PHP discuz chhome picture upload swfupload function

PHP discuz chhome picture upload swfupload function
This upload and discuz to compare, still far from the difference. function is also deficient.
In addition to some of the built-in URL leads, we can not change, the other data are modifiable.
<?php
/*
[Ucenter Home] (C) 2007-2008 Comsenz Inc.
$Id: do_swfupload.php 12830 2009-07-22 06:42:32z Zhengqingpeng $
*/

if (!defined (' In_uchome ')) {//Entry card.
Exit (' Access Denied ');
}

Include_once (s_root. ") /source/function_cp.php ');

$op = Empty ($_get[' op '])? ': $_get[' op ']; Uchome a preferred method variable.
$isupload = Empty ($_get[' cam ']) && empty ($_get[' doodle '))?  True:false; Whether to upload. There is also the possibility of Avatar upload.
$iscamera = isset ($_get[' cam '])?  True:false; To judge is Avatar upload.
$isdoodle = isset ($_get[' doodle '))?  True:false; Judge whether the background is random.
$fileurl = '; The default assignment.
if (!empty ($_post[' uid ')) {//If the UID is passed, it means that the UID value is obtained when the Avatar is uploaded.
$_sglobal[' supe_uid '] = intval ($_post[' uid ')); Forced conversion.
if (Empty ($_sglobal[' Supe_uid ')) | | $_post[' HASH ']!= MD5 ($_sglobal[' Supe_uid '). Uc_key)) {/Since the UID value is passed, if the user does not login, and the hash code does not correspond, on the interruption.
Exit ();
}
} elseif (Empty ($_sglobal[' Supe_uid ')) {//otherwise, if not logged in, prohibit the use of the upload function.
ShowMessage (' To_login ', ' do.php?ac= '. $_sconfig[' login_action ']);
}

if ($op = = "Finish") {//At the end of the upload.
/* It will pass in the following get
Array (
' AC ' => ' swfupload ',
' Op ' => ' Finish ',
' albumID ' => ' 2 ',
)*/
$albumid = intval ($_get[' albumID ')); Gets the category ID.
$space = Getspace ($_sglobal[' supe_uid ')); Update User section Records, compare picture totals, capacity calculations.
if (ckprivacy (' upload ', 1)) {//Judge if a push has been written.
Include_once (s_root. ") /source/function_feed.php ');
Feed_publish ($albumid, ' albumid '); Otherwise, write it once more.
}
Forcibly interrupted.
Exit ();
} elseif ($op = = ' config ') {//swf uploaded configuration.
/* To pass through the crawl gain:
Array (
' AC ' => ' swfupload ',
' op ' => ' config ',
)
*/
$hash = MD5 ($_sglobal[' Supe_uid '). Uc_key); Generates a hash code.

if ($isupload &&!checkperm (' allowupload ')) {//is uploaded picture and has sufficient permissions. For configuration, $isupload is always false.
$hash = ';
} else {
$filearr = $dirstr = Array ();  Initializes an array. File array/and directory data.

if ($iscamera) {//Enter Avatar upload work.
/*
Depending on the crawl, get data is as follows:
Array (
' AC ' => ' swfupload ',
' op ' => ' config ',
' Cam ' => ' 1 ',
)
*/
$directory = Sreaddir (s_root. ') /image/foreground '); A catalogue with a large sticker background. Sreaddir reads the directory data inside.
foreach ($directory as $key => $value) {//each background is a separate directory, so loop it.
$dirstr = S_root. '.  /image/foreground/'. $value; Synthesize a new path.
if (Is_dir ($DIRSTR)) {//Determine if it is a directory.
$filearr = Sreaddir ($dirstr, array (' jpg ', ' jpeg ', ' gif ', ' png ')); Read the picture file inside the directory.
if (!empty ($filearr)) {//If the picture array is not empty.
if (Is_file ($dirstr. ') /categories.txt ')) {//if Categories.txt file exists.
$catfile = @file ($dirstr. '   /categories.txt '); Open this file.
$dirarr [$key][0] = Trim ($catfile [0]); Read the files inside. Of course, it is a meaningless method, the contents of which are the same as the directory name.
else {//If TXT file does not exist, get directory name.
$dirarr [$key][0] = Trim ($value); Accurate get the value, trim more use.
}
$dirarr [$key][1] = Trim (' image/foreground/'. $value. ')  /'); Set pointer 1 to the background directory for the current bulk sticker.
$dirarr [$key][2] = $filearr; Set pointer 2 to the picture in the background of the current bulk sticker.
}
}
}
ElseIf ($isdoodle) {//If the avatar is a random background, read the picture file in/image/doodle/big.
$filearr = Sreaddir (s_root. ') /image/doodle/big ', array (' jpg ', ' jpeg ', ' gif ', ' png '));
}
}
Then went to the picture upload configuration work.
$max = @ini_get (upload_max_filesize); Get php.ini maximum upload value.
$unit = Strtolower (substr ($max,-1, 1)); $max have KB at the end of the word, to intercept it and turn it into lowercase.

The following is a conversion for different computing units.
if ($unit = = ' k ') {
$max = Intval ($max) *1024; It looks like it's all turned into byt byte units. KB X 1024 = how many bytes.
} elseif ($unit = = ' m ') {
$max = Intval ($max) *1024*1024; MB x 1024 x 1024 = how many bytes.
} elseif ($unit = = ' G ') {
$max = Intval ($max) *1024*1024*1024; GB x 1024 x 1024 x 1024 = how many bytes.
}
Gets the array of categories that the user has created.
$albums = getalbums ($_sglobal[' supe_uid '));

} elseif ($op = = "Screen" | | | $op = = "Doodle") {//screen does not understand when to come out | | Random large sticker background, because there is no camera, this inside skip.

if (Empty ($GLOBALS [' Http_raw_post_data '])) {
$GLOBALS [' http_raw_post_data '] = file_get_contents ("Php://input");
}
$status = "Failure";
$dosave = true;

if ($op = = "Doodle") {
$query = $_sglobal[' db ']->query (' SELECT * from '. Tname (' Usermagic '). " WHERE uid = ' $_sglobal[supe_uid] ' and mid = ' doodle ');
$value = $_sglobal[' db ']->fetch_array ($query);
if (Empty ($value) | | | $value [' count '] < 1) {//&ucirc;Ϳѻ
$uploadfiles =-8;
$dosave = false;
}
}

if ($dosave &&!empty ($GLOBALS [' Http_raw_post_data '])) {
$_server[' http_albumid '] = addslashes (Siconv (UrlDecode ($_server[' Http_albumid ')), $_sc[' CharSet '], "UTF-8"));
$from = false;
if ($op = = ' Screen ') {
$from = ' camera ';
} elseif ($_get[' from '] = = ' album ') {
$from = ' uploadimage ';
}
$_sconfig[' allowwatermark '] = 0;
$uploadfiles = Stream_save ($GLOBALS [' Http_raw_post_data '], $_server[' http_albumid '], ' jpg ', ', ', ', ', 0, $from);
}

$uploadResponse = true;
$picid = $proid = $albumid = 0;
if ($uploadfiles && Is_array ($uploadfiles)) {
$status = "Success";
$albumid = $uploadfiles [' albumID '];
$picid = $uploadfiles [' Picid '];
if ($op = = "Doodle") {
$fileurl = Pic_get ($uploadfiles [' filepath '], $uploadfiles [' thumb '], $uploadfiles [' remote '], 0);
Include_once (s_root. ") /source/function_magic.php ');
Magic_use (' Doodle ', Array (), 1);
}
} else {
Switch ($uploadfiles) {
Case-1:
$uploadfiles = Cplang (' Inadequate_capacity_space ');
Break
Case-2:
$uploadfiles = Cplang (' only_allows_upload_file_types ');
Break
Case-4:
$uploadfiles = Cplang (' ftp_upload_file_size ');
Break
Case-8:
$uploadfiles = Cplang (' Has_not_more_doodle ');
Break
Default
$uploadfiles = Cplang (' mobile_picture_temporary_failure ');
Break
}
}

ElseIf ($_files && $_post) {//Picture upload,
/* According to the crawl, the POST get data value is:
POST = Array (
' Filename ' => ' mjp45+r3001.jpg ',
' Proid ' => ' 1 ',
' albumID ' => ' 2 ',
' UID ' => ' 1 ',
' title ' => ' mjp45+r3001 ',
' Hash ' => ' 11ed07fe235ca5b9e509043e85419785 ',
' Upload ' => ' Submit Query ',
)

Get = Array (
' AC ' => ' swfupload ',
)

*/
if ($_files["Filedata"] [' ERROR ']) {//If there is an upload error
$uploadfiles = Cplang (' File_is_too_big '); The prompt file is too large.
} else {
There are also escapes, given the coding and case problems. Gets the file name of the upload.
$_files["Filedata" [' name '] = addslashes (Siconv (UrlDecode ($_files["Filedata"] [' name ']), $_sc[' CharSet '], "UTF-8") ;
There are also escapes, given the coding and case problems. Gets the upload category ID.
$_post[' albumid '] = addslashes (Siconv (UrlDecode ($_post[' albumID ')), $_sc[' CharSet '], "UTF-8"));
There are also escapes, given the coding and case problems. Get the upload file after a detailed path.
$uploadfiles = Pic_save ($_files["Filedata"], $_post[' albumID ', Addslashes (Siconv (urldecode ' title '), $_post[ ' CharSet '], "UTF-8"));
}

According to my analysis, the following content in the picture upload is useless, do not know whether the Avatar upload will be used.
$proid = $_post[' proid '];
$uploadResponse = true;
$albumid = 0;
Judge the upload file, and upload the file array.
if ($uploadfiles && Is_array ($uploadfiles)) {
$status = "Success"; Upload Complete
$albumid = $uploadfiles [' albumID ']; The category ID of the upload
} else {
$status = "Failure"; This is the upload failed.
}

I added it myself, and I'm guessing uchome will appreciate it too.
Exit ();
}
Time
$newalbumname = sgmdate (' Ymd ');

Introducing Templates
Include template ("Do_swfupload");

Output XML, SWF configuration required.
$outxml = "<?xml version=" 1.0 "encoding=" UTF-8 ">n";
$outxml. = Siconv (Ob_get_contents (), ' UTF-8 ');
Obclean ();
@header ("Expires:-1");
@header ("Cache-control:no-store, Private, post-check=0, Pre-check=0, max-age=0", FALSE);
@header ("Pragma:no-cache");
@header ("Content-type:application/xml; Charset=utf-8 ");
Echo $outxml;

What does the configuration file specifically export? Please visit this web site.
Http://u.discuz.net/home/do.php?ac=swfupload&op=config
?>