set ( 'current_user', $UPL['USER']['username'] ); $allowed = $UPL['USER']['level'] == LEVEL_ADMIN || $UPL['USER']['level'] == LEVEL_MODERATOR; if ( !$demo && !$allowed ) { $tpl_message->set ( 'message', 'You do not have the permission to access this page.' ); $tpl_admin->setr ( 'content', $tpl_message, 1 ); exit; } // wut doing? switch ( $action ) { // list all announcements case 'announcement': { $tpl_ann = new Template ( TPL_DIR . 'tpl_announcements_admin.php' ); $tpl_ann->set ( 'action', $action ); $tpl_admin->set ( 'page_title', 'Uploader announcements' ); // get all announcements $announcements = array(); $result = $mysqlDB->query ( "SELECT *, COUNT(comment_id) AS comments_count FROM uploader_announcements AS a LEFT " . " JOIN uploader_usercomments AS uc ON uc.object_id=a.announcement_id AND uc.comment_type=" . COMMENT_ANNOUNCEMENT . " GROUP BY announcement_id ORDER BY announcement_id DESC" ); if ( $result->error() ) exit ( $mysqlDB->error ( __LINE__, __FILE__ ) ); while ( false !== ( $ann = $result->fetchRow('assoc') ) ) { $ann['edit_url'] = 'admin.php?action=edit_announcement&aid=' . $ann['announcement_id']; $ann['delete_url'] = 'admin.php?action=delete_announcement&aid=' . $ann['announcement_id']; $ann['view_url'] = 'admin.php?action=view_announcement&aid=' . $ann['announcement_id']; $announcements[] = $ann; } $result->free(); $tpl_ann->set ( 'announcements', $announcements ); $tpl_admin->set ( 'page_title', 'Uploader announcements' ); $tpl_admin->set ( 'content', $tpl_ann, 1 ); } break; // add announcement case 'add_announcement': { $tpl_ann = new Template ( TPL_DIR . 'tpl_announcements_admin.php' ); $tpl_ann->set ( 'action', $action ); $tpl_admin->set ( 'page_title', 'Add announcement' ); if ( $task == 'save' ) { $new_ann = gpc ( 'announcement', 'P', array ( 'subject' => '', 'parsebb' => 1, 'allowcomment' => 1, 'content' => '' ) ); $errors = array(); // parse checkbox $new_ann['parsebb'] = isset ( $new_ann['parsebb'] ) ? $new_ann['parsebb'] : 0; $new_ann['allowcomment'] = isset ( $new_ann['allowcomment'] ) ? $new_ann['allowcomment'] : 0; // check subject $new_ann['subject'] = trim ( $new_ann['subject'] ); if ( $new_ann['subject'] == '' ) $errors[] = 'The announcement subject CANNOT be blank. Please enter a subject.'; elseif ( strlen ( $new_ann['subject'] ) > 255 ) 'The announcement subject is too long. It must be within 255 characters.'; // check content $new_ann['content'] = trim ( $new_ann['content'] ); if ( $new_ann['content'] == '' ) $errors[] = 'The announcement content CANNOT be blank. Please enter some content.'; if ( !count ( $errors ) ) { // save $insert = array ( 'announcement_id' => NULL, 'announcement_date' => time(), 'announcement_subject' => $mysqlDB->escape($new_ann['subject']), 'announcement_parsebb' => (int)$new_ann['parsebb'], 'announcement_allowcomment' => (int)$new_ann['allowcomment'], 'announcement_content' => $mysqlDB->escape($new_ann['content']), 'userid' => $USER['userid'] ); $result = $mysqlDB->query ( "INSERT INTO uploader_announcements SET " . $mysqlDB->buildInsertStatement($insert) ); if ( $result->error() ) exit ( $mysqlDB->error ( __LINE__, __FILE__ ) ); go_to(UPLOADER_URL.'admin.php?action=announcement'); } else { // show form again with errors $tpl_error->set('error', $errors); $tpl_ann->set('errors', $tpl_error); $tpl_ann->set ( 'announcement', $new_ann ); $tpl_admin->set ( 'content', $tpl_ann, 1 ); } } else { $tpl_ann->set ( 'announcement', array ( 'subject' => '', 'parsebb' => 1, 'allowcomment' => 1, 'content' => '' ) ); $tpl_admin->set ( 'content', $tpl_ann, 1 ); } } break; // delete announcement case 'delete_announcement': { $aid = (int)gpc('aid', 'G', 0); // delete announcement $mysqlDB->query("DELETE FROM uploader_announcements WHERE announcement_id=$aid"); // delete comments made on the announcement $mysqlDB->query("DELETE FROM uploader_usercomments WHERE object_id=$aid AND comment_type=".COMMENT_ANNOUNCEMENT); go_to(UPLOADER_URL.'admin.php?action=announcement'); } break; // edit announcement case 'edit_announcement': { $tpl_ann = new Template ( TPL_DIR . 'tpl_announcements_admin.php' ); $tpl_admin->set ( 'page_title', 'Edit announcements' ); $tpl_ann->set ( 'action', $action ); $aid = (int)gpc('aid', 'GP', 0); $result = $mysqlDB->query ( "SELECT * FROM uploader_announcements WHERE announcement_id=$aid" ); if ( !$result->numRows() ) { $tpl_message->set ( 'message', 'Invalid announcement' ); $tpl_message->set ( 'back_url', UPLOADER_URL . 'admin.php?action=announcement' ); $tpl_admin->set ( 'content', $tpl_message, 1 ); exit; } $ann = $result->fetchRow('assoc'); $result->free(); if ( $task == 'save' ) { // save edit announcement $new_ann = gpc ( 'announcement', 'P', array ( 'subject' => '', 'parsebb' => 1, 'allowcomment' => 1, 'content' => '' ) ); $errors = array(); // parse checkbox $new_ann['parsebb'] = isset ( $new_ann['parsebb'] ) ? $new_ann['parsebb'] : 0; $new_ann['allowcomment'] = isset ( $new_ann['allowcomment'] ) ? $new_ann['allowcomment'] : 0; // check subject $new_ann['subject'] = trim ( $new_ann['subject'] ); if ( $new_ann['subject'] == '' ) $errors[] = 'The announcement subject CANNOT be blank. Please enter a subject.'; elseif ( strlen ( $new_ann['subject'] ) > 255 ) 'The announcement subject is too long. It must be within 255 characters.'; // check content $new_ann['content'] = trim ( $new_ann['content'] ); if ( $new_ann['content'] == '' ) $errors[] = 'The announcement content CANNOT be blank. Please enter some content.'; if ( !count ( $errors ) ) { // save $insert = array ( 'announcement_subject' => $mysqlDB->escape($new_ann['subject']), 'announcement_parsebb' => (int)$new_ann['parsebb'], 'announcement_allowcomment' => (int)$new_ann['allowcomment'], 'announcement_content' => $mysqlDB->escape($new_ann['content']), 'userid' => $USER['userid'] ); $result = $mysqlDB->query ( "UPDATE uploader_announcements SET " . $mysqlDB->buildInsertStatement($insert) . "WHERE announcement_id=$aid" ); if ( $result->error() ) exit ( $mysqlDB->error ( __LINE__, __FILE__ ) ); go_to(UPLOADER_URL.'admin.php?action=announcement'); } else { // show form again with errors $tpl_error->set('error', $errors); $tpl_ann->set('errors', $tpl_error); $tpl_ann->set ( 'announcement', $new_ann ); $tpl_admin->set ( 'content', $tpl_ann, 1 ); } } else { // show edit form $announcement = array ( 'aid' => intval($ann['announcement_id']), 'subject' => $ann['announcement_subject'], 'parsebb' => intval($ann['announcement_parsebb']), 'allowcomment' => intval($ann['announcement_allowcomment']), 'content' => $ann['announcement_content'] ); $tpl_ann->set ( 'announcement', $announcement ); $tpl_admin->set ( 'content', $tpl_ann, 1 ); } } break; // view announcement case 'view_announcement': { } break; case 'pupload': { // browse uploaded sets $per_page = $PUB['sets_per_page']; $current_page = (int)gpc ( 'page', 'G', 1 ); // get total number of sets $result = $mysqlDB->query ( "SELECT COUNT(p.upload_id) AS total_sets FROM uploader_puploads AS p WHERE 1" ); if ( $result->error() ) exit ( $mysqlDB->error() ); $r = $result->fetchRow('assoc'); $total_sets = $r['total_sets']; // paginate $total_pages = ceil ( $total_sets / $per_page ); if ( $current_page < 1 ) $current_page = 1; if ( $current_page > $total_pages ) $current_page = $total_pages; $start_offset = $current_page > 1 ? ( $current_page - 1 ) * $per_page : 0; $next_page_url = 'admin.php?action=pupload&page=' . ($current_page + 1); $prev_page_url = 'admin.php?action=pupload&page=' . ($current_page - 1); $sets = array(); $result = $mysqlDB->query ( "SELECT *, COUNT(file_id) AS image_count FROM uploader_puploads JOIN uploader_pfiles USE INDEX(upload_id) USING(upload_id) WHERE 1 GROUP BY uploader_puploads.upload_id ORDER BY file_id DESC LIMIT $start_offset, $per_page" ); if ( $result->error() ) exit ( $mysqlDB->error ( __LINE__, __FILE__ ) ); while ( false !== ( $file = $result->fetchRow('assoc') ) ) { // although $file contains both the set info and file info, we have to split them in case processPublicFile and processPublicSet // generate the same array keys. Just a precaution. $set = $file; processPublicFile ( $file ); processPublicSet ( $set, true ); $sets[] = array ( 'set' => $set, 'file' => $file ); } $result->free(); // display the upload form $tpl_pbrowse = new Template ( TPL_DIR . 'tpl_public_admin.php' ); $tpl_pbrowse->set ( 'total_pages', $total_pages ); $tpl_pbrowse->set ( 'total_sets', $total_sets ); $tpl_pbrowse->set ( 'current_page', $current_page ); $tpl_pbrowse->set ( 'next_page_url', $next_page_url ); $tpl_pbrowse->set ( 'prev_page_url', $prev_page_url ); $tpl_pbrowse->setr ( 'upload_sets', $sets ); $tpl_admin->set ( 'content', $tpl_pbrowse, 1 ); } break; case 'delete_public_set': { $upload_id = (int)gpc ( 'upload_id', 'G', 0 ); $result = $mysqlDB->query ( "SELECT * FROM uploader_puploads WHERE upload_id=$upload_id LIMIT 1" ); if ( $result->numRows() ) { $set = $result->fetchRow('assoc'); $result->free(); // get file locations $result = $mysqlDB->query ( "SELECT file_location FROM uploader_pfiles WHERE upload_id=$upload_id" ); if ( $result->numRows() ) { while ( false !== ( $file = $result->fetchRow('assoc') ) ) delete_public_file ( $file['file_location'] ); $result->free(); } // remove the files and set $mysqlDB->query ( "DELETE FROM uploader_pfiles WHERE upload_id=$upload_id" ); $mysqlDB->query ( "DELETE FROM uploader_puploads WHERE upload_id=$upload_id" ); } go_to ( previous_page ( UPLOADER_URL . 'admin.php?action=pupload' ) ); } break; case 'edit_public_set': { $upload_id = (int)gpc ( 'upload_id', 'G', 0 ); // load upload set $result = $mysqlDB->query ( "SELECT * FROM uploader_puploads WHERE upload_id=$upload_id LIMIT 1" ); if ( $result->numRows() ) { $upload_set = $result->fetchRow('assoc'); processPublicSet ( $upload_set ); $result->free(); // load files in this set $files = array(); $result = $mysqlDB->query ( "SELECT * FROM uploader_pfiles WHERE upload_id=$upload_id ORDER BY file_id ASC" ); if ( $result->numRows() ) { while ( false !== ( $file = $result->fetchRow('assoc') ) ) { processPublicFile ( $file ); $files[] = $file; } $result->free(); } $tpl_manage = new Template ( TPL_DIR . 'tpl_public_admin_manage.php' ); $tpl_manage->setr ( 'files', $files ); $tpl_manage->setr ( 'upload_set', $upload_set ); $tpl_uploader->set ( 'content', $tpl_manage, true ); } else { $tpl_message->set ( 'message', $lang_public['set_not_found'] ); $tpl_uploader->set ( 'content', $tpl_message, true ); } } break; case 'edit_public_set_info': { // get inputs $upload_id = (int)gpc ( 'upload_id', 'P', 0 ); $upload_set_input = gpc ( 'upload', 'P', array ( 'public' => 1, 'name' => '', 'description' => '' ) ); $upload_set_input['public'] = isset ( $upload_set_input['public'] ) ? (int)$upload_set_input['public'] : 0; $upload_set_input['description'] = trim ( $upload_set_input['description'] ); // load upload set $result = $mysqlDB->query ( "SELECT * FROM uploader_puploads WHERE upload_id=$upload_id LIMIT 1" ); if ( $result->numRows() ) { $upload_set = $result->fetchRow('assoc'); processPublicSet ( $upload_set ); $result->free(); // update set info $insert = array ( 'upload_name' => isset ( $upload_set_input['name'] ) ? $mysqlDB->escape ( substr ( $upload_set_input['name'], 0, 64 ) ) : '', 'upload_description'=> isset ( $upload_set_input['description'] ) ? $mysqlDB->escape ( substr ( $upload_set_input['description'], 0, 255 ) ) : '', 'upload_ispublic' => (int)$upload_set_input['public'], ); if ( !$mysqlDB->query ( 'UPDATE uploader_puploads SET ' . $mysqlDB->buildInsertStatement ( $insert ) . " WHERE upload_id=$upload_id" ) ) exit ( $mysqlDB->error ( __LINE__, __FILE__ ) ); // go back go_to ( ); } else exit ( 'invalid upload set' ); } break; case 'delete_public_files': { // get inputs $upload_id = (int)gpc ( 'upload_id', 'P', 0 ); $file_ids = gpc ( 'file_ids', 'P', array() ); // load upload set $result = $mysqlDB->query ( "SELECT * FROM uploader_puploads WHERE upload_id=$upload_id LIMIT 1" ); if ( $result->numRows() ) { $upload_set = $result->fetchRow('assoc'); processPublicSet ( $upload_set ); $result->free(); // remove files for ( $i = 0; $i < count ( $file_ids ); ++$i ) { $file_ids[$i] = intval ( $file_ids[$i] ); } $list = implode ( ',', $file_ids ); // get file locations $result = $mysqlDB->query ( "SELECT file_location FROM uploader_pfiles WHERE file_id IN ($list)" ); if ( $result->numRows() ) { while ( false !== ( $file = $result->fetchRow('assoc') ) ) delete_public_file ( $file['file_location'] ); $result->free(); } // remove from table $mysqlDB->query ( "DELETE FROM uploader_pfiles WHERE file_id IN($list)" ); // any files left in this set? $result = $mysqlDB->query ( "SELECT COUNT(file_id) AS files_count FROM uploader_pfiles WHERE upload_id=$upload_id" ); $row = $result->fetchRow('assoc'); if ( !$row['files_count'] ) { // remove it $mysqlDB->query ( "DELETE FROM uploader_puploads WHERE upload_id=$upload_id" ); $tpl_message->set ( 'back_url', UPLOADER_URL . 'admin.php?action=pupload' ); $tpl_message->set ( 'message', 'All files in the set have been deleted. The set has also been deleted.' ); $tpl_uploader->set ( 'content', $tpl_message, 1 ); exit; } // go back go_to ( ); } else exit ( 'invalid set' ); } break; // uploader log case 'logs': { $tpl_logs = new Template ( TPL_DIR . 'tpl_logs.php' ); $log_files = array ( ); $log_total_size = 0; if ( false !== ( $h = opendir ( LOGS_DIR ) ) ) { while ( false !== ( $f = readdir ( $h ) ) ) { if ( get_extension ( $f ) == 'log' ) { $log_size = filesize ( LOGS_DIR . $f ); $log_total_size += $log_size; $log_files [] = array ( 'name' => $f, 'size' => get_size ( $log_size, 'B', 0 ), 'download_url' => UPLOADER_URL . 'admin.php?action=logs&task=download&log_file=' . $f, 'view_url' => UPLOADER_URL . 'admin.php?action=logs&task=view&log_file=' . $f, 'delete_url' => UPLOADER_URL . 'admin.php?action=logs&task=del&log_file=' . $f, ); } } reset ( $log_files ); } else exit ( sprintf ( 'Unable to open the logs directory "%s"', LOGS_DIR ) ); closedir ( $h ); $log_files = multi_sort ( $log_files, 'name' ); switch ( $task ) { case 'del': { if ( $demo ) exit ( 'Demo only!' ); $log_file = gpc ( 'log_file', 'G', '' ); if ( is_file ( LOGS_DIR . $log_file ) && unlink ( LOGS_DIR . $log_file ) ) { header ( 'Location: admin.php?action=logs' ); } exit ( 'Could not delete ' . $log_file ); } break; case 'delall': { if ( $demo ) exit ( 'Demo only!' ); for ( $i = 0; $i < count ( $log_files ); $i++ ) { if ( is_file ( LOGS_DIR . $log_files[$i]['name'] ) ) { if ( !unlink ( LOGS_DIR . $log_files[$i]['name'] ) ) { exit ( 'Could not delete log file.' ); } } } header ( 'Location: admin.php?action=logs' ); } case 'clear': { if ( $demo ) exit ( 'Demo only!' ); $log_file = gpc ( 'log_file', 'G', '' ); if ( is_file ( LOGS_DIR . $log_file ) ) { fclose ( fopen ( LOGS_DIR . $log_file, 'w' ) ); header ( 'Location: admin.php?action=logs' ); } exit ( 'Could not delete ' . $log_file ); } break; case 'view': case 'download': { $log_file = gpc ( 'log_file', 'G', '' ); $fp = @fopen ( LOGS_DIR . $log_file, 'rt' ); if(!$fp)exit('Invalid log file'); header("Content-type: text/plain"); if($task=='download')header('Content-disposition: attachment;filename="'.$log_file.'"'); do print fread($fp, 100 * 1024); while(!feof($fp)); fclose($fp); } break; case 'archive': { $archive_file = 'Archive_' . date ( 'Y_M_d' ) . '.log'; $fp = fopen ( LOGS_DIR . $archive_file, 'at' ); if ( !$fp ) exit ( 'Error creating log file, check that log directory is chmodded' ); for ( $i = 0; $i < count ( $log_files ); $i++ ) { $log_file = $log_files[$i]['name']; if ( preg_match ( '#archive#i', $log_file ) ) continue; $fh = fopen ( LOGS_DIR . $log_file, 'rt' ); if ( $fh ) { while ( !feof ( $fh ) ) { fwrite ( $fp, fread ( $fh, 1024000 ) ); } fclose ( $fh ); } unlink ( LOGS_DIR . $log_file ); } fclose ( $fp ); go_to ( UPLOADER_URL . 'admin.php?action=logs' ); } break; default: { // display $tpl_logs->set ( 'log_total_size', get_size ( $log_total_size, 'B' ) ); $tpl_logs->setr ( 'log_files', $log_files ); $tpl_logs->set ( 'archive_url', 'admin.php?action=logs&task=archive' ); $tpl_logs->set ( 'delete_all_url', 'admin.php?action=logs&task=delall' ); $tpl_logs->setr ( 'log_data', $log_data ); $tpl_admin->setr ( 'content', $tpl_logs ); $tpl_admin->set ( 'page_title', 'Uploader logs' ); $tpl_admin->display ( ); } } } break; // show user info case 'user_info': { $tpl_userinfo = new Template ( TPL_DIR . 'tpl_user_admin.php' ); $tpl_userinfo->set ( 'action', $action ); $userid = (int)gpc ( 'userid', 'GP', 0 ); $userinfo = get_user_info ( $userid ); if ( count ( $userinfo ) ) { processUser ( $userinfo, true ); $userinfo['comments'] = trim ( $userinfo['xtr_admin_comments'] ) == '' ? 'No comments' : nl2br ( $userinfo['xtr_admin_comments'] ); // regdate $userinfo['reg_date'] = date ( $UPL['CONFIGS']['TIME_FORMAT2'], $userinfo['reg_date'] ); // login record $userinfo['last_login_time'] = date ( $UPL['CONFIGS']['TIME_FORMAT2'], $userinfo['last_login_time'] ); $userinfo['last_login_ip'] = $userinfo['last_login_ip']; // stats $userinfo['max_storage'] = $userinfo['fl_max_storage'] == 0 ? 'Unlimited' : get_size ( $userinfo['fl_max_storage'], 'MB', 1 ); $userinfo['max_filesize'] = $userinfo['fl_max_filesize'] == 0 ? 'Unlimited' : get_size ( $userinfo['fl_max_filesize'], 'KB', 1 ); $userinfo['filetypes'] = str_replace ( ',', ', ', $userinfo['fl_allowed_types'] ); $userinfo['bw_used'] = get_size ( $userinfo['bw_used'], 'KB' ); $userinfo['max_bandwidth'] = get_size ( $userinfo['bw_max'], 'MB' ); $userinfo['bw_last_reset_days'] = floor ( ( time ( ) - $userinfo['bw_reset_last'] ) / 86400 ); $userinfo['bw_last_reset'] = date ( $UPL['CONFIGS']['TIME_FORMAT2'], $userinfo['bw_reset_last'] ); $userinfo['allow_rename'] = $userinfo['fl_rename_permission']; $userinfo['allow_create_folder'] = $userinfo['fl_allow_folders']; $userinfo['images_only'] = $userinfo['fl_images_only']; $tpl_userinfo->setr ( 'userinfo', $userinfo ); $tpl_admin->setr ( 'content', $tpl_userinfo ); $tpl_admin->set ( 'page_title', 'Account info', 1 ); } else { $tpl_message->set ( 'message', 'Unable to load user data, perhaps user does not exists.' ); $tpl_message->set ( 'back_url', 'admin.php?action=users' ); $tpl_admin->setr ( 'content', $tpl_message, 1 ); } } break; // show user files case 'user_files': { // load templates $tpl_userfiles = new Template ( TPL_DIR . 'tpl_user_admin.php' ); $tpl_userfiles->set ( 'action', $action ); $files_per_page = 25; // get inputs $folder_id = (int)gpc('folder_id', 'G', 0); $userid = abs ( intval ( gpc ( 'userid', 'G', 0 ) ) ); $sort = trim ( gpc ( 'sort', 'G', 'date_desc' ) ); $current_page = abs ( (int)gpc ( 'page', 'G', 1 ) ); // load user $userinfo = get_user_info ( $userid ); if(!count($userinfo))exit('Invalid user'); processUser ( $userinfo, true ); $tpl_userfiles->set ( 'userinfo', $userinfo ); // get user folders $userfolders = get_user_folders ( $userid, 0, 1 ); $current_folder = array(); $count = count ( $userfolders ); for ( $i = 0; $i < $count; ++$i ) { processFolder ( $userfolders[$i], 0, 1 ); if ( ($userfolders[$i]['folder_id'] == $folder_id) || (!$folder_id && $i === 0) ) $current_folder = $userfolders[$i]; } if ( !count ( $current_folder ) ) exit ( 'Invalid folder' ); else $folder_id = $current_folder['folder_id']; // Get user files in the current folder $total_pages = ceil ( $current_folder['files_count'] / $files_per_page ); if ( $current_page < 1 ) $current_page = 1; if ( $current_page > $total_pages ) $current_page = $total_pages; $start_offset = ( $current_page - 1 ) * $files_per_page; // sortings if ( !strstr ( $sort, '_' ) ) $sort = 'date_desc'; list ( $sort_by, $sort_order ) = explode ( '_', $sort ); switch ( $sort_by ) { case 'type': $sort_column = 'file_extension'; break; case 'name': $sort_column = 'file_name'; break; case 'size': $sort_column = 'file_size'; break; case 'date': default: $sort_column = 'file_id'; $sort_by = 'date'; break; } if ( $sort_order != 'asc' && $sort_order != 'desc' ) $sort_order = 'asc'; $userfiles = get_user_files_in_folder ( $userid, $folder_id, $start_offset, $files_per_page, $sort_column, $sort_order ); $count = count ( $userfiles ); for ( $i = 0; $i < $count; ++$i ) { processFile ( $userfiles[$i], 1 ); } // sorting URL $base_url = UPLOADER_URL . 'admin.php?action=user_files&userid=' . $userid . '&folder_id=' . $folder_id; $sort_url = array ( 'type' => $base_url . '&sort=type_' . ( $sort_by == 'type' && $sort_order == 'asc' ? 'desc' : 'asc' ), 'name' => $base_url . '&sort=name_' . ( $sort_by == 'name' && $sort_order == 'asc' ? 'desc' : 'asc' ), 'size' => $base_url . '&sort=size_' . ( $sort_by == 'size' && $sort_order == 'asc' ? 'desc' : 'asc' ), 'date' => $base_url . '&sort=date_' . ( $sort_by == 'date' && $sort_order == 'asc' ? 'desc' : 'asc' ), ); $next_page_url = UPLOADER_URL . 'admin.php?action=user_files&userid=' . $userid . '&folder_id=' . $folder_id . '&page=' . ( $current_page + 1 ) . ( '&sort=' . $sort_by . '_' . $sort_order ); $prev_page_url = UPLOADER_URL . 'admin.php?action=user_files&userid=' . $userid . '&folder_id=' . $folder_id . '&page=' . ( $current_page - 1 <= 0 ? 1 : $current_page - 1 ) . ( '&sort=' . $sort_by . '_' . $sort_order ); // Display $tpl_vars = array ( 'per_page' => $files_per_page, 'file_start' => $start_offset + 1, 'file_end' => $start_offset + count ( $userfiles ), 'current_page' => $current_page, 'total_pages' => $total_pages, 'sort_url' => $sort_url, 'sort_by' => $sort_by, 'next_page_url' => $next_page_url, 'prev_page_url' => $prev_page_url, ); $tpl_userfiles->set ( $tpl_vars ); $tpl_userfiles->setr ( 'current_folder', $current_folder ); $tpl_userfiles->setr ( 'userfiles', $userfiles ); $tpl_userfiles->setr ( 'userfolders', $userfolders ); $tpl_admin->setr ( 'content', $tpl_userfiles, 1 ); } break; case 'upload_files': { require_once 'includes/messages_upload.inc.php'; require_once 'includes/image.class.php'; require_once 'includes/functions_upload.inc.php'; require_once 'includes/functions_userfiles.inc.php'; require_once 'includes/upload.class.php'; $tpl_user = new Template ( TPL_DIR . 'tpl_user_admin.php' ); $tpl_user->set ( 'action', $action ); $tpl_user->set ( 'saved', isset ( $_GET['saved'] ) ); $userid = abs ( (int)gpc ( 'userid', 'GP', 0 ) ); $notify_user = !!gpc('notify_user', 'GP', false); $notify_msg = trim(gpc('notify_msg', 'P', '')); $userinfo = get_user_info($userid); if($userinfo) { $user_folders = get_user_folders($userid, 0, true); $tpl_user->set('user_folders', $user_folders); processUser($userinfo, true); $tpl_user->setr ( 'userinfo', $userinfo ); if($_POST || $_FILES) { $errors = array ( ); $uploaded = array ( ); // determine file location $userfiles_dir = str_replace ( '\\', '/', realpath ( $UPL['SETTINGS']['userfiles_dir'] ) ) . '/'; $dir_limit = 32000; // max sub directories in a directory $paths = array(); $paths[] = $userid % $dir_limit; $paths[] = ((int)($userid/$dir_limit) % $dir_limit); $paths[] = $userid; $path = implode ( '/', $paths ); if ( !is_dir ( $userfiles_dir . $path ) ) make_dir_recursive ( $userfiles_dir, $path ); // upload options $folder_id = (int)gpc ( 'folder_id', 'P', 0 ); $extract_zip_files = gpc ( 'extract_zip_files', 'P', 0 ); // check if folder is valid and get its info $target_folder = get_user_folders ( $userid, $folder_id ); if ( !count ( $target_folder ) ) { $tpl_message->set ( 'message', $lang_upload['upl_invalid_folder'] ); $tpl_admin->set ( 'content', $tpl_message, 1 ); exit; } // Process zip files foreach($_FILES as $name => $file) { if(!$file['size'] || !$file['name'] || !@is_file($file['tmp_name']) || $file['error'] != 0) { unset($_FILES[$name]); continue; } if(!isset($file['extracted_from_zip']) && ($file['name'] == 'batch.zip' || $file['name'] == 'upload.zip' || $extract_zip_files) && is_zip ( $file['tmp_name'])) { process_zip_file($file['tmp_name']); unset($_FILES[$name]); @unlink($file['tmp_name']); } } // Process all files foreach($_FILES as $i => $file) { if ( get_magic_quotes_gpc ( ) ) $file['name'] = stripslashes ( $file['name'] ); $file['name'] = str_replace ( '/', '_', $file['name'] ); if ( preg_match ( '#\.php\..+#i', $file['name'] ) ) $file['name'] = str_replace ( '.php', '_php', $file['name'] ); $is_image = is_image ( $file['tmp_name'] ); // determine unique file name do { clearstatcache(); $name = uniqid ( '', true ); $file_location = $userfiles_dir . $path . '/' . $name; } while ( is_file ( $file_location ) ); // move file to that location if ( !@rename ( $file['tmp_name'], $file_location ) && !@copy ( $file['tmp_name'], $file_location ) ) { exit ( 'Fatal error: Could not move or copy uploaded files to the user files directory. Check directory permission!' ); } // insert $file_extension = get_extension ( $file['name'] ); $insert = array ( 'file_id' => null, 'file_name' => $mysqlDB->escape ( $file['name'] ), 'file_location' => $file_location, 'file_size' => filesize ( $file_location ), 'file_isimage' => $is_image ? 1 : 0, 'file_date' => time(), 'file_extension' => substr ( $file_extension, 0, 10 ), 'file_key' => strtolower(get_rand(5)), 'userid' => $userid, 'folder_id' => $target_folder['folder_id'], ); if ( $mysqlDB->query ( "INSERT INTO uploader_userfiles SET " . $mysqlDB->buildInsertStatement ( $insert ) ) ) { $file_id = $mysqlDB->insertId(); // Successfully uploaded, do anything else? // if it's an image if ( $is_image ) { $image = new image ( $file_location ); if ( $image ) { // watermark? if ( $UPL['SETTINGS']['wm'] == 'always' || ( $UPL['SETTINGS']['wm'] == 'user' && $UPL['USER']['fl_watermark'] ) ) { list ( $hor, $ver ) = explode ( ',', $UPL['SETTINGS']['wm_pos'] ); $copy = new image ( $image ); $copy->watermark ( $UPL['SETTINGS']['wm_path'], $hor, $ver ); $copy->export ( $file_location ); $copy->destroy(); unset($copy); } // large version list ( $w, $h ) = explode ( 'x', $UPL['CONFIGS']['LARGE_THUMB'] ); if ( $image_info[0] > $w || $image_info[1] > $h ) { $image->resizeTo ( $w, $h, true, false ); $image->export ( $file_location . '_large' ); } // small version list ( $w, $h ) = explode ( 'x', $UPL['CONFIGS']['SMALL_THUMB'] ); if ( $image_info[0] > $w || $image_info[1] > $h ) { $image->resizeTo ( $w, $h, true, false ); if($UPL['CONFIGS']['INFO_SMALL_THUMB']) { $copy = new image ( $image ); $copy->addInfo(); $copy->export ( $file_location . '_small' ); $copy->destroy(); unset($copy); } else $image->export ( $file_location . '_small' ); } // square version list ( $w, $h ) = explode ( 'x', $UPL['CONFIGS']['SQUARE_THUMB'] ); $dim = $image->getDimension(); if ( $dim[0] < $w || $dim[1] < $h ) { $image->destroy(); $image = new image ( is_file ( $file_location . '_large' ) ? $file_location . '_large' : $file_location ); } if ( $image_info[0] > $w || $image_info[1] > $h ) { $image->resizeTo ( $w, $h, true, true ); $image->export ( $file_location . '_square' ); } $image->destroy(); } } // add to list $insert['file_id'] = $file_id; $insert['username'] = $UPL['USER']['username']; processFile ( $insert ); $uploaded[] = $insert; } else { @unlink ( $file['tmp_name'] ); delete_file($file_location); exit ( 'Fatal error: Could not insert into database. upload.php line ' . __LINE__ ); } } $m = ''; if($uploaded) { $m .= 'The following files were uploaded:
'; foreach($uploaded as $f) { $m .= $f['file_name'] . '
'; } if($notify_user) { $m .= '
Additionally an email was sent to ' . $userinfo['email']; $tpl_email_header = new Template ( TPL_DIR . 'tpl_email_header.php' ); $tpl_email_footer = new Template ( TPL_DIR . 'tpl_email_footer.php' ); $tpl_email_upload = new TEmplate ( TPL_DIR . 'tpl_email_admin_upload.php' ); $tpl_email_header->set ( 'username', $userinfo['username'] ); $tpl_email_upload->set('files', $uploaded); $mail_msg = $tpl_email_header->display ( true ); $mail_msg .= $tpl_email_upload->display ( true ); $mail_msg .= $tpl_email_footer->display ( true ); send_email($userinfo['email'], 'New files notification', $mail_msg); } } else { $m = 'Nothing uploaded'; } $tpl_message->set('message', $m); $tpl_message->set('back_url', "admin.php?action=user_files&userid=$userid"); $tpl_admin->set('content', $tpl_message); $tpl_admin->display(); } else { $tpl_admin->setr ( 'content', $tpl_user ); $tpl_admin->set ( 'page_title', 'Edit account' ); $tpl_admin->display(); } } else { $tpl_message->set ( 'message', 'Unable to load user data, perhaps user does not exists.' ); $tpl_message->set ( 'back_url', 'admin.php?action=users' ); $tpl_admin->setr ( 'content', $tpl_message ); $tpl_admin->display ( ); } } break; // edit user info case 'edit_user': { $tpl_user = new Template ( TPL_DIR . 'tpl_user_admin.php' ); $tpl_user->set ( 'action', $action ); $tpl_user->set ( 'saved', isset ( $_GET['saved'] ) ); $userid = abs ( (int)gpc ( 'userid', 'GP', 0 ) ); $userinfo = get_user_info ( $userid ); if ( count ( $userinfo ) ) { if ( $task == 'save' ) { if ( $demo ) exit ( 'Demo only!' ); $userinfo = isset ( $_POST['userinfo'] ) ? $_POST['userinfo'] : array ( ); #print_r ( $userinfo ); $new_settings = array ( 'email' => $mysqlDB->escape ( trim ( $userinfo['email'] ) ), 'level' => (int)$userinfo['level'], 'is_activated' => (int)@$userinfo['is_activated'], 'is_suspended' => (int)@$userinfo['is_suspended'], 'xtr_admin_comments' => $mysqlDB->escape ( substr ( $userinfo['comments'], 0, 255 ) ), 'fl_max_storage' => (float)$userinfo['fl_max_storage'], 'fl_max_filesize' => (float)$userinfo['fl_max_filesize'], 'fl_max_folders' => (int)$userinfo['fl_max_folders'], 'fl_images_only' => (int)@$userinfo['fl_images_only'], 'fl_rename_permission' => (int)@$userinfo['fl_rename_permission'], 'fl_watermark' => (int)@$userinfo['fl_watermark'], 'fl_allow_folders' => (int)@$userinfo['fl_allow_folders'], 'fl_allowed_types' => $mysqlDB->escape ( strtolower ( trim ( $userinfo['fl_allowed_types'] ) ) ), 'bw_max' => (float)$userinfo['bw_max'], 'bw_reset_period' => (float)$userinfo['bw_reset_period'], 'bw_reset_auto' => (int)$userinfo['bw_reset_auto'], 'bw_xfer_rate' => (int)$userinfo['bw_xfer_rate'], ); if ( isset ( $userinfo['new_password'] ) && $userinfo['new_password'] != '' ) { $new_settings['password'] = md5 ( $userinfo['new_password'] ); } // save user setting $r = $mysqlDB->query ( "UPDATE uploader_users SET " . $mysqlDB->buildInsertStatement ( $new_settings ) . " WHERE userid={$userid}; " ); if ( !$r ) exit ( $mysqlDB->error ( ) ); header ( 'Location: admin.php?action=edit_user&userid=' . $userid . '&saved=1' ); } else { $userinfo['comments'] = trim ( $userinfo['xtr_admin_comments'] ); processUser($userinfo, true); $tpl_user->setr ( 'userinfo', $userinfo ); $tpl_admin->setr ( 'content', $tpl_user ); $tpl_admin->set ( 'page_title', 'Edit account' ); $tpl_admin->display ( ); } } else { $tpl_message->set ( 'message', 'Unable to load user data, perhaps user does not exists.' ); $tpl_message->set ( 'back_url', 'admin.php?action=users' ); $tpl_admin->setr ( 'content', $tpl_message ); $tpl_admin->display ( ); } } break; // user management case 'users': { $tpl_users = new Template ( TPL_DIR . 'tpl_users.php' ); $per_page = 25; $current_page = (int)gpc ( 'current_page', 'P', 1 ); $sort_by = trim ( gpc ( 'sort_by', 'P', 'userid' ) ); $sort_order = trim ( gpc ( 'sort_order', 'P', 'asc' ) ); $where = array(); $having = array(); // get total users $result = $mysqlDB->query ( "SELECT COUNT(userid) FROM uploader_users" ); $row = $result->fetchRow('numeric'); $tpl_users->set ( 'total_users', $row[0] ); // build query if ( $sort_order != 'desc' && $sort_order != 'asc' ) $sort_order = 'asc'; switch ( $sort_by ) { default: case 'userid': $order_str = 'ORDER BY u.userid'; break; case 'username': $order_str = 'ORDER BY u.username'; break; case 'status': $order_str = 'ORDER BY status'; break; case 'email': $order_str = 'ORDER BY u.email'; break; case 'files': $order_str = 'ORDER BY files_count'; break; case 'space': $order_str = 'ORDER BY total_file_size'; break; case 'bandwidth': $order_str = 'ORDER BY u.bw_used'; break; } $order_str .= " $sort_order"; $filters = gpc ( 'filters', 'P', array() ); while ( list ( $fvar, $fval ) = each ( $filters ) ) { $fvar = strtolower ( trim ( $fvar ) ); $fval = $mysqlDB->escape ( trim ( $fval ) ); if ( $fval == '' || $fval == 'null' ) continue; switch ( $fvar ) { case 'level': $where[] = 'u.level=' . (int)$fval; break; case 'username': $where[] = "u.username LIKE '%$fval%'"; break; case 'email': $where[] = "u.email LIKE '%$fval%'"; break; case 'admin_comments': $where[] = "u.xtr_admin_comments LIKE '%$fval%'"; break; case 'is_approved': $where[] = 'u.is_approved=' . (int)$fval; break; case 'is_activated': $where[] = 'u.is_activated=' . (int)$fval; break; case 'is_suspended': $where[] = 'u.is_suspended=' . (int)$fval; break; case 'last_login': { $operator = isset ( $filters['last_login_operator'] ) ? $filters['last_login_operator'] : ''; if ( $operator != '<=' && $operator != '>=' ) continue; $time = time() - ((int)$fval) * 86400; $where[] = "u.last_login_time $operator $time"; } break; case 'bw_used': { $operator = isset ( $filters['bw_used_operator'] ) ? $filters['bw_used_operator'] : ''; $unit = isset ( $filters['bw_used_unit'] ) ? $filters['bw_used_unit'] : '%'; if ( $operator != '<=' && $operator != '>=' ) continue; if ( $unit == 'MB' ) $where[] = "bw_max>0&&bw_used $operator " . $fval * 1024; elseif ( $unit == 'GB' ) $where[] = "bw_max>0&&bw_used $operator " . $fval * 1024 * 1024; else $where[] = "bw_max>0&&((bw_used/1024)/bw_max) $operator " . ($fval/100); } break; case 'reg_time': { $operator = isset ( $filters['reg_time_operator'] ) ? $filters['reg_time_operator'] : ''; if ( $operator != '<=' && $operator != '>=' ) continue; $where[] = "u.reg_date $operator " . (time()-((int)$fval*86400)); break; } break; case 'space_used': { $operator = isset ( $filters['space_used_operator'] ) ? $filters['space_used_operator'] : ''; $unit = isset ( $filters['space_used_unit'] ) ? $filters['space_used_unit'] : '%'; if ( $operator != '<=' && $operator != '>=' ) continue; if ( $unit == 'KB' ) $having[] = "total_file_size $operator " . $fval * 1024; elseif ( $unit == 'MB' ) $having[] = "total_file_size $operator " . $fval * 1024 * 1024; else $having[] = "((total_file_size/1048576)/fl_max_storage) $operator " . ($fval/100); } break; } } $where_str = count ( $where ) ? 'WHERE (' . implode ( ' AND ', $where ) . ' )' : ''; $having_str = count ( $having ) ? 'HAVING ( ' . implode ( ' AND ', $having ) . ' ) ' : ''; // actions? $action_type = trim ( gpc ( 'action_type', 'P', '' ) ); $action_target = trim ( gpc ( 'action_target', 'P', '' ) ); if ( $action_type != '' ) { // user action specified, do it // first, get all userid of target users $userids = array(); if ( $action_target == 'selected' ) { $userids = gpc ( 'userids', 'P', array() ); array_map ( 'intval', $userids ); } elseif ( $action_target == 'filter' ) { $result = $mysqlDB->query ( "SELECT u.userid, IF(SUM(f.file_size),SUM(f.file_size),0) AS total_file_size FROM uploader_users AS u LEFT JOIN uploader_userfiles AS f USING(userid) $where_str GROUP BY u.userid $having_str" ); if ( $result->numRows() ) { while ( false !== ( $user = $result->fetchRow('assoc') ) ) $userids[] = $user['userid']; $result->free(); } } elseif ( $action_target == 'all' ) { $result = $mysqlDB->query ( "SELECT userid FROM uploader_users ORDER BY userid ASC" ); if ( $result->numRows() ) { while ( false !== ( $row = $result->fetchRow('numeric') ) ) $userids[] = $row[0]; $result->free(); } } elseif ( preg_match ( '#^level_([0-9]+)$#i', $action_target, $match ) ) { $level = (int)$match[1]; $result = $mysqlDB->query ( "SELECT userid FROM uploader_users WHERE level=$level ORDER BY userid ASC" ); if ( $result->numRows() ) { while ( false !== ( $row = $result->fetchRow('numeric') ) ) $userids[] = $row[0]; $result->free(); } } // got any users? if ( count ( $userids ) ) { $list = implode ( ',', $userids ); // apply actions on users switch ( $action_type ) { case 'activate': $mysqlDB->query ( "UPDATE uploader_users SET is_activated=1 WHERE userid IN ($list)" ); break; case 'approve': $mysqlDB->query ( "UPDATE uploader_users SET is_approved=1 WHERE userid IN ($list)" ); break; case 'suspend': $mysqlDB->query ( "UPDATE uploader_users SET is_suspended=1 WHERE userid IN ($list)" ); break; case 'unsuspend': $mysqlDB->query ( "UPDATE uploader_users SET is_suspended=0 WHERE userid IN ($list)" ); break; case 'reset_bw': $mysqlDB->query ( "UPDATE uploader_users SET bw_used=0, bw_reset_last=" . time() . " WHERE userid IN ($list)" ); break; case 'email': { $result = $mysqlDB->query ( "SELECT email FROM uploader_users WHERE userid IN ($list)" ); if ( $result->error() ) exit ( $mysqlDB->error ( __LINE__ ) ); $emails = array(); $rows = $result->fetchAllRows('numeric'); $result->free(); $count = count ( $rows ); for ( $i = 0; $i < $count; ++$i ) $emails[] = $rows[$i][0]; header ( 'Location: admin.php?action=emailer&to=' . $UPL['SETTINGS']['email'] . '&bcc=' . rawurlencode ( implode ( ', ', $emails ) ) ); exit; } break; case 'delete': { // Delete user(s) $mysqlDB->query ( "DELETE FROM uploader_users WHERE userid IN ($list)" ); // delete each user's files and folders while ( list ( , $userid ) = each ( $userids ) ) { $file_ids = array(); // remove folders $mysqlDB->query ( "DELETE FROM uploader_userfolders WHERE userid=$userid;" ); // get locations of user files $result = $mysqlDB->query ( "SELECT file_location, file_id FROM uploader_userfiles WHERE userid=$userid;" ); if ( !$result->error() && $result->numRows() ) { while ( false !== ( $file = $result->fetchRow('assoc') ) ) delete_file ( $file['file_location'] ); $mysqlDB->free(); } // remove the files from database $mysqlDB->query ( "DELETE FROM uploader_userfiles WHERE userid=$userid;" ); // remove all comments made by user $mysqlDB->query ( "DELETE FROM uploader_usercomments WHERE userid=$userid" ); // remove user's contacts or entries with this user as contact $mysqlDB->query ( "DELETE FROM uploader_usercontacts WHERE userid=$userid OR contact_userid=$userid" ); } } break; case 'set_field': { $insert = array(); $fields = gpc ( 'fields', 'P', array() ); // build insert list while ( list ( $field_name, $field_value ) = each ( $fields ) ) { $field_value = trim ( $field_value ); if ( $field_value == '' ) continue; switch ( $field_name ) { case 'images_only': $insert['fl_images_only'] = (int)$field_value; break; case 'allowed_types': $insert['fl_allowed_types'] = (strtolower($field_value)=='all'?'':$mysqlDB->escape(trim($field_value, ','))); break; case 'max_storage': $insert['fl_max_storage'] = (float)$field_value; break; case 'watermark': $insert['fl_watermark'] = (int)$field_value; break; case 'max_filesize': $insert['fl_max_filesize'] = (float)$field_value; break; case 'create_folder': $insert['fl_allow_folders'] = (int)$field_value; break; case 'max_folders': $insert['fl_max_folders'] = (int)$field_value; break; case 'bw_reset_mode': $insert['bw_reset_auto'] = (int)$field_value; break; case 'bw_reset_period': $insert['bw_reset_period'] = (int)$field_value; break; case 'max_bandwidth': $insert['bw_max'] = (float)$field_value; break; case 'transfer_rate': $insert['bw_xfer_rate'] = (int)$field_value; break; } } if ( count ( $insert ) ) { $mysqlDB->query ( "UPDATE uploader_users SET " . $mysqlDB->buildInsertStatement ( $insert ) . " WHERE userid IN ($list)" ); } } break; } } $tpl_message->set ( 'message', "Action $action_type performed successfully on " . count($userids) . " users." ); $tpl_message->set ( 'back_url', UPLOADER_URL . 'admin.php?action=users' ); $tpl_admin->set ( 'content', $tpl_message, true ); exit; } // paginate // get counts $count_query = "SELECT IF(SUM(f.file_size),SUM(f.file_size),0) AS total_file_size FROM uploader_users AS u LEFT JOIN uploader_userfiles AS f USING(userid) $where_str GROUP BY u.userid $having_str"; $result = $mysqlDB->query ( $count_query ); if ($result->error()) { print $count_query . "\r\n"; exit ( $mysqlDB->error(__LINE__, __FILE__) );} $total_filtered_users = $result->numRows(); $result->free(); $tpl_users->set ( 'total_filtered_users', $total_filtered_users ); $total_pages = ceil ( $total_filtered_users / $per_page ); if ( $current_page < 1 ) $current_page = 1; if ( $current_page > $total_pages ) $current_page = $total_pages; $offset = $current_page > 1 ? ( $current_page - 1 ) * $per_page : 0; $limit_str = "LIMIT $offset, $per_page"; $tpl_users->set ( 'current_page', $current_page ); $tpl_users->set ( 'total_pages', $total_pages ); // select users $select_query = "SELECT u.*, (CONCAT(u.is_approved,u.is_activated,u.is_suspended)) AS status, COUNT(f.file_id) AS files_count, IF(SUM(f.file_size),SUM(f.file_size),0) AS total_file_size FROM uploader_users AS u LEFT JOIN uploader_userfiles AS f USING(userid) $where_str GROUP BY u.userid $having_str $order_str $limit_str"; $result = $mysqlDB->query ( $select_query ); if ( $result->error() ) { print $select_query; exit ( $mysqlDB->error ( __LINE__, __FILE__ ) ); } $users = array(); if ( $result->numRows() ) { while ( false !== ( $user = $result->fetchRow('assoc') ) ) { processUser ( $user, true ); $users[] = $user; } $result->free(); } $tpl_users->set ( 'filters', $filters ); $tpl_users->set ( 'sort_by', $sort_by ); $tpl_users->set ( 'sort_order', $sort_order ); $tpl_users->set ( 'users', $users ); $tpl_admin->set ( 'content', $tpl_users, true ); } break; // delete user folder case 'delete_folder': { $folder_id = (int)gpc('folder_id', 'GP', 0); $userid = (int)gpc('userid', 'GP', 0); $error = 'none'; $folder_info = get_user_folders ( $userid, $folder_id ); if(!count($folder_info)) $error = 'Invalid folder'; elseif(!$folder_info['folder_deleteable']) $error = 'This folder is the home folder of the user and cannot be deleted. Delete the user instead.'; if($error == 'none') { // get location of files in the folder $result = $mysqlDB->query ( "SELECT file_location, file_id FROM uploader_userfiles WHERE folder_id=$folder_id;" ); $tmp = array(); if ( $result->numRows() ) { while ( false !== ( $file = $result->fetchRow('assoc') ) ) { //$tmp[] = 'object_id=' . $file['file_id']; $tmp[] = $file['file_id']; delete_file ( $file['file_location'] ); } $result->free(); } $list = implode ( ',', $tmp ); if ( count ( $tmp ) ) if ( !$mysqlDB->query ( "DELETE FROM uploader_usercomments WHERE object_id IN ($list) AND comment_type=" . COMMENT_FILE ) ) exit ( $mysqlDB->error(__LINE__, __FILE__) ); // remove folder $mysqlDB->query ( "DELETE FROM uploader_userfolders WHERE folder_id=$folder_id;" ); update_public_folder_status ( $folder_info['userid'] ); go_to(UPLOADER_URL . 'admin.php?action=user_files&userid='.$folder_info['userid']); } else { $tpl_message->set('message', $error); $tpl_message->set('back_url', $_SERVER['HTTP_REFERER']); $tpl_admin->set('content', $tpl_message, 1); } } break; // Edit user folder case 'edit_folder': { require 'includes/messages_folders.inc.php'; $tpl_folders = new Template(TPL_DIR . 'tpl_user_admin.php'); $tpl_folders->set('action', 'edit_folder'); // get input $folder_id = (int)gpc('folder_id', 'GP', 0); $userid = (int)gpc('userid', 'GP', 0); $tpl_folders->set('back_url', UPLOADER_URL . 'admin.php?action=user_files&userid=' . $userid); // userinfo $userinfo = get_user_info($userid); if(!count($userinfo))exit('Invalid user'); processUser($userinfo, true); $tpl_folders->set('userinfo', $userinfo); // folder info $folder = get_user_folders($userid, $folder_id); if ( count ( $folder ) ) { if ( $task == 'edit' ) { $properties = array ( 'name' => '', 'description' => '', 'access' => 'private', 'friend_access' => 0, 'family_access' => 0, 'is_gallery' => 0 ); $new_properties = gpc ( 'folder', 'P', $properties ); $error = 'none'; $insert = array(); // process checkboxes values because if they're not checked they don't exist $new_properties['friend_access'] = isset($new_properties['friend_access']) ? (int)$new_properties['friend_access'] : 0; $new_properties['family_access'] = isset($new_properties['family_access']) ? (int)$new_properties['family_access'] : 0; // check folder name if ( $new_properties['name'] == '' ) $error = $lang_folders['folder_no_name']; elseif ( preg_match ( '#[\t\r\n]#', $new_properties['name'] ) ) $error = $lang_folders['folder_bad_char']; elseif ( strlen ( $new_properties['name'] ) < $UPL['CONFIGS']['FOLDER_MIN_LEN'] ) $error = parse ( $lang_folders['folder_short_name'], '{length}', $UPL['CONFIGS']['FOLDER_MIN_LEN'] ); elseif ( strlen ( $new_properties['name'] ) > $UPL['CONFIGS']['FOLDER_MAX_LEN'] ) $error = parse ( $lang_folders['folder_long_name'], '{length}', $UPL['CONFIGS']['FOLDER_MAX_LEN'] ); elseif ( strcasecmp ( $new_properties['name'], $folder['folder_name'] ) !== 0 ) { $insert['folder_name'] = $mysqlDB->escape ( trim ( $new_properties['name'] ) ); // check if folder exists $res = $mysqlDB->query ( "SELECT COUNT(folder_id) AS folder_count FROM uploader_userfolders WHERE userid={$userid} AND folder_name='{$new_properties['name']}';" ); $result = $res->fetchRow('assoc'); $res->free(); if ( $result['folder_count'] ) $error = $lang_folders['folder_exists']; } // folder description $insert['folder_description'] = $mysqlDB->escape ( trim ( $new_properties['description'] ) ); // folder permission $permission = array ( 'friend' => $new_properties['friend_access'], 'family' => $new_properties['family_access'] ); switch ( $new_properties['access'] ) { case 'public': $insert['folder_ispublic'] = FOLDER_PUBLIC; break; case 'hidden': $insert['folder_ispublic'] = FOLDER_HIDDEN; break; case 'private': default: $insert['folder_ispublic'] = FOLDER_PRIVATE; break; } $insert['folder_permission'] = folderperm2int ( $permission ); // deleteable & renameable $insert['folder_deleteable'] = (int)isset ( $new_properties['deleteable'] ); $insert['folder_renameable'] = (int)isset ( $new_properties['renameable'] ); // save if ( $error == 'none' ) { $result = $mysqlDB->query ( "UPDATE uploader_userfolders SET " . $mysqlDB->buildInsertStatement ( $insert ) . " WHERE userid={$userid} AND folder_id={$folder_id}" ); if ( !$result ) exit ( $mysqlDB->error() ); update_public_folder_status ( $userid ); go_to(UPLOADER_URL . 'admin.php?action=user_files&userid=' . $userid); } else { // user entered data $folder = array_merge ( $folder, $new_properties ); $tpl_error->set ( 'error', $error ); $tpl_folders->set ( 'folder', $folder ); $tpl_folders->set ( 'error', $tpl_error ); $tpl_admin->setr ( 'content', $tpl_folders, 1 ); } } else { // start edit $permission = get_folder_access_permission ( $folder ); $folder['access'] = $permission['access']; $folder['friend_access'] = $permission['friend']; $folder['family_access'] = $permission['family']; $folder['name'] = $folder['folder_name']; $folder['description'] = $folder['folder_description']; $folder['renameable'] = $folder['folder_renameable']; $tpl_folders->set ( 'folder', $folder ); $tpl_uploader->set ( 'content', $tpl_folders, 1 ); } } else { $tpl_message->set ( 'message', 'Invalid folder' ); $tpl_admin->set ( 'content', $tpl_message, 1 ); } } break; // edit user file case 'edit_file': { // load templates $tpl_editfile = new Template ( TPL_DIR . 'tpl_user_admin.php' ); $tpl_editfile->set ( 'action', $action ); // get inputs $file_id = (int)gpc('file_id', 'GP', 0); $userid = abs ( intval ( gpc ( 'userid', 'GP', 0 ) ) ); // load user $userinfo = get_user_info ( $userid ); if(!count($userinfo))exit('Invalid user'); processUser ( $userinfo, true ); $tpl_editfile->set ( 'userinfo', $userinfo ); // load file $file = get_user_file ( $userid, $file_id ); $tpl_editfile->set('file', $file); if ( $task == 'save' ) { $file_info = gpc ( 'file', 'P', array() ); $insert = array(); if(isset($file_info['name'])) $insert['file_name'] = $mysqlDB->escape($file_info['name']); if(isset($file_info['extension'])) $insert['file_extension'] = $mysqlDB->escape($file_info['extension']); if(isset($file_info['is_image'])) $insert['file_isimage'] = (int)$file_info['is_image']; // do update if(count($insert)) { if(!$mysqlDB->query("UPDATE uploader_userfiles SET " . $mysqlDB->buildInsertStatement($insert) . " WHERE userid=$userid AND file_id=$file_id LIMIT 1"))exit($mysqlDB->error(__LINE__,__FILE__)); } $tpl_message->set('message', 'File info saved!'); $tpl_message->set('back_url', UPLOADER_URL . 'admin.php?action=user_files&userid=' . $userid . '&folder_id=' . $file['folder_id']); $tpl_admin->setr('content', $tpl_message, 1); } else { $tpl_editfile->set('back_url', UPLOADER_URL . 'admin.php?action=user_files&userid=' . $userid . '&folder_id=' . $file['folder_id'] ); $tpl_admin->setr('content', $tpl_editfile, 1); } } break; case 'delete_files': { $file_ids = gpc ( 'file_ids', 'P', array() ); $current_folder_id = gpc ( 'current_folder_id', 'P', 0 ); $userid = gpc('userid', 'P', 0); if ( count ( $file_ids ) ) { // make query $tmp = array(); $list = ''; reset ( $file_ids ); while ( list ( , $file_id ) = each ( $file_ids ) ) $tmp[] = (int)$file_id; $list = implode ( ',', $tmp ); // get location of files in the folder $result = $mysqlDB->query ( "SELECT file_location FROM uploader_userfiles WHERE file_id IN ($list)" ); if ( $result->numRows() ) { while ( false !== ( $file = $result->fetchRow('assoc') ) ) { // delete actual file from disk delete_file ( $file['file_location'] ); } $result->free(); } // remove files from database $mysqlDB->query ( "DELETE FROM uploader_userfiles WHERE file_id IN ($list)" ); if ( !$mysqlDB->query ( "DELETE FROM uploader_usercomments WHERE object_id IN ($list) AND comment_type=" . COMMENT_FILE ) ) exit ( $mysqlDB->error(__LINE__, __FILE__) ); } go_to(UPLOADER_URL . 'admin.php?action=user_files&userid='.$userid.'&folder_id='.$current_folder_id); } break; // move user files case 'move_files': { $current_folder_id = (int)gpc ( 'current_folder_id', 'P', 0 ); $target_folder_id = (int)gpc ( 'move_to_folder_id', 'P', 0 ); $userid = gpc('userid', 'P', 0); $file_ids = gpc ( 'file_ids', 'P', array() ); if ( count ( $file_ids ) && $target_folder_id && $target_folder_id != $current_folder_id ) { // verify target folder $target_folder = get_user_folders ( $userid, $target_folder_id ); if ( !count ( $target_folder ) ) { $tpl_message->set ( 'error', $lang_myfiles['folder_invalid'] ); $tpl_admin->set ( 'content', $tpl_message, 1 ); exit; } // make query $tmp = array(); reset ( $file_ids ); while ( list ( , $file_id ) = each ( $file_ids ) ) $tmp[] = (int)$file_id; $list = implode ( ',', $tmp ); // move according to target folder $and_is_image = $target_folder['folder_isgallery'] ? 'AND file_isimage=1' : ''; $mysqlDB->query ( "UPDATE uploader_userfiles SET folder_id={$target_folder['folder_id']} WHERE userid={$userid} $and_is_image AND file_id IN ($list)" ); } go_to(UPLOADER_URL . 'admin.php?action=user_files&userid='.$userid.'&folder_id='.$current_folder_id); } break; case 'quick_edit_user_info': { if ( $demo ) exit ( 'Demo only!' ); $userid = abs ( (int)gpc ( 'userid', 'G', 0 ) ); switch ( $task ) { case 'bandwidth_counter': { $mysqlDB->query ( "UPDATE uploader_users SET bw_used=0, bw_reset_last=" . time() . " WHERE userid={$userid};" ); } break; } go_to(); } break; case 'var_dumps': { print_r ( $_SERVER ); } break; case 'stats': { // users $res = $mysqlDB->query ( "SELECT COUNT(userid) AS users_count, MAX(userid) AS newest_userid, SUM(bw_used) AS total_bw_used FROM uploader_users;" ); if ( $res->numRows() ) { $result = $res->fetchRow('assoc'); $res->free(); extract ( $result, EXTR_OVERWRITE ); } $res = $mysqlDB->query ( "SELECT username AS newest_username FROM uploader_users WHERE userid={$newest_userid};" ); if ( $res->numRows() ) { $result = $res->fetchRow('assoc'); $res->free(); extract ( $result, EXTR_OVERWRITE ); } // user files and folders $userfiles_stats = array('total_files' => 0, 'total_folders' => 0, 'total_size' => 0); $result = $mysqlDB->query ( "SELECT COUNT(file_id) AS total_files, SUM(file_size) AS total_size FROM uploader_userfiles" ); if ( $result->numRows() ) { $userfiles_stats = $result->fetchRow('assoc'); $result->free(); } $result = $mysqlDB->query ( "SELECT COUNT(folder_id) AS total_folders FROM uploader_userfolders" ); if ( $result->numRows() ) { $userfiles_stats = array_merge($userfiles_stats, $result->fetchRow('assoc') ); $result->free(); } // bw $res = $mysqlDB->query ( "SELECT username AS highest_bw_username, userid AS highest_bw_userid, bw_used AS highest_bw_value FROM uploader_users ORDER BY bw_used DESC LIMIT 1;" ); if ( $res->numRows() ) { $result = $res->fetchRow('assoc'); $res->free(); extract ( $result, EXTR_OVERWRITE ); } // public $public_stats = array(); $res = $mysqlDB->query ( "SELECT SUM(file_size*file_views) AS total_bandwidth_usage, COUNT(file_id) AS total_public_files, SUM(file_size) AS total_public_size FROM uploader_pfiles;" ); if ( $res->numRows() ) { $public_stats = $res->fetchRow('assoc'); $res->free(); } $result = $mysqlDB->query ( "SELECT COUNT(upload_id) AS total_public_sets FROM uploader_puploads" ); $r = $result->fetchRow('assoc'); $result->free(); $public_stats['total_public_sets'] = $r['total_public_sets']; $stats = array ( 'userfiles_stats' => $userfiles_stats, 'users_count' => $users_count, 'newest_user_name' => $newest_username, 'newest_user_url' => UPLOADER_URL . 'admin.php?action=user_info&userid=' . $newest_userid, 'total_bandwidth_used' => get_size ( $total_bw_used, 'KB' ), 'highest_bw_value' => get_size ( $highest_bw_value, 'KB' ), 'highest_bw_username' => $highest_bw_username, 'highest_bw_userinfo' => UPLOADER_URL . 'admin.php?action=user_info&userid=' . $highest_bw_userid, 'public_stats' => $public_stats, ); $tpl_stats = new Template ( TPL_DIR . '/tpl_stats.php' ); $tpl_stats->setr ( 'stats', $stats ); $tpl_admin->setr ( 'content', $tpl_stats ); $tpl_admin->display ( ); } break; case 'optimize': { $tables = array ( 'uploader_users', 'uploader_pfiles', 'uploader_puploads', 'uploader_messages', 'uploader_userfolders', 'uploader_userfiles', 'uploader_usercomments', 'uploader_usercontacts', 'uploader_announcements', 'uploader_banned', ); $result = $mysqlDB->query ( "OPTIMIZE TABLE " . implode ( ', ', $tables ) ); if ( $result->error ( ) ) exit ( $mysqlDB->error ( __LINE__, __FILE__ ) ); $tpl_message->set ( 'message', 'Optimization completed.' ); $tpl_message->set ( 'back_url', 'admin.php?action=tools' ); $tpl_admin->set ( 'content', $tpl_message, 1); } break; case 'tools': { $tpl_tools = new Template ( TPL_DIR . '/tpl_tools.php' ); $tpl_tools->set ( 'action', $action ); $tpl_admin->setr ( 'content', $tpl_tools ); $tpl_admin->display ( ); } break; case 'emailer': { $tpl_tools = new Template ( TPL_DIR . '/tpl_tools.php' ); $tpl_tools->set ( 'action', $action ); $to = gpc ( 'to', 'G', $UPL['SETTINGS']['email'] ); $bcc = gpc ( 'bcc', 'G', '' ); $email = gpc ( 'email', 'P', array ( ) ); if ( $task == 'send' && count ( $email ) ) { $header = 'From: Uploader Admin <' . $UPL['SETTINGS']['email'] . '>' . "\n"; if ( isset ( $email['mass_email'] ) ) { // mass email to all registered users $per_round = 100; // number of messages to send per round $offset = 0; $limit = $per_round; while (1) { // gather emails $emails = array(); $result = $mysqlDB->query ( "SELECT email FROM uploader_users LIMIT $offset, $per_round" ); if ( !$result->numRows() ) break; while ( $r = $result->fetchRow('numeric') ) $emails[] = $r[0]; $offset += count ( $emails ); // send $first_email = array_shift ( $emails ); $header = 'From: Uploader Admin <' . $UPL['SETTINGS']['email'] . '>' . "\n"; $header .= count ( $emails ) ? 'Bcc: ' . implode ( ', ', $emails ) . "\n" : ''; send_email ( $first_email, $email['subject'], $email['message'], $header ); } } else { // send it to listed users $header = 'From: Uploader Admin <' . $UPL['SETTINGS']['email'] . '>' . "\n"; if ( isset ( $email['bcc'] ) ) { $header .= 'BCC: ' . $email['bcc'] . "\n"; } send_email ( $email['send_to'], $email['subject'], $email['message'], $header ); } $tpl_message->set ( 'message', 'Your message has been sent.' ); $tpl_message->set ( 'back_url', 'admin.php?action=tools' ); $tpl_admin->setr ( 'content', $tpl_message, 1 ); } else { // show form $tpl_tools->set ( 'bcc', $bcc ); $tpl_tools->set ( 'receivers', $to ); $tpl_admin->setr ( 'content', $tpl_tools, 1 ); } } break; case 'ban': { $tpl_ban = new Template ( TPL_DIR . 'tpl_ban.php' ); // load all banned users $bans = array(); $result = $mysqlDB->query ( "SELECT * FROM uploader_banned" ); if ( $result->numRows() ) $bans = $result->fetchAllRows('assoc'); $count = count ( $bans ); for ( $i = 0; $i < $count; ++$i ) { $bans[$i]['unban_url'] = 'admin.php?action=ban_remove&ip=' . $bans[$i]['ban_ip']; $bans[$i]['edit_url'] = 'admin.php?action=ban_edit&ip=' . $bans[$i]['ban_ip']; $bans[$i]['ban_ip'] = long2ip ( $bans[$i]['ban_ip'] ); } $tpl_ban->set ( 'bans', $bans ); $tpl_admin->set ( 'content', $tpl_ban, true ); } break; case 'ban_remove': { $ip = preg_replace ( "#[^0-9]#", '', gpc ( 'ip', 'G', '' ) ); $mysqlDB->query ( "DELETE FROM uploader_banned WHERE ban_ip=$ip LIMIT 1" ); go_to(); } break; case 'ban_add': { $ban_ip = trim ( gpc ( 'ban_ip', 'P', '' ) ); $ban_uploader = (int)gpc ( 'ban_uploader', 'P', 0 ); $ban_public = (int)gpc ( 'ban_public', 'P', 0 ); $error = 'none'; if ( $ban_ip == '' || !preg_match ( '#[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}#', $ban_ip ) ) $error = 'Invalid IP address'; $result = $mysqlDB->query ( "SELECT * FROM uploader_banned WHERE ban_ip=" . sprintf ( '%u', ip2long ( $ban_ip ) ) ); if ( $result->numRows() ) $error = 'That IP address is already on the ban list.'; if ( $error == 'none' ) { $insert = array ( 'ban_ip' => sprintf ( '%u', ip2long ( $ban_ip ) ), 'ban_uploader' => $ban_uploader, 'ban_public' => $ban_public ); $result = $mysqlDB->query ( "INSERT INTO uploader_banned SET " . $mysqlDB->buildInsertStatement ( $insert ) ); if ( $result->error() ) exit ( $mysqlDB->error ( __LINE__, __FILE__ ) ); go_to ( 'admin.php?action=ban' ); } else { $tpl_message->set ( 'message', $error ); $tpl_message->set ( 'back_url', 'admin.php?action=ban' ); $tpl_admin->set ( 'content', $tpl_message, true ); } } break; case 'ban_edit': { $tpl_ban = new Template ( TPL_DIR . 'tpl_ban.php' ); $ip = preg_replace ( "#[^0-9]#", '', gpc ( 'ip', 'GP', '' ) ); $result = $mysqlDB->query ( "SELECT * FROM uploader_banned WHERE ban_ip=$ip LIMIT 1" ); if ( !$result->numRows() ) exit ( 'Invalid IP' ); $ban = $result->fetchRow('assoc'); $ban['real_ip'] = long2ip ( $ban['ban_ip'] ); if ( $task == 'save' ) { $ban_uploader = (int)gpc ( 'ban_uploader', 'P', 0 ); $ban_public = (int)gpc ( 'ban_public', 'P', 0 ); $insert = array ( 'ban_uploader' => $ban_uploader, 'ban_public' => $ban_public ); $result = $mysqlDB->query ( "UPDATE uploader_banned SET " . $mysqlDB->buildInsertStatement ( $insert ) . " WHERE ban_ip=$ip" ); if ( $result->error() ) exit ( $mysqlDB->error ( __LINE__, __FILE__ ) ); go_to ( 'admin.php?action=ban' ); } else { $tpl_ban->set ( 'action', 'ban_edit' ); $tpl_ban->set ( 'ban', $ban ); $tpl_admin->set ( 'content', $tpl_ban, true ); } } break; default: { $tpl_admin->set ( 'content', 'Welcome to the admin section.' ); $tpl_admin->display ( ); } } ?>