Просмотр файла modules/obmennik/upload.php

Размер файла: 3.42Kb
<?
include ('config.php');
echo $top;
if(isset($_SESSION['sespass']) && isset($passw) && $_SESSION['sespass'] == $passw)
{
$date_now = date ('YmdHis', time() + $popravka);
if($bantime > $date_now)
{
$errb = 2;
}

if(!isset($_FILES['userfile']))
{
header ("Location: addfile.php?err=1&".session_name()."=".session_id()."");
exit;
}


if(!isset($_POST['op']) || strlen($_POST['op'])<20)
{
header ("Location: addfile.php?err=2&".session_name()."=".session_id()."");
exit;
}
if(!isset($_POST['op']) || strlen($_POST['op'])>1000)
{
header ("Location: addfile.php?err=8&".session_name()."=".session_id()."");
exit;
}

$op=trim(stripslashes(htmlspecialchars($_POST['op'])));
$op=str_replace("\r\n",'<br />',$op);
$op=str_replace("\n",'<br />',$op);
$op=str_replace("\r",'<br />',$op);
$op=str_replace('<br /><br />','<br />',$op);


$file[0]=$_FILES['userfile']['name'];

if(ereg('.php',$file[0]) || ereg('.wmls',$file[0]))
{
header ("Location: addfile.php?err=4&".session_name()."=".session_id()."");
exit;
}

$file[0]=str_replace(
array('Ё','Ж','Ч','Ш','Щ','Э','Ю','Я','ё','ж','ч','ш','щ','э','ю','я','А','Б','В','Г','Д','Е','З','И','Й','К','Л','М','Н','О','П','Р','С','Т','У','Ф','Х','Ц','Ы','а','б','в','г','д','е','з','и','й','к','л','м','н','о','п','р','с','т','у','ф','х','ц'),
array('JO','ZH','CH','SH','SCH','JE','JY','JA','jo','zh','ch','sh','sch','je','jy','ja','A','B','V','G','D','E','Z','I','J','K','L','M','N','O','P','R','S','T','U','F','H','C','Y','a','b','v','g','d','e','z','i','j','k','l','m','n','o','p','r','s','t','u','f','h','c'),
$file[0]);

$file[0]=str_replace(' ','_',$file[0]);
$file[0]=str_replace("'",'_',$file[0]);
$file[0]=str_replace('"','_',$file[0]);
$file[0]=str_replace('?','',$file[0]);
$file[0]=str_replace('~','',$file[0]);
$file[0]=str_replace('../','',$file[0]);
$file[0]=str_replace('|','',$file[0]);
$file[0]=str_replace('+','',$file[0]);
$file[0]=str_replace('%','',$file[0]);
$file[0]=str_replace('^','',$file[0]);
$file[0]=str_replace('&','',$file[0]);
$file[0]=str_replace('@','',$file[0]);
$file[0]=str_replace('!','',$file[0]);
$file[0]=str_replace('`','',$file[0]);


$rs = explode('.',$file[0]);
$rs = $rs[sizeof($rs)-1];
$rs = strtolower($rs);

$file[0]=ucfirst(strtolower($file[0]));

$odir1=opendir('.');
while($dir1=readdir($odir1))
{
if(is_dir($dir1) && $dir1!='.' && $dir1!='..' && $rs==$dir1)
{

if(file_exists("$dir1/$file[0]"))
{
header ("Location: addfile.php?err=5&".session_name()."=".session_id()."");
exit;
}
if($rating < $kolzagruz && $status != 1 && $status != 2)
{
header ("Location: addfile.php?err=7&".session_name()."=".session_id()."");
exit;
}

if($errb == 2)
{
header ("Location: addfile.php?err=9&".session_name()."=".session_id()."");
exit;
}
move_uploaded_file($_FILES['userfile']['tmp_name'], "$dir1/$file[0]");
chmod("$dir1/$file[0]", 0644);

$fop=$filename;
$fop=fopen("$dir1/$file[0].dat",'wb');
flock($fop,LOCK_EX);
fputs($fop,"$op|:|:|:|$login\n");
flock($fop,LOCK_UN);
fclose($fop);
chmod("$dir1/$file[0].dat", 0644);

header ("Location: addfile.php?set=1&d=$dir1&f=$file[0]&".session_name()."=".session_id()."");
exit;
}
}

header ("Location: addfile.php?err=6&r=$rs&".session_name()."=".session_id()."");
}
else
{
echo'<p class="err">Ошибка!!! Вы не авторизованы. Войдите в личный кабинет.</p>';
}
include ('../../templates/foot.php');
?>