PageRenderTime 37ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/inc/attachments.inc.php

https://gitlab.com/cyberfighter/Mods-for-HESK
PHP | 165 lines | 87 code | 32 blank | 46 comment | 14 complexity | acde20240cca054caf29e959123459ba MD5 | raw file
    

  1. <?php
    2. 

  2. /*******************************************************************************
    3. 

  3.  *  Title: Help Desk Software HESK
    4. 

  4.  *  Version: 2.6.7 from 18th April 2016
    5. 

  5.  *  Author: Klemen Stirn
    6. 

  6.  *  Website: http://www.hesk.com
    7. 

  7.  ********************************************************************************
    8. 

  8.  *  COPYRIGHT AND TRADEMARK NOTICE
    9. 

  9.  *  Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
    10. 

  10.  *  HESK is a registered trademark of Klemen Stirn.
    11. 

  11.  *  The HESK may be used and modified free of charge by anyone
    12. 

  12.  *  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
    13. 

  13.  *  By using this code you agree to indemnify Klemen Stirn from any
    14. 

  14.  *  liability that might arise from it's use.
    15. 

  15.  *  Selling the code for this program, in part or full, without prior
    16. 

  16.  *  written consent is expressly forbidden.
    17. 

  17.  *  Using this code, in part or full, to create derivate work,
    18. 

  18.  *  new scripts or products is expressly forbidden. Obtain permission
    19. 

  19.  *  before redistributing this software over the Internet or in
    20. 

  20.  *  any other medium. In all cases copyright and header must remain intact.
    21. 

  21.  *  This Copyright is in full effect in any country that has International
    22. 

  22.  *  Trade Agreements with the United States of America or
    23. 

  23.  *  with the European Union.
    24. 

  24.  *  Removing any of the copyright notices without purchasing a license
    25. 

  25.  *  is expressly forbidden. To remove HESK copyright notice you must purchase
    26. 

  26.  *  a license for this script. For more information on how to obtain
    27. 

  27.  *  a license please visit the page below:
    28. 

  28.  *  https://www.hesk.com/buy.php
    29. 

  29.  *******************************************************************************/
    30. 

  30. 

  31. /* Check if this is a valid include */
    32. 

  32. if (!defined('IN_SCRIPT')) {
    33. 

  33.     die('Invalid attempt');
    34. 

  34. }
    35. 

  35. 

  36. /***************************
    37. 

  37.  * Function hesk_uploadFiles()
    38. 

  38.  ***************************/
    39. 

  39. function hesk_uploadFile($i, $isTicket = true)
    40. 

  40. {
    41. 

  41.     global $hesk_settings, $hesklang, $trackingID, $hesk_error_buffer, $modsForHesk_settings;
    42. 

  42. 

  43.     /* Return if name is empty */
    44. 

  44.     $name = $i == -1
    45. 

  45.         ? $_FILES['attachment']['name']
    46. 

  46.         : $_FILES['attachment']['name'][$i];
    47. 

  47.     if (empty($name)) {
    48. 

  48.         return '';
    49. 

  49.     }
    50. 

  50. 

  51. 

  52.     /* Parse the name */
    53. 

  53.     $file_realname = hesk_cleanFileName($name);
    54. 

  54. 

  55.     /* Check file extension */
    56. 

  56.     $ext = strtolower(strrchr($file_realname, "."));
    57. 

  57.     if (!in_array($ext, $hesk_settings['attachments']['allowed_types'])) {
    58. 

  58.         return hesk_fileError(sprintf($hesklang['type_not_allowed'], $ext, $file_realname));
    59. 

  59.     }
    60. 

  60. 

  61.     /* Check file size */
    62. 

  62.     $size = $i == -1
    63. 

  63.         ? $_FILES['attachment']['size']
    64. 

  64.         : $_FILES['attachment']['size'][$i];
    65. 

  65.     if ($size > $hesk_settings['attachments']['max_size']) {
    66. 

  66.         return hesk_fileError(sprintf($hesklang['file_too_large'], $file_realname));
    67. 

  67.     } else {
    68. 

  68.         $file_size = $size;
    69. 

  69.     }
    70. 

  70. 

  71.     /* Generate a random file name */
    72. 

  72.     $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789';
    73. 

  73.     $tmp = uniqid();
    74. 

  74.     for ($j = 1; $j < 10; $j++) {
    75. 

  75.         $tmp .= $useChars{mt_rand(0, 29)};
    76. 

  76.     }
    77. 

  77. 

  78. 

  79.     $file_name = substr(md5($tmp . $file_realname), 0, 200) . $ext;
    80. 

  80. 

  81.     // Does the temporary file exist? If not, probably server-side configuration limits have been reached
    82. 

  82.     // Uncomment this for debugging purposes
    83. 

  83.     /*
    84. 

  84.     if ( ! file_exists($_FILES['attachment']['tmp_name'][$i]) )
    85. 

  85.     {
    86. 

  86. 		return hesk_fileError($hesklang['fnuscphp']);
    87. 

  87.     }
    88. 

  88.     */
    89. 

  89. 

  90.     /* If upload was successful let's create the headers */
    91. 

  91.     $directory = $hesk_settings['attach_dir'];
    92. 

  92.     if (!$isTicket) {
    93. 

  93.         $directory = $modsForHesk_settings['kb_attach_dir'];
    94. 

  94.     }
    95. 

  95.     $file_to_move = $i == -1
    96. 

  96.         ? $_FILES['attachment']['tmp_name']
    97. 

  97.         : $_FILES['attachment']['tmp_name'][$i];
    98. 

  98.     if (!move_uploaded_file($file_to_move, dirname(dirname(__FILE__)) . '/' . $directory . '/' . $file_name)) {
    99. 

  99.         return hesk_fileError($hesklang['cannot_move_tmp']);
    100. 

  100.     }
    101. 

  101. 

  102.     $info = array(
    103. 

  103.         'saved_name' => $file_name,
    104. 

  104.         'real_name' => $file_realname,
    105. 

  105.         'size' => $file_size
    106. 

  106.     );
    107. 

  107. 

  108.     return $info;
    109. 

  109. } // End hesk_uploadFile()
    110. 

  110. 

  111. 

  112. function hesk_fileError($error)
    113. 

  113. {
    114. 

  114.     global $hesk_settings, $hesklang, $trackingID;
    115. 

  115.     global $hesk_error_buffer;
    116. 

  116. 

  117.     $hesk_error_buffer['attachments'] = $error;
    118. 

  118. 

  119.     return false;
    120. 

  120. } // End hesk_fileError()
    121. 

  121. 

  122. 

  123. function hesk_removeAttachments($attachments, $isTicket)
    124. 

  124. {
    125. 

  125.     global $hesk_settings, $hesklang, $modsForHesk_settings;
    126. 

  126. 

  127.     $directory = $hesk_settings['attach_dir'];
    128. 

  128.     if (!$isTicket) {
    129. 

  129.         $directory = $modsForHesk_settings['kb_attach_dir'];
    130. 

  130.     }
    131. 

  131. 

  132.     $hesk_settings['server_path'] = dirname(dirname(__FILE__)) . '/' . $directory . '/';
    133. 

  133. 

  134.     foreach ($attachments as $myatt) {
    135. 

  135.         hesk_unlink($hesk_settings['server_path'] . $myatt['saved_name']);
    136. 

  136.     }
    137. 

  137. 

  138.     return true;
    139. 

  139. } // End hesk_removeAttachments()
    140. 

  140. 

  141. 

  142. function mfh_getTemporaryAttachment($id) {
    143. 

  143.     global $hesk_settings;
    144. 

  144. 

  145.     $rs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "temp_attachment` WHERE `id` = " . intval($id));
    146. 

  146.     if (hesk_dbNumRows($rs) == 0) {
    147. 

  147.         return NULL;
    148. 

  148.     }
    149. 

  149.     $row = hesk_dbFetchAssoc($rs);
    150. 

  150. 

  151.     $info = array(
    152. 

  152.         'saved_name' => $row['saved_name'],
    153. 

  153.         'real_name' => $row['file_name'],
    154. 

  154.         'size' => $row['size']
    155. 

  155.     );
    156. 

  156. 

  157.     return $info;
    158. 

  158. }
    159. 

  159. 

  160. 

  161. function mfh_deleteTemporaryAttachment($id) {
    162. 

  162.     global $hesk_settings;
    163. 

  163. 

  164.     hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "temp_attachment` WHERE `id` = ".intval($id));
    165. 

  165. }
    166. 

  166.