<?
require('../sys/set.php');
if(!isset($user) || $user['assec']<2)
{
$smarty->assign('title','Error');
$smarty->assign('back','/index.php');
$smarty->assign('error','File Manager');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');
}
$kats = $sql->query('SELECT * FROM `cat`');
if($kats->num_rows==0){
$smarty->assign('title','Uploading prohibited');
$smarty->assign('error','Downloading files is prohibited');
$smarty->assign('back','index.php');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');
}
class upfile {
var $type,$name,$ext,$size,$tmp;
function upfile($file){
$this->type = $file['type'];
$this->size = $file['size'];
$this->name = str_replace('.'.$this->ext,'',$file['name']);
$this->tmp = $file['tmp_name'];
$this->ext = strtolower(PATHINFO($file['name'],PATHINFO_EXTENSION));
}
}
if(!isset($_POST['add']))
{
while($cats = $kats->fetch_assoc())$cat[] = $cats;
$smarty->assign('title','Upload File');
$smarty->assign('file',$cat);
$smarty->display('header.tpl');
$smarty->display('upload.tpl');
$smarty->display('footer.tpl');
} else {
$_POST['name'] = fil($_POST['name'],'str');
$_POST['opis'] = fil($_POST['opis'],'str');
$_POST['cat'] = fil($_POST['cat'],'int');
$file = new upfile($_FILES['file']);
if(empty($_POST['name']) && (!preg_match('|^[a-zA-Z0-9\ \_\-\.\(\)]+$|si',$file->name) || mb_strlen($file->name)<3 || mb_strlen($file->name)>30)){
$error = 'File Name can contain only alphabetical characters and tsifry.Vernises back and rename the file or type the name manually in the mentioned field';}
if($sql->result('SELECT COUNT(*) FROM `cat` WHERE `id`="'.$_POST['cat'].'"')==0){
$error = 'This category does not exist';}
$yes = $sql->query('SELECT `ros`,`max`,`user` FROM `cat` WHERE `id`="'.$_POST['cat'].'"')->fetch_assoc();
if(!in_array($file->ext,split(',',$yes['ros']))){
$error = 'File of this format is prohibited for upload in this category';}
if($file->size/1024>$yes['max']){
$error = 'Maximum file size for this section '.$yes['max'].' Kb';}
if(!is_uploaded_file($file->tmp)){
$error = 'File not uploaded';}
if(isset($error)){
$smarty->assign('title','Error');
$smarty->assign('error',$error);
$smarty->assign('back','/upload.php');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');
} else {
$real = strtolower($_SERVER['HTTP_HOST']).'_'.md5(time().mt_rand(11111,99999)).'.'.$file->ext;
$na_file = !empty($_POST['name'])?$_POST['name']:$file->name;
$pass = !empty($_POST['pass'])?md5($_POST['pass']):'';
if(is_uploaded_file($_FILES['scrin']['tmp_name'])){
if(!in_array(strtolower(PATHINFO($_FILES['scrin']['name'],PATHINFO_EXTENSION)),array('jpg','png','gif'))){
$smarty->assign('title','Error');
$smarty->assign('error','Prohibited format screenshot');
$smarty->assign('back','/upload.php');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl'); }
if(($_FILES['scrin']['size']/1024)>300){
$smarty->assign('title','Error');
$smarty->assign('error','The maximum size of 300KB Screenshot');
$smarty->assign('back','/upload.php');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl'); }
if(!move_uploaded_file($_FILES['scrin']['tmp_name'],'screens/'.$real.'.'.strtolower(PATHINFO($_FILES['scrin']['name'],PATHINFO_EXTENSION)))){
$smarty->assign('title','Error');
$smarty->assign('error','An error has occurred');
$smarty->assign('back','/upload.php');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');}
}
$add = !empty($_FILES['scrin']['tmp_name'])?strtolower(PATHINFO($_FILES['scrin']['name'],PATHINFO_EXTENSION)):'';
if(!move_uploaded_file($file->tmp,'files/'.$real)){
$smarty->assign('title','Error');
$smarty->assign('error','An error has occurred');
$smarty->assign('back','/upload.php');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');} else {
if($sql->query('INSERT INTO `files` SET
`cat_id`="'.$_POST['cat'].'",
`user_id`="'.$user['id'].'",
`name`="'.$_POST['name'].'",
`opis`="'.$_POST['opis'].'",
`real`="'.$real.'",
`add`="'.$add.'",
`time`="'.time().'",
`pass`="'.$pass.'",
`size`="'.$file->size.'",
`ext`="'.$file->ext.'"')){
$id = $sql->insert_id;
if($us_id!='00'){
$bals = $sql->query('SELECT `balls` FROM `config`')->fetch_assoc();
$sql->query('UPDATE `acc` SET `balls`=`balls`+"'.$bals['balls'].'",`lastfile`="'.time().'" WHERE `id`="'.$user['id'].'" ');
}
$smarty->assign('title','Finish');
$smarty->assign('back','/file-'.$id);
$smarty->assign('ok','Your File successfully uploaded');
$smarty->assign('nz','Back to File');
$smarty->display('header.tpl');
$smarty->display('ok.tpl');
$smarty->display('footer.tpl');
} else {
$smarty->assign('title','Error');
$smarty->assign('error','An error has occurred');
$smarty->assign('back','/upload.php');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');
}
}
}
}
?>