list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('pfs', 'a'); cot_block($usr['auth_write']); if (!$usr['isadmin'] || $userid === null) { $userid = $usr['id']; } else { $more = 'userid=' . $userid; } if ($userid != $usr['id']) { cot_block($usr['isadmin']); } $standalone = FALSE; $uid = $userid > 0 ? $userid : $usr['id']; $user_info = cot_userinfo($uid); $maingroup = $userid == 0 ? 5 : $user_info['user_maingrp']; $pfs_dir_user = cot_pfs_path($userid); $thumbs_dir_user = cot_pfs_thumbpath($userid); reset($cot_extensions); foreach ($cot_extensions as $k => $line) { $icon[$line[0]] = cot_rc('pfs_icon_type', array('type' => $line[2], 'name' => $line[1])); $filedesc[$line[0]] = $line[1]; } if (!empty($c1) || !empty($c2)) { $more .= empty($more) ? 'c1=' . $c1 . '&c2=' . $c2 : '&c1=' . $c1 . '&c2=' . $c2; $standalone = TRUE; } /* ============= */ $L['pfs_title'] = $userid == 0 ? $L['SFS'] : $L['pfs_title']; $title[] = array(cot_url('pfs', $more), $L['pfs_title']); /* === Hook === */ foreach (cot_getextplugins('pfs.edit.first') as $pl) { include $pl;
/** * Upload one or more files, return parent folder ID * * @param int $userid User ID * @param int $folderid Folder ID * @return int */ function cot_pfs_upload($userid, $folderid = '') { global $db, $cfg, $sys, $cot_extensions, $gd_supported, $maxfile, $maxtotal, $db_pfs, $db_pfs_folders, $L, $err_msg; if ($folderid === '') { $folderid = cot_import('folderid', 'P', 'INT'); } $ndesc = cot_import('ndesc', 'P', 'ARR'); $npath = cot_pfs_folderpath($folderid); /* === Hook === */ foreach (cot_getextplugins('pfs.upload.first') as $pl) { include $pl; } /* ===== */ cot_die($npath === FALSE); for ($ii = 0; $ii < $cfg['pfs']['pfsmaxuploads']; $ii++) { $disp_errors = ''; $u_tmp_name = $_FILES['userfile']['tmp_name'][$ii]; $u_type = $_FILES['userfile']['type'][$ii]; $u_name = $_FILES['userfile']['name'][$ii]; $u_size = $_FILES['userfile']['size'][$ii]; $u_name = str_replace("\\'", '', $u_name); $u_name = trim(str_replace("\"", '', $u_name)); if (!empty($u_name)) { $disp_errors .= $u_name . ' : '; $u_name = mb_strtolower($u_name); $dotpos = mb_strrpos($u_name, ".") + 1; $f_extension = mb_substr($u_name, $dotpos); $f_extension_ok = 0; $desc = $ndesc[$ii]; if ($cfg['pfs']['pfstimename']) { $u_name = time() . '_' . $u_name; } if (!$cfg['pfs']['pfsuserfolder']) { $u_name = $usr['id'] . '_' . $u_name; } $u_newname = cot_safename($u_name, true); $u_sqlname = $db->prep($u_newname); if ($f_extension != 'php' && $f_extension != 'php3' && $f_extension != 'php4' && $f_extension != 'php5') { foreach ($cot_extensions as $k => $line) { if (mb_strtolower($f_extension) == $line[0]) { $f_extension_ok = 1; } } } if (is_uploaded_file($u_tmp_name) && $u_size > 0 && $u_size < $maxfile && $f_extension_ok && $pfs_totalsize + $u_size < $maxtotal) { $fcheck = cot_file_check($u_tmp_name, $u_name, $f_extension); if ($fcheck == 1) { $pfs_dir_user = cot_pfs_path($userid); $thumbs_dir_user = cot_pfs_thumbpath($userid); if (!file_exists($pfs_dir_user . $npath . $u_newname)) { $is_moved = true; if ($cfg['pfs']['pfsuserfolder']) { if (!is_dir($pfs_dir_user)) { $is_moved &= mkdir($pfs_dir_user, $cfg['dir_perms']); } if (!is_dir($thumbs_dir_user)) { $is_moved &= mkdir($thumbs_dir_user, $cfg['dir_perms']); } } $is_moved &= move_uploaded_file($u_tmp_name, $pfs_dir_user . $npath . $u_newname); $is_moved &= chmod($pfs_dir_user . $npath . $u_newname, $cfg['file_perms']); $u_size = filesize($pfs_dir_user . $npath . $u_newname); if ($is_moved && (int) $u_size > 0) { /* === Hook === */ foreach (cot_getextplugins('pfs.upload.moved') as $pl) { include $pl; } /* ===== */ $db->insert($db_pfs, array('pfs_userid' => (int) $userid, 'pfs_date' => (int) $sys['now'], 'pfs_file' => $u_sqlname, 'pfs_extension' => $f_extension, 'pfs_folderid' => (int) $folderid, 'pfs_desc' => $desc, 'pfs_size' => (int) $u_size, 'pfs_count' => 0)); $db->update($db_pfs_folders, array('pff_updated' => $sys['now']), 'pff_id="' . $folderid . '"'); $disp_errors .= $L['Yes']; $pfs_totalsize += $u_size; /* === Hook === */ foreach (cot_getextplugins('pfs.upload.done') as $pl) { include $pl; } /* ===== */ if (in_array($f_extension, $gd_supported) && $cfg['pfs']['th_amode'] != 'Disabled' && file_exists($pfs_dir_user . $u_newname)) { @unlink($thumbs_dir_user . $npath . $u_newname); $th_colortext = array(hexdec(substr($cfg['pfs']['th_colortext'], 0, 2)), hexdec(substr($cfg['pfs']['th_colortext'], 2, 2)), hexdec(substr($cfg['pfs']['th_colortext'], 4, 2))); $th_colorbg = array(hexdec(substr($cfg['pfs']['th_colorbg'], 0, 2)), hexdec(substr($cfg['pfs']['th_colorbg'], 2, 2)), hexdec(substr($cfg['pfs']['th_colorbg'], 4, 2))); cot_imageresize($pfs_dir_user . $npath . $u_newname, $cfg['pfs']['thumbs_dir_user'] . $npath . $u_newname, $cfg['pfs']['th_x'], $cfg['pfs']['th_y'], '', $th_colorbg, $cfg['pfs']['th_jpeg_quality'], true); } } else { @unlink($pfs_dir_user . $npath . $u_newname); $disp_errors .= $L['pfs_filenotmoved']; } } else { $disp_errors .= $L['pfs_fileexists']; } } elseif ($fcheck == 2) { $disp_errors .= sprintf($L['pfs_filemimemissing'], $f_extension); } else { $disp_errors .= sprintf($L['pfs_filenotvalid'], $f_extension); } } else { $disp_errors .= $L['pfs_filetoobigorext']; } $err_msg[] = $disp_errors; } } return $folderid; }