if (!empty($Upload->error)) { redirect(HOST . DIR . '/admin/admin_files.php?f=' . $folder . '&erroru=' . $Upload->error . '#errorh'); } else { $check_user_folder = $Sql->query("SELECT user_id FROM " . DB_TABLE_UPLOAD_CAT . " WHERE id = '" . $folder . "'", __LINE__, __FILE__); $user_id = $check_user_folder <= 0 ? -1 : $User->get_attribute('user_id'); $user_id = max($user_id, $folder_member); $Sql->query_inject("INSERT INTO " . DB_TABLE_UPLOAD . " (idcat, name, path, user_id, size, type, timestamp) VALUES ('" . $folder . "', '" . addslashes($_FILES['upload_file']['name']) . "', '" . addslashes($Upload->filename['upload_file']) . "', '" . $user_id . "', '" . numeric(number_round($_FILES['upload_file']['size'] / 1024, 1), 'float') . "', '" . $Upload->extension['upload_file'] . "', '" . time() . "')", __LINE__, __FILE__); } } else { $error = 'e_upload_failed_unwritable'; } $error = !empty($error) ? '&error=' . $error . '#errorh' : ''; redirect(HOST . DIR . '/admin/admin_files.php?f=' . $folder . ($folder_member > 0 ? '&fm=' . $folder_member : '') . $error); } elseif (!empty($del_folder)) { $Session->csrf_get_protect(); $Uploads->Del_folder($del_folder); if (!empty($folder_member)) { redirect(HOST . DIR . '/admin/admin_files.php?fm=' . $folder_member); } else { redirect(HOST . DIR . '/admin/admin_files.php?f=' . $folder); } } elseif (!empty($empty_folder)) { $Session->csrf_get_protect(); $Uploads->Empty_folder_member($empty_folder); redirect(HOST . DIR . '/admin/admin_files.php?showm=1'); } elseif (!empty($del_file)) { $Session->csrf_get_protect(); $Uploads->Del_file($del_file, -1, ADMIN_NO_CHECK); redirect(HOST . DIR . '/admin/admin_files.php?f=' . $folder . ($folder_member > 0 ? '&fm=' . $folder_member : '')); } elseif (!empty($move_folder) && $to != -1) { $Session->csrf_get_protect();
} else { $error = 'e_upload_failed_unwritable'; } } $anchor = !empty($error) ? '&error=' . $error . '&' . $popup_noamp . '#message_helper' : '&' . $popup_noamp . (!empty($id_file) ? '#fi1' . $id_file : ''); AppContext::get_response()->redirect(HOST . DIR . url('/user/upload.php?f=' . $folder . $anchor, '', '&')); } elseif (!empty($del_folder)) { AppContext::get_session()->csrf_get_protect(); //Protection csrf if (AppContext::get_current_user()->check_level(User::ADMIN_LEVEL)) { Uploads::Del_folder($del_folder); } else { $check_user_id = PersistenceContext::get_querier()->get_column_value(DB_TABLE_UPLOAD_CAT, 'user_id', 'WHERE id = :id', array('id' => $del_folder)); //Suppression du dossier et de tout le contenu if ($check_user_id == AppContext::get_current_user()->get_id()) { Uploads::Del_folder($del_folder); } else { $error_controller = PHPBoostErrors::unexisting_page(); DispatchManager::redirect($error_controller); } } AppContext::get_response()->redirect(HOST . DIR . url('/user/upload.php?f=' . $folder . '&' . $popup_noamp, '', '&')); } elseif (!empty($del_file)) { AppContext::get_session()->csrf_get_protect(); //Protection csrf if (AppContext::get_current_user()->check_level(User::ADMIN_LEVEL)) { Uploads::Del_file($del_file, AppContext::get_current_user()->get_id(), Uploads::ADMIN_NO_CHECK); } else { $error = Uploads::Del_file($del_file, AppContext::get_current_user()->get_id()); if (!empty($error)) { $error_controller = PHPBoostErrors::unexisting_page();