private function move_uploaded_attachment($file, $filename) { global $error, $error_msg, $lang, $upload_dir, $attach_config; if (intval($attach_config['allow_ftp_upload'])) { ftp_file($filename, $this->attach_filename, $this->type); } else { require_once 'includes/classes/cpg_file.php'; if (!CPG_File::move_upload($file, $upload_dir . '/' . $this->attach_filename)) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['General_upload_error'], './' . $upload_dir . '/' . $this->attach_filename); return; } } if (!$error && $this->thumbnail == 1) { if (intval($attach_config['allow_ftp_upload'])) { $source = $file; $dest_file = THUMB_DIR . '/t_' . $this->attach_filename; } else { $source = $upload_dir . '/' . $this->attach_filename; $dest_file = amod_realpath($upload_dir); $dest_file .= '/' . THUMB_DIR . '/t_' . $this->attach_filename; } if (!create_thumbnail($file, $dest_file, $this->type)) { if (!create_thumbnail($source, $dest_file, $this->type)) { $this->thumbnail = 0; } } } }
function backup_create($src, $dst, $types = array()) { # get the relative path to create a backup with same structure $src_path = $src; $dst_path = $dst; if (preg_match('#[a-z]{3,4}[\\d]{0,1}$#', $src) && preg_match('#[a-z]{3,4}[\\d]{0,1}$#', $dst)) { // both are a file $dst_path = explode('/', $dst); array_pop($dst_path); $dst_path = implode('/', $dst_path); } else { if (!preg_match('#/$#', $src) && !preg_match('#/$#', $dst)) { return; } } if (!CPG_File::analyze_path($dst_path)) { return; } if (is_dir($src) && ($list = scandir($src))) { $i = 0; $content = array(); while ($file = array_shift($list)) { $content[$i]['source'] = $src_path . $file; $content[$i]['destination'] = $dst_path . $file; ++$i; } } else { $content = array(0 => array('source' => $src, 'destination' => $dst)); } foreach ($content as $file) { // selective and no recursive backups for the moment if (is_dir($file['source']) || !preg_match('#\\.(php[\\d]?|inc)$#', $file['source']) || file_exists($file['destination'])) { continue; } else { if (copy($file['source'], $file['destination'])) { continue; } else { if (CPG_File::copy_special($file['source'], $file['destination'])) { continue; } } } // runs analyze_path again trigger_error('Couldn\'t copy or write the destination file', E_USER_WARNING); return; } return true; }
function avatar_upload($remote, &$userinfo, $avatar_filename, $avatar) { require_once CORE_PATH . 'classes/cpg_file.php'; global $MAIN_CFG, $db, $lang; if ($remote) { if (!preg_match('/^(http:\\/\\/)?([\\w\\-\\.]+)\\:?([0-9]*)\\/(.*)$/', $avatar_filename, $url_ary) || empty($url_ary[4])) { cpg_error('The URL you entered is incomplete'); } $avatar = get_fileinfo($avatar_filename, !$MAIN_CFG['avatar']['animated'], true); if (!isset($avatar['size'])) { cpg_error(_AVATAR_ERR_DATA); } elseif ($avatar['animation'] && !$MAIN_CFG['avatar']['animated']) { cpg_error('Animated avatar not allowed'); } $avatar_filesize = $avatar['size']; $avatar_filetype = $avatar['type']; $imgtype = check_image_type($avatar_filetype); if ($avatar['size'] > 0 && $avatar['size'] < $MAIN_CFG['avatar']['filesize']) { $new_filename = $userinfo['user_id'] . '_' . uniqid(rand()) . $imgtype; $avatar_filename = $MAIN_CFG['avatar']['path'] . "/{$new_filename}"; if (CPG_File::write($avatar_filename, $avatar['data']) != $avatar['size']) { trigger_error('Could not write avatar to local storage', E_USER_ERROR); } } } else { $avatar_filesize = $avatar['size']; $avatar_filetype = $avatar['type']; $imgtype = check_image_type($avatar_filetype); $new_filename = $userinfo['user_id'] . '_' . uniqid(rand()) . $imgtype; $avatar_filename = $MAIN_CFG['avatar']['path'] . "/{$new_filename}"; if (!CPG_File::move_upload($avatar, $avatar_filename)) { trigger_error('Could not copy avatar to local storage', E_USER_ERROR); } if (!$MAIN_CFG['avatar']['animated'] && ($fp = fopen($avatar_filename, 'rb'))) { $data = fread($fp, $avatar_filesize); fclose($fp); $data = preg_split('/\\x00[\\x00-\\xFF]\\x00\\x2C/', $data); // split GIF frames if (count($data) > 2) { unlink($avatar_filename); cpg_error('Animated avatar not allowed'); } unset($data); } } if ($avatar_filesize < 40 || $avatar_filesize > $MAIN_CFG['avatar']['filesize']) { unlink($avatar_filename); cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024))); } avatar_size($avatar_filename, true); avatar_delete($userinfo); return "user_avatar='{$new_filename}', user_avatar_type=1"; }
// Create a unique name for the uploaded file $nr = 0; $picture_name = $matches[1] . '.' . $matches[2]; // Create a unique name for the uploaded file $picture_name = $matches[1] . '.' . $matches[2]; $nr = 0; while (file_exists($dest_dir . $picture_name)) { $picture_name = $exp[0] . '~' . $nr++ . '.' . $ext; } $uploaded_pic = $dest_dir . $picture_name; */ // open_basedir restriction workaround // if (false === stripos(ini_get('open_basedir'), dirname($_FILES['userpicture']['tmp_name']))) require_once 'includes/classes/cpg_file.php'; $tmpfile = $CONFIG['userpics'] . md5(microtime()) . '.tmp'; if (!CPG_File::move_upload($_FILES['userpicture'], $tmpfile)) { cpg_die(_ERROR, 'Couldn\'t create a copy of the uploaded image', __FILE__, __LINE__); } // Get picture information if (!($imginfo = getimagesize($tmpfile))) { unlink($tmpfile); cpg_die(_ERROR, ERR_INVALID_IMG, __FILE__, __LINE__, true); } // Check GD for GIF support else only JPEG and PNG are allowed if ($imginfo[2] != IMAGETYPE_JPEG && $imginfo[2] != IMAGETYPE_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2' && !function_exists('imagecreatefromgif'))) { unlink($tmpfile); cpg_die(_ERROR, GD_FILE_TYPE_ERR, __FILE__, __LINE__, true); } // Check image type is among those allowed for ImageMagick if ($CONFIG['thumb_method'] == 'im' && !stristr($CONFIG['allowed_img_types'], $IMG_TYPES[$imginfo[2]])) { unlink($tmpfile);
public function copy_special($oldfile, $newfile) { if (!CPG_File::analyze_path(dirname($newfile))) { return false; } if (!($of = fopen($oldfile, 'rb'))) { return false; } if (!($nf = fopen($newfile, 'wb'))) { fclose($of); return false; } while (!feof($of)) { if (fwrite($fp, fread($of, 2048)) === FALSE) { fclose($of); fclose($fp); return false; } } fclose($of); fclose($fp); chmod($newfile, PHP_AS_NOBODY ? 0666 : 0644); return true; }
} else { if (!is_admin() && $dl_submitter != is_user()) { $time = time(); $time_year = generate_date($time, 'Y'); $time_month = generate_date($time, 'm'); if (!$db->sql_query("UPDATE " . $dl_prefix . "_stats \n\t\t\t\t\t\tSET hits=hits+1 \n\t\t\t\t\t\tWHERE id='{$get_id}' AND year='{$time_year}' AND month='{$time_month}'", true) || !$db->sql_affectedrows()) { $db->sql_query('INSERT INTO ' . $dl_prefix . "_stats \n\t\t\t\t\t\t(id, year, month, hits) \n\t\t\t\t\t\tVALUES \n\t\t\t\t\t\t({$get_id}, {$time_year}, {$time_month}, 1)", false); } } if ($remote && !$dl_config['leech_remote'] || !$remote && !$dl_config['leech_local']) { url_refresh($dl_url, 5); require_once 'header.php'; $cpgtpl->assign_vars(array('DL_DETAIL_MENU' => dl_detail_menu($get_id, $dl_title, $dl_pick, $dl_active, 2), 'L_DL_FILE' => _DLP_DLNOW, 'S_DL_NOW' => 'Your download will begin in five seconds...<br /><br />If the file has not started to download after five seconds, get it <a href="' . $dl_url . '">here</a>.')); } else { require_once 'includes/classes/cpg_file.php'; if (!CPG_File::secure_download($error, $dl_url, $dl_filename)) { $db->sql_query("INSERT INTO " . $dl_prefix . "_broken \n\t\t\t\t\t(id, lid, mid, uid, report, date, ip)\n\t\t\t\t\tVALUES \n\t\t\t\t\t(DEFAULT, '{$get_id}', '{$mirror_id}', '" . $userinfo['user_id'] . "', 'Automatically submitted: " . Fix_Quotes($error) . "', '" . time() . "', '" . $userinfo['user_ip'] . "')"); cpg_error('<strong>File is not available for download</strong><br /><br />A broken mirror report has been filed. You can try <a href="' . URL::index('&get=' . $get_id) . '">selecting a different mirror</a>.<br /><br />We apologize for the inconvenience.', 'Broken Mirror'); } exit; } } $cpgtpl->set_filenames(array('body' => 'downloads/fetchpage.html')); } else { $pagetitle .= ' ' . _BC_DELIM . ' Select Mirror'; $result = $db->sql_uquery('SELECT * FROM ' . $dl_prefix . "_mirrors \n\t\t\tWHERE did={$get_id} AND active=1 \n\t\t\tORDER BY url"); $cpgtpl->assign_vars(array('DL_DETAIL_MENU' => dl_detail_menu($get_id, $dl_title, $dl_pick, $dl_active, 2), 'L_DL_FILE' => _DLP_DLNOW . ' ' . _BC_DELIM . ' Select Mirror', 'S_DL_DESC1' => sprintf('Please select a mirror below.', $dl_title), 'S_DL_DESC2' => 'Not all mirrors may have the latest version of the file available.', 'L_LOCATION' => 'Location', 'L_FILENAME' => _FILENAME, 'L_FILESIZE' => _FILESIZE, 'L_MD5_SUM' => 'MD5 Sum', 'L_VIEW_ESTIMATE' => 'View estimated download time', 'MD5_SET' => $dl_config['md5_local'] || $dl_config['md5_remote'])); while ($mirror = $db->sql_fetchrow($result)) { $site = false; if (ereg('://', $mirror['url'])) { if (is_admin() || is_user() || $dl_config['anon_dl_remote']) {