$squashweb->set_root($basedir);
-if (@$_GET['f'] || @$_GET['d'] || @$_GET['show_all']==true || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
+if (@$_GET['f'] || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
$getdeepfiles=true;
$populate=false;
} else {
}
if (@$_GET['f']) {
- $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".$_GET['f']."'";
+ $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".mysql_escape_string($_GET['f'])."'";
$f_r = mysql_query($f_q);
$f_o = mysql_fetch_object($f_r);
//log downloads
- @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".$_GET['f']."','{$f_o->file}','download','".$_SESSION['creds']['user_id']."','".$_SESSION['creds']['user_name']."','".$_SERVER['REMOTE_ADDR']."',NOW())");
+ @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($_GET['f'])."','".mysql_escape_string($f_o->file)."','download','".mysql_escape_string($_SESSION['creds']['user_id'])."','".mysql_escape_string($_SESSION['creds']['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())");
$_hpath_arr=explode("/", $f_o->file);
$file=array_pop($_hpath_arr); //Remove filename
//get the config of requested file
$request = $squashweb->get_config($_GET['f']);
- //------------------------------------
- //-check-file-and-request-type--start-
- //------------------------------------
- if (strpos($request['mime'],'ideo') && isset($_GET['d'])) { //embed video
- $squashweb->embed_video($_GET['f']);
- }
- elseif (strpos($request['mime'],'ideo') && isset($_GET['x'])) { //show stream playlist
- $squashweb->create_playlist($_GET['f'],$_GET['x'],$request[2]);
- }
- else { //show requested file
- # header('Cache-control: private');
- header('Content-Disposition: attachment; filename="'.$request[2].'"');
- header("Content-Type: ".$request['mime']);
- if ($request[3])header('Content-Length: '.$request[3]);
- #@ob_flush();
- @flush();
- $squashweb->print_files($request['path'], $request[2]);
- }
- //---------------------------------
- //-check-file-and-request-type-end-
- //---------------------------------
+ //show requested file
+ #header('Cache-control: private');
+ header('Content-Disposition: attachment; filename="'.$request[2].'"');
+ header("Content-Type: ".$request['mime']);
+ if ($request[3])
+ header('Content-Length: '.$request[3]);
+ #@ob_flush();
+ @flush();
+ $squashweb->print_files($request['path'], $request[2]);
} elseif (@$_GET['tools']=="hide" && @$_GET['h']) {
if ($_SESSION['creds']['user_level'] > 99) {
}
} elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) {
- require_once("smarty/Smarty.class.php");
+ require_once(SQUASHER_SMARTY);
$smarty = new Smarty;
$squashweb->remove_users($_POST['u']);
if ($type=="new")
$squashweb->insert_users($_POST['u'], $_SESSION['creds']['user_level']);
- require_once("smarty/Smarty.class.php");
+ require_once(SQUASHER_SMARTY);
$smarty = new Smarty;
$logtype=@$_GET['logtype'];
if (!$logtype)
$logtype = 'all';
- require_once("smarty/Smarty.class.php");
+ require_once(SQUASHER_SMARTY);
$smarty = new Smarty;
} else {
//show overview
- require_once("smarty/Smarty.class.php");
+ require_once(SQUASHER_SMARTY);
$smarty = new Smarty;
$smarty->assign('subfolders', $subs);
//if(@$_GET[debug]) print_r($configs);
- if (!@$_GET['newtpl'])
- $smarty->display('index.tpl'); //Display normal template
- else
- $smarty->display('wip_massdelete.tpl'); //Display Work In Progress template
+ $smarty->display('index.tpl'); //Display normal template
}
// vim: syntax=php ts=4 sw=4 sts=4 sr noet
projects / squasher.git / blobdiff