PageRenderTime 54ms CodeModel.GetById 19ms RepoModel.GetById 1ms app.codeStats 0ms

/VisitorChat/admin/program/upload.php

https://bitbucket.org/cgcamilo/multiflora
PHP | 162 lines | 124 code | 18 blank | 20 comment | 13 complexity | 276e3917c6eac4cd400199cd6138d66b MD5 | raw file
    

  1. <?php

    2. 

  2. 

    3. 

  3. /**

    4. 

  4.  * Handle file uploads via XMLHttpRequest

    5. 

  5.  */

    6. 

  6. class qqUploadedFileXhr {

    7. 

  7.     /**

    8. 

  8.      * Save the file to the specified path

    9. 

  9.      * @return boolean TRUE on success

    10. 

  10.      */

    11. 

  11.     function save($path) {    

    12. 

  12.         $input = fopen("php://input", "r");

    13. 

  13.         $temp = tmpfile();

    14. 

  14.         $realSize = stream_copy_to_stream($input, $temp);

    15. 

  15.         fclose($input);

    16. 

  16.         

    17. 

  17.         if ($realSize != $this->getSize()){            

    18. 

  18.             return false;

    19. 

  19.         }

    20. 

  20.         

    21. 

  21.         $target = fopen($path, "w");        

    22. 

  22.         fseek($temp, 0, SEEK_SET);

    23. 

  23.         stream_copy_to_stream($temp, $target);

    24. 

  24.         fclose($target);

    25. 

  25.         

    26. 

  26.         return true;

    27. 

  27.     }

    28. 

  28.     function getName() {

    29. 

  29.         return $_GET['qqfile'];

    30. 

  30.     }

    31. 

  31.     function getSize() {

    32. 

  32.         if (isset($_SERVER["CONTENT_LENGTH"])){

    33. 

  33.             return (int)$_SERVER["CONTENT_LENGTH"];            

    34. 

  34.         } else {

    35. 

  35.             throw new Exception('Getting content length is not supported.');

    36. 

  36.         }      

    37. 

  37.     }   

    38. 

  38. }

    39. 

  39. 

    40. 

  40. /**

    41. 

  41.  * Handle file uploads via regular form post (uses the $_FILES array)

    42. 

  42.  */

    43. 

  43. class qqUploadedFileForm {  

    44. 

  44.     /**

    45. 

  45.      * Save the file to the specified path

    46. 

  46.      * @return boolean TRUE on success

    47. 

  47.      */

    48. 

  48.     function save($path) {

    49. 

  49.         if(!move_uploaded_file($_FILES['qqfile']['tmp_name'], $path)){

    50. 

  50.             return false;

    51. 

  51.         }

    52. 

  52.         return true;

    53. 

  53.     }

    54. 

  54.     function getName() {

    55. 

  55.         return $_FILES['qqfile']['name'];

    56. 

  56.     }

    57. 

  57.     function getSize() {

    58. 

  58.         return $_FILES['qqfile']['size'];

    59. 

  59.     }

    60. 

  60. }

    61. 

  61. 

    62. 

  62. class qqFileUploader {

    63. 

  63.     private $allowedExtensions = array();

    64. 

  64.     private $sizeLimit = 2097150;

    65. 

  65.     private $file;

    66. 

  66. 

    67. 

  67.     function __construct(array $allowedExtensions = array(), $sizeLimit = 2097150){

    68. 

  68.         $allowedExtensions = array_map("strtolower", $allowedExtensions);

    69. 

  69.             

    70. 

  70.         $this->allowedExtensions = $allowedExtensions;        

    71. 

  71.         $this->sizeLimit = $sizeLimit;

    72. 

  72.         

    73. 

  73.         $this->checkServerSettings();       

    74. 

  74. 

    75. 

  75.         if (isset($_GET['qqfile'])) {

    76. 

  76.             $this->file = new qqUploadedFileXhr();

    77. 

  77.         } elseif (isset($_FILES['qqfile'])) {

    78. 

  78.             $this->file = new qqUploadedFileForm();

    79. 

  79.         } else {

    80. 

  80.             $this->file = false; 

    81. 

  81.         }

    82. 

  82.     }

    83. 

  83.     

    84. 

  84.     private function checkServerSettings(){        

    85. 

  85.         $postSize = $this->toBytes(ini_get('post_max_size'));

    86. 

  86.         $uploadSize = $this->toBytes(ini_get('upload_max_filesize'));        

    87. 

  87.         

    88. 

  88.         if ($postSize < $this->sizeLimit || $uploadSize < $this->sizeLimit){

    89. 

  89.             $size = max(1, $this->sizeLimit / 1024 / 1024) . 'M';             

    90. 

  90.             die("{'error':'increase post_max_size and upload_max_filesize to $size'}");    

    91. 

  91.         }        

    92. 

  92.     }

    93. 

  93.     

    94. 

  94.     private function toBytes($str){

    95. 

  95.         $val = trim($str);

    96. 

  96.         $last = strtolower($str[strlen($str)-1]);

    97. 

  97.         switch($last) {

    98. 

  98.             case 'g': $val *= 1024;

    99. 

  99.             case 'm': $val *= 1024;

    100. 

  100.             case 'k': $val *= 1024;        

    101. 

  101.         }

    102. 

  102.         return $val;

    103. 

  103.     }

    104. 

  104.     

    105. 

  105.     /**

    106. 

  106.      * Returns array('success'=>true) or array('error'=>'error message')

    107. 

  107.      */

    108. 

  108.     function handleUpload($uploadDirectory, $replaceOldFile = FALSE){

    109. 

  109.         if (!is_writable($uploadDirectory)){

    110. 

  110.             return array('error' => "Server error. Upload directory isn't writable.");

    111. 

  111.         }

    112. 

  112.         

    113. 

  113.         if (!$this->file){

    114. 

  114.             return array('error' => 'No files were uploaded.');

    115. 

  115.         }

    116. 

  116.         

    117. 

  117.         $size = $this->file->getSize();

    118. 

  118.         

    119. 

  119.         if ($size == 0) {

    120. 

  120.             return array('error' => 'File is empty');

    121. 

  121.         }

    122. 

  122.         

    123. 

  123.         if ($size > $this->sizeLimit) {

    124. 

  124.             return array('error' => 'File is too large');

    125. 

  125.         }

    126. 

  126.         

    127. 

  127.         $pathinfo = pathinfo($this->file->getName());

    128. 

  128.         $filename = $pathinfo['filename'];

    129. 

  129.         $filename = uniqid(); 

    130. 

  130.         $ext = $pathinfo['extension'];

    131. 

  131. 

    132. 

  132.         if($this->allowedExtensions && !in_array(strtolower($ext), $this->allowedExtensions)){

    133. 

  133.             $these = implode(', ', $this->allowedExtensions);

    134. 

  134.             return array('error' => 'File has an invalid extension, it should be one of '. $these . '.');

    135. 

  135.         }

    136. 

  136.         

    137. 

  137.         if(!$replaceOldFile){

    138. 

  138.             /// don't overwrite previous files that were uploaded

    139. 

  139.             while (file_exists($uploadDirectory . $filename . '.' . $ext)) {

    140. 

  140.                 $filename .= rand(10, 99);

    141. 

  141.             }

    142. 

  142.         }

    143. 

  143.         

    144. 

  144.         if ($this->file->save($uploadDirectory . $filename . '.' . $ext)){

    145. 

  145.             return array('success'=>true,'filename'=>$filename.'.'.$ext);

    146. 

  146.         } else {

    147. 

  147.             return array('error'=> 'Could not save uploaded file.' .

    148. 

  148.                 'The upload was cancelled, or server error encountered');

    149. 

  149.         }

    150. 

  150.         

    151. 

  151.     }    

    152. 

  152. }

    153. 

  153. 

    154. 

  154. // list of valid extensions, ex. array("jpeg", "xml", "bmp")

    155. 

  155. $allowedExtensions = $_['ALLOWED_FILE_EXT'];

    156. 

  156. // max file size in bytes

    157. 

  157. $sizeLimit = 2 * 1024 * 1024;

    158. 

  158. 

    159. 

  159. $uploader = new qqFileUploader($allowedExtensions, $sizeLimit);

    160. 

  160. $result = $uploader->handleUpload('../uploads/');

    161. 

  161. // to pass data through iframe you will need to encode all html tags

    162. 

  162. echo htmlspecialchars(json_encode($result), ENT_NOQUOTES);

    163. 

  163.