$sess_id}")); require_once template_echo('guest_upload', $user_tpl_dir); } } //include PHPDISK_ROOT."./includes/footer.inc.php"; if ($q) { $db->free($q); } $db->close(); unset($C, $L, $tpf, $configs, $rs); ob_end_flush();
# # $Id: upload.inc.php 14 2013-03-18 03:02:57Z along $ # # Copyright (C) 2008-2013 PHPDisk Team. All Rights Reserved. # */ if (!defined('IN_PHPDISK') || !defined('IN_MYDISK')) { exit('[PHPDisk] Access Denied'); } $server_oid = get_server_oid(); $is_locked = @$db->result_first("select is_locked from {$tpf}users where userid='{$pd_uid}'"); if ($is_locked) { exit("[PHPDISK] User locked"); } @set_time_limit(0); $max_user_file_size = get_user_file_size($pd_gid); $param = gpc('param', 'G', ''); if (in_array($task, array('doupload', 'guest_upload'))) { $len = $settings[encrypt_key] ? strlen($settings[encrypt_key]) : 9; parse_str(base64_decode(substr($param, -(strlen($param) - $len)))); } else { $file_id = (int) gpc('file_id', 'GP', 0); $folder_id = (int) gpc('folder_id', 'G', 0); $folder_node = (int) gpc('folder_node', 'G', 0); $uid = (int) gpc('uid', 'G', 0); } $action = $action ? $action : 'doupload'; switch ($action) { default: $rand = random($settings[encrypt_key] ? strlen($settings[encrypt_key]) : 9); $upload_url = urr("mydisk", "item=upload¶m={$rand}" . base64_encode("ts={$timestamp}&folder_id={$folder_id}&uid={$pd_uid}"));