Project

General

Profile

1 4 ryan
<?php
2 1400 FrankH
/**
3
 *
4
 * @category        admin
5 1476 Luisehahne
 * @package         media
6 1726 Luisehahne
 * @author          Ryan Djurovich,WebsiteBaker Project
7 1898 Luisehahne
 * @copyright       2009-2013, WebsiteBaker Org. e.V.
8
 * @link            http://www.websitebaker.org/
9 1400 FrankH
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id$
13 1898 Luisehahne
 * @filesource      $HeadURL$
14 1726 Luisehahne
 * @lastmodified    $Date$
15 1400 FrankH
 *
16
 */
17 4 ryan
18 1819 Luisehahne
if(!defined('WB_URL'))
19
{
20
    $config_file = realpath('../../config.php');
21
    if(file_exists($config_file) && !defined('WB_URL'))
22
    {
23
    	require($config_file);
24
    }
25
}
26 2098 darkviper
//if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
27
$oTrans = Translate::getInstance();
28
$oTrans->enableAddon('admin\\media');
29 1041 Ruebenwurz
30 1819 Luisehahne
$modulePath = dirname(__FILE__);
31
32
//include_once('resize_img.php');
33
include_once($modulePath.'/parameters.php');
34
35 1457 Luisehahne
// suppress to print the header, so no new FTAN will be set
36
$admin = new admin('Media', 'media_upload', false);
37 4 ryan
38 1457 Luisehahne
if( !$admin->checkFTAN() )
39 1400 FrankH
{
40 1457 Luisehahne
	$admin->print_header();
41 2098 darkviper
	$admin->print_error($oTrans->MESSAGE_GENERIC_SECURITY_ACCESS );
42 1400 FrankH
}
43 1457 Luisehahne
// After check print the header
44
$admin->print_header();
45 1400 FrankH
46 1457 Luisehahne
// Target location
47
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
48
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : '';
49
50 4 ryan
// Include the WB functions file
51 1824 Luisehahne
if(!function_exists('directory_list')) { require(WB_PATH.'/framework/functions.php'); }
52 4 ryan
53 1476 Luisehahne
$directory = ($target == '/') ?  '' : $target;
54
$dirlink = 'index.php?dir='.$directory;
55
$rootlink = 'index.php?dir=';
56
57 4 ryan
// Check to see if target contains ../
58 1425 Luisehahne
if (!check_media_path($target, false))
59
{
60 2098 darkviper
	$admin->print_error($oTrans->MESSAGE_MEDIA_TARGET_DOT_DOT_SLASH );
61 4 ryan
}
62
63
// Create relative path of the target location for the file
64
$relative = WB_PATH.$target.'/';
65 1102 ruud
$resizepath = str_replace(array('/',' '),'_',$target);
66 4 ryan
67
// Find out whether we should replace files or give an error
68 1475 Luisehahne
$overwrite = ($admin->get_post('overwrite') != '') ? true : false;
69 4 ryan
70 1819 Luisehahne
$file_extension_string = '';
71 61 stefan
// Get list of file types to which we're supposed to append 'txt'
72 1898 Luisehahne
$sql = 'SELECT `value` FROM  `'.TABLE_PREFIX. 'settings` '.
73
       'WHERE `name`=\'rename_files_on_upload\'';
74 1920 Luisehahne
if( ($file_extension_string = $database->get_one($sql))=='' ) {
75
//    $aResult = $oRes->fetchRow(MYSQL_ASSOC);
76
//    $file_extension_string = $aResult['value'];
77 1819 Luisehahne
78 61 stefan
}
79 1475 Luisehahne
80 61 stefan
$file_extensions=explode(",",$file_extension_string);
81 1460 Luisehahne
// get from settings and add to forbidden list
82 1476 Luisehahne
$forbidden_file_types  = preg_replace( '/\s*[,;\|#]\s*/','|',RENAME_FILES_ON_UPLOAD);
83 4 ryan
// Loop through the files
84
$good_uploads = 0;
85 1468 Luisehahne
$sum_dirs = 0;
86
$sum_files = 0;
87
88 1476 Luisehahne
for($count = 1; $count <= 10; $count++)
89
{
90 4 ryan
	// If file was upload to tmp
91 1476 Luisehahne
	if(isset($_FILES["file$count"]['name']))
92
	{
93 4 ryan
		// Remove bad characters
94 1460 Luisehahne
		$filename = trim(media_filename($_FILES["file$count"]['name']),'.') ;
95 4 ryan
		// Check if there is still a filename left
96 1460 Luisehahne
		// if($filename != '') {
97
		$info = pathinfo($filename);
98
		$ext = isset($info['extension']) ? $info['extension'] : '';
99
100 1484 Luisehahne
		if ( ($filename != '') && !preg_match("/" . $forbidden_file_types . "$/i", $ext) )
101 1476 Luisehahne
		{
102 4 ryan
			// Move to relative path (in media folder)
103 1460 Luisehahne
			if(file_exists($relative.$filename) AND $overwrite == true) {
104 4 ryan
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
105
					$good_uploads++;
106 1468 Luisehahne
					$sum_files++;
107 4 ryan
					// Chmod the uploaded file
108 1460 Luisehahne
					change_mode($relative.$filename);
109 4 ryan
				}
110
			} elseif(!file_exists($relative.$filename)) {
111
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
112
					$good_uploads++;
113 1468 Luisehahne
					$sum_files++;
114 4 ryan
					// Chmod the uploaded file
115
					change_mode($relative.$filename);
116
				}
117
			}
118 1460 Luisehahne
119 1819 Luisehahne
120 1041 Ruebenwurz
			if(file_exists($relative.$filename)) {
121 1819 Luisehahne
122
                $ImgWidth  = isset($pathsettings[$resizepath]['width'])  ? intval($pathsettings[$resizepath]['width'])  : null;
123
                $ImgHeigth = isset($pathsettings[$resizepath]['height']) ? intval($pathsettings[$resizepath]['height']) : null;
124
125
				if ($ImgWidth!=null || $ImgHeigth!=null ) {
126
                    if(!class_exists('PhpThumbFactory', false)){ include($modulePath.'/inc/ThumbLib.inc.php'); }
127
                	$oImage = PhpThumbFactory::create($relative.$filename);
128
                    $aOldSize = $oImage->getCurrentDimensions();
129
                    $ImgPercent = 50;
130
131
    				if ($ImgWidth!=null && $ImgHeigth==null ) {
132
                        $ImgPercent =  $ImgWidth*100/$aOldSize['width'];
133
                        $ImgHeigth = $ImgWidth;
134
                    } elseif( $ImgWidth==null && $ImgHeigth!=null ) {
135
                        $ImgPercent =  $ImgHeigth*100/$aOldSize['height'];
136
                        $ImgWidth = $ImgHeigth;
137
                    } else {
138
                        $ImgPercent = $ImgWidth*100/$aOldSize['width'];
139
                    }
140
                    $oImage->resize($ImgWidth,$ImgHeigth)->save($relative.$filename);
141
//                    $oImage->resizePercent($ImgPercent)->save($relative.$filename);
142
//                    $oImage->adaptiveResize($ImgWidth,$ImgHeigth)->save($relative.$filename);
143
//                    $oImage->save($relative.$filename);
144 1041 Ruebenwurz
				}
145 1819 Luisehahne
146 1041 Ruebenwurz
			}
147 1460 Luisehahne
148 1023 Ruebenwurz
			// store file name of first file for possible unzip action
149
			if ($count == 1) {
150
				$filename1 = $relative . $filename;
151
			}
152 4 ryan
		}
153
	}
154
}
155 1460 Luisehahne
/*
156
 * Callback function to skip files in black-list
157
 */
158
function pclzipCheckValidFile($p_event, &$p_header)
159
{
160 1476 Luisehahne
    //  return 1;
161
// Check for potentially malicious files
162
	$forbidden_file_types  = preg_replace( '/\s*[,;\|#]\s*/','|',RENAME_FILES_ON_UPLOAD);
163 1460 Luisehahne
	$info = pathinfo($p_header['filename']);
164 1468 Luisehahne
	$ext = isset($info['extension']) ? $info['extension'] : '';
165
	$dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.');
166 1460 Luisehahne
	if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) && $dots != '.' )
167
	{	// ----- allowed file types are extracted
168
	  return 1;
169
	}else
170
	{	// ----- all other files are skiped
171
	  return 0;
172
	}
173
}
174
/* ********************************* */
175 4 ryan
176 1023 Ruebenwurz
// If the user chose to unzip the first file, unzip into the current folder
177
if (isset($_POST['unzip']) && isset($filename1) && file_exists($filename1) ) {
178 1476 Luisehahne
	// Required to unzip file.
179
	require_once(WB_PATH.'/include/pclzip/pclzip.lib.php');
180 1023 Ruebenwurz
	$archive = new PclZip($filename1);
181 1460 Luisehahne
	$list = $archive->extract(PCLZIP_OPT_PATH, $relative,PCLZIP_CB_PRE_EXTRACT, 'pclzipCheckValidFile');
182
183 1023 Ruebenwurz
	if($list == 0) {
184
		// error while trying to extract the archive (most likely wrong format)
185
		$admin->print_error('UNABLE TO UNZIP FILE' . $archive -> errorInfo(true));
186
	}
187 1460 Luisehahne
	$sum_files = 0;
188 1407 FrankH
	// rename executable files!
189 1460 Luisehahne
	foreach ($list as $key => $val) {
190
	    if( ($val['folder'] ) && change_mode($val['filename']) ) {
191
		   $sum_dirs++;
192
		} elseif( is_writable($val['filename']) && ($val['status'] == 'ok') && change_mode($val['filename']) )  {
193
			$sum_files++;
194 1407 FrankH
		}
195
	}
196 1460 Luisehahne
	if (isset($_POST['delzip'])) { unlink($filename1); }
197 1601 Luisehahne
	$dir = dirname($filename1);
198
    if(file_exists($dir)) {
199
		$array = createFolderProtectFile($dir);
200
    }
201 1023 Ruebenwurz
}
202 1460 Luisehahne
unset($list);
203 1601 Luisehahne
204 1468 Luisehahne
if($sum_files == 1) {
205 2098 darkviper
	$admin->print_success($sum_files.' '.$oTrans->MESSAGE_MEDIA_SINGLE_UPLOADED );
206 1476 Luisehahne
} elseif($sum_files > 1) {
207 2098 darkviper
	$admin->print_success($sum_files.' '.$oTrans->MESSAGE_MEDIA_UPLOADED );
208 4 ryan
} else {
209 1726 Luisehahne
210
	if(file_exists($relative.$filename)) {
211 2098 darkviper
    	$admin->print_error($oTrans->MESSAGE_MEDIA_FILE_EXISTS );
212 1726 Luisehahne
    } else {
213 2098 darkviper
    	$admin->print_error($oTrans->MESSAGE_MEDIA_NO_FILE_UPLOADED );
214 1726 Luisehahne
    }
215 4 ryan
}
216
217 1468 Luisehahne
// Print admin
218 4 ryan
$admin->print_footer();