if (!empty($p) and !is_dir(NV_ROOTDIR . '/' . NV_UPLOADS_DIR . '/' . $cp . $p)) {
$mk = nv_mkdir(NV_ROOTDIR . '/' . NV_UPLOADS_DIR . '/' . $cp, $p);
if ($mk[0] > 0) {
$upload_real_dir_page = $mk[2];
}
} elseif (!empty($p)) {
$upload_real_dir_page = NV_ROOTDIR . '/' . NV_UPLOADS_DIR . '/' . $cp . $p;
}
$cp .= $p . '/';
}
}
}
$currentpath = str_replace(NV_ROOTDIR . '/', '', $upload_real_dir_page);
require_once NV_ROOTDIR . "/includes/class/image.class.php";
foreach ($imageMatch as $imageSrc) {
if (nv_check_url($imageSrc)) {
$_image = new image($imageSrc);
if ($_image->fileinfo['width'] > 50) {
if ($_image->fileinfo['width'] > NV_MAX_WIDTH) {
$_image->resizeXY(NV_MAX_WIDTH, NV_MAX_HEIGHT);
}
$basename = explode(".", basename($imageSrc));
array_pop($basename);
$basename = implode("-", $basename);
$basename = preg_replace('/^\\W+|\\W+$/', '', $basename);
$basename = preg_replace('/[ ]+/', '_', $basename);
$basename = strtolower(preg_replace('/\\W-/', '', $basename));
$basename .= '.' . $_image->fileinfo['ext'];
$thumb_basename = $basename;
$i = 1;
while (file_exists(NV_ROOTDIR . '/' . $currentpath . '/' . $thumb_basename)) {
$ls = explode("<br />", $ls);
$ls = array_map("trim", $ls);
foreach ($ls as $l) {
if (!empty($l)) {
$links[] = $l;
}
}
}
}
}
if (!empty($links)) {
foreach ($links as $link) {
if (!nv_is_url($link)) {
die("NO_" . $id);
}
if (!nv_check_url($link)) {
die("NO_" . $id);
}
}
}
die("OK_" . $id);
}
//Del
if ($nv_Request->isset_request('del', 'post')) {
if (!defined('NV_IS_AJAX')) {
die('Wrong URL');
}
$id = $nv_Request->get_int('id', 'post', 0);
if (!$id) {
die("NO");
}
$url = substr($url, strlen(NV_BASE_SITEURL));
$url = NV_ROOTDIR . '/' . $url;
if (!file_exists($url)) {
die($lang_module['file_checkUrl_error']);
}
} else {
$url = trim($url);
$url = nv_nl2br($url, '<br />');
$url = explode('<br />', $url);
$url = array_map('trim', $url);
foreach ($url as $l) {
if (!empty($l)) {
if (!nv_is_url($l)) {
die($lang_module['file_checkUrl_error']);
}
if (!nv_check_url($l)) {
die($lang_module['file_checkUrl_error']);
}
}
}
}
die($lang_module['file_checkUrl_ok']);
}
// Download file
if ($nv_Request->isset_request('fdownload', 'get')) {
$file = $nv_Request->get_string('fdownload', 'get', '');
if (!empty($file)) {
$file = substr($file, strlen(NV_BASE_SITEURL));
$file = NV_ROOTDIR . '/' . $file;
$download = new NukeViet\Files\Download($file, NV_UPLOADS_REAL_DIR);
$download->download_file();
$key = $nv_Request->get_int('id', 'post', 0);
// Neu da dang nhap thi khong duoc phep doi ten dang nhap
$username = !empty($user_info['username']) ? $user_info['username'] : $user;
$userid = !empty($user_info['userid']) ? $user_info['userid'] : 0;
// Kiem tra thoi gian
$timeout = $nv_Request->get_int($module_name . '_error_' . $where . "_" . $key, 'cookie', 0);
if ($timeout == 0 or NV_CURRENTTIME - $timeout > 90) {
$check = 0;
// Neu day la ba hat va kiem tra loi khong ton tai
if ($where == 'song' and $root_error == "check") {
$song = getsongbyID($key);
$url = outputURL($song['server'], $song['duongdan']);
if ($song['server'] == 1) {
$url = NV_MY_DOMAIN . $url;
}
if (nv_check_url($url)) {
$ok = 1;
die($lang_module['send_error_not']);
} else {
$ok = 0;
}
$check = 1;
}
$nv_Request->set_Cookie($module_name . '_error_' . $where . "_" . $key, NV_CURRENTTIME);
if ($check == 0 or $check == 1 and $ok == 0) {
$sql = "INSERT INTO `" . NV_PREFIXLANG . "_" . $module_data . "_error` VALUES (\n\t\t\t\tNULL, \n\t\t\t\t" . $key . ", \n\t\t\t\t" . $userid . ", \n\t\t\t\t" . $db->dbescape($username) . ", \n\t\t\t\t" . $db->dbescape($root_error . " | " . $body) . ", \n\t\t\t\t" . $db->dbescape($where) . ", \n\t\t\t\t" . NV_CURRENTTIME . ", \n\t\t\t\t" . $db->dbescape($client_info['ip']) . ", 1\n\t\t\t)";
if ($db->sql_query_insert_id($sql)) {
die($lang_module['send_error_suc']);
} else {
die($lang_module['send_error_error']);
}
/**
* nv_check_url()
*
* @param string $url
* @param bool $is_200
* @return
*/
function nv_check_url($url, $is_200 = 0)
{
if (empty($url)) {
return false;
}
$url = str_replace(' ', '%20', $url);
$allow_url_fopen = ini_get('allow_url_fopen') == '1' || strtolower(ini_get('allow_url_fopen')) == 'on' ? 1 : 0;
if (nv_function_exists('get_headers') and $allow_url_fopen == 1) {
$res = get_headers($url);
} elseif (nv_function_exists('curl_init') and nv_function_exists('curl_exec')) {
$url_info = @parse_url($url);
$port = isset($url_info['port']) ? intval($url_info['port']) : 80;
$userAgents = array('Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9) Gecko/2008052906 Firefox/3.0', 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)', 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)', 'Mozilla/4.8 [en] (Windows NT 6.0; U)', 'Opera/9.25 (Windows NT 6.0; U; en)');
$open_basedir = ini_get('open_basedir') == '1' || strtolower(ini_get('open_basedir')) == 'on' ? 1 : 0;
srand((double) microtime() * 10000000);
$rand = array_rand($userAgents);
$agent = $userAgents[$rand];
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_NOBODY, true);
curl_setopt($curl, CURLOPT_PORT, $port);
if ($open_basedir) {
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
}
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_TIMEOUT, 15);
curl_setopt($curl, CURLOPT_USERAGENT, $agent);
$response = curl_exec($curl);
curl_close($curl);
if ($response === false) {
trigger_error(curl_error($curl), E_USER_WARNING);
return false;
} else {
$res = explode('\\n', $response);
}
} elseif (nv_function_exists('fsockopen') and nv_function_exists('fgets')) {
$res = array();
$url_info = parse_url($url);
$port = isset($url_info['port']) ? intval($url_info['port']) : 80;
$fp = fsockopen($url_info['host'], $port, $errno, $errstr, 15);
if (!$fp) {
trigger_error($errstr, E_USER_WARNING);
return false;
}
$path = !empty($url_info['path']) ? $url_info['path'] : '/';
$path .= !empty($url_info['query']) ? '?' . $url_info['query'] : '';
fputs($fp, "HEAD " . $path . " HTTP/1.0\r\n");
fputs($fp, "Host: " . $url_info['host'] . ":" . $port . "\r\n");
fputs($fp, "Connection: close\r\n\r\n");
while (!feof($fp)) {
if ($header = trim(fgets($fp, 1024))) {
$res[] = $header;
}
}
@fclose($fp);
} else {
trigger_error('error server no support check url', E_USER_WARNING);
return false;
}
if (empty($res)) {
return false;
}
if (preg_match('/(200)/', $res[0])) {
return true;
}
if ($is_200 > 5) {
return false;
}
if (preg_match('/(301)|(302)|(303)/', $res[0])) {
foreach ($res as $k => $v) {
if (preg_match('/location:\\s(.*?)$/is', $v, $matches)) {
++$is_200;
$location = trim($matches[1]);
return nv_check_url($location, $is_200);
}
}
}
return false;
}
* @Createdate 3-6-2010 0:30
*/
if (!defined('NV_IS_MOD_DOWNLOAD')) {
die('Stop!!!');
}
if (!$nv_Request->isset_request('session_files', 'session')) {
die('Wrong URL');
}
$session_files = $nv_Request->get_string('session_files', 'session', '');
if (empty($session_files)) {
die('Wrong URL');
}
$session_files = unserialize($session_files);
if ($nv_Request->isset_request('code', 'get')) {
$code = $nv_Request->get_string('code', 'get', '');
if (empty($code) or !preg_match("/^([a-z0-9]{32})\$/i", $code) or !isset($session_files['linkdirect'][$code]) or !nv_check_url($session_files['linkdirect'][$code]['link'])) {
die('Wrong URL');
}
$sql = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "` SET `download_hits`=download_hits+1 WHERE `id`=" . intval($session_files['linkdirect'][$code]['id']);
$db->sql_query($sql);
$content = "<br /><img border=\"0\" src=\"" . NV_BASE_SITEURL . "images/load_bar.gif\"><br /><br />\n";
$content .= sprintf($lang_module['download_wait2'], $session_files['linkdirect'][$code]['link']);
$content .= "<meta http-equiv=\"refresh\" content=\"5;url=" . $session_files['linkdirect'][$code]['link'] . "\" />";
nv_info_die($lang_module['download_detail'], $lang_module['download_wait'], $content);
die;
}
if (!$nv_Request->isset_request('file', 'get')) {
die('Wrong URL');
}
$file = $nv_Request->get_string('file', 'get', '');
if (empty($file)) {
$image = substr($image, $lu);
}
}
if (!empty($url)) {
if (!preg_match("#^(http|https|ftp|gopher)\\:\\/\\/#", $url)) {
$url = "http://" . $url;
}
}
$admin_phone = "";
$admin_email = "";
$note = "";
$description = filter_text_textarea('description', '', NV_ALLOWED_HTML_TAGS);
$description = defined('NV_EDITOR') ? nv_editor_nl2br($description) : nv_nl2br($description, '<br />');
$status = $nv_Request->get_int('status', 'post') == 1 ? 1 : 0;
// check url
if (empty($url) || !nv_is_url($url) || !check_url($id, $url) || !nv_check_url($url)) {
$error = $lang_module['error_url'];
} elseif (empty($title)) {
$error = $lang_module['error_title'];
} elseif (strip_tags($description) == "") {
$error = $lang_module['error_description'];
} else {
if ($id > 0) {
$sql = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_rows` SET `catid`=" . $catid . ", `title`=" . $db->dbescape($title) . ", `alias` = " . $db->dbescape($alias) . ", `url` = " . $db->dbescape($url) . ", `urlimg` = " . $db->dbescape($image) . ", `description`=" . $db->dbescape($description) . ", `edit_time` = UNIX_TIMESTAMP(), `status`=" . $status . " WHERE `id` =" . $id;
$db->sql_query($sql);
if ($db->sql_affectedrows() > 0) {
nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['weblink_edit_link'], $title, $admin_info['userid']);
Header("Location: " . NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name);
die;
} else {
$error = $lang_module['errorsave'];
/**
* nv_check_url()
*
* @param mixed $url
* @param bool $is_200
* @return
*/
function nv_check_url($url, $is_200 = false)
{
if (empty($url)) {
return false;
}
$res = get_headers($url);
if (!$res) {
return false;
}
if (preg_match("/(200)/", $res[0])) {
return true;
}
if ($is_200) {
return false;
}
if (preg_match("/(301)|(302)|(303)/", $res[0])) {
foreach ($res as $k => $v) {
unset($matches);
if (preg_match("/location:\\s(.*?)\$/is", $v, $matches)) {
$location = trim($matches[1]);
return nv_check_url($location, true);
}
}
}
return false;
}
