PageRenderTime 26ms CodeModel.GetById 22ms RepoModel.GetById 0ms app.codeStats 0ms

/ci_2.2.6_application/controllers/upload.php

https://github.com/dmcb/dmcb-cms
PHP | 361 lines | 297 code | 31 blank | 33 comment | 102 complexity | b49d6d2523cbbd31a079de72770b1e4d MD5 | raw file
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * @package		dmcb-cms
    4. 

  4.  * @author		Derek McBurney
    5. 

  5.  * @copyright	Copyright (c) 2011, Derek McBurney, derek@dmcbdesign.com
    6. 

  6.  *              This code may not be used commercially without the expressed
    7. 

  7.  *              written consent of Derek McBurney. Non-commercial use requires
    8. 

  8.  *              attribution.
    9. 

  9.  * @link		http://dmcbdesign.com
    10. 

  10.  */
    11. 

  11. class Upload extends MY_Controller {
    12. 

  12. 

  13. 	function Upload()
    14. 

  14. 	{
    15. 

  15. 		parent::__construct();
    16. 

  16. 		$this->load->model('files_model');
    17. 

  17. 	}
    18. 

  18. 

  19. 	function file()
    20. 

  20. 	{
    21. 

  21. 		ini_set('post_max_size', '128M');
    22. 

  22. 		ini_set('upload_max_filesize', '120M');
    23. 

  23. 		ini_set('max_execution_time', '360');
    24. 

  24. 		ini_set('max_input_time', '360');
    25. 

  25. 

  26. 		$attachedid = NULL;
    27. 

  27. 		$attachedto = $this->uri->segment(3);
    28. 

  28. 		$attachedto_object = NULL;
    29. 

  29. 		$attachedname = "";
    30. 

  30. 		for ($i=4; $i <= $this->uri->total_segments(); $i++)
    31. 

  31. 		{
    32. 

  32. 			$attachedname .= $this->uri->segment($i);
    33. 

  33. 			if ($i != $this->uri->total_segments())
    34. 

  34. 			{
    35. 

  35. 				$attachedname .= '/';
    36. 

  36. 			}
    37. 

  37. 		}
    38. 

  38. 

  39. 		if ($attachedto == "user") // Uploading to a user profile, limit to images
    40. 

  40. 		{
    41. 

  41. 			$config['allowed_types'] = str_replace('*.', '', str_replace(';','|',$this->config->item('dmcb_profile_upload_types')));
    42. 

  42. 			$config['max_size']	= $this->config->item('dmcb_profile_upload_size');
    43. 

  43. 			$attachedto_object = instantiate_library('user', $attachedname, 'urlname');
    44. 

  44. 			$attachedid = $attachedto_object->user['userid'];
    45. 

  45. 		}
    46. 

  46. 		else // Upload any kind of files for site, page and post uploads
    47. 

  47. 		{
    48. 

  48. 			$config['allowed_types'] = str_replace('*.', '', str_replace(';','|',$this->config->item('dmcb_site_upload_types')));
    49. 

  49. 			$config['max_size']	= $this->config->item('dmcb_site_upload_size');
    50. 

  50. 

  51. 			// Uploads directly to the site don't need an attachedid, but if it's uploaded to a post or page, grab it
    52. 

  52. 			if ($attachedto == "page")
    53. 

  53. 			{
    54. 

  54. 				$attachedto_object = instantiate_library('page', $attachedname, 'urlname');
    55. 

  55. 				$attachedid = $attachedto_object->page['pageid'];
    56. 

  56. 			}
    57. 

  57. 			else if ($attachedto == "post")
    58. 

  58. 			{
    59. 

  59. 				$attachedto_object = instantiate_library('post', $attachedname, 'urlname');
    60. 

  60. 				$attachedid = $attachedto_object->post['postid'];
    61. 

  61. 			}
    62. 

  62. 		}
    63. 

  63. 

  64. 		// If the upload is replacing a file, grab the fileid of the file to replace
    65. 

  65. 		$replacefileid = NULL;
    66. 

  66. 		if (isset($_POST['replace']))
    67. 

  67. 		{
    68. 

  68. 			$object = instantiate_library('file', $_POST['replace']);
    69. 

  69. 			if (isset($object->file['fileid']))
    70. 

  70. 			{
    71. 

  71. 				// Confirm we are replacing a file on the same area (i.e. same post or page)
    72. 

  72. 				if ($object->file['attachedto'] == $attachedto && $object->file['attachedid'] == $attachedid)
    73. 

  73. 				{
    74. 

  74. 					$replacefileid = $_POST['replace'];
    75. 

  75. 				}
    76. 

  76. 			}
    77. 

  77. 		}
    78. 

  78. 

  79. 		// If the upload is going to a specific file type, specify it
    80. 

  80. 		$filetypeid = NULL;
    81. 

  81. 		if (isset($_POST['filetype']))
    82. 

  82. 		{
    83. 

  83. 			$filetypeid = $_POST['filetype'];
    84. 

  84. 		}
    85. 

  85. 

  86. 		$config['upload_path'] = 'files_managed/'.$attachedto.'/'.str_replace('/', '+', $attachedname); // Upload to managed area first, sort it out later, also replace / with + for flat file structure
    87. 

  87. 		$config['remove_spaces'] = true;
    88. 

  88. 		$config['encrypt_name'] = false;
    89. 

  89. 		$this->load->library('upload', $config);
    90. 

  90. 

  91. 		if (!file_exists($config['upload_path']))
    92. 

  92. 		{
    93. 

  93. 			mkdir($config['upload_path']);
    94. 

  94. 		}
    95. 

  95. 

  96. 		// Set the return path and other specific options depending on where the upload is to
    97. 

  97. 		if ($attachedto == "site")
    98. 

  98. 		{
    99. 

  99. 			$returnurl = "manage_content/attachments";
    100. 

  100. 		}
    101. 

  101. 		else if ($attachedto == "email")
    102. 

  102. 		{
    103. 

  103. 			$returnurl = "manage_users/email";
    104. 

  104. 		}
    105. 

  105. 		else if ($attachedto == "page")
    106. 

  106. 		{
    107. 

  107. 			$returnurl = $attachedname.'/attachments';
    108. 

  108. 		}
    109. 

  109. 		else if ($attachedto == "user")
    110. 

  110. 		{
    111. 

  111. 			$returnurl = "profile/".$attachedname.'/attachments';
    112. 

  112. 		}
    113. 

  113. 		else if ($attachedto == "post")
    114. 

  114. 		{
    115. 

  115. 			$returnurl = $attachedname.'/attachments';
    116. 

  116. 		}
    117. 

  117. 		else
    118. 

  118. 		{
    119. 

  119. 			$returnurl = $attachedto.'/'.$attachedid.'/attachments';
    120. 

  120. 		}
    121. 

  121. 

  122. 		$uploadtype = "";
    123. 

  123. 		$result = "";
    124. 

  124. 		if (isset($_FILES["swfuploadfile"])) // Upload is a swfupload, and it's swfupload's first pass, so physically upload file
    125. 

  125. 		{
    126. 

  126. 			$uploadtype = "swfuploadupload";
    127. 

  127. 			$result = $this->upload->do_upload('swfuploadfile');
    128. 

  128. 		}
    129. 

  129. 		else if (isset($_POST["hidFileID"]) && $_POST["hidFileID"] != "" ) // We are on swfupload's second pass, the upload has already been done
    130. 

  130. 		{
    131. 

  131. 			$uploadtype = "swfuploadparse";
    132. 

  132. 			$result = TRUE;
    133. 

  133. 		}
    134. 

  134. 		else // Upload is a non swfupload, physically upload file
    135. 

  135. 		{
    136. 

  136. 			$uploadtype = "regular";
    137. 

  137. 			$result = $this->upload->do_upload('Filedata');
    138. 

  138. 		}
    139. 

  139. 

  140. 		if(!$result && $uploadtype == "regular") // A non swfupload fail
    141. 

  141. 		{
    142. 

  142. 			$this->_message(
    143. 

  143. 				'Manage uploads',
    144. 

  144. 				$this->upload->display_errors('', '').' Click <a href="'.base_url().$returnurl.'">here</a> to return to editing.',
    145. 

  145. 				'Error'
    146. 

  146. 			);
    147. 

  147. 		}
    148. 

  148. 		else if (!$result)
    149. 

  149. 		{
    150. 

  150. 			// User won't see this area since something did fail, but this was on swfupload's first pass, so swfupload will report the error
    151. 

  151. 		}
    152. 

  152. 		else // Upload was a success
    153. 

  153. 		{
    154. 

  154. 			if ($uploadtype == "swfuploadparse") // It's swfupload's second pass after the physical upload let's grab the filename from swfupload
    155. 

  155. 			{
    156. 

  156. 				$filename = $_POST["hidFileID"];
    157. 

  157. 			}
    158. 

  158. 			else // Otherwise, it's a regular upload or swfupload's first pass, and we will get the file name through CI
    159. 

  159. 			{
    160. 

  160. 				$filedata = $this->upload->data();
    161. 

  161. 				$filename = $filedata['file_name'];
    162. 

  162. 			}
    163. 

  163. 

  164. 			if ($uploadtype != "swfuploadupload") // We aren't on swfupload's first pass, so we are either on its second or a regular upload, so we will parse the file into the database and return to the user
    165. 

  165. 			{
    166. 

  166. 				// However, we will only parse the file if the user has an established session
    167. 

  167. 				// We couldn't check earlier in this code for the session because when swfupload does it's first pass, it's through the flash/ajax applet, and that doesn't handle sessions and can't grab CI session
    168. 

  168. 				/* Which means, now that we are back to the CI form submission, if there's no valid session here and they don't have attachments privilege,
    169. 

  169. 				   we will delete the file that was attempted to be uploaded and return an error */
    170. 

  170. 

  171. 				$allowed_to_upload = FALSE;
    172. 

  172. 				$object = instantiate_library('user', $this->session->userdata('userid'));
    173. 

  173. 

  174. 				if (isset($object->user['userid']))
    175. 

  175. 				{
    176. 

  176. 					if ($attachedto == "page" && $this->acl->allow('page', 'attachments', FALSE, 'page', $attachedid))
    177. 

  177. 					{
    178. 

  178. 						$allowed_to_upload = TRUE;
    179. 

  179. 					}
    180. 

  180. 					else if ($attachedto == "post" && $this->acl->allow('post', 'attachments', FALSE, 'post', $attachedid))
    181. 

  181. 					{
    182. 

  182. 						// Grab post's parent so we can grab a template
    183. 

  183. 						$attachedto_parent = instantiate_library('page', $attachedto_object->post['pageid']);
    184. 

  184. 

  185. 						if (isset($attachedto_parent->page['pageid']))
    186. 

  186. 						{
    187. 

  187. 							$attachedto_parent->initialize_page_tree();
    188. 

  188. 							if (isset($attachedto_parent->page['post_templateid']))
    189. 

  189. 							{
    190. 

  190. 								$templateid = $attachedto_parent->page['post_templateid'];
    191. 

  191. 							}
    192. 

  192. 							else
    193. 

  193. 							{
    194. 

  194. 								$this->load->helper('template');
    195. 

  195. 								$templateid = template_to_use('template', 'post', $attachedto_parent->page_tree);
    196. 

  196. 							}
    197. 

  197. 							$template = instantiate_library('template', $templateid);
    198. 

  198. 

  199. 							// Check if there's a template
    200. 

  200. 							if (isset($template->template['templateid']))
    201. 

  201. 							{
    202. 

  202. 								// Grab template quotas
    203. 

  203. 								$template->initialize_quotas();
    204. 

  204. 

  205. 								$quota_required = TRUE;
    206. 

  206. 								$no_quota_in_use = TRUE;
    207. 

  207. 

  208. 								// Go through quotas determing which one the user is set to, if any
    209. 

  209. 								foreach ($template->quotas as $filegroup)
    210. 

  210. 								{
    211. 

  211. 									$filegroup_editable = $this->acl->access($filegroup['protection'], $attachedto_parent, $attachedid);
    212. 

  212. 

  213. 									if ($filegroup_editable)
    214. 

  214. 									{
    215. 

  215. 										$no_quota_in_use = FALSE;
    216. 

  216. 									}
    217. 

  217. 									else if (!$filegroup_editable && $filegroup['other_roles_allowed'])
    218. 

  218. 									{
    219. 

  219. 										$quota_required = FALSE;
    220. 

  220. 									}
    221. 

  221. 

  222. 									// If we are uploading to a specific file type, and that file type is permitted in this template, we must check if we reached the cap
    223. 

  223. 									if ((!$quota_required || $filegroup_editable) && $filetypeid != NULL && isset($filegroup['filetypes'][$filetypeid]))
    224. 

  224. 									{
    225. 

  225. 										$attached = $this->files_model->get_attached('post', $attachedid, $filetypeid);
    226. 

  226. 										if ($filegroup['filetypes'][$filetypeid]['cap'] != '*' && $attached->num_rows() >= $filegroup['filetypes'][$filetypeid]['cap'])
    227. 

  227. 										{
    228. 

  228. 											$failure_message = 'You cannot upload a '.strtolower($filegroup['filetypes'][$filetypeid]['name']).' file, the maximum allowed is '.$filegroup['filetypes'][$filetypeid]['cap'].'. '.
    229. 

  229. 												'<a href="'.base_url().$returnurl.'">Please remove a file of this type first</a>.';
    230. 

  230. 										}
    231. 

  231. 										else
    232. 

  232. 										{
    233. 

  233. 											$allowed_to_upload = TRUE;
    234. 

  234. 										}
    235. 

  235. 									}
    236. 

  236. 								}
    237. 

  237. 

  238. 								// If the user isn't assigned to a quota, or is assigned to one but not required to use it
    239. 

  239. 								// And the file isn't a part of a quota but a regular file attachment, allow the upload
    240. 

  240. 								if (!isset($failure_message) && $filetypeid == NULL && (!$quota_required || $no_quota_in_use))
    241. 

  241. 								{
    242. 

  242. 									$allowed_to_upload = TRUE;
    243. 

  243. 								}
    244. 

  244. 							}
    245. 

  245. 							else // No template, which means they can upload
    246. 

  246. 							{
    247. 

  247. 								$allowed_to_upload = TRUE;
    248. 

  248. 							}
    249. 

  249. 						}
    250. 

  250. 						else // No template, which means they can upload
    251. 

  251. 						{
    252. 

  252. 							$allowed_to_upload = TRUE;
    253. 

  253. 						}
    254. 

  254. 					}
    255. 

  255. 					else if ($attachedto == "user" && $this->acl->allow('profile', 'add', FALSE, 'user', $attachedid))
    256. 

  256. 					{
    257. 

  257. 						$allowed_to_upload = TRUE;
    258. 

  258. 					}
    259. 

  259. 					else if ($attachedto == "email" && $this->acl->allow('site', 'manage_users', FALSE))
    260. 

  260. 					{
    261. 

  261. 						$allowed_to_upload = TRUE;
    262. 

  262. 					}
    263. 

  263. 					else if ($this->acl->allow('site', 'manage_content', FALSE))
    264. 

  264. 					{
    265. 

  265. 						$allowed_to_upload = TRUE;
    266. 

  266. 					}
    267. 

  267. 				}
    268. 

  268. 

  269. 				if ($allowed_to_upload)
    270. 

  270. 				{
    271. 

  271. 					if ($attachedto != "email") // But only parse file into the database when it's not an email attachment, which are temporary uploads
    272. 

  272. 					{
    273. 

  273. 						$this->_parsefile($config['upload_path'], $filename, $attachedto, $attachedid, $replacefileid, $filetypeid);
    274. 

  274. 					}
    275. 

  275. 					else // Add temporary upload information to mailing list session
    276. 

  276. 					{
    277. 

  277. 						// Preserve mailing user list session information
    278. 

  278. 						$this->session->keep_flashdata('maillist');
    279. 

  279. 						$this->session->keep_flashdata('sort');
    280. 

  280. 						$this->session->keep_flashdata('page');
    281. 

  281. 

  282. 						$mailattachments = $this->session->flashdata('mailattachments');
    283. 

  283. 						array_push($mailattachments, $filename);
    284. 

  284. 						$this->session->set_flashdata('mailattachments', $mailattachments);
    285. 

  285. 					}
    286. 

  286. 					redirect($returnurl);
    287. 

  287. 				}
    288. 

  288. 				else
    289. 

  289. 				{
    290. 

  290. 					if (file_exists($config['upload_path'].'/'.$filename))
    291. 

  291. 					{
    292. 

  292. 						unlink($config['upload_path'].'/'.$filename);
    293. 

  293. 					}
    294. 

  294. 

  295. 					if (!isset($failure_message))
    296. 

  296. 					{
    297. 

  297. 						$this->_access_denied();
    298. 

  298. 					}
    299. 

  299. 					else
    300. 

  300. 					{
    301. 

  301. 						$this->_message('Upload error', $failure_message);
    302. 

  302. 					}
    303. 

  303. 				}
    304. 

  304. 			}
    305. 

  305. 			else // We are on swfupload's first pass, echo the filename so that it'll do some AJAX and stick that filename into the attachment form in preparation for it's second pass
    306. 

  306. 			{
    307. 

  307. 				echo $filename;
    308. 

  308. 			}
    309. 

  309. 		}
    310. 

  310. 	}
    311. 

  311. 

  312. 	function _parsefile($filepath, $filename, $attachedto, $attachedid, $replacefileid, $filetypeid)
    313. 

  313. 	{
    314. 

  314. 		// If the file isn't replacing an existing one, we need to create it in the database
    315. 

  315. 		if ($replacefileid == NULL)
    316. 

  316. 		{
    317. 

  317. 			// Determine file is an image or not
    318. 

  318. 			$info = @getimagesize($filepath.'/'.$filename);
    319. 

  319. 			if(!$info)
    320. 

  320. 			{
    321. 

  321. 				$isimage = "0";
    322. 

  322. 			}
    323. 

  323. 			else
    324. 

  324. 			{
    325. 

  325. 				$isimage = "1";
    326. 

  326. 			}
    327. 

  327. 

  328. 			// Break down filename into it's name and extension
    329. 

  329. 			$filepieces = explode(".", $filename);
    330. 

  330. 			$extension = $filepieces[count($filepieces)-1];
    331. 

  331. 			$filename = substr($filename, 0, strrpos($filename, "."));
    332. 

  332. 

  333. 			// Create file
    334. 

  334. 			$this->load->library('file_lib','','new_file');
    335. 

  335. 			$this->new_file->new_file['userid'] = $this->session->userdata('userid');
    336. 

  336. 			$this->new_file->new_file['filename'] = $filename;
    337. 

  337. 			$this->new_file->new_file['extension'] = $extension;
    338. 

  338. 			$this->new_file->new_file['isimage'] = $isimage;
    339. 

  339. 			$this->new_file->new_file['attachedto'] = $attachedto;
    340. 

  340. 			$this->new_file->new_file['attachedid'] = $attachedid;
    341. 

  341. 			$this->new_file->new_file['filetypeid'] = $filetypeid;
    342. 

  342. 

  343. 			// Although CI ensures a unique upload name, our upload was to 'files_managed', and if there's a file with the same name sitting in the 'files' folder we will have problems
    344. 

  344. 			// Let's have the file library suggest a new file name that lacks spaces, invalid symbols and caps doesn't collide with an existing file
    345. 

  345. 			$this->new_file->suggest();
    346. 

  346. 

  347. 			if ($filename.'.'.$extension != $this->new_file->new_file['filename'].'.'.$this->new_file->new_file['extension'])
    348. 

  348. 			{
    349. 

  349. 				copy($filepath.'/'.$filename.'.'.$extension, $filepath.'/'.$this->new_file->new_file['filename'].'.'.$this->new_file->new_file['extension']);
    350. 

  350. 				unlink($filepath.'/'.$filename.'.'.$extension);
    351. 

  351. 			}
    352. 

  352. 

  353. 			$this->new_file->save();
    354. 

  354. 		}
    355. 

  355. 		else
    356. 

  356. 		{
    357. 

  357. 			$object = instantiate_library('file', $replacefileid);
    358. 

  358. 			$object->overwrite($filepath.'/'.$filename);
    359. 

  359. 		}
    360. 

  360. 	}
    361. 

  361. }
    362.