View file forum/fileobmen.php

<?php
require_once"../template/start.php";
require_once"../template/regglobals.php";
require_once"../template/config.php";
require_once"setforum.php";
require_once"../template/functions.php";
require_once"../template/antidos.php";
require_once"../template/cookies.php";
require_once"../template/gzip.php";
require_once"../template/header.php";
require_once"../template/referer.php";
include_once"../themes/$config_themes/index.php";
require_once"../template/isset.php";

if($config_forum_off=="1"){
if($config_forum_dobfile=="1"){

$guestsuser="Гость";
$maxpostdown="10";
$maxmesdown="100";
$downlist="10";

if (!isset($_FILES['userfile'])){
echo "Ошибка при загрузке!!!<br />";
echo '<br />
<img src="../images/img/barrow.gif" alt=""> <a href="addfile.php?'.SID.'">Заново</a><br />
<img src="../images/img/barrow.gif" alt=""> <a href="attache.php?'.SID.'">К файлам</a><br />';
echo'<br><img src="../images/img/barrow.gif" alt=""> <a href="index.php?'.SID.'"> На форум</a><br>';

echo '<img src="../images/img/homepage.gif" alt=""> <a href="../index.php?'.SID.'">На главную</a>';
include_once"../themes/$config_themes/foot.php";
exit;}


if (!isset($_POST['op']) || strlen($_POST['op'])<10){
echo "Описание должно быть более 10 символов<br />";
echo '<br />
<img src="../images/img/barrow.gif" alt=""> <a href="addfile.php?'.SID.'">Заново</a><br />
<img src="../images/img/barrow.gif" alt=""> <a href="attache.php?'.SID.'">К файлам</a><br />';
echo'<br><img src="../images/img/barrow.gif" alt=""> <a href="index.php?'.SID.'"> На форум</a><br>';

echo '<img src="../images/img/homepage.gif" alt=""> <a href="../index.php?'.SID.'">На главную</a>';
include_once"../themes/$config_themes/foot.php";
exit;}

if($name==""){
echo'Вы не ввели имя';
echo '<br />
<img src="../images/img/barrow.gif" alt=""> <a href="addfile.php?'.SID.'">Заново</a><br />
<img src="../images/img/barrow.gif" alt=""> <a href="attache.php?'.SID.'">К файлам</a><br />';
echo'<br><img src="../images/img/barrow.gif" alt=""> <a href="index.php?'.SID.'"> На форум</a><br>';

echo '<img src="../images/img/homepage.gif" alt=""> <a href="../index.php?'.SID.'">На главную</a>';
include_once"../themes/$config_themes/foot.php";
exit;}

$op=$_POST['op'];
$name=htmlspecialchars(stripslashes($name));
$op=stripslashes(htmlspecialchars($op));
$op=str_replace("\r\n","<br />",$op);
$op=str_replace("\n","<br />",$op);
$op=str_replace("\r","<br />",$op);
$op=str_replace("<br /><br />","<br />",$op);


$file[0]=$_FILES['userfile']['name'];

if (ereg('.php',$file[0]) || ereg('.wmls',$file[0]))
{echo "В названии файла не должны присутствовать строки \".php\" и \".wmls\"<br />";
echo '<br />
<a href="addfile.php?'.SID.'">Заново</a><br />
<a href="attache.php?'.SID.'">К файлам</a><br />';}

$trans1= array("Ё","Ж","Ч","Ш","Щ","Э","Ю","Я","ё","ж","ч","ш","щ","э","ю","я","А","Б","В","Г","Д","Е","З","И","Й","К","Л","М","Н","О","П","Р","С","Т","У","Ф","Х","Ц","Ы","а","б","в","г","д","е","з","и","й","к","л","м","н","о","п","р","с","т","у","ф","х","ц");
$trans2= array("JO","ZH","CH","SH","SCH","JE","JY","JA","jo","zh","ch","sh","sch","je","jy","ja","A","B","V","G","D","E","Z","I","J","K","L","M","N","O","P","R","S","T","U","F","H","C","Y","a","b","v","g","d","e","z","i","j","k","l","m","n","o","p","r","s","t","u","f","h","c");
$file[0]=str_replace($trans1,$trans2,$file[0]);

$file[0]=str_replace(' ','_',$file[0]);
$file[0]=str_replace('\'','_',$file[0]);
$file[0]=str_replace('"','_',$file[0]);
$file[0]=str_replace('?','',$file[0]);
$file[0]=str_replace('~','',$file[0]);
$file[0]=str_replace('../','',$file[0]);
$file[0]=str_replace('|','',$file[0]);
$file[0]=str_replace('+','',$file[0]);
$file[0]=str_replace('%','',$file[0]);
$file[0]=str_replace('^','',$file[0]);
$file[0]=str_replace('&','',$file[0]);
$file[0]=str_replace('@','',$file[0]);
$file[0]=str_replace('!','',$file[0]);
$file[0]=str_replace('`','',$file[0]);

$rs = explode('.',$file[0]);
$rs = $rs[count($rs)-1];
$rs = strtolower($rs);
$file[0] = strtolower($file[0]);
$file[0]=ucfirst($file[0]);

$odir1=opendir('.');
while ($dir1=readdir($odir1))
{if (is_dir($dir1) && $dir1!='.' && $dir1!='..' && $rs==$dir1){
copy($_FILES['userfile']['tmp_name'], "$dir1/$file[0]");
chmod("$dir1/$file[0]", 0644);

$fop=$filename;
$upltime = time();
$fop=fopen("$dir1/$file[0].txt","wb");
flock ($fop,LOCK_EX);
fputs($fop,"$op|:|:|:|$name|:|:|:|$upltime\n");
flock ($fop,LOCK_UN);
fclose($fop);
chmod("$dir1/$file[0].txt", 0640);

echo "Файл успешно загружен<br />";
echo '<br />
<img src="../images/img/barrow.gif" alt=""> <a href="addfile.php?'.SID.'">Загрузить еще</a><br />
<img src="../images/img/barrow.gif" alt=""> <a href="attache.php?'.SID.'">К файлам</a><br />';
echo'<br><img src="../images/img/barrow.gif" alt=""> <a href="index.php?'.SID.'"> На форум</a><br>';

echo '<img src="../images/img/homepage.gif" alt=""> <a href="../index.php?'.SID.'">На главную</a>';
include_once"../themes/$config_themes/foot.php";
exit;}}




echo "Формат вашего файла ($rs) не поддерживается <br />";
echo '<br />
<a href="addfile.php?'.SID.'">Заново</a><br />
<a href="attache.php?'.SID.'">К файлам</a><br />';}

if($config_forum_dobfile=="0"){
echo'<center><font color="red">Добавление файлов отключено!</font></center>';}}

if($config_forum_off=="0"){
echo'<center><font color="red">Форум сайта отключен!</font></center>';}

echo'<br><img src="../images/imgfor/barrow.gif" alt=""> <a href="index.php?'.SID.'"> На форум</a><br>';

echo '<img src="../images/img/homepage.gif" alt=""> <a href="../index.php?'.SID.'">На главную</a>';
include_once"../themes/$config_themes/foot.php";
?>