<?php
 session_start(); ini_set('upload_max_filesize', '20M'); ini_set('post_max_size', '20M'); class UploadFile{ private $blacklist = array(".phtml", ".php", ".php3", ".php4", ".php5", ".php6", ".phps", ".cgi", ".exe", ".pl", ".asp", ".aspx", ".shtml", ".shtm", ".fcgi", ".fpl", ".jsp", ".htm", ".html"); private $upload_dir = '../uploadfile/'; private $file_name; private $new_name; private $file_size; public function __construct() { if(!empty($_FILES['upload_file']['name'])){ if($_FILES['upload_file']['error'] > 0){ die('Ошибка при загрузке файла'); }else{ $error = false; foreach($this->blacklist as $item){ if(preg_match("/$item\$/i",$_FILES['upload_file']['name'])) $error = true; } if($error) die('Нельза загружать файлы с таким расширением!'); if(!$this->saveFile($_FILES['upload_file'])){ die('Не удалось переместить файл'); }else{ include 'mysql.php'; $this->addDB(); } } } } public function saveFile($file) { $tmp_file_name = $file["tmp_name"]; $this->new_name = time(); $this->file_name = htmlspecialchars($file['name']); $this->file_size = $file['size']; if(is_dir($this->upload_dir)){ $this->upload_dir = '../uploadfile/'; }else{ $this->upload_dir = '../consultant/uploadfile/'; } if(move_uploaded_file($tmp_file_name, $this->upload_dir."/".$this->new_name)){ return true; }else{ return false; } } public function addDB() { $mysql = Mysql::getInstance(); $this->file_name = $mysql->quote($this->file_name); $write_date = time(); $sql = "INSERT INTO ok_files VALUES(NULL, {$this->file_name}, '{$this->new_name}', '{$this->file_size}', $write_date)"; $mysql->exec($sql); $file_id = $mysql->lastInsertId(); $this->inMessage($file_id); } public function inMessage($file_id) { $mysql = Mysql::getInstance(); if(isset($_SESSION['who']) AND $_SESSION['who'] == "operator"){ $load_file = '<p>Консультант отправил вам файл. <a href="http://eficenter.ru/consultant/class/download_file.php?file_id='.$file_id.'">Скачать файл</a></p>'; if(isset($_POST['id_user'])){ $id_user = intval($_POST['id_user']); $operator_id = $_SESSION['operator_id']; $wr_date = time(); } $sql = "INSERT INTO ok_messages(id_user, is_for, wr_date, messages, is_from) VALUES({$id_user}, {$operator_id}, '{$wr_date}', '{$load_file}', '2')"; $mysql->exec($sql); $sql = "UPDATE ok_users_chat SET new_message_operator = new_message_operator + 1 WHERE id_user = {$id_user}"; $mysql->exec($sql); }else{ $load_file = '<p>Клиент отправил вам файл. <a href="http://eficenter.ru/consultant/class/download_file.php?file_id='.$file_id.'">Скачать файл</a></p>'; if(isset($_SESSION['ok_user_id'])){ $id_user = intval($_SESSION['ok_user_id']); $operator_id = $_SESSION['ok_conn_operator']; $wr_date = time(); } $sql = "INSERT INTO ok_messages(id_user, is_for, wr_date, messages, is_from) VALUES({$id_user}, {$operator_id}, '{$wr_date}', '{$load_file}', '1')"; $mysql->exec($sql); $sql = "UPDATE ok_users_chat SET new_message_user = new_message_user + 1 WHERE id_user = {$id_user}"; $mysql->exec($sql); } } } if(isset($_SESSION['ok_user_id']) OR $_SESSION['who'] == "operator"){ $obj = new UploadFile(); }else{ die('Error! Нет прав'); } ?>