} elseif (!$field['unchangeable'] || !$member[$field_key]) { $fieldadd[] = "{$field_key}='" . dhtmlspecialchars($field_val) . "'"; } } $memberfieldsql = implode(', ', $fieldadd); } elseif ($typeid == 4) { if ($maxsigsize) { if (strlen($signaturenew) > $maxsigsize) { showmessage('profile_sig_toolong'); } } else { $signaturenew = ''; } $avataradd = $avatar = ''; $avatarimagesize = array(); if ($allowavatar == 3 && disuploadedfile($_FILES['customavatar']['tmp_name']) && $_FILES['customavatar']['tmp_name'] != 'none' && $_FILES['customavatar']['tmp_name'] && trim($_FILES['customavatar']['name'])) { $_FILES['customavatar']['name'] = daddslashes($_FILES['customavatar']['name']); $avatarext = strtolower(fileext($_FILES['customavatar']['name'])); if (is_array($avatarextarray) && !in_array($avatarext, $avatarextarray)) { showmessage('profile_avatar_invalid'); } $avatar = 'customavatars/' . $discuz_uid . '.' . $avatarext; $avatartarget = DISCUZ_ROOT . './' . $avatar; if (!@copy($_FILES['customavatar']['tmp_name'], $avatartarget)) { @move_uploaded_file($_FILES['customavatar']['tmp_name'], $avatartarget); } $avatarimagesize = @getimagesize($avatartarget); if (!$avatarimagesize || $maxavatarsize && @filesize($avatartarget) > $maxavatarsize) { @unlink($avatartarget); showmessage($avatarimagesize ? 'profile_avatar_toobig' : 'profile_avatar_invalid'); }
function attach_upload($varname = 'attach', $multi = 0) { global $db, $tablepre, $extension, $typemaxsize, $allowsetattachperm, $attachperm, $maxprice, $attachprice, $attachdesc, $attachsave, $attachdir, $thumbstatus, $thumbwidth, $thumbheight, $maxattachsize, $maxsizeperday, $maxattachnum, $attachextensions, $watermarkstatus, $watermarktype, $watermarktrans, $watermarkquality, $watermarktext, $_FILES, $discuz_uid, $imageexists; $attachments = $attacharray = array(); $imageexists = 0; static $safeext = array('jpg', 'jpeg', 'gif', 'png', 'swf', 'bmp', 'txt', 'zip', 'rar', 'doc', 'mp3'); static $imgext = array('jpg', 'jpeg', 'gif', 'png', 'bmp'); if ($multi) { if (isset($_FILES[$varname]) && is_array($_FILES[$varname])) { foreach ($_FILES[$varname] as $key => $var) { foreach ($var as $id => $val) { $attachments[$id][$key] = $val; } } } } else { $attachments[0] = $_FILES[$varname]; } if (empty($attachments)) { return FALSE; } $allowuploadnum = count($attachments); if ($maxattachnum) { $allowuploadnum = $maxattachnum - $db->result_first("SELECT count(*) FROM {$tablepre}attachments WHERE uid='{$GLOBALS['discuz_uid']}' AND dateline>'{$GLOBALS['timestamp']}'-86400"); $allowuploadnum = $allowuploadnum < 0 ? 0 : $allowuploadnum; } foreach ($attachments as $key => $attach) { $attach_saved = false; $attach['uid'] = $discuz_uid; if ($allowuploadnum == 0 || !disuploadedfile($attach['tmp_name']) || !($attach['tmp_name'] != 'none' && $attach['tmp_name'] && $attach['name'])) { continue; } $filename = daddslashes($attach['name']); $attach['ext'] = strtolower(fileext($attach['name'])); $extension = in_array($attach['ext'], $safeext) ? $attach['ext'] : 'attach'; if (in_array($attach['ext'], $imgext)) { $attach['isimage'] = $attach['isimage'] ? $attach['isimage'] : 1; $imageexists = 1; } else { $attach['isimage'] = 0; } $attach['thumb'] = 0; $attach['name'] = htmlspecialchars($attach['name'], ENT_QUOTES); if (strlen($attach['name']) > 90) { $attach['name'] = 'abbr_' . md5($attach['name']) . '.' . $attach['ext']; } if ($attachextensions && (!preg_match("/(^|\\s|,)" . preg_quote($attach['ext'], '/') . "(\$|\\s|,)/i", $attachextensions) || !$attach['ext'])) { if ($multi) { upload_error('post_attachment_ext_notallowed', $attacharray); } else { return 1; } } if (empty($attach['size'])) { if ($multi) { upload_error('post_attachment_size_invalid', $attacharray); } else { return 2; } } if ($maxattachsize && $attach['size'] > $maxattachsize) { if ($multi) { upload_error('post_attachment_toobig', $attacharray); } else { return 3; } } if ($type = $db->fetch_first("SELECT maxsize FROM {$tablepre}attachtypes WHERE extension='" . addslashes($attach['ext']) . "'")) { if ($type['maxsize'] == 0) { if ($multi) { upload_error('post_attachment_ext_notallowed', $attacharray); } else { return 4; } } elseif ($attach['size'] > $type['maxsize']) { require_once DISCUZ_ROOT . './include/attachment.func.php'; $typemaxsize = sizecount($type['maxsize']); if ($multi) { upload_error('post_attachment_type_toobig', $attacharray); } else { return 5; } } } if ($attach['size'] && $maxsizeperday) { if (!isset($todaysize)) { $todaysize = intval($db->result_first("SELECT SUM(filesize) FROM {$tablepre}attachments\r\n\t\t\t\t\tWHERE uid='{$GLOBALS['discuz_uid']}' AND dateline>'{$GLOBALS['timestamp']}'-86400")); } $todaysize += $attach['size']; if ($todaysize >= $maxsizeperday) { $maxsizeperday = $maxsizeperday / 1048576 >= 1 ? round($maxsizeperday / 1048576, 1) . 'MB' : round($maxsizeperday / 1024) . 'KB'; if ($multi) { upload_error('post_attachment_quota_exceed', $attacharray); } else { return 6; } } } if ($attachsave) { if ($multi) { switch ($attachsave) { case 1: $attach_subdir = 'forumid_' . $GLOBALS['fid']; break; case 2: $attach_subdir = 'ext_' . $extension; break; case 3: $attach_subdir = 'month_' . date('ym'); break; case 4: $attach_subdir = 'day_' . date('ymd'); break; } } else { $attach_subdir = 'swfupload'; } $attach_dir = $attachdir . '/' . $attach_subdir; if (!is_dir($attach_dir)) { @mkdir($attach_dir, 0777); @fclose(fopen($attach_dir . '/index.htm', 'w')); } $attach['attachment'] = $attach_subdir . '/'; } else { $attach['attachment'] = ''; } $attach['attachment'] .= preg_replace("/(php|phtml|php3|php4|jsp|exe|dll|asp|cer|asa|shtml|shtm|aspx|asax|cgi|fcgi|pl)(\\.|\$)/i", "_\\1\\2", date('ymdHi') . substr(md5($filename . microtime() . random(6)), 8, 16) . '.' . $extension); $target = $attachdir . '/' . $attach['attachment']; if (@copy($attach['tmp_name'], $target) || function_exists('move_uploaded_file') && @move_uploaded_file($attach['tmp_name'], $target)) { @unlink($attach['tmp_name']); $attach_saved = true; } if (!$attach_saved && @is_readable($attach['tmp_name'])) { @($fp = fopen($attach['tmp_name'], 'rb')); @flock($fp, 2); @($attachedfile = fread($fp, $attach['size'])); @fclose($fp); @($fp = fopen($target, 'wb')); @flock($fp, 2); if (@fwrite($fp, $attachedfile)) { @unlink($attach['tmp_name']); $attach_saved = true; } @fclose($fp); } if ($attach_saved) { @chmod($target, 0644); $width = $height = $type = 0; if ($attach['isimage'] || $attach['ext'] == 'swf') { $imagesize = @getimagesize($target); list($width, $height, $type) = (array) $imagesize; $size = $width * $height; if ($size > 16777216 || $size < 4 || empty($type) || $attach['isimage'] && !in_array($type, array(1, 2, 3, 6, 13))) { @unlink($target); if ($multi) { upload_error('post_attachment_image_checkerror', $attacharray); } else { return 7; } } } if ($attach['isimage'] && ($thumbstatus || $watermarkstatus)) { require_once DISCUZ_ROOT . './include/image.class.php'; $image = new Image($target, $attach); if ($image->imagecreatefromfunc && $image->imagefunc) { $image->Thumb($thumbwidth, $thumbheight); $multi && $image->Watermark(); $attach = $image->attach; } } $attach['width'] = 0; if ($attach['isimage'] || $attach['ext'] == 'swf') { $imagesize = @getimagesize($target); list($width) = (array) $imagesize; $attach['width'] = $width; } $attach['remote'] = $multi ? ftpupload($target, $attach) : 0; $attach['perm'] = $allowsetattachperm ? intval($attachperm[$key]) : 0; $attach['description'] = cutstr(dhtmlspecialchars($attachdesc[$key]), 100); $attach['price'] = $maxprice ? intval($attachprice[$key]) <= $maxprice ? intval($attachprice[$key]) : $maxprice : 0; $attacharray[$key] = $attach; $allowuploadnum--; } else { if ($multi) { upload_error('post_attachment_save_error', $attacharray); } else { return 8; } } } return !empty($attacharray) ? $attacharray : false; }
// --------------------------------------------------------------// // 本程序主页:http://www.sablog.net // ==============================================================// if (!defined('SABLOG_ROOT') || !isset($php_self) || !preg_match("/[\\/\\\\]cp\\.php\$/", $php_self)) { exit('Access Denied'); } permission(array(1, 2)); $max_upload_size = max_upload_size(); $max_upload_size_unit = sizecount($max_upload_size); $attachments = $attach_data = array(); if ($uploadmode == 'swf') { if (isset($_FILES["Filedata"]) && is_array($_FILES["Filedata"])) { $attach = $_FILES["Filedata"]; } $gd_version = gd_version(); if (disuploadedfile($attach['tmp_name']) || !($attach['tmp_name'] != 'none' && $attach['tmp_name'] && $attach['name'])) { $attach['name'] = strtolower($attach['name']); $attach['ext'] = getextension($attach['name']); $attach['type'] = mime_content_type($attach['name']); $fnamehash = md5(uniqid(microtime())); $attachsubdir = '/date_' . sadate('Ym') . '/'; // 取得附件目录的绝对路径 $attach_dir = SABLOG_ROOT . $options['attachments_dir'] . $attachsubdir; if (!is_dir($attach_dir)) { mkdir($attach_dir, 0777); @chmod($attach_dir, 0777); fclose(fopen($attach_dir . 'index.htm', 'w')); } // 判断上传的类型 // path变量为管理目录相对路径,后台操作用 // filepath变量为跟目录相对路径,前台读取用