PageRenderTime 55ms CodeModel.GetById 27ms RepoModel.GetById 0ms app.codeStats 1ms

/vendor/ajexfilemanager/ajax/php/ajax.php

https://bitbucket.org/seyar/ari100krat.local
PHP | 294 lines | 246 code | 24 blank | 24 comment | 31 complexity | 743fc739954a6d65d5481cb214ed18f2 MD5 | raw file
Possible License(s): BSD-3-Clause, LGPL-2.1
  1. <?php
  2. /**
  3. * Ajex.FileManager
  4. * http://demphest.ru/ajex-filemanager
  5. *
  6. * @version
  7. * 1.0.2 (12 March 2010)
  8. *
  9. * @copyright
  10. * Copyright (C) 2009-2010 Demphest Gorphek
  11. *
  12. * @license
  13. * Dual licensed under the MIT and GPL licenses.
  14. * http://www.opensource.org/licenses/mit-license.php
  15. * http://www.gnu.org/licenses/gpl.html
  16. *
  17. * Ajex.FileManager is free software: you can redistribute it and/or modify
  18. * it under the terms of the GNU Lesser General Public License as published by
  19. * the Free Software Foundation, either version 3 of the License, or
  20. * (at your option) any later version.
  21. *
  22. * This file is part of Ajex.FileManager.
  23. */
  24. header('Expires: Sun, 13 Sep 2009 00:00:00 GMT');
  25. header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
  26. header('Cache-Control: no-store, no-cache, must-revalidate');
  27. header('Cache-Control: post-check=0, pre-check=0', false);
  28. header('Pragma: no-cache') ;
  29. //header('Content-Type: text/json; charset=utf-8');
  30. define('DEV', TRUE);
  31. if (DEV) {
  32. error_reporting(E_ALL);
  33. ini_set('display_errors', 'on');
  34. ini_set('display_startup_errors', 'on');
  35. } else {
  36. error_reporting(0);
  37. ini_set('display_errors', 'off');
  38. ini_set('display_startup_errors', 'off');
  39. }
  40. session_id($_COOKIE['session_name']);
  41. session_start();
  42. if (!isset($_SESSION['user_id'])) {exit;} // Do not forget to add your user authorization
  43. define('DIR_SEP', '/');
  44. mb_internal_encoding('utf-8');
  45. date_default_timezone_set('Europe/Kiev');
  46. $cfg['url'] = '/static/media/';
  47. $cfg['root'] = dirname(__FILE__).'/../../../..'.$cfg['url'];
  48. $cfg['quickdir'] = '';
  49. $cfg['lang'] = 'ru';
  50. $cfg['thumb']['width'] = 150;
  51. $cfg['thumb']['height'] = 120;
  52. $cfg['thumb']['quality'] = 80;
  53. $cfg['thumb']['cut'] = true;
  54. $cfg['thumb']['auto'] = true;
  55. $cfg['thumb']['dir'] = '_thumb';
  56. $cfg['thumb']['date'] = "j.m.Y, H:i";
  57. $cfg['hide']['file'] = array('.htaccess');
  58. $cfg['hide']['folder'] = array('.', '..', $cfg['thumb']['dir'], '.svn', '.cvs');
  59. $cfg['chmod']['file'] = 0777;
  60. $cfg['chmod']['folder'] = 0777;
  61. $cfg['deny'] = array(
  62. 'file' => array('php','php3','php4','php5','phtml','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','dll','reg','cgi'),
  63. 'flash' => array(),
  64. 'image' => array(),
  65. 'media' => array(),
  66. 'folder' => array(
  67. $cfg['url'] . DIR_SEP . 'file',
  68. $cfg['url'] . DIR_SEP . 'flash',
  69. $cfg['url'] . DIR_SEP . 'image',
  70. $cfg['url'] . DIR_SEP . 'media')
  71. );
  72. $cfg['allow'] = array(
  73. 'file' => array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip'),
  74. 'flash' => array('swf', 'flv'),
  75. 'image' => array('jpg', 'jpeg', 'gif', 'png', 'bmp'),
  76. 'media' => array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv')
  77. );
  78. $cfg['nameRegAllow'] = '/^[a-z0-9-_#~\$%()\[\]&=]+/i';
  79. // ------------------
  80. $cfg['url'] = trim($cfg['url'], '/\\');
  81. $cfg['root'] = rtrim($cfg['root'], '/\\') . DIR_SEP;
  82. $dir = isset($_POST['dir'])? urldecode($_POST['dir']) : '';
  83. $dir = trim($dir, '/\\') . DIR_SEP;
  84. $rpath = str_replace('\\', DIR_SEP, realpath($cfg['root'] . $dir) . DIR_SEP);
  85. if (false === strpos($rpath, str_replace('\\', DIR_SEP, $dir))) {$dir = '';}
  86. $mode = isset($_GET['mode'])? $_GET['mode'] : 'getDirs';
  87. $cfg['type'] = isset($_POST['type'])? $_POST['type'] : (isset($_GET['type']) && 'QuickUpload' == $mode? $_GET['type'] : 'file');
  88. $cfg['sort'] = isset($_POST['sort'])? $_POST['sort'] : 'name';
  89. $cfg['type'] = strtolower($cfg['type']);
  90. $reply = array(
  91. 'dirs' => array(),
  92. 'files' => array()
  93. );
  94. // ------------------
  95. require_once 'lib.php';
  96. switch($mode) {
  97. case 'cfg':
  98. $rootDir = listDirs('');
  99. $children = array();
  100. for ($i=-1, $iCount=count($rootDir); ++$i<$iCount;) {
  101. $children[] = (object) $rootDir[$i];
  102. }
  103. $reply['config'] = array(
  104. 'lang' => $cfg['lang'],
  105. 'type' => $cfg['type'],
  106. 'url' => '/' . $cfg['url'] . '/',
  107. 'thumb' => $cfg['thumb']['dir'],
  108. 'thumbWidth' => $cfg['thumb']['width'],
  109. 'thumbHeight' => $cfg['thumb']['height'],
  110. 'maxUpload' => ini_get('upload_max_filesize'),
  111. 'allow' => implode('|', $cfg['allow'][$cfg['type']]),
  112. 'children' => $children
  113. );
  114. break;
  115. case 'renameFile':
  116. $file = trim(urldecode($_POST['oldname']), '/\\.');
  117. $name = urldecode($_POST['newname']);
  118. if ($file != $name && preg_match($cfg['nameRegAllow'], $name) && file_exists($cfg['root']) . $dir . $file) {
  119. if (file_exists($_thumb = $cfg['root'] . $cfg['thumb']['dir'] . DIR_SEP . $dir . DIR_SEP . $file)) {
  120. unlink($_thumb);
  121. }
  122. if (file_exists($cfg['root'] . $dir . $name)) {
  123. $name = getFreeFileName($name, $cfg['root'] . $dir);
  124. }
  125. if (false !== strpos($name, '.')) {
  126. $ext = substr($name, strrpos($name, '.') + 1);
  127. if (in_array($ext, $cfg['allow']['image'])) {
  128. rename($cfg['root'] . $dir . $file, $cfg['root'] . $dir . $name);
  129. }
  130. }
  131. }
  132. $reply['files'] = listFiles($dir);
  133. break;
  134. case 'createFolder':
  135. $path = trim(urldecode($_POST['oldname']), '/\\.');
  136. $name = urldecode($_POST['newname']);
  137. $reply['isSuccess'] = false;
  138. if (preg_match($cfg['nameRegAllow'], $name)) {
  139. if (!file_exists($cfg['root'] . $path . DIR_SEP . $name)) {
  140. $reply['isSuccess'] = mkdir($cfg['root'] . $path . DIR_SEP . $name, $cfg['chmod']['folder']);
  141. } else {
  142. $reply['isSuccess'] = 'exist';
  143. }
  144. }
  145. break;
  146. case 'renameFolder':
  147. $folder = urldecode($_POST['oldname']);
  148. $name = urldecode($_POST['newname']);
  149. $folder = trim($folder, '/\\.');
  150. $reply['isSuccess'] = false;
  151. if (!empty($folder) && $cfg['url'] != $folder && $folder != $name && !in_array($cfg['url'] . DIR_SEP . $folder, $cfg['deny']['folder']) && preg_match($cfg['nameRegAllow'], $name) && is_dir($cfg['root']) . $folder) {
  152. $reply['isSuccess'] = rename($cfg['root'] . $folder, $cfg['root'] . substr($folder, 0, strrpos($folder, '/')) . DIR_SEP . $name);
  153. }
  154. break;
  155. case 'deleteFolder':
  156. $reply['isDelete'] = false;
  157. $folder = trim($dir, '/\\');
  158. if (!empty($folder) && $cfg['url'] != $folder && !in_array($cfg['url'] . DIR_SEP . $folder, $cfg['deny']['folder'])) {
  159. deleteDir($cfg['root'] . $cfg['thumb']['dir'] . DIR_SEP. $folder);
  160. $reply['isDelete'] = deleteDir($cfg['root'] . $folder);
  161. }
  162. break;
  163. case 'uploads':
  164. $reply['downloaded'] = array();
  165. $width = isset($_POST['resizeWidth'])? intval($_POST['resizeWidth']) : 0;
  166. $height = isset($_POST['resizeHeight'])? intval($_POST['resizeHeight']): 0;
  167. $key = 'uploadFiles';
  168. if (!empty($dir) && '/' != $dir && !empty($_FILES[$key])) {
  169. for ($i=-1, $iCount=count($_FILES[$key]['name']); ++$i<$iCount;) {
  170. $ext = substr($_FILES[$key]['name'][$i], strrpos($_FILES[$key]['name'][$i], '.') + 1);
  171. if (!in_array($ext, $cfg['deny'][$cfg['type']]) && in_array($ext, $cfg['allow'][$cfg['type']])) {
  172. $freeName = getFreeFileName($_FILES[$key]['name'][$i], $cfg['root'] . $dir);
  173. if (in_array($ext, $cfg['allow']['image'])) {
  174. if ($width || $height) {
  175. create_thumbnail($_FILES[$key]['tmp_name'][$i], $cfg['root'] . $dir . $freeName, $width, $height, 100, false, true);
  176. chmod($cfg['root'] . $dir . $freeName, $cfg['chmod']['file']);
  177. } else {
  178. if (move_uploaded_file($_FILES[$key]['tmp_name'][$i], $cfg['root'] . $dir . $freeName)) {
  179. chmod($cfg['root'] . $dir . $freeName, $cfg['chmod']['file']);
  180. if ($cfg['thumb']['auto']) {
  181. create_thumbnail($cfg['root'] . $dir . $freeName, $cfg['root'] . $cfg['thumb']['dir'] . DIR_SEP . $dir . DIR_SEP. $freeName);
  182. chmod($cfg['root'] . $cfg['thumb']['dir'] . DIR_SEP . $dir . DIR_SEP. $freeName, $cfg['chmod']['file']);
  183. }
  184. $reply['downloaded'][] = array(true, $freeName);
  185. } else {
  186. $reply['downloaded'][] = array(false, $freeName);
  187. }
  188. }
  189. } else {
  190. if (move_uploaded_file($_FILES[$key]['tmp_name'][$i], $cfg['root'] . $dir . $freeName)) {
  191. chmod($cfg['root'] . $dir . $freeName, $cfg['chmod']['file']);
  192. $reply['downloaded'][] = array(true, $freeName);
  193. } else {
  194. $reply['downloaded'][] = array(false, $freeName);
  195. }
  196. }
  197. } else {
  198. $reply['downloaded'][] = array(false, $_FILES[$key]['name'][$i]);
  199. }
  200. }
  201. }
  202. break;
  203. case 'QuickUpload':
  204. switch ($cfg['type']) {
  205. case 'file':
  206. case 'flash':
  207. case 'image':
  208. case 'media':
  209. $dir = $cfg['type'];
  210. break;
  211. default:
  212. exit; // exit for not supported type
  213. break;
  214. }
  215. if (!is_dir($toDir = $cfg['root'] . $dir . DIR_SEP . $cfg['quickdir'])) {
  216. mkdirs($toDir, $cfg['chmod']['folder']);
  217. }
  218. if (0 == ($_FILES['upload']['error'])) {
  219. $fileName = getFreeFileName($_FILES['upload']['name'], $toDir);
  220. if (move_uploaded_file($_FILES['upload']['tmp_name'], $toDir . DIR_SEP . $fileName)) {
  221. $result = "<script type=\"text/javascript\">window.parent.CKEDITOR.tools.callFunction(2, '/". $cfg['url'] . '/' . $dir . '/' . (empty($cfg['quickdir'])? '' : trim($cfg['quickdir'], '/\\') . '/') . $fileName."', '');</script>";
  222. }
  223. }
  224. exit($result);
  225. break;
  226. case 'deleteFiles':
  227. $files = urldecode($_POST['files']);
  228. $files = explode('::', $files);
  229. for ($i=-1, $iCount=count($files); ++$i<$iCount;) {
  230. unlink($cfg['root'] . $dir . $files[$i]);
  231. file_exists($_thumb = $cfg['root'] . $cfg['thumb']['dir'] . DIR_SEP. $dir . DIR_SEP . $files[$i])? unlink($_thumb): null;
  232. }
  233. $reply['files'] = listFiles($dir);
  234. break;
  235. case 'getFiles':
  236. $reply['files'] = listFiles($dir);
  237. break;
  238. case 'getDirs':
  239. $reply['dirs'] = listDirs($dir);
  240. break;
  241. default:
  242. exit;
  243. break;
  244. }
  245. if (isset($_GET['noJson'])) {echo'<pre>';print_r($reply);echo'</pre>';exit;}
  246. exit( json_encode( $reply ) );