php upload a 600 chmod - Forum PHP.pl

php upload a 600 chmod

byczek Zobacz profil	20.09.2005, 15:49:55 Post #1
Grupa: Zarejestrowani Postów: 58 Pomógł: 0 Dołączył: 23.02.2004 Ostrzeżenie: (0%)	Witam mam problem z skryptem uploadu a mianowicie zapisuje mi pliki z chmod 600 czy da sie to jakos zmienic? ponirzej jest kod pliku jesli ktos wie moze mogłby mi go poprawic:) [PHP] pobierz, plaintext <? require_once("include/benc.php"); require_once("include/bittorrent.php"); require "rconpasswords.php"; hit_start(); ini_set("upload_max_filesize",$max_torrent_size); function bark($msg) { genbark($msg, "Upload failed!"); } dbconn(); hit_count(); loggedinorreturn(); /* if (get_user_class() < UC_UPLOADER) die; / foreach(explode(":","descr:type:name") as $v) { if (!isset($_POST[$v])) bark("missing form data"); } if (!isset($_FILES["file"])) bark("missing form data"); $f = $_FILES["file"]; $fname = unesc($f["name"]); if (empty($fname)) bark("Empty filename!"); / $nfofile = $_FILES['nfo']; if ($nfofile['name'] == '') bark("No NFO!"); if ($nfofile['size'] == 0) bark("0-byte NFO"); if ($nfofile['size'] > 65535) bark("NFO is too big! Max 65,535 bytes."); $nfofilename = $nfofile['tmp_name']; if (@!is_uploaded_file($nfofilename)) bark("NFO upload failed"); / $descr = unesc($_POST["descr"]); if (!$descr) bark("You must enter a description!"); $catid = (0 + $_POST["type"]); if (!is_valid_id($catid)) bark("You must select a category to put the torrent in!"); if (!validfilename($fname)) bark("Invalid filename!"); if (!preg_match('/^(.+).torrent$/si', $fname, $matches)) bark("Invalid filename (not a .torrent)."); $shortfname = $torrent = $matches[1]; if (!empty($_POST["name"])) $torrent = unesc($_POST["name"]); $tmpname = $f["tmp_name"]; if (!is_uploaded_file($tmpname)) bark("eek"); if (!filesize($tmpname)) bark("Empty file!"); $dict = bdec_file($tmpname, $max_torrent_size); if (!isset($dict)) bark("What the hell did you upload? This is not a bencoded file!"); function dict_check($d, $s) { if ($d["type"] != "dictionary") bark("not a dictionary"); $a = explode(":", $s); $dd = $d["value"]; $ret = array(); foreach ($a as $k) { unset($t); if (preg_match('/^(.)((.))$/', $k, $m)) { $k = $m[1]; $t = $m[2]; } if (!isset($dd[$k])) bark("dictionary is missing key(s)"); if (isset($t)) { if ($dd[$k]["type"] != $t) bark("invalid entry in dictionary"); $ret[] = $dd[$k]["value"]; } else $ret[] = $dd[$k]; } return $ret; } function dict_get($d, $k, $t) { if ($d["type"] != "dictionary") bark("not a dictionary"); $dd = $d["value"]; if (!isset($dd[$k])) return; $v = $dd[$k]; if ($v["type"] != $t) bark("invalid dictionary entry type"); return $v["value"]; } list($ann, $info) = dict_check($dict, "announce(string):info"); list($dname, $plen, $pieces) = dict_check($info, "name(string):piece length(integer):pieces(string)"); / if (!in_array($ann, $announce_urls, 1)) bark("Sory ale połykam tylko torrenty na moim trackerze przezucac z innych stron niestety nie mozna :( <b>" . $announce_urls[0] . "</b>"); / if (strlen($pieces) % 20 != 0) bark("invalid pieces"); $filelist = array(); $totallen = dict_get($info, "length", "integer"); if (isset($totallen)) { $filelist[] = array($dname, $totallen); $type = "single"; } else { $flist = dict_get($info, "files", "list"); if (!isset($flist)) bark("missing both length and files"); if (!count($flist)) bark("no files"); $totallen = 0; foreach ($flist as $fn) { list($ll, $ff) = dict_check($fn, "length(integer):path(list)"); $totallen += $ll; $ffa = array(); foreach ($ff as $ffe) { if ($ffe["type"] != "string") bark("filename error"); $ffa[] = $ffe["value"]; } if (!count($ffa)) bark("filename error"); $ffe = implode("/", $ffa); $filelist[] = array($ffe, $ll); } $type = "multi"; } $infohash = pack("H", sha1($info["string"])); // Replace punctuation characters with spaces $torrent = str_replace("_", " ", $torrent); $html = $_POST["html"]; $nfofile = $_FILES['nfo']; if ($nfofile['size'] > 65535) bark("NFO is too big! Max 65,535 bytes."); $nfofilename = $nfofile['tmp_name']; if (@is_uploaded_file($nfofilename) && @filesize($nfofilename) > 0) $nfo = sqlesc(str_replace("x0dx0dx0a", "x0dx0a", file_get_contents($nfofilename))); else $nfo = "''"; $img=$_FILES['img']['name']; $ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, info_hash, name, size, numfiles, typ e, descr, ori_descr, category, save_as, added, last_action, nfo, image) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $CURUSER["id"], "no", $infohash, $torrent, $totallen, count($filelist), $type, parsedescr($descr, $html), $descr, 0 + $_POST["type"], $dname))) . ", '" . get_date_time() . "', '" . get_date_time() . "', $nfo, '$img' )"); if (!$ret) { if (mysql_errno() == 1062) bark("torrent already uploaded!"); bark("mysql puked: ".mysql_error()); } $id = mysql_insert_id(); @mysql_query("DELETE FROM files WHERE torrent = $id"); foreach ($filelist as $file) { @mysql_query("INSERT INTO files (torrent, filename, size) VALUES ($id, ".sqlesc($file[0]).",".$file[1].")"); } move_uploaded_file($tmpname, "$torrent_dir/$id.torrent"); $img=$_FILES['img']['name']; $imgtmp=$_FILES['img']['tmp_name']; move_uploaded_file($imgtmp,"images/$img"); write_log("Torrent $id ($torrent) was uploaded by " . $CURUSER["username"]); /* Game server notif / $f = fsockopen("udp://62.212.84.221", 28960); socket_set_timeout($f, 1); fwrite($f, "xFFxFFxFFxFFrcon $rconpassword say Torrent uploaded: $torrentn"); fread($f, 8192); fclose($f); / RSS feeds / if (($fd1 = @fopen("rss.xml", "w")) && ($fd2 = fopen("rssdd.xml", "w"))) { $cats = ""; $res = mysql_query("SELECT id, name FROM categories"); while ($arr = mysql_fetch_assoc($res)) $cats[$arr["id"]] = $arr["name"]; $s = "<?xml version="1.0" encoding="iso-8859-1" ?>n<rss version="0.91">n<channel>n" . "<title>TorrentBits</title>n<description>0-week torrents</description>n<link>$DEFAULTBASEURL/</link>n"; @fwrite($fd1, $s); @fwrite($fd2, $s); $r = mysql_query("SELECT id,name,descr,filename,category FROM torrents ORDER BY added DESC LI MIT 15") or sqlerr(__FILE__, __LINE__); while ($a = mysql_fetch_assoc($r)) { $cat = $cats[$a["category"]]; $s = "<item>n<title>" . htmlspecialchars($a["name"] . " ($cat)") . "</title>n" . "<description>" . htmlspecialchars($a["descr"]) . "</description>n"; @fwrite($fd1, $s); @fwrite($fd2, $s); @fwrite($fd1, "<link>$DEFAULTBASEURL/details.php?id=$a[id]&hit=1</link>n</item>n"); $filename = htmlspecialchars($a["filename"]); @fwrite($fd2, "<link>$DEFAULTBASEURL/download/$a[id]/$filename</link>n</item>n"); } $s = "</channel>n</rss>n"; @fwrite($fd1, $s); @fwrite($fd2, $s); @fclose($fd1); @fclose($fd2); } / Email notifs / /**************** $res = mysql_query("SELECT name FROM categories WHERE id=$catid") or sqlerr(); $arr = mysql_fetch_assoc($res); $cat = $arr["name"]; $res = mysql_query("SELECT email FROM users WHERE enabled='yes' AND notifs LIKE '%[cat$catid]%'") or sqlerr(); $uploader = $CURUSER['username']; $size = mksize($totallen); $description = ($html ? strip_tags($descr) : $descr); $body = <<<EOD A new torrent has been uploaded. Name: $torrent Size: $size Category: $cat Uploaded by: $uploader Description ------------------------------------------------------------------------------- $description ------------------------------------------------------------------------------- You can use the URL below to download the torrent (you may have to login). $DEFAULTBASEURL/details.php?id=$id&hit=1 -- $SITENAME EOD; $to = ""; $nmax = 100; // Max recipients per message $nthis = 0; $ntotal = 0; $total = mysql_num_rows($res); while ($arr = mysql_fetch_row($res)) { if ($nthis == 0) $to = $arr[0]; else $to .= "," . $arr[0]; ++$nthis; ++$ntotal; if ($nthis == $nmax \|\| $ntotal == $total) { if (!mail("Multiple recipients <$SITEEMAIL>", "New torrent - $torrent", $body, "From: $SITEEMAILrnBcc: $to", "-f$SITEEMAIL")) stderr("Error", "Your torrent has been been uploaded. DO NOT RELOAD THE PAGE!n" . "There was however a problem delivering the e-mail notifcations.n" . "Please let an administrator know about this error!n"); $nthis = 0; } } *****************/ header("Location: $DEFAULTBASEURL/details.php?id=$id&uploaded=1"); hit_end(); ?> [PHP] pobierz, plaintext --- tiraeth

Kicok Zobacz profil	20.09.2005, 16:05:19 Post #2
Grupa: Zarejestrowani Postów: 1 033 Pomógł: 125 Dołączył: 17.09.2005 Skąd: Żywiec Ostrzeżenie: (0%)	chmod() na zuploadowanych plikach? -------------------- "Sumienie mam czyste, bo nieużywane."

byczek Zobacz profil	20.09.2005, 16:28:33 Post #3
Grupa: Zarejestrowani Postów: 58 Pomógł: 0 Dołączył: 23.02.2004 Ostrzeżenie: (0%)	Cytat(Kicok @ 2005-09-20 17:05:19) chmod() na zuploadowanych plikach? Tak

nospor Zobacz profil	21.09.2005, 08:22:46 Post #4
Grupa: Moderatorzy Postów: 36 557 Pomógł: 6315 Dołączył: 27.12.2004	http://forum.php.pl/index.php?showtopic=35434 - crossposting (Regulamin IV.2, podpunkt f) ) Zamykam. -------------------- *"Myśl, myśl, myśl..."* - Kubuś Puchatek \|\| *"Manual, manual, manual..."* - Kubuś Programista *"Szukaj, szukaj, szukaj..."* - Kubuś Odkrywca \|\| *"Debuguj, debuguj, debuguj..."* - Kubuś Developer

« Następny starszy · PHP · Następny nowszy »

1 Użytkowników czyta ten temat (1 Gości i 0 Anonimowych użytkowników)

0 Zarejestrowanych:

Tryb wyświetlania: Standardowy · Przełącz na: Linearny+ · Przełącz na: Drzewo

Śledź ten temat · Wyślij temat na e-mail · Wydrukuj ten temat · Subskrybuj to forum

Aktualny czas: 19.08.2025 - 17:59

Hosting zapewnia