function curr_file($file_id) { global $db, $tpf, $settings, $code; $file = $db->fetch_one_array("select * from {$tpf}files where file_id='{$file_id}'"); if (!$file) { $file['is_del'] = 1; } else { $file['dl'] = create_down_url($file); $in_extract = $code == md5($file['file_key']) ? 1 : 0; $file['username'] = $file['p_name'] = @$db->result_first("select username from {$tpf}users where userid='{$file['userid']}' limit 1"); $rs = $db->fetch_one_array("select folder_id,folder_name from {$tpf}folders where userid='{$file['userid']}' and folder_id='{$file['folder_id']}'"); $file['file_category'] = $rs['folder_name'] ? '<a href="' . urr("space", "username="******"&folder_id=" . $rs['folder_id']) . '" target="_blank">' . $rs['folder_name'] . '</a>' : '- ' . __('uncategory') . ' -'; $file_key = trim($file['file_key']); $tmp_ext = $file['file_extension'] ? '.' . $file['file_extension'] : ""; $file_extension = $file['file_extension']; $file_ext = get_real_ext($file_extension); $file['file_description'] = str_replace('<br>', LF, $file[file_description]); $file['a_space'] = urr("space", "username="******"Y-m-d", $file['file_time']); $file['credit_down'] = $file['file_credit'] ? (int) $file['file_credit'] : (int) $settings['credit_down']; $file['username'] = $file[user_hidden] ? __('hidden') : ($file['username'] ? '<a href="' . $file['a_space'] . '">' . $file['username'] . '</a>' : __('hidden')); $file['file_downs'] = $file['stat_hidden'] ? __('hidden') : get_discount($file[userid], $file['file_downs']); $file['file_views'] = $file['stat_hidden'] ? __('hidden') : get_discount($file[userid], $file['file_views']); $file['file_url'] = $settings['phpdisk_url'] . urr("viewfile", "file_id={$file['file_id']}"); if (get_plans(get_profile($file[userid], 'plan_id'), 'open_second_page') == 3) { $file['a_downfile'] = urr("download", "file_id={$file_id}&key=" . random(32)); $file['a_downfile2'] = urr("download", "file_id={$file_id}&key=" . random(32)); } } return $file; }
function curr_file($file_id) { global $db, $tpf, $settings; $file = $db->fetch_one_array("select * from {$tpf}files where file_id='{$file_id}' and is_del=0"); if (!$file) { $file['is_del'] = 1; $file['file_name'] = __('visited_tips'); } else { $file[dl] = create_down_url($file); $file['is_del'] = 0; $file_key = trim($file['file_key']); $tmp_ext = $file['file_extension'] ? '.' . $file['file_extension'] : ""; $file_extension = $file['file_extension']; $file_ext = get_real_ext($file_extension); $file_description = $file['file_description']; $file['file_description'] = nl2br($file['file_description']); $file['a_space'] = urr("space", "username="******"viewfile", "file_id={$file['file_id']}"); return $file; } }
$db->free($q); unset($rs); exit; break; case 'download': $file_id = (int) gpc('file_id', 'GP', 0); $rs = $db->fetch_one_array("select * from {$tpf}files where file_id='{$file_id}' and userid='{$uid}'"); $tmp_ext = $rs[file_extension] ? '.' . $rs[file_extension] : ''; if ($rs[server_oid]) { $host = @$db->result_first("select server_host from {$tpf}servers where server_oid='{$rs[server_oid]}'"); } else { $host = $settings[phpdisk_url]; } //$filter_arr = explode(',',$settings['filter_extension']); //$tmp_ext = in_array($rs[file_extension],$filter_arr) ? '.txt'.$tmp_ext : $tmp_ext; header("Location: " . $host . $settings[file_path] . '/' . $rs[file_store_path] . $rs[file_real_name] . get_real_ext($rs[file_extension])); //echo "select * from {$tpf}files where file_id='$file_id' and userid='$uid'"; exit; break; case 'search': $word = convert_str('gbk', 'utf-8', trim(gpc('word', 'P', ''))); if ($word) { $q = $db->query("select * from {$tpf}files where userid='{$uid}' and is_del=0 and (file_name like '%{$word}%' or file_extension like '%{$word}%') order by file_id desc"); $num = $db->num_rows($q); if ($num) { echo 't' . LF; while ($rs = $db->fetch_array($q)) { $tmp_ext = $rs[file_extension] ? '.' . $rs[file_extension] : ''; $tmp_ext2 = $rs[file_extension] ? $rs[file_extension] : ' '; $str = $rs[file_name] . $tmp_ext . '|' . $rs[file_size] . '|' . $tmp_ext2 . '|0|' . $rs[file_id] . '|' . date('Y-m-d', $rs[file_time]) . '|' . $rs[file_views] . '|' . $rs[file_downs]; $str = is_utf8() ? convert_str('utf-8', 'gbk', $str) : $str;
$file_size = (int) gpc('file_size', 'P', 0); $file_name = is_utf8() ? convert_str('gbk', 'utf-8', $file_name) : $file_name; $file_do_name = is_utf8() ? convert_str('gbk', 'utf-8', $file_do_name) : $file_do_name; $file_extension = get_extension($file_do_name); $esp = strlen($file_extension) + 1; $file_real_name = $file_extension ? substr($file_do_name, 0, strlen($file_do_name) - $esp) : $file_do_name; $file_name = $file_extension ? substr($file_name, 0, strlen($file_name) - $esp) : $file_name; $rs = $db->fetch_one_array("select * from {$tpf}uploadx_files where userid='{$uid}' and file_real_name='{$file_real_name}' and file_name='{$file_name}' limit 1"); if ($rs) { $tmp_ext = $rs[file_extension] ? '.' . $rs[file_extension] : ''; $dir1 = PHPDISK_ROOT . 'system/cache/'; $dir2 = PHPDISK_ROOT . $settings[file_path] . '/' . $rs[file_store_path]; make_dir($dir2); $file = $dir1 . $rs[file_real_name] . $tmp_ext . '.phpdisk'; $file_real_name = md5(uniqid(mt_rand(), true) . microtime() . $uid); $file_dest = $dir2 . $file_real_name . get_real_ext($rs[file_extension]); //write_file(PHPDISK_ROOT.'system/s2.txt',$file.'|'.$file_dest.','); //if(@filesize($file)==(int)$rs[file_size]){ if (file_exists($file) && @rename($file, $file_dest)) { $file_real_path = PHPDISK_ROOT . '/' . $settings['file_path'] . '/'; $img_arr = getimagesize($file_dest); if ($img_arr[2] && @in_array($file_extension, array('jpg', 'jpeg', 'png', 'gif', 'bmp'))) { $is_image = 1; make_thumb($file_dest, $file_real_path . $rs[file_store_path] . $file_real_name . '_thumb.' . $file_extension, $settings['thumb_width'], $settings['thumb_height']); } else { $is_image = 0; } if ($configs[server_key]) { $server_oid = (int) @$db->result_first("select server_oid from {$tpf}servers where server_key='" . $db->escape($configs[server_key]) . "'"); } else { $server_oid = 0;
} else { $file_name = $db->escape($file['name']); } /*$file_name = str_replace(' ','_',$file_name); $username = $db->result_first("select username from {$tpf}users where userid='$uid'"); $tmp_username = is_utf8() ? convert_str('utf-8','gbk',$username) : $username;*/ $file_real_path = PHPDISK_ROOT . $settings['file_path'] . '/'; $file_store_path = date('Y/m/d/'); //$file_store_path_store = is_utf8() ? convert_str('utf-8','gbk',$file_store_path) : $file_store_path; make_dir($file_real_path . $file_store_path); /*$num = $db->result_first("select count(*) from {$tpf}files where file_name='$file_name' and file_extension='$file_extension' and file_size='{$file[size]}' and userid='$uid' and folder_id='$folder_id'"); $file_real_name = $num ? $file_name.'_'.random(2) : $file_name; $file_real_name_store = is_utf8() ? convert_str('utf-8','gbk',$file_real_name) : $file_real_name;*/ $file_real_name = md5(uniqid(mt_rand(), true) . microtime() . $pd_uid); $file_ext = get_real_ext($file_extension); $dest_file = $file_real_path . $file_store_path . $file_real_name . $file_ext; if (!chk_deny_extension($file_extension) && upload_file($file['tmp_name'], $dest_file)) { $report_status = 0; $report_arr = explode(',', $settings['report_word']); if (count($report_arr)) { foreach ($report_arr as $value) { if (strpos($file['name'], $value) !== false) { $report_status = 2; } } } $file_key = random(8); $file_mime = strtolower($db->escape($file['type'])); $img_arr = getimagesize($dest_file); if ($img_arr[2] && @in_array($file_extension, array('jpg', 'jpeg', 'png', 'gif', 'bmp'))) {
# # $Id: phpdisk_del_process.php 24 2012-09-05 02:52:59Z along $ # # Copyright (C) 2008-2012 PHPDisk Team. All Rights Reserved. # */ include "includes/commons.inc.php"; @set_time_limit(0); @ignore_user_abort(true); $server_arr = array('up' => '上传服务器', 'down' => '下载服务器', 'local' => '本地服务器'); $str = $_SERVER['QUERY_STRING']; if ($str) { parse_str(pd_encode($str, 'DECODE')); $pp = iconv('utf-8', 'gbk', $pp); $arr = explode('.', $pp); $src_file = $arr[0] . get_real_ext($arr[1]); $thumb_file = $arr[0] . '_thumb.' . $arr[1]; $out_txt = "删除结果:【{$server_arr[$server]}】【{$_SERVER['HTTP_HOST']}】,删除文件【{$file_name}】,文件ID:[{$file_id}]"; $file_extension = get_extension($file_name); $esp = strlen($file_extension) + 1; if ($file_extension) { $file_name = substr($file_name, 0, strlen($file_name) - $esp); } $rs = $db->fetch_one_array("select file_real_name,file_extension,file_store_path from {$tpf}files where file_id='{$file_id}' limit 1"); if ($rs) { $num = @$db->result_first("select count(*) from {$tpf}files where file_real_name='{$rs[file_real_name]}' and file_extension='{$rs[file_extension]}' and file_name='{$file_name}' and file_store_path='{$rs[file_store_path]}'"); } if ($safe) { if ($num == 1) { if (@unlink(PHPDISK_ROOT . $src_file)) { @unlink(PHPDISK_ROOT . $thumb_file);
$start_num = ($pg - 1) * $perpage; $q = $db->query("select fl.*,u.username from {$sql_do} order by file_id desc limit {$start_num},{$perpage}"); $files_array = array(); while ($rs = $db->fetch_array($q)) { $tmp_ext = $rs['file_extension'] ? '.' . $rs['file_extension'] : ""; $rs['file_name_all'] = $rs['file_name'] . $tmp_ext; $rs['file_name'] = str_replace($word, '<span class="txtred">' . $word . '</span>', $rs['file_name'] . $tmp_ext); $rs['a_user_view'] = urr(ADMINCP, "item=files&menu=file&action=index&view=user&uid=" . $rs['userid']); $rs['file_size'] = get_size($rs['file_size']); $rs['file_time'] = custom_time("Y-m-d", $rs['file_time']); $rs['a_viewfile'] = urr("viewfile", "file_id={$rs['file_id']}"); $rs['a_recycle_delete'] = urr(ADMINCP, "item=files&menu=file&action=recycle_delete&file_id={$rs['file_id']}"); $rs[a_edit] = urr(ADMINCP, "item=files&menu=file&action=edit&file_id={$rs['file_id']}"); $rs['status_txt'] = $rs['is_locked'] ? "<span class=\"txtred\">" . __('locked_status') . "</span>" : "<span class=\"txtblue\">" . __('common_status') . "</span>"; $rs[checked_txt] = $check_arr_txt[$rs[is_checked]] ? $check_arr_txt[$rs[is_checked]] : ''; $rs['file_abs_path'] = $rs[yun_fid] ? '网盘云存储' : $rs['file_store_path'] . $rs['file_real_name'] . get_real_ext($rs['file_extension']); $files_array[] = $rs; } $db->free($q); unset($rs); $page_nav = multi($total_num, $perpage, $pg, urr(ADMINCP, "item={$item}&menu=file&action=search&view={$view}&dd={$dd}&user="******"&word=" . rawurlencode($word) . "&sel_type={$sel_type}")); require_once template_echo($item, $admin_tpl_dir, '', 1); } break; case 'recycle_delete': if ($settings['online_demo']) { $error = true; $sysmsg[] = __('online_demo_deny'); } if (!$error) { $file_id = (int) gpc('file_id', 'G', 0);
function create_down_url($file) { global $settings, $timestamp; $pp = $file['file_store_path'] . $file['file_real_name'] . get_real_ext($file['file_extension']); $fs = $file['file_size']; $hash = strtoupper(md5($file['file_id'] . '_' . $file['file_size'] . '_' . $file['file_store_path'] . $file['file_real_name'])); $tmp_ext = $file['file_extension'] ? '.' . $file['file_extension'] : ""; $p_filename = filter_name($file['file_name'] . $tmp_ext); $expire_time = $settings[dl_expire_time] ? $settings[dl_expire_time] + $timestamp : 0; return urr("dl", pd_encode("file_name={$p_filename}&file_id={$file['file_id']}&fs={$fs}&pp={$pp}&hash={$hash}&expire_time={$expire_time}")); }
return $file_ext; } function get_extension($name) { return strtolower(trim(strrchr($name, '.'), '.')); } $str = $_SERVER['QUERY_STRING']; parse_str(pd_decode($str)); if ($expire_time && $expire_time < $timestamp) { header("Content-Type: text/html; charset=utf-8"); $src_url = $settings[phpdisk_url] . "viewfile.php?file_id={$file_id}"; echo '<p>请登录原地址重新获取: <a href="' . $src_url . '" target="_blank">' . $src_url . '<a></p>'; echo '<p style="color:#ff0000">温馨提示:此文件链接已失效,请勿非法盗链。</p>'; exit; } $pp = $pp . get_real_ext(get_extension($pp)); if (!file_exists(PHPDISK_ROOT . FILE_PATH . '/' . $pp)) { header("Content-Type: text/html; charset=utf-8"); echo '<p style="padding:10px; font-size:12px;">文件ID: ' . $file_id . '<br>'; echo '[' . $file_name . '] 文件不存在,请联系网站管理员处理。<br><br>'; echo '联系方式:' . $settings[contact_us] . '</p>'; } else { $file_name = filter_name(str_replace("+", "%20", $file_name)); ob_end_clean(); $ua = $_SERVER["HTTP_USER_AGENT"]; if (preg_match("/MSIE/i", $ua)) { header('Content-disposition: attachment;filename="' . iconv('utf-8', 'gbk', $file_name) . '"'); } else { header('Content-disposition: attachment;filename="' . $file_name . '"'); } header('Content-type: application/octet-stream');
while ($rs = $db->fetch_array($q)) { //$rs[cate_name] = @$db->result_first("select cate_name from {$tpf}categories where cate_id='{$rs[cate_id]}'"); $tmp_ext = $rs['file_extension'] ? '.' . $rs['file_extension'] : ""; $rs['file_thumb'] = get_file_thumb($rs); $rs['file_name_all'] = $rs['file_name'] . $tmp_ext; $rs['file_name'] = $rs['file_name'] . $tmp_ext; //$rs['a_space'] = urr("space","username="******"item=files&menu=file&action=index&view=user&uid=" . $rs['userid']); $rs['file_size'] = get_size($rs['file_size']); $rs['file_time'] = date("Y-m-d H:i:s", $rs['file_time']); $rs['a_viewfile'] = urr("viewfile", "file_id={$rs['file_id']}"); $rs[commend_txt] = $rs[commend] ? __('commending') : ''; $rs[commend_class] = $rs[commend] ? 'class="txtblue"' : ''; $rs['a_recycle_delete'] = urr(ADMINCP, "item=files&action=recycle_delete&file_id={$rs['file_id']}"); $rs['status_txt'] = $rs['is_checked'] ? '<span class="txtblue">' . __('checked') . '</span>' : '<span class="txtred">' . __('unchecked') . '</span>'; $rs['file_abs_path'] = $rs['file_store_path'] . $rs['file_real_name'] . get_real_ext($rs['file_extension']); $files_array[] = $rs; } $db->free($q); unset($rs); $page_nav = multi($total_num, $perpage, $pg, urr(ADMINCP, "item={$item}&menu=file&app={$app}&action={$action}&cate_id={$cate_id}")); require_once template_echo($item, $admin_tpl_dir, '', 1); } break; case 'chg_cate_status': $cate_id = (int) gpc('cate_id', 'G', 0); $status = (int) gpc('status', 'G', 0); $status = $status ? 0 : 1; if ($cate_id) { $db->query_unbuffered("update {$tpf}categories set {$task}='{$status}' where cate_id='{$cate_id}' limit 1"); }