function set($post) { global $MOD, $DT_TIME, $DT_IP, $_username, $_userid; $post['editor'] = $_username; $post['addtime'] = isset($post['addtime']) && $post['addtime'] ? strtotime($post['addtime']) : $DT_TIME; $post['edittime'] = $DT_TIME; $post['fee'] = dround($post['fee']); $post['video'] = fix_link(trim($post['video'])); $post['video_width'] = intval($post['video_width']); $post['video_height'] = intval($post['video_height']); $post['title'] = trim($post['title']); $post['content'] = stripslashes($post['content']); $post['content'] = save_local($post['content']); if ($MOD['clear_link']) { $post['content'] = clear_link($post['content']); } if ($MOD['save_remotepic']) { $post['content'] = save_remote($post['content']); } if ($MOD['introduce_length']) { $post['introduce'] = addslashes(get_intro($post['content'], $MOD['introduce_length'])); } if ($this->itemid) { $new = $post['content']; if ($post['thumb']) { $new .= '<img src="' . $post['thumb'] . '">'; } $r = $this->get_one(); $old = $r['content']; if ($r['thumb']) { $old .= '<img src="' . $r['thumb'] . '">'; } delete_diff($new, $old); if ($r['video'] != $post['video']) { delete_upload($r['video'], match_userid($r['video'])); } } else { $post['ip'] = $DT_IP; } $content = $post['content']; unset($post['content']); $post = dhtmlspecialchars($post); $post['content'] = addslashes(dsafe($content)); return array_map("trim", $post); }
$t = $db->get_one("SHOW TABLE STATUS FROM `" . $CFG['db_name'] . "` LIKE '" . $r['table'] . "'"); $r['rows'] = $t['Rows']; $r['name'] = $t['Comment']; $lists[] = $r; } include tpl('upload_part'); break; case 'play': isset($video) or exit; include tpl('header'); load('player.js'); exit('<script type="text/javascript">document.write(player("' . $video . '", 480, 360, 0 ,1));</script></body></html>'); break; case 'find': $kw or msg(); dheader('?file=' . $file . '&id=' . match_userid($kw) % 10 . '&kw=' . $kw); break; default: $sfields = array('按条件', '文件名', '会员', '来源', '后缀', '信息ID'); $dfields = array('fileurl', 'fileurl', 'username', 'upfrom', 'fileext', 'itemid'); $sorder = array('排序方式', '文件大小降序', '文件大小升序', '上传时间降序', '上传时间升序', '图片宽度降序', '图片宽度升序', '图片高度降序', '图片高度升序'); $dorder = array('pid DESC', 'filesize DESC', 'filesize ASC', 'addtime DESC', 'addtime ASC', 'width DESC', 'width ASC', 'height DESC', 'height ASC'); isset($fields) && isset($dfields[$fields]) or $fields = 0; isset($order) && isset($dorder[$order]) or $order = 0; $username = isset($username) ? $username : ''; $thumb = isset($thumb) ? intval($thumb) : 0; $upfrom = isset($upfrom) ? $upfrom : ''; $fromdate = isset($fromdate) ? $fromdate : ''; $fromtime = is_date($fromdate) ? strtotime($fromdate . ' 0:0:0') : 0; $todate = isset($todate) ? $todate : ''; $totime = is_date($todate) ? strtotime($todate . ' 23:59:59') : 0;
function delete_upload($file, $userid) { global $CFG, $DT, $DT_TIME, $ftp, $db; if (!defined('DT_ADMIN') && (!$userid || $userid != match_userid($file))) { return false; } $fileurl = $file; if (strpos($file, 'file/upload') === false) { //Remote if ($DT['ftp_remote'] && $DT['remote_url']) { if (strpos($file, $DT['remote_url']) !== false) { if (!is_object($ftp)) { require_once DT_ROOT . '/include/ftp.class.php'; $ftp = new dftp($DT['ftp_host'], $DT['ftp_user'], $DT['ftp_pass'], $DT['ftp_port'], $DT['ftp_path'], $DT['ftp_pasv'], $DT['ftp_ssl']); } $file = str_replace($DT['remote_url'], '', $file); $ftp->dftp_delete($file); if (strpos($file, '.thumb.') !== false) { $ext = file_ext($file); $F = str_replace('.thumb.' . $ext, '', $file); $ftp->dftp_delete($F); $F = str_replace('.thumb.' . $ext, '.middle.' . $ext, $file); $ftp->dftp_delete($F); } } } } else { $exp = explode("file/upload/", $file); $file = DT_ROOT . '/file/upload/' . $exp[1]; if (is_file($file) && strpos($exp[1], '..') === false) { file_del($file); if (strpos($file, '.thumb.') !== false) { $ext = file_ext($file); file_del(str_replace('.thumb.' . $ext, '', $file)); file_del(str_replace('.thumb.' . $ext, '.middle.' . $ext, $file)); } } } if ($DT['uploadlog']) { $db->query("DELETE FROM {$db->pre}upload_" . $userid % 10 . " WHERE item='" . md5($fileurl) . "'"); } }