private function move_uploaded_attachment($file, $filename)
{
global $error, $error_msg, $lang, $upload_dir, $attach_config;
if (intval($attach_config['allow_ftp_upload'])) {
ftp_file($filename, $this->attach_filename, $this->type);
} else {
require_once 'includes/classes/cpg_file.php';
if (!CPG_File::move_upload($file, $upload_dir . '/' . $this->attach_filename)) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['General_upload_error'], './' . $upload_dir . '/' . $this->attach_filename);
return;
}
}
if (!$error && $this->thumbnail == 1) {
if (intval($attach_config['allow_ftp_upload'])) {
$source = $file;
$dest_file = THUMB_DIR . '/t_' . $this->attach_filename;
} else {
$source = $upload_dir . '/' . $this->attach_filename;
$dest_file = amod_realpath($upload_dir);
$dest_file .= '/' . THUMB_DIR . '/t_' . $this->attach_filename;
}
if (!create_thumbnail($file, $dest_file, $this->type)) {
if (!create_thumbnail($source, $dest_file, $this->type)) {
$this->thumbnail = 0;
}
}
}
}
function backup_create($src, $dst, $types = array())
{
# get the relative path to create a backup with same structure
$src_path = $src;
$dst_path = $dst;
if (preg_match('#[a-z]{3,4}[\\d]{0,1}$#', $src) && preg_match('#[a-z]{3,4}[\\d]{0,1}$#', $dst)) {
// both are a file
$dst_path = explode('/', $dst);
array_pop($dst_path);
$dst_path = implode('/', $dst_path);
} else {
if (!preg_match('#/$#', $src) && !preg_match('#/$#', $dst)) {
return;
}
}
if (!CPG_File::analyze_path($dst_path)) {
return;
}
if (is_dir($src) && ($list = scandir($src))) {
$i = 0;
$content = array();
while ($file = array_shift($list)) {
$content[$i]['source'] = $src_path . $file;
$content[$i]['destination'] = $dst_path . $file;
++$i;
}
} else {
$content = array(0 => array('source' => $src, 'destination' => $dst));
}
foreach ($content as $file) {
// selective and no recursive backups for the moment
if (is_dir($file['source']) || !preg_match('#\\.(php[\\d]?|inc)$#', $file['source']) || file_exists($file['destination'])) {
continue;
} else {
if (copy($file['source'], $file['destination'])) {
continue;
} else {
if (CPG_File::copy_special($file['source'], $file['destination'])) {
continue;
}
}
}
// runs analyze_path again
trigger_error('Couldn\'t copy or write the destination file', E_USER_WARNING);
return;
}
return true;
}
function avatar_upload($remote, &$userinfo, $avatar_filename, $avatar)
{
require_once CORE_PATH . 'classes/cpg_file.php';
global $MAIN_CFG, $db, $lang;
if ($remote) {
if (!preg_match('/^(http:\\/\\/)?([\\w\\-\\.]+)\\:?([0-9]*)\\/(.*)$/', $avatar_filename, $url_ary) || empty($url_ary[4])) {
cpg_error('The URL you entered is incomplete');
}
$avatar = get_fileinfo($avatar_filename, !$MAIN_CFG['avatar']['animated'], true);
if (!isset($avatar['size'])) {
cpg_error(_AVATAR_ERR_DATA);
} elseif ($avatar['animation'] && !$MAIN_CFG['avatar']['animated']) {
cpg_error('Animated avatar not allowed');
}
$avatar_filesize = $avatar['size'];
$avatar_filetype = $avatar['type'];
$imgtype = check_image_type($avatar_filetype);
if ($avatar['size'] > 0 && $avatar['size'] < $MAIN_CFG['avatar']['filesize']) {
$new_filename = $userinfo['user_id'] . '_' . uniqid(rand()) . $imgtype;
$avatar_filename = $MAIN_CFG['avatar']['path'] . "/{$new_filename}";
if (CPG_File::write($avatar_filename, $avatar['data']) != $avatar['size']) {
trigger_error('Could not write avatar to local storage', E_USER_ERROR);
}
}
} else {
$avatar_filesize = $avatar['size'];
$avatar_filetype = $avatar['type'];
$imgtype = check_image_type($avatar_filetype);
$new_filename = $userinfo['user_id'] . '_' . uniqid(rand()) . $imgtype;
$avatar_filename = $MAIN_CFG['avatar']['path'] . "/{$new_filename}";
if (!CPG_File::move_upload($avatar, $avatar_filename)) {
trigger_error('Could not copy avatar to local storage', E_USER_ERROR);
}
if (!$MAIN_CFG['avatar']['animated'] && ($fp = fopen($avatar_filename, 'rb'))) {
$data = fread($fp, $avatar_filesize);
fclose($fp);
$data = preg_split('/\\x00[\\x00-\\xFF]\\x00\\x2C/', $data);
// split GIF frames
if (count($data) > 2) {
unlink($avatar_filename);
cpg_error('Animated avatar not allowed');
}
unset($data);
}
}
if ($avatar_filesize < 40 || $avatar_filesize > $MAIN_CFG['avatar']['filesize']) {
unlink($avatar_filename);
cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024)));
}
avatar_size($avatar_filename, true);
avatar_delete($userinfo);
return "user_avatar='{$new_filename}', user_avatar_type=1";
}
// Create a unique name for the uploaded file
$nr = 0;
$picture_name = $matches[1] . '.' . $matches[2];
// Create a unique name for the uploaded file
$picture_name = $matches[1] . '.' . $matches[2];
$nr = 0;
while (file_exists($dest_dir . $picture_name)) {
$picture_name = $exp[0] . '~' . $nr++ . '.' . $ext;
}
$uploaded_pic = $dest_dir . $picture_name; */
// open_basedir restriction workaround
// if (false === stripos(ini_get('open_basedir'), dirname($_FILES['userpicture']['tmp_name'])))
require_once 'includes/classes/cpg_file.php';
$tmpfile = $CONFIG['userpics'] . md5(microtime()) . '.tmp';
if (!CPG_File::move_upload($_FILES['userpicture'], $tmpfile)) {
cpg_die(_ERROR, 'Couldn\'t create a copy of the uploaded image', __FILE__, __LINE__);
}
// Get picture information
if (!($imginfo = getimagesize($tmpfile))) {
unlink($tmpfile);
cpg_die(_ERROR, ERR_INVALID_IMG, __FILE__, __LINE__, true);
}
// Check GD for GIF support else only JPEG and PNG are allowed
if ($imginfo[2] != IMAGETYPE_JPEG && $imginfo[2] != IMAGETYPE_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2' && !function_exists('imagecreatefromgif'))) {
unlink($tmpfile);
cpg_die(_ERROR, GD_FILE_TYPE_ERR, __FILE__, __LINE__, true);
}
// Check image type is among those allowed for ImageMagick
if ($CONFIG['thumb_method'] == 'im' && !stristr($CONFIG['allowed_img_types'], $IMG_TYPES[$imginfo[2]])) {
unlink($tmpfile);
public function copy_special($oldfile, $newfile)
{
if (!CPG_File::analyze_path(dirname($newfile))) {
return false;
}
if (!($of = fopen($oldfile, 'rb'))) {
return false;
}
if (!($nf = fopen($newfile, 'wb'))) {
fclose($of);
return false;
}
while (!feof($of)) {
if (fwrite($fp, fread($of, 2048)) === FALSE) {
fclose($of);
fclose($fp);
return false;
}
}
fclose($of);
fclose($fp);
chmod($newfile, PHP_AS_NOBODY ? 0666 : 0644);
return true;
}
} else {
if (!is_admin() && $dl_submitter != is_user()) {
$time = time();
$time_year = generate_date($time, 'Y');
$time_month = generate_date($time, 'm');
if (!$db->sql_query("UPDATE " . $dl_prefix . "_stats \n\t\t\t\t\t\tSET hits=hits+1 \n\t\t\t\t\t\tWHERE id='{$get_id}' AND year='{$time_year}' AND month='{$time_month}'", true) || !$db->sql_affectedrows()) {
$db->sql_query('INSERT INTO ' . $dl_prefix . "_stats \n\t\t\t\t\t\t(id, year, month, hits) \n\t\t\t\t\t\tVALUES \n\t\t\t\t\t\t({$get_id}, {$time_year}, {$time_month}, 1)", false);
}
}
if ($remote && !$dl_config['leech_remote'] || !$remote && !$dl_config['leech_local']) {
url_refresh($dl_url, 5);
require_once 'header.php';
$cpgtpl->assign_vars(array('DL_DETAIL_MENU' => dl_detail_menu($get_id, $dl_title, $dl_pick, $dl_active, 2), 'L_DL_FILE' => _DLP_DLNOW, 'S_DL_NOW' => 'Your download will begin in five seconds...<br /><br />If the file has not started to download after five seconds, get it <a href="' . $dl_url . '">here</a>.'));
} else {
require_once 'includes/classes/cpg_file.php';
if (!CPG_File::secure_download($error, $dl_url, $dl_filename)) {
$db->sql_query("INSERT INTO " . $dl_prefix . "_broken \n\t\t\t\t\t(id, lid, mid, uid, report, date, ip)\n\t\t\t\t\tVALUES \n\t\t\t\t\t(DEFAULT, '{$get_id}', '{$mirror_id}', '" . $userinfo['user_id'] . "', 'Automatically submitted: " . Fix_Quotes($error) . "', '" . time() . "', '" . $userinfo['user_ip'] . "')");
cpg_error('<strong>File is not available for download</strong><br /><br />A broken mirror report has been filed. You can try <a href="' . URL::index('&get=' . $get_id) . '">selecting a different mirror</a>.<br /><br />We apologize for the inconvenience.', 'Broken Mirror');
}
exit;
}
}
$cpgtpl->set_filenames(array('body' => 'downloads/fetchpage.html'));
} else {
$pagetitle .= ' ' . _BC_DELIM . ' Select Mirror';
$result = $db->sql_uquery('SELECT * FROM ' . $dl_prefix . "_mirrors \n\t\t\tWHERE did={$get_id} AND active=1 \n\t\t\tORDER BY url");
$cpgtpl->assign_vars(array('DL_DETAIL_MENU' => dl_detail_menu($get_id, $dl_title, $dl_pick, $dl_active, 2), 'L_DL_FILE' => _DLP_DLNOW . ' ' . _BC_DELIM . ' Select Mirror', 'S_DL_DESC1' => sprintf('Please select a mirror below.', $dl_title), 'S_DL_DESC2' => 'Not all mirrors may have the latest version of the file available.', 'L_LOCATION' => 'Location', 'L_FILENAME' => _FILENAME, 'L_FILESIZE' => _FILESIZE, 'L_MD5_SUM' => 'MD5 Sum', 'L_VIEW_ESTIMATE' => 'View estimated download time', 'MD5_SET' => $dl_config['md5_local'] || $dl_config['md5_remote']));
while ($mirror = $db->sql_fetchrow($result)) {
$site = false;
if (ereg('://', $mirror['url'])) {
if (is_admin() || is_user() || $dl_config['anon_dl_remote']) {
