<?php ini_set("display_errors",0);
include('../includes/connect.php');
if(!$userid) go($url);
$queryUser = mysql_query("SELECT password,disk,username FROM users WHERE id = '$userid'") or die ( mysql_error());
$info = mysql_fetch_assoc($queryUser);
mysql_free_result($queryUser);
if($rights>0) {
if(isset($_GET['import'])){
$title = 'Import Files';
include('../includes/header.php');
echo '<div class="br"/><div class="title">Import File</div>';
If(isset($_POST['up'])){
$pas = (strlen($_POST['pas'])>20) ? input(substr($_POST['pas'],0,20)) : input($_POST['pas']) ;
$des = (strlen($_POST['des'])>5000) ? input(substr($_POST['des'],0,5000)) : input($_POST['des']);
$cat = $_POST['cat'];
$dir = '../data/user'.$userid.'/';
$name = preg_replace('/[^a-zA-Z0-9-_\.]/i','',getWithoutPath(rm20($_POST['url'])));
$sizeall = bytetomb($size)+$info['disk'];
if(!$name){
echo '<div class="news">Please enter a file $url! <br/><a href="javascript:history.go(-1)">Go back</a></div>';
} else {
$f = @fopen($_POST['url'], 'r');
if(!$f) {
echo '<div class="news">File url is invalid! <br/><a href="javascript:history.go(-1)">Go back</a></div>';
include('../includes/footer.php');
die();
}
$queryCat = mysql_query('SELECT * FROM file_cat WHERE id = '.$cat.'');
while($inf_cat = mysql_fetch_array($queryCat))
{ $cat_ext = $inf_cat["ext"];
if(!empty($cat_ext)) {
$cat_ext = explode(', ', $inf_cat['ext']);
$cat_ext2 = $inf_cat['ext'];
} else
{ $cat_ext = explode(', ', $set['file_ext']);
$cat_ext2 = $set['file_ext'];
}
}
$ext = explode(".", $name);
while($c = fread($f, 1024)) $filedata .= $c;
$cat = $_POST['cat'];
$size = strlen($filedata);
$sizeall = bytetomb($size)+$info['disk'];
fclose($f);
if($size<10){
echo '<div class="news">File must be larger than 10Bytes! <br/><a href="javascript:history.go(-1)">Go back</a></div>';
}
elseif($sizeall>$set['upmax']){
echo '<div class="news">Not uploaded! you have exceeded your disk space limit! <a href="javascript:history.go(-1)">Go back</a></div>';
}
elseif(!$cat || $cat == 0){
echo '<div class="news">Please Select file Category! <br/><a href="javascript:history.go(-1)">Go back</a></div>';
}
elseif(!in_array($ext[1], $cat_ext)) {
echo '<div class="news">Invalid file extension! allowed types: '.$cat_ext2.' <br><a href="javascript:history.go(-1)">Go back</a></div>';
}
elseif(file_exists("$dir$name")){
echo '<div class="news">File exists please rename this file ! <a href="javascript:history.go(-1)">Go back</a></div>';
} else {
file_put_contents($dir.$name,$filedata);
$idff = insert('files');
mysql_query("insert into files set id = '".$idff."', name = '$name', catid = '$cat', description = '$des', password = '$pas', size = '$size', time = '$time', downloaded = '0', views = '1', userid = '$userid', report = '0' ");
mysql_query("update users set disk = '$sizeall' where id = '$userid'") or die( mysql_error());
mysql_query("UPDATE users SET files = files+1 WHERE id = '$userid'");
echo '<div class="news">File Imported successfully! <br/><a href="../file.php?id='.$idff.'">View File</a></div>';
}
}
} else {
echo '<div class="menu"><form method="post" >File URL:<br/><input type="text" name="url" value="http://" size="15"><br>
File Category:<br><select name="cat"><option value="0">Select Category</option>';
$queryCat = mysql_query("SELECT * FROM file_cat order by `name` asc");
while($cat_info = mysql_fetch_array($queryCat))
{ $id = $cat_info["id"];
$name = $cat_info["name"];
echo"<option value=\"$id\">$name</option>"; }
echo '</select><br>Description (max: 5000 chars): <br><textarea name="des"></textarea>';
if($rights>1){ echo '<br>Password (Optional): <br><input type="text" name="pas" size="15">'; }
echo '<br><input type="submit" name="up" value="Upload"></form></div>';
}
include ('../includes/footer.php');
die();
}
if(isset($_GET['upload'])){
$title = 'Upload Files';
include('../includes/header.php');
echo '<div class="br"/><div class="title">Upload File</div>';
If(isset($_POST['up'])){
$pas = (strlen($_POST['pas'])>20) ? input(substr($_POST['pas'],0,20)) : input($_POST['pas']) ;
$des = (strlen($_POST['des'])>5000) ? input(substr($_POST['des'],0,5000)) : input($_POST['des']);
$cat = $_POST['cat'];
$dir = '../data/user'.$userid.'/';
$name = preg_replace('/[^a-zA-Z0-9-_\.]/i','',$_FILES['file']['name']);
$size = $_FILES['file']['size'];
$sizeall = bytetomb($size)+$info['disk'];
$queryCat = mysql_query('SELECT * FROM file_cat WHERE id = '.$cat.'');
while($inf_cat = mysql_fetch_array($queryCat))
{ $cat_ext = $inf_cat["ext"];
if(!empty($cat_ext)) {
$cat_ext = explode(', ', $inf_cat['ext']);
$cat_ext2 = $inf_cat['ext'];
} else
{ $cat_ext = explode(', ', $set['file_ext']);
$cat_ext2 = $set['file_ext'];
}
}
$ext = explode(".", $name);
if(!$name) {
echo '<div class="news">Please select a file! <br/><a href="javascript:history.go(-1)">Go back</a></div>';
}
elseif(!$cat || $cat == 0){
echo '<div class="news">Please Select file Category! <br/><a href="javascript:history.go(-1)">Go back</a></div>'; }
elseif($size<10){
echo '<div class="news">Files must be larger than 10Bytes! <br/><a href="javascript:history.go(-1)">Go back</a></div>';
}
elseif($size>(1048576*$set['filemax'])){
echo '<div class="news">File too large! Maximum size: '.$set['filemax'].' <br:><a href="javascript:history.go(-1)">Go back</a></div>';
}
elseif(!in_array($ext[1], $cat_ext)) {
echo '<div class="news">Invalid extension! allowed types: '.$cat_ext2.' <br><a href="javascript:history.go(-1)">Go back</a></div>';
}
elseif($sizeall>$set['upmax']){
echo '<div class="news">Not uploaded! you have exceeded your disk space limit! <a href="javascript:history.go(-1)">Go back</a></div>';
} elseif(file_exists("$dir$name")){
echo '<div class="news">File exists please rename this file! <br/><a href="javascript:history.go(-1)">Go back</a></div>';
} else {
copy($_FILES['file']['tmp_name'],$dir.$name);
$idff = insert('files');
mysql_query("insert into files set id = '".$idff."', name = '$name', catid = '$cat', description = '$des', password = '$pas', size = '$size', time = '$time', downloaded = '0', views = '1', userid = '$userid', report = '0' ");
mysql_query("update users set disk = '$sizeall' where id = '$userid'") or die( mysql_error());
mysql_query("UPDATE users SET files = files+1 WHERE id = '$userid'");
echo '<div class="news">File has been Uploaded successfully! <br/><a href="/file.php?id='.$idff.'">View File</a></div>';
}
} else {
echo '<div class="menu"><form method="post" enctype="multipart/form-data" >Select file ('.$set['filemax'].'MB):<br><input type="file" name="file"><br/>File Category:<br>
<select name="cat"><option value="0">Select Category</option>';
$queryCat = mysql_query("SELECT * FROM file_cat order by `name` asc");
while($cat_info = mysql_fetch_array($queryCat))
{ $id = $cat_info["id"];
$name = $cat_info["name"];
echo"<option value=\"$id\">$name</option>"; }
echo '</select><br>Description (max 5000 chars.): <br><textarea name="des"></textarea>';
if($rights>1){ echo '<br>Password (Optional): <br><input type="text" name="pas" size="15">'; }
echo '<br><input type="submit" name="up" value="Upload"></form></div>';
}
include ('../includes/footer.php');
die();
}
$title = 'Upload';
include('../includes/header.php');
echo '<div class="br"/><div class="title">Upload File</div>
<div class="menu"><a href="?upload">Upload File</a></div>
<div class="menu"><a href="?import">Import File</a></div>
<div class="menu"><a href="'.$url.'/user/?files">My Uploads</a> ('.mysql_result(mysql_query('SELECT COUNT(id) FROM files WHERE userid = '.$userid.''),0).')</div>';
}
else
{
$title = 'Account Suspended';
include('../includes/header.php');
echo '<div class="br"/><div class="title">Account Suspended!</div>
<div class="news">your Account has been suspended!<br> contact ther site adminstrator for your account review.. </div>';
}
include('../includes/footer.php');
?>