Просмотр файла download/add.php

Размер файла: 7.03Kb
<?php

/*
Add download for wap motor17-18
Автор: SmartMan
E-mail: [email protected]         
Site: http://xsmartos.ru
ICQ: 199426
*/

require_once"../template/start.php";
require_once"../template/regglobals.php";
require_once"../template/config.php";
require_once"../template/functions.php";
require_once"../template/antidos.php";
require_once"../template/cookies.php";
require_once"../template/gzip.php";
require_once"../template/header.php";
require_once"../template/referer.php";
include_once"../themes/$config_themes/index.php";
include_once"../template/isset.php";

function utf_to_lats($t){

$t=str_replace("?","",$t);
$t=str_replace("!","",$t);
$t=str_replace("(","",$t);
$t=str_replace(")","",$t);
$t=str_replace("@","",$t);
$t=str_replace(":","",$t);
$t=str_replace(";","",$t);
$t=str_replace("+","",$t);
$t=str_replace("&","",$t);
$t=str_replace("%","",$t);
$t=str_replace("*","",$t);
$t=str_replace("=","",$t);
$t=str_replace("£","",$t);
$t=str_replace("€","",$t);
$t=str_replace("¥","",$t);
$t=str_replace("¤","",$t);
$t=str_replace("[","",$t);
$t=str_replace("]","",$t);
$t=str_replace("{","",$t);
$t=str_replace("}","",$t);
$t=str_replace("~","",$t);
$t=str_replace("^","",$t);
$t=str_replace("¡","",$t);
$t=str_replace("¿","",$t);
$t=str_replace("§","",$t);
$t=str_replace("#","",$t);
$t=str_replace("\/","",$t);
$t=str_replace("..","",$t);
$t=str_replace(".JPG",".jpg",$t);
$t=str_replace(".GIF",".gif",$t);

$a = array('_','YA','Ya','ya','yee','YO','yo','Yo','ZH','zh','Zh','Z','z','CH','ch','Ch','SH','sh','Sh','YE','ye','Ye','YU','yu','Yu','JA','ja','Ja','A','a','B','b','V','v','G','g','D','d','E','e','I','i','J','j','K','k','L','l','M','m','N','n','O','o','P','p','R','r','S','s','T','t','U','u','F','f','H','h','W','w','x','q','Y','y','C','c','!');
$b = array(' ','Я','Я','я','ые','Ё','ё','Ё','Ж','ж','Ж','З','з','Ч','ч','Ch','Ш','ш','Ш','Э','э','Э','Ю','ю','Ю','Я','я','Я','А','а','Б','б','В','в','Г','г','Д','д','Е','е','И','и','Й','й','К','к','Л','л','М','м','Н','н','О','о','П','п','Р','р','С','с','Т','т','У','у','Ф','ф','Х','х','Щ','щ','ъ','ь','Ы','ы','Ц','ц','');

return str_replace($b,$a,$t);
}

function formats($name){
$f1=strrpos($name,".");
$f2=substr($name,$f1+1,999);
$fname=strtolower($f2);
return $fname;}

$log = check($log);

echo '<img src="../images/img/partners.gif" alt="img" /> <b>Загрузка файла</b><br />';

if ($provlog==$_SESSION['log'] && $provpar==md5($_SESSION['par']) && $_SESSION['log']!="" && md5($_SESSION['par'])!="") {
if ($dostup==101 || $dostup==102 || $dostup==103 || $dostup==105){

$do = isset($_GET["do"]) ? $_GET["do"] : "";

switch($do){
default:

$lib_array = array();
$dir = opendir ("."); 
while ($file = readdir ($dir)) {
if (is_dir($file)) {
if($file=="."||$file=="..") continue;
$lib_array[]=$file;}}
closedir ($dir); 

sort($lib_array);

$total = count($lib_array);  

echo '<form action="add.php?do=add&amp;'.SID.'" method="post">';
echo 'Категория:<br />';

echo '<select name="kategory">';
echo '<option value=""></option>';

for ($i = 0; $i < $total; $i++){ 
$lib_name=file_get_contents("$lib_array[$i]/name.dat");
if($lib_name==""){$lib_name=$lib_array[$i];}

echo '<option value="'.$lib_array[$i].'">'.$lib_name.'</option>';
}
echo '</select><br />';

echo 'Файл: <span style="color:#FF0000">*</span><br /><input type="file" name="file"><br />';
echo 'Скриншот:<br /><input type="file" name="screen" /><br />';
echo 'Описание: <span style="color:#FF0000">* мин(10)</span><br /><textarea name="opis" cols=50 rows=10></textarea><br />';

echo '<input type="submit" value="Добавить"></form><br />';

echo 'Всего категорий: '.(int)$total.'<br />';
break;

case("add"):

if($kategory=="" && eregi("[^a-z0-9_@!+.-]",$kategory) && !is_dir($kategory) && !file_exists($kategory) && !is_writeable($kategory)){
header ("Location: add.php?".SID); exit;}

if(strlen(utf_to_win(trim($opis)))<10){
header ("Location: add.php?".SID); exit;}

if(strlen(utf_to_win(trim($_FILES['file']['name'])))>43){
header ("Location: add.php?".SID); exit;}

if ($_FILES['file']['name']!=""){

if ($_FILES['file']['size'] <= 50000*1024 && $_FILES['file']['size']>0){

if (($_FILES['file']['size']) <= 1024000){
$fides = file_get_contents($_FILES['file']['tmp_name']);
$prov = htmlspecialchars($fides);}

$fidname=$_FILES['file']['name'];
$fidname=trim($fidname);
$fidname=utf_to_lats($fidname);
$fidname=check_full($fidname);

if((preg_match("/\bphp/i", $fidname)==true) or (preg_match("/\bhtm/i",$fidname)==true) or (preg_match("/\bphtml/i",$fidname)==true) or (preg_match("/else/i",$prov)) or (preg_match("/echo/i",$prov)) or (preg_match("/print/i",$prov)) or (preg_match("/base64_decode/i",$prov)) or (preg_match("/Zend/i",$prov))){header ("Location: add.php?".SID); exit;}

$format = formats($fidname);
$fixs = array('rar', 'zip', 'pdf', 'tar', 'gz', 'jpg', 'jpeg', 'gif', 'png', 'bmp', '3gp', 'mp3', 'mpg', 'sis', 'thm', 'jar', 'jad', 'cab', '7z', 'sisx', 'exe', 'msi', 'swf','doc', 'djvu', 'chm','nth','mp4', 'avi', 'flv', 'mpe', 'mpeg', 'wmv', 'wma', 'ogg', 'wav','mpg4');

if(in_array($format, $fixs)){
$upl = "$kategory/$fidname";
if (!file_exists("$kategory/$fidname")){

} else {header ("Location: add.php?".SID); exit;}

} else { header ("Location: add.php?".SID); exit;}

} else { header ("Location: add.php?".SID); exit;}

} else { header ("Location: add.php?".SID); exit;}

if(!empty($_FILES['screen']['tmp_name'])){
$scformat = formats($_FILES['screen']['name']);
$scoform = array('jpg', 'gif');

if(in_array($scformat,$scoform)){
if($_FILES['screen']['size']<= 1000*1024 && $_FILES['screen']['size']>0){

$scupl = ''.$kategory.'/'.$fidname.'.JPG';

} else { header ("Location: add.php?".SID); exit;}
} else { header ("Location: add.php?".SID); exit;}}

if(!move_uploaded_file($_FILES["file"]["tmp_name"], $upl)) {
header ("Location: add.php?".SID); exit;}

if(!empty($_FILES['screen']['tmp_name'])){
move_uploaded_file($_FILES["screen"]["tmp_name"], $scupl);
}

$opis = check($opis);
$opis = antimat($opis);
$opis = smiles($opis);
$opis = no_br($opis,"<br />");

$fp=fopen("$kategory/$fidname.txt","w");
flock ($fp,LOCK_EX);
fputs($fp,$opis);
flock ($fp,LOCK_UN);
fclose($fp);
chmod("$kategory/$fidname.txt", 0666);

echo '<b><span style="color:#00AA00">Файл загружен.</span></b><br />';
echo '&#187; <a href="down.php?action=ob&amp;did='.$kategory.'&amp;fid='.$fidname.'&amp;'.SID.'"><span style="color:blue">Посмотреть</span></a> &#187;<br />';
echo '&#171; <a href="add.php?'.SID.'"><span style="color:#BB00BB">Загрузить еше</span></a> &#171;<br />';
break;
}

echo '<img src="../images/img/act_home.gif" alt=""> <a href="../index.php?'.SID.'">На главную</a><br />';

} else {header ("Location: ../index.php?isset=404&".SID);}
} else {header ("Location: ../index.php?isset=404&".SID);}

include_once"../themes/$config_themes/foot.php";
?>