function compress_bmp(&$ofile, &$oname)
{
if (defined("AUTO_BMP2PNG_THRESHOLD")) {
$oname = my_basename(addslashes($oname));
if (strcasecmp(".bmp", substr($oname, -4)) == 0 && filesize($ofile) > AUTO_BMP2PNG_THRESHOLD) {
$h = @popen("identify -format \"%m\" " . escapeshellarg($ofile), "r");
if ($h) {
$read = fread($h, 1024);
pclose($h);
if (strncasecmp("BMP", $read, 3) == 0) {
$tp = $ofile . ".BMP2PNG";
@exec("convert -quality 75 " . escapeshellarg($ofile) . " png:" . escapeshellarg($tp));
if (file_exists($tp)) {
unlink($ofile);
$ofile = $tp;
$oname = substr($oname, 0, -4) . ".png";
return 1;
}
}
}
}
}
return 0;
}
$var = str_replace('..', '', $var);
if ($is_file) {
return dirname($var);
} else {
return $var;
}
}
return '';
}
if (!isset($curDirPath)) {
$curDirPath = pathvar($_GET['openDir'], false) . pathvar($_GET['createDir'], false) . pathvar($_POST['moveTo'], false) . pathvar($_POST['newDirPath'], false) . pathvar($_POST['uploadPath'], false) . pathvar($_POST['filePath'], true) . pathvar($_GET['move'], true) . pathvar($_GET['rename'], true) . pathvar($_GET['replace'], true) . pathvar($_GET['comment'], true) . pathvar($_GET['metadata'], true) . pathvar($_GET['mkInvisibl'], true) . pathvar($_GET['mkVisibl'], true) . pathvar($_GET['public'], true) . pathvar($_GET['limited'], true) . pathvar($_POST['sourceFile'], true) . pathvar($_POST['replacePath'], true) . pathvar($_POST['commentPath'], true) . pathvar($_POST['metadataPath'], true);
}
if ($curDirPath == '/' or $curDirPath == '\\') {
$curDirPath = '';
}
$curDirName = my_basename($curDirPath);
$parentDir = dirname($curDirPath);
if ($parentDir == '\\') {
$parentDir = '/';
}
if (strpos($curDirName, '/../') !== false or !is_dir(realpath($basedir . $curDirPath))) {
$tool_content .= $langInvalidDir;
draw($tool_content, $menuTypeID);
exit;
}
$order = 'ORDER BY filename';
$sort = 'name';
$reverse = false;
if (isset($_GET['sort'])) {
if ($_GET['sort'] == 'type') {
$order = 'ORDER BY format';
header("Location: ${urlServer}");
exit();
}
if ($uid) {
require_once 'include/action.php';
$action = new action();
$action->record(MODULE_ID_VIDEO);
}
// ----------------------
// download video
// ----------------------
$res2 = Database::get()->querySingle("SELECT * FROM video
WHERE course_id = ?d AND id = ?d", $course_id, $_GET['id']);
if (!$res2) {
header("Location: ${urlServer}");
exit();
}
$valid = ($uid || course_status($course_id) == COURSE_OPEN) ? true : token_validate($row2['path'], $_GET['token'], 30);
if (!$valid) {
header("Location: ${urlServer}");
exit();
}
$vObj = MediaResourceFactory::initFromVideo($res2);
$real_file = $webDir . "/video/" . q($_GET['course']) . q($vObj->getPath());
send_file_to_client($real_file, my_basename(q($vObj->getUrl())), $disposition, true);
/**
* Send the .zip file to the browser.
*
* @return Does NOT return !
* @author Amand Tihon <*****@*****.**>
*/
function send() {
$filename = $this->destDir . '.zip';
header('Content-Description: File Transfer');
header('Content-Type: application/zip');
header('Content-Length: ' . filesize($filename));
header("Content-Disposition: attachment; filename=\"" . my_basename($filename) . "\"");
readfile($filename);
exit(0);
}
function rename_dir(&$dir, $enable_folder_rename, $fix_utf8)
{
global $normalise_directory_names;
if ($enable_folder_rename != 'true') {
echo 'This action is not enabled!';
exit(0);
}
$upperdir = substr($dir, 0, strrpos($dir, "/"));
$newdir = parseInputParameterFile(trim(my_basename(' ' . $_GET['newdir'])));
$newdir = fix_decoding($newdir, $fix_utf8);
if ($normalise_directory_names) {
$newdir = normalizeFileNames($newdir);
}
if ($dir == $_SESSION["TFU_ROOT_DIR"]) {
$status = "&rename_dir=main";
} else {
$createdir = $upperdir . "/" . $newdir;
if (file_exists($createdir)) {
$status = "&rename_dir=exists";
} else {
$result = rename($dir, $upperdir . "/" . $newdir);
if ($result) {
$dir = $createdir;
$_SESSION["TFU_DIR"] = $dir;
$status = "&rename_dir=true";
} else {
$status = "&rename_dir=false";
}
}
}
return $status;
}
$counter = @intval($_POST["counter"]);
for ($i = 0; $i < $counter; $i++) {
if (!isset($_FILES['attachfile' . $i])) {
continue;
}
$attpost = $_FILES['attachfile' . $i];
@($errno = $attpost['error']);
switch ($errno) {
case UPLOAD_ERR_OK:
$ofile = $attpost['tmp_name'];
if (!file_exists($ofile)) {
$msg .= "文件传输出错!";
break 2;
}
$oname = $attpost['name'];
$htmlname = htmlspecialchars(my_basename($oname));
if (!is_uploaded_file($ofile)) {
die;
}
if (compress_bmp($ofile, $oname)) {
$msg .= "过大 BMP 图片 " . $htmlname . " 被自动转换成 PNG 格式。<br/>";
}
$ret = bbs_upload_add_file($ofile, $oname);
if ($ret) {
$msg .= bbs_error_get_desc($ret);
} else {
$msg .= $htmlname . "上传成功!<br/>";
continue 2;
}
break;
case UPLOAD_ERR_INI_SIZE:
function claro_copy_file($sourcePath, $targetPath)
{
$fileName = my_basename($sourcePath);
if (is_file($sourcePath)) {
return copy($sourcePath, $targetPath . '/' . $fileName);
} elseif (is_dir($sourcePath)) {
// check to not copy the directory inside itself
if (preg_match('|^' . $sourcePath . '/|', $targetPath . '/')) {
return false;
}
if (!claro_mkdir($targetPath . '/' . $fileName, CLARO_FILE_PERMISSIONS)) {
return false;
}
$dirHandle = opendir($sourcePath);
if (!$dirHandle) {
return false;
}
$copiableFileList = array();
while ($element = readdir($dirHandle)) {
if ($element == '.' || $element == '..') {
continue;
}
$copiableFileList[] = $sourcePath . '/' . $element;
}
closedir($dirHandle);
if (count($copiableFileList) > 0) {
foreach ($copiableFileList as $thisFile) {
if (!claro_copy_file($thisFile, $targetPath . '/' . $fileName)) {
return false;
}
}
}
return true;
}
// end elseif is_dir()
}
function atomic_post()
{
global $currentuser, $atomic_board, $atomic_brdarr, $atomic_brdnum, $dir_modes, $utmpnum;
atomic_get_board(TRUE);
$reid = isset($_GET["reid"]) ? @intval($_GET["reid"]) : 0;
if ($reid > 0) {
if (bbs_is_noreply_board($atomic_brdarr)) {
atomic_error("本版只可发表文章,不可回复文章!");
}
$articles = array();
$num = bbs_get_records_from_id($atomic_board, $reid, $dir_modes["NORMAL"], $articles);
if ($num == 0) {
atomic_error("错误的 Re 文编号");
}
if ($articles[1]["FLAGS"][2] == 'y') {
atomic_error("该文不可回复!");
}
}
if (isset($_GET["post"])) {
if (!isset($_POST["title"])) {
atomic_error("没有指定文章标题!");
}
if (!isset($_POST["text"])) {
atomic_error("没有指定文章内容!");
}
$title = atomic_get_input(trim($_POST["title"]));
$text = atomic_get_input($_POST["text"]);
if (isset($_GET["reid"])) {
$reID = @intval($_GET["reid"]);
} else {
$reID = 0;
}
$outgo = bbs_is_outgo_board($atomic_brdarr) ? 1 : 0;
$anony = 0;
$attmsg = "";
if (atomic_uploadable() && isset($_FILES['attachfile'])) {
$attpost = $_FILES['attachfile'];
@($errno = $attpost['error']);
switch ($errno) {
case UPLOAD_ERR_OK:
$ofile = $attpost['tmp_name'];
if (!file_exists($ofile)) {
$attmsg = "文件传输出错!";
break;
}
$oname = $attpost['name'];
$htmlname = htmlspecialchars(my_basename($oname));
if (!is_uploaded_file($ofile)) {
die;
}
if (compress_bmp($ofile, $oname)) {
$attmsg .= "过大 BMP 图片 " . $htmlname . " 被自动转换成 PNG 格式。<br/>";
}
$ret = bbs_upload_add_file($ofile, $oname);
if ($ret) {
$attmsg .= bbs_error_get_desc($ret);
} else {
$attmsg .= $htmlname . "上传成功!<br/>";
}
break;
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
$attmsg = "文件超过预定的大小" . sizestring(BBS_MAXATTACHMENTSIZE) . "字节";
break;
case UPLOAD_ERR_PARTIAL:
$attmsg = "文件传输出错!";
break;
case UPLOAD_ERR_NO_FILE:
$attmsg = "没有文件上传!";
break;
default:
$attmsg = "未知错误";
}
}
$ret = bbs_postarticle($atomic_board, $title, $text, $currentuser["signature"], $reID, $outgo, $anony, 0, 0);
switch ($ret) {
case -1:
atomic_error("错误的讨论区名称!");
break;
case -2:
atomic_error("本版为二级目录版!");
break;
case -3:
atomic_error("标题为空!");
break;
case -4:
atomic_error("此讨论区是唯读的, 或是您尚无权限在此发表文章!");
break;
case -5:
atomic_error("很抱歉, 你被版务人员停止了本版的post权利!");
break;
case -6:
atomic_error("两次发文/信间隔过密,请休息几秒再试!");
break;
case -7:
atomic_error("无法读取索引文件! 请通知站务人员, 谢谢! ");
break;
case -8:
atomic_error("本文不可回复!");
break;
case -9:
atomic_error("系统内部错误, 请迅速通知站务人员, 谢谢!");
break;
case -21:
atomic_error("您的积分不符合当前讨论区的设定, 暂时无法在当前讨论区发表文章...");
break;
}
atomic_header();
$url = "?act=board&board=" . $atomic_board;
if (isset($attmsg)) {
echo $attmsg . "<br/>";
}
if ($ret == -10) {
echo "<p>很抱歉,本文可能含有不当内容,需经审核方可发表。<br/><br/>" . "根据《帐号管理办法》,被系统过滤的文章视同公开发表。请耐心等待<br/>" . "站务人员的审核,不要多次尝试发表此文章。<br/><br/>" . "如有疑问,请致信 SYSOP 咨询。</p>";
echo "返回<a href='{$url}'>版面文章列表</a>";
} else {
echo "发文成功!本页面将在3秒后自动返回<a href='{$url}'>版面文章列表</a><meta http-equiv='refresh' content='3; url=" . $url . "'/>";
}
atomic_footer();
return;
}
if ($reid) {
if (!strncmp($articles[1]["TITLE"], "Re: ", 4)) {
$nowtitle = $articles[1]["TITLE"];
} else {
$nowtitle = "Re: " . $articles[1]["TITLE"];
}
} else {
$nowtitle = "";
}
atomic_header();
$html = "<p><a href='?act=board&board=" . $atomic_board . "'>" . $atomic_board . " 版</a>发表文章</p>";
$html .= "<form action='?act=post&board=" . $atomic_board . "&reid=" . $reid . "&post=1' method='post'" . (isset($_GET['upload']) ? " enctype='multipart/form-data'>" : ">");
$html .= '标题: <input type="text" name="title" size="40" maxlength="100" value="' . ($nowtitle ? htmlspecialchars($nowtitle, ENT_QUOTES) . " " : "") . '"/><br/>';
$html .= '<textarea name="text" rows="20" cols="80" wrap="physical">';
if ($reid > 0) {
$filename = bbs_get_board_filename($atomic_board, $articles[1]["FILENAME"]);
$q = @bbs_get_quote($filename);
if ($q) {
$html .= "\n" . $q;
}
}
$html .= '</textarea><br/>';
if (isset($_GET['upload'])) {
$html .= '<input name="attachfile" type="file"/><br/>';
}
$html .= '<input type="submit" value="发表" /></form>';
echo $html;
atomic_footer();
}
if (!isset($_SESSION['TFU_LAST_UPLOADS']) || isset($_GET['firstStart'])) {
// we delete the info of the last upload items!
unset($_SESSION['TFU_LAST_UPLOADS']);
$_SESSION['TFU_LAST_UPLOADS'] = array();
}
$_SESSION['TFU_UPLOAD_REMAINING'] = $_GET['remaining'];
foreach ($_FILES as $fieldName => $file) {
// we check the uploaded files first because we don't know if it's the flash or any other script!
check_valid_extension($file['name']);
$store = 1;
if (is_supported_tfu_image($file['name']) && $size < 100000) {
$store = resize_file($file['tmp_name'], $size, 80, $file['name']);
}
if ($store != 0) {
// ok or try later
$base_filename = my_basename($file['name']);
$image = fix_decoding($base_filename, $fix_utf8);
if ($normalise_file_names) {
$image = normalizeFileNames($image);
}
$filename = $dir . '/' . $image;
// here you can do additional checks if a file already exists any you don't want that the existing one will be overwritten.
$uploaded = false;
// This is only needed for JFU - ignore this small part if you use TFU standalone:
$workaround_dir = $dir == "./../../../.." && is_writeable("./../../../../cache");
// start workaround for some php versions (e.g. 5.0.3!) if you upload to the main folder !
if ($workaround_dir) {
$filename = $dir . "/cache/" . $image;
}
// end JFU
if (@move_uploaded_file($file['tmp_name'], $filename)) {
natsort($plugins);
foreach ($plugins as $f) {
if ($enable_upload_debug) {
tfu_debug('8. Execute plugin: ' . $f);
}
include_once $f;
$exchangefilename = $filename;
$store = 0;
// if the plugin resize this variable has to be initialized!
if (function_exists(basename($f, ".php") . "_process_upload_file")) {
call_user_func(basename($f, ".php") . "_process_upload_file", $dir, $filename, $image);
}
if ($filename != $exchangefilename) {
// The plugin has changed the filename.
$filename = $exchangefilename;
$image = my_basename($exchangefilename);
}
}
if ($enable_upload_debug) {
tfu_debug('8a. End plugins');
}
}
array_push($_SESSION['TFU_LAST_UPLOADS'], $filename . $current_desc);
removeCacheThumb($filename);
// this generates the two thumbnails of the preview
// set this to true if you like this to be done at the upload an not on the fly.
if (false) {
send_thumb($filename, 90, 400, 275, true);
send_thumb($filename, 90, 80, 55, true);
}
// end plugin
} else {
if ($action == 'download') {
// download a file - we set the header !
tfu_download($file, $enable_file_download);
} else {
if ($action == 'createThumb') {
// create a thumbnail
tfu_createThumb($file);
} else {
if ($action == 'zipdownload') {
// download multipe files as zip!
tfu_zip_download($file, $enable_file_download);
} else {
if ($action == 'createfile') {
// creates an empty file during upload - if createfile is set an empty file is created + the directory has to be sent.
$file = $dir . "/" . parseInputParameterFile(trim(my_basename(' ' . $_GET['newfile'])));
$overwrite = !isset($_GET['createfile']);
tfu_savetext($file, $overwrite);
if ($overwrite) {
$_SESSION["TFU_LAST_UPLOADS"][] = $file;
}
}
}
}
}
}
}
}
}
}
}
$course_id = null;
$res1 = Database::get()->querySingle("SELECT course.id FROM course WHERE course.code = ?s", q($_GET['course']));
if ($res1) {
$course_id = intval($res1->id);
}
if ($course_id == null) {
header("Location: {$urlServer}");
exit;
}
if ($uid) {
require_once 'include/action.php';
$action = new action();
$action->record(MODULE_ID_VIDEO);
}
// ----------------------
// download video
// ----------------------
$res2 = Database::get()->querySingle("SELECT * \n FROM video \n WHERE course_id = {$course_id}\n AND id = ?d", $_GET['id']);
if (!$res2) {
header("Location: {$urlServer}");
exit;
}
$valid = $uid || course_status($course_id) == COURSE_OPEN ? true : token_validate($row2['path'], $_GET['token'], 30);
if (!$valid) {
header("Location: {$urlServer}");
exit;
}
$vObj = MediaResourceFactory::initFromVideo($res2);
$real_file = $webDir . "/video/" . q($_GET['course']) . q($vObj->getPath());
send_file_to_client($real_file, my_basename(q($vObj->getUrl())), 'inline', true);
