Ok Im over having to rename everything in my computer because a song in the hard drive is listed as 1 train Well it sees the space and it wont upload it no member will understand that or if its in deep in the computer like c:/mydocuments/mymusic/group/albumname/song its in way to deep for my site to let it upload or if you add a song with a word with a ' in it. I think my script thinks its trying to be mysql injected so it rejects it how can i fix this ? Heres My upload.php code HELP lol
Name of song F:\08 Feel It.mp3 and error was Sorry,uploading files in this format is not allowed.Please Ensure Your file names follow this format.
1.Entire file cannot exceed 60 charactoers
2.format should be filename.extension or filename
3.legal charactoers are 1-9,a-z,A-Z,'_','-'
Which is rediculous to rename everything no member will do this,so how can i fix it and make it easier to upload ?
ERROR: Can't open $paramFileName");
while(!feof($fh)){
$buffer = fgets($fh, 4096);
list($key, $value) = explode('=', trim($buffer));
$value = str_replace("~EQLS~", "=", $value);
$value = str_replace("~NWLN~", "\r\n", $value);
if(isset($key) && isset($value) && strlen($key) > 0 && strlen($value) > 0){
if(preg_match('/(.*)\[(.*)\]/i', $key, $match)){ $param_array[$match[1]][$match[2]] = $value; }
else{ $param_array[$key] = $value; }
}
}
fclose($fh);
if(isset($param_array['delete_param_file']) && $param_array['delete_param_file'] == 1){
for($i = 0; $i < 5; $i++){
if(unlink($paramFileName)){ break; }
else{ sleep(1); }
}
}
return $param_array;
}
STemplate::assign('tmp_sid', $tmp_sid);
STemplate::assign('disallow_extensions', $disallow_extensions);
STemplate::assign('allow_extensions', $allow_extensions);
STemplate::assign('path_to_ini_status_script', $path_to_ini_status_script);
STemplate::assign('check_file_name_format', $check_file_name_format);
STemplate::assign('check_disallow_extensions', $check_disallow_extensions);
STemplate::assign('check_allow_extensions', $check_allow_extensions);
STemplate::assign('check_null_file_count', $check_null_file_count);
STemplate::assign('check_duplicate_file_count', $check_duplicate_file_count);
STemplate::assign('max_upload_slots', $max_upload_slots);
STemplate::assign('progress_bar_width', $progress_bar_width);
STemplate::assign('path_to_upload_script', $path_to_upload_script);
STemplate::assign('multi_upload_slots', $multi_upload_slots);
if($_REQUEST[action_upload]!="")
{
if(strlen($_REQUEST[field_myvideo_title]) < 3)
$err = "Upload: Please provide a video title with minimum 3 characters.";
elseif(preg_match("/[^a-zA-Z0-9 öüäÖÜÄ!?\_\-\.]/", $_REQUEST[field_myvideo_title]))
$err = "Upload: Unallowed characters in video title.";
elseif(strlen($_REQUEST[field_myvideo_descr]) < 3)
$err = "Upload: Please provide a description with min of 3 characters.";
elseif(preg_match("/[^a-zA-Z0-9 öüäÖÜÄ\!\?\_\-\.]/", $_REQUEST[field_myvideo_descr]))
$err = "Upload: Unallowed characters in description.";
elseif(strlen($_REQUEST[field_myvideo_keywords]) < 1)
$err = "Upload: Please provide tag(s).";
elseif(preg_match("/[^a-zA-Z0-9 öüäÖÜÄ\-]/", $_REQUEST[field_myvideo_keywords]))
$err = "Upload: Tags should be seperated only by spaces";
elseif(count($_REQUEST[chlist])<1 || count($_REQUEST[chlist])>3)
$err="Upload: Please check (1 to 3) channel(s).";
if($err==""){
$page = "second";
STemplate::assign('secondpage',"second");
$listch=implode("|",$_REQUEST[chlist]);
STemplate::assign('listch',$listch);
$var = "";
STemplate::assign("var", $var);
}
}
if(isset($_GET['rnd_id']))
{
STemplate::assign('upload_page', 'upload');
$temp_dir = $_REQUEST['temp_dir'];
$_POST_DATA = getPostData($temp_dir, $_REQUEST['tmp_sid']);
$upload_dir = $_POST_DATA['upload_dir'];
$upload_file = $_POST_DATA['upfile_0'];
$upload_file_path = $upload_dir . $upload_file;
if(!is_file($upload_file_path) || filesize($upload_file_path) < 0)
{
$err = 'Failed to upload selected file!';
}
$upload_file_size = filesize($uploaded_file_path);
if($err == "")
{
$pos = strrpos($upload_file,".");
$ph = strtolower(substr($upload_file,$pos+1,strlen($upload_file)-$pos));
$space = round($upload_file_size/(1024*1024));
if($config['enable_package']=="yes")
{
check_subscriber($space);
}
//this should never happen
if(($ph!="3gp" && $ph!="mp4" && $ph!="mov" && $ph!="asf" && $ph!="flv" && $ph!="mpg" && $ph!="avi" && $ph!="mpeg" && $ph!="wmv" && $ph!="rm" && $ph!="dat") || $space>$config[max_video_size])
$err = 'Invalid video format or invalid video size!';
}
if($err == "")
{
if($config['enable_video']=="no")
{
$appr = 'yes';
}
elseif($config['enable_video']=="yes")
{
$appr = 'no';
}
$sql="insert into video set
UID=$_SESSION[UID],
title='$_POST_DATA[field_myvideo_title]',
description='$_POST_DATA[field_myvideo_descr]',
keyword='$_POST_DATA[field_myvideo_keywords]',
channel='0|$_POST_DATA[listch]|0',
space = '$space',
addtime='".time()."',
adddate='".date("Y-m-d")."',
vkey='".mt_rand()."',
type='$_POST_DATA[field_privacy]',
filehome='$_POST_DATA[p]',
approve='$appr'";
$conn->execute($sql);
$vid=mysql_insert_id();
$vdoname=$vid.".".$ph;
$ff = $config['vdodir'].'/'.$vdoname;
//rename uploaded file
if(rename($upload_file_path,$ff))
{
exec("$config[mencoder] $config[vdodir]/$vdoname -o $config[flvdodir]/".$vid.".flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=9600:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -ofps 12 -srate 22050");
//exec("$config[mencoder] $config[vdodir]/$vdoname -o $config[flvdodir]/".$vid.".flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=9600:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -lavfopts i_certify_that_my_video_stream_does_not_use_b_frames -srate 22050");
video_to_frame($ff, $vid);
exec("/usr/bin/flvtool2 -UP ". $config[flvdodir]."/".$vid.".flv");
//get duration
exec("$config[mplayer] -vo null -ao null -frames 0 -identify $config[vdodir]/$vdoname", $p);
while(list($k,$v)=each($p))
{
if($length=strstr($v,'ID_LENGTH='))
break;
}
$lx = explode("=",$length);
$duration = $lx[1];
} else {
$err = 'Failed to rename uploaded file!';
}
}
if($err == "")
{
$key=substr(md5($vid),11,20);
//send_subscribed_mail($_SESSION[UID],'$key',$_SESSION[EMAIL]);
$sql="update video set
vdoname='$vdoname',
flvdoname='".$vid.".flv',
duration='$duration',
vkey='$key' WHERE VID=$vid";
$conn->execute($sql);
if($config['enable_package']=="yes")
{
$sql = "update subscriber set used_space=used_space+$space, used_bw=used_bw+$space, total_video=total_video+1 where UID=$_SESSION[UID]";
$conn->execute($sql);
}
header("Location:$config[baseurl]/upload_success.php?viewkey=$key&upload=yes");
}
}
if($_POST[embed_final]!="")
{
if($_REQUEST[field_embed_code]=="") $err="Please provide the embed code.";
if($_FILES['field_uploadthumb']['tmp_name']=="") $err="Please provide the thumbnail image.";
if($err=="" && $_FILES['field_uploadthumb']['tmp_name']!="")
{
$p=$_FILES['field_uploadthumb']['name'];
$pos=strrpos($p,".");
$ph=strtolower(substr($p,$pos+1,strlen($p)-$pos));
/* Space in Megabytes (MB) */
$space = round($_FILES['field_uploadfile']['size']/(1024*1024));
if($config['enable_package']=="yes")
{
check_subscriber($space);
}
if(($ph!="jpg") || $space>$config[max_video_size])
$err="Invalid Image Format.";
}
if($err=="")
{
if($config['enable_video']=="no")
{
$appr = 'yes';
}
elseif($config['enable_video']=="yes")
{
$appr = 'no';
}
$sql="insert into video set
UID=$_SESSION[UID],
title='$_REQUEST[field_myvideo_title]',
description='$_REQUEST[field_myvideo_descr]',
keyword='$_REQUEST[field_myvideo_keywords]',
channel='0|$_REQUEST[listch]|0',
space = '$space',
filetype = 'E',
embed_code = '$_REQUEST[field_embed_code]',
embed = '',
approve='$appr',
addtime='".time()."',
adddate='".date("Y-m-d")."',
vkey='".mt_rand()."',
type='$_REQUEST[field_privacy]',
filehome='$_REQUEST[p]'";
$conn->execute($sql);
$vid=mysql_insert_id();
$vdoname=$vid.".".$ph;
if(isset($_FILES['field_uploadthumb']['tmp_name']) && is_uploaded_file($_FILES['field_uploadthumb']['tmp_name']))
{
$ff = $config[tmbdir]."/1_".$vdoname;
move_uploaded_file($_FILES['field_uploadthumb']['tmp_name'], $ff);
$file = $config[tmbdir]."/1_".$vdoname;
$newfile = $config[tmbdir]."/2_".$vdoname;
$newfile2 = $config[tmbdir]."/3_".$vdoname;
copy($file, $newfile);
copy($file, $newfile2);
}
//END
$key=substr(md5($vid),11,20);
send_subscribed_mail($_SESSION[UID],'$key',$_SESSION[EMAIL]);
$sql="update video set
vdoname='',
flvdoname='',
duration='0',
vkey='$key' WHERE VID=$vid";
$conn->execute($sql);
if($config['enable_package']=="yes")
{
$sql = "update subscriber set used_space=used_space+$space, used_bw=used_bw+$space, total_video=total_video+1 where UID=$_SESSION[UID]";
$conn->execute($sql);
}
header("Location:$config[baseurl]/upload_success.php?viewkey=$key&upload=yes");
}
}
STemplate::assign('err',$err);
STemplate::assign('msg',$msg);
STemplate::assign('upload_page', 'upload');
STemplate::assign('menu_active', 'upload');
STemplate::assign('head_bottom',"blank.tpl");
STemplate::display('head1.tpl');
STemplate::display('err_msg.tpl');
if ($_REQUEST[action] == "select")
{
STemplate::display('uploadselect.tpl');
}
else
{
STemplate::display('upload.tpl');
}
STemplate::display('footer.tpl');
?>
|