PageRenderTime 55ms CodeModel.GetById 2ms app.highlight 46ms RepoModel.GetById 0ms app.codeStats 1ms

/filemanager/inc/jupload.php

https://github.com/muchael/expressolivre
PHP | 758 lines | 556 code | 39 blank | 163 comment | 174 complexity | 566773f2a4823312b9317484a69e4459 MD5 | raw file
  1<?php
  2
  3/**
  4 * This class manage upload, with use of the JUpload applet. It's both a sample to show how to use the applet, and
  5 * a class you can use directly into your own application.
  6 *
  7 * Recommandation: Don't update its code !
  8 *
  9 * By doing this, you'll be able to reuse directly any update coming from the JUpload project, instead of reporting your
 10 * modifications into any new version of this class. This guarantees you that your project can use the last version of
 11 * JUpload, without any code modification. We work so that the applet behavior remains unchanged, but from time to time,
 12 * a change can appear.
 13 *
 14 * Sample:
 15 * - See the index.php samples, in the same folder.
 16 *
 17 * Notes:
 18 * - maxChunkSize: this class use a default maxChunkSize of 500K (or less, depending on the script max size). This allows
 19 * upload of FILES OF ANY SIZE on quite all ISP hosting. If it's too big for you (the max upload size of your ISP is less
 20 * than 500K), or if you want no chunk at all, you can, of course, override this default value.
 21 *
 22 *
 23 *
 24 * Parameters:
 25 * - $appletparams contains a map for applet parameters: key is the applet parameter name. The value is the value to transmit
 26 * 		to the applet. See the applet documentation for information on all applet parameters.
 27 * - $classparams contains the parameter specific for the JUpload class below. Here are the main class parameters:
 28 * 		- demo_mode. Files are uploaded to the server, but not stored on its hard drive. That is: you can simulate the global
 29 * 		behavior, but won't consume hard drive space. This mode is used on sourceforge web site.
 30 *
 31 *
 32 * Output generated for uploaded files:
 33 * - $files is an array of array. This can be managed by (a) the function given in the callbackAfterUploadManagement class
 34 * 		parameter, or (b) within the page whose URL is given in the afterUploadURL applet parameter, or (c) you can Extend the
 35 * 		class and redeclare defaultAfterUploadManagement() to your needs.
 36 * 	See the defaultAfterUploadManagement() for a sample on howto manage this array.
 37 *
 38 *   This array contains:
 39 *     - One entry per file. Each entry is an array, that contains all files properties, stored as $key=>$value.
 40 * 		The available keys are:
 41 * 		  - name: the filename, as it is now stored on the system.
 42 * 		  - size: the file size
 43 * 		  - path: the absolute path, where the file has been stored.
 44 * 			- fullName: the canonical file name (i.e. including the absolute path)
 45 * 		  - md5sum: the md5sum of the file, if further control is needed.
 46 * 			- mimetype: the calculated mime type of the file
 47 * 		  - If the formData applet parameter is used: all attributes (key and value) uploaded by the applet, are put here,
 48 * 			repeated for each file.
 49 *
 50 * 		Note: if you are using a callback function (i.e. callbackAfterUploadManagement) and you do not see a global 'object' you
 51 * 					are expecting then it might have been destroyed by PHP - c.f. http://bugs.php.net/bug.php?id=39693
 52 *
 53 */
 54class JUpload {
 55
 56	var $appletparams;
 57	var $classparams;
 58	var $files;
 59
 60	public function JUpload($appletparams = array(), $classparams = array()) {
 61		if (gettype($classparams) != 'array')
 62			$this->abort('Invalid type of parameter classparams: Expecting an array');
 63		if (gettype($appletparams) != 'array')
 64			$this->abort('Invalid type of parameter appletparams: Expecting an array');
 65
 66		// set some defaults for the applet params
 67		if (!isset($appletparams['afterUploadURL']))
 68			$appletparams['afterUploadURL'] = $_SERVER['PHP_SELF'] . '?afterupload=1';
 69		if (!isset($appletparams['name']))
 70			$appletparams['name'] = 'JUpload';
 71		if (!isset($appletparams['archive']))
 72			$appletparams['archive'] = 'wjhk.jupload.jar';
 73		if (!isset($appletparams['code']))
 74			$appletparams['code'] = 'wjhk.jupload2.JUploadApplet';
 75		if (!isset($appletparams['debugLevel']))
 76			$appletparams['debugLevel'] = 0;
 77		if (!isset($appletparams['httpUploadParameterType']))
 78			$appletparams['httpUploadParameterType'] = 'array';
 79		if (!isset($appletparams['showLogWindow']))
 80			$appletparams['showLogWindow'] = ($appletparams['debugLevel'] > 0) ? 'true' : 'false';
 81		if (!isset($appletparams['width']))
 82			$appletparams['width'] = 500;
 83		if (!isset($appletparams['height']))
 84			$appletparams['height'] = ($appletparams['showLogWindow'] == 'true') ? 500 : 300;
 85		if (!isset($appletparams['mayscript']))
 86			$appletparams['mayscript'] = 'true';
 87		if (!isset($appletparams['scriptable']))
 88			$appletparams['scriptable'] = 'false';
 89		//if (!isset($appletparams['stringUploadSuccess']))
 90		$appletparams['stringUploadSuccess'] = 'SUCCESS';
 91		//if (!isset($appletparams['stringUploadError']))
 92		$appletparams['stringUploadError'] = 'ERROR: (.*)';
 93		$maxpost = $this->tobytes(ini_get('post_max_size'));
 94		$maxmem = $this->tobytes(ini_get('memory_limit'));
 95		$maxfs = $this->tobytes(ini_get('upload_max_filesize'));
 96		$obd = ini_get('open_basedir');
 97		if (!isset($appletparams['maxChunkSize'])) {
 98			$maxchunk = ($maxpost < $maxmem) ? $maxpost : $maxmem;
 99			$maxchunk = ($maxchunk < $maxfs) ? $maxchunk : $maxfs;
100			$maxchunk /= 4;
101			$optchunk = (500000 > $maxchunk) ? $maxchunk : 500000;
102			$appletparams['maxChunkSize'] = $optchunk;
103		}
104		$appletparams['maxChunkSize'] = $this->tobytes($appletparams['maxChunkSize']);
105		if (!isset($appletparams['maxFileSize']))
106			$appletparams['maxFileSize'] = $maxfs;
107		$appletparams['maxFileSize'] = $this->tobytes($appletparams['maxFileSize']);
108		if (isset($classparams['errormail'])) {
109			$appletparams['urlToSendErrorTo'] = $_SERVER["PHP_SELF"] . '?errormail';
110		}
111
112		// Same for class parameters
113		if (!isset($classparams['demo_mode']))
114			$classparams['demo_mode'] = false;
115		if ($classparams['demo_mode']) {
116			$classparams['create_destdir'] = false;
117			$classparams['allow_subdirs'] = true;
118			$classparams['allow_zerosized'] = true;
119			$classparams['duplicate'] = 'overwrite';
120		}
121		if (!isset($classparams['debug_php']))			  // set true to log some messages in PHP log
122			$classparams['debug_php'] = false;
123		if (!isset($this->classparams['allowed_mime_types']))	 // array of allowed MIME type
124			$classparams['allowed_mime_types'] = 'all';
125		if (!isset($this->classparams['allowed_file_extensions']))  // array of allowed file extensions
126			$classparams['allowed_file_extensions'] = 'all';
127		if (!isset($classparams['verbose_errors']))		// shouldn't display server info on a production site!
128			$classparams['verbose_errors'] = true;
129		if (!isset($classparams['session_regenerate']))
130			$classparams['session_regenerate'] = false;
131		if (!isset($classparams['create_destdir']))
132			$classparams['create_destdir'] = true;
133		if (!isset($classparams['allow_subdirs']))
134			$classparams['allow_subdirs'] = false;
135		if (!isset($classparams['spaces_in_subdirs']))
136			$classparams['spaces_in_subdirs'] = false;
137		if (!isset($classparams['allow_zerosized']))
138			$classparams['allow_zerosized'] = false;
139		if (!isset($classparams['duplicate']))
140			$classparams['duplicate'] = 'rename';
141		if (!isset($classparams['dirperm']))
142			$classparams['dirperm'] = 0755;
143		if (!isset($classparams['fileperm']))
144			$classparams['fileperm'] = 0644;
145		if (!isset($classparams['destdir'])) {
146			if ($obd != '')
147				$classparams['destdir'] = $obd;
148			else
149				$classparams['destdir'] = '/var/tmp/jupload_test';
150		}
151		if ($classparams['create_destdir'])
152			@mkdir($classparams['destdir'], $classparams['dirperm']);
153		if (!is_dir($classparams['destdir']) && is_writable($classparams['destdir']))
154			$this->abort('Destination dir not accessible');
155		if (!isset($classparams['tmp_prefix']))
156			$classparams['tmp_prefix'] = 'jutmp.';
157		if (!isset($classparams['var_prefix']))
158			$classparams['var_prefix'] = 'juvar.';
159		if (!isset($classparams['jscript_wrapper']))
160			$classparams['jscript_wrapper'] = 'JUploadSetProperty';
161		if (!isset($classparams['tag_jscript']))
162			$classparams['tag_jscript'] = '<!--JUPLOAD_JSCRIPT-->';
163		if (!isset($classparams['tag_applet']))
164			$classparams['tag_applet'] = '<!--JUPLOAD_APPLET-->';
165		if (!isset($classparams['tag_flist']))
166			$classparams['tag_flist'] = '<!--JUPLOAD_FILES-->';
167		if (!isset($classparams['http_flist_start']))
168			$classparams['http_flist_start'] =
169					  "<table border='1'><TR><TH>Filename</TH><TH>file size</TH><TH>Relative path</TH><TH>Full name</TH><TH>md5sum</TH><TH>Specific parameters</TH></TR>";
170		if (!isset($classparams['http_flist_end']))
171			$classparams['http_flist_end'] = "</table>\n";
172		if (!isset($classparams['http_flist_file_before']))
173			$classparams['http_flist_file_before'] = "<tr><td>";
174		if (!isset($classparams['http_flist_file_between']))
175			$classparams['http_flist_file_between'] = "</td><td>";
176		if (!isset($classparams['http_flist_file_after']))
177			$classparams['http_flist_file_after'] = "</td></tr>\n";
178
179		$this->appletparams = $appletparams;
180		$this->classparams = $classparams;
181		$this->page_start();
182	}
183
184	/**
185	 * Log a message on the current output, as a HTML comment.
186	 */
187	protected function logDebug($function, $msg, $htmlComment=true) 
188	{
189		$output = "[DEBUG] [$function] $msg";
190		if ($htmlComment) {
191			echo("<!-- $output -->\r\n");
192		} else {
193			echo("$output\r\n");
194		}
195	}
196
197	/**
198	 * Log a message to the PHP log.
199	 * Declared "protected" so it may be Extended if you require customised logging (e.g. particular log file location).
200	 */
201	protected function logPHPDebug($function, $msg) 
202	{
203		if ($this->classparams['debug_php'] === true) {
204			$output = "[DEBUG] [$function] " . $this->arrayexpand($msg);
205			error_log($output);
206		}
207	}
208
209	private function arrayexpand($array) 
210	{
211		$output = '';
212		if (is_array($array)) {
213			foreach ($array as $key => $value) {
214				$output .= "\n " . $key . ' => ' . $this->arrayexpand($value);
215			}
216		} else {
217			$output .= $array;
218		}
219		return $output;
220	}
221
222	/**
223	 * Convert a value ending in 'G','M' or 'K' to bytes
224	 *
225	 */
226	private function tobytes($val) 
227	{
228		$val = trim($val);
229		$last = strtolower($val{strlen($val) - 1});
230		switch ($last) {
231			case 'g':
232				$val *= 1024;
233			case 'm':
234				$val *= 1024;
235			case 'k':
236				$val *= 1024;
237		}
238		return $val;
239	}
240
241	/**
242	 * Build a string, containing a javascript wrapper function
243	 * for setting applet properties via JavaScript. This is necessary,
244	 * because we use the "modern" method of including the applet (using
245	 * <object> resp. <embed> tags) in order to trigger automatic JRE downloading.
246	 * Therefore, in Netscape-like browsers, the applet is accessible via
247	 * the document.embeds[] array while in others, it is accessible via the
248	 * document.applets[] array.
249	 *
250	 * @return A string, containing the necessary wrapper function (named JUploadSetProperty)
251	 */
252	private function str_jsinit() 
253	{
254		$N = "\n";
255		$name = $this->appletparams['name'];
256		$ret = '<script type="text/javascript">' . $N;
257		$ret .= '<!--' . $N;
258		$ret .= 'function ' . $this->classparams['jscript_wrapper'] . '(name, value) {' . $N;
259		$ret .= '  document.applets["' . $name . '"] == null || document.applets["' . $name . '"].setProperty(name,value);' . $N;
260		$ret .= '  document.embeds["' . $name . '"] == null || document.embeds["' . $name . '"].setProperty(name,value);' . $N;
261		$ret .= '}' . $N;
262		$ret .= '//-->' . $N;
263		$ret .= '</script>';
264		return $ret;
265	}
266
267	/**
268	 * Build a string, containing the applet tag with all parameters.
269	 *
270	 * @return A string, containing the applet tag
271	 */
272	private function str_applet() {
273		$N = "\n";
274		$params = $this->appletparams;
275		// return the actual applet tag
276		$ret = '<object classid = "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"' . $N;
277		$ret .= '  codebase = "http://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab#Version=5,0,0,3"' . $N;
278		$ret .= '  width = "' . $params['width'] . '"' . $N;
279		$ret .= '  height = "' . $params['height'] . '"' . $N;
280		$ret .= '  name = "' . $params['name'] . '">' . $N;
281		foreach ($params as $key => $val) {
282			if ($key != 'width' && $key != 'height')
283				$ret .= '  <param name = "' . $key . '" value = "' . $val . '" />' . $N;
284		}
285		$ret .= '  <comment>' . $N;
286		$ret .= '    <embed' . $N;
287		$ret .= '      type = "application/x-java-applet;version=1.5"' . $N;
288		foreach ($params as $key => $val)
289			$ret .= '      ' . $key . ' = "' . $val . '"' . $N;
290		$ret .= '      pluginspage = "http://java.sun.com/products/plugin/index.html#download">' . $N;
291		$ret .= '      <noembed>' . $N;
292		$ret .= '        Java 1.5 or higher plugin required.' . $N;
293		$ret .= '      </noembed>' . $N;
294		$ret .= '    </embed>' . $N;
295		$ret .= '  </comment>' . $N;
296		$ret .= '</object>';
297		return $ret;
298	}
299
300	private function abort($msg = '') 
301	{
302		$this->cleanup();
303		if ($msg != '')
304			die(str_replace('(.*)', $msg, $this->appletparams['stringUploadError']) . "\n");
305		exit;
306	}
307
308	private function warning($msg = '') 
309	{
310		$this->cleanup();
311		if ($msg != '')
312			echo('WARNING: ' . $msg . "\n");
313		echo $this->appletparams['stringUploadSuccess'] . "\n";
314		exit;
315	}
316
317	private function cleanup() 
318	{
319		// remove all uploaded files of *this* request
320		if (isset($_FILES)) {
321			foreach ($_FILES as $key => $val)
322				@unlink($val['tmp_name']);
323		}
324		// remove accumulated file, if any.
325		@unlink($this->classparams['destdir'] . '/' . $this->classparams['tmp_prefix'] . session_id());
326		@unlink($this->classparams['destdir'] . '/' . $this->classparams['tmp_prefix'] . 'tmp' . session_id());
327		// reset session var
328		$_SESSION[$this->classparams['var_prefix'] . 'size'] = 0;
329		return;
330	}
331
332	private function mkdirp($path) 
333	{
334		// create subdir (hierary) below destdir;
335		$dirs = explode('/', $path);
336		$path = $this->classparams['destdir'];
337		foreach ($dirs as $dir) 
338		{
339			$path .= '/' . $dir;
340			if (!file_exists($path)) {		// @ does NOT always supress the error!
341				@mkdir($path, $this->classparams['dirperm']);
342			}
343		}
344		if (!is_dir($path) && is_writable($path))
345			$this->abort('Destination dir not accessible');
346	}
347
348	/**
349	 * This method:
350	 * - Replaces some potentially dangerous characters by '_' (in the given name an relative path)
351	 * - Checks if a files of the same name already exists.
352	 * 		- If no: no problem.
353	 * 		- If yes, and the duplicate class param is set to rename, the file is renamed.
354	 * 		- If yes, and the duplicate class param is set to overwrite, the file is not renamed. The existing one will be erased.
355	 * 		- If yes, and the duplicate class param is set to reject, an error is thrown.
356	 */
357	private function dstfinal(&$name, &$subdir) 
358	{
359		$name = preg_replace('![`$\\\\/|]!', '_', $name);
360		if ($this->classparams['allow_subdirs'] && ($subdir != '')) {
361			$subdir = trim(preg_replace('!\\\\!', '/', $subdir), '/');
362			$subdir = preg_replace('![`$|]!', '_', $subdir);
363			if (!$this->classparams['spaces_in_subdirs']) {
364				$subdir = str_replace(' ', '_', $subdir);
365			}
366			// recursively create subdir
367			if (!$this->classparams['demo_mode'])
368				$this->mkdirp($subdir);
369			// append a slash
370			$subdir .= '/';
371		} else {
372			$subdir = '';
373		}
374		$ret = $this->classparams['destdir'] . '/' . $subdir . $name;
375		if (file_exists($ret)) {
376			if ($this->classparams['duplicate'] == 'overwrite') {
377				return $ret;
378			}
379			if ($this->classparams['duplicate'] == 'reject') {
380				$this->abort('A file with the same name already exists');
381			}
382			if ($this->classparams['duplicate'] == 'warning') {
383				$this->warning("File $name already exists - rejected");
384			}
385			if ($this->classparams['duplicate'] == 'rename') {
386				$cnt = 1;
387				$dir = $this->classparams['destdir'] . '/' . $subdir;
388				$ext = strrchr($name, '.');
389				if ($ext) {
390					$nameWithoutExtension = substr($name, 0, strlen($name) - strlen($ext));
391				} else {
392					$ext = '';
393					$nameWithoutExtension = $name;
394				}
395
396				$rtry = $dir . $nameWithoutExtension . '.[' . $cnt . ']' . $ext;
397				while (file_exists($rtry)) {
398					++$cnt;
399					$rtry = $dir . $nameWithoutExtension . '.[' . $cnt . ']' . $ext;
400				}
401				//We store the result name in the byReference name parameter.
402				$name = $nameWithoutExtension . '.[' . $cnt . ']' . $ext;
403				$ret = $rtry;
404			}
405		}
406		return $ret;
407	}
408
409	/**
410	 * Example function to process the files uploaded.  This one simply displays the files' data.
411	 *
412	 */
413	public function defaultAfterUploadManagement() 
414	{
415		$flist = '[defaultAfterUploadManagement] Nb uploaded files is: ' . sizeof($this->files);
416		$flist = $this->classparams['http_flist_start'];
417		foreach ($this->files as $f) {
418			//$f is an array, that contains all info about the uploaded file.
419			$this->logDebug('defaultAfterUploadManagement', "  Reading file ${f['name']}");
420			$flist .= $this->classparams['http_flist_file_before'];
421			$flist .= $f['name'];
422			$flist .= $this->classparams['http_flist_file_between'];
423			$flist .= $f['size'];
424			$flist .= $this->classparams['http_flist_file_between'];
425			$flist .= $f['relativePath'];
426			$flist .= $this->classparams['http_flist_file_between'];
427			$flist .= $f['fullName'];
428			$flist .= $this->classparams['http_flist_file_between'];
429			$flist .= $f['md5sum'];
430			$addBR = false;
431			foreach ($f as $key => $value) {
432				//If it's a specific key, let's display it:
433				if ($key != 'name' && $key != 'size' && $key != 'relativePath' && $key != 'fullName' && $key != 'md5sum') {
434					if ($addBR) {
435						$flist .= "<br />";
436					} else {
437						// First line. We must add a new 'official' list separator.
438						$flist .= $this->classparams['http_flist_file_between'];
439						$addBR = true;
440					}
441					$flist .= "$key => $value";
442				}
443			}
444			$flist .= $this->classparams['http_flist_file_after'];
445		}
446		$flist .= $this->classparams['http_flist_end'];
447
448		return $flist;
449	}
450
451	/**
452	 * Generation of the applet tag, and necessary things around (js content). Insertion of this into the content of the
453	 * page.
454	 * See the tag_jscript and tag_applet class parameters.
455	 */
456	private function generateAppletTag($str) 
457	{
458		$this->logDebug('generateAppletTag', 'Entering function');
459		$str = preg_replace('/' . $this->classparams['tag_jscript'] . '/', $this->str_jsinit(), $str);
460		return preg_replace('/' . $this->classparams['tag_applet'] . '/', $this->str_applet(), $str);
461	}
462
463	/**
464	 * This function is called when constructing the page, when we're not reveiving uploaded files. It 'just' construct
465	 * the applet tag, by calling the relevant function.
466	 *
467	 * This *must* be public, because it is called from PHP's output buffering
468	 */
469	public function interceptBeforeUpload($str) 
470	{
471		$this->logDebug('interceptBeforeUpload', 'Entering function');
472		return $this->generateAppletTag($str);
473	}
474
475	/**
476	 * This function displays the uploaded files description in the current page (see tag_flist class parameter)
477	 *
478	 * This *must* be public, because it is called from PHP's output buffering.
479	 */
480	public function interceptAfterUpload($str) 
481	{
482		$this->logDebug('interceptAfterUpload', 'Entering function');
483		$this->logPHPDebug('interceptAfterUpload', $this->files);
484
485		if (count($this->files) > 0) {
486			if (isset($this->classparams['callbackAfterUploadManagement'])) {
487				$this->logDebug('interceptAfterUpload', 'Before call of ' . $this->classparams['callbackAfterUploadManagement']);
488				$strForFListContent = call_user_func($this->classparams['callbackAfterUploadManagement'], $this, $this->files);
489			} else {
490				$strForFListContent = $this->defaultAfterUploadManagement();
491			}
492			$str = preg_replace('/' . $this->classparams['tag_flist'] . '/', $strForFListContent, $str);
493		}
494		return $this->generateAppletTag($str);
495	}
496
497	/**
498	 * This method manages the receiving of the debug log, when an error occurs.
499	 */
500	private function receive_debug_log() 
501	{
502		// handle error report
503		if (isset($_POST['description']) && isset($_POST['log'])) {
504			$msg = $_POST['log'];
505			mail($this->classparams['errormail'], $_POST['description'], $msg);
506		} else {
507			if (isset($_SERVER['SERVER_ADMIN']))
508				mail($_SERVER['SERVER_ADMIN'], 'Empty jupload error log', 'An empty log has just been posted.');
509			$this->logPHPDebug('receive_debug_log', 'Empty error log received');
510		}
511		exit;
512	}
513
514	/**
515	 * This method is the heart of the system. It manage the files sent by the applet, check the incoming parameters (md5sum) and
516	 * reconstruct the files sent in chunk mode.
517	 *
518	 * The result is stored in the $files array, and can then be managed by the function given in the callbackAfterUploadManagement
519	 * class parameter, or within the page whose URL is given in the afterUploadURL applet parameter.
520	 * Or you can Extend the class and redeclare defaultAfterUploadManagement() to your needs.
521	 */
522	private function receive_uploaded_files() 
523	{
524		$this->logDebug('receive_uploaded_files', 'Entering POST management');
525
526		if (session_id() == '') {
527			include_once('../../header.session.inc.php');
528		}
529		// we check for the session *after* handling possible error log
530		// because an error could have happened because the session-id is missing.
531		if (!isset($_SESSION[$this->classparams['var_prefix'] . 'size'])) {
532			$this->abort('Invalid session (in afterupload, POST, check of size)');
533		}
534		if (!isset($_SESSION[$this->classparams['var_prefix'] . 'files'])) {
535			$this->abort('Invalid session (in afterupload, POST, check of files)');
536		}
537		$this->files = $_SESSION[$this->classparams['var_prefix'] . 'files'];
538		if (!is_array($this->files)) {
539			$this->abort('Invalid session (in afterupload, POST, is_array(files))');
540		}
541		if ($this->appletParameters['sendMD5Sum'] && !isset($_POST['md5sum'])) {
542			$this->abort('Required POST variable md5sum is missing');
543		}
544		$cnt = 0;
545		foreach ($_FILES as $key => $value) {
546			//Let's read the $_FILES data
547			if (isset($files_data)) {
548				unset($files_data);
549			}
550			$jupart = (isset($_POST['jupart'])) ? (int) $_POST['jupart'] : 0;
551			$jufinal = (isset($_POST['jufinal'])) ? (int) $_POST['jufinal'] : 1;
552			$relpaths = (isset($_POST['relpathinfo'])) ? $_POST['relpathinfo'] : null;
553			$md5sums = (isset($_POST['md5sum'])) ? $_POST['md5sum'] : null;
554			$mimetypes = (isset($_POST['mimetype'])) ? $_POST['mimetype'] : null;
555			//$relpaths = (isset($_POST["relpathinfo$cnt"])) ? $_POST["relpathinfo$cnt"] : null;
556			//$md5sums = (isset($_POST["md5sum$cnt"])) ? $_POST["md5sum$cnt"] : null;
557
558			if (gettype($relpaths) == 'string') {
559				$relpaths = array($relpaths);
560			}
561			if (gettype($md5sums) == 'string') {
562				$md5sums = array($md5sums);
563			}
564			if ($this->appletParameters['sendMD5Sum'] && !is_array($md5sums)) {
565				$this->abort('Expecting an array of MD5 checksums');
566			}
567			if (!is_array($relpaths)) {
568				$this->abort('Expecting an array of relative paths');
569			}
570			if (!is_array($mimetypes)) {
571				$this->abort('Expecting an array of MIME types');
572			}
573			// Check the MIME type (note: this is easily forged!)
574			if (isset($this->classparams['allowed_mime_types']) && is_array($this->classparams['allowed_mime_types'])) {
575				if (!in_array($mimetypes[$cnt], $this->classparams['allowed_mime_types'])) {
576					$this->abort('MIME type ' . $mimetypes[$cnt] . ' not allowed');
577				}
578			}
579			if (isset($this->classparams['allowed_file_extensions']) && is_array($this->classparams['allowed_file_extensions'])) {
580				$fileExtension = substr(strrchr($value['name'][$cnt], "."), 1);
581				if (!in_array($fileExtension, $this->classparams['allowed_file_extensions'])) {
582					$this->abort('File extension ' . $fileExtension . ' not allowed');
583				}
584			}
585
586			$dstdir = $this->classparams['destdir'];
587			$dstname = $dstdir . '/' . $this->classparams['tmp_prefix'] . session_id();
588			$tmpname = $dstdir . '/' . $this->classparams['tmp_prefix'] . 'tmp' . session_id();
589
590			// Controls are now done. Let's store the current uploaded files properties in an array, for future use.
591			$files_data['name'] = $value['name'][$cnt];
592			$files_data['size'] = 'not calculated yet';
593			$files_data['tmp_name'] = $value['tmp_name'][$cnt];
594			$files_data['error'] = $value['error'][$cnt];
595			$files_data['relativePath'] = $relpaths[$cnt];
596			$files_data['md5sum'] = $md5sums[$cnt];
597			$files_data['mimetype'] = $mimetypes[$cnt];
598
599			if (!move_uploaded_file($files_data['tmp_name'], $tmpname)) {
600				if ($classparams['verbose_errors']) {
601					$this->abort("Unable to move uploaded file (from ${files_data['tmp_name']} to $tmpname)");
602				} else {
603					trigger_error("Unable to move uploaded file (from ${files_data['tmp_name']} to $tmpname)", E_USER_WARNING);
604					$this->abort("Unable to move uploaded file");
605				}
606			}
607
608			// In demo mode, no file storing is done. We just delete the newly uploaded file.
609			if ($this->classparams['demo_mode']) {
610				if ($jufinal || (!$jupart)) {
611					if ($jupart) {
612						$files_data['size'] = ($jupart - 1) * $this->appletparams['maxChunkSize'] + filesize($tmpname);
613					} else {
614						$files_data['size'] = filesize($tmpname);
615					}
616					$files_data['fullName'] = 'Demo mode<br />No file storing';
617					array_push($this->files, $files_data);
618				}
619				unlink($tmpname);
620				++$cnt;
621				continue;
622			}
623			//If we get here, the upload is a real one (no demo)
624			if ($jupart) {
625				// got a chunk of a multi-part upload
626				$len = filesize($tmpname);
627				$_SESSION[$this->classparams['var_prefix'] . 'size'] += $len;
628				if ($len > 0) {
629					$src = fopen($tmpname, 'rb');
630					$dst = fopen($dstname, ($jupart == 1) ? 'wb' : 'ab');
631					while ($len > 0) {
632						$rlen = ($len > 8192) ? 8192 : $len;
633						$buf = fread($src, $rlen);
634						if (!$buf) {
635							fclose($src);
636							fclose($dst);
637							unlink($dstname);
638							$this->abort('read IO error');
639						}
640						if (!fwrite($dst, $buf, $rlen)) {
641							fclose($src);
642							fclose($dst);
643							unlink($dstname);
644							$this->abort('write IO error');
645						}
646						$len -= $rlen;
647					}
648					fclose($src);
649					fclose($dst);
650					unlink($tmpname);
651				}
652				if ($jufinal) {
653					// This is the last chunk. Check total lenght and
654					// rename it to it's final name.
655					$dlen = filesize($dstname);
656					if ($dlen != $_SESSION[$this->classparams['var_prefix'] . 'size'])
657						$this->abort('file size mismatch');
658					if ($this->appletParameters['sendMD5Sum']) {
659						if ($md5sums[$cnt] != md5_file($dstname))
660							$this->abort('MD5 checksum mismatch');
661					}
662					// remove zero sized files
663					if (($dlen > 0) || $this->classparams['allow_zerosized']) {
664						$dstfinal = $this->dstfinal($files_data['name'], $files_data['relativePath']);
665						if (!rename($dstname, $dstfinal))
666							$this->abort('rename IO error');
667						if (!chmod($dstfinal, $this->classparams['fileperm']))
668							$this->abort('chmod IO error');
669						$files_data['size'] = filesize($dstfinal);
670						$files_data['fullName'] = $dstfinal;
671						$files_data['path'] = dirname($dstfinal);
672						array_push($this->files, $files_data);
673					} else {
674						unlink($dstname);
675					}
676					// reset session var
677					$_SESSION[$this->classparams['var_prefix'] . 'size'] = 0;
678				}
679			} else {
680				// Got a single file upload. Trivial.
681				if ($md5sums[$cnt] != md5_file($tmpname))
682					$this->abort('MD5 checksum mismatch');
683				$dstfinal = $this->dstfinal($files_data['name'], $files_data['relativePath']);
684				if (!rename($tmpname, $dstfinal))
685					$this->abort('rename IO error');
686				if (!chmod($dstfinal, $this->classparams['fileperm']))
687					$this->abort('chmod IO error');
688				$files_data['size'] = filesize($dstfinal);
689				$files_data['fullName'] = $dstfinal;
690				$files_data['path'] = dirname($dstfinal);
691				array_push($this->files, $files_data);
692			}
693			++$cnt;
694		}
695
696		echo $this->appletparams['stringUploadSuccess'] . "\n";
697		$_SESSION[$this->classparams['var_prefix'] . 'files'] = $this->files;
698		session_write_close();
699		exit;
700	}
701
702	/**
703	 *
704	 *
705	 */
706	private function page_start() {
707		$this->logDebug('page_start', 'Entering function');
708
709		// If the applet checks for the serverProtocol, it issues a HEAD request
710		// -> Simply return an empty doc.
711		if ($_SERVER['REQUEST_METHOD'] == 'HEAD') {
712			// Nothing to do
713		} else if ($_SERVER['REQUEST_METHOD'] == 'GET') {
714			// A GET request means: return upload page
715			$this->logDebug('page_start', 'Entering GET management');
716
717			if (session_id() == '') {
718				include_once('../../header.session.inc.php');
719			}
720			if (isset($_GET['afterupload'])) {
721				$this->logDebug('page_start', 'afterupload is set');
722				if (!isset($_SESSION[$this->classparams['var_prefix'] . 'files'])) {
723					$this->abort('Invalid session (in afterupload, GET, check of $_SESSION): files array is not set');
724				}
725				$this->files = $_SESSION[$this->classparams['var_prefix'] . 'files'];
726				if (!is_array($this->files)) {
727					$this->abort('Invalid session (in afterupload, GET, check of is_array(files)): files is not an array');
728				}
729				// clear session data ready for new upload
730				$_SESSION[$this->classparams['var_prefix'] . 'files'] = array();
731
732				// start intercepting the content of the calling page, to display the upload result.
733				ob_start(array(& $this, 'interceptAfterUpload'));
734			} else {
735				$this->logDebug('page_start', 'afterupload is not set');
736				if ($this->classparams['session_regenerate']) {
737					session_regenerate_id(true);
738				}
739				$this->files = array();
740				$_SESSION[$this->classparams['var_prefix'] . 'size'] = 0;
741				$_SESSION[$this->classparams['var_prefix'] . 'files'] = $this->files;
742				// start intercepting the content of the calling page, to display the applet tag.
743				ob_start(array(& $this, 'interceptBeforeUpload'));
744			}
745		} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
746			// If we got a POST request, this is the real work.
747			if (isset($_GET['errormail'])) {
748				//Hum, an error occurs on server side. Let's manage the debug log, that we just received.
749				$this->receive_debug_log();
750			} else {
751				$this->receive_uploaded_files();
752			}
753		}
754	}
755
756}
757
758// PHP end tag omitted intentionally!!