function curr_file($file_id)
{
global $db, $tpf, $settings, $code;
$file = $db->fetch_one_array("select * from {$tpf}files where file_id='{$file_id}'");
if (!$file) {
$file['is_del'] = 1;
} else {
$file['dl'] = create_down_url($file);
$in_extract = $code == md5($file['file_key']) ? 1 : 0;
$file['username'] = $file['p_name'] = @$db->result_first("select username from {$tpf}users where userid='{$file['userid']}' limit 1");
$rs = $db->fetch_one_array("select folder_id,folder_name from {$tpf}folders where userid='{$file['userid']}' and folder_id='{$file['folder_id']}'");
$file['file_category'] = $rs['folder_name'] ? '<a href="' . urr("space", "username="******"&folder_id=" . $rs['folder_id']) . '" target="_blank">' . $rs['folder_name'] . '</a>' : '- ' . __('uncategory') . ' -';
$file_key = trim($file['file_key']);
$tmp_ext = $file['file_extension'] ? '.' . $file['file_extension'] : "";
$file_extension = $file['file_extension'];
$file_ext = get_real_ext($file_extension);
$file['file_description'] = str_replace('<br>', LF, $file[file_description]);
$file['a_space'] = urr("space", "username="******"Y-m-d", $file['file_time']);
$file['credit_down'] = $file['file_credit'] ? (int) $file['file_credit'] : (int) $settings['credit_down'];
$file['username'] = $file[user_hidden] ? __('hidden') : ($file['username'] ? '<a href="' . $file['a_space'] . '">' . $file['username'] . '</a>' : __('hidden'));
$file['file_downs'] = $file['stat_hidden'] ? __('hidden') : get_discount($file[userid], $file['file_downs']);
$file['file_views'] = $file['stat_hidden'] ? __('hidden') : get_discount($file[userid], $file['file_views']);
$file['file_url'] = $settings['phpdisk_url'] . urr("viewfile", "file_id={$file['file_id']}");
if (get_plans(get_profile($file[userid], 'plan_id'), 'open_second_page') == 3) {
$file['a_downfile'] = urr("download", "file_id={$file_id}&key=" . random(32));
$file['a_downfile2'] = urr("download", "file_id={$file_id}&key=" . random(32));
}
}
return $file;
}
function curr_file($file_id)
{
global $db, $tpf, $settings;
$file = $db->fetch_one_array("select * from {$tpf}files where file_id='{$file_id}' and is_del=0");
if (!$file) {
$file['is_del'] = 1;
$file['file_name'] = __('visited_tips');
} else {
$file[dl] = create_down_url($file);
$file['is_del'] = 0;
$file_key = trim($file['file_key']);
$tmp_ext = $file['file_extension'] ? '.' . $file['file_extension'] : "";
$file_extension = $file['file_extension'];
$file_ext = get_real_ext($file_extension);
$file_description = $file['file_description'];
$file['file_description'] = nl2br($file['file_description']);
$file['a_space'] = urr("space", "username="******"viewfile", "file_id={$file['file_id']}");
return $file;
}
}
$db->free($q);
unset($rs);
exit;
break;
case 'download':
$file_id = (int) gpc('file_id', 'GP', 0);
$rs = $db->fetch_one_array("select * from {$tpf}files where file_id='{$file_id}' and userid='{$uid}'");
$tmp_ext = $rs[file_extension] ? '.' . $rs[file_extension] : '';
if ($rs[server_oid]) {
$host = @$db->result_first("select server_host from {$tpf}servers where server_oid='{$rs[server_oid]}'");
} else {
$host = $settings[phpdisk_url];
}
//$filter_arr = explode(',',$settings['filter_extension']);
//$tmp_ext = in_array($rs[file_extension],$filter_arr) ? '.txt'.$tmp_ext : $tmp_ext;
header("Location: " . $host . $settings[file_path] . '/' . $rs[file_store_path] . $rs[file_real_name] . get_real_ext($rs[file_extension]));
//echo "select * from {$tpf}files where file_id='$file_id' and userid='$uid'";
exit;
break;
case 'search':
$word = convert_str('gbk', 'utf-8', trim(gpc('word', 'P', '')));
if ($word) {
$q = $db->query("select * from {$tpf}files where userid='{$uid}' and is_del=0 and (file_name like '%{$word}%' or file_extension like '%{$word}%') order by file_id desc");
$num = $db->num_rows($q);
if ($num) {
echo 't' . LF;
while ($rs = $db->fetch_array($q)) {
$tmp_ext = $rs[file_extension] ? '.' . $rs[file_extension] : '';
$tmp_ext2 = $rs[file_extension] ? $rs[file_extension] : ' ';
$str = $rs[file_name] . $tmp_ext . '|' . $rs[file_size] . '|' . $tmp_ext2 . '|0|' . $rs[file_id] . '|' . date('Y-m-d', $rs[file_time]) . '|' . $rs[file_views] . '|' . $rs[file_downs];
$str = is_utf8() ? convert_str('utf-8', 'gbk', $str) : $str;
$file_size = (int) gpc('file_size', 'P', 0);
$file_name = is_utf8() ? convert_str('gbk', 'utf-8', $file_name) : $file_name;
$file_do_name = is_utf8() ? convert_str('gbk', 'utf-8', $file_do_name) : $file_do_name;
$file_extension = get_extension($file_do_name);
$esp = strlen($file_extension) + 1;
$file_real_name = $file_extension ? substr($file_do_name, 0, strlen($file_do_name) - $esp) : $file_do_name;
$file_name = $file_extension ? substr($file_name, 0, strlen($file_name) - $esp) : $file_name;
$rs = $db->fetch_one_array("select * from {$tpf}uploadx_files where userid='{$uid}' and file_real_name='{$file_real_name}' and file_name='{$file_name}' limit 1");
if ($rs) {
$tmp_ext = $rs[file_extension] ? '.' . $rs[file_extension] : '';
$dir1 = PHPDISK_ROOT . 'system/cache/';
$dir2 = PHPDISK_ROOT . $settings[file_path] . '/' . $rs[file_store_path];
make_dir($dir2);
$file = $dir1 . $rs[file_real_name] . $tmp_ext . '.phpdisk';
$file_real_name = md5(uniqid(mt_rand(), true) . microtime() . $uid);
$file_dest = $dir2 . $file_real_name . get_real_ext($rs[file_extension]);
//write_file(PHPDISK_ROOT.'system/s2.txt',$file.'|'.$file_dest.',');
//if(@filesize($file)==(int)$rs[file_size]){
if (file_exists($file) && @rename($file, $file_dest)) {
$file_real_path = PHPDISK_ROOT . '/' . $settings['file_path'] . '/';
$img_arr = getimagesize($file_dest);
if ($img_arr[2] && @in_array($file_extension, array('jpg', 'jpeg', 'png', 'gif', 'bmp'))) {
$is_image = 1;
make_thumb($file_dest, $file_real_path . $rs[file_store_path] . $file_real_name . '_thumb.' . $file_extension, $settings['thumb_width'], $settings['thumb_height']);
} else {
$is_image = 0;
}
if ($configs[server_key]) {
$server_oid = (int) @$db->result_first("select server_oid from {$tpf}servers where server_key='" . $db->escape($configs[server_key]) . "'");
} else {
$server_oid = 0;
} else {
$file_name = $db->escape($file['name']);
}
/*$file_name = str_replace(' ','_',$file_name);
$username = $db->result_first("select username from {$tpf}users where userid='$uid'");
$tmp_username = is_utf8() ? convert_str('utf-8','gbk',$username) : $username;*/
$file_real_path = PHPDISK_ROOT . $settings['file_path'] . '/';
$file_store_path = date('Y/m/d/');
//$file_store_path_store = is_utf8() ? convert_str('utf-8','gbk',$file_store_path) : $file_store_path;
make_dir($file_real_path . $file_store_path);
/*$num = $db->result_first("select count(*) from {$tpf}files where file_name='$file_name' and file_extension='$file_extension' and file_size='{$file[size]}' and userid='$uid' and folder_id='$folder_id'");
$file_real_name = $num ? $file_name.'_'.random(2) : $file_name;
$file_real_name_store = is_utf8() ? convert_str('utf-8','gbk',$file_real_name) : $file_real_name;*/
$file_real_name = md5(uniqid(mt_rand(), true) . microtime() . $pd_uid);
$file_ext = get_real_ext($file_extension);
$dest_file = $file_real_path . $file_store_path . $file_real_name . $file_ext;
if (!chk_deny_extension($file_extension) && upload_file($file['tmp_name'], $dest_file)) {
$report_status = 0;
$report_arr = explode(',', $settings['report_word']);
if (count($report_arr)) {
foreach ($report_arr as $value) {
if (strpos($file['name'], $value) !== false) {
$report_status = 2;
}
}
}
$file_key = random(8);
$file_mime = strtolower($db->escape($file['type']));
$img_arr = getimagesize($dest_file);
if ($img_arr[2] && @in_array($file_extension, array('jpg', 'jpeg', 'png', 'gif', 'bmp'))) {
#
# $Id: phpdisk_del_process.php 24 2012-09-05 02:52:59Z along $
#
# Copyright (C) 2008-2012 PHPDisk Team. All Rights Reserved.
#
*/
include "includes/commons.inc.php";
@set_time_limit(0);
@ignore_user_abort(true);
$server_arr = array('up' => '上传服务器', 'down' => '下载服务器', 'local' => '本地服务器');
$str = $_SERVER['QUERY_STRING'];
if ($str) {
parse_str(pd_encode($str, 'DECODE'));
$pp = iconv('utf-8', 'gbk', $pp);
$arr = explode('.', $pp);
$src_file = $arr[0] . get_real_ext($arr[1]);
$thumb_file = $arr[0] . '_thumb.' . $arr[1];
$out_txt = "删除结果:【{$server_arr[$server]}】【{$_SERVER['HTTP_HOST']}】,删除文件【{$file_name}】,文件ID:[{$file_id}]";
$file_extension = get_extension($file_name);
$esp = strlen($file_extension) + 1;
if ($file_extension) {
$file_name = substr($file_name, 0, strlen($file_name) - $esp);
}
$rs = $db->fetch_one_array("select file_real_name,file_extension,file_store_path from {$tpf}files where file_id='{$file_id}' limit 1");
if ($rs) {
$num = @$db->result_first("select count(*) from {$tpf}files where file_real_name='{$rs[file_real_name]}' and file_extension='{$rs[file_extension]}' and file_name='{$file_name}' and file_store_path='{$rs[file_store_path]}'");
}
if ($safe) {
if ($num == 1) {
if (@unlink(PHPDISK_ROOT . $src_file)) {
@unlink(PHPDISK_ROOT . $thumb_file);
$start_num = ($pg - 1) * $perpage;
$q = $db->query("select fl.*,u.username from {$sql_do} order by file_id desc limit {$start_num},{$perpage}");
$files_array = array();
while ($rs = $db->fetch_array($q)) {
$tmp_ext = $rs['file_extension'] ? '.' . $rs['file_extension'] : "";
$rs['file_name_all'] = $rs['file_name'] . $tmp_ext;
$rs['file_name'] = str_replace($word, '<span class="txtred">' . $word . '</span>', $rs['file_name'] . $tmp_ext);
$rs['a_user_view'] = urr(ADMINCP, "item=files&menu=file&action=index&view=user&uid=" . $rs['userid']);
$rs['file_size'] = get_size($rs['file_size']);
$rs['file_time'] = custom_time("Y-m-d", $rs['file_time']);
$rs['a_viewfile'] = urr("viewfile", "file_id={$rs['file_id']}");
$rs['a_recycle_delete'] = urr(ADMINCP, "item=files&menu=file&action=recycle_delete&file_id={$rs['file_id']}");
$rs[a_edit] = urr(ADMINCP, "item=files&menu=file&action=edit&file_id={$rs['file_id']}");
$rs['status_txt'] = $rs['is_locked'] ? "<span class=\"txtred\">" . __('locked_status') . "</span>" : "<span class=\"txtblue\">" . __('common_status') . "</span>";
$rs[checked_txt] = $check_arr_txt[$rs[is_checked]] ? $check_arr_txt[$rs[is_checked]] : '';
$rs['file_abs_path'] = $rs[yun_fid] ? '网盘云存储' : $rs['file_store_path'] . $rs['file_real_name'] . get_real_ext($rs['file_extension']);
$files_array[] = $rs;
}
$db->free($q);
unset($rs);
$page_nav = multi($total_num, $perpage, $pg, urr(ADMINCP, "item={$item}&menu=file&action=search&view={$view}&dd={$dd}&user="******"&word=" . rawurlencode($word) . "&sel_type={$sel_type}"));
require_once template_echo($item, $admin_tpl_dir, '', 1);
}
break;
case 'recycle_delete':
if ($settings['online_demo']) {
$error = true;
$sysmsg[] = __('online_demo_deny');
}
if (!$error) {
$file_id = (int) gpc('file_id', 'G', 0);
function create_down_url($file)
{
global $settings, $timestamp;
$pp = $file['file_store_path'] . $file['file_real_name'] . get_real_ext($file['file_extension']);
$fs = $file['file_size'];
$hash = strtoupper(md5($file['file_id'] . '_' . $file['file_size'] . '_' . $file['file_store_path'] . $file['file_real_name']));
$tmp_ext = $file['file_extension'] ? '.' . $file['file_extension'] : "";
$p_filename = filter_name($file['file_name'] . $tmp_ext);
$expire_time = $settings[dl_expire_time] ? $settings[dl_expire_time] + $timestamp : 0;
return urr("dl", pd_encode("file_name={$p_filename}&file_id={$file['file_id']}&fs={$fs}&pp={$pp}&hash={$hash}&expire_time={$expire_time}"));
}
return $file_ext;
}
function get_extension($name)
{
return strtolower(trim(strrchr($name, '.'), '.'));
}
$str = $_SERVER['QUERY_STRING'];
parse_str(pd_decode($str));
if ($expire_time && $expire_time < $timestamp) {
header("Content-Type: text/html; charset=utf-8");
$src_url = $settings[phpdisk_url] . "viewfile.php?file_id={$file_id}";
echo '<p>请登录原地址重新获取: <a href="' . $src_url . '" target="_blank">' . $src_url . '<a></p>';
echo '<p style="color:#ff0000">温馨提示:此文件链接已失效,请勿非法盗链。</p>';
exit;
}
$pp = $pp . get_real_ext(get_extension($pp));
if (!file_exists(PHPDISK_ROOT . FILE_PATH . '/' . $pp)) {
header("Content-Type: text/html; charset=utf-8");
echo '<p style="padding:10px; font-size:12px;">文件ID: ' . $file_id . '<br>';
echo '[' . $file_name . '] 文件不存在,请联系网站管理员处理。<br><br>';
echo '联系方式:' . $settings[contact_us] . '</p>';
} else {
$file_name = filter_name(str_replace("+", "%20", $file_name));
ob_end_clean();
$ua = $_SERVER["HTTP_USER_AGENT"];
if (preg_match("/MSIE/i", $ua)) {
header('Content-disposition: attachment;filename="' . iconv('utf-8', 'gbk', $file_name) . '"');
} else {
header('Content-disposition: attachment;filename="' . $file_name . '"');
}
header('Content-type: application/octet-stream');
while ($rs = $db->fetch_array($q)) {
//$rs[cate_name] = @$db->result_first("select cate_name from {$tpf}categories where cate_id='{$rs[cate_id]}'");
$tmp_ext = $rs['file_extension'] ? '.' . $rs['file_extension'] : "";
$rs['file_thumb'] = get_file_thumb($rs);
$rs['file_name_all'] = $rs['file_name'] . $tmp_ext;
$rs['file_name'] = $rs['file_name'] . $tmp_ext;
//$rs['a_space'] = urr("space","username="******"item=files&menu=file&action=index&view=user&uid=" . $rs['userid']);
$rs['file_size'] = get_size($rs['file_size']);
$rs['file_time'] = date("Y-m-d H:i:s", $rs['file_time']);
$rs['a_viewfile'] = urr("viewfile", "file_id={$rs['file_id']}");
$rs[commend_txt] = $rs[commend] ? __('commending') : '';
$rs[commend_class] = $rs[commend] ? 'class="txtblue"' : '';
$rs['a_recycle_delete'] = urr(ADMINCP, "item=files&action=recycle_delete&file_id={$rs['file_id']}");
$rs['status_txt'] = $rs['is_checked'] ? '<span class="txtblue">' . __('checked') . '</span>' : '<span class="txtred">' . __('unchecked') . '</span>';
$rs['file_abs_path'] = $rs['file_store_path'] . $rs['file_real_name'] . get_real_ext($rs['file_extension']);
$files_array[] = $rs;
}
$db->free($q);
unset($rs);
$page_nav = multi($total_num, $perpage, $pg, urr(ADMINCP, "item={$item}&menu=file&app={$app}&action={$action}&cate_id={$cate_id}"));
require_once template_echo($item, $admin_tpl_dir, '', 1);
}
break;
case 'chg_cate_status':
$cate_id = (int) gpc('cate_id', 'G', 0);
$status = (int) gpc('status', 'G', 0);
$status = $status ? 0 : 1;
if ($cate_id) {
$db->query_unbuffered("update {$tpf}categories set {$task}='{$status}' where cate_id='{$cate_id}' limit 1");
}
