Project

General

Profile

1 4 ryan
<?php
2 1400 FrankH
/**
3
 *
4
 * @category        admin
5 1476 Luisehahne
 * @package         media
6 1726 Luisehahne
 * @author          Ryan Djurovich,WebsiteBaker Project
7 1898 Luisehahne
 * @copyright       2009-2013, WebsiteBaker Org. e.V.
8
 * @link            http://www.websitebaker.org/
9 1400 FrankH
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id$
13 1898 Luisehahne
 * @filesource      $HeadURL$
14 1726 Luisehahne
 * @lastmodified    $Date$
15 1400 FrankH
 *
16
 */
17 4 ryan
18 1819 Luisehahne
if(!defined('WB_URL'))
19
{
20
    $config_file = realpath('../../config.php');
21
    if(file_exists($config_file) && !defined('WB_URL'))
22
    {
23
    	require($config_file);
24
    }
25
}
26
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
27 1041 Ruebenwurz
28 1819 Luisehahne
$modulePath = dirname(__FILE__);
29
30
//include_once('resize_img.php');
31
include_once($modulePath.'/parameters.php');
32
33 1457 Luisehahne
// suppress to print the header, so no new FTAN will be set
34
$admin = new admin('Media', 'media_upload', false);
35 4 ryan
36 1457 Luisehahne
if( !$admin->checkFTAN() )
37 1400 FrankH
{
38 1457 Luisehahne
	$admin->print_header();
39
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
40 1400 FrankH
}
41 1457 Luisehahne
// After check print the header
42
$admin->print_header();
43 1400 FrankH
44 1457 Luisehahne
// Target location
45
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
46
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : '';
47
48 4 ryan
// Include the WB functions file
49 1824 Luisehahne
if(!function_exists('directory_list')) { require(WB_PATH.'/framework/functions.php'); }
50 4 ryan
51 1476 Luisehahne
$directory = ($target == '/') ?  '' : $target;
52
$dirlink = 'index.php?dir='.$directory;
53
$rootlink = 'index.php?dir=';
54
55 4 ryan
// Check to see if target contains ../
56 1425 Luisehahne
if (!check_media_path($target, false))
57
{
58 1726 Luisehahne
	$admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH'] );
59 4 ryan
}
60
61
// Create relative path of the target location for the file
62
$relative = WB_PATH.$target.'/';
63 1102 ruud
$resizepath = str_replace(array('/',' '),'_',$target);
64 4 ryan
65
// Find out whether we should replace files or give an error
66 1475 Luisehahne
$overwrite = ($admin->get_post('overwrite') != '') ? true : false;
67 4 ryan
68 1819 Luisehahne
$file_extension_string = '';
69 61 stefan
// Get list of file types to which we're supposed to append 'txt'
70 1898 Luisehahne
$sql = 'SELECT `value` FROM  `'.TABLE_PREFIX. 'settings` '.
71
       'WHERE `name`=\'rename_files_on_upload\'';
72 1920 Luisehahne
if( ($file_extension_string = $database->get_one($sql))=='' ) {
73
//    $aResult = $oRes->fetchRow(MYSQL_ASSOC);
74
//    $file_extension_string = $aResult['value'];
75 1819 Luisehahne
76 61 stefan
}
77 1475 Luisehahne
78 61 stefan
$file_extensions=explode(",",$file_extension_string);
79 1460 Luisehahne
// get from settings and add to forbidden list
80 1476 Luisehahne
$forbidden_file_types  = preg_replace( '/\s*[,;\|#]\s*/','|',RENAME_FILES_ON_UPLOAD);
81 4 ryan
// Loop through the files
82
$good_uploads = 0;
83 1468 Luisehahne
$sum_dirs = 0;
84
$sum_files = 0;
85
86 1476 Luisehahne
for($count = 1; $count <= 10; $count++)
87
{
88 4 ryan
	// If file was upload to tmp
89 1476 Luisehahne
	if(isset($_FILES["file$count"]['name']))
90
	{
91 4 ryan
		// Remove bad characters
92 1460 Luisehahne
		$filename = trim(media_filename($_FILES["file$count"]['name']),'.') ;
93 4 ryan
		// Check if there is still a filename left
94 1460 Luisehahne
		// if($filename != '') {
95
		$info = pathinfo($filename);
96
		$ext = isset($info['extension']) ? $info['extension'] : '';
97
98 1484 Luisehahne
		if ( ($filename != '') && !preg_match("/" . $forbidden_file_types . "$/i", $ext) )
99 1476 Luisehahne
		{
100 4 ryan
			// Move to relative path (in media folder)
101 1460 Luisehahne
			if(file_exists($relative.$filename) AND $overwrite == true) {
102 4 ryan
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
103
					$good_uploads++;
104 1468 Luisehahne
					$sum_files++;
105 4 ryan
					// Chmod the uploaded file
106 1460 Luisehahne
					change_mode($relative.$filename);
107 4 ryan
				}
108
			} elseif(!file_exists($relative.$filename)) {
109
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
110
					$good_uploads++;
111 1468 Luisehahne
					$sum_files++;
112 4 ryan
					// Chmod the uploaded file
113
					change_mode($relative.$filename);
114
				}
115
			}
116 1460 Luisehahne
117 1819 Luisehahne
118 1041 Ruebenwurz
			if(file_exists($relative.$filename)) {
119 1819 Luisehahne
120
                $ImgWidth  = isset($pathsettings[$resizepath]['width'])  ? intval($pathsettings[$resizepath]['width'])  : null;
121
                $ImgHeigth = isset($pathsettings[$resizepath]['height']) ? intval($pathsettings[$resizepath]['height']) : null;
122
123
				if ($ImgWidth!=null || $ImgHeigth!=null ) {
124
                    if(!class_exists('PhpThumbFactory', false)){ include($modulePath.'/inc/ThumbLib.inc.php'); }
125
                	$oImage = PhpThumbFactory::create($relative.$filename);
126
                    $aOldSize = $oImage->getCurrentDimensions();
127
                    $ImgPercent = 50;
128
129
    				if ($ImgWidth!=null && $ImgHeigth==null ) {
130
                        $ImgPercent =  $ImgWidth*100/$aOldSize['width'];
131
                        $ImgHeigth = $ImgWidth;
132
                    } elseif( $ImgWidth==null && $ImgHeigth!=null ) {
133
                        $ImgPercent =  $ImgHeigth*100/$aOldSize['height'];
134
                        $ImgWidth = $ImgHeigth;
135
                    } else {
136
                        $ImgPercent = $ImgWidth*100/$aOldSize['width'];
137
                    }
138
                    $oImage->resize($ImgWidth,$ImgHeigth)->save($relative.$filename);
139
//                    $oImage->resizePercent($ImgPercent)->save($relative.$filename);
140
//                    $oImage->adaptiveResize($ImgWidth,$ImgHeigth)->save($relative.$filename);
141
//                    $oImage->save($relative.$filename);
142 1041 Ruebenwurz
				}
143 1819 Luisehahne
144 1041 Ruebenwurz
			}
145 1460 Luisehahne
146 1023 Ruebenwurz
			// store file name of first file for possible unzip action
147
			if ($count == 1) {
148
				$filename1 = $relative . $filename;
149
			}
150 4 ryan
		}
151
	}
152
}
153 1460 Luisehahne
/*
154
 * Callback function to skip files in black-list
155
 */
156
function pclzipCheckValidFile($p_event, &$p_header)
157
{
158 1476 Luisehahne
    //  return 1;
159
// Check for potentially malicious files
160
	$forbidden_file_types  = preg_replace( '/\s*[,;\|#]\s*/','|',RENAME_FILES_ON_UPLOAD);
161 1460 Luisehahne
	$info = pathinfo($p_header['filename']);
162 1468 Luisehahne
	$ext = isset($info['extension']) ? $info['extension'] : '';
163
	$dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.');
164 1460 Luisehahne
	if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) && $dots != '.' )
165
	{	// ----- allowed file types are extracted
166
	  return 1;
167
	}else
168
	{	// ----- all other files are skiped
169
	  return 0;
170
	}
171
}
172
/* ********************************* */
173 4 ryan
174 1023 Ruebenwurz
// If the user chose to unzip the first file, unzip into the current folder
175
if (isset($_POST['unzip']) && isset($filename1) && file_exists($filename1) ) {
176 1476 Luisehahne
	// Required to unzip file.
177
	require_once(WB_PATH.'/include/pclzip/pclzip.lib.php');
178 1023 Ruebenwurz
	$archive = new PclZip($filename1);
179 1460 Luisehahne
	$list = $archive->extract(PCLZIP_OPT_PATH, $relative,PCLZIP_CB_PRE_EXTRACT, 'pclzipCheckValidFile');
180
181 1023 Ruebenwurz
	if($list == 0) {
182
		// error while trying to extract the archive (most likely wrong format)
183
		$admin->print_error('UNABLE TO UNZIP FILE' . $archive -> errorInfo(true));
184
	}
185 1460 Luisehahne
	$sum_files = 0;
186 1407 FrankH
	// rename executable files!
187 1460 Luisehahne
	foreach ($list as $key => $val) {
188
	    if( ($val['folder'] ) && change_mode($val['filename']) ) {
189
		   $sum_dirs++;
190
		} elseif( is_writable($val['filename']) && ($val['status'] == 'ok') && change_mode($val['filename']) )  {
191
			$sum_files++;
192 1407 FrankH
		}
193
	}
194 1460 Luisehahne
	if (isset($_POST['delzip'])) { unlink($filename1); }
195 1601 Luisehahne
	$dir = dirname($filename1);
196
    if(file_exists($dir)) {
197
		$array = createFolderProtectFile($dir);
198
    }
199 1023 Ruebenwurz
}
200 1460 Luisehahne
unset($list);
201 1601 Luisehahne
202 1468 Luisehahne
if($sum_files == 1) {
203 1726 Luisehahne
	$admin->print_success($sum_files.' '.$MESSAGE['MEDIA_SINGLE_UPLOADED'] );
204 1476 Luisehahne
} elseif($sum_files > 1) {
205 1726 Luisehahne
	$admin->print_success($sum_files.' '.$MESSAGE['MEDIA_UPLOADED'] );
206 4 ryan
} else {
207 1726 Luisehahne
208
	if(file_exists($relative.$filename)) {
209
    	$admin->print_error($MESSAGE['MEDIA_FILE_EXISTS'] );
210
    } else {
211
    	$admin->print_error($MESSAGE['MEDIA_NO_FILE_UPLOADED'] );
212
    }
213 4 ryan
}
214
215 1468 Luisehahne
// Print admin
216 4 ryan
$admin->print_footer();