} else { # All fine, continue $badcharacters = array("'", '"', "\\"); $newfilepath = bh_fpclean($infolder . "/" . str_replace($badcharacters, "", $fileinfo['name'])); $tmppath = $fileinfo['tempname']; bh_move_uploaded_file($tmppath, $newfilepath); # Make it add info into the db. $newfileobj = new bhfile($newfilepath); unset($newfileobj); bh_log(str_replace("#FILE#", $fileinfo['name'], $bhlang['notice:file_#FILE#_upload_success']), "BH_NOTICE"); bh_log(str_replace("#USER#", $bhsession['username'], str_replace("#FILE#", $newfilepath, $bhlang['log:#USER#_uploaded_#FILE#'])), "BH_FILE_UPLOAD"); } } else { # Error??? $newfilepath = bh_fpclean($infolder . "/" . $fileinfo['name']); bh_add_logvars(array("file" => $fileinfo['name'], "user" => $bhsession['username'], "username" => $bhsession['username'])); bh_add_error($bhlang['notice:file_#FILE#_upload_failure']); bh_add_log($bhlang['log:#USER#_failed_upload_#FILE#'], "BH_FILE_UPLOAD"); } } } # Show directory where they went $_GET['filepath'] = $infolder; require "modules/viewdir.inc.php"; } else { # Sorry, no access. bh_log($bhlang['error:no_write_permission'], "BH_ACCESS_DENIED"); require "modules/error.inc.php"; } } else { $layoutobj = new bhlayout("uploadform");
#author Andrew Godwin #description Plaintext editor for files #iscore 1 # Test for include status if (IN_BH != 1) { header("Location: ../index.php"); die; } $filepath = bh_fpclean($_GET['filepath']); $filename = bh_get_filename($filepath); if (bh_file_exists($filepath) == true) { if ($_POST['iscontent']) { $fileobj = new bhfile($filepath); $sizediff = strlen($_POST['file_content']) - $fileobj->fileinfo['filesize']; if ($bhcurrent['userobj']->spaceremaining() < $sizediff) { bh_add_logvars(array("quota" => $bhcurrent['userobj']->quota)); bh_add_error($bhlang['error:quota_exceeded']); require "modules/error.inc.php"; } else { $fileobj->filecontents = $_POST['file_content']; $fileobj->savefile(); bh_log($bhlang['notice:file_saved'], "BH_NOTICE"); bh_log(str_replace("#FILE#", $filepath, str_replace("#USER#", $bhsession['username'], $bhlang['log:#USER#_modified_#FILE#'])), "BH_FILE_MODIFIED"); require "modules/viewfile.inc.php"; } } else { $fileobj = new bhfile($filepath); $fileobj->loadfile(); $layoutobj = new bhlayout("editform"); $layoutobj->content1 = $fileobj->filecontents; $layoutobj->filepath = $filepath;
} if (empty($_GET['group'])) { $_GET['group'] = array(); } $group = array_merge($_POST['group'], $_GET['group']); if ($group['action'] == "add") { $grouprows = select_bhdb("groupusers", array("username" => $group['username'], "group" => $group['group']), ""); if (empty($grouprows)) { $userrows = select_bhdb("users", array("username" => $group['username']), ""); if (empty($userrows)) { bh_add_logvars(array("username" => $group['username'], "group" => $group['group'])); bh_add_error($bhlang['error:user_does_not_exist']); } else { insert_bhdb("groupusers", array("username" => $group['username'], "group" => $group['group'])); bh_add_logvars(array("username" => $group['username'], "group" => $group['group'])); bh_add_notice($bhlang['notice:user_added_to_group']); } } else { bh_add_logvars(array("username" => $group['username'], "group" => $group['group'])); bh_add_error($bhlang['error:user_is_in_group']); } } if ($group['action'] == "remove") { delete_bhdb("groupusers", array("username" => $group['username'], "group" => $group['group'])); bh_add_logvars(array("username" => $group['username'], "group" => $group['group'])); bh_add_notice($bhlang['notice:user_removed_from_group']); } $usersbygroup = bh_usersbygroup(); $layout->content1 = $usersbygroup; $layout->title = $bhlang['title:group_administration']; $layout->display();
} } # Sets logging variables to parse lang strings. function bh_add_logvars($vars) { global $bhlogvars; if (is_array($vars)) { if (is_array($bhlogvars)) { $bhlogvars = array_merge($vars, $bhlogvars); } else { $bhlogvars = $vars; } } } # Set some on script inclusion bh_add_logvars(array("ip" => $_SERVER['REMOTE_ADDR'])); # Will parse a string and replace #THESE# with their logvar, if found. function bh_parse_logvars($string) { global $bhlogvars; if (is_array($bhlogvars)) { foreach ($bhlogvars as $var => $val) { $string = str_replace("#" . strtoupper($var) . "#", $val, $string); } } return $string; } # Displays a notice function bh_add_notice($message) { global $bherrors, $bhlogvars;
# Email it ## if (bh_filelink_get_notify($filecode) == 1) { $username = bh_filelink_get($filecode, "username"); $userobj = new bhuser($username); $emailobj = new bhemail($userobj->userinfo['email']); $emailobj->subject = str_replace($replarray1, $replarray2, $bhlang['emailsubject:filemail_link_accessed']); $emailobj->message = str_replace($replarray1, $replarray2, $bhlang['email:filemail_link_accessed']); $emailobj->send(); } ############# header("Content-type: " . $fileobj->mimetype()); header("Content-Disposition: attachment; filename=" . $filename); header("Content-length: " . $fileobj->fileinfo['filesize']); # IE SSL fix header("Pragma: "); header("Cache-Control: "); $fileobj->readfile(); die; } else { bh_add_logvars(array("filename" => $filename, "filepath" => $filepath)); if (empty($fullname)) { $dstr = $emailfrom; } else { $dstr = $fullname . " [" . $emailfrom . "]"; } # Display a page with information $str = "<head><title>" . $bhlang['title:file_download'] . "</title><meta http-equiv='refresh' content='5;url=" . bh_filelink_uri($filecode) . "&download=1'><style>body {font-family: sans-serif;}</style></head>\n\t<body><b>" . $bhlang['title:file_download'] . "</b><br><br><table><tr><td>" . $bhlang['label:from'] . "</td><td>" . $dstr . "</td></tr><tr><td>" . $bhlang['label:filename'] . "</td><td>" . $filename . "</td></tr><tr><td>" . $bhlang['label:filesize'] . "</td><td>" . bh_humanise_filesize($fileobj->fileinfo['filesize']) . "</td></tr><tr><td>" . $bhlang['label:md5'] . "</td><td>" . $fileobj->md5() . "</td></tr></table><br>" . $bhlang['explain:filelink_download'] . "<br><br><a href='" . bh_filelink_uri($filecode) . "&download=1'>" . bh_parse_logvars($bhlang['button:download_file']) . "</a></body></html>"; die($str); } ?>