function Server_MapPath($path)
{
// This function is available only for Apache
if (function_exists('apache_lookup_uri')) {
$info = apache_lookup_uri($path);
return $info->filename . $info->path_info;
}
// This isn't correct but for the moment there's no other solution
// If this script is under a virtual directory or symlink it will detect the problem and stop
return GetRootPath() . $path;
}
$GLOBALS["UserFilesPath"] = $_GET['ServerPath'];
} else {
$GLOBALS["UserFilesPath"] = '/userfiles/';
}
}
if (!ereg('/$', $GLOBALS["UserFilesPath"])) {
$GLOBALS["UserFilesPath"] .= '/';
}
if (strlen($Config['UserFilesAbsolutePath']) > 0) {
$GLOBALS["UserFilesDirectory"] = $Config['UserFilesAbsolutePath'];
if (!ereg('/$', $GLOBALS["UserFilesDirectory"])) {
$GLOBALS["UserFilesDirectory"] .= '/';
}
} else {
// Map the "UserFiles" path to a local directory.
$GLOBALS["UserFilesDirectory"] = GetRootPath() . $GLOBALS["UserFilesPath"];
}
DoResponse();
function DoResponse()
{
if (!isset($_GET['Command']) || !isset($_GET['Type']) || !isset($_GET['CurrentFolder'])) {
return;
}
// Get the main request informaiton.
$sCommand = $_GET['Command'];
$sResourceType = $_GET['Type'];
$sCurrentFolder = $_GET['CurrentFolder'];
// Check if it is an allowed type.
if (!in_array($sResourceType, array('File', 'Image', 'Flash', 'Media'))) {
return;
}
$sExtension = strtolower($sExtension);
// The the file type (from the QueryString, by default 'File').
$sType = isset($_GET['Type']) ? $_GET['Type'] : 'File';
// Get the allowed and denied extensions arrays.
$arAllowed = $Config['AllowedExtensions'][$sType];
$arDenied = $Config['DeniedExtensions'][$sType];
// Check if it is an allowed extension.
if (count($arAllowed) > 0 && !in_array($sExtension, $arAllowed) || count($arDenied) > 0 && in_array($sExtension, $arDenied)) {
SendResults('202');
}
$sErrorNumber = '0';
$sFileUrl = '';
// Initializes the counter used to rename the file, if another one with the same name already exists.
$iCounter = 0;
// The the target directory.
$sServerDir = GetRootPath() . $Config["UserFilesPath"];
while (true) {
// Compose the file path.
$sFilePath = $sServerDir . $sFileName;
// If a file with that name already exists.
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
$sErrorNumber = '201';
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
if (is_file($sFilePath)) {
$oldumask = umask(0);
chmod($sFilePath, 0777);
umask($oldumask);
}
<?php
define("YIQIINC", preg_replace("/[\\/\\\\]{1,}/i", '/', dirname(__FILE__)));
define("YIQIROOT", preg_replace("/[\\/\\\\]{1,}/i", '/', substr(YIQIINC, 0, -8)));
define("YIQIPATH", str_replace(GetRootPath(), "", YIQIROOT . '/'));
header("content-type:text/html; charset=utf-8");
error_reporting(E_ALL ^ E_NOTICE);
require_once 'common.func.php';
require_once 'data.class.php';
require_once 'templets.inc.php';
require_once 'version.php';
if (phpversion() > '5.1.0') {
date_default_timezone_set('Asia/Shanghai');
}
function GetRootPath()
{
$sRealPath = realpath('.');
$sSelfPath = $_SERVER['PHP_SELF'];
$sSelfPath = substr($sSelfPath, 0, strrpos($sSelfPath, '/'));
return preg_replace("/[\\/\\\\]{1,}/i", '/', substr($sRealPath, 0, strlen($sRealPath) - strlen($sSelfPath)));
}
function FileUpload($resourceType, $currentFolder, $sCommand)
{
dbConn();
$email = getEmailFCK();
$thumb_widthpx = 160;
if (!isset($_FILES)) {
global $_FILES;
}
$sErrorNumber = '0';
$sFileName = '';
if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name']) && $email != "") {
global $Config;
$oFile = $_FILES['NewFile'];
// Map the virtual path to the local server path.
//$sServerDir = ServerMapFolder( $resourceType, $currentFolder, $sCommand ) ;
$s = GetRootPath() . $Config['UserTempPath'] . $currentFolder . "/";
$s = str_replace("\\", "/", $s);
$sServerDir = $s;
$f = fopen("log2.txt", "a");
fwrite($f, "\r\n s = {$s} \r\n");
// Get the uploaded file name.
$sFileName = $oFile['name'];
$sFileName = SanitizeFileName($sFileName);
$sOriginalFileName = $sFileName;
// Get the extension.
$sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
$sExtension = strtolower($sExtension);
if (isset($Config['SecureImageUploads'])) {
if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
$sErrorNumber = '202';
}
}
if (isset($Config['HtmlExtensions'])) {
if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
$sErrorNumber = '202';
}
}
// Check if it is an allowed extension.
if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
$iCounter = 0;
while (true) {
$sFilePath = $sServerDir . "/" . $sFileName;
//fwrite($f, "\r\n sFilePath = $sFilePath \r\n");
//fwrite($f, "\nsServerDir = $sServerDir\n");
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
$sErrorNumber = '201';
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
if (is_file($sFilePath)) {
$ftype = $_FILES['NewFile']['type'];
$file_size = $_FILES['NewFile']['size'];
$originalpic = file_get_contents($sFilePath);
list($width, $height) = getimagesize($sFilePath);
if ($width > $thumb_widthpx) {
$count = 1;
$p = str_replace($sFileName, "", $sFilePath, $count);
//fwrite($f, "\r\nfpath: $sFilePath\r\n");
$thumbpic = getThumbImage($p, $thumb_widthpx, $sFileName);
} else {
$thumbpic = $originalpic;
unlink($sFilePath);
}
$album_id = getAlbumId($email);
$table = 'user_imgs';
$fields = array('id', 'user_email', 'large_image', 'thumb_image', 'file_type', 'stat', 'file_name', 'file_size', 'album_id', 'admin_perm', 'view_count', 'rating');
$values = array(null, $email, $originalpic, $thumbpic, $ftype, 1, $sFileName, $file_size, $album_id, 1, 0, 0);
$rs = insertData($table, $fields, $values);
if (is_string($rs) || $rs == false) {
//$sErrorNumber = '202' ;
//file_put_contents("$sFileName", $thumbpic);
} else {
//fwrite($f, "is inserted = true");
}
if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
break;
}
$permissions = 0777;
if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
$permissions = $Config['ChmodOnUpload'];
}
$oldumask = umask(0);
chmod($sFilePath, $permissions);
umask($oldumask);
}
break;
}
}
if (file_exists($sFilePath)) {
//previous checks failed, try once again
if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
@unlink($sFilePath);
$sErrorNumber = '202';
} else {
if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
@unlink($sFilePath);
$sErrorNumber = '202';
}
}
}
} else {
$sErrorNumber = '202';
}
} else {
$sErrorNumber = '202';
}
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $sFileName);
SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
exit;
}
// Get the allowed and denied extensions arrays.
$arAllowed = $Config['AllowedExtensions'][$sType];
$arDenied = $Config['DeniedExtensions'][$sType];
// Check if it is an allowed extension.
if (count($arAllowed) > 0 && !in_array($sExtension, $arAllowed) || count($arDenied) > 0 && in_array($sExtension, $arDenied)) {
SendResults('202');
}
$sErrorNumber = '0';
$sFileUrl = '';
// Initializes the counter used to rename the file, if another one with the same name already exists.
$iCounter = 0;
// The the target directory.
if (isset($Config['UserFilesAbsolutePath']) && strlen($Config['UserFilesAbsolutePath']) > 0) {
$sServerDir = $Config['UserFilesAbsolutePath'];
} else {
$sServerDir = GetRootPath() . $Config["UserFilesPath"] . $sType . "/";
}
while (true) {
// Compose the file path.
$sFilePath = $sServerDir . $sFileName;
// If a file with that name already exists.
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
$sErrorNumber = '201';
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
if (is_file($sFilePath)) {
$oldumask = umask(0);
chmod($sFilePath, 0777);
umask($oldumask);
