Просмотр файла modules/forum/addfile.php

Размер файла: 5.03Kb
<?php
/*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\//
// Sitchi CMS - Mobile Content Management System //
// The author:  Nikoloz Sitchinava [sitchi]      //
// Link:        http://sitchicms.num.ge          //
// Skype:       SitchiCMS                        //
// License:     LICENSE.txt (see attached file)  //
// Version:     VERSION.txt (see attached file)  //
//\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\*/
define('_SITCHICMS', 1);
$root_path='../../'; 
require $root_path.'includes/db_connect.php'; 
require $root_path.'includes/start.php';
require $root_path.'includes/header.php';
require $root_path.'includes/functions.php';
require $root_path.'includes/head.php'; // თავი
$lng_forum = load_lng('forum');
$postid=$_GET['id'];
// ვამოწმებთ მომხმარებელს
$postid3 =mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_topic2_view` WHERE `login` = '".$user['login']."' ORDER BY `time` DESC LIMIT 1"));
if ($postid3['login'] != ''.$user['login'].'') {
head(''.$lng['1_61'].'');
echo'<div class="hdr"><b><a href="index.php">'.$lng_forum['1_1'].'</a> | '.$lng_forum['1_74'].'</b></div>';
echo'<div class="errmenu">'.$lng['1_61'].'</div>';
require $root_path.'includes/end.php'; // დასასრული
exit;
}
// ვამოწმებთ პოსტს
$postid4 =mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_topic2_view` WHERE `login` = '".$user['login']."' ORDER BY `time` DESC LIMIT 1"));
if ($postid4['id'] != ''.$_GET['id'].'') {
head(''.$lng['1_61'].'');
echo'<div class="hdr"><b><a href="index.php">'.$lng_forum['1_1'].'</a> | '.$lng_forum['1_74'].'</b></div>';
echo'<div class="errmenu">'.$lng['1_61'].'</div>';
require $root_path.'includes/end.php'; // დასასრული
exit;
}
if (!isset($_GET['id'])){
head(''.$lng['1_61'].'');
echo'<div class="hdr"><b><a href="index.php">'.$lng_forum['1_1'].'</a> | '.$lng_forum['1_74'].'</b></div>';
echo'<div class="errmenu">'.$lng['1_61'].'</div>';
require $root_path.'includes/end.php'; // დასასრული
exit;
}
if (!isset($_GET['act']))$_GET['act']='';
$act=htmlspecialchars(trim($_GET['act']));
switch ($act) 
{
default:
head(''.$lng_forum['1_74'].'');
echo'<div class="hdr"><b><a href="index.php">'.$lng_forum['1_1'].'</a> | '.$lng_forum['1_74'].'</b></div>';
err();
if (isset($_GET['yes']))
{
msg('<div class="menu">'.$lng_forum['1_74'].'</div>');
}
echo'<div class="egmenu">';
echo'<form action="addfile.php?act=create_file&amp;id='.$postid.'" method="POST" enctype="multipart/form-data">' .
'<input type="hidden" name="MAX_FILE_SIZE" value="1048576">' .
''.$lng_forum['1_75'].':<br/><input name="file" type="file" accept=""><br/>' .
'<input name="submit" type="submit" value="'.$lng['1_73'].'"></form></div>';
require $root_path.'includes/end.php'; // დასასრული
break;
/** ავატარის დამატება **/
case 'create_file':
$postid=$_GET['id'];
// ვამოწმებთ დაამატა თუ არა ფაილი
$postid2 =mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_files` WHERE `post` = '".$postid."' ORDER BY `time` DESC LIMIT 1"));
if ($postid2['post'] == ''.$_GET['id'].'') {
head(''.$lng['1_61'].'');
echo'<div class="hdr"><b><a href="index.php">'.$lng_forum['1_1'].'</a> | '.$lng_forum['1_74'].'</b></div>';
echo'<div class="errmenu">'.$lng_forum['1_79'].'</div>';
require $root_path.'includes/end.php'; // დასასრული
exit;
}
if(isset($_FILES['file']))
{
$parts = pathinfo($_FILES['file']['name']);
if ($_FILES['file']['size']>1024*1024)
{
$err[] = '<div class="errmenu">'.$lng_forum['1_76'].'</div>';
}
if ($parts['extension']!=='txt' && $parts['extension']!=='zip' && $parts['extension']!=='rar' && $parts['extension']!=='gif' && $parts['extension']!=='png' && $parts['extension']!=='jpg')
{
$err[] = '<div class="errmenu">'.$lng_forum['1_77'].'</div>';
}
// ფაილის სახელის სიგრძე
if (strlen($_FILES['file']['name']) > 30)
$err[] =  '<div class="errmenu">'.$lng_forum['1_41'].'</div>';
// აკრძალული სიმბოლოები
if (preg_match("/[^\da-z_\-.]+/", $_FILES['file']['name']))
$err[] =  '<div class="errmenu">'.$lng_forum['1_42'].'</div>';
// ფაილი შემოწმება
if (file_exists("../../files/forum/".$_FILES['file']['name']."")) {
$_FILES['file']['name'] = $time . $_FILES['file']['name'];
}
if(!isset($err))
{
copy($_FILES['file']['tmp_name'], $root_path.'files/forum/'.$_FILES['file']['name'].'');
mysql_query("INSERT INTO `forum_files` SET 
`filename` = '".$_FILES['file']['name']."',
`post` = '".$postid."',
`time` = '$time' ");
header("Location: addfile.php?&yes&id=".$postid."".SID);
}else{
head(''.$lng['1_61'].'');
echo'<div class="hdr"><b><a href="index.php">'.$lng_forum['1_1'].'</a> | '.$lng_forum['1_74'].'</b></div>';
err();
require $root_path.'includes/end.php'; // დასასრული
}}
break;
}
require $root_path.'includes/end.php'; // დასასრული
?>