Viewing file:  upload.php (2.89 KB) -rw-r--r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
* Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
*
* Licensed under the terms of any of the following licenses at your
* choice:
*
* - GNU General Public License Version 2 or later (the "GPL")
* http://www.gnu.org/licenses/gpl.html
*
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
* http://www.gnu.org/licenses/lgpl.html
*
* - Mozilla Public License Version 1.1 or later (the "MPL")
* http://www.mozilla.org/MPL/MPL-1.1.html
*
* == END LICENSE ==
*
* This is the "File Uploader" for PHP.
*/
require('./config.php') ;
require('./util.php') ;
require('./io.php') ;
require('./commands.php') ;
require('./phpcompat.php') ;
function SendError( $number, $text )
{
SendUploadResults( $number, '', '', $text ) ;
}
// Check if this uploader has been enabled.
if ( !$Config['Enabled'] )
SendUploadResults( '1', '', '', 'This file uploader is disabled. Please check the "editor/filemanager/connectors/php/config.php" file' ) ;
/////////////
require_once("../../../../../inc_config.php");
global $db_host,$db_user,$db_pass,$db_name;
$tmpdblink = @mysql_connect($db_host,$db_user,$db_pass) or die("Database error: Cannot establish connection.");
@mysql_select_db($db_name,$tmpdblink) or die("Database error: Cannot select database.");
if (isset($_COOKIE['login_user'])) {
$cookiecontent = $_COOKIE['login_user'];
$cookieitem = explode("#",$cookiecontent);
$cookie_id = intval($cookieitem[0]);
$cookie_user = $cookieitem[1]; //md5
$cookie_pass = $cookieitem[2]; //md5
//Database Account Control
$cookcheck = mysql_fetch_assoc(mysql_query("SELECT user,pass FROM memht_utenti WHERE id=$cookie_id AND rank>1"));
if ($cookcheck) {
$dblogin_user = $cookcheck['user'];
$dblogin_pass = $cookcheck['pass']; //md5
if ($cookie_user=!md5($dblogin_user) OR $cookie_pass=!$dblogin_pass) {
setcookie("login_user","",time()-31536000,"/"); //-1year
@mysql_close($tmpdblink);
die("Access Denied: This file is accessible only by administrators");
exit(); //2 is better than 1
}
}
} else {
@mysql_close($tmpdblink);
die("Access Denied: This file is accessible only by administrators");
exit(); //2 is better than 1
}
@mysql_close($tmpdblink);
/////////////
$sCommand = 'QuickUpload' ;
// The file type (from the QueryString, by default 'File').
$sType = isset( $_GET['Type'] ) ? $_GET['Type'] : 'File' ;
$sCurrentFolder = GetCurrentFolder() ;
// Is enabled the upload?
if ( ! IsAllowedCommand( $sCommand ) )
SendUploadResults( '1', '', '', 'The ""' . $sCommand . '"" command isn\'t allowed' ) ;
// Check if it is an allowed type.
if ( !IsAllowedType( $sType ) )
SendUploadResults( 1, '', '', 'Invalid type specified' ) ;
FileUpload( $sType, $sCurrentFolder, $sCommand )
?>
|