PageRenderTime 60ms CodeModel.GetById 28ms RepoModel.GetById 0ms app.codeStats 1ms

/admin/filemanager/uploader/jupload.php

https://github.com/3ceproj/projet-universite
PHP | 772 lines | 561 code | 44 blank | 167 comment | 180 complexity | 13efd0ab53bf41288b52ca3f8f7bd3e7 MD5 | raw file
Possible License(s): LGPL-2.1, MPL-2.0-no-copyleft-exception
  1. <?php
  2. /**
  3. * This class manage upload, with use of the JUpload applet. It's both a sample to show how to use the applet, and
  4. * a class you can use directly into your own application.
  5. *
  6. * Recommandation: Don't update its code !
  7. *
  8. * By doing this, you'll be able to reuse directly any update coming from the JUpload project, instead of reporting your
  9. * modifications into any new version of this class. This guarantees you that your project can use the last version of
  10. * JUpload, without any code modification. We work so that the applet behavior remains unchanged, but from time to time,
  11. * a change can appear.
  12. *
  13. * Sample:
  14. * - See the index.php samples, in the same folder.
  15. *
  16. * Notes:
  17. * - maxChunkSize: this class use a default maxChunkSize of 500K (or less, depending on the script max size). This allows
  18. * upload of FILES OF ANY SIZE on quite all ISP hosting. If it's too big for you (the max upload size of your ISP is less
  19. * than 500K), or if you want no chunk at all, you can, of course, override this default value.
  20. *
  21. *
  22. *
  23. * Parameters:
  24. * - $appletparams contains a map for applet parameters: key is the applet parameter name. The value is the value to transmit
  25. * to the applet. See the applet documentation for information on all applet parameters.
  26. * - $classparams contains the parameter specific for the JUpload class below. Here are the main class parameters:
  27. * - demo_mode. Files are uploaded to the server, but not stored on its hard drive. That is: you can simulate the global
  28. * behavior, but won't consume hard drive space. This mode is used on sourceforge web site.
  29. *
  30. *
  31. * Output generated for uploaded files:
  32. * - $files is an array of array. This can be managed by (a) the function given in the callbackAfterUploadManagement class
  33. * parameter, or (b) within the page whose URL is given in the afterUploadURL applet parameter, or (c) you can Extend the
  34. * class and redeclare defaultAfterUploadManagement() to your needs.
  35. * See the defaultAfterUploadManagement() for a sample on howto manage this array.
  36. *
  37. * This array contains:
  38. * - One entry per file. Each entry is an array, that contains all files properties, stored as $key=>$value.
  39. * The available keys are:
  40. * - name: the filename, as it is now stored on the system.
  41. * - size: the file size
  42. * - path: the absolute path, where the file has been stored.
  43. * - fullName: the canonical file name (i.e. including the absolute path)
  44. * - md5sum: the md5sum of the file, if further control is needed.
  45. * - mimetype: the calculated mime type of the file
  46. * - If the formData applet parameter is used: all attributes (key and value) uploaded by the applet, are put here,
  47. * repeated for each file.
  48. *
  49. * Note: if you are using a callback function (i.e. callbackAfterUploadManagement) and you do not see a global 'object' you
  50. * are expecting then it might have been destroyed by PHP - c.f. http://bugs.php.net/bug.php?id=39693
  51. *
  52. */
  53. class JUpload {
  54. var $appletparams;
  55. var $classparams;
  56. var $files;
  57. public function JUpload($appletparams = array(), $classparams = array()) {
  58. if (gettype($classparams) != 'array')
  59. $this->abort('Invalid type of parameter classparams: Expecting an array');
  60. if (gettype($appletparams) != 'array')
  61. $this->abort('Invalid type of parameter appletparams: Expecting an array');
  62. // set some defaults for the applet params
  63. if (!isset($appletparams['afterUploadURL']))
  64. $appletparams['afterUploadURL'] = $_SERVER['PHP_SELF'] . '?afterupload=1';
  65. if (!isset($appletparams['name']))
  66. $appletparams['name'] = 'JUpload';
  67. if (!isset($appletparams['archive']))
  68. $appletparams['archive'] = 'wjhk.jupload.jar';
  69. if (!isset($appletparams['code']))
  70. $appletparams['code'] = 'wjhk.jupload2.JUploadApplet';
  71. if (!isset($appletparams['debugLevel']))
  72. $appletparams['debugLevel'] = 0;
  73. if (!isset($appletparams['httpUploadParameterType']))
  74. $appletparams['httpUploadParameterType'] = 'array';
  75. if (!isset($appletparams['showLogWindow']))
  76. $appletparams['showLogWindow'] = ($appletparams['debugLevel'] > 0) ? 'true' : 'false';
  77. if (!isset($appletparams['width']))
  78. $appletparams['width'] = 640;
  79. if (!isset($appletparams['height']))
  80. $appletparams['height'] = ($appletparams['showLogWindow'] == 'true') ? 500 : 300;
  81. if (!isset($appletparams['mayscript']))
  82. $appletparams['mayscript'] = 'true';
  83. if (!isset($appletparams['scriptable']))
  84. $appletparams['scriptable'] = 'false';
  85. //if (!isset($appletparams['stringUploadSuccess']))
  86. $appletparams['stringUploadSuccess'] = 'SUCCESS';
  87. //if (!isset($appletparams['stringUploadError']))
  88. $appletparams['stringUploadError'] = 'ERROR: (.*)';
  89. $maxpost = $this->tobytes(ini_get('post_max_size'));
  90. $maxmem = $this->tobytes(ini_get('memory_limit'));
  91. $maxfs = $this->tobytes(ini_get('upload_max_filesize'));
  92. $obd = ini_get('open_basedir');
  93. if (!isset($appletparams['maxChunkSize'])) {
  94. $maxchunk = ($maxpost < $maxmem) ? $maxpost : $maxmem;
  95. $maxchunk = ($maxchunk < $maxfs) ? $maxchunk : $maxfs;
  96. $maxchunk /= 4;
  97. $optchunk = (500000 > $maxchunk) ? $maxchunk : 500000;
  98. $appletparams['maxChunkSize'] = $optchunk;
  99. }
  100. $appletparams['maxChunkSize'] = $this->tobytes($appletparams['maxChunkSize']);
  101. if (!isset($appletparams['maxFileSize']))
  102. $appletparams['maxFileSize'] = $maxfs;
  103. $appletparams['maxFileSize'] = $this->tobytes($appletparams['maxFileSize']);
  104. if (isset($classparams['errormail'])) {
  105. $appletparams['urlToSendErrorTo'] = $_SERVER["PHP_SELF"] . '?errormail';
  106. }
  107. // Same for class parameters
  108. if (!isset($classparams['demo_mode']))
  109. $classparams['demo_mode'] = false;
  110. if ($classparams['demo_mode']) {
  111. $classparams['create_destdir'] = false;
  112. $classparams['allow_subdirs'] = true;
  113. $classparams['allow_zerosized'] = true;
  114. $classparams['duplicate'] = 'overwrite';
  115. }
  116. if (!isset($classparams['debug_php'])) // set true to log some messages in PHP log
  117. $classparams['debug_php'] = false;
  118. if (!isset($this->classparams['allowed_mime_types'])) // array of allowed MIME type
  119. $classparams['allowed_mime_types'] = 'all';
  120. if (!isset($this->classparams['allowed_file_extensions'])) // array of allowed file extensions
  121. $classparams['allowed_file_extensions'] = 'all';
  122. if (!isset($classparams['verbose_errors'])) // shouldn't display server info on a production site!
  123. $classparams['verbose_errors'] = true;
  124. if (!isset($classparams['session_regenerate']))
  125. $classparams['session_regenerate'] = false;
  126. if (!isset($classparams['create_destdir']))
  127. $classparams['create_destdir'] = true;
  128. if (!isset($classparams['allow_subdirs']))
  129. $classparams['allow_subdirs'] = false;
  130. if (!isset($classparams['spaces_in_subdirs']))
  131. $classparams['spaces_in_subdirs'] = false;
  132. if (!isset($classparams['convert_spaces'])) // set to true to convert spaces in filenames to _
  133. $classparams['convert_spaces'] = false;
  134. if (!isset($classparams['allow_zerosized']))
  135. $classparams['allow_zerosized'] = false;
  136. if (!isset($classparams['duplicate']))
  137. $classparams['duplicate'] = 'rename';
  138. if (!isset($classparams['dirperm']))
  139. $classparams['dirperm'] = 0755;
  140. if (!isset($classparams['fileperm']))
  141. $classparams['fileperm'] = 0644;
  142. if (!isset($classparams['destdir'])) {
  143. if ($obd != '')
  144. $classparams['destdir'] = $obd;
  145. else
  146. $classparams['destdir'] = '/var/tmp/jupload_test';
  147. }else{
  148. $classparams['destdir']=str_replace('~',' ',$classparams['destdir']);
  149. }
  150. if ($classparams['create_destdir']) {
  151. $_umask = umask(0); // override the system mask
  152. @mkdir($classparams['destdir'], $classparams['dirperm']);
  153. umask($_umask);
  154. }
  155. if (!is_dir($classparams['destdir']) && is_writable($classparams['destdir']))
  156. $this->abort('Destination dir not accessible');
  157. if (!isset($classparams['tmp_prefix']))
  158. $classparams['tmp_prefix'] = 'jutmp.';
  159. if (!isset($classparams['var_prefix']))
  160. $classparams['var_prefix'] = 'juvar.';
  161. if (!isset($classparams['jscript_wrapper']))
  162. $classparams['jscript_wrapper'] = 'JUploadSetProperty';
  163. if (!isset($classparams['tag_jscript']))
  164. $classparams['tag_jscript'] = '<!--JUPLOAD_JSCRIPT-->';
  165. if (!isset($classparams['tag_applet']))
  166. $classparams['tag_applet'] = '<!--JUPLOAD_APPLET-->';
  167. if (!isset($classparams['tag_flist']))
  168. $classparams['tag_flist'] = '<!--JUPLOAD_FILES-->';
  169. if (!isset($classparams['http_flist_start']))
  170. $classparams['http_flist_start'] =
  171. "<table border='1'><TR><TH>Filename</TH><TH>file size</TH><TH>Relative path</TH><TH>Full name</TH><TH>md5sum</TH><TH>Specific parameters</TH></TR>";
  172. if (!isset($classparams['http_flist_end']))
  173. $classparams['http_flist_end'] = "</table>\n";
  174. if (!isset($classparams['http_flist_file_before']))
  175. $classparams['http_flist_file_before'] = "<tr><td>";
  176. if (!isset($classparams['http_flist_file_between']))
  177. $classparams['http_flist_file_between'] = "</td><td>";
  178. if (!isset($classparams['http_flist_file_after']))
  179. $classparams['http_flist_file_after'] = "</td></tr>\n";
  180. $this->appletparams = $appletparams;
  181. $this->classparams = $classparams;
  182. $this->page_start();
  183. }
  184. /**
  185. * Return an array of uploaded files * The array contains: name, size, tmp_name, error,
  186. * relativePath, md5sum, mimetype, fullName, path
  187. */
  188. public function uploadedfiles() {
  189. return $this->files;
  190. }
  191. /**
  192. * Log a message on the current output, as a HTML comment.
  193. */
  194. protected function logDebug($function, $msg, $htmlComment=true) {
  195. $output = "[DEBUG] [$function] $msg";
  196. if ($htmlComment) {
  197. echo("<!-- $output -->\r\n");
  198. } else {
  199. echo("$output\r\n");
  200. }
  201. }
  202. /**
  203. * Log a message to the PHP log.
  204. * Declared "protected" so it may be Extended if you require customised logging (e.g. particular log file location).
  205. */
  206. protected function logPHPDebug($function, $msg) {
  207. if ($this->classparams['debug_php'] === true) {
  208. $output = "[DEBUG] [$function] ".$this->arrayexpand($msg);
  209. error_log($output);
  210. }
  211. }
  212. private function arrayexpand($array) {
  213. $output = '';
  214. if (is_array($array)) {
  215. foreach ($array as $key => $value) {
  216. $output .= "\n ".$key.' => '.$this->arrayexpand($value);
  217. }
  218. } else {
  219. $output .= $array;
  220. }
  221. return $output;
  222. }
  223. /**
  224. * Convert a value ending in 'G','M' or 'K' to bytes
  225. *
  226. */
  227. private function tobytes($val) {
  228. $val = trim($val);
  229. $last = fix_strtolower($val{strlen($val)-1});
  230. switch($last) {
  231. case 'g':
  232. $val *= 1024;
  233. case 'm':
  234. $val *= 1024;
  235. case 'k':
  236. $val *= 1024;
  237. }
  238. return $val;
  239. }
  240. /**
  241. * Build a string, containing a javascript wrapper function
  242. * for setting applet properties via JavaScript. This is necessary,
  243. * because we use the "modern" method of including the applet (using
  244. * <object> resp. <embed> tags) in order to trigger automatic JRE downloading.
  245. * Therefore, in Netscape-like browsers, the applet is accessible via
  246. * the document.embeds[] array while in others, it is accessible via the
  247. * document.applets[] array.
  248. *
  249. * @return A string, containing the necessary wrapper function (named JUploadSetProperty)
  250. */
  251. private function str_jsinit() {
  252. $N = "\n";
  253. $name = $this->appletparams['name'];
  254. $ret = '<script type="text/javascript">'.$N;
  255. $ret .= '<!--'.$N;
  256. $ret .= 'function '.$this->classparams['jscript_wrapper'].'(name, value) {'.$N;
  257. $ret .= ' document.applets["'.$name.'"] == null || document.applets["'.$name.'"].setProperty(name,value);'.$N;
  258. $ret .= ' document.embeds["'.$name.'"] == null || document.embeds["'.$name.'"].setProperty(name,value);'.$N;
  259. $ret .= '}'.$N;
  260. $ret .= '//-->'.$N;
  261. $ret .= '</script>';
  262. return $ret;
  263. }
  264. /**
  265. * Build a string, containing the applet tag with all parameters.
  266. *
  267. * @return A string, containing the applet tag
  268. */
  269. private function str_applet() {
  270. $N = "\n";
  271. $params = $this->appletparams;
  272. // return the actual applet tag
  273. $ret = '<object classid = "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"'.$N;
  274. $ret .= ' codebase = "http://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab#Version=5,0,0,3"'.$N;
  275. $ret .= ' width = "'.$params['width'].'"'.$N;
  276. $ret .= ' height = "'.$params['height'].'"'.$N;
  277. $ret .= ' name = "'.$params['name'].'">'.$N;
  278. foreach ($params as $key => $val) {
  279. if ($key != 'width' && $key != 'height')
  280. $ret .= ' <param name = "'.$key.'" value = "'.$val.'" />'.$N;
  281. }
  282. $ret .= ' <comment>'.$N;
  283. $ret .= ' <embed'.$N;
  284. $ret .= ' type = "application/x-java-applet;version=1.5"'.$N;
  285. foreach ($params as $key => $val)
  286. $ret .= ' '.$key.' = "'.$val.'"'.$N;
  287. $ret .= ' pluginspage = "http://java.sun.com/products/plugin/index.html#download">'.$N;
  288. $ret .= ' <noembed>'.$N;
  289. $ret .= ' Java 1.5 or higher plugin required.'.$N;
  290. $ret .= ' </noembed>'.$N;
  291. $ret .= ' </embed>'.$N;
  292. $ret .= ' </comment>'.$N;
  293. $ret .= '</object>';
  294. return $ret;
  295. }
  296. private function abort($msg = '') {
  297. $this->cleanup();
  298. if ($msg != '')
  299. die(str_replace('(.*)',$msg,$this->appletparams['stringUploadError'])."\n");
  300. exit;
  301. }
  302. private function warning($msg = '') {
  303. $this->cleanup();
  304. if ($msg != '')
  305. echo('WARNING: '.$msg."\n");
  306. echo $this->appletparams['stringUploadSuccess']."\n";
  307. exit;
  308. }
  309. private function cleanup() {
  310. // remove all uploaded files of *this* request
  311. if (isset($_FILES)) {
  312. foreach ($_FILES as $key => $val)
  313. @unlink($val['tmp_name']);
  314. }
  315. // remove accumulated file, if any.
  316. @unlink($this->classparams['destdir'].'/'.$this->classparams['tmp_prefix'].session_id());
  317. @unlink($this->classparams['destdir'].'/'.$this->classparams['tmp_prefix'].'tmp'.session_id());
  318. // reset session var
  319. $_SESSION['RF'][$this->classparams['var_prefix'].'size'] = 0;
  320. return;
  321. }
  322. private function mkdirp($path) {
  323. // create subdir (hierary) below destdir;
  324. $dirs = explode('/', $path);
  325. $path = $this->classparams['destdir'];
  326. foreach ($dirs as $dir) {
  327. $path .= '/'.$dir;
  328. if (!file_exists($path)) { // @ does NOT always supress the error!
  329. $_umask = umask(0); // override the system mask
  330. @mkdir($path, $this->classparams['dirperm']);
  331. umask($_umask);
  332. }
  333. }
  334. if (!is_dir($path) && is_writable($path))
  335. $this->abort('Destination dir not accessible');
  336. }
  337. /**
  338. * This method:
  339. * - Replaces some potentially dangerous characters by '_' (in the given name an relative path)
  340. * - Checks if a files of the same name already exists.
  341. * - If no: no problem.
  342. * - If yes, and the duplicate class param is set to rename, the file is renamed.
  343. * - If yes, and the duplicate class param is set to overwrite, the file is not renamed. The existing one will be erased.
  344. * - If yes, and the duplicate class param is set to reject, an error is thrown.
  345. */
  346. private function dstfinal(&$name, &$subdir) {
  347. $name = preg_replace('![`$\\\\/|]!', '_', $name);
  348. if ($this->classparams['convert_spaces']) {
  349. $name = str_replace(' ', '_', $name);
  350. }
  351. if ($this->classparams['allow_subdirs'] && ($subdir != '')) {
  352. $subdir = trim(preg_replace('!\\\\!','/',$subdir),'/');
  353. $subdir = preg_replace('![`$|]!', '_', $subdir);
  354. if (!$this->classparams['spaces_in_subdirs']) {
  355. $subdir = str_replace(' ','_',$subdir);
  356. }
  357. // recursively create subdir
  358. if (!$this->classparams['demo_mode'])
  359. $this->mkdirp($subdir);
  360. // append a slash
  361. $subdir .= '/';
  362. } else {
  363. $subdir = '';
  364. }
  365. $ret = $this->classparams['destdir'].'/'.$subdir.$name;
  366. if (file_exists($ret)) {
  367. if ($this->classparams['duplicate'] == 'overwrite') {
  368. return $ret;
  369. }
  370. if ($this->classparams['duplicate'] == 'reject') {
  371. $this->abort('A file with the same name already exists');
  372. }
  373. if ($this->classparams['duplicate'] == 'warning') {
  374. $this->warning("File $name already exists - rejected");
  375. }
  376. if ($this->classparams['duplicate'] == 'rename') {
  377. $cnt = 1;
  378. $dir = $this->classparams['destdir'].'/'.$subdir;
  379. $ext = strrchr($name, '.');
  380. if ($ext) {
  381. $nameWithoutExtension = substr($name, 0, strlen($name) - strlen($ext));
  382. } else {
  383. $ext = '';
  384. $nameWithoutExtension = $name;
  385. }
  386. $rtry = $dir.$nameWithoutExtension.'_'.$cnt.$ext;
  387. while (file_exists($rtry)) {
  388. $cnt++;
  389. $rtry = $dir.$nameWithoutExtension.'._'.$cnt.$ext;
  390. }
  391. //We store the result name in the byReference name parameter.
  392. $name = $nameWithoutExtension.'_'.$cnt.$ext;
  393. $ret = $rtry;
  394. }
  395. }
  396. return $ret;
  397. }
  398. /**
  399. * Example function to process the files uploaded. This one simply displays the files' data.
  400. *
  401. */
  402. public function defaultAfterUploadManagement() {
  403. $flist = '[defaultAfterUploadManagement] Nb uploaded files is: ' . sizeof($this->files);
  404. $flist = $this->classparams['http_flist_start'];
  405. foreach ($this->files as $f) {
  406. //$f is an array, that contains all info about the uploaded file.
  407. $this->logDebug('defaultAfterUploadManagement', " Reading file ${f['name']}");
  408. $flist .= $this->classparams['http_flist_file_before'];
  409. $flist .= $f['name'];
  410. $flist .= $this->classparams['http_flist_file_between'];
  411. $flist .= $f['size'];
  412. $flist .= $this->classparams['http_flist_file_between'];
  413. $flist .= $f['relativePath'];
  414. $flist .= $this->classparams['http_flist_file_between'];
  415. $flist .= $f['fullName'];
  416. $flist .= $this->classparams['http_flist_file_between'];
  417. $flist .= $f['md5sum'];
  418. $addBR = false;
  419. foreach ($f as $key=>$value) {
  420. //If it's a specific key, let's display it:
  421. if ($key != 'name' && $key != 'size' && $key != 'relativePath' && $key != 'fullName' && $key != 'md5sum') {
  422. if ($addBR) {
  423. $flist .= "<br>";
  424. } else {
  425. // First line. We must add a new 'official' list separator.
  426. $flist .= $this->classparams['http_flist_file_between'];
  427. $addBR = true;
  428. }
  429. $flist .= "$key => $value";
  430. }
  431. }
  432. $flist .= $this->classparams['http_flist_file_after'];
  433. }
  434. $flist .= $this->classparams['http_flist_end'];
  435. return $flist;
  436. }
  437. /**
  438. * Generation of the applet tag, and necessary things around (js content). Insertion of this into the content of the
  439. * page.
  440. * See the tag_jscript and tag_applet class parameters.
  441. */
  442. private function generateAppletTag($str) {
  443. $this->logDebug('generateAppletTag', 'Entering function');
  444. $str = preg_replace('/'.$this->classparams['tag_jscript'].'/', $this->str_jsinit(), $str);
  445. return preg_replace('/'.$this->classparams['tag_applet'].'/', $this->str_applet(), $str);
  446. }
  447. /**
  448. * This function is called when constructing the page, when we're not reveiving uploaded files. It 'just' construct
  449. * the applet tag, by calling the relevant function.
  450. *
  451. * This *must* be public, because it is called from PHP's output buffering
  452. */
  453. public function interceptBeforeUpload($str) {
  454. $this->logDebug('interceptBeforeUpload', 'Entering function');
  455. return $this->generateAppletTag($str);
  456. }
  457. /**
  458. * This function displays the uploaded files description in the current page (see tag_flist class parameter)
  459. *
  460. * This *must* be public, because it is called from PHP's output buffering.
  461. */
  462. public function interceptAfterUpload($str) {
  463. $this->logDebug('interceptAfterUpload', 'Entering function');
  464. $this->logPHPDebug('interceptAfterUpload', $this->files);
  465. if (count($this->files) > 0) {
  466. if (isset($this->classparams['callbackAfterUploadManagement'])) {
  467. $this->logDebug('interceptAfterUpload', 'Before call of ' .$this->classparams['callbackAfterUploadManagement']);
  468. $strForFListContent = call_user_func($this->classparams['callbackAfterUploadManagement'], $this, $this->files);
  469. } else {
  470. $strForFListContent = $this->defaultAfterUploadManagement();
  471. }
  472. $str = preg_replace('/'.$this->classparams['tag_flist'].'/', $strForFListContent, $str);
  473. }
  474. return $this->generateAppletTag($str);
  475. }
  476. /**
  477. * This method manages the receiving of the debug log, when an error occurs.
  478. */
  479. private function receive_debug_log() {
  480. // handle error report
  481. if (isset($_POST['description']) && isset($_POST['log'])) {
  482. $msg = $_POST['log'];
  483. mail($this->classparams['errormail'], $_POST['description'], $msg);
  484. } else {
  485. if (isset($_SERVER['SERVER_ADMIN']))
  486. mail($_SERVER['SERVER_ADMIN'], 'Empty jupload error log',
  487. 'An empty log has just been posted.');
  488. $this->logPHPDebug('receive_debug_log', 'Empty error log received');
  489. }
  490. exit;
  491. }
  492. /**
  493. * This method is the heart of the system. It manage the files sent by the applet, check the incoming parameters (md5sum) and
  494. * reconstruct the files sent in chunk mode.
  495. *
  496. * The result is stored in the $files array, and can then be managed by the function given in the callbackAfterUploadManagement
  497. * class parameter, or within the page whose URL is given in the afterUploadURL applet parameter.
  498. * Or you can Extend the class and redeclare defaultAfterUploadManagement() to your needs.
  499. */
  500. private function receive_uploaded_files() {
  501. $this->logDebug('receive_uploaded_files', 'Entering POST management');
  502. if (session_id() == '') {
  503. session_start();
  504. }
  505. // we check for the session *after* handling possible error log
  506. // because an error could have happened because the session-id is missing.
  507. if (!isset($_SESSION['RF'][$this->classparams['var_prefix'].'size'])) {
  508. $this->abort('Invalid session (in afterupload, POST, check of size)');
  509. }
  510. if (!isset($_SESSION['RF'][$this->classparams['var_prefix'].'files'])) {
  511. $this->abort('Invalid session (in afterupload, POST, check of files)');
  512. }
  513. $this->files = $_SESSION['RF'][$this->classparams['var_prefix'].'files'];
  514. if (!is_array($this->files)) {
  515. $this->abort('Invalid session (in afterupload, POST, is_array(files))');
  516. }
  517. if ($this->appletparams['sendMD5Sum'] == 'true' && !isset($_POST['md5sum'])) {
  518. $this->abort('Required POST variable md5sum is missing');
  519. }
  520. $cnt = 0;
  521. foreach ($_FILES as $key => $value) {
  522. //Let's read the $_FILES data
  523. if (isset($files_data)) {
  524. unset($files_data);
  525. }
  526. $jupart = (isset($_POST['jupart'])) ? (int)$_POST['jupart'] : 0;
  527. $jufinal = (isset($_POST['jufinal'])) ? (int)$_POST['jufinal'] : 1;
  528. $relpaths = (isset($_POST['relpathinfo'])) ? $_POST['relpathinfo'] : null;
  529. $md5sums = (isset($_POST['md5sum'])) ? $_POST['md5sum'] : null;
  530. $mimetypes = (isset($_POST['mimetype'])) ? $_POST['mimetype'] : null;
  531. //$relpaths = (isset($_POST["relpathinfo$cnt"])) ? $_POST["relpathinfo$cnt"] : null;
  532. //$md5sums = (isset($_POST["md5sum$cnt"])) ? $_POST["md5sum$cnt"] : null;
  533. if (gettype($relpaths) == 'string') {
  534. $relpaths = array($relpaths);
  535. }
  536. if (gettype($md5sums) == 'string') {
  537. $md5sums = array($md5sums);
  538. }
  539. if ($this->appletparams['sendMD5Sum'] == 'true' && !is_array($md5sums)) {
  540. $this->abort('Expecting an array of MD5 checksums');
  541. }
  542. if (!is_array($relpaths)) {
  543. $this->abort('Expecting an array of relative paths');
  544. }
  545. if (!is_array($mimetypes)) {
  546. $this->abort('Expecting an array of MIME types');
  547. }
  548. // Check the MIME type (note: this is easily forged!)
  549. if (isset($this->classparams['allowed_mime_types']) && is_array($this->classparams['allowed_mime_types'])) {
  550. if (!in_array($mimetypes[$cnt], $this->classparams['allowed_mime_types'])) {
  551. $this->abort('MIME type '.$mimetypes[$cnt].' not allowed');
  552. }
  553. }
  554. if (isset($this->classparams['allowed_file_extensions']) && is_array($this->classparams['allowed_file_extensions'])) {
  555. $fileExtension = substr(strrchr($value['name'][$cnt], "."), 1);
  556. if (!in_array($fileExtension, $this->classparams['allowed_file_extensions'])) {
  557. $this->abort('File extension '.$fileExtension.' not allowed');
  558. }
  559. }
  560. $dstdir = $this->classparams['destdir'];
  561. $dstname = $dstdir.'/'.$this->classparams['tmp_prefix'].session_id();
  562. $tmpname = $dstdir.'/'.$this->classparams['tmp_prefix'].'tmp'.session_id();
  563. // Controls are now done. Let's store the current uploaded files properties in an array, for future use.
  564. $files_data['name'] = $value['name'][$cnt];
  565. $files_data['size'] = 'not calculated yet';
  566. $files_data['tmp_name'] = $value['tmp_name'][$cnt];
  567. $files_data['error'] = $value['error'][$cnt];
  568. $files_data['relativePath'] = $relpaths[$cnt];
  569. $files_data['md5sum'] = $md5sums[$cnt];
  570. $files_data['mimetype'] = $mimetypes[$cnt];
  571. if (!move_uploaded_file($files_data['tmp_name'], $tmpname)) {
  572. if ($classparams['verbose_errors']) {
  573. $this->abort("Unable to move uploaded file (from ${files_data['tmp_name']} to $tmpname)");
  574. } else {
  575. trigger_error("Unable to move uploaded file (from ${files_data['tmp_name']} to $tmpname)",E_USER_WARNING);
  576. $this->abort("Unable to move uploaded file");
  577. }
  578. }
  579. // In demo mode, no file storing is done. We just delete the newly uploaded file.
  580. if ($this->classparams['demo_mode']) {
  581. if ($jufinal || (!$jupart)) {
  582. if ($jupart) {
  583. $files_data['size'] = ($jupart-1) * $this->appletparams['maxChunkSize'] + filesize($tmpname);
  584. } else {
  585. $files_data['size'] = filesize($tmpname);
  586. }
  587. $files_data['fullName'] = 'Demo mode<BR>No file storing';
  588. array_push($this->files, $files_data);
  589. }
  590. unlink($tmpname);
  591. $cnt++;
  592. continue;
  593. }
  594. //If we get here, the upload is a real one (no demo)
  595. if ($jupart) {
  596. // got a chunk of a multi-part upload
  597. $len = filesize($tmpname);
  598. $_SESSION['RF'][$this->classparams['var_prefix'].'size'] += $len;
  599. if ($len > 0) {
  600. $src = fopen($tmpname, 'rb');
  601. $dst = fopen($dstname, ($jupart == 1) ? 'wb' : 'ab');
  602. while ($len > 0) {
  603. $rlen = ($len > 8192) ? 8192 : $len;
  604. $buf = fread($src, $rlen);
  605. if (!$buf) {
  606. fclose($src);
  607. fclose($dst);
  608. unlink($dstname);
  609. $this->abort('read IO error');
  610. }
  611. if (!fwrite($dst, $buf, $rlen)) {
  612. fclose($src);
  613. fclose($dst);
  614. unlink($dstname);
  615. $this->abort('write IO error');
  616. }
  617. $len -= $rlen;
  618. }
  619. fclose($src);
  620. fclose($dst);
  621. unlink($tmpname);
  622. }
  623. if ($jufinal) {
  624. // This is the last chunk. Check total lenght and
  625. // rename it to it's final name.
  626. $dlen = filesize($dstname);
  627. if ($dlen != $_SESSION['RF'][$this->classparams['var_prefix'].'size'])
  628. $this->abort('file size mismatch');
  629. if ($this->appletparams['sendMD5Sum'] == 'true' ) {
  630. if ($md5sums[$cnt] != md5_file($dstname))
  631. $this->abort('MD5 checksum mismatch');
  632. }
  633. // remove zero sized files
  634. if (($dlen > 0) || $this->classparams['allow_zerosized']) {
  635. $dstfinal = $this->dstfinal($files_data['name'],$files_data['relativePath']);
  636. if (!rename($dstname, $dstfinal))
  637. $this->abort('rename IO error');
  638. $_umask = umask(0); // override the system mask
  639. if (!chmod($dstfinal, $this->classparams['fileperm']))
  640. $this->abort('chmod IO error');
  641. umask($_umask);
  642. $files_data['size'] = filesize($dstfinal);
  643. $files_data['fullName'] = $dstfinal;
  644. $files_data['path'] = fix_dirname($dstfinal);
  645. array_push($this->files, $files_data);
  646. } else {
  647. unlink($dstname);
  648. }
  649. // reset session var
  650. $_SESSION['RF'][$this->classparams['var_prefix'].'size'] = 0;
  651. }
  652. } else {
  653. // Got a single file upload. Trivial.
  654. if ($this->appletparams['sendMD5Sum'] == 'true' ) {
  655. if ($md5sums[$cnt] != md5_file($tmpname))
  656. $this->abort('MD5 checksum mismatch');
  657. }
  658. $dstfinal = $this->dstfinal($files_data['name'],$files_data['relativePath']);
  659. if (!rename($tmpname, $dstfinal))
  660. $this->abort('rename IO error');
  661. $_umask = umask(0); // override the system mask
  662. if (!chmod($dstfinal, $this->classparams['fileperm']))
  663. $this->abort('chmod IO error');
  664. umask($_umask);
  665. $files_data['size'] = filesize($dstfinal);
  666. $files_data['fullName'] = $dstfinal;
  667. $files_data['path'] = fix_dirname($dstfinal);
  668. array_push($this->files, $files_data);
  669. }
  670. $cnt++;
  671. }
  672. echo $this->appletparams['stringUploadSuccess']."\n";
  673. $_SESSION['RF'][$this->classparams['var_prefix'].'files'] = $this->files;
  674. session_write_close();
  675. exit;
  676. }
  677. /**
  678. *
  679. *
  680. */
  681. private function page_start() {
  682. $this->logDebug('page_start', 'Entering function');
  683. // If the applet checks for the serverProtocol, it issues a HEAD request
  684. // -> Simply return an empty doc.
  685. if ($_SERVER['REQUEST_METHOD'] == 'HEAD') {
  686. // Nothing to do
  687. } else if ($_SERVER['REQUEST_METHOD'] == 'GET') {
  688. // A GET request means: return upload page
  689. $this->logDebug('page_start', 'Entering GET management');
  690. if (session_id() == '') {
  691. session_start();
  692. }
  693. if (isset($_GET['afterupload'])) {
  694. $this->logDebug('page_start', 'afterupload is set');
  695. if (!isset($_SESSION['RF'][$this->classparams['var_prefix'].'files'])) {
  696. $this->abort('Invalid session (in afterupload, GET, check of $_SESSION["RF"]): files array is not set');
  697. }
  698. $this->files = $_SESSION['RF'][$this->classparams['var_prefix'].'files'];
  699. if (!is_array($this->files)) {
  700. $this->abort('Invalid session (in afterupload, GET, check of is_array(files)): files is not an array');
  701. }
  702. // clear session data ready for new upload
  703. $_SESSION['RF'][$this->classparams['var_prefix'].'files'] = array();
  704. // start intercepting the content of the calling page, to display the upload result.
  705. ob_start(array(& $this, 'interceptAfterUpload'));
  706. } else {
  707. $this->logDebug('page_start', 'afterupload is not set');
  708. if ($this->classparams['session_regenerate']) {
  709. session_regenerate_id(true);
  710. }
  711. $this->files = array();
  712. $_SESSION['RF'][$this->classparams['var_prefix'].'size'] = 0;
  713. $_SESSION['RF'][$this->classparams['var_prefix'].'files'] = $this->files;
  714. // start intercepting the content of the calling page, to display the applet tag.
  715. ob_start(array(& $this, 'interceptBeforeUpload'));
  716. }
  717. } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  718. // If we got a POST request, this is the real work.
  719. if (isset($_GET['errormail'])) {
  720. //Hum, an error occurs on server side. Let's manage the debug log, that we just received.
  721. $this->receive_debug_log();
  722. } else {
  723. $this->receive_uploaded_files();
  724. }
  725. }
  726. }
  727. }
  728. // PHP end tag omitted intentionally!!