|
Server : Apache/2.4.62 System : FreeBSD fbsdweb2.web.rcn.net 14.1-RELEASE FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64 User : www ( 80) PHP Version : 8.3.8 Disable Function : NONE Directory : /domains/abtechsci/mmc15/ezupload/cp/ |
Upload File : |
<?php
error_reporting(E_ERROR | E_PARSE);
set_time_limit (30000); // Uploading timeout
require("upload_header.php");
require_once("lib.php");
$customize=new customize();
$temp=$customize->get();
$phpcode=$temp[0]->phpcode;
$header=$temp[0]->header;
$footer=$temp[0]->footer;
$fieldsize=$temp[0]->fieldsize;
$displayinfo=$temp[0]->displayinfo;
$showrequired=$temp[0]->showrequired;
$fonttype=$temp[0]->fonttype;
$fontsizel=$temp[0]->fontsizel;
$fontsizes=$temp[0]->fontsizes;
$filter=new filter();
$temp=$filter->get();
$extmode=$temp[0]->extmode;
$extensions=$temp[0]->extensions;
$limitsize=$temp[0]->limitsize;
$sizemin=$temp[0]->sizemin * 1024 ;
$sizemax=$temp[0]->sizemax * 1024 ;
$limitdim=$temp[0]->limitdim;
$widthmin=$temp[0]->widthmin;
$widthmax=$temp[0]->widthmax;
$heightmin=$temp[0]->heightmin;
$heightmax=$temp[0]->heightmax;
$form_association=new form_association();
$temp=$form_association->get();
$upload_results=new upload_results();
$temp=$upload_results->get();
$subdir=$temp[0]->subdir;
$subdir_field=$temp[0]->subdir_field;
$existing=$temp[0]->existing;
$moreuploads=$temp[0]->moreuploads;
$includelinks=$temp[0]->includelinks;
$attachments=$temp[0]->attachments;
$attachmaxsize=$temp[0]->attachmaxsize;
$notifyemails=$temp[0]->notifyemails;
$setting=new settings();
$temp=$setting->get();
$adminemail=$temp[0]->adminemail;
$site_name = $temp[0]->site_name;
$upload_setting=new upload_setting();
$temp=$upload_setting->get();
$upload_dir=$temp[0]->upload_dir;
$form_setting=new form_setting();
$temp=$form_setting->get();
$sty=$temp[0]->sty;
$form_name=$temp[0]->form_name;
$location=$temp[0]->location;
$progress=$temp[0]->progress;
$weather=$temp[0]->weather;
$uformprotect=$temp[0]->uformprotect;
$notification = $temp[0]->notification;
$redirecturl = $temp[0]->redirecturl;
$sendconfirmation=$temp[0]->sendconfirmation;
$uploademail=$temp[0]->uploademail;
$confirmtitle=$temp[0]->confirmtitle;
$confirmmsg=$temp[0]->confirmmsg;
$thankyoumsg=$temp[0]->thankyoumsg;
$uformprotect = $temp[0]->uformprotect;
if($uformprotect == 1){
$user = new user();
$temp = $user->get($_SESSION['PU']);
$reg_email = $temp[0]->email;
$reg_name = $temp[0]->name;
}
else{
$reg_email = "NA";
$reg_name = "Annonymous";
}
$user_subdir=$_POST["user_subdir"];
$btn_upload=$_POST["btn_upload"];
if(!empty($_POST) )
{
if(IsAdmin())
{
$admUsers = array();
$admUsers = $_POST['Admusers'];
}
$email_fields = "";
$email_files = "";
$fields=new fields();
$temp=$fields->get("");
for( $a=0; $a < count($temp) ; $a++ )
{
$type=$temp[$a]->type;
$req=$temp[$a]->req;
$fid=$temp[$a]->fid;
if($type=="file")
{
$fvar=$_FILES["f" . $fid];
if($req==1 )
{
if ( $fvar['error']==4 )
{ $error = $error . "* Please select a file for \'" . $temp[$a]->name ."\' field.\\n";
}
elseif ( $fvar['error'] == 3 || $fvar['error'] == 6 || $fvar['error'] == 7 )
{ $error = $error . "* File upload for \'".$temp[$a]->name."\' Failed\\n" ;
}
}
if ($limitdim == "1" )
{
$img_arr= getimagesize($fvar['tmp_name']) ;
if (is_array($img_arr) == true )
{
if($img_arr[0] < $widthmin || $img_arr[0] > $widthmax||$img_arr[1] < $heightmin || $img_arr[1] > $heightmax)
{
$error = $error . "* Image dimensions for \'".$temp[$a]->name."\' do not fit allowable limits \\n ";
}
}
}
if ( $fvar['error']==1)
{
$error = $error . "* File size for \'".$temp[$a]->name."\' exceeds the maximum size limit in php.ini\\n" ;
}
if ( $fvar['error']==2 || ( $fvar['size'] > $sizemax && $limitsize==1 ) )
{
$error = $error . "* File size for \'".$temp[$a]->name."\' exceeds the maximum size limit\\n" ;
}
if ( $extensions != "" )
{
$needle= strtolower(substr($fvar['name'] , strrpos( $fvar['name'] , "." ) + 1 ));
$spos=strpos( strtolower($extensions), $needle ) ;
//print( strtolower( $fvar['type']) . " image " . "--" . strtolower( $fvar['type']) . " audio " . "--" . strtolower( $fvar['type']) . " video --- $needle <br>" );
if ( $extmode == "only" && $spos ===FALSE && $needle != "" )
{
$error = $error . "* This file type $needle for \'".$temp[$a]->name."\' is not allowed \\n" ;
}
elseif ( $extmode == "except" && $spos > 0 && $needle != "" )
{
$error = $error . "*". substr($fvar['name'] , strrpos( $fvar['name'] , "." ) + 1 ) . " for \'".$temp[$a]->name."\' is restricted file type\\n" ;
}
}
}
else{
$fvar=$_POST["f" . $fid];
if($req==1 && $fvar=="" )
{
$error = $error . "* Field \'".$temp[$a]->name."\' cannot be empty\\n";
}
}
}
//print $error ;
if($error == "" ){
/* get the actual count of uploaded files */
$files_count = 0;
foreach($_FILES as $key=>$var){
if(!empty($var["name"])){
$files_count++ ;
}
}
//save files data $reg_email = "NA";
$uploads=new uploads();
$upload_id=$uploads->insert_master($id,$reg_name,$reg_email,$sysdtonly,$files_count);
if($uformprotect == 1&&IsAdmin()&&!empty($admUsers))
{
$uploads->Share_Files($upload_id,$admUsers);
}
/*
if($uploadname == "-1" )
{ //$uploads->update_master($upload_id,$upload_id);
$uploadname == "" ;
}
*/
$path= $upload_dir ;
if($subdir=="none")
{ $path= $upload_dir ; ;
}
elseif($subdir=="select")
{ $path=$user_subdir ;
}
elseif($subdir=="date")
{ $path="files/" . $sysdtonly ;
mkdir($path);
}
elseif($subdir=="field")
{
if($subdir_field != "-1" )
{ $subdir_field=$_POST["f" . $subdir_field];
$path="files/" . $subdir_field ;
}
else{
$subdir_field=$upload_id ;
$path="files/" . $subdir_field ;
}
if(!file_exists($path))
{ mkdir($path);
}
}
$fields=new fields();
$temp=$fields->get("");
for( $a=0; $a < count($temp) ; $a++ )
{
$type=$temp[$a]->type;
$req=$temp[$a]->req;
$fid=$temp[$a]->fid;
$field_name=$temp[$a]->name;
if($type=="file")
{
$fvar=$_FILES["f" . $fid];
$file_name=$fvar['name'];
//remove special chars from file name
$file_name = str_replace("'","_",$file_name);
$file_name = str_replace(" ","_",$file_name);
$file_name = str_replace("php","_",$file_name);
$file_name = str_replace("pl","_",$file_name);
if($fvar['error'] == 0 )
{ $mufr="";
if($existing== "overwrite" )
{ $mufr=move_uploaded_file($fvar['tmp_name'], $path . "/" . $file_name );
chmod($path . "/" . $file_name ,0666);
}
elseif($existing== "addnumber" )
{ $fnc=0;
$nfname=$file_name;
while( file_exists($path . "/" . $nfname )== true )
{
$fnc++ ;
$dot_pos=strrpos($filename ,".");
$extype=strstr($file_name,".");
$nfname= substr( $file_name , 0 , strlen($file_name)- strlen($extype) ) . $fnc . $extype ;
}
$mufr=move_uploaded_file($fvar['tmp_name'],$path . "/" . $nfname) ;
chmod($path . "/" . $nfname ,0666);
$file_name= $nfname ;
}
$uploads->insert($id,$upload_id,$field_name,$file_name,$type,$sysdtonly,$path,$fvar['size'], $fvar['type'] );
$email_files .= "$field_name: $path/$file_name\r\n";
if($mufr != 1)
{
$error="File Upload Failed";
}
if($notification != "none")
{
if($includelinks==1 )
{ $url= explode("/",$_SERVER['SCRIPT_NAME'] );
$url[count($url)-1]="";
$url=implode("/",$url);
}
if($attachments != "never" )
{
if($attachments == "only" )
{
if ( filesize($path . "/" . $nfname ) <= ($attachmaxsize * 1024 ) )
{
//attach
}
}
else{
//attach
}
}
}
}
}
else
{
$fvar=$_POST["f" . $fid];
if(is_array($fvar)== true )
{ $fvar= implode(" ",$fvar);
}
$uploads->insert($id,$upload_id,$field_name,$fvar,$type,$sysdtonly,"","","");
$email_fields .= "$field_name: $fvar\r\n";
}
}
if($error != "" )
{
$uploads=new uploads();
$uploads->delete_upload( $upload_id );
$upload_id=0;
}
if($upload_id >0 )
{
//Send notification
if($notification==1){
send_notification();
}
//Send confirmation to uploader
if($sendconfirmation==1){
if($reg_email!="NA"){
send_confirmation($reg_email);
}
else if(isset($_POST["f$uploademail"])){
send_confirmation($_POST["f$uploademail"]);
}
}
if($redirecturl != "" )
{
if (!headers_sent())
{
header("location: $redirecturl");
exit;
}
else
{
echo "Error while redirecting, for now please click this <a href=\"$redirecturl\">link</a> instead\n";
exit;
}
}
else
{
print($thankyoumsg);
}
exit;
}
}
else
{
//print($error);
}
}
function send_notification()
{
global $email_fields,$email_files,$adminemail,$uploademail,$site_name;
$email_message = "*********************This is an automated message*************************\r\n";
$email_message .= "**************************************************************************\r\n\r\n";
if(!empty($email_fields))
{
$email_message .= "The following information was submitted\r\n";
$email_message .= $email_fields;
}
if(!empty($email_files))
{
$email_message .= "The following files were uploaded\r\n";
$email_message .= $email_files;
}
$subject = 'New Upload Notification';
$headers = "From: $site_name <$adminemail>\r\n";
$headers .= "Reply-To: $site_name <$adminemail>\r\n";
$headers .= "Return-Path: $site_name <$adminemail>\r\n";
$headers .= "X-Mailer: PHP/phpversion()";
mail($adminemail, $subject, $email_message, $headers);
}
function send_confirmation($uploader_email)
{
global $confirmtitle,$confirmmsg,$adminemail,$site_name;
$headers = "From: $site_name <$adminemail>\r\n";
$headers .= "Reply-To: $site_name <$adminemail>\r\n";
$headers .= "Return-Path: $site_name <$adminemail>\r\n";
$headers .= "X-Mailer: PHP/phpversion()";
//send email notification to user
mail($uploader_email, $confirmtitle, $confirmmsg, $headers);
}
?>
<head>
<script language="javascript">
function go()
{
document.getElementById("prg").style.visibility='visible';
document.myform.submit();
var image=document.getElementById("progress_img");
setTimeout( function () { image.src = image.src; }, 50);
}
</script>
<link href="styles/<?php echo $sty.".css"; ?>" type="text/css" rel="stylesheet"/>
</head>
<body marginwidth="0" marginheight="0" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" <?php if($error !=""){ echo "onLoad=\"alert('$error')\"" ; } ?> >
<?php echo $header ; ?>
<?php
if($uformprotect==1)
{
?>
<p align=center>Welcome <?php echo $reg_name; ?> , <a href="fm.php" > Uploaded Files </a> </P>
<?php
}
?>
<div style="z-index:2;" >
<table border="1" cellpadding="0" cellspacing="0" id="table1" width=500 bordercolor="#000066" align="center">
<tr><td colspan="5" class="form_title" align="center" height="27">
<?php echo $form_name; ?>
</td>
<tr/>
<tr><td>
<TABLE cellSpacing=0 cellPadding=2 border=0 id="table2" align="center">
<form name="myform" action="upload_form.php" method="post" encType="multipart/form-data" id="myform">
<?php if($limitsize==1){
echo "<input type=hidden name=MAX_FILE_SIZE value=$sizemax >\n" ;
}?>
<?php
$fields=new fields();
$temp=$fields->get("");
for( $a=0; $a < count($temp) ; $a++ )
{
$name=$temp[$a]->name;
$fdesc=$temp[$a]->fdesc;
$type=$temp[$a]->type;
$req=$temp[$a]->req;
$seq=$temp[$a]->seq;
$fid=$temp[$a]->fid;
$value=$temp[$a]->value;
$dvalue=$temp[$a]->dvalue;
$min=$temp[$a]->min;
$max=$temp[$a]->max;
if(empty($max))
{
$max =100;
}
?>
<TR>
<?php if($displayinfo != "none" )
{
?>
<TD class="label"><?php if($req==1) echo "*" ; else echo " "; ?> <?php echo $name ; ?> </TD><TD ></TD>
<?php
}
?>
<TD >
<?php
/**** Text And Password types ****/
if($type == "text" || $type == "password" ){
?>
<INPUT type=<?php echo $type ; ?> maxLength=<?php echo $max ; ?> value="<?php if(empty($_POST["f".$fid])) echo $dvalue; else echo $_POST["f".$fid]; ?>" size=<?php echo $fieldsize ; ?> name=f<?php echo $fid ; ?> class="textbox">
<?php
}
/**** Radiobuttons and Checkboxes ****/
elseif($type == "radio" || $type == "checkbox" ){
$value=explode(",", $value);
for( $b=0; $b < count($value) ; $b++ )
{
?>
<INPUT type=<?php echo $type ; ?> class='box' size=<?php echo $fieldsize ; ?> value="<?php echo $value[$b] ; ?>" name=f<?php echo $fid ; ?>[] <?php if(in_array($value[$b],$_POST['f'.$fid])) echo "checked" ?> ><?php echo $value[$b] ; ?><BR>
<?php
}
if($dvalue != "" )
{
?>
<INPUT type=<?php echo $type ; ?> class='box' size=<?php echo $fieldsize ; ?> checked value="<?php echo $dvalue ; ?>" name=f<?php echo $fid ; ?>[] ><?php echo $dvalue ; ?> <BR>
<?php
}
}
/**** Dropdown boxes *****/
elseif($type == "dropbox" ){
$value=explode(",", $value);
echo "<select width= $fieldsize name= f$fid class='listmenu'>" ;
for( $b=0; $b < count($value) ; $b++ )
{
if($value[$b] == $_POST["f".$fid])
echo "<option selected>$value[$b]</option>" ;
else
echo "<option>$value[$b]</option>" ;
}
if($dvalue != "" )
{
echo "<option selected >$dvalue</option>" ;
}
echo "</select>" ;
}
/**** State ****/
elseif( $type == "state" ){
$value="Alabama,Alaska,Arizona,Arkansas,California,Colorado,Connecticut,Delaware,District of Columbia,Florida,Georgia,Idaho,Illinois,Indiana,Iowa,Kansas,Kentucky,Louisiana,Maine,Maryland,Michigan,Mississippi,Missouri,Montana,Nebraska,Nevada,New Hampshire,New Jersey,New Mexico,New York,North Carolina,North Dakota,Ohio,Oklahoma,Oregon,Pennsylvania,Rhode Island,South Carolina,South Dakota,Tennessee,Texas,Utah,Vermont,Virginia,Washington,West Virginia,Wisconsin,Wyoming,Alberta,British Columbia,Manitoba,New Brunswick,Newfoundland and Labrador,Nova Scotia,Northwest Territories,Nunavut,Ontario,Prince Edward Island,Quebec,Saskatchewan,Yukon Territory,American Samoa,Guam,Marshall Islands,Micronesia (Federated States of),Palau,Puerto Rico,U.S. Minor Outlying Islands,U.S. Virgin Islands,Northern Mariana Islands,Other";
$value=explode(",", $value);
echo "<select width= $fieldsize name= f$fid class='listmenu'>" ;
for( $b=0; $b < count($value) ; $b++ )
{
if($value[$b] == $_POST["f".$fid])
echo "<option selected>$value[$b]</option>" ;
else
echo "<option>$value[$b]</option>" ;
}
if($dvalue != "" )
{
echo "<option selected >$dvalue</option>" ;
}
echo "</select>" ;
}
/**** Country ****/
elseif($type == "country" ){
$value="USA,CANADA,AFARS AND ASAS,AFGHANISTAN,ALBANIA,ALGERIA,ANDORA,ANGOLA,ANGUILLA,ANTIGUA,ARGENTINA,ARMENIA,ARUBA,AUSTRALIA,AUSTRIA,AZERBAIJAN,BAHAMAS,BAHRAIN,BANGLADESH,BARBADOS,BELGIUM,BELIZE,BENIN,BERMUDA,BHUTAN,BOLIVIA,BOSNIA,BOTSWANA,BR VIRGIN ISLAND,BRAZIL,BRITISH WEST INDIES,BRUNEI,BULGARIA,BURKINA FASO,BURUNDI,BYELARUS,CAMEROON,CANARY ISLANDS,CAPE VERDE,CAYMAN ISLANDS,CENTRL AFR RBPLC,CHAD,CHANNEL ISLANDS,CHILE,CHINA, PEO REPBL,COLOMBIA,COMOROS,CONGO,COOK ISLANDS,COSTA RICA,COTE D'IVOIRE,CROATIA,CUBA,CURACAO,CYPRUS,CZECH REPUBLIC,DENMARK,DJIBOUTI,DOMINICA,DOMINICAN REPUBLIC,ECUADOR,EGYPT,EL SALVADOR,EQUITORIAL GUINEA,ESTONIA,ETHIOPIA,ERITREA,FALKLAND ISLANDS,FARHOE ISLAND,FIJI,FINLAND,FRANCE,FRENCH GUINEA,FRENCH POLYNESIA,GABON, GAMBIA,GEORGIA,GERMANY,GHANA,GIRBRALTAR,GREECE,GREENLAND,GRENADA,GUADELOUPE,GUATEMALA,GUERNSEY,GUINEA BIASSAU,GUINEA,GUYANA,HAITI,HONDURAS,HONG KONG,HUNGARY,ICELAND,INDIA,INDONESIA,IRAQ,IRELAND,ISRAEL,ITALY,JAMAICA,JAPAN,JORDAN,KAMPUCHEA,KAZAKHSTAN,KENYA,KOREA,KUWAIT,KYRGZSTAN,LAOS,LATVIA,LEBANON,LESOTHO,LIBERIA,LIBYA,LIECHTENSTEIN,LITHUANIA,LUXEMBOURG,MACAU,MACEDONIA,MADAGASCAR,MALAWI,MALAYSIA,MALDIVES,MALI,MALTA,MARTINIQUE,MAURITANIA,MAURITIUS,MEXICO,MOLDOVA,MONACO,MONGOLIA,MONTSERRAT,MOROCCO,MOZAMBIQUE,UNION OF MYANMAR,N IRELAND,NAMIBIA,NAURU ISLANDS,NEPAL,NETHERLANDS,NETHERLANDS ANTILLES,NEW CALEDONIA,NEW GUINEA ISLANDS,NEW ZEALAND,NICARAGUA,NIGER,NIGERIA,NORWAY,OMAN,PAKISTAN,PANAMA,PAPUA NEW GUINEA,PARAGUAY,PERU,PHILIPPINES,POLAND,PORTUGAL,QATAR,REPUBLIC OF KIRIBATI,ROMANIA,RUSSIAN FED,RWANDA,SAN MARINO,SAO TOME,SAUDI ARABIA,SENEGAL,SEYCHELLES,SIERRA LEONE,SINGAPORE,SLOVAKIA,SLOVENIA,SOCIETY ISLANDS,SOLOMON ISLANDS,SOMALIA,SOUTH AFRICA,SPAIN,SRI LANKA,ST KITTS,ST LUCIA,ST VINCENT,SUDAN,SURINAM,SWAZILAND,SWEDEN,SWITZERLAND,SYRIA,TAHITI,TAIWAN,TAJIKISTAN,TANZANIA,THAILAND,TOGO,TONGA,TRINIDAD,TUNISIA,TURKEY,TURKMENISTAN,TUVALU,UGANDA,UKRAINE,UNITED ARAB EMIRATE,UNITED KINGDOM,ENGLAND,IRELAND,SCOTLAND,URUGUAY,UZBEKISTAN,VANUATU,VATICAN CITY,VENEZUELA,VIETNAM,WEST AFRICA,WESTERN SAMOA,YEMEN,YUGOSLAVIA,ZAIRE,ZAMBIA,ZANZIBAR,ZIMBABWE";
$value=explode(",", $value);
echo "<select width= $fieldsize name= f$fid class=\"listmenu\">" ;
for( $b=0; $b < count($value) ; $b++ )
{
if($value[$b] == $_POST["f".$fid])
echo "<option selected>$value[$b]</option>" ;
else
echo "<option>$value[$b]</option>" ;
}
if($dvalue != "" )
{
//echo "<option selected >$dvalue</option>" ;
}
echo "</select>" ;
}
/**** TextArea ****/
elseif($type == "textarea" ){
?>
<textarea cols=30 rows=8 name=f<?php echo $fid ; ?> class="textarea"><?php if(empty($_POST["f".$fid])) echo $dvalue; else echo $_POST["f".$fid]; ; ?></textarea>
<?php
}
/**** File ****/
elseif($type == "file" ){
?>
<INPUT type=<?php echo $type ; ?> size=<?php echo $fieldsize ; ?> name=f<?php echo $fid ; ?> class="file" >
<?php
}
?>
<?php
if($displayinfo == "description" )
{
?>
<span class=desc > <?php echo $fdesc ; ?></TD><TD width=5 ></TD>
<?php
}
?>
</TR>
<?php
}
echo "<TR>" ;
if($subdir=="select")
{
if($displayinfo != "none" )
{
?>
<TD >Upload Subdirectory<BR></TD><TD width=5 ></TD>
<?php
}
if($displayinfo == "description" )
{
?>
<TD class=desc nowrap="nowrap" >Select Directory on Server for your files</TD><TD width=5 ></TD>
<?php
}
?>
<TD vAlign=center>
<?php
echo "<select width= $fieldsize name= user_subdir >" ;
$dir=dir("files");
$dir->read();
$dir->read();
while($sbfolder=$dir->read())
{
if(is_dir($dir->path ."/" . $sbfolder)){
echo "<option value='$dir->path/$sbfolder' >$sbfolder</option>" ;
}
}
echo "</select></TD>" ;
}
?> </TR>
<?php
if($uformprotect == 1&&IsAdmin())
{
$size = UsersCount();
echo "<TR><TD height=35 colspan=5 align='center'>
<br/><br/>
Share these files with the following users <br/>
<SELECT NAME='Admusers[]' MULTIPLE SIZE=".$size .">";
$user = new user();
$arr = $user->Get_All_NormalUsers();
// print_r($arr);
for($i=0;$i<$size ;$i++)
{
echo "<OPTION VALUE = '".$arr[$i]->name."'> ".$arr[$i]->name ."</option>";
}
echo "</TD></TR>";
}
?>
<TR>
<TD height=35 colspan=5 align="center">
<input type="button" name="btn_upload" class="button" value=" Send " <?php if($progress!="0"){ echo "onclick=\"go();\"" ; }else{echo "onclick=\"myform.submit();\"";} ?> > </TD>
</TR>
</form>
</TABLE>
</tr></td>
</table>
</div>
<div id="prg" align="center" style="visibility:hidden" >
<div class="wait_msg">Please wait....</div>
<div><img src="f_files/<?php echo "progressBar$progress.gif";?>" name="progress_img" border="0" id="progress_img"></div>
</div>
<?php echo $footer ; ?>
</body>
</html>