PageRenderTime 58ms CodeModel.GetById 24ms RepoModel.GetById 0ms app.codeStats 1ms

/sondage/admin/import_resources_zip.php

https://bitbucket.org/bontiv/insomnia
PHP | 618 lines | 506 code | 68 blank | 44 comment | 62 complexity | b086af5752f42a0ff1c8466178bc5f55 MD5 | raw file
Possible License(s): Apache-2.0, LGPL-3.0, LGPL-2.1, GPL-3.0, BSD-3-Clause, GPL-2.0 
    

  1. <?php

    2. 

  2. /*

    3. 

  3.  * LimeSurvey

    4. 

  4.  * Copyright (C) 2007 The LimeSurvey Project Team / Carsten Schmitz

    5. 

  5.  * All rights reserved.

    6. 

  6.  * License: GNU/GPL License v2 or later, see LICENSE.php

    7. 

  7.  * LimeSurvey is free software. This version may have been modified pursuant

    8. 

  8.  * to the GNU General Public License, and as distributed it includes or

    9. 

  9.  * is derivative of works licensed under the GNU General Public License or

    10. 

  10.  * other free or open source software licenses.

    11. 

  11.  * See COPYRIGHT.php for copyright notices and details.

    12. 

  12.  *

    13. 

  13.  * $Id: import_resources_zip.php 10925 2011-09-02 14:12:02Z c_schmitz $

    14. 

  14.  */

    15. 

  15. 

    16. 

  16. 

    17. 

  17. include_once("login_check.php");

    18. 

  18. 

    19. 

  19. if (!isset($surveyid))

    20. 

  20. {

    21. 

  21.     returnglobal('sid');

    22. 

  22. }

    23. 

  23. 

    24. 

  24. if (!isset($lid))

    25. 

  25. {

    26. 

  26.     returnglobal('lid');

    27. 

  27. }

    28. 

  28. 

    29. 

  29. 

    30. 

  30. 

    31. 

  31. if ($action == "importsurveyresources" && $surveyid) {

    32. 

  32.     $importsurveyresourcesoutput = "<div class='header ui-widget-header'>".$clang->gT("Import survey resources")."</div>\n";

    33. 

  33.     $importsurveyresourcesoutput .= "<div class='messagebox ui-corner-all'>";

    34. 

  34. 

    35. 

  35.     if ($demoModeOnly === true)

    36. 

  36.     {

    37. 

  37.         $importsurveyresourcesoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    38. 

  38.         $importsurveyresourcesoutput .= $clang->gT("Demo Mode Only: Uploading file is disabled in this system.")."<br /><br />\n";

    39. 

  39.         $importsurveyresourcesoutput .= "<input type='submit' value='".$clang->gT("Back")."' onclick=\"window.open('$scriptname?action=editsurvey&amp;sid=$surveyid', '_top')\" />\n";

    40. 

  40.         $importsurveyresourcesoutput .= "</div>\n";

    41. 

  41.         return;

    42. 

  42.     }

    43. 

  43. 

    44. 

  44.     require("classes/phpzip/phpzip.inc.php");

    45. 

  45.     $zipfile=$_FILES['the_file']['tmp_name'];

    46. 

  46.     $z = new PHPZip();

    47. 

  47. 

    48. 

  48.     // Create temporary directory

    49. 

  49.     // If dangerous content is unzipped

    50. 

  50.     // then no one will know the path

    51. 

  51.     $extractdir=tempdir($tempdir);

    52. 

  52.     $basedestdir = $uploaddir."/surveys";

    53. 

  53.     $destdir=$basedestdir."/$surveyid/";

    54. 

  54. 

    55. 

  55.     if (!is_writeable($basedestdir))

    56. 

  56.     {

    57. 

  57.         $importsurveyresourcesoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    58. 

  58.         $importsurveyresourcesoutput .= sprintf ($clang->gT("Incorrect permissions in your %s folder."),$basedestdir)."<br /><br />\n";

    59. 

  59.         $importsurveyresourcesoutput .= "<input type='submit' value='".$clang->gT("Back")."' onclick=\"window.open('$scriptname?action=editsurvey&sid=$surveyid', '_top')\" />\n";

    60. 

  60.         $importsurveyresourcesoutput .= "</div>\n";

    61. 

  61.         return;

    62. 

  62.     }

    63. 

  63. 

    64. 

  64.     if (!is_dir($destdir))

    65. 

  65.     {

    66. 

  66.         mkdir($destdir);

    67. 

  67.     }

    68. 

  68. 

    69. 

  69.     $aImportedFilesInfo=null;

    70. 

  70.     $aErrorFilesInfo=null;

    71. 

  71. 

    72. 

  72. 

    73. 

  73.     if (is_file($zipfile))

    74. 

  74.     {

    75. 

  75.         $importsurveyresourcesoutput .= "<div class=\"successheader\">".$clang->gT("Success")."</div><br />\n";

    76. 

  76.         $importsurveyresourcesoutput .= $clang->gT("File upload succeeded.")."<br /><br />\n";

    77. 

  77.         $importsurveyresourcesoutput .= $clang->gT("Reading file..")."<br /><br />\n";

    78. 

  78. 

    79. 

  79.         if ($z->extract($extractdir,$zipfile) != 'OK')

    80. 

  80.         {

    81. 

  81.             $importsurveyresourcesoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    82. 

  82.             $importsurveyresourcesoutput .= $clang->gT("This file is not a valid ZIP file archive. Import failed.")."<br /><br />\n";

    83. 

  83.             $importsurveyresourcesoutput .= "<input type='submit' value='".$clang->gT("Back")."' onclick=\"window.open('$scriptname?action=editsurvey&sid=$surveyid', '_top')\" />\n";

    84. 

  84.             $importsurveyresourcesoutput .= "</div>\n";

    85. 

  85.             return;

    86. 

  86.         }

    87. 

  87. 

    88. 

  88.         // now read tempdir and copy authorized files only

    89. 

  89.         $dh = opendir($extractdir);

    90. 

  90.         while($direntry = readdir($dh))

    91. 

  91.         {

    92. 

  92.             if (($direntry!=".")&&($direntry!=".."))

    93. 

  93.             {

    94. 

  94.                 if (is_file($extractdir."/".$direntry))

    95. 

  95.                 { // is  a file

    96. 

  96.                     $extfile = substr(strrchr($direntry, '.'),1);

    97. 

  97.                     if  (!(stripos(','.$allowedresourcesuploads.',',','.$extfile.',') === false))

    98. 

  98.                     { //Extension allowed

    99. 

  99.                         if (!copy($extractdir."/".$direntry, $destdir.$direntry))

    100. 

  100.                         {

    101. 

  101.                             $aErrorFilesInfo[]=Array(

    102. 

  102. 								"filename" => $direntry,

    103. 

  103. 								"status" => $clang->gT("Copy failed")

    104. 

  104.                             );

    105. 

  105.                             unlink($extractdir."/".$direntry);

    106. 

  106. 

    107. 

  107.                         }

    108. 

  108.                         else

    109. 

  109.                         {

    110. 

  110.                             $aImportedFilesInfo[]=Array(

    111. 

  111. 								"filename" => $direntry,

    112. 

  112. 								"status" => $clang->gT("OK")

    113. 

  113.                             );

    114. 

  114.                             unlink($extractdir."/".$direntry);

    115. 

  115.                         }

    116. 

  116.                     }

    117. 

  117. 

    118. 

  118.                     else

    119. 

  119.                     { // Extension forbidden

    120. 

  120.                         $aErrorFilesInfo[]=Array(

    121. 

  121. 							"filename" => $direntry,

    122. 

  122. 							"status" => $clang->gT("Error")." (".$clang->gT("Forbidden Extension").")"

    123. 

  123. 							);

    124. 

  124. 							unlink($extractdir."/".$direntry);

    125. 

  125.                     }

    126. 

  126.                 } // end if is_file

    127. 

  127.             } // end if ! . or ..

    128. 

  128.         } // end while read dir

    129. 

  129. 

    130. 

  130. 

    131. 

  131.         //Delete the temporary file

    132. 

  132.         unlink($zipfile);

    133. 

  133.         //Delete temporary folder

    134. 

  134.         rmdir($extractdir);

    135. 

  135. 

    136. 

  136.         // display summary

    137. 

  137.         $okfiles = 0;

    138. 

  138.         $errfiles= 0;

    139. 

  139.         $ErrorListHeader = "";

    140. 

  140.         $ImportListHeader = "";

    141. 

  141.         if (is_null($aErrorFilesInfo) && !is_null($aImportedFilesInfo))

    142. 

  142.         {

    143. 

  143.             $status=$clang->gT("Success");

    144. 

  144.             $statusClass='successheader';

    145. 

  145.             $okfiles = count($aImportedFilesInfo);

    146. 

  146.             $ImportListHeader .= "<br /><strong><u>".$clang->gT("Imported Files List").":</u></strong><br />\n";

    147. 

  147.         }

    148. 

  148.         elseif (is_null($aErrorFilesInfo) && is_null($aImportedFilesInfo))

    149. 

  149.         {

    150. 

  150.             $importsurveyresourcesoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    151. 

  151.             $importsurveyresourcesoutput .= $clang->gT("This ZIP archive contains no valid Resources files. Import failed.")."<br /><br />\n";

    152. 

  152.             $importsurveyresourcesoutput .= $clang->gT("Remember that we do not support subdirectories in ZIP archives.")."<br /><br />\n";

    153. 

  153.             $importsurveyresourcesoutput .= "<input type='submit' value='".$clang->gT("Back")."' onclick=\"window.open('$scriptname?action=editsurvey&sid=$surveyid', '_top')\" />\n";

    154. 

  154.             $importsurveyresourcesoutput .= "</div>\n";

    155. 

  155.             return;

    156. 

  156. 

    157. 

  157.         }

    158. 

  158.         elseif (!is_null($aErrorFilesInfo) && !is_null($aImportedFilesInfo))

    159. 

  159.         {

    160. 

  160.             $status=$clang->gT("Partial");

    161. 

  161.             $statusClass='partialheader';

    162. 

  162.             $okfiles = count($aImportedFilesInfo);

    163. 

  163.             $errfiles = count($aErrorFilesInfo);

    164. 

  164.             $ErrorListHeader .= "<br /><strong><u>".$clang->gT("Error Files List").":</u></strong><br />\n";

    165. 

  165.             $ImportListHeader .= "<br /><strong><u>".$clang->gT("Imported Files List").":</u></strong><br />\n";

    166. 

  166.         }

    167. 

  167.         else

    168. 

  168.         {

    169. 

  169.             $status=$clang->gT("Error");

    170. 

  170.             $statusClass='warningheader';

    171. 

  171.             $errfiles = count($aErrorFilesInfo);

    172. 

  172.             $ErrorListHeader .= "<br /><strong><u>".$clang->gT("Error Files List").":</u></strong><br />\n";

    173. 

  173.         }

    174. 

  174. 

    175. 

  175.         $importsurveyresourcesoutput .= "<strong>".$clang->gT("Imported Resources for")." SID:</strong> $surveyid<br /><br />\n";

    176. 

  176.         $importsurveyresourcesoutput .= "<div class=\"".$statusClass."\">".$status."</div><br />\n";

    177. 

  177.         $importsurveyresourcesoutput .= "<strong><u>".$clang->gT("Resources Import Summary")."</u></strong><br />\n";

    178. 

  178.         $importsurveyresourcesoutput .= "".$clang->gT("Total Imported files").": $okfiles<br />\n";

    179. 

  179.         $importsurveyresourcesoutput .= "".$clang->gT("Total Errors").": $errfiles<br />\n";

    180. 

  180.         $importsurveyresourcesoutput .= $ImportListHeader;

    181. 

  181.         foreach ($aImportedFilesInfo as $entry)

    182. 

  182.         {

    183. 

  183.             $importsurveyresourcesoutput .= "\t<li>".$clang->gT("File").": ".$entry["filename"]."</li>\n";

    184. 

  184.         }

    185. 

  185.         if (!is_null($aImportedFilesInfo))

    186. 

  186.         {

    187. 

  187.             $importsurveyresourcesoutput .= "\t</ul><br />\n";

    188. 

  188.         }

    189. 

  189.         $importsurveyresourcesoutput .= $ErrorListHeader;

    190. 

  190.         foreach ($aErrorFilesInfo as $entry)

    191. 

  191.         {

    192. 

  192.             $importsurveyresourcesoutput .= "\t<li>".$clang->gT("File").": ".$entry['filename']." (".$entry['status'].")</li>\n";

    193. 

  193.         }

    194. 

  194.         if (!is_null($aErrorFilesInfo))

    195. 

  195.         {

    196. 

  196.             $importsurveyresourcesoutput .= "\t</ul><br />\n";

    197. 

  197.         }

    198. 

  198.     }

    199. 

  199.     else

    200. 

  200.     {

    201. 

  201.         $importsurveyresourcesoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    202. 

  202.         $importsurveyresourcesoutput .= sprintf ($clang->gT("An error occurred uploading your file. This may be caused by incorrect permissions in your %s folder."),$basedestdir)."<br /><br />\n";

    203. 

  203.         $importsurveyresourcesoutput .= "<input type='submit' value='".$clang->gT("Back")."' onclick=\"window.open('$scriptname?action=editsurvey&sid=$surveyid', '_top')\" />\n";

    204. 

  204.         $importsurveyresourcesoutput .= "</div>\n";

    205. 

  205.         return;

    206. 

  206.     }

    207. 

  207.     $importsurveyresourcesoutput .= "<input type='submit' value='".$clang->gT("Back")."' onclick=\"window.open('$scriptname?action=editsurvey&sid=$surveyid', '_top')\" />\n";

    208. 

  208.     $importsurveyresourcesoutput .= "</div>\n";

    209. 

  209. }

    210. 

  210. 

    211. 

  211. 

    212. 

  212. 

    213. 

  213. if ($action == "importlabelresources" && $lid)

    214. 

  214. {

    215. 

  215.     $importlabelresourcesoutput = "<div class='header ui-widget-header'>".$clang->gT("Import Label Set")."</div>\n";

    216. 

  216.     $importlabelresourcesoutput .= "<div class='messagebox ui-corner-all'>";

    217. 

  217. 

    218. 

  218.     if ($demoModeOnly === true)

    219. 

  219.     {

    220. 

  220.         $importlabelresourcesoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    221. 

  221.         $importlabelresourcesoutput .= sprintf ($clang->gT("Demo mode only: Uploading files is disabled in this system."),$basedestdir)."<br /><br />\n";

    222. 

  222.         $importlabelresourcesoutput .= "<input type='submit' value='".$clang->gT("Main Admin Screen")."' onclick=\"window.open('$scriptname?action=labels&lid=$lid', '_top')\" />\n";

    223. 

  223.         $importlabelresourcesoutput .= "</div>\n";

    224. 

  224.         return;

    225. 

  225.     }

    226. 

  226. 

    227. 

  227.     require("classes/phpzip/phpzip.inc.php");

    228. 

  228.     //$the_full_file_path = $tempdir . "/" . $_FILES['the_file']['name'];

    229. 

  229.     $zipfile=$_FILES['the_file']['tmp_name'];

    230. 

  230.     $z = new PHPZip();

    231. 

  231.     // Create temporary directory

    232. 

  232.     // If dangerous content is unzipped

    233. 

  233.     // then no one will know the path

    234. 

  234.     $extractdir=tempdir($tempdir);

    235. 

  235.     $basedestdir = $publicdir."/upload/labels";

    236. 

  236.     $destdir=$basedestdir."/$lid/";

    237. 

  237. 

    238. 

  238.     if (!is_writeable($basedestdir))

    239. 

  239.     {

    240. 

  240.         $importlabelresourcesoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    241. 

  241.         $importlabelresourcesoutput .= sprintf ($clang->gT("Incorrect permissions in your %s folder."),$basedestdir)."<br /><br />\n";

    242. 

  242.         $importlabelresourcesoutput .= "<input type='submit' value='".$clang->gT("Main Admin Screen")."' onclick=\"window.open('$scriptname?action=labels&lid=$lid', '_top')\" />\n";

    243. 

  243.         $importlabelresourcesoutput .= "</div>\n";

    244. 

  244.         return;

    245. 

  245.     }

    246. 

  246. 

    247. 

  247.     if (!is_dir($destdir))

    248. 

  248.     {

    249. 

  249.         mkdir($destdir);

    250. 

  250.     }

    251. 

  251. 

    252. 

  252.     $aImportedFilesInfo=null;

    253. 

  253.     $aErrorFilesInfo=null;

    254. 

  254. 

    255. 

  255. 

    256. 

  256.     if (is_file($zipfile))

    257. 

  257.     {

    258. 

  258.         $importlabelresourcesoutput .= "<div class=\"successheader\">".$clang->gT("Success")."</div><br />\n";

    259. 

  259.         $importlabelresourcesoutput .= $clang->gT("File upload succeeded.")."<br /><br />\n";

    260. 

  260.         $importlabelresourcesoutput .= $clang->gT("Reading file..")."<br /><br />\n";

    261. 

  261. 

    262. 

  262.         if ($z->extract($extractdir,$zipfile) != 'OK')

    263. 

  263.         {

    264. 

  264.             $importlabelresourcesoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    265. 

  265.             $importlabelresourcesoutput .= $clang->gT("This file is not a valid ZIP file archive. Import failed.")."<br /><br />\n";

    266. 

  266.             $importlabelresourcesoutput .= "<input type='submit' value='".$clang->gT("Main Admin Screen")."' onclick=\"window.open('$scriptname?action=labels&lid=$lid', '_top')\" />\n";

    267. 

  267.             $importlabelresourcesoutput .= "</div>\n";

    268. 

  268.             return;

    269. 

  269.         }

    270. 

  270. 

    271. 

  271.         // now read tempdir and copy authorized files only

    272. 

  272.         $dh = opendir($extractdir);

    273. 

  273.         while($direntry = readdir($dh))

    274. 

  274.         {

    275. 

  275.             if (($direntry!=".")&&($direntry!=".."))

    276. 

  276.             {

    277. 

  277.                 if (is_file($extractdir."/".$direntry))

    278. 

  278.                 { // is  a file

    279. 

  279.                     $extfile = substr(strrchr($direntry, '.'),1);

    280. 

  280.                     if  (!(stripos(','.$allowedresourcesuploads.',',','.$extfile.',') === false))

    281. 

  281.                     { //Extension allowed

    282. 

  282.                         if (!copy($extractdir."/".$direntry, $destdir.$direntry))

    283. 

  283.                         {

    284. 

  284.                             $aErrorFilesInfo[]=Array(

    285. 

  285. 								"filename" => $direntry,

    286. 

  286. 								"status" => $clang->gT("Copy failed")

    287. 

  287.                             );

    288. 

  288.                             unlink($extractdir."/".$direntry);

    289. 

  289. 

    290. 

  290.                         }

    291. 

  291.                         else

    292. 

  292.                         {

    293. 

  293.                             $aImportedFilesInfo[]=Array(

    294. 

  294. 								"filename" => $direntry,

    295. 

  295. 								"status" => $clang->gT("OK")

    296. 

  296.                             );

    297. 

  297.                             unlink($extractdir."/".$direntry);

    298. 

  298.                         }

    299. 

  299.                     }

    300. 

  300. 

    301. 

  301.                     else

    302. 

  302.                     { // Extension forbidden

    303. 

  303.                         $aErrorFilesInfo[]=Array(

    304. 

  304. 							"filename" => $direntry,

    305. 

  305. 							"status" => $clang->gT("Error")." (".$clang->gT("Forbidden Extension").")"

    306. 

  306. 							);

    307. 

  307. 							unlink($extractdir."/".$direntry);

    308. 

  308.                     }

    309. 

  309.                 } // end if is_file

    310. 

  310.             } // end if ! . or ..

    311. 

  311.         } // end while read dir

    312. 

  312. 

    313. 

  313. 

    314. 

  314.         //Delete the temporary file

    315. 

  315.         unlink($zipfile);

    316. 

  316.         //Delete temporary folder

    317. 

  317.         rmdir($extractdir);

    318. 

  318. 

    319. 

  319.         // display summary

    320. 

  320.         $okfiles = 0;

    321. 

  321.         $errfiles= 0;

    322. 

  322.         $ErrorListHeader .= "";

    323. 

  323.         $ImportListHeader .= "";

    324. 

  324.         if (is_null($aErrorFilesInfo) && !is_null($aImportedFilesInfo))

    325. 

  325.         {

    326. 

  326.             $status=$clang->gT("Success");

    327. 

  327.             $statusClass='successheader';

    328. 

  328.             $okfiles = count($aImportedFilesInfo);

    329. 

  329.             $ImportListHeader .= "<br /><strong><u>".$clang->gT("Imported Files List").":</u></strong><br />\n";

    330. 

  330.         }

    331. 

  331.         elseif (is_null($aErrorFilesInfo) && is_null($aImportedFilesInfo))

    332. 

  332.         {

    333. 

  333.             $importlabelresourcesoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    334. 

  334.             $importlabelresourcesoutput .= $clang->gT("This ZIP archive contains no valid Resources files. Import failed.")."<br /><br />\n";

    335. 

  335.             $importlabelresourcesoutput .= $clang->gT("Remember that we do not support subdirectories in ZIP archives.")."<br /><br />\n";

    336. 

  336.             $importlabelresourcesoutput .= "<input type='submit' value='".$clang->gT("Main Admin Screen")."' onclick=\"window.open('$scriptname?action=labels&lid=$lid', '_top')\" />\n";

    337. 

  337.             $importlabelresourcesoutput .= "</div>\n";

    338. 

  338.             return;

    339. 

  339.         }

    340. 

  340.         elseif (!is_null($aErrorFilesInfo) && !is_null($aImportedFilesInfo))

    341. 

  341.         {

    342. 

  342.             $status=$clang->gT("Partial");

    343. 

  343.             $statusClass='partialheader';

    344. 

  344.             $okfiles = count($aImportedFilesInfo);

    345. 

  345.             $errfiles = count($aErrorFilesInfo);

    346. 

  346.             $ErrorListHeader .= "<br /><strong><u>".$clang->gT("Error Files List").":</u></strong><br />\n";

    347. 

  347.             $ImportListHeader .= "<br /><strong><u>".$clang->gT("Imported Files List").":</u></strong><br />\n";

    348. 

  348.         }

    349. 

  349.         else

    350. 

  350.         {

    351. 

  351.             $status=$clang->gT("Error");

    352. 

  352.             $statusClass='warningheader';

    353. 

  353.             $errfiles = count($aErrorFilesInfo);

    354. 

  354.             $ErrorListHeader .= "<br /><strong><u>".$clang->gT("Error Files List").":</u></strong><br />\n";

    355. 

  355.         }

    356. 

  356. 

    357. 

  357.         $importlabelresourcesoutput .= "<strong>".$clang->gT("Imported Resources for")." LID:</strong> $lid<br /><br />\n";

    358. 

  358.         $importlabelresourcesoutput .= "<div class=\"".$statusClass."\">".$status."</div><br />\n";

    359. 

  359.         $importlabelresourcesoutput .= "<strong><u>".$clang->gT("Resources Import Summary")."</u></strong><br />\n";

    360. 

  360.         $importlabelresourcesoutput .= "".$clang->gT("Total Imported files").": $okfiles<br />\n";

    361. 

  361.         $importlabelresourcesoutput .= "".$clang->gT("Total Errors").": $errfiles<br />\n";

    362. 

  362.         $importlabelresourcesoutput .= $ImportListHeader;

    363. 

  363.         foreach ($aImportedFilesInfo as $entry)

    364. 

  364.         {

    365. 

  365.             $importlabelresourcesoutput .= "\t<li>".$clang->gT("File").": ".$entry["filename"]."</li>\n";

    366. 

  366.         }

    367. 

  367.         if (!is_null($aImportedFilesInfo))

    368. 

  368.         {

    369. 

  369.             $importlabelresourcesoutput .= "\t</ul><br />\n";

    370. 

  370.         }

    371. 

  371.         $importlabelresourcesoutput .= $ErrorListHeader;

    372. 

  372.         foreach ($aErrorFilesInfo as $entry)

    373. 

  373.         {

    374. 

  374.             $importlabelresourcesoutput .= "\t<li>".$clang->gT("File").": ".$entry['filename']." (".$entry['status'].")</li>\n";

    375. 

  375.         }

    376. 

  376.         if (!is_null($aErrorFilesInfo))

    377. 

  377.         {

    378. 

  378.             $importlabelresourcesoutput .= "\t</ul><br />\n";

    379. 

  379.         }

    380. 

  380.     }

    381. 

  381.     else

    382. 

  382.     {

    383. 

  383.         $importlabelresourcesoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    384. 

  384.         $importlabelresourcesoutput .= sprintf ($clang->gT("An error occurred uploading your file. This may be caused by incorrect permissions in your %s folder."),$basedestdir)."<br /><br />\n";

    385. 

  385.         $importlabelresourcesoutput .= "<input type='submit' value='".$clang->gT("Main Admin Screen")."' onclick=\"window.open('$scriptname?action=labels&lid=$lid', '_top')\" />\n";

    386. 

  386.         $importlabelresourcesoutput .= "</div>\n";

    387. 

  387.         return;

    388. 

  388.     }

    389. 

  389.     $importlabelresourcesoutput .= "<input type='submit' value='".$clang->gT("Back")."' onclick=\"window.open('$scriptname?action=labels&lid=$lid', '_top')\">\n";

    390. 

  390.     $importlabelresourcesoutput .= "</div>\n";

    391. 

  391. }

    392. 

  392. 

    393. 

  393. 

    394. 

  394. 

    395. 

  395. if ($action == "templateupload")

    396. 

  396. {

    397. 

  397.     $importtemplateoutput = "<div class='header ui-widget-header'>".$clang->gT("Import template")."</div>\n";

    398. 

  398.     $importtemplateoutput .= "<div class='messagebox ui-corner-all'>";

    399. 

  399. 

    400. 

  400.     if ($demoModeOnly === true)

    401. 

  401.     {

    402. 

  402.         $importtemplateoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    403. 

  403.         $importtemplateoutput .= sprintf ($clang->gT("Demo mode: Uploading templates is disabled."),$basedestdir)."<br/><br/>\n";

    404. 

  404.         $importtemplateoutput .= "<br/><input type=\"submit\" onclick=\"window.open('$scriptname?action=templates', '_top')\" value=\"".$clang->gT("Template Editor")."\"/>\n";

    405. 

  405.         $importtemplateoutput .= "</div>\n";

    406. 

  406.         return;

    407. 

  407.     }

    408. 

  408. 

    409. 

  409.     require("classes/phpzip/phpzip.inc.php");

    410. 

  410.     //$the_full_file_path = $tempdir . "/" . $_FILES['the_file']['name'];

    411. 

  411.     $zipfile=$_FILES['the_file']['tmp_name'];

    412. 

  412.     $z = new PHPZip();

    413. 

  413.     // Create temporary directory

    414. 

  414.     // If dangerous content is unzipped

    415. 

  415.     // then no one will know the path

    416. 

  416.     $extractdir=tempdir($tempdir);

    417. 

  417.     $basedestdir = $usertemplaterootdir;

    418. 

  418.     $newdir=str_replace('.','',strip_ext(sanitize_paranoid_string($_FILES['the_file']['name'])));

    419. 

  419.     $destdir=$basedestdir.'/'.$newdir.'/';

    420. 

  420. 

    421. 

  421.     if (!is_writeable($basedestdir))

    422. 

  422.     {

    423. 

  423.         $importtemplateoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    424. 

  424.         $importtemplateoutput .= sprintf ($clang->gT("Incorrect permissions in your %s folder."),$basedestdir)."<br/><br/>\n";

    425. 

  425.         $importtemplateoutput .= "<br/><input type=\"submit\" onclick=\"window.open('$scriptname?action=templates', '_top')\" value=\"".$clang->gT("Template Editor")."\"/>\n";

    426. 

  426.         $importtemplateoutput .= "</div>\n";

    427. 

  427.         return;

    428. 

  428.     }

    429. 

  429. 

    430. 

  430.     if (!is_dir($destdir))

    431. 

  431.     {

    432. 

  432.         mkdir($destdir);

    433. 

  433.     }

    434. 

  434.     else

    435. 

  435.     {

    436. 

  436.         $importtemplateoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    437. 

  437.         $importtemplateoutput .= sprintf ($clang->gT("Template '%s' does already exist."),$newdir)."<br/><br/>\n";

    438. 

  438.         $importtemplateoutput .= "<br/><input type=\"submit\" onclick=\"window.open('$scriptname?action=templates', '_top')\" value=\"".$clang->gT("Template Editor")."\"/>\n";

    439. 

  439.         $importtemplateoutput .= "</div>\n";

    440. 

  440.         return;

    441. 

  441.     }

    442. 

  442. 

    443. 

  443.     $aImportedFilesInfo=array();

    444. 

  444.     $aErrorFilesInfo=array();

    445. 

  445. 

    446. 

  446. 

    447. 

  447.     if (is_file($zipfile))

    448. 

  448.     {

    449. 

  449.         $importtemplateoutput .= "<div class=\"successheader\">".$clang->gT("Success")."</div><br />\n";

    450. 

  450.         $importtemplateoutput .= $clang->gT("File upload succeeded.")."<br /><br />\n";

    451. 

  451.         $importtemplateoutput .= $clang->gT("Reading file..")."<br /><br />\n";

    452. 

  452. 

    453. 

  453.         if ($z->extract($extractdir,$zipfile) != 'OK')

    454. 

  454.         {

    455. 

  455.             $importtemplateoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    456. 

  456.             $importtemplateoutput .= $clang->gT("This file is not a valid ZIP file archive. Import failed.")."<br/><br/>\n";

    457. 

  457.             $importtemplateoutput .= "<br/><input type=\"submit\" onclick=\"window.open('$scriptname?action=templates', '_top')\" value=\"".$clang->gT("Template Editor")."\"/>\n";

    458. 

  458.             $importtemplateoutput .= "</div>\n";

    459. 

  459.             return;

    460. 

  460.         }

    461. 

  461. 

    462. 

  462.         $ErrorListHeader = "";

    463. 

  463.         $ImportListHeader = "";

    464. 

  464. 

    465. 

  465.         // now read tempdir and copy authorized files only

    466. 

  466.         $dh = opendir($extractdir);

    467. 

  467.         while($direntry = readdir($dh))

    468. 

  468.         {

    469. 

  469.             if (($direntry!=".")&&($direntry!=".."))

    470. 

  470.             {

    471. 

  471.                 if (is_file($extractdir."/".$direntry))

    472. 

  472.                 { // is  a file

    473. 

  473.                     $extfile = substr(strrchr($direntry, '.'),1);

    474. 

  474.                     if  (!(stripos(','.$allowedresourcesuploads.',',','.$extfile.',') === false))

    475. 

  475.                     { //Extension allowed

    476. 

  476.                         if (!copy($extractdir."/".$direntry, $destdir.$direntry))

    477. 

  477.                         {

    478. 

  478.                             $aErrorFilesInfo[]=Array(

    479. 

  479.                                 "filename" => $direntry,

    480. 

  480.                                 "status" => $clang->gT("Copy failed")

    481. 

  481.                             );

    482. 

  482.                             unlink($extractdir."/".$direntry);

    483. 

  483. 

    484. 

  484.                         }

    485. 

  485.                         else

    486. 

  486.                         {

    487. 

  487.                             $aImportedFilesInfo[]=Array(

    488. 

  488.                                 "filename" => $direntry,

    489. 

  489.                                 "status" => $clang->gT("OK")

    490. 

  490.                             );

    491. 

  491.                             unlink($extractdir."/".$direntry);

    492. 

  492.                         }

    493. 

  493.                     }

    494. 

  494. 

    495. 

  495.                     else

    496. 

  496.                     { // Extension forbidden

    497. 

  497.                         $aErrorFilesInfo[]=Array(

    498. 

  498.                             "filename" => $direntry,

    499. 

  499.                             "status" => $clang->gT("Error")." (".$clang->gT("Forbidden Extension").")"

    500. 

  500.                             );

    501. 

  501.                             unlink($extractdir."/".$direntry);

    502. 

  502.                     }

    503. 

  503.                 } // end if is_file

    504. 

  504.             } // end if ! . or ..

    505. 

  505.         } // end while read dir

    506. 

  506. 

    507. 

  507. 

    508. 

  508.         //Delete the temporary file

    509. 

  509.         unlink($zipfile);

    510. 

  510.         closedir($dh);

    511. 

  511.         //Delete temporary folder

    512. 

  512.         rmdir($extractdir);

    513. 

  513. 

    514. 

  514.         // display summary

    515. 

  515.         $okfiles = 0;

    516. 

  516.         $errfiles= 0;

    517. 

  517.         if (count($aErrorFilesInfo)==0 && count($aImportedFilesInfo)>0)

    518. 

  518.         {

    519. 

  519.             $status=$clang->gT("Success");

    520. 

  520.             $statusClass='successheader';

    521. 

  521.             $okfiles = count($aImportedFilesInfo);

    522. 

  522.             $ImportListHeader .= "<br /><strong><u>".$clang->gT("Imported Files List").":</u></strong><br />\n";

    523. 

  523.         }

    524. 

  524.         elseif (count($aErrorFilesInfo)==0 && count($aImportedFilesInfo)==0)

    525. 

  525.         {

    526. 

  526.             $importtemplateoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    527. 

  527.             $importtemplateoutput .= $clang->gT("This ZIP archive contains no valid template files. Import failed.")."<br /><br />\n";

    528. 

  528.             $importtemplateoutput .= $clang->gT("Remember that we do not support subdirectories in ZIP archives.")."<br/><br/>\n";

    529. 

  529.             $importtemplateoutput .= "<br/><input type=\"submit\" onclick=\"window.open('$scriptname?action=templates', '_top')\" value=\"".$clang->gT("Template Editor")."\"/>\n";

    530. 

  530.             $importtemplateoutput .= "</div>\n";

    531. 

  531.             return;

    532. 

  532. 

    533. 

  533.         }

    534. 

  534.         elseif (count($aErrorFilesInfo)>0 && count($aImportedFilesInfo)>0)

    535. 

  535.         {

    536. 

  536.             $status=$clang->gT("Partial");

    537. 

  537.             $statusClass='partialheader';

    538. 

  538.             $okfiles = count($aImportedFilesInfo);

    539. 

  539.             $errfiles = count($aErrorFilesInfo);

    540. 

  540.             $ErrorListHeader .= "<br /><strong><u>".$clang->gT("Error Files List").":</u></strong><br />\n";

    541. 

  541.             $ImportListHeader .= "<br /><strong><u>".$clang->gT("Imported Files List").":</u></strong><br />\n";

    542. 

  542.         }

    543. 

  543.         else

    544. 

  544.         {

    545. 

  545.             $status=$clang->gT("Error");

    546. 

  546.             $statusClass='warningheader';

    547. 

  547.             $errfiles = count($aErrorFilesInfo);

    548. 

  548.             $ErrorListHeader .= "<br /><strong><u>".$clang->gT("Error Files List").":</u></strong><br />\n";

    549. 

  549.         }

    550. 

  550. 

    551. 

  551.         $importtemplateoutput .= "<strong>".$clang->gT("Imported template files for")."</strong> $lid<br /><br />\n";

    552. 

  552.         $importtemplateoutput .= "<div class=\"".$statusClass."\">".$status."</div><br />\n";

    553. 

  553.         $importtemplateoutput .= "<strong><u>".$clang->gT("Resources Import Summary")."</u></strong><br />\n";

    554. 

  554.         $importtemplateoutput .= "".$clang->gT("Total Imported files").": $okfiles<br />\n";

    555. 

  555.         $importtemplateoutput .= "".$clang->gT("Total Errors").": $errfiles<br />\n";

    556. 

  556.         $importtemplateoutput .= $ImportListHeader;

    557. 

  557.         foreach ($aImportedFilesInfo as $entry)

    558. 

  558.         {

    559. 

  559.             $importtemplateoutput .= "\t<li>".$clang->gT("File").": ".$entry["filename"]."</li>\n";

    560. 

  560.         }

    561. 

  561.         if (!is_null($aImportedFilesInfo))

    562. 

  562.         {

    563. 

  563.             $importtemplateoutput .= "\t</ul><br />\n";

    564. 

  564.         }

    565. 

  565.         $importtemplateoutput .= $ErrorListHeader;

    566. 

  566.         foreach ($aErrorFilesInfo as $entry)

    567. 

  567.         {

    568. 

  568.             $importtemplateoutput .= "\t<li>".$clang->gT("File").": ".$entry['filename']." (".$entry['status'].")</li>\n";

    569. 

  569.         }

    570. 

  570.         if (!is_null($aErrorFilesInfo))

    571. 

  571.         {

    572. 

  572.             $importtemplateoutput .= "\t</ul><br />\n";

    573. 

  573.         }

    574. 

  574.     }

    575. 

  575.     else

    576. 

  576.     {

    577. 

  577.         $importtemplateoutput .= "<div class=\"warningheader\">".$clang->gT("Error")."</div><br />\n";

    578. 

  578.         $importtemplateoutput .= sprintf ($clang->gT("An error occurred uploading your file. This may be caused by incorrect permissions in your %s folder."),$basedestdir)."<br/><br/>\n";

    579. 

  579.         $importtemplateoutput .= "<br/><input type=\"submit\" onclick=\"window.open('$scriptname?action=templates', '_top')\" value=\"".$clang->gT("Template Editor")."\"/>\n";

    580. 

  580.         $importtemplateoutput .= "</div>\n";

    581. 

  581.         return;

    582. 

  582.     }

    583. 

  583.     $importtemplateoutput .= "<input type='submit' value='".$clang->gT("Open imported template")."' onclick=\"window.open('$scriptname?action=templates&templatename=$newdir', '_top')\"/>\n";

    584. 

  584.     $importtemplateoutput .= "</div>\n";

    585. 

  585. }

    586. 

  586. 

    587. 

  587. 

    588. 

  588. //---------------------

    589. 

  589. // Comes from http://fr2.php.net/tempnam

    590. 

  590. function tempdir($dir, $prefix='', $mode=0700)

    591. 

  591. {

    592. 

  592.     if (substr($dir, -1) != '/') $dir .= '/';

    593. 

  593. 

    594. 

  594.     do

    595. 

  595.     {

    596. 

  596.         $path = $dir.$prefix.mt_rand(0, 9999999);

    597. 

  597.     } while (!mkdir($path, $mode));

    598. 

  598. 

    599. 

  599.     return $path;

    600. 

  600. }

    601. 

  601. 

    602. 

  602. /**

    603. 

  603.  * Strips file extension

    604. 

  604.  *

    605. 

  605.  * @param string $name

    606. 

  606.  * @return string

    607. 

  607.  */

    608. 

  608. function strip_ext($name)

    609. 

  609. {

    610. 

  610.     $ext = strrchr($name, '.');

    611. 

  611.     if($ext !== false)

    612. 

  612.     {

    613. 

  613.         $name = substr($name, 0, -strlen($ext));

    614. 

  614.     }

    615. 

  615.     return $name;

    616. 

  616. }

    617. 

  617. 

    618. 

  618. ?>

    619. 

  619.