php define __ROOT__ _SERVER DOCUMENT_ROOT require __ROOT__ script core

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
<?php
define("__ROOT__", $_SERVER["DOCUMENT_ROOT"]);
require __ROOT__ . "/script/core/core.php";
//if (!check()) die("{error: 'Error'}");
if (!isset($_REQUEST['method'])) die("[{error: 'NoMethod'}]");
if (!$user->authorized) die("[{error: 'NoUser'}]");
switch (strtolower($_REQUEST['method'])) {
case "fs.get":
$fs = $wybox->getFS();
echo $wybox->FsToJson($fs);
die();
break;
case "file.content":
if (!isset($_REQUEST["fid"])) die("[{error: 'NoFile'}]");
$q = $db->query("SELECT `id` FROM `files` WHERE `fid` = '" . (int) $_REQUEST["fid"] . "' AND `user` = '" . $user->id . "'");
if ($db->num_rows($q) == 0) die("[{error: 'WrongFile'}]");
$f = $db->fetch($q);
if (!file_exists(__ROOT__ . "/files/" . $f["id"] . ".dat")) die("[{error: 'DeletedFile'}]");
echo base64_encode(file_get_contents(__ROOT__ . "/files/" . $f["id"] . ".dat"));
break;
case "file.delete":
if (!isset($_REQUEST["fid"])) die("[{error: 'NoFile'}]");
$ids = explode(",", $_REQUEST["fid"]);
foreach ($ids as $v) {
$file = $wybox->getFileByFid((int) $v);
if (!$file) die("[{error: 'WrongFile'}]");
if ($file->in == 0) die("[{error: 'root'}]");
$wybox->deleteFileByFid((int) $v);
$q = $db->num_rows($db->query("SELECT `id` FROM `files` WHERE `md5` = '" . $file->md5 . "'"));
if ($q == 0 && $file->file != "folder") unlink(__ROOT__ . "/files/" . $file->id . ".dat");
}
die("[{success: 1}]");
break;
case "file.rename":
if (!isset($_REQUEST["fid"]) || !isset($_REQUEST["name"])) die("[{error: 'WrongArgs'}]");
$file = $wybox->getFileByFid((int) $_REQUEST["fid"]);
if (!$file) die("[{error: 'WrongFile'}]");
$newname = $_REQUEST["name"];
if (preg_match('@([\\\/\:\*\?\"\>\<\|])@sui', $newname)) die("[{error: 'WrongName'}]");
if (mb_strlen($newname, "UTF-8") > 32 || mb_strlen($newname, "UTF-8") < 2) die("[{error: 'WrongName'}]");
if (!preg_match('@\.(.+)$@sui', $newname)) die("[{error: 'WrongName'}]");
preg_match('@\.(.+)$@sui', $newname, $temp);
if ($file->file != "folder") $newras = $db->filter(end($temp));
if ($file->in == 0) die("[{error: 'root'}]");
$db->query("UPDATE `files` SET " . (isset($newras) ? "`file` = '$newras', " : "") . " `name` = '" . $db->filter($newname) . "' WHERE `id` = '" . $file->id . "'");
die("[{success: 1}]");
break;
case "file.copy":
if (!isset($_REQUEST["fid"]) || !isset($_REQUEST["in"]) || !isset($_REQUEST["globalId"])) die("[{error: 'WrongArgs'}]");
$globalId = (int) $_REQUEST["globalId"] + 1;
$wybox->globalId = $globalId;
$file = $wybox->getFileByFid((int) $_REQUEST["in"]);
if (!$file) die("[{error: 'WrongFolder'}]");
if ($file->file != "folder") die("[{error: 'WrongFolder'}]");
$ids = explode(",", $_REQUEST["fid"]);
$todelete = "";
foreach ($ids as $v) {
$id = (int) $v;
$file = $wybox->getFileByFid($id);
if (!$file) die("[{error: 'WrongFile'}]");
if ($file->file == "folder") $todelete .= $wybox->copyFolder($file->fid, (int) $_REQUEST["in"], $globalId);
else {
$newname = $file->name;
while ($wybox->checkName($newname, (int) $_REQUEST["in"])) {
$newname = "_" . $newname;
}
$db->query("INSERT INTO `files` (`user`, `added`, `edited`, `name`, `file`, `in`, `fid`) values ('" . $user->id . "', '" . time() . "', '" . time() . "', '" . $newname . "', '" . $file->file . "', '" . (int) $_REQUEST["in"] . "', '" . $globalId . "')");
$globalId++;
$todelete .= $file->fid . ",";
}
}
$todelete = array_filter(explode(",", $todelete));
if (isset($_REQUEST["move"])) {
foreach ($todelete as $v) {
$wybox->deleteFileByFid((int) $v);
}
}
die("[{success: 1}]");
break;
case "file.parents":
var_dump($wybox->getParents(97246));
break;
case "folder.new":
if (!isset($_REQUEST["in"]) || !isset($_REQUEST["name"]) || !isset($_REQUEST["fid"])) die("[{error: 'WrongArgs'}]");
$temp = $wybox->getFileByFid((int) $_REQUEST["fid"]);
if ($temp) die("[{error: 'WrongFid'}]");
$newname = $_REQUEST["name"];
if (preg_match('@([\\\/\:\*\?\"\>\<\|])@sui', $newname)) die("[{error: 'WrongName'}]");
if (mb_strlen($newname, "UTF-8") > 32 || mb_strlen($newname, "UTF-8") < 2) die("[{error: 'WrongName'}]");
$file = $wybox->getFileByFid((int) $_REQUEST["in"]);
if ($file->file != "folder") die("[{error: 'WrongFolder'}]");
$db->query("INSERT INTO `files` (`user`, `added`, `edited`, `name`, `file`, `in`, `fid`) values ('" . $user->id . "', '" . time() . "', '" . time() . "', '" . $db->filter($newname) . "', 'folder', '" . (int) $_REQUEST['in'] . "', '" . (int) $_REQUEST["fid"] . "')");
die("[{success: 1}]");
break;
default:
die("[{error: 'WrongMethod'}]");
}