PageRenderTime 26ms CodeModel.GetById 11ms RepoModel.GetById 0ms app.codeStats 0ms

/js/AjexFileManager/ajax/php/ajax.php

https://github.com/PaulRover08/Active-Fusion
PHP | 293 lines | 246 code | 22 blank | 25 comment | 32 complexity | e14978b644820622d9c8741b912213b9 MD5 | raw file
    

  1. <?php

    2. 

  2. /**

    3. 

  3.  * Ajex.FileManager

    4. 

  4.  * http://demphest.ru/ajex-filemanager

    5. 

  5.  *

    6. 

  6.  * @version

    7. 

  7.  * 1.0.4

    8. 

  8.  *

    9. 

  9.  * @copyright

    10. 

  10.  * Copyright (C) 2009-2010 Demphest Gorphek

    11. 

  11.  *

    12. 

  12.  * @license

    13. 

  13.  * Dual licensed under the MIT and GPL licenses.

    14. 

  14.  *   http://www.opensource.org/licenses/mit-license.php

    15. 

  15.  *   http://www.gnu.org/licenses/gpl.html

    16. 

  16.  *

    17. 

  17.  * Ajex.FileManager is free software: you can redistribute it and/or modify

    18. 

  18.  * it under the terms of the GNU Lesser General Public License as published by

    19. 

  19.  * the Free Software Foundation, either version 3 of the License, or

    20. 

  20.  * (at your option) any later version.

    21. 

  21.  *

    22. 

  22.  * This file is part of Ajex.FileManager.

    23. 

  23.  */

    24. 

  24. 

    25. 

  25. header('Expires: Sun, 13 Sep 2009 00:00:00 GMT');

    26. 

  26. header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');

    27. 

  27. header('Cache-Control: no-store, no-cache, must-revalidate');

    28. 

  28. header('Cache-Control: post-check=0, pre-check=0', false);

    29. 

  29. header('Pragma: no-cache') ;

    30. 

  30. //header('Content-Type: text/json; charset=utf-8');

    31. 

  31. 

    32. 

  32. define('DEV', false);

    33. 

  33. if (DEV) {

    34. 

  34. 	error_reporting(E_ALL);

    35. 

  35. 	ini_set('display_errors', 'on');

    36. 

  36. 	ini_set('display_startup_errors', 'on');

    37. 

  37. } else {

    38. 

  38. 	error_reporting(0);

    39. 

  39. 	ini_set('display_errors', 'off');

    40. 

  40. 	ini_set('display_startup_errors', 'off');

    41. 

  41. }

    42. 

  42. 

    43. 

  43. //if (!isset($_SESSION['admin'])) {exit;}			// Do not forget to add your user authorization

    44. 

  44. 

    45. 

  45. 

    46. 

  46. define('DIR_SEP', '/');

    47. 

  47. mb_internal_encoding('utf-8');

    48. 

  48. date_default_timezone_set('Europe/London');

    49. 

  49. 

    50. 

  50. $cfg['url']	= 'upload';

    51. 

  51. $cfg['root']	= $_SERVER['DOCUMENT_ROOT'] . DIR_SEP . $cfg['url'];			// http://www.yousite.com/upload/		absolute path

    52. 

  52. $cfg['quickdir'] = '';		//$cfg['quickdir'] = 'quick-folder';		// for CKEditor

    53. 

  53. 

    54. 

  54. $cfg['lang']	= 'ru';

    55. 

  55. 

    56. 

  56. $cfg['thumb']['width'] 	= 150;

    57. 

  57. $cfg['thumb']['height']	= 120;

    58. 

  58. $cfg['thumb']['quality']	= 80;

    59. 

  59. $cfg['thumb']['cut']		= true;

    60. 

  60. $cfg['thumb']['auto']	= true;

    61. 

  61. $cfg['thumb']['dir']		= '_thumb';

    62. 

  62. $cfg['thumb']['date']	= "j.m.Y, H:i";

    63. 

  63. 

    64. 

  64. $cfg['hide']['file']	= array('.htaccess');

    65. 

  65. $cfg['hide']['folder']	= array('.', '..', $cfg['thumb']['dir'], '.svn', '.cvs');

    66. 

  66. 

    67. 

  67. $cfg['chmod']['file']		= 0777;

    68. 

  68. $cfg['chmod']['folder']	= 0777;

    69. 

  69. 

    70. 

  70. $cfg['deny'] = array(

    71. 

  71. 	'file'		=> array('php','php3','php4','php5','phtml','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','dll','reg','cgi'),

    72. 

  72. 	'flash'		=> array(),

    73. 

  73. 	'image'	=> array(),

    74. 

  74. 	'media'	=> array(),

    75. 

  75. 

    76. 

  76. 	'folder'	=> array(

    77. 

  77. 			$cfg['url'] . DIR_SEP . 'file',

    78. 

  78. 			$cfg['url'] . DIR_SEP . 'flash',

    79. 

  79. 			$cfg['url'] . DIR_SEP . 'image',

    80. 

  80. 			$cfg['url'] . DIR_SEP . 'media')

    81. 

  81. );

    82. 

  82. 

    83. 

  83. $cfg['allow'] = array(

    84. 

  84. 	'file'		=> array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip'),

    85. 

  85. 	'flash'		=> array('swf', 'flv'),

    86. 

  86. 	'image'	=> array('jpg', 'jpeg', 'gif', 'png', 'bmp'),

    87. 

  87. 	'media'	=> array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv')

    88. 

  88. );

    89. 

  89. 

    90. 

  90. 

    91. 

  91. $cfg['nameRegAllow'] = '/^[a-z0-9-_#~\$%()\[\]&=]+/i';

    92. 

  92. 

    93. 

  93. //	------------------

    94. 

  94. $cfg['url']	= trim($cfg['url'], '/\\');

    95. 

  95. $cfg['root']	= rtrim($cfg['root'], '/\\') . DIR_SEP;

    96. 

  96. 

    97. 

  97. $dir = isset($_POST['dir'])? urldecode($_POST['dir']) : '';

    98. 

  98. $dir = trim($dir, '/\\') . DIR_SEP;

    99. 

  99. 

    100. 

  100. $rpath = str_replace('\\', DIR_SEP, realpath($cfg['root'] . $dir) . DIR_SEP);

    101. 

  101. if (false === strpos($rpath, str_replace('\\', DIR_SEP, $dir))) {$dir = '';}

    102. 

  102. 

    103. 

  103. 

    104. 

  104. $mode = isset($_GET['mode'])? $_GET['mode'] : 'getDirs';

    105. 

  105. $cfg['type']	= isset($_POST['type'])? $_POST['type'] : (isset($_GET['type']) && 'QuickUpload' == $mode? $_GET['type'] : 'file');

    106. 

  106. $cfg['sort']	= isset($_POST['sort'])? $_POST['sort'] : 'name';

    107. 

  107. 

    108. 

  108. $cfg['type'] = strtolower($cfg['type']);

    109. 

  109. 

    110. 

  110. $reply = array(

    111. 

  111. 	'dirs'		=> array(),

    112. 

  112. 	'files'		=> array()

    113. 

  113. );

    114. 

  114. 

    115. 

  115. //	------------------

    116. 

  116. 

    117. 

  117. require_once 'lib.php';

    118. 

  118. 

    119. 

  119. switch($mode) {

    120. 

  120. 	case 'cfg':

    121. 

  121. 		$rootDir = listDirs('');

    122. 

  122. 		$children = array();

    123. 

  123. 		for ($i=-1, $iCount=count($rootDir); ++$i<$iCount;) {

    124. 

  124. 			$children[] = (object) $rootDir[$i];

    125. 

  125. 		}

    126. 

  126. 

    127. 

  127. 		$reply['config'] = array(

    128. 

  128. 			'lang'		=> $cfg['lang'],

    129. 

  129. 			'type'		=> $cfg['type'],

    130. 

  130. 			'url'		=> '/' . $cfg['url'] . '/',

    131. 

  131. 			'thumb'	=> $cfg['thumb']['dir'],

    132. 

  132. 			'thumbWidth'	=> $cfg['thumb']['width'],

    133. 

  133. 			'thumbHeight'	=> $cfg['thumb']['height'],

    134. 

  134. 			'maxUpload' => ini_get('upload_max_filesize'),

    135. 

  135. 			'allow'		=> implode('|', $cfg['allow'][$cfg['type']]),

    136. 

  136. 			'children'	=> $children

    137. 

  137. 		);

    138. 

  138. 		break;

    139. 

  139. 

    140. 

  140. 	case 'renameFile':

    141. 

  141. 		$file = trim(urldecode($_POST['oldname']), '/\\.');

    142. 

  142. 		$name = urldecode($_POST['newname']);

    143. 

  143. 

    144. 

  144. 		if ($file != $name && preg_match($cfg['nameRegAllow'], $name) && file_exists($cfg['root']) . $dir . $file) {

    145. 

  145. 			if (file_exists($_thumb = $cfg['root'] . $cfg['thumb']['dir'] . DIR_SEP . $dir . DIR_SEP . $file)) {

    146. 

  146. 				unlink($_thumb);

    147. 

  147. 			}

    148. 

  148. 			if (file_exists($cfg['root'] . $dir . $name)) {

    149. 

  149. 				$name = getFreeFileName($name, $cfg['root'] . $dir);

    150. 

  150. 			}

    151. 

  151. 			if (false !== strpos($name, '.')) {

    152. 

  152. 				$ext = substr($name, strrpos($name, '.') + 1);

    153. 

  153. 				if (in_array($ext, $cfg['allow']['image'])) {

    154. 

  154. 					rename($cfg['root'] . $dir . $file, $cfg['root'] . $dir . $name);

    155. 

  155. 				}

    156. 

  156. 			}

    157. 

  157. 		}

    158. 

  158. 

    159. 

  159. 		$reply['files'] = listFiles($dir);

    160. 

  160. 		break;

    161. 

  161. 

    162. 

  162. 	case 'createFolder':

    163. 

  163. 		$path = trim(urldecode($_POST['oldname']), '/\\.');

    164. 

  164. 		$name = urldecode($_POST['newname']);

    165. 

  165. 

    166. 

  166. 		$reply['isSuccess'] = false;

    167. 

  167. 		if (preg_match($cfg['nameRegAllow'], $name)) {

    168. 

  168. 			if (!file_exists($cfg['root'] . $path . DIR_SEP . $name)) {

    169. 

  169. 				$reply['isSuccess'] = mkdir($cfg['root'] . $path . DIR_SEP . $name, $cfg['chmod']['folder']);

    170. 

  170. 			} else {

    171. 

  171. 				$reply['isSuccess'] = 'exist';

    172. 

  172. 			}

    173. 

  173. 		}

    174. 

  174. 		break;

    175. 

  175. 

    176. 

  176. 	case 'renameFolder':

    177. 

  177. 		$folder	= urldecode($_POST['oldname']);

    178. 

  178. 		$name	= urldecode($_POST['newname']);

    179. 

  179. 		$folder	= trim($folder, '/\\.');

    180. 

  180. 

    181. 

  181. 		$reply['isSuccess'] = false;

    182. 

  182. 		if (!empty($folder) && $cfg['url'] != $folder && $folder != $name && !in_array($cfg['url'] . DIR_SEP . $folder, $cfg['deny']['folder']) && preg_match($cfg['nameRegAllow'], $name) && is_dir($cfg['root']) . $folder) {

    183. 

  183. 			$reply['isSuccess'] = rename($cfg['root'] . $folder, $cfg['root'] . substr($folder, 0, strrpos($folder, '/')) . DIR_SEP . $name);

    184. 

  184. 		}

    185. 

  185. 		break;

    186. 

  186. 

    187. 

  187. 	case 'deleteFolder':

    188. 

  188. 		$reply['isDelete'] = false;

    189. 

  189. 		$folder = trim($dir, '/\\');

    190. 

  190. 

    191. 

  191. 		if (!empty($folder) && $cfg['url'] != $folder && !in_array($cfg['url'] . DIR_SEP . $folder, $cfg['deny']['folder'])) {

    192. 

  192. 			deleteDir($cfg['root'] . $cfg['thumb']['dir'] . DIR_SEP. $folder);

    193. 

  193. 			$reply['isDelete'] = deleteDir($cfg['root'] . $folder);

    194. 

  194. 		}

    195. 

  195. 		break;

    196. 

  196. 

    197. 

  197. 	case 'uploads':

    198. 

  198. 		$reply['downloaded'] = array();

    199. 

  199. 		$width	= isset($_POST['resizeWidth'])? intval($_POST['resizeWidth']) : 0;

    200. 

  200. 		$height	= isset($_POST['resizeHeight'])? intval($_POST['resizeHeight']): 0;

    201. 

  201. 

    202. 

  202. 		$key = 'uploadFiles';

    203. 

  203. 		if (!empty($dir) && '/' != $dir && !empty($_FILES[$key])) {

    204. 

  204. 			for ($i=-1, $iCount=count($_FILES[$key]['name']); ++$i<$iCount;) {

    205. 

  205. 				$ext = substr($_FILES[$key]['name'][$i], strrpos($_FILES[$key]['name'][$i], '.') + 1);

    206. 

  206. 				if (!in_array($ext, $cfg['deny'][$cfg['type']]) && in_array($ext, $cfg['allow'][$cfg['type']])) {

    207. 

  207. 					$freeName = getFreeFileName($_FILES[$key]['name'][$i], $cfg['root'] . $dir);

    208. 

  208. 					if (in_array($ext, $cfg['allow']['image'])) {

    209. 

  209. 						if ($width || $height) {

    210. 

  210. 							create_thumbnail($_FILES[$key]['tmp_name'][$i], $cfg['root'] . $dir . $freeName, $width, $height, 100, false, true);

    211. 

  211. 							chmod($cfg['root'] . $dir . $freeName, $cfg['chmod']['file']);

    212. 

  212. 						} else {

    213. 

  213. 							if (move_uploaded_file($_FILES[$key]['tmp_name'][$i], $cfg['root'] . $dir . $freeName)) {

    214. 

  214. 								chmod($cfg['root'] . $dir . $freeName, $cfg['chmod']['file']);

    215. 

  215. 								if ($cfg['thumb']['auto']) {

    216. 

  216. 									create_thumbnail($cfg['root'] . $dir . $freeName, $cfg['root'] . $cfg['thumb']['dir'] . DIR_SEP . $dir . DIR_SEP. $freeName);

    217. 

  217. 									chmod($cfg['root'] . $cfg['thumb']['dir'] . DIR_SEP . $dir . DIR_SEP. $freeName, $cfg['chmod']['file']);

    218. 

  218. 								}

    219. 

  219. 								$reply['downloaded'][] = array(true, $freeName);

    220. 

  220. 							} else {

    221. 

  221. 								$reply['downloaded'][] = array(false, $freeName);

    222. 

  222. 							}

    223. 

  223. 						}

    224. 

  224. 					} else {

    225. 

  225. 						if (move_uploaded_file($_FILES[$key]['tmp_name'][$i], $cfg['root'] . $dir . $freeName)) {

    226. 

  226. 							chmod($cfg['root'] . $dir . $freeName, $cfg['chmod']['file']);

    227. 

  227. 							$reply['downloaded'][] = array(true, $freeName);

    228. 

  228. 						} else {

    229. 

  229. 							$reply['downloaded'][] = array(false, $freeName);

    230. 

  230. 						}

    231. 

  231. 					}

    232. 

  232. 				} else {

    233. 

  233. 					$reply['downloaded'][] = array(false, $_FILES[$key]['name'][$i]);

    234. 

  234. 				}

    235. 

  235. 			}

    236. 

  236. 		}

    237. 

  237. 		break;

    238. 

  238. 

    239. 

  239. 	case 'QuickUpload':

    240. 

  240. 		switch ($cfg['type']) {

    241. 

  241. 			case 'file':

    242. 

  242. 			case 'flash':

    243. 

  243. 			case 'image':

    244. 

  244. 			case 'media':

    245. 

  245. 				$dir = $cfg['type'];

    246. 

  246. 				break;

    247. 

  247. 			default:

    248. 

  248. 				exit;		//	exit	for not supported type

    249. 

  249. 				break;

    250. 

  250. 		}

    251. 

  251. 		if (!is_dir($toDir = $cfg['root'] . $dir . DIR_SEP . $cfg['quickdir'])) {

    252. 

  252. 			mkdirs($toDir, $cfg['chmod']['folder']);

    253. 

  253. 		}

    254. 

  254. 

    255. 

  255. 		if (0 == ($_FILES['upload']['error'])) {

    256. 

  256. 			$fileName = getFreeFileName($_FILES['upload']['name'], $toDir);

    257. 

  257. 			$ext = substr($fileName, strrpos($fileName, '.') + 1);

    258. 

  258. 			$ext = strtolower($ext);

    259. 

  259. 			if (!in_array($ext, $cfg['deny'][$cfg['type']]) && in_array($ext, $cfg['allow'][$cfg['type']]) && move_uploaded_file($_FILES['upload']['tmp_name'], $toDir . DIR_SEP . $fileName)) {

    260. 

  260. 				$funcNum = isset($_GET['CKEditorFuncNum'])? intval($_GET['CKEditorFuncNum']) : 2;

    261. 

  261. 				$result = "<script type=\"text/javascript\">window.parent.CKEDITOR.tools.callFunction(" . $funcNum . ", '/". $cfg['url'] . '/' . $dir . '/' . (empty($cfg['quickdir'])? '' : trim($cfg['quickdir'], '/\\') . '/') . $fileName."', '');</script>";

    262. 

  262. 			}

    263. 

  263. 		}

    264. 

  264. 

    265. 

  265. 		exit($result);

    266. 

  266. 		break;

    267. 

  267. 

    268. 

  268. 	case 'deleteFiles':

    269. 

  269. 		$files = urldecode($_POST['files']);

    270. 

  270. 		$files = explode('::', $files);

    271. 

  271. 		for ($i=-1, $iCount=count($files); ++$i<$iCount;) {

    272. 

  272. 			unlink($cfg['root'] . $dir . $files[$i]);

    273. 

  273. 			file_exists($_thumb = $cfg['root'] . $cfg['thumb']['dir']  . DIR_SEP. $dir . DIR_SEP . $files[$i])? unlink($_thumb): null;

    274. 

  274. 		}

    275. 

  275. 

    276. 

  276. 		$reply['files'] = listFiles($dir);

    277. 

  277. 		break;

    278. 

  278. 

    279. 

  279. 	case 'getFiles':

    280. 

  280. 		$reply['files'] = listFiles($dir);

    281. 

  281. 		break;

    282. 

  282. 

    283. 

  283. 	case 'getDirs':

    284. 

  284. 		$reply['dirs'] = listDirs($dir);

    285. 

  285. 		break;

    286. 

  286. 

    287. 

  287. 	default:

    288. 

  288. 		exit;

    289. 

  289. 		break;

    290. 

  290. }

    291. 

  291. 

    292. 

  292. if (isset($_GET['noJson'])) {echo'<pre>';print_r($reply);echo'</pre>';exit;}

    293. 

  293. exit( json_encode( $reply ) );
    294.