/* Decoded by unphp.net */ ?> $value ) { $filecontents[$name] = explode( "|", trim( $value ) ); if($filecontents[$name][0] == $xfname ) return $filecontents[$name]; } return false; } $allowed_extensions = array ("gif", "jpg", "png", "jpeg", "webp" , "bmp", "avif", "heic"); $allowed_video = array ("mp4", "mp3", "m4v", "m4a", "mov", "webm", "m3u8", "mkv" ); $allowed_files = explode( ',', strtolower( $user_group[$member_id['user_group']]['files_type'] ) ); if( intval( $_REQUEST['news_id'] ) ) $news_id = intval( $_REQUEST['news_id'] ); else $news_id = 0; if( isset( $_REQUEST['area'] ) ) $area = totranslit( $_REQUEST['area'] ); else $area = ""; if( isset( $_REQUEST['wysiwyg'] ) ) $wysiwyg = totranslit( $_REQUEST['wysiwyg'], true, false ); else $wysiwyg = 0; $_REQUEST['subaction'] = isset($_REQUEST['subaction']) ? $_REQUEST['subaction'] : ''; if( !$is_logged ) { die ( "{\"error\":\"{$lang['err_notlogged']}\"}" ); } if( !$user_group[$member_id['user_group']]['allow_image_upload'] AND !$user_group[$member_id['user_group']]['allow_file_upload'] ) { if ( $area != "comments" ) { die ( "{\"error\":\"{$lang['err_noupload']}\"}" ); } } $author = $db->safesql($member_id['name']); if( isset( $_REQUEST['author'] ) AND $_REQUEST['author'] ) { $author = strip_tags(urldecode( (string)$_REQUEST['author'] ) ); if( preg_match( "/[\||\'|\<|\>|\[|\]|\"|\!|\?|\$|\@|\#|\/|\|\&\~\*\{\+]/", $author ) ) { die ( "{\"error\":\"{$lang['user_err_6']}\"}" ); } $author = $db->safesql($author); } if ( !$user_group[$member_id['user_group']]['allow_all_edit'] AND $area != "comments" ) $author = $db->safesql($member_id['name']); if ( $area == "template" ) { if ( !$user_group[$member_id['user_group']]['admin_static'] ) die ( "{\"error\":\"{$lang['opt_denied']}\"}" ); } if ( $area == "comments" AND !$user_group[$member_id['user_group']]['allow_up_image'] ) { die ( "{\"error\":\"{$lang['opt_denied']}\"}" ); } if ( $area == "adminupload" ) { if ( $member_id['user_group'] != 1 ) die ( "{\"error\":\"{$lang['opt_denied']}\"}" ); } if ( $news_id AND $area != "template" AND $area != "comments" ) { $row = $db->super_query( "SELECT id, autor, approve FROM " . PREFIX . "_post WHERE id = '{$news_id}'" ); if ( !$row['id'] ) die ( "{\"error\":\"{$lang['opt_denied']}\"}" ); if ( !$user_group[$member_id['user_group']]['allow_all_edit'] AND $row['autor'] != $member_id['name'] ) die ( "{\"error\":\"{$lang['opt_denied']}\"}" ); if ($row['approve'] AND !$user_group[$member_id['user_group']]['moderation'] AND ($_REQUEST['subaction'] == "upload" OR $_POST['subaction'] == "deluploads") ) { $db->query( "UPDATE " . PREFIX . "_post SET approve='0' WHERE id='{$news_id}'" ); } } if ( $news_id AND $area == "comments" ) { $row = $db->super_query( "SELECT id, user_id, date, is_register FROM " . PREFIX . "_comments WHERE id = '{$news_id}'" ); if ( !$row['id'] ) die ( "{\"error\":\"{$lang['opt_denied']}\"}" ); $have_perm = 0; $row['date'] = strtotime( $row['date'] ); if( ($member_id['user_id'] == $row['user_id'] AND $row['is_register'] AND $user_group[$member_id['user_group']]['allow_editc']) OR $user_group[$member_id['user_group']]['edit_allc'] ) { $have_perm = 1; } if ( $user_group[$member_id['user_group']]['edit_limit'] AND (($row['date'] + ((int)$user_group[$member_id['user_group']]['edit_limit'] * 60)) < $_TIME) ) { $have_perm = 0; } if ( !$have_perm ) die ( "{\"error\":\"{$lang['opt_denied']}\"}" ); } if( $area == "comments" ) { $user_group[$member_id['user_group']]['allow_image_size'] = false; $user_group[$member_id['user_group']]['allow_file_upload'] = false; $config['max_up_side'] = $user_group[$member_id['user_group']]['up_image_side']; $config['max_up_size'] = $user_group[$member_id['user_group']]['up_image_size']; if ( !$user_group[$member_id['user_group']]['edit_allc'] ) $author = $db->safesql($member_id['name']); } ////////////////////// // go go upload ////////////////////// if( $_REQUEST['subaction'] == "upload" ) { if( !isset($_REQUEST['user_hash']) OR !$_REQUEST['user_hash'] OR $_REQUEST['user_hash'] != $dle_login_hash ) { die ( "{\"error\":\"{$lang['sess_error']}\"}" ); } include_once (DLEPlugins::Check(ENGINE_DIR . '/classes/uploads/upload.class.php')); if( isset($_REQUEST['mode']) AND $_REQUEST['mode'] == "quickload") $user_group[$member_id['user_group']]['allow_image_size'] = $user_group[$member_id['user_group']]['allow_change_storage'] = false; if( $area != "comments" AND $area != "adminupload" AND $user_group[$member_id['user_group']]['allow_change_storage'] AND isset($_REQUEST['upload_driver'])) { $_REQUEST['upload_driver'] = intval($_REQUEST['upload_driver']); if( $_REQUEST['upload_driver'] > -1) { $config['image_remote'] = $config['files_remote'] = $config['static_remote'] = $_REQUEST['upload_driver']; } } if( $user_group[$member_id['user_group']]['allow_image_size'] ) { if ( isset($_REQUEST['t_seite']) ) $t_seite = intval( $_REQUEST['t_seite'] ); else $t_seite = intval($config['t_seite']); if ( isset($_REQUEST['m_seite']) ) $m_seite = intval( $_REQUEST['m_seite'] ); else $m_seite = intval($config['t_seite']); if ( isset($_REQUEST['make_thumb']) ) $make_thumb = intval( $_REQUEST['make_thumb'] ); else $make_thumb = true; if ( isset($_REQUEST['make_medium']) ) $make_medium = intval( $_REQUEST['make_medium'] ); else $make_medium = true; $t_size = isset($_REQUEST['t_size']) ? $_REQUEST['t_size'] : $config['max_image']; $m_size = isset($_REQUEST['m_size']) ? $_REQUEST['m_size'] : $config['medium_image']; $make_watermark = isset($_REQUEST['make_watermark']) ? intval($_REQUEST['make_watermark']) : false; $hidpi = isset($_REQUEST['hidpi']) ? intval($_REQUEST['hidpi']) : false; if(!$t_size) $make_thumb = false; if(!$m_size) $make_medium = false; if ( $area == "adminupload" ) { if ($config['allow_watermark']) $make_watermark = true; else $make_watermark = false; $t_seite = intval($config['t_seite']); $m_seite = intval($config['t_seite']); $t_size = $config['max_image']; $m_size = $config['medium_image']; $make_thumb = false; $make_medium = false; $hidpi = false; } } else { $t_seite = intval($config['t_seite']); $m_seite = intval($config['t_seite']); $t_size = $config['max_image']; $m_size = $config['medium_image']; $make_thumb = true; $make_medium = true; $hidpi = false; if ($config['allow_watermark']) $make_watermark = true; else $make_watermark = false; if(!$t_size) $make_thumb = false; if(!$m_size) $make_medium = false; } if ($area == "xfieldsimage" OR $area == "xfieldsimagegalery" OR $area == "xfieldsvideo" OR $area == "xfieldsaudio" OR $area == "xfieldsfile" ) { $xfparam = xfparamload($_REQUEST['xfname']); if (!is_array($xfparam)) die("{\"error\":\"xfieldname not found\"}"); $xfparam[33] = isset($xfparam[33]) ? intval($xfparam[33]) : -1; if ($xfparam[33] > -1) { $config['image_remote'] = $config['files_remote'] = $xfparam[33]; } } if( $area == "xfieldsimage" OR $area == "xfieldsimagegalery") { $xfparam = xfparamload( $_REQUEST['xfname'] ); if( !is_array( $xfparam ) ) die ( "{\"error\":\"xfieldname not found\"}" ); $_REQUEST['xfname'] = $xfparam[0]; $t_seite = intval($config['t_seite']); $m_seite = intval($config['t_seite']); $t_size = $xfparam[13]; $m_size = 0; $config['max_up_side'] = $xfparam[9]; $config['max_up_size'] = $xfparam[10]; $config['min_up_side'] = $xfparam[22]; $config['files_allow'] = false; $user_group[$member_id['user_group']]['allow_file_upload'] = false; $make_watermark = $xfparam[11] ? true : false; $make_thumb = $xfparam[12] ? true : false; $make_medium = false; $hidpi = false; } if( $area == "xfieldsfile" ) { $xfparam = xfparamload( $_REQUEST['xfname'] ); if( !is_array( $xfparam ) ) die ( "{\"error\":\"xfieldname not found\"}" ); $_REQUEST['xfname'] = $xfparam[0]; $_REQUEST['public_file'] = intval($xfparam[27]); $user_group[$member_id['user_group']]['allow_image_upload'] = false; $user_group[$member_id['user_group']]['files_type'] = $xfparam[14]; $user_group[$member_id['user_group']]['max_file_size'] = $xfparam[15]; $user_group[$member_id['user_group']]['allow_public_file_upload'] = intval($xfparam[27]); } if ($area == "xfieldsvideo" OR $area == "xfieldsaudio" ) { $xfparam = xfparamload($_REQUEST['xfname']); if (!is_array($xfparam)) die("{\"error\":\"xfieldname not found\"}"); $_REQUEST['xfname'] = $xfparam[0]; $_REQUEST['public_file'] = 1; $user_group[$member_id['user_group']]['allow_image_upload'] = false; if( $area == "xfieldsvideo" ) { $user_group[$member_id['user_group']]['files_type'] = "mp4,m4v,m4a,mov,webm,m3u8,mkv"; } else $user_group[$member_id['user_group']]['files_type'] = "mp3"; $user_group[$member_id['user_group']]['max_file_size'] = $xfparam[32]; $user_group[$member_id['user_group']]['allow_public_file_upload'] = 1; } if( $area == "comments" ) { $user_group[$member_id['user_group']]['allow_image_size'] = false; $user_group[$member_id['user_group']]['allow_file_upload'] = false; $user_group[$member_id['user_group']]['allow_image_upload'] = true; $config['max_up_side'] = $user_group[$member_id['user_group']]['up_image_side']; $config['max_up_size'] = $user_group[$member_id['user_group']]['up_image_size']; $config['min_up_side'] = $user_group[$member_id['user_group']]['min_image_side']; $t_seite = intval($config['t_seite']); $m_seite = intval($config['t_seite']); $t_size = $user_group[$member_id['user_group']]['up_thumb_size']; $m_size = 0; $make_watermark = $user_group[$member_id['user_group']]['allow_up_watermark'] ? true : false; $make_thumb = $user_group[$member_id['user_group']]['allow_up_thumb'] ? true : false; $make_medium = false; $hidpi = false; } $t_size = explode ("x", $t_size); if ( count($t_size) == 2) { $t_size = intval($t_size[0]) . "x" . intval($t_size[1]); } else { $t_size = intval( $t_size[0] ); } $m_size = explode ("x", $m_size); if ( count($m_size) == 2) { $m_size = intval($m_size[0]) . "x" . intval($m_size[1]); } else { $m_size = intval( $m_size[0] ); } $uploader = new FileUploader($area, $news_id, $author, $t_size, $t_seite, $make_thumb, $make_watermark, $m_size, $m_seite, $make_medium, $hidpi); $result = $uploader->FileUpload(); echo $result; die(); } ////////////////////// // go go delete uploaded files ////////////////////// check_xss (); if( $_REQUEST['subaction'] == "deluploads" ) { if( !isset($_REQUEST['user_hash']) OR !$_REQUEST['user_hash'] OR $_REQUEST['user_hash'] != $dle_login_hash ) { die ( "{\"error\":\"User not found\"}" ); } DLEFiles::init(); if( isset( $_POST['images'] ) ) { $row = $db->super_query( "SELECT images FROM " . PREFIX . "_images WHERE author = '{$author}' AND news_id = '{$news_id}'" ); $listimages = explode( "|||", $row['images'] ); $temp_images = $listimages; foreach ( $_POST['images'] as $image ) { $i = 0; $image = get_uploaded_image_info($image); reset( $listimages ); foreach ( $temp_images as $dataimage ) { $dataimage = get_uploaded_image_info($dataimage); if( $dataimage->remote ) $disk = DLEFiles::FindDriver($dataimage->url); else $disk = 0; if( $dataimage->path == $image->path ) { unset( $listimages[$i] ); DLEFiles::Delete( "posts/" . $dataimage->path, $disk ); if($dataimage->hidpi) { DLEFiles::Delete("posts/{$dataimage->folder}/{$dataimage->hidpi}", $disk); } if( $dataimage->thumb ) { DLEFiles::Delete( "posts/{$dataimage->folder}/thumbs/{$dataimage->name}", $disk ); if ($dataimage->hidpi) { DLEFiles::Delete("posts/{$dataimage->folder}/thumbs/{$dataimage->hidpi}", $disk); } } if( $dataimage->medium ) { DLEFiles::Delete( "posts/{$dataimage->folder}/medium/{$dataimage->name}", $disk ); if ($dataimage->hidpi) { DLEFiles::Delete("posts/{$dataimage->folder}/medium/{$dataimage->hidpi}", $disk); } } } $i ++; } } if( count( $listimages ) ) $row['images'] = implode( "|||", $listimages ); else $row['images'] = ""; if( $row['images'] ) $db->query( "UPDATE " . PREFIX . "_images set images='{$row['images']}' WHERE author = '{$author}' AND news_id = '{$news_id}'" ); else $db->query( "DELETE FROM " . PREFIX . "_images WHERE news_id = '{$news_id}'" ); if ($user_group[$member_id['user_group']]['allow_admin']) $db->query( "INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('".$db->safesql($member_id['name'])."', '{$_TIME}', '{$_IP}', '32', '{$news_id}')" ); } if( $user_group[$member_id['user_group']]['allow_file_upload'] AND isset($_POST['files']) AND is_array($_POST['files']) AND count( $_POST['files'] ) ) { foreach ( $_POST['files'] as $file ) { if( is_numeric($file) ) { $file = intval( $file ); $row = $db->super_query( "SELECT * FROM " . PREFIX . "_files WHERE author = '{$author}' AND news_id = '{$news_id}' AND id='{$file}'" ); } else { $file = $db->safesql( $file ); $row = $db->super_query( "SELECT * FROM " . PREFIX . "_files WHERE author = '{$author}' AND news_id = '{$news_id}' AND onserver='{$file}'" ); } if ( $row['id'] AND $row['onserver'] ) { if( trim($row['onserver']) == ".htaccess") die("Hacking attempt!"); if( $row['is_public'] ) $uploaded_path = 'public_files/'; else $uploaded_path = 'files/'; DLEFiles::Delete( $uploaded_path.$row['onserver'], $row['driver'] ); $db->query( "DELETE FROM " . PREFIX . "_files WHERE id='{$row['id']}'" ); } } if ($user_group[$member_id['user_group']]['allow_admin']) $db->query( "INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('".$db->safesql($member_id['name'])."', '{$_TIME}', '{$_IP}', '34', '{$news_id}')" ); } if( $user_group[$member_id['user_group']]['admin_static'] AND isset($_POST['static_files']) AND is_array($_POST['static_files']) AND count( $_POST['static_files'] ) ) { $db->query( "INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('".$db->safesql($member_id['name'])."', '{$_TIME}', '{$_IP}', '33', '{$news_id}')" ); foreach ( $_POST['static_files'] as $file ) { $file = intval( $file ); $row = $db->super_query( "SELECT * FROM " . PREFIX . "_static_files WHERE static_id = '{$news_id}' AND id='{$file}'" ); if( $row['id'] AND $row['onserver'] ) { if( trim($row['onserver']) == ".htaccess") die("Hacking attempt!"); if( $row['is_public'] ) $uploaded_path = 'public_files/'; else $uploaded_path = 'files/'; DLEFiles::Delete( $uploaded_path.$row['onserver'], $row['driver'] ); $db->query( "DELETE FROM " . PREFIX . "_static_files WHERE id='{$row['id']}'" ); } else { if( $row['id'] ) { $dataimage = get_uploaded_image_info( $row['name'] ); DLEFiles::Delete( "posts/" . $dataimage->path, $row['driver'] ); if( $dataimage->thumb ) { DLEFiles::Delete( "posts/{$dataimage->folder}/thumbs/{$dataimage->name}", $row['driver'] ); } if( $dataimage->medium ) { DLEFiles::Delete( "posts/{$dataimage->folder}/medium/{$dataimage->name}", $row['driver'] ); } $db->query( "DELETE FROM " . PREFIX . "_static_files WHERE id='{$row['id']}'" ); } } } } if( $user_group[$member_id['user_group']]['allow_up_image'] AND isset($_POST['comments_files']) AND is_array($_POST['comments_files']) AND count( $_POST['comments_files'] ) ) { foreach ( $_POST['comments_files'] as $file ) { $file = intval( $file ); $row = $db->super_query( "SELECT id, name, driver FROM " . PREFIX . "_comments_files WHERE c_id = '{$news_id}' AND id='{$file}' AND author = '{$author}'" ); if( $row['id'] ) { $dataimage = get_uploaded_image_info( $row['name'] ); DLEFiles::Delete( "posts/" . $dataimage->path, $row['driver'] ); if( $dataimage->thumb ) { DLEFiles::Delete( "posts/{$dataimage->folder}/thumbs/{$dataimage->name}", $row['driver'] ); } $db->query( "DELETE FROM " . PREFIX . "_comments_files WHERE id='{$row['id']}'" ); } } } die( "{\"status\": \"ok\"}" ); } ////////////////////// // go go show ////////////////////// include (ENGINE_DIR . '/data/videoconfig.php'); $uploaded_list = array(); $images_count = $files_count = 0; if( $area == "template" OR $area == "comments" ) { if( $area == "template" ) $db->query( "SELECT id, name FROM " . PREFIX . "_static_files WHERE static_id = '{$news_id}' AND onserver = ''" ); else $db->query( "SELECT id, name FROM " . PREFIX . "_comments_files WHERE c_id = '{$news_id}' AND author = '{$author}'" ); while ( $row = $db->get_row() ) { $images_count ++; $image = get_uploaded_image_info( $row['name'], 'posts', true ); if( $area == "template" ) $del_name = 'static_files'; else $del_name = "comments_files"; $img_url = $image->url; $size = $image->size; $dimension = $image->dimension; if( $size ) $size = "({$size})"; if($image->medium) { $img_url = $image->medium; $medium_data = "yes"; } else $medium_data = "no"; if($image->thumb) { $img_url = $image->thumb; $thumb_data = "yes"; } else $thumb_data = "no"; if ($image->hidpi) { $hidpi_data = " data-hidpi=\"{$image->hidpi}\""; } else $hidpi_data = ''; $file_name = explode("_", $image->name); if( count($file_name) > 1 ) unset($file_name[0]); $file_name = implode("_", $file_name); $uploaded_list[] = <<