last update: Wed, 25 Jan 2012 19:46:46 +0000
  1. <?
  2. //@ TODO : unkink thumbs when deleting files.
  3. require_once('common.php');
  4. require_once('uploader.class.php');
  5. require_once('create_thumbnail.php');
  6. function getMimeType($filename)
  7. {
  8. $mime = "unknown";
  9. if (extension_loaded('Fileinfo'))
  10. {
  11. $finfo = finfo_open(FILEINFO_MIME);
  12. $mimetype = finfo_file($finfo, $filename);
  13. finfo_close($finfo);
  14. return $mimetype;
  15. }
  16. else
  17. {
  18. $filetype = strtolower(strrchr($filename, "."));
  19. switch ($filetype)
  20. {
  21. case ".zip": $mime="application/zip"; break;
  22. case ".ez": $mime="application/andrew-inset"; break;
  23. case ".hqx": $mime="application/mac-binhex40"; break;
  24. case ".cpt": $mime="application/mac-compactpro"; break;
  25. case ".doc": $mime="application/msword"; break;
  26. case ".bin": $mime="application/octet-stream"; break;
  27. case ".dms": $mime="application/octet-stream"; break;
  28. case ".lha": $mime="application/octet-stream"; break;
  29. case ".lzh": $mime="application/octet-stream"; break;
  30. case ".exe": $mime="application/octet-stream"; break;
  31. case ".class": $mime="application/octet-stream"; break;
  32. case ".so": $mime="application/octet-stream"; break;
  33. case ".dll": $mime="application/octet-stream"; break;
  34. case ".oda": $mime="application/oda"; break;
  35. case ".pdf": $mime="application/pdf"; break;
  36. case ".ai": $mime="application/postscript"; break;
  37. case ".eps": $mime="application/postscript"; break;
  38. case ".ps": $mime="application/postscript"; break;
  39. case ".smi": $mime="application/smil"; break;
  40. case ".smil": $mime="application/smil"; break;
  41. case ".xls": $mime="application/vnd.ms-excel"; break;
  42. case ".ppt": $mime="application/vnd.ms-powerpoint"; break;
  43. case ".wbxml": $mime="application/vnd.wap.wbxml"; break;
  44. case ".wmlc": $mime="application/vnd.wap.wmlc"; break;
  45. case ".wmlsc": $mime="application/vnd.wap.wmlscriptc"; break;
  46. case ".bcpio": $mime="application/x-bcpio"; break;
  47. case ".vcd": $mime="application/x-cdlink"; break;
  48. case ".pgn": $mime="application/x-chess-pgn"; break;
  49. case ".cpio": $mime="application/x-cpio"; break;
  50. case ".csh": $mime="application/x-csh"; break;
  51. case ".dcr": $mime="application/x-director"; break;
  52. case ".dir": $mime="application/x-director"; break;
  53. case ".dxr": $mime="application/x-director"; break;
  54. case ".dvi": $mime="application/x-dvi"; break;
  55. case ".spl": $mime="application/x-futuresplash"; break;
  56. case ".gtar": $mime="application/x-gtar"; break;
  57. case ".hdf": $mime="application/x-hdf"; break;
  58. case ".js": $mime="application/x-javascript"; break;
  59. case ".skp": $mime="application/x-koan"; break;
  60. case ".skd": $mime="application/x-koan"; break;
  61. case ".skt": $mime="application/x-koan"; break;
  62. case ".skm": $mime="application/x-koan"; break;
  63. case ".latex": $mime="application/x-latex"; break;
  64. case ".nc": $mime="application/x-netcdf"; break;
  65. case ".cdf": $mime="application/x-netcdf"; break;
  66. case ".sh": $mime="application/x-sh"; break;
  67. case ".shar": $mime="application/x-shar"; break;
  68. case ".swf": $mime="application/x-shockwave-flash"; break;
  69. case ".sit": $mime="application/x-stuffit"; break;
  70. case ".sv4cpio": $mime="application/x-sv4cpio"; break;
  71. case ".sv4crc": $mime="application/x-sv4crc"; break;
  72. case ".tar": $mime="application/x-tar"; break;
  73. case ".tcl": $mime="application/x-tcl"; break;
  74. case ".tex": $mime="application/x-tex"; break;
  75. case ".texinfo": $mime="application/x-texinfo"; break;
  76. case ".texi": $mime="application/x-texinfo"; break;
  77. case ".t": $mime="application/x-troff"; break;
  78. case ".tr": $mime="application/x-troff"; break;
  79. case ".roff": $mime="application/x-troff"; break;
  80. case ".man": $mime="application/x-troff-man"; break;
  81. case ".me": $mime="application/x-troff-me"; break;
  82. case ".ms": $mime="application/x-troff-ms"; break;
  83. case ".ustar": $mime="application/x-ustar"; break;
  84. case ".src": $mime="application/x-wais-source"; break;
  85. case ".xhtml": $mime="application/xhtml+xml"; break;
  86. case ".xht": $mime="application/xhtml+xml"; break;
  87. case ".zip": $mime="application/zip"; break;
  88. case ".au": $mime="audio/basic"; break;
  89. case ".snd": $mime="audio/basic"; break;
  90. case ".mid": $mime="audio/midi"; break;
  91. case ".midi": $mime="audio/midi"; break;
  92. case ".kar": $mime="audio/midi"; break;
  93. case ".mpga": $mime="audio/mpeg"; break;
  94. case ".mp2": $mime="audio/mpeg"; break;
  95. case ".mp3": $mime="audio/mpeg"; break;
  96. case ".aif": $mime="audio/x-aiff"; break;
  97. case ".aiff": $mime="audio/x-aiff"; break;
  98. case ".aifc": $mime="audio/x-aiff"; break;
  99. case ".m3u": $mime="audio/x-mpegurl"; break;
  100. case ".ram": $mime="audio/x-pn-realaudio"; break;
  101. case ".rm": $mime="audio/x-pn-realaudio"; break;
  102. case ".rpm": $mime="audio/x-pn-realaudio-plugin"; break;
  103. case ".ra": $mime="audio/x-realaudio"; break;
  104. case ".wav": $mime="audio/x-wav"; break;
  105. case ".pdb": $mime="chemical/x-pdb"; break;
  106. case ".xyz": $mime="chemical/x-xyz"; break;
  107. case ".bmp": $mime="image/bmp"; break;
  108. case ".gif": $mime="image/gif"; break;
  109. case ".ief": $mime="image/ief"; break;
  110. case ".jpeg": $mime="image/jpeg"; break;
  111. case ".jpg": $mime="image/jpeg"; break;
  112. case ".jpe": $mime="image/jpeg"; break;
  113. case ".png": $mime="image/png"; break;
  114. case ".tiff": $mime="image/tiff"; break;
  115. case ".tif": $mime="image/tiff"; break;
  116. case ".djvu": $mime="image/vnd.djvu"; break;
  117. case ".djv": $mime="image/vnd.djvu"; break;
  118. case ".wbmp": $mime="image/vnd.wap.wbmp"; break;
  119. case ".ras": $mime="image/x-cmu-raster"; break;
  120. case ".pnm": $mime="image/x-portable-anymap"; break;
  121. case ".pbm": $mime="image/x-portable-bitmap"; break;
  122. case ".pgm": $mime="image/x-portable-graymap"; break;
  123. case ".ppm": $mime="image/x-portable-pixmap"; break;
  124. case ".rgb": $mime="image/x-rgb"; break;
  125. case ".xbm": $mime="image/x-xbitmap"; break;
  126. case ".xpm": $mime="image/x-xpixmap"; break;
  127. case ".xwd": $mime="image/x-xwindowdump"; break;
  128. case ".igs": $mime="model/iges"; break;
  129. case ".iges": $mime="model/iges"; break;
  130. case ".msh": $mime="model/mesh"; break;
  131. case ".mesh": $mime="model/mesh"; break;
  132. case ".silo": $mime="model/mesh"; break;
  133. case ".wrl": $mime="model/vrml"; break;
  134. case ".vrml": $mime="model/vrml"; break;
  135. case ".css": $mime="text/css"; break;
  136. case ".html": $mime="text/html"; break;
  137. case ".htm": $mime="text/html"; break;
  138. case ".asc": $mime="text/plain"; break;
  139. case ".txt": $mime="text/plain"; break;
  140. case ".rtx": $mime="text/richtext"; break;
  141. case ".rtf": $mime="text/rtf"; break;
  142. case ".sgml": $mime="text/sgml"; break;
  143. case ".sgm": $mime="text/sgml"; break;
  144. case ".tsv": $mime="text/tab-separated-values"; break;
  145. case ".wml": $mime="text/vnd.wap.wml"; break;
  146. case ".wmls": $mime="text/vnd.wap.wmlscript"; break;
  147. case ".etx": $mime="text/x-setext"; break;
  148. case ".xml": $mime="text/xml"; break;
  149. case ".xsl": $mime="text/xml"; break;
  150. case ".mpeg": $mime="video/mpeg"; break;
  151. case ".mpg": $mime="video/mpeg"; break;
  152. case ".mpe": $mime="video/mpeg"; break;
  153. case ".qt": $mime="video/quicktime"; break;
  154. case ".mov": $mime="video/quicktime"; break;
  155. case ".mxu": $mime="video/vnd.mpegurl"; break;
  156. case ".avi": $mime="video/x-msvideo"; break;
  157. case ".movie": $mime="video/x-sgi-movie"; break;
  158. case ".asf": $mime="video/x-ms-asf"; break;
  159. case ".asx": $mime="video/x-ms-asf"; break;
  160. case ".wm": $mime="video/x-ms-wm"; break;
  161. case ".wmv": $mime="video/x-ms-wmv"; break;
  162. case ".wvx": $mime="video/x-ms-wvx"; break;
  163. case ".ice": $mime="x-conference/x-cooltalk"; break;
  164. case ".w3x": $mime="application/w3x"; break;
  165. case ".w3m": $mime="application/w3m"; break;
  166. case ".w3g": $mime="application/w3g"; break;
  167. }
  168. return $mime;
  169. }
  170. }
  171. //main template
  172. $smarty->assign('main_template', 'upload.tpl');
  173. //title
  174. $pageTitle = 'Uploads';
  175. //set default = nothing
  176. $errors = array();
  177. $notices = array();
  178. $ordner= 0;
  179. $download = false;
  180. $sort=0;
  181. $folderexists = true;
  182. if (isset($_GET['path']))
  183. {
  184. $pageTitle = 'uploads/'.htmlspecialchars($_GET['path']);
  185. $folders = explode("/",$_GET['path']);
  186. $ordner = 0;
  187. foreach ($folders as $folder)
  188. {
  189. if ($folder == "")
  190. {
  191. echo $folder;
  192. continue;
  193. }
  194. $query = 'SELECT *
  195. FROM mapping_files
  196. WHERE ordner = "'.$ordner.'"
  197. AND name = "'.mysql_real_escape_string($folder).'";';
  198. $data = mysql_query($query);
  199. echo mysql_error();
  200. if ($row = mysql_fetch_array($data))
  201. {
  202. if ($row['istordner'])
  203. {
  204. $ordner = $row['id'];
  205. $folderexists = true;
  206. }
  207. else
  208. {
  209. $ordner = $row['id'];
  210. $folderexists = true;
  211. $download = $row;
  212. }
  213. }
  214. else
  215. {
  216. header("Status: 404 Not Found");
  217. $errors[] ='Ordner "'.htmlspecialchars($folder).'" existiert nicht';
  218. $folderexists = false;
  219. //$ordner = 0;
  220. break;
  221. }
  222. }
  223. if (($_GET['path'] == "/") or ($_GET['path'] == ""))
  224. $ordner = 0;
  225. }
  226. if (isset($_GET["o"])) {
  227. $ordner = intval($_GET["o"]);
  228. $o = $ordner;
  229. $path = "";
  230. //calc path
  231. while ($o > 0) {
  232. $query = '
  233. SELECT name, ordner FROM mapping_files
  234. WHERE `id` = "'.$o.'"
  235. ;
  236. ';
  237. $data = mysql_query($query);
  238. $row = mysql_fetch_array($data);
  239. $o = $row['ordner'];
  240. $path = $row['name']."/$path";
  241. }
  242. // Permanent redirection
  243. header("HTTP/1.1 301 Moved Permanently");
  244. header("Location: http://peeeq.de/uploads/".$path);
  245. exit();
  246. }
  247. if (isset($_POST["o"]))
  248. $ordner = intval($_POST["o"]);
  249. if (isset($_GET["s"]))
  250. $sort = intval($_GET["s"]);
  251. $sortby="name";
  252. if ($sort==0)
  253. {
  254. $sortby="name";
  255. }
  256. elseif ($sort==2)
  257. {
  258. }
  259. /*
  260. id
  261. ordner
  262. name
  263. istordner
  264. filesize
  265. filetype
  266. file
  267. */
  268. error_reporting(9999);
  269. if (isset($_POST['c']))
  270. {
  271. $command = $_POST['c'];
  272. if ($command=="upload")
  273. {
  274. $uploader = new Uploader();
  275. $uploadresult = $uploader->upload($_FILES['userfile'], $ordner);
  276. if ($uploadresult < 0) {
  277. $errors[] = $uploader->errorMessage($uploadresult);
  278. } else {
  279. $notices[] ='<br>Datei wurde gespeichert!';
  280. }
  281. /*
  282. if (session_get_userid_secure() > 0) {
  283. //$not_allowed=array(".php",".cgi",".php3",".php4",".php5");
  284. $not_allowed=array();
  285. $change_ext=array(".php",".cgi",".php3",".php4",".php5");
  286. $dotpos = strrpos($_FILES['userfile']['name'],".");
  287. $data_type = substr($_FILES['userfile']['name'],$dotpos,strlen($_FILES['userfile']['name']));
  288. if (preg_match('/^[a-zA-Z0-9_\-\ \(\)\.\!\§\$\%\&]+$/', $_FILES['userfile']['name'])) {
  289. if ( ! in_array($data_type, $not_allowed))
  290. {
  291. //echo substr($_FILES['userfile']['type'],0,11);
  292. //check if folder exists:
  293. $uploadfolderexists = false;
  294. $query = 'SELECT istordner FROM mapping_files WHERE `id` = '.$ordner.';';
  295. $data = mysql_query($query);
  296. if ($row = mysql_fetch_array($data)) {
  297. $uploadfolderexists = $row['istordner'];
  298. }
  299. if (($uploadfolderexists)&&($ordner > 0)) {
  300. if ($_FILES['userfile']['name']!='')
  301. {
  302. $key = md5 (uniqid (rand()));
  303. $destination='uploads/'.$key.basename($_FILES['userfile']['name']);
  304. if ( in_array($data_type, $change_ext))
  305. {
  306. $destination.=".txt";
  307. }
  308. if (! move_uploaded_file($_FILES['userfile']['tmp_name'], $destination) )
  309. {
  310. $temperror ="Beim uploaden der Datei ist ein Fehler aufgetreten... <br />";
  311. if ($_FILES['userfile']['error'] == 0)
  312. {
  313. $temperror .= 'Die Datei wurde erfolgreich hochgeladen, aber konnte nicht richtig gespeichert werden.';
  314. }
  315. elseif ($_FILES['userfile']['error'] == 1)
  316. {
  317. $temperror .= 'Die hochgeladene Datei überschreitet die in der Anweisung upload_max_filesize in php.ini festgelegte Größe.';
  318. }
  319. elseif ($_FILES['userfile']['error'] == 2)
  320. {
  321. $temperror .= 'Die hochgeladene Datei überschreitet die in dem HTML Formular mittels der Anweisung MAX_FILE_SIZE angegebene maximale Dateigröße.';
  322. }
  323. elseif ($_FILES['userfile']['error'] == 3)
  324. {
  325. $temperror .= 'Die Datei wurde nur teilweise hochgeladen.';
  326. }
  327. elseif ($_FILES['userfile']['error'] == 4)
  328. {
  329. $temperror .= 'Es wurde keine Datei hochgeladen.';
  330. }
  331. $errors[] = $temperror; //"Beim uploaden der Datei ist ein Fehler aufgetreten. ".$_FILES['userfile']['error']."...<br>".$_FILES['userfile']['type']."<br>".$_FILES['userfile']['size']."<br>".$_FILES['userfile']['tmp_name']."<br>".$_FILES['userfile']['name'];
  332. //$hreftarget='no';
  333. }
  334. else
  335. {
  336. $notices[] ='<br>Datei wurde gespeichert!';
  337. $name=$_FILES['userfile']['name'];
  338. $filesize=intval($_FILES['userfile']['size']/1024);
  339. //$filetype=$_FILES['userfile']['type'];
  340. $filetype=getMimeType($destination);
  341. //$filetype=mime_content_type($destination);
  342. $owner = session_get_userid_secure();
  343. $query='
  344. INSERT INTO
  345. mapping_files(`ordner`,`istordner`,`name`,`filesize`,`filetype`,`file`,`datum`, `owner`)
  346. VALUES ("'.$ordner.'",false,"'.$name.'","'.$filesize.'","'.$filetype.'","'.$destination.'", NOW(), "'.$owner.'")
  347. ;
  348. ';
  349. //make unexecutable
  350. chmod ($destination, 0750);
  351. $data=mysql_query($query,$mysqlconnection);
  352. echo mysql_error();
  353. if (in_array($data_type, array(".jpg",".bmp",".gif",".png",".jpeg")))
  354. {
  355. //create thumb:
  356. $thumbpath = $destination.'thumb';
  357. createthumb($destination, $thumbpath, 21, 21);
  358. //create bigthumb:
  359. $thumbpath = $destination.'bigthumb';
  360. createthumb($destination, $thumbpath, 100, 100);
  361. }
  362. //update filesizes and dates of parent-folders.
  363. $parentfolderIDs = array();
  364. $currenordner = $ordner;
  365. while ($currentordner != 0) {
  366. $parenfolderIDs[] = $currentordner;
  367. $query='SELECT `folder` FROM mapping_files WHERE `id` = '.$currentordner.';';
  368. $data = mysql_query($query);
  369. if (mysql_error()) {
  370. echo "<pre>".mysql_error()."
  371. $query
  372. </pre>";
  373. }
  374. $row = mysql_fetch_array($data);
  375. $currenordner = $row['folder'];
  376. }
  377. $query = 'UPDATE mapping_files SET filesize = filesize + '.$filesize.'
  378. , datum = NOW()
  379. WHERE `id` in ('.implode(",",$parenfolderIDs).');';
  380. $data=mysql_query($query);
  381. if (mysql_error()) {
  382. echo "<pre>".mysql_error()."
  383. $query
  384. </pre>";
  385. }
  386. }
  387. }
  388. } else {
  389. $errors[] ="Beim uploaden der Datei ist ein Fehler aufgetreten.<br>Der Ordner, in dem die Datei gespeichert werden sollte exisiert nicht, oder es wurde versucht eine Datei ins Hauptverzeichnis hochzuladen.";
  390. }
  391. }
  392. else
  393. {
  394. $errors[] ="Beim uploaden der Datei ist ein Fehler aufgetreten.<br> Der Dateityp $data_type (".$_FILES['userfile']['type'].") ist nicht erlaubt!<br>Wenn der Type erlaubt werden soll, dann sag peq (<a href=\"mailto:peq88@aol.com\">peq88@aol.com</a>) bescheid!";
  395. }
  396. }
  397. else {
  398. $errors[] = "Der Dateiname enthält nicht erlaubte Zeichen.";
  399. }
  400. } else {
  401. $errors[] = "Als Gast darf man keine Dateien hochladen.";
  402. }
  403. */
  404. }
  405. elseif ($command=="newfolder")
  406. {
  407. if (session_get_userid_secure() > 0) {
  408. $name = htmlspecialchars($_POST['folder']);
  409. $owner = session_get_userid_secure();
  410. if (preg_match('/^[a-zA-Z0-9_\-\ \(\)\.]+$/', $name)) {
  411. $query='
  412. INSERT INTO
  413. mapping_files(`ordner`,`istordner`,`name`,`filesize`,`filetype`,`file`,`datum`, `owner`)
  414. VALUES ("'.$ordner.'",true,"'.$name.'","-","Ordner","", NOW(), "'.$owner.'")
  415. ;
  416. ';
  417. $data=mysql_query($query,$mysqlconnection);
  418. echo mysql_error();
  419. $notices[] ='Ordner erstellt';
  420. } else {
  421. $errors[] = "\"<i>$name</i>\" ist ein ungültiger Ordnername. Erlaubte Zeichen sind Buchstaben, Zahlen, Bindestriche, Punkte, Unterstriche und Klammern.";
  422. }
  423. }
  424. else {
  425. $errors[] = "Als Gast darf man keine Ordner erstellen.";
  426. }
  427. }
  428. }
  429. if (isset($_GET['c']))
  430. {
  431. if ($_GET['c'] == "delete")
  432. {
  433. $id = intval($_GET['id']);
  434. $userid = session_get_userid_secure();
  435. if ($_GET['savekey'] == get_save_link_key($id))
  436. {
  437. if ($userid > 0)
  438. {
  439. $query = 'SELECT * FROM mapping_files WHERE `id` = "'.$id.'" AND ( owner = "'.$userid.'" OR owner = 0);';
  440. $data = mysql_query($query, $mysqlconnection);
  441. $row = mysql_fetch_array($data);
  442. if ($row['istordner']) {
  443. $query = 'SELECT * FROM mapping_files WHERE `ordner` = "'.$id.'"';
  444. $data = mysql_query($query, $mysqlconnection);
  445. if (mysql_affected_rows() > 0) {
  446. $notices[] = 'Der Ordner ist nicht leer und kann deshalb nicht gelöscht werden.';
  447. } else {
  448. $query = ' DELETE
  449. FROM mapping_files
  450. WHERE `id` = "'.$id.'" AND (( owner = "'.$userid.'" OR owner = 0) OR '.intval(session_is_admin()).')
  451. ; ';
  452. $data=mysql_query($query,$mysqlconnection);
  453. echo mysql_error();
  454. if (mysql_affected_rows() > 0) {
  455. $notices[] = 'Ordner gelöscht.';
  456. } else {
  457. $notices[] = '<pre>'.$query.'</pre>Keine Rechte, um Ordner zu löschen.';
  458. }
  459. }
  460. } else {
  461. //delete file:
  462. if (file_exists($row['file']))
  463. {
  464. unlink($row['file']);
  465. }
  466. if (file_exists($row['file'].'thumb'))
  467. {
  468. unlink($row['file'].'thumb');
  469. }
  470. $query = ' DELETE
  471. FROM mapping_files
  472. WHERE `id` = "'.$id.'" AND (( owner = "'.$userid.'" OR owner = 0) OR '.(session_is_admin() ? 'TRUE' : 'FALSE') .')
  473. ; ';
  474. $data=mysql_query($query,$mysqlconnection);
  475. if (mysql_error()) {
  476. error_log ("Error in Line ".__LINE__."\n"
  477. . $query
  478. . mysql_error()
  479. . "\n");
  480. }
  481. if (mysql_affected_rows() > 0) {
  482. $notices[] = 'Datei gelöscht.';
  483. } else {
  484. $notices[] = 'Keine Rechte, um Datei zu löschen.';
  485. }
  486. }
  487. }
  488. else
  489. {
  490. $notices[] = 'Nicht angemeldet.';
  491. }
  492. }
  493. else
  494. {
  495. $notices[] = 'Ungültiger Lösch-Link.';
  496. }
  497. }
  498. }
  499. $backpath = "";
  500. $path = "";
  501. //$notices[] = "if $folderexists";
  502. if ($folderexists) {
  503. $nav_ordner = array();
  504. $nav_count = 0;
  505. $nav_ordner[0]["id"] = $ordner;
  506. while ($nav_ordner[$nav_count]["id"] != 0)
  507. {
  508. $query = '
  509. SELECT name, ordner FROM mapping_files
  510. WHERE `id` = "'.$nav_ordner[$nav_count]["id"].'"
  511. ;
  512. ';
  513. $row = mysql_fetch_array(mysql_query($query, $mysqlconnection));
  514. if (mysql_error()) echo "a<br><pre>$query</pre><br><br><pre>".mysql_error()."</pre>";
  515. if ($row["name"] != "")
  516. {
  517. $nav_ordner[$nav_count]["name"] = $row["name"];
  518. }
  519. else
  520. {
  521. $nav_ordner[$nav_count]["name"] = "???";
  522. }
  523. $nav_count++;
  524. $nav_ordner[$nav_count]["id"] = $row["ordner"];
  525. }
  526. $nav_ordner = array_reverse($nav_ordner);
  527. $query = '
  528. SELECT name FROM mapping_files
  529. WHERE `id` = "'.$nav_ordner[$nav_count]["id"].'"
  530. ;
  531. ';
  532. $row = mysql_fetch_array(mysql_query($query, $mysqlconnection));
  533. if (mysql_error()) echo "b<br><pre>$query</pre><br><br><pre>".mysql_error()."</pre>";
  534. $nav_ordner[$nav_count]["name"] = $row["name"];
  535. for ($pos = sizeof($nav_ordner)-1; $pos >= 0 ; $pos--)
  536. {
  537. $nav_ordner[$pos]['path'] = $backpath;
  538. $backpath.="../";
  539. }
  540. $smarty->assign('nav_ordner', $nav_ordner);
  541. $smarty->assign('ordner', $ordner);
  542. $path = "";
  543. $backpath = "..";
  544. for ($pos = 1; $pos < sizeof($nav_ordner); $pos++)
  545. {
  546. if ($pos > 1)
  547. {
  548. $path.= "/";
  549. }
  550. $backpath.="/..";
  551. $path.= $nav_ordner[$pos]['name'];
  552. }
  553. $backpath.="/";
  554. /*$ausgabe.= '<a href="upload.php">uploads</a>';
  555. for ($i=$nav_count-1;$i>=0;$i--)
  556. {
  557. $ausgabe.=' -> <a href="upload.php?o='.$nav_ordner[$i]["id"].'">'.$nav_ordner[$i]["name"].'</a>';
  558. }$ausgabe.= '<a href="upload.php">uploads</a>';
  559. */
  560. /*
  561. $query = '
  562. SELECT ordner FROM mapping_files
  563. WHERE `id` = '.$ordner.'
  564. ;
  565. ';
  566. $data = mysql_query($query, $mysqlconnection);
  567. $row = mysql_fetch_array($data);
  568. $ausgabe.='<td><img src="ordner.gif"></td>';
  569. $ausgabe.='<td><a href="upload.php?o='. $row['ordner'] .'">..</a></td>';
  570. $ausgabe.='<td>Ordner</td>';
  571. $ausgabe.='<td></td>';*/
  572. $sortby = "istordner DESC";
  573. if (!isset($_GET['sortby']))
  574. {
  575. $smarty->assign('sortby', '');
  576. $sortby .= ",mapping_files.`id` DESC ";
  577. $smarty->assign('sort_parameters',array() );
  578. }
  579. else
  580. {
  581. $smarty->assign('sortby', "&sortby=".$_GET['sortby']);
  582. $allowed_sort_parameters = array("id", "ordner", "istordner", "name", "filesize", "filetype", "file", "datum", "owner", "downloads", "id DESC", "ordner DESC", "istordner DESC", "name DESC", "filesize DESC", "filetype DESC", "file DESC", "datum DESC", "owner DESC", "downloads DESC");
  583. $sort_parameters = split(",", $_GET['sortby']);
  584. $smarty->assign('sort_parameters',$sort_parameters );
  585. foreach ($sort_parameters as $sort_parameter)
  586. {
  587. if (in_array($sort_parameter, $allowed_sort_parameters))
  588. {
  589. if ($sort_parameter == "owner")
  590. $sortby .= ",wp_users.display_name";
  591. elseif ($sort_parameter == "owner DESC")
  592. $sortby .= ",wp_users.display_name DESC";
  593. else
  594. $sortby .= ",mapping_files.$sort_parameter";
  595. }
  596. else {echo "$sort_parameter is not an allowed parameter for searching."; }
  597. }
  598. }
  599. $query = '
  600. SELECT mapping_files.*, wp_users.display_name as username, wp_users.`ID` as userid FROM mapping_files LEFT JOIN wp_users ON mapping_files.owner=wp_users.`ID`
  601. WHERE mapping_files.ordner = '.$ordner.' AND mapping_files.`name` != ""
  602. ORDER BY '.$sortby.'
  603. ;
  604. ';
  605. $data = mysql_query($query, $mysqlconnection);
  606. echo mysql_error();
  607. $row_hl_type=1;
  608. $ordnerinhalt = array();
  609. while ($row = mysql_fetch_array($data))
  610. {
  611. $thumb= 'thumbs/'.$row['file'].'thumb';
  612. $thumb= str_replace("uploads/","",$thumb);
  613. $dotpos = strrpos($row['file'],".");
  614. $data_type = substr($row['file'],$dotpos,strlen($row['file']));
  615. $thumb = "$thumb.$data_type";
  616. if (!file_exists($thumb))
  617. {
  618. //$thumb = '';
  619. //create thumb
  620. if (in_array(strtolower($data_type), array(".jpg",".bmp",".gif",".png",".jpeg")))
  621. {
  622. //create thumb:
  623. //if (!createthumb($row['file'], $thumb, 21, 21))
  624. //{
  625. //$notices[] = "Could not create thumb for ".htmlspecialchars($row['name'] . "<br />".$row['file']);
  626. $thumb = '';
  627. //}
  628. //if (isset($_GET['debug'])) { print_r($smarty);die('alive'); }
  629. /*else
  630. {
  631. //create bigthumb:
  632. $thumbpath = str_replace("thumb","bigthumb",$thumb);
  633. $thumbpath = str_replace("bigthumbs/","thumbs/",$thumbpath);
  634. createthumb($row['file'], $thumbpath, 100, 100);
  635. }*/
  636. }
  637. else
  638. {
  639. //$notices[] = htmlspecialchars($row['name'])." is no picture";
  640. $thumb = '';
  641. }
  642. }
  643. // User Avatar
  644. $avatar = get_avatar( $row['userid'] , 16 );
  645. $ordnerinhalt[] = array( "istordner" => $row['istordner'] ,
  646. "id" => $row['id'],
  647. "name" => htmlspecialchars($row['name']),
  648. "file" => $row['file'],
  649. "filetype" => $row['filetype'],
  650. "filesize" => $row['filesize'],
  651. "datum" => $row['datum'],
  652. "ownerid" => $row['userid'],
  653. "avatar" => $avatar,
  654. "ownername" => $row['username'],
  655. "downloads" => $row['downloads'],
  656. "thumb" => $thumb,
  657. "savekey" => get_save_link_key($row['id'])
  658. );
  659. };
  660. $smarty->assign('ordnerinhalt',$ordnerinhalt);
  661. }
  662. else {
  663. $smarty->assign('ordnerinhalt',"");
  664. $path = $_GET['path'];
  665. $backpath = "../";
  666. //$notices[] = "$path -> count = ".substr_count($path,"/");
  667. for ($i = 0; $i < substr_count($path,"/");$i++) {
  668. $backpath .="../";
  669. }
  670. }
  671. $smarty->assign('folderexists',$folderexists);
  672. //JQUERY
  673. $footer_scripts[] = '<script src="'.$backpath.'jquery/jquery.js" type="text/javascript"></script>';
  674. //jcUpload
  675. function createRandomKey() {
  676. $chars = "abcdefghijkmnopqrstuvwxyz023456789";
  677. srand((double)microtime()*1000000);
  678. $count = 100;
  679. $key = '' ;
  680. for ($i = 0;$i < $count; $i++) {
  681. $num = rand() % 33;
  682. $key.= substr($chars, $num, 1);
  683. }
  684. return $key;
  685. }
  686. $uploadID = "";
  687. do {
  688. $uploadID = createRandomKey();
  689. $query = 'INSERT INTO mapping_files_upload_keys(`id`,`userid`,`folder`,`expires`)
  690. VALUES("'.$uploadID.'","'.session_get_userid_secure().'", "'.$ordner.'", DATE_ADD( NOW() , INTERVAL 5 HOUR ));';
  691. mysql_query($query);
  692. } while (mysql_error());
  693. if (rand(0,100) <= 1) {
  694. //delete old entries every now and then
  695. $query = 'DELETE FROM mapping_files_upload_keys WHERE `expires` < NOW();';
  696. mysql_query($query);
  697. echo mysql_error();
  698. }
  699. $additional_headers[] = '<link rel="stylesheet" href="'.$backpath.'jcUpload/jquery.jcuploadUI.css" />';
  700. $footer_scripts[] = '<script type="text/javascript" src="'.$backpath.'jcUpload/jquery.jcupload.js"></script>';
  701. $footer_scripts[] = '<script type="text/javascript" src="'.$backpath.'jcUpload/jquery.jcuploadUI.config.js"></script>';
  702. $footer_scripts[] = '<script type="text/javascript" src="'.$backpath.'jcUpload/jquery.jcuploadUI.js"></script>';
  703. $footer_scripts[] = '<script type="text/javascript">
  704. var jcu;
  705. $(document).ready(function() {
  706. var conf= {
  707. //url: "'.$backpath.'uploadajax.php?uploadID='.$uploadID.'",
  708. url: "uploadajax.php?uploadID='.$uploadID.'",
  709. flash_file: "'.$backpath.'jcuploadflash.swf",
  710. flash_background: "'.$backpath.'jcUpload/button.png",
  711. box_height: 100, // UI height
  712. file_icon_ready: "'.$backpath.'jcUpload/file_ready.gif", // absolute path to image for file in queue
  713. file_icon_uploading: "'.$backpath.'jcUpload/file_uploading.gif", // absolute path to image for current uploading file
  714. file_icon_finished: "'.$backpath.'jcUpload/file_finished.gif", // absolute path to image for uploaded file
  715. hide_file_after_finish: true, // option if you want to hide finished files
  716. hide_file_after_finish_timeout: 5000, // hide timeout (in miliseconds)
  717. error_timeout: -1, // error hide timeout (in miliseconds)
  718. max_file_size: 5242880, // maximum size per file limit - 0=disabled
  719. max_queue_count: 10, // maximum queue file count - 0=disabled
  720. max_queue_size: 0, // maximum queue file size sum - 0=disabled
  721. extensions: ["All files (*)|*"],
  722. callback: {
  723. init: function(uo, jcu_version, flash_version) {
  724. $("#olduploadform").fadeOut("fast");
  725. },
  726. queue_upload_end: function(uo) {
  727. $.get(
  728. "'.$backpath.'jcUpload/uploadajaxquery.php",
  729. {uploadID:"'.$uploadID.'"},
  730. function(xml) {
  731. if (xml.length > 0) {
  732. $("#jcupload_messages").attr("innerHTML",xml).fadeIn("slow");
  733. } else {
  734. $("#jcupload_messages").attr("innerHTML","Fehler beim uploaden.").fadeIn("slow");
  735. }
  736. }
  737. );
  738. },
  739. error_file_size: function(uo, file_name, file_type, file_size) {
  740. $("<div class=\"error\">Die Datei " +file_name +" ist zu groß!</div>")
  741. .appendTo("#jcupload_messages")
  742. .fadeIn("slow");
  743. },
  744. error_queue_count: function(uo, file_name, file_type, file_size) {
  745. $("<div class=\"error\">Die Datei " +file_name +" kann nicht hochgeladen werden. Es werden zu viele Dateien auf einmal hochgeladen.</div>")
  746. .appendTo("#jcupload_messages")
  747. .fadeIn("slow");
  748. },
  749. error_queue_size: function(uo, file_name, file_type, file_size) {
  750. $("<div class=\"error\">Die Datei " +file_name +" kann nicht hochgeladen werden. Es werden zu viele und zu große Dateien auf einmal hochgeladen.</div>")
  751. .appendTo("#jcupload_messages")
  752. .fadeIn("slow");
  753. }
  754. // other callbacks...
  755. }
  756. };
  757. jcu= $.jcuploadUI(conf);
  758. jcu.append_to("#jcupload_content");
  759. });
  760. //-->
  761. </script>';
  762. //tablesorter
  763. $footer_scripts[] = '<script src="'.$backpath.'jquery/jquery.tablesorter.min.js" type="text/javascript"></script>';
  764. $footer_scripts[] = '<script type="text/javascript">
  765. $.tablesorter.addParser({
  766. // set a unique id
  767. id: "my_date",
  768. is: function(s) {
  769. // return false so this parser is not auto detected
  770. return false;
  771. },
  772. format: function(s) {
  773. // format your data for normalization
  774. var Tag = s.substr(0,2);
  775. var Monat = s.substr(3,2);
  776. var Jahr = s.substr(6,4);
  777. var Stunden = s.substr(11,2);
  778. var Minuten = s.substr(14,2);
  779. var Sekunden = s.substr(17,2);
  780. var thisdate = new Date(Jahr, Monat, Tag, Stunden, Minuten, Sekunden);
  781. return thisdate;
  782. },
  783. // set type, either numeric or text
  784. type: "numeric"
  785. });
  786. $.tablesorter.addParser({
  787. // set a unique id
  788. id: "my_num",
  789. is: function(s) {
  790. // return false so this parser is not auto detected
  791. return false;
  792. },
  793. format: function(s) {
  794. return parseInt(s);
  795. },
  796. // set type, either numeric or text
  797. type: "numeric"
  798. });
  799. $(document).ready(function()
  800. {
  801. $("table").tablesorter({
  802. widgets: ["zebra"],
  803. headers: {
  804. 2: {
  805. sorter:"my_num"
  806. }
  807. ,3: {
  808. sorter:"my_date"
  809. }
  810. ,6: {
  811. sorter:false
  812. }
  813. }
  814. } );
  815. });
  816. </script>';
  817. $smarty->assign('ordner',$ordner);
  818. $smarty->assign('path',$path);
  819. $smarty->assign('backpath',$backpath);
  820. $smarty->assign('errors',$errors);
  821. $smarty->assign('notices',$notices);
  822. //echo $ausgabe;
  823. if (!$download)
  824. {
  825. /*$smarty->assign('additional_headers', $additional_headers);
  826. $smarty->assign('footer_scripts', $footer_scripts);
  827. $smarty->assign("compileTime",sprintf("%.4f",(microtime(true) - $sript_start_time))); $smarty->display('site.tpl');
  828. */
  829. $GLOBALS['footer_scripts'] = $footer_scripts;
  830. finish($smarty, "upload.tpl", $additional_headers);
  831. }
  832. else
  833. {
  834. $row = $download;
  835. //$row = mysql_fetch_array($data);
  836. $datei = $row['file'];
  837. $filetype = $row['filetype'];
  838. $dotpos = strrpos($datei,".");
  839. $data_type = strtolower(substr($datei,$dotpos,strlen($datei)));
  840. $images = array(".jpg", ".png", ".gif", ".bmp", ".jpeg");
  841. //heades:
  842. if (in_array($data_type,$images))
  843. {
  844. //image
  845. //echo $_SERVER['HTTP_USER_AGENT'];
  846. /*
  847. if (!preg_match("/firefox/i",$_SERVER['HTTP_USER_AGENT']))
  848. {
  849. //echo "no firefox";
  850. header( 'Content-disposition: atachment;filename="'.($row['name']).'"');
  851. }
  852. else
  853. {
  854. header( 'filename="'.($row['name']).'"');
  855. }
  856. */
  857. header( 'filename="'.($row['name']).'"');
  858. }
  859. else
  860. {
  861. //no image
  862. header( 'Content-disposition: atachment;filename="'.($row['name']).'"');
  863. }
  864. //header( 'Content-disposition: atachment');
  865. header("Expires: 0");
  866. header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
  867. header("Cache-Control: private",false);
  868. header("Content-Transfer-Encoding:­ binary");
  869. header( 'Content-Length: ' . filesize( $datei ) );
  870. header( 'Connection: close');
  871. header( 'Content-Type: '.$filetype);
  872. //ngingx-send
  873. $datei2 = str_replace("uploads","uploaddata",$datei);
  874. //echo $datei2;
  875. header('X-Accel-Redirect: /'.$datei2.'');
  876. //header("Content-Disposition: attachment; filename=".basename(@$datei));
  877. //echo file_get_contents($datei);
  878. readfile($datei);
  879. $query = 'UPDATE mapping_files SET downloads = downloads + 1 WHERE `id` = "'.$row['id'].'";';
  880. $data = mysql_query($query, $mysqlconnection);
  881. }

goto line:
Compare with:
text copy window edit this code post new code