PageRenderTime 59ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 0ms

/source/libs/filemgr/global_function.php

https://github.com/yfg2014/ddim
PHP | 1257 lines | 935 code | 210 blank | 112 comment | 188 complexity | 0620383fb3904db41a4492390c811005 MD5 | raw file
Possible License(s): LGPL-2.1, AGPL-1.0 
    

  1. <?php
    2. 

  2. 

  3. function search($terms){
    4. 

  4. 	global $database,$dateFormat,$fileinfo;
    5. 

  5. 	jsonStart();
    6. 

  6. 	$terms = mysql_escape_string($terms);
    7. 

  7. 	foreach(getUserPaths() as $path){
    8. 

  8. 		if(isset($where))$where .= " or ";
    9. 

  9. 		$where .= "path like \"$path%\"";
    10. 

  10. 	}
    11. 

  11. 	#$query = "select *,date_format(`date`,\"$dateFormat\") as `dateformatted` from filesystem where ($where) and match(filename,description) against(\"$terms\")";
    12. 

  12. 	$query = "select *,date_format(`date`,\"$dateFormat\") as `dateformatted`,match(filename,description,rpath) against(\"$terms\") as `rank` from $GLOBALS[tablePrefix]filesystem where ($where) and (match(filename,description,rpath) against(\"$terms\") or (filename like \"%$terms%\" or rpath like \"%$terms%\" or description like \"%$terms%\")) and status='found' order by rank desc";
    13. 

  13. 	#echo $query;
    14. 

  14. 	$resourceq = mysql_query($query,$database) ;
    15. 

  15. 	#echo $resourceq;
    16. 

  16. 	$toprank = 0.000001;
    17. 

  17. 	while($files = mysql_fetch_assoc($resourceq)) {
    18. 

  18. 		if($toprank == 0.000001 and $files['rank'] != 0)$toprank = $files['rank'];
    19. 

  19. 		$myrank = round(($files['rank']/$toprank)*3)+2;
    20. 

  20. 		getFileInfo($files['id']);
    21. 

  21. 		jsonAdd("\"rank\":\"$myrank\",\"type\": \"file\", \"path\": \"$fileinfo[virtualpath]\",\"name\": \"$files[filename]\",\"date\":\"$files[dateformatted]\", \"id\": \"$files[id]\",\"flags\": \"$files[flags]\"");
    22. 

  22. 		$results ++;
    23. 

  23. 	}
    24. 

  24. 	if($results > 0)
    25. 

  25. 		echo jsonReturn('search');
    26. 

  26. }
    27. 

  27. 

  28. function getFile($fileid){
    29. 

  29. 	global $database,$filepath,$fileinfo;
    30. 

  30. 	if(getFileInfo($fileid)){
    31. 

  31. 		if(getUserAuth('download',$fileinfo['virtualpath'])){
    32. 

  32. 			logAction('get',$fileid);
    33. 

  33. 			$query = "update $GLOBALS[tablePrefix]filesystem set downloads=downloads+1 where id=$fileid";
    34. 

  34. 			$result = mysql_query($query,$database);
    35. 

  35. 			header("Pragma: public"); 
    36. 

  36. 			header("Expires: 0");
    37. 

  37. 			header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    38. 

  38. 			header("Cache-Control: private",false); 
    39. 

  39. 			header("Content-type: $fileinfo[type]");
    40. 

  40. 			header("Content-Transfer-Encoding: Binary");
    41. 

  41. 			header("Content-length: ".filesize($filepath));
    42. 

  42. 			header("Content-disposition: attachment; filename=\"".basename($filepath)."\"");
    43. 

  43. 			readfile("$filepath");
    44. 

  44. 		}else{
    45. 

  45. 			error("access denied to $fileid");
    46. 

  46. 		}
    47. 

  47. 	}else{
    48. 

  48. 		error ('access denied');
    49. 

  49. 	}
    50. 

  50. }
    51. 

  51. 

  52. function emailFilePackage($fileids,$to,$from,$message){
    53. 

  53. 	global $fileinfo,$filepath,$database;
    54. 

  54. 	
    55. 

  55. 	$fileids = preg_split("/\,/",$fileids);
    56. 

  56. 	
    57. 

  57. 	$boundary = "DU_" . md5(uniqid(time()));	
    58. 

  58. 	$headers = "From: $from". "\r\n";
    59. 

  59. 	$headers .= "MIME-Version: 1.0"."\r\n";
    60. 

  60. 	$headers .= "Content-Type: multipart/mixed; boundary=\"$boundary\";". "\r\n";
    61. 

  61. 	$mailMessage = "--$boundary
    62. 

  62. Content-Type: text/plain; charset=\"iso-8859-1\"
    63. 

  63. Content-Transfer-Encoding: 7bit
    64. 

  64. 

  65. $message
    66. 

  66. ";
    67. 

    68. 

  68. 	foreach($fileids as $fileid){
    69. 

  69. 		if(getFileInfo($fileid)){
    70. 

  70. 			#echo "$fileinfo[rpath] $fileid";
    71. 

  71. 			if(getUserAuth('download',$fileinfo['virtualpath'])){
    72. 

  72. 				logAction('get',$fileid);
    73. 

  73. 									
    74. 

  74. 				$query = "update $GLOBALS[tablePrefix]filesystem set downloads=downloads+1 where id=$fileid";
    75. 

  75. 				$result = mysql_query($query,$database);
    76. 

  76. 					
    77. 

  77. 				$ct = $fileinfo['type'];
    78. 

  78. 				if($ct=='')$ct = 'application/force-download';
    79. 

  79. 				$mailMessage.= "--$boundary\nContent-Type: $ct\nContent-Transfer-Encoding: base64\nContent-Disposition: attachment; filename=\"$fileinfo[filename]\"\n\n";
    80. 

  80. 				$mailMessage.= chunk_split(base64_encode(file_get_contents($filepath)));
    81. 

  81. 			}
    82. 

  82. 		}
    83. 

  83. 	}
    84. 

  84. 	$mailMessage.= "\n--$boundary--";
    85. 

  85. 	#echo $mailMessage;
    86. 

  86. 	ini_set(SMTP,'mvs5.duarte.com');
    87. 

  87. 	
    88. 

  88. 	if(mail($to,"File from $from",$mailMessage,$headers))
    89. 

  89. 		$status = "Message Sent";
    90. 

  90. 	else
    91. 

  91. 		$status = "ERROR: Message Not Sent";
    92. 

  92. 	#". base64_encode(getFilePackage($fileids,true))."
    93. 

  93. 	#".file_get_contents($filepath)."
    94. 

  94. 	
    95. 

  95. 	jsonStart();
    96. 

  96. 	jsonAdd("\"status\": \"$status\"");
    97. 

  97. 	echo jsonReturn("bindings"); 
    98. 

  98. }
    99. 

  99. 

  100. function getFilePackage($fileids,$returnContent = false){
    101. 

  101. 	global $database,$fileinfo,$filepath;
    102. 

  102. 	
    103. 

  103. 	$fileids = preg_split("/\,/",$fileids);
    104. 

  104. 	include_once("inc/createZip.inc.php");
    105. 

  105. 	$createZip = new createZip;
    106. 

  106. 	$fileCount = 0;
    107. 

  107. 	logAction('getFilePackage',$fileids);
    108. 

  108. 	foreach($fileids as $fileid){
    109. 

  109. 		if(getFileInfo($fileid)){
    110. 

  110. 			if(getUserAuth('download',$fileinfo['virtualpath'])){
    111. 

  111. 				logAction('get',$fileid);
    112. 

  112. 				$query = "update $GLOBALS[tablePrefix]filesystem set downloads=downloads+1 where id=$fileid";
    113. 

  113. 				$result = mysql_query($query,$database);
    114. 

  114. 				
    115. 

  115. 				$createZip -> addFile(file_get_contents($filepath), "$fileinfo[filename]");
    116. 

  116. 				$fileCount++;
    117. 

  117. 			}else{
    118. 

  118. 				// denied
    119. 

  119. 			}
    120. 

  120. 		}else{
    121. 

  121. 			// denied
    122. 

  122. 		}
    123. 

  123. 	}
    124. 

  124. 	
    125. 

  125. 	if($fileCount > 0){
    126. 

  126. 		if($returnContent != true){
    127. 

  127. 			header("Content-Type: application/zip");
    128. 

  128. 			header("Content-Transfer-Encoding: Binary");
    129. 

  129. 			#header("Content-length: ".strlen($zipped));
    130. 

  130. 			header("Content-disposition: attachment; filename=\"package.zip\"");
    131. 

  131. 			echo $createZip -> getZippedfile();
    132. 

  132. 		}else{
    133. 

  133. 			return $createZip->getZippedfile();
    134. 

  134. 		}
    135. 

  135. 	}else{
    136. 

  136. 		error('no files zipped');
    137. 

  137. 	}
    138. 

  138. 

  139. }
    140. 

  140. 

  141. function getFolder($path){
    142. 

  142. 	global $database,$resource,$dateFormat;
    143. 

  143. 	userPermissions();
    144. 

  144. 	$output = '';
    145. 

  145. 	jsonStart();
    146. 

  146. 	$path = mysql_escape_string($path);
    147. 

  147. 

  148. 	// For Virtual Directories
    149. 

  149. 	if($path == '' || $path == '/'){
    150. 

  150. 

  151. 		$query = "select * from $GLOBALS[tablePrefix]permissions inner join $GLOBALS[tablePrefix]clients on $GLOBALS[tablePrefix]permissions.clientid=$GLOBALS[tablePrefix]clients.id where userid=\"$_SESSION[userid]\" and $GLOBALS[tablePrefix]clients.name =\"$_SESSION[user]\" order by display";
    152. 

  152. 		$result = mysql_query($query,$database);
    153. 

  153. 		while($clients = mysql_fetch_assoc($result))
    154. 

  154. 			$output .=  jsonAdd("\"displayname\":\"$clients[display]\",\"scheme\":\"$clients[scheme]\",\"type\": \"directory\", \"name\": \"$clients[name]\", \"path\": \"/$clients[name]\",\"virtual\":\"true\"");
    155. 

  155. 			
    156. 

  156. 		$query = "select * from $GLOBALS[tablePrefix]permissions inner join $GLOBALS[tablePrefix]clients on $GLOBALS[tablePrefix]permissions.clientid=$GLOBALS[tablePrefix]clients.id where userid=\"$_SESSION[userid]\" and $GLOBALS[tablePrefix]clients.name !=\"$_SESSION[user]\" order by display";
    157. 

  157. 		$result = mysql_query($query,$database);
    158. 

  158. 		$vdcount = mysql_num_rows($result);
    159. 

  159. 		if($vdcount >= 1){  // If user has multiple virtual directorys display them all
    160. 

  160. 			if($vdcount > 2){
    161. 

  161. 				$virtual = "closed";
    162. 

  162. 			}else if($vdcount == 1){
    163. 

  163. 				$virtual = "true";
    164. 

  164. 			}else{
    165. 

  165. 				$virtual = "false";
    166. 

  166. 			}
    167. 

  167. 			
    168. 

  168. 			while($clients = mysql_fetch_assoc($result)) {
    169. 

  169. 			        $output .=  jsonAdd("\"displayname\":\"$clients[display]\",\"scheme\":\"$clients[scheme]\",\"type\": \"directory\", \"name\": \"$clients[name]\", \"path\": \"/$clients[name]\",\"virtual\":\"$virtual\"");
    170. 

  170. 

  171. 			}
    172. 

  172. 		}
    173. 

  173. 		$output .= jsonReturn('getFolder');
    174. 

  174. 		#else{ // otherwise switch root directory to only virtual directory
    175. 

  175. 		#	$clients = mysql_fetch_assoc($result);
    176. 

  176. 		#	$path="/".$clients['name'];
    177. 

  177. 		#}
    178. 

  178. 	}
    179. 

  179. 	if($output > ''){
    180. 

  180. 		if($resource != true){
    181. 

  181. 			echo $output;
    182. 

  182. 			die;
    183. 

  183. 		}else{
    184. 

  184. 			return $output;
    185. 

  185. 		}
    186. 

  186. 	}	
    187. 

  187. 	
    188. 

  188. 	// Non Virtual Directories
    189. 

  189. 	if(getUserAuth('view',$path)){
    190. 

  190. 		logAction('list',$path);
    191. 

  191. 		$fullpath = getUserPath($path).$path;
    192. 

  192. 

  193. 		databaseSync($fullpath,$path);
    194. 

  194. 

  195. 		if (is_dir($fullpath)) {
    196. 

  196. 			if ($dh = opendir($fullpath)) {
    197. 

  197. 			   while (($file = readdir($dh)) !== false) {
    198. 

  198. 			     #echo "$file";
    199. 

  199. 			     if($file != '.' && $file != '..' && filetype($fullpath . '/' . $file) == 'dir'){
    200. 

  200. 			       jsonAdd("\"type\": \"directory\", \"name\": \"$file\", \"path\": \"$path/$file\"");
    201. 

  201. 				     }
    202. 

  202. 			   }
    203. 

  203. 			   closedir($dh);
    204. 

  204. 			}
    205. 

  205. 		}else{
    206. 

  206. 		      error("directory doesnt exist $fullpath");
    207. 

  207. 		}
    208. 

  208. 		$query = "select *,date_format(`date`,\"$dateFormat\") as `dateformatted` from $GLOBALS[tablePrefix]filesystem where path=\"$fullpath\" and status=\"found\" order by `date` desc";
    209. 

  209. 		$result = mysql_query($query,$database);
    210. 

  210. 		while($files = mysql_fetch_assoc($result)) {
    211. 

  211. 			jsonAdd("\"type\": \"file\", \"name\": \"$files[filename]\",\"date\":\"$files[dateformatted]\", \"id\": \"$files[id]\",\"flags\": \"$files[flags]\"");
    212. 

  212. 		}
    213. 

  213. 		$output .= jsonReturn('getFolder');
    214. 

  214. 	      
    215. 

  215. 		if($resource != true)
    216. 

  216. 			echo $output;
    217. 

  217. 		else
    218. 

  218. 			return $output;
    219. 

  219. 	      
    220. 

  220. 	}else{
    221. 

  221. 		error('no auth to view');
    222. 

  222. 	}
    223. 

  223. }
    224. 

  224. 

  225. 

  226. function getFolderMeta($path){
    227. 

  227.   jsonStart();
    228. 

  228.   $path = mysql_escape_string($path);
    229. 

  229.   if(getUserAuth('view',$path)){
    230. 

  230. 	logAction('getFolderMeta',$path);
    231. 

  231.     $fullpath = getUserPath($path).$path;
    232. 

  232.     $size = filesize_format(get_size($fullpath));
    233. 

  233.     $name = basename($fullpath);
    234. 

  234.     $modified = '';
    235. 

  235.     $created ='';
    236. 

  236. 

  237.     jsonAdd("\"name\": \"$name\", \"size\": \"$size\"");
    238. 

  238.     echo jsonReturn('getFolderMeta');
    239. 

  239.   }else{
    240. 

  240.     error('access denied');
    241. 

  241.   }
    242. 

  242. }
    243. 

  243. 

  244. function getMeta($fileid){
    245. 

  245.   global $fileinfo;
    246. 

  246. 

  247. 	if(getFileInfo($fileid)){
    248. 

  248. 		if(getUserAuth('view',$fileinfo['virtualpath'])){
    249. 

  249. 			jsonStart();
    250. 

  250. 			logAction('getMeta',$fileid);
    251. 

  251. 			if(getUserAuth('metaEdit',$fileinfo['virtualpath']))
    252. 

  252. 			{
    253. 

  253. 				jsonAdd("\"edit\": \"true\"");
    254. 

  254. 			}else{
    255. 

  255. 				jsonAdd("\"edit\": \"false\"");
    256. 

  256. 			}
    257. 

  257. 		    
    258. 

  258. 			if($fileinfo['type'] > '')
    259. 

  259. 			  $type = $fileinfo['type'];
    260. 

  260. 			    else
    261. 

  261. 			  $type = "document";
    262. 

  262. 		    
    263. 

  263. 			jsonAdd("\"filename\": \"$fileinfo[filename]\",\"path\": \"$fileinfo[virtualpath]\",\"image\":$fileinfo[image],\"type\": \"$type\", \"date\": \"$fileinfo[date]\", \"downloads\": \"$fileinfo[downloads]\", \"description\": \"$fileinfo[description]\", \"flags\": \"$fileinfo[flags]\", \"type\": \"$fileinfo[type]\", \"size\": \"$fileinfo[size]\"");
    264. 

  264. 			      if($type == "image/jpeg"){
    265. 

  265. 				      if(function_exists("exif_read_data")){
    266. 

  266. 					      $exif = exif_read_data($fileinfo['path'].'/'.$fileinfo['filename']);
    267. 

  267. 				      }
    268. 

  268. 			      }
    269. 

  269. 		}else{
    270. 

  270. 		  error('access denied2');
    271. 

  271. 		}
    272. 

  272. 	}else{
    273. 

  273. 	  error('access denied1');
    274. 

  274. 	}
    275. 

  275. 	echo jsonReturn('getMeta');
    276. 

  276. }
    277. 

  277. 

  278. function setMeta($fileid,$filename,$description,$flags){
    279. 

  279.   global $database,$fileinfo;
    280. 

  280. 

  281.   $fileid = mysql_escape_string($fileid);
    282. 

  282.   $filename = mysql_escape_string($filename);
    283. 

  283.   $description = mysql_escape_string($description);
    284. 

  284.   $flags = mysql_escape_string($flags);
    285. 

  285. 

  286.   if(getFileInfo($fileid)){
    287. 

  287.     if(getUserAuth('metaEdit',$fileinfo['virtualpath'])){
    288. 

  288. 	  logAction('metaEdit',$fileid);
    289. 

  289. 	  if($filename != $fileinfo['filename']){
    290. 

  290. 	    fileRename($fileid,$filename);
    291. 

  291. 	  }else{
    292. 

  292. 	    $filename = $fileinfo['filename'];
    293. 

  293. 	  }
    294. 

  294. 

  295.       $query = "update $GLOBALS[tablePrefix]filesystem set description=\"$description\",flags=\"$flags\" where id=$fileid";
    296. 

  296. 	  $result = mysql_query($query,$database);
    297. 

  297. 	  echo "done";
    298. 

  298. 	}else{error('access denied');}
    299. 

  299.   }else{error('access denied');}
    300. 

  300. }
    301. 

  301. 

  302. function fileRename($fileid,$filename){
    303. 

  303.   global $database,$fileinfo;
    304. 

  304. 

  305.   $fileid = mysql_escape_string($fileid);
    306. 

  306.   $filename = mysql_escape_string($filename);
    307. 

  307.   $filename = str_replace("\\","",$filename);
    308. 

  308.   $filename = str_replace("/","",$filename);
    309. 

  309. 

  310.   if(getFileInfo($fileid)){
    311. 

  311.     if(getUserAuth('rename',$fileinfo['virtualpath'])){
    312. 

  312.       logAction('rename',$fileid);
    313. 

  313. 	  $query = "update $GLOBALS[tablePrefix]filesystem set filename=\"$filename\" where id=$fileid";
    314. 

  314. 	  $result = mysql_query($query,$database);
    315. 

  315. 	  rename($fileinfo['path'].'/'.$fileinfo['filename'],$fileinfo['path'].'/'.$filename);
    316. 

  316. 	}  else{
    317. 

  317. 	  error('rename denied');
    318. 

  318. 	}
    319. 

  319.   }else{
    320. 

  320.     error('rename denied');
    321. 

  321.   }
    322. 

  322. }
    323. 

  323. 

  324. function fileDelete($fileid){
    325. 

  325.   global $database,$fileinfo;
    326. 

  326. 

  327.   $fileid = mysql_escape_string($fileid);
    328. 

  328. 

  329.   if(getFileInfo($fileid)){
    330. 

  330.     if(getUserAuth('delete',$fileinfo['virtualpath'])){
    331. 

  331. 	  logAction('delete',$fileid);
    332. 

  332. 	  $query = "delete from $GLOBALS[tablePrefix]filesystem where id=$fileid";
    333. 

  333. 	  $result = mysql_query($query,$database);
    334. 

  334. 	  unlink($fileinfo['path'].'/'.$fileinfo['filename']) || error('file error');
    335. 

  335. 	  echo "done";
    336. 

  336. 	}else{error('file access denied');}
    337. 

  337.   }else{
    338. 

  338.     error('access denied');
    339. 

  339.   }
    340. 

  340. }
    341. 

  341. 

  342. function fileMove($fileid,$path){
    343. 

  343. 	global $database,$fileinfo;
    344. 

  344.       
    345. 

  345. 	$fileid = mysql_escape_string($fileid);
    346. 

  346. 	
    347. 

  347. 	$path = str_replace("//","/",$path);
    348. 

  348. 	$path = str_replace("..","",$path);
    349. 

  349. 	
    350. 

  350. 	$path = mysql_escape_string($path);
    351. 

  351.       
    352. 

  352. 	if(getFileInfo($fileid)){
    353. 

  353. 	  if(getUserAuth('move',$path) && getUserAuth('move',$fileinfo['virtualpath'])){
    354. 

  354. 	    $newPath = getUserPath($path).$path;
    355. 

  355. 	    if(is_dir($newPath)){
    356. 

  356. 		  logAction('move',$fileid);
    357. 

  357. 		  $query = "update $GLOBALS[tablePrefix]filesystem set path=\"$newPath\",rpath=\"$path\" where id=$fileid";
    358. 

  358. 		  $result = mysql_query($query,$database);
    359. 

  359. 		  rename($fileinfo['path'].'/'.$fileinfo['filename'],$newPath.'/'.$fileinfo['filename']);
    360. 

  360. 		  echo "done";
    361. 

  361. 		}else{
    362. 

  362. 		  error('new directory doesnt exist');
    363. 

  363. 		}
    364. 

  364. 	      }else{
    365. 

  365. 		error('file move denied');
    366. 

  366. 	      }
    367. 

  367. 	}else{
    368. 

  368. 	  error('move denied');
    369. 

  369. 	}
    370. 

  370. }
    371. 

  371. 

  372. function folderRename($path,$name,$newname){
    373. 

  373.   global $database;
    374. 

  374. 

  375.   $newname = mysql_escape_string($newname);
    376. 

  376.   $name = mysql_escape_string($name);
    377. 

  377.   $path = mysql_escape_string($path);
    378. 

  378. 

  379.   if(getUserAuth('folderRename',$path)){
    380. 

  380. 

  381.     $currentPath = getUserPath($path).$path.'/'.$name;
    382. 

  382.     $newPath = getUserPath($path).$path.'/'.$newname;
    383. 

  383. 

  384.     if(is_dir($currentPath) && !is_dir($newPath)){
    385. 

  385. 	  logAction('folderRename',$newPath);
    386. 

  386. 	  if(rename($currentPath,$newPath)){
    387. 

  387. 	    $query = "update $GLOBALS[tablePrefix]filesystem set path=\"$newPath\",rpath=\"$path/$newname\" where path=\"$currentPath\"";
    388. 

  388. 	    $result = mysql_query($query,$database);
    389. 

  389. 	    echo "done";
    390. 

  390. 	  }else{
    391. 

  391. 	    echo "error";
    392. 

  392. 	  }
    393. 

  393. 

  394. 	}else{
    395. 

  395. 	  error('old name doesnt exist or new name already exists');
    396. 

  396. 	}
    397. 

  397. 

  398.   }else{
    399. 

  399.     error('rename denied');
    400. 

  400.   }
    401. 

  401. }
    402. 

  402. 

  403. function folderMove($name,$path,$newpath){
    404. 

  404. 	global $database;
    405. 

  405.       
    406. 

  406. 	$name = mysql_escape_string($name);
    407. 

  407. 	$path = mysql_escape_string($path);
    408. 

  408. 

  409. 	$newpath = str_replace("..","",$newpath);
    410. 

  410.  	$newpath = mysql_escape_string($newpath);     
    411. 

  411.       
    412. 

  412. 	if(getUserAuth('folderMove',$path) && getUserAuth('folderMove',$newpath)){
    413. 

  413.       
    414. 

  414. 	  $userPath = getUserPath($path).$path.'/'.$name;
    415. 

  415. 	  $userNewPath = getUserPath($newpath).$newpath.'/'.$name;
    416. 

  416.       
    417. 

  417. 	  if(is_dir($userPath) && !is_dir($userNewPath)){
    418. 

  418. 		logAction('folderMove',$userNewPath);
    419. 

  419. 		if(rename($userPath,$userNewPath)){
    420. 

  420. 		  $query = "update $GLOBALS[tablePrefix]filesystem set path=\"$userNewPath\",rpath=\"$newpath/$name\" where path=\"$userPath\"";
    421. 

  421. 		  $result = mysql_query($query,$database);
    422. 

  422. 		  echo "done";
    423. 

  423. 		}else{
    424. 

  424. 		  echo "error";
    425. 

  425. 		}
    426. 

  426.       
    427. 

  427. 	      }else{
    428. 

  428. 		error('old name doesnt exist or new name already exists');
    429. 

  429. 	      }
    430. 

  430.       
    431. 

  431. 	}else{
    432. 

  432. 	  error('move denied');
    433. 

  433. 	}
    434. 

  434. }
    435. 

  435. 

  436. 

  437. function folderDelete($folder){
    438. 

  438. 	global $database;
    439. 

  439. 

  440. 	$folder = mysql_escape_string($folder);
    441. 

  441. 

  442. 	if(getUserAuth('folderDelete',$folder)){
    443. 

  443. 

  444. 		$deleteDir = getUserPath($folder).$folder;
    445. 

  445. 		logAction('folderDelete',$deleteDir);
    446. 

  446. 	
    447. 

  447. 		if(deleteDir($deleteDir)){
    448. 

  448. 			$query = "delete from $GLOBALS[tablePrefix]filesystem where path like \"$deleteDir\%\"";
    449. 

  449. 			$result = mysql_query($query,$database);
    450. 

  450. 			echo "ok";
    451. 

  451. 		}else{
    452. 

  452. 			echo "oops somethings wrong";
    453. 

  453. 		}
    454. 

  454. 	}else{
    455. 

  455. 		error('delete denied');
    456. 

  456. 	}
    457. 

  457. }
    458. 

  458. 

  459. function newFolder($name,$path){
    460. 

  460. 	global $database;
    461. 

  461. 

  462. 	$name = mysql_escape_string($name);
    463. 

  463. 	$path = mysql_escape_string($path);
    464. 

  464. 

  465. 	$fullpath = getUserPath($path).$path.'/'.$name;
    466. 

  466. 

  467. 	if(getUserAuth('newFolder',$path)){
    468. 

  468. 	logAction('newFolder',$path.'/'.$name);
    469. 

  469. 

  470. 	$i = 1;
    471. 

  471. 	$append = "";
    472. 

  472. 

  473. 	while(is_dir($fullpath.$append)){
    474. 

  474. 		$append = " $i";
    475. 

  475. 		$i++;
    476. 

  476. 	}
    477. 

  477. 

  478. 	if(mkdir($fullpath.$append)){
    479. 

  479. 		echo "ok";
    480. 

  480. 	}else{
    481. 

  481. 		echo "oops somethings wrong";
    482. 

  482. 	}
    483. 

  483. 

  484. 	}else{
    485. 

  485. 		error('new folder');
    486. 

  486. 	}
    487. 

  487. }
    488. 

  488. 

  489. function checkLogin(){
    490. 

  490.   	jsonStart();
    491. 

  491. 	logAction('checkLogin',$_SESSION['user']);
    492. 

  492.   	if(isset($_SESSION['userid'])){
    493. 

  493. 	    jsonAdd("\"login\": \"true\",\"name\": \"$_SESSION[name]\"");
    494. 

  494. 	}else{
    495. 

  495. 	    jsonAdd("\"login\": \"false\"");
    496. 

  496. 	}
    497. 

  497. 	echo jsonReturn('userLogin');
    498. 

  498. }
    499. 

  499. 

  500. function newPassword($current,$new){
    501. 

  501. 	$query = "select * from $GLOBALS[tablePrefix]users where id=$_SESSION[userid] and password=md5(\"G8,rMzw6BrBApLU9$current\")";
    502. 

  502. 	$result = mysql_query($query);
    503. 

  503. 	
    504. 

  504. 	if(mysql_num_rows($result) == 1){
    505. 

  505. 		logAction('newPassword',$_SESSION['user']);
    506. 

  506. 		$pass = mysql_escape_string($_GET['pass']);
    507. 

  507. 		$query = "update $GLOBALS[tablePrefix]users set `password`=md5(\"G8,rMzw6BrBApLU9$new\") where id=$_SESSION[userid]";
    508. 

  508. 		$result = mysql_query($query)||die(mysql_error());
    509. 

  509. 	}else{
    510. 

  510. 		error("bad current password");
    511. 

  511. 	}
    512. 

  512. }
    513. 

  513. 

  514. 

  515. function userLogoff(){
    516. 

  516. 	 session_destroy();
    517. 

  517. 	 header('Location:index.php');
    518. 

  518. 	exit;
    519. 

  519. }
    520. 

  520. 

  521. function userLogin($username,$password){
    522. 

  522. 	session_start();
    523. 

  523. 	$_SESSION['userid'] = NULL;
    524. 

  524. 	
    525. 

  525. 	include_once("inc/adLDAP.php");
    526. 

  526. 

  527. 	global $database,$passwordKey;
    528. 

  528. 	$username = mysql_escape_string($username);
    529. 

  529. 	$password = mysql_escape_string($password);
    530. 

  530. 	
    531. 

  531. 	#ADauth check
    532. 

  532. 	$query = "select * from $GLOBALS[tablePrefix]users where username=\"$username\"";
    533. 

  533. 	$result = mysql_query($query);
    534. 

  534. 	$userinfo = mysql_fetch_assoc($result);
    535. 

  535. 

  536. 	if($userinfo['ADauth'] == 1){
    537. 

  537. 		$ADconn = new adLDAP;
    538. 

  538. 		if($ADconn->authenticate($username,$password)){
    539. 

  539. 			#success
    540. 

  540. 			$loginSuccess = true;
    541. 

  541. 		}else{
    542. 

  542. 			$loginSuccess = false;
    543. 

  543. 		}
    544. 

  544. 	}else{
    545. 

  545. 		$query = "select * from $GLOBALS[tablePrefix]users where username=\"$username\" and password=md5(\"$passwordKey$password\")";
    546. 

  546. 		$result = mysql_query($query,$database);
    547. 

  547. 		if($userinfo = mysql_fetch_assoc($result)){
    548. 

  548. 			$loginSuccess = true;
    549. 

  549. 		}
    550. 

  550. 		
    551. 

  551. 	}
    552. 

  552. 

  553. 	if($loginSuccess == true) {
    554. 

  554. 		$_SESSION['userid']=$userinfo['id'];
    555. 

  555. 		$_SESSION['user']=$username;
    556. 

  556. 		$_SESSION['name']=$userinfo['name'];
    557. 

  557. 		$_SESSION['path']=array();
    558. 

  558. 		$_SESSION['admin']=$userinfo['admin'];
    559. 

  559. 		userPermissions();
    560. 

  560. 

  561. 		logAction('login',$username);
    562. 

  562. 		if($GLOBALS['resource'] != true)checkLogin();
    563. 

  563. 	}else{
    564. 

  564. 		logAction('loginFail',$username);
    565. 

  565. 		if($GLOBALS['resource'] != true)checkLogin();
    566. 

  566. 	}
    567. 

  567. }
    568. 

  568. 

  569. function userPermissions(){
    570. 

  570. 	global $database;
    571. 

  571. 	if(isset($_SESSION['userid'])){
    572. 

  572. 		$perQuery = "select $GLOBALS[tablePrefix]permissions.*,$GLOBALS[tablePrefix]clients.name as `cname`,$GLOBALS[tablePrefix]clients.path as `cpath`,$GLOBALS[tablePrefix]clients.id as `cid` from $GLOBALS[tablePrefix]permissions inner join $GLOBALS[tablePrefix]clients on $GLOBALS[tablePrefix]permissions.clientid=$GLOBALS[tablePrefix]clients.id where userid=\"$_SESSION[userid]\"";
    573. 

  573. 		$permissions = mysql_query($perQuery,$database) or die(mysql_error());
    574. 

  574. 		$_SESSION["admin.cid"]='';
    575. 

  575. 		$_SESSION["path"]='';
    576. 

  576. 		if(mysql_num_rows($permissions) > 0)
    577. 

  577. 			while($userPermissions = mysql_fetch_assoc($permissions)) {
    578. 

  578. 				#print_r($userPermissions);
    579. 

  579. 				$thispath = $userPermissions['cpath'].'/'.$userPermissions['cname'];
    580. 

  580. 				$_SESSION['path'][]=$thispath;
    581. 

  581. 				$thispath = $userPermissions['cname'];
    582. 

  582. 				$admin   = $userPermissions['admin'];
    583. 

  583. 				$_SESSION["auth.$thispath.view"]=$userPermissions['view'];
    584. 

  584. 				$_SESSION["auth.$thispath.rename"]=$userPermissions['rename'];
    585. 

  585. 				$_SESSION["auth.$thispath.download"]=$userPermissions['download'];
    586. 

  586. 				$_SESSION["auth.$thispath.metaEdit"]=$userPermissions['metaEdit'];
    587. 

  587. 				$_SESSION["auth.$thispath.delete"]=$userPermissions['delete'];
    588. 

  588. 				$_SESSION["auth.$thispath.move"]=$userPermissions['move'];
    589. 

  589. 				$_SESSION["auth.$thispath.folderRename"]=$userPermissions['folderRename'];
    590. 

  590. 				$_SESSION["auth.$thispath.folderDelete"]=$userPermissions['folderDelete'];
    591. 

  591. 				$_SESSION["auth.$thispath.folderMove"]=$userPermissions['folderMove'];
    592. 

  592. 				$_SESSION["auth.$thispath.newFolder"]=$userPermissions['newFolder'];
    593. 

  593. 				$_SESSION["auth.$thispath.upload"]=$userPermissions['upload'];
    594. 

  594. 				if($admin==1){
    595. 

  595. 					$cid = $userPermissions['cid'];
    596. 

  596. 					$_SESSION["auth.$cid.admin"]=1;
    597. 

  597. 					$_SESSION["admin.cid"][]=$cid;
    598. 

  598. 				}
    599. 

  599. 			}
    600. 

  600. 	}
    601. 

  601. }
    602. 

  602. 

  603. // internal functions //
    604. 

  604. 

  605. function logAction($type,$details){
    606. 

  606. 	global $database;
    607. 

  607. 	$type = mysql_escape_string($type);
    608. 

  608. 	$details = mysql_escape_string($details);
    609. 

  609. 	$query = "insert into $GLOBALS[tablePrefix]log set user=\"$_SESSION[user]\",ip=\"$_SERVER[REMOTE_ADDR]\",type=\"$type\",details=\"$details\"";
    610. 

  610. 	$result = mysql_query($query,$database);
    611. 

  611. }
    612. 

  612. 

  613. function getUserAuth($type,$path){
    614. 

  614. 	if(isset($_SESSION['userid'])){
    615. 

  615. 		
    616. 

  616. 	
    617. 

  617. 		$paths = preg_split("/\//", $path); // isolate virtual directory name
    618. 

  618. 

  619. 		return (isset($_SESSION['auth.'.$paths[1].'.'.$type]))?$_SESSION['auth.'.$paths[1].'.'.$type]:false;
    620. 

  620. 	}
    621. 

  621. }
    622. 

  622. 

  623. function getFileInfo($fileid){
    624. 

  624. 	global $database,$filepath,$fileinfo,$imageTypes;
    625. 

  625. 	
    626. 

  626. 	$fileid=mysql_escape_string($fileid);
    627. 

  627. 	$query = "select * from $GLOBALS[tablePrefix]filesystem where id=$fileid";
    628. 

  628. 	$result = mysql_query($query,$database);
    629. 

  629. 	if(mysql_num_rows($result) == 0){
    630. 

  630. 		error('bad fileid');
    631. 

  631. 	}
    632. 

  632. 	
    633. 

  633. 	$file = mysql_fetch_assoc($result);
    634. 

  634. 	
    635. 

  635. 	$fileinfo['filename'] 		= $file['filename'];
    636. 

  636. 	$fileinfo['date'] 		= $file['date'];
    637. 

  637. 	$fileinfo['description'] 	= $file['description'];
    638. 

  638. 	$fileinfo['downloads']		= $file['downloads'];
    639. 

  639. 	$fileinfo['flags']		= $file['flags'];
    640. 

  640. 	$fileinfo['type']		= $file['type'];
    641. 

  641. 	$fileinfo['uploader']		= $file['uploader'];
    642. 

  642. 	$fileinfo['path']		= $file['path'];
    643. 

  643. 	$fileinfo['virtualpath']	= $file['rpath'];
    644. 

  644. 	$fileinfo['size']		= filesize_format($file['size']);
    645. 

  645. 	
    646. 

  646. 	if(preg_match("$imageTypes",$fileinfo['type'])){
    647. 

  647. 	      $fileinfo['image'] = 1;
    648. 

  648. 	}else{
    649. 

  649. 	      $fileinfo['image'] = 0;
    650. 

  650. 	}
    651. 

  651. 

  652. 	$filePath = $fileinfo['path'];
    653. 

  653. 	/*
    654. 

  654. 	if(isset($_SESSION['path']))
    655. 

  655. 		foreach($_SESSION['path'] as $checkPath){
    656. 

  656. 			#echo "$filePath $checkPath<br>";
    657. 

  657. 			if(substr( $filePath, 0, strlen( $checkPath ) ) == $checkPath){
    658. 

  658. 				$path = substr($filePath,strlen($checkPath));
    659. 

  659. 				$checkPathArray = preg_split("/\//",$checkPath);
    660. 

  660. 				$virtualPath = $checkPathArray[count($checkPathArray)-1];
    661. 

  661. 				$fileinfo['virtualpath'] = "/$virtualPath$path";
    662. 

  662. 	
    663. 

  663. 			}
    664. 

  664. 		}
    665. 

  665. 	*/
    666. 

  666. 

  667. 

  668. 	$filepath = $file['path'] . '/' . $file['filename'];
    669. 

  669. 	$userpath = getUserPath($fileinfo['path']); // replaces / with \/ from preg_match
    670. 

  670. 

  671. 	if(preg_match("/$userpath/i",$filepath)){
    672. 

  672. 		return true;
    673. 

  673. 	}else{
    674. 

  674. 		return false;
    675. 

  675. 	}
    676. 

  676. }
    677. 

  677. 

  678. function getUserPaths(){
    679. 

  679. 	global $database;
    680. 

  680. 	$paths='';
    681. 

  681. 	$query = "select * from $GLOBALS[tablePrefix]permissions inner join $GLOBALS[tablePrefix]clients on $GLOBALS[tablePrefix]permissions.clientid=$GLOBALS[tablePrefix]clients.id where userid=\"$_SESSION[userid]\"";
    682. 

  682. 	$result = mysql_query($query,$database);
    683. 

  683. 

  684. 	while($clients = mysql_fetch_assoc($result)) {
    685. 

  685. 		$paths[] = $clients['path'].'/'.$clients['name'];
    686. 

  686. 	}
    687. 

  687. 	
    688. 

  688. 	return $paths;
    689. 

  689. }
    690. 

  690. 

  691. 

  692. function getUserPath($folderPath){
    693. 

  693. 	global $database;
    694. 

  694. 	if(isset($_SESSION['userid'])){
    695. 

  695. 		$dirStructure = preg_split("/\//",$folderPath);
    696. 

  696. 		$rootPath = (isset($dirStructure[1]))?$dirStructure[1]:'';
    697. 

  697. 		$rootPath = mysql_escape_string($rootPath);
    698. 

  698. 		if($rootPath==''){return '';}
    699. 

  699. 		$query = "select * from $GLOBALS[tablePrefix]clients inner join $GLOBALS[tablePrefix]permissions on $GLOBALS[tablePrefix]permissions.clientid=$GLOBALS[tablePrefix]clients.id and $GLOBALS[tablePrefix]permissions.userid=$_SESSION[userid] where name=\"$rootPath\"";
    700. 

  700. 		$result = mysql_query($query,$database) or die(mysql_error());
    701. 

  701. 		$file = mysql_fetch_assoc($result);
    702. 

  702. 		return mysql_escape_string($file['path']);
    703. 

  703. 	}
    704. 

  704. }
    705. 

  705. 

  706. function databaseSync($folderpath,$realitivePath=''){
    707. 

  707.   global $database;
    708. 

  708.   // get files from $folderpath and put them in array
    709. 

  709.   if (is_dir($folderpath)) {
    710. 

  710.     if ($dh = opendir($folderpath)) {
    711. 

  711.        while (($file = readdir($dh)) !== false) {
    712. 

  712.          #echo "$file";
    713. 

  713.          if($file != '.' && $file != '..' && filetype($folderpath . '/' . $file) == 'file' && substr($file,0,1) != '.'){
    714. 

  714.            $fileid = fileid($folderpath,$file);
    715. 

  715. 		   $files[$file] = array($fileid,'exist');
    716. 

  716. 		   #echo "1 $file<br>";
    717. 

  717. 		 }
    718. 

  718.        }
    719. 

  719.        closedir($dh);
    720. 

  720.     }
    721. 

  721.   }
    722. 

  722. 

  723. 

  724. 

  725.   // get files from database
    726. 

  726.   $query = "select * from $GLOBALS[tablePrefix]filesystem where path=\"".mysql_escape_string($folderpath)."\" and status=\"found\"";
    727. 

  727.   $result = mysql_query($query,$database);
    728. 

  728.   while($dirinfo = mysql_fetch_assoc($result)) {
    729. 

  729.     $filename = $dirinfo['filename'];
    730. 

  730. 	$fileid =   $dirinfo['id'];
    731. 

  731. 

  732. 	if(isset($files[$filename]) && $files[$filename][0] == $dirinfo['id']){
    733. 

  733. 		$files[$filename][1]='done';
    734. 

  734. 	}else{
    735. 

  735. 		databaseLost($fileid);
    736. 

  736. 	}
    737. 

  737.   }
    738. 

  738.   if(isset($files)){
    739. 

  739.     $ak = array_keys($files);
    740. 

  740. 	for($i=0;$i<sizeof($ak);$i++){
    741. 

  741. 	  $filename = $ak[$i];
    742. 

  742. 	  if($files[$filename][1]!='done'){
    743. 

  743. 	  	#echo "$filename to search<br>";
    744. 

  744. 		if(databaseSearch($folderpath , $filename)){
    745. 

  745. 		  databaseUpdate($folderpath,$filename,$realitivePath);
    746. 

  746. 		}else{
    747. 

  747. 		  databaseAdd($folderpath,$filename,$realitivePath);
    748. 

  748. 		}
    749. 

  749. 	  }
    750. 

  750. 	}
    751. 

  751.   }
    752. 

  752. }
    753. 

  753. 

  754. function databaseLost($fileid){
    755. 

  755.   global $database;
    756. 

  756.   $query = "update $GLOBALS[tablePrefix]filesystem set status=\"lost\" where id=$fileid";
    757. 

  757.   #echo $query;
    758. 

  758.   $result = mysql_query($query,$database) or die(mysql_error());
    759. 

  759. }
    760. 

  760. 

  761. function databaseSearch($folderpath,$filename){
    762. 

  762.   global $database;
    763. 

  763. 

  764.   $fileid = fileid($folderpath,$filename);
    765. 

  765.   $query = "select * from $GLOBALS[tablePrefix]filesystem where id=$fileid";
    766. 

  766.   $result = mysql_query($query,$database) or die(mysql_error());
    767. 

  767.   if($fileinfo = mysql_fetch_assoc($result)) {
    768. 

  768.     if(file_exists($fileinfo['path'].'/'.$fileinfo['filename'])){
    769. 

  769. 

  770. 	  if($fileinfo['path'] == $folderpath && $fileinfo['filename'] == $filename){
    771. 

  771. 	  	return true;        // file was restored to origional location
    772. 

  772. 	  }else{
    773. 

  773. 	    return false;       // exact file still exists somewhere else
    774. 

  774. 	  }
    775. 

  775. 	}else{
    776. 

  776. 	  // file must have been moved
    777. 

  777. 	  return true;
    778. 

  778. 

  779. 	}
    780. 

  780.   }else{
    781. 

  781.     // file is new
    782. 

  782.   	return false;
    783. 

  783.   }
    784. 

  784. }
    785. 

  785. 

  786. function databaseUpdate($folderpath,$filename,$realitivePath){
    787. 

  787. 	global $database,$finfo;
    788. 

  788. 	$fileid = fileid($folderpath,$filename);
    789. 

  789. 	$query = "update $GLOBALS[tablePrefix]filesystem set filename=\"$filename\",path=\"$folderpath\",rpath=\"$realitivePath\",status=\"found\" where id=$fileid";
    790. 

  790. 	$result = mysql_query($query,$database);
    791. 

  791. }
    792. 

  792. 

  793. function databaseAdd($folderpath,$filename,$realitivePath){
    794. 

  794. 	global $database,$rootpath;
    795. 

  795. 

  796. 	if(function_exists('finfo')){
    797. 

  797. 		$finfo = new finfo( FILEINFO_MIME,"$rootpath/inc/magic" );
    798. 

  798. 		$type = $finfo->file( "$folderpath/$filename" );
    799. 

  799. 	}else if(function_exists('mime_content_type') && mime_content_type("relay.php") != ""){
    800. 

  800. 		$type = mime_content_type("$folderpath/$filename");
    801. 

  801. 	}else{
    802. 

  802. 		if(!$GLOBALS['mime']){
    803. 

  803. 			include_once("inc/mimetypehandler.class.php");
    804. 

  804. 			$GLOBALS['mime'] = new MimetypeHandler();
    805. 

  805. 		}
    806. 

  806. 		$type =  $GLOBALS['mime']->getMimetype("$filename");
    807. 

  807. 	}
    808. 

  808. 

  809. 	$size = get_size($folderpath.'/'.$filename);
    810. 

  810. 	
    811. 

  811. 	$fileid = fileid($folderpath,$filename);
    812. 

  812. 	
    813. 

  813. 	while(!checkId($fileid)){
    814. 

  814. 		$fileid++;
    815. 

  815. 	}
    816. 

  816. 	
    817. 

  817. 	$query = "insert into $GLOBALS[tablePrefix]filesystem set id=\"$fileid\",filename=\"$filename\",path=\"$folderpath\",rpath=\"$realitivePath\",type=\"$type\",size=\"$size\"";
    818. 

  818. 	$result = mysql_query($query,$database) or die(mysql_error());
    819. 

  819. 

  820. 	chmod($folderpath . '/' . $filename,0755);
    821. 

  821. 	touch($folderpath . '/' . $filename,$fileid);
    822. 

  822. }
    823. 

  823. 

  824. function checkId($id){
    825. 

  825. 	$query = "select id from $GLOBALS[tablePrefix]filesystem where id=$id";
    826. 

  826. 	$result = mysql_query($query);
    827. 

  827. 	if(mysql_num_rows($result) == 0){
    828. 

  828. 		return true;
    829. 

  829. 	}else{
    830. 

  830. 		return false;
    831. 

  831. 	}
    832. 

  832. }
    833. 

  833. function fileid($folderpath,$filename){
    834. 

  834. 	$fileid = stat($folderpath . '/' . $filename);
    835. 

  835. 	return $fileid[9];
    836. 

  836. }
    837. 

  837. 

  838. function error($message){
    839. 

  839. 	echo "{\"bindings\": [ {'error': \"$message\"} ]}";
    840. 

  840. 	exit;
    841. 

  841. }
    842. 

  842. 

  843. /*
    844. 

    845. 

  845. THUMBNAIL
    846. 

    847. 

  847. */
    848. 

  848. 

  849. function output_handler($in){
    850. 

  850.   	global $output;
    851. 

  851. 	$output="$in";
    852. 

  852. }
    853. 

  853. 

  854. function getThumb($fileid){
    855. 

  855. 	global $database,$fileinfo;
    856. 

  856. 	
    857. 

  857. 	if(getFileInfo($fileid)){ // if a file type we want to deal with
    858. 

  858. 		if(!checkThumb($fileid)){
    859. 

  859. 			thumbnail($fileid);
    860. 

  860. 		}
    861. 

  861. 		
    862. 

  862. 		$query = "select thumb from $GLOBALS[tablePrefix]filesystem where id=\"".mysql_escape_string($fileid)."\"";
    863. 

  863. 		$result = mysql_query($query,$database);
    864. 

  864. 		
    865. 

  865. 		$fileThumb = mysql_fetch_assoc($result);
    866. 

  866. 		header("Content-type:image/jpeg");
    867. 

  867. 		echo $fileThumb['thumb'];
    868. 

  868. 	}
    869. 

  869. 

  870. }
    871. 

  871. 

  872. function checkThumb($fileid){
    873. 

  873. 	global $database;
    874. 

  874. 	$query = "select id from $GLOBALS[tablePrefix]filesystem where id=\"".mysql_escape_string($fileid)."\" and thumb !=''";
    875. 

  875. 	$result = mysql_query($query,$database);
    876. 

  876. 	if(mysql_num_rows($result) == 0)
    877. 

  877. 		return false;
    878. 

  878. 	else
    879. 

  879. 		return true;
    880. 

  880. }
    881. 

  881. 

  882. function thumbnail($fileid){
    883. 

  883. 

  884. 	$thumbsize = 192;
    885. 

  885. 	global $convertpath, $database,$fileinfo,$output,$imageTypes,$resource,$ghostScript;
    886. 

  886. 	$fileid=mysql_escape_string($fileid);
    887. 

  887. 	if(getFileInfo($fileid) && preg_match("$imageTypes",$fileinfo['type']) ){
    888. 

  888.   		$deletefile = '';
    889. 

  889. 		if (preg_match("/image\/jpeg/",$fileinfo['type'])){$src_img=imagecreatefromjpeg($fileinfo['path'].'/'.$fileinfo['filename']);}
    890. 

  890. 		elseif (preg_match("/image\/png/",$fileinfo['type'])){$src_img=imagecreatefrompng($fileinfo['path'].'/'.$fileinfo['filename']);}
    891. 

  891. 		elseif (preg_match("/application\/pdf/",$fileinfo['type'])){
    892. 

  892. 			$file1 = $fileinfo['path'].'/'.$fileinfo['filename'];
    893. 

  893. 			$file2 = $fileinfo['path'].'/'.$fileinfo['filename'] .'temp';
    894. 

  894. 			#echo "E:/duarte.com/relay/supportapps/gs/gs8.50/bin/gswin32c.exe -q -dNOPAUSE -dBATCH -sDEVICE=jpeg -sOutputFile=\"$file2\" \"$file1\" 2>&1";
    895. 

  895. 			
    896. 

  896. 			$code = "$ghostScript -q -dNOPAUSE -dBATCH -dFirstPage=1 -dLastPage=1 -sDEVICE=jpeg -sOutputFile=\"$file2\" \"$file1\" 2>&1";
    897. 

  897. 			#if($resource == true)echo "$code";
    898. 

  898. 			$result1 = @exec($code);
    899. 

  899. 			$src_img=imagecreatefromjpeg($file2);
    900. 

  900. 			$deletefile = $file2;
    901. 

  901. 		}elseif(preg_match("/image\/x-photoshop|image\/|application\/postscript/",$fileinfo['type'])){
    902. 

  902. 			#image magic coolthings
    903. 

  903. 

  904. 			$file1 = $fileinfo['path'].'/'.$fileinfo['filename'];
    905. 

  905. 			$file2 = $fileinfo['path']."/thumb_$fileid.jpg";
    906. 

  906. 

  907. 			$code = "$convertpath \"$file1\" -render -flatten -resize ".$thumbsize."x".$thumbsize." \"$file2\"";
    908. 

  908. 			#echo "$code";
    909. 

  909. 

  910. 			$result1 = @exec($code);
    911. 

  911. 			$src_img=imagecreatefromjpeg($file2);
    912. 

  912. 			$deletefile = $file2;
    913. 

  913. 		}
    914. 

  914. 		
    915. 

  915. 		
    916. 

  916. 		$old_x=imageSX($src_img);
    917. 

  917. 		$old_y=imageSY($src_img);
    918. 

  918. 		if ($old_x > $old_y)
    919. 

  919. 		{
    920. 

  920. 			$thumb_w=$thumbsize;
    921. 

  921. 			$thumb_h=$old_y*($thumbsize/$old_x);
    922. 

  922. 		}
    923. 

  923. 		if ($old_x < $old_y)
    924. 

  924. 		{
    925. 

  925. 			$thumb_w=$old_x*($thumbsize/$old_y);
    926. 

  926. 			$thumb_h=$thumbsize;
    927. 

  927. 		}
    928. 

  928. 		if ($old_x == $old_y)
    929. 

  929. 		{
    930. 

  930. 			$thumb_w=$thumbsize;
    931. 

  931. 			$thumb_h=$thumbsize;
    932. 

  932. 		}
    933. 

  933. 		$dst_img=ImageCreateTrueColor($thumb_w,$thumb_h);
    934. 

  934. 		imagecopyresampled($dst_img,$src_img,0,0,0,0,$thumb_w,$thumb_h,$old_x,$old_y);
    935. 

  935. 

  936. 		ob_start("output_handler");
    937. 

  937. 		imagejpeg($dst_img,'',70);
    938. 

  938. 		ob_end_clean();
    939. 

  939. 

  940. 		$thumb = mysql_escape_string($output);
    941. 

  941.   		$query = "update $GLOBALS[tablePrefix]filesystem set thumb=\"$thumb\" where id=\"$fileid\"";
    942. 

  942. 

  943. 		#echo $query;
    944. 

  944. 

  945.   		$result = mysql_query($query,$database) || die("angry death");
    946. 

  946. 

  947. 		if ($deletefile > ''){
    948. 

  948. 			unlink($deletefile);
    949. 

  949. 		}
    950. 

  950. 		#imagedestroy($dst_img);
    951. 

  951. 		#imagedestroy($src_img);
    952. 

  952. 	}
    953. 

  953. }
    954. 

  954. 

  955. /*
    956. 

  956. UPLOAD
    957. 

  957. */
    958. 

  958. 

  959. function upload($dir){
    960. 

  960. 

  961.         if(getUserAuth('upload',$dir)){
    962. 

  962.             $userpath = getUserPath($dir).$dir;
    963. 

  963.     
    964. 

  964.             $tmp_name = $_FILES["upload"]["tmp_name"];
    965. 

  965.             $uploadfile = basename($_FILES['upload']['name']);
    966. 

  966.             $i=1;
    967. 

  967.             while(file_exists($userpath.'/'.$uploadfile)){
    968. 

  968.                 $uploadfile = $i . '_' . basename($_FILES['upload']['name']);
    969. 

  969.                 $i++;
    970. 

  970.             }
    971. 

  971.             
    972. 

  972.             move_uploaded_file($tmp_name, $userpath.'/'.$uploadfile);
    973. 

  973. 	}
    974. 

  974. 	if(isset($_GET['redir'])){
    975. 

  975. 		header("location: $_GET[redir]");
    976. 

  976. 	}
    977. 

  977.     	
    978. 

  978. }
    979. 

  979. 

  980. function uploadAuth($path){
    981. 

  981. 	global $uploadDir;
    982. 

  982. 	$path = mysql_escape_string($path);
    983. 

  983. 	jsonStart();
    984. 

  984. 	
    985. 

  985. 	if(getUserAuth('upload',$path)){
    986. 

  986. 		$userpath = getUserPath($path).$path;
    987. 

  987. 		if(is_dir($userpath)){
    988. 

  988. 			$_SESSION['uploadPath'] = $path;
    989. 

  989. 		if(file_exists($uploadDir."stats_".session_id().".txt"))
    990. 

  990. 			unlink($uploadDir."stats_".session_id().".txt");
    991. 

  991. 		if(file_exists($uploadDir."temp_".session_id()))
    992. 

  992. 			unlink($uploadDir."temp_".session_id());
    993. 

  993. 			jsonAdd("\"auth\":\"true\",\"sessionid\":\"".session_id()."\"");
    994. 

  994. 		}else{
    995. 

  995. 			jsonAdd("\"auth\":\"false\",\"error\":\"bad directory\"");
    996. 

  996. 		}
    997. 

  997. 		
    998. 

  998. 	}else{
    999. 

  999. 		jsonAdd("\"auth\":\"false\",\"error\":\"Unauthorized\"");
    1000. 

  1000. 	}
    1001. 

  1001. 	echo jsonReturn("bindings");
    1002. 

  1002. }
    1003. 

  1003. 

  1004. function uploadSmart(){
    1005. 

  1005. 	global $uploadDir;
    1006. 

  1006. 

  1007. 

  1008. 	if(!file_exists($uploadDir."stats_".session_id().".txt")){
    1009. 

  1009. 		jsonStart();
    1010. 

  1010. 		jsonAdd("\"percent\": 0, \"percentSec\": 0, \"speed\": \"0\", \"secondsLeft\": \"0\", \"done\": \"false\"");
    1011. 

  1011. 		echo jsonReturn("bindings");
    1012. 

  1012. 		exit();
    1013. 

  1013. 	}
    1014. 

  1014. 

  1015. 

  1016. 	$lines = file($uploadDir."stats_".session_id().".txt");
    1017. 

  1017. 	jsonStart();
    1018. 

  1018. 

  1019. 	$percent	=round(($lines[0]/100),3);
    1020. 

  1020. 	$percentSec	=round($lines[1]/100,4);
    1021. 

  1021. 	$speed		=filesize_format($lines[2]).'s';
    1022. 

  1022. 

  1023. 	$secondsLeft	=secs_to_string(round($lines[3]));
    1024. 

  1024. 	
    1025. 

  1025. 	$size		=filesize_format($lines[4]).'s';
    1026. 

  1026. 

  1027. 	
    1028. 

  1028. 

  1029. 	if($percent == 1){
    1030. 

  1030. 		// cleanup time
    1031. 

  1031. 		if(isset($_SESSION['uploadPath'])){
    1032. 

  1032. 

  1033. 			$path = $_SESSION['uploadPath'];
    1034. 

  1034. 			$userpath = getUserPath($path).$path;
    1035. 

  1035. 

  1036. 			$sessionid = session_id();
    1037. 

  1037. 

  1038. 			$dh = opendir($uploadDir);
    1039. 

  1039. 		    while (($file = readdir($dh)) !== false) {
    1040. 

  1040. 

  1041. 		    	$sessionlen = strlen(session_id());
    1042. 

  1042. 		    	if(substr($file,0,$sessionlen)==session_id()){
    1043. 

  1043. 		    		$filename = substr($file,$sessionlen+1);
    1044. 

  1044. 					$uploadfile=$filename;
    1045. 

  1045. 					$i=1;
    1046. 

  1046. 					while(file_exists($userpath.'/'.$uploadfile)){
    1047. 

  1047. 					  $uploadfile = $i . '_' . $filename;
    1048. 

  1048. 					  $i++;
    1049. 

  1049. 			        }
    1050. 

  1050. 

  1051. 					if(file_exists("$uploadDir$file") && !rename("$uploadDir$file","$userpath/$uploadfile")){
    1052. 

  1052. 						echo "Error";
    1053. 

  1053. 					}
    1054. 

  1054. 				}
    1055. 

  1055. 				
    1056. 

  1056. 		    }closedir($dh);
    1057. 

  1057. 

  1058. 		if(file_exists($uploadDir."stats_".session_id().".txt"))
    1059. 

  1059. 		    	unlink($uploadDir."stats_".session_id().".txt");
    1060. 

  1060. 		    if(file_exists($uploadDir."temp_".session_id()))
    1061. 

  1061. 		    	unlink($uploadDir."temp_".session_id());
    1062. 

  1062. 

  1063. 		}
    1064. 

  1064. 		$done = "true";
    1065. 

  1065. 	}else{
    1066. 

  1066. 		$done = "false";
    1067. 

  1067. 	}
    1068. 

  1068. 

  1069. 	jsonAdd("\"percent\": $percent, \"size\": \"$size\",\"percentSec\": $percentSec, \"speed\": \"$speed\", \"secondsLeft\": \"$secondsLeft\", \"done\": \"$done\"");
    1070. 

  1070. 	echo jsonReturn("bindings");
    1071. 

  1071. }
    1072. 

  1072. 

  1073. 

  1074. /*
    1075. 

  1075. function uploadFiles($path){
    1076. 

  1076.   $path = mysql_escape_string($path);
    1077. 

  1077.   if(getUserAuth('upload',$path)){
    1078. 

  1078.     $userpath = getUserPath($path).$path;
    1079. 

  1079.     if(is_dir($userpath)){
    1080. 

  1080. 		foreach ($_FILES["file"]["error"] as $key => $error) {
    1081. 

  1081. 		  if ($error == UPLOAD_ERR_OK) {
    1082. 

  1082. 			$tmp_name = $_FILES["file"]["tmp_name"][$key];
    1083. 

  1083. 			$uploadfile = basename($_FILES['file']['name'][$key]);
    1084. 

  1084. 			$i=1;
    1085. 

    1086. 

    1087. 

  1087. 			while(file_exists($userpath.'/'.$uploadfile)){
    1088. 

  1088. 			  $uploadfile = $i . '_' . basename($_FILES['file']['name'][$key]);
    1089. 

  1089. 			  $i++;
    1090. 

  1090. 	        }
    1091. 

    1092. 

  1092. 	        move_uploaded_file($tmp_name, $userpath.'/'.$uploadfile);
    1093. 

  1093. 	        databaseAdd($userpath,$uploadfile);
    1094. 

  1094. 	        echo "<script>history.go(-1);</script>";
    1095. 

  1095. 		  }
    1096. 

  1096. 		}
    1097. 

  1097. 	}else{
    1098. 

  1098. 	  error('directory doesnt exist');
    1099. 

  1099. 	}
    1100. 

  1100.   }else{
    1101. 

  1101.     error('no auth');
    1102. 

  1102.   }
    1103. 

  1103. }
    1104. 

  1104. */
    1105. 

  1105. 

  1106. 

  1107. /*
    1108. 

  1108. functions to do simple things
    1109. 

  1109. simple simple simple simple simple simple simple simple simple simple simple
    1110. 

  1110. simple simple simple simple simple simple simple simple simple simple simple
    1111. 

  1111. simple simple simple simple simple simple simple simple simple simple simple
    1112. 

  1112. simple simple simple simple simple simple simple simple simple simple simple
    1113. 

    1114. 

  1114. */
    1115. 

  1115. 

  1116. 

  1117. function deleteDir($dir)
    1118. 

  1118. {
    1119. 

  1119.    if (substr($dir, strlen($dir)-1, 1) != '/')
    1120. 

  1120.        $dir .= '/';
    1121. 

  1121.    if (is_dir($dir) && $handle = opendir($dir)){
    1122. 

  1122.        while ($obj = readdir($handle)){
    1123. 

  1123.            if ($obj != '.' && $obj != '..'){
    1124. 

  1124.                if (is_dir($dir.$obj)){
    1125. 

  1125.                    if (!deleteDir($dir.$obj))
    1126. 

  1126.                        return false;
    1127. 

  1127.                }
    1128. 

  1128.                elseif (is_file($dir.$obj)){
    1129. 

  1129.                    if (!unlink($dir.$obj))
    1130. 

  1130.                        return false;
    1131. 

  1131.                }
    1132. 

  1132.            }
    1133. 

  1133.        }
    1134. 

  1134.        closedir($handle);
    1135. 

  1135.        if (!@rmdir($dir))
    1136. 

  1136.            return false;
    1137. 

  1137.        return true;
    1138. 

  1138.    }
    1139. 

  1139.    return false;
    1140. 

  1140. }
    1141. 

  1141. 

  1142. function get_size($path)
    1143. 

  1143.    {
    1144. 

  1144.    if(!is_dir($path)) return filesize($path);
    1145. 

  1145.    if ($handle = opendir("$path")) {
    1146. 

  1146.        $size = 0;
    1147. 

  1147.        while (false !== ($file = readdir($handle))) {
    1148. 

  1148.            if($file!='.' && $file!='..'){
    1149. 

  1149.                $size += get_size($path.'/'.$file);
    1150. 

  1150.            }
    1151. 

  1151.        }
    1152. 

  1152.        closedir($handle);
    1153. 

  1153.        return $size;
    1154. 

  1154.    }
    1155. 

  1155. }
    1156. 

  1156. 

  1157. function filesize_format($size){
    1158. 

  1158. 

  1159.     if( is_null($size) || $size === FALSE || $size == 0 )
    1160. 

  1160.     return $size;
    1161. 

  1161. 

  1162.   if( $size > 1024*1024*1024 )
    1163. 

  1163.     $size = sprintf( "%.1f GB", $size / (1024*1024*1024) );
    1164. 

  1164.   elseif( $size > 1024*1024 )
    1165. 

  1165.     $size = sprintf( "%.1f MB", $size / (1024*1024) );
    1166. 

  1166.   elseif( $size > 1024 )
    1167. 

  1167.     $size = sprintf( "%.1f kB", $size / 1024 );
    1168. 

  1168.   elseif( $size < 0 )
    1169. 

  1169.     $size = '&nbsp;';
    1170. 

  1170.   else
    1171. 

  1171.     $size = sprintf( "%d B", $size );
    1172. 

  1172. 

  1173.   return $size;
    1174. 

  1174. 

  1175. }
    1176. 

  1176. 

  1177. function secs_to_string ($secs, $long=false)
    1178. 

  1178. {
    1179. 

  1179. 	$initsecs = $secs;
    1180. 

  1180.   // reset hours, mins, and secs we'll be using
    1181. 

  1181.   $hours = 0;
    1182. 

  1182.   $mins = 0;
    1183. 

  1183.   $secs = intval ($secs);
    1184. 

  1184.   $t = array(); // hold all 3 time periods to return as string
    1185. 

  1185.   
    1186. 

  1186.   // take care of mins and left-over secs
    1187. 

  1187.   if ($secs >= 60) {
    1188. 

  1188.     $mins += (int) floor ($secs / 60);
    1189. 

  1189.     $secs = (int) $secs % 60;
    1190. 

  1190.         
    1191. 

  1191.     // now handle hours and left-over mins    
    1192. 

  1192.     if ($mins >= 60) {
    1193. 

  1193.       $hours += (int) floor ($mins / 60);
    1194. 

  1194.       $mins = $mins % 60;
    1195. 

  1195.     }
    1196. 

  1196.     // we're done! now save time periods into our array
    1197. 

  1197.     $t['hours'] = (intval($hours) < 10) ? "" . $hours : $hours;
    1198. 

  1198.     $t['mins'] = (intval($mins) < 10) ? "" . $mins : $mins;
    1199. 

  1199.   }
    1200. 

  1200. 

  1201.   // what's the final amount of secs?
    1202. 

  1202.   $t['secs'] = (intval ($secs) < 10) ? "" . $secs : $secs;
    1203. 

  1203.   
    1204. 

  1204.   // decide how we should name hours, mins, sec
    1205. 

  1205.   $str_hours = ($long) ? "hour" : "hour";
    1206. 

  1206.   $str_mins = ($long) ? "minute" : "min";
    1207. 

  1207.   $str_secs = ($long) ? "second" : "sec";
    1208. 

  1208. 

  1209.   // build the pretty time string in an ugly way
    1210. 

  1210.   $time_string = "";
    1211. 

  1211.   
    1212. 

  1212.   
    1213. 

  1213.   $time_string .= ($t['hours'] > 0) ? $t['hours'] . " $str_hours" . ((intval($t['hours']) == 1) ? " " : "s ") : "";
    1214. 

  1214.   #$time_string .= ($t['mins']) ? (($t['hours']) ? ", " : "") : "";
    1215. 

  1215.   $time_string .= ($t['mins']) ? $t['mins'] . " $str_mins" . ((intval($t['mins']) == 1) ? " " : "s ") : "";
    1216. 

  1216.   #$time_string .= ($t['hours'] || $t['mins']) ? (($t['secs'] > 0) ? ", " : "") : "";
    1217. 

  1217.   
    1218. 

  1218.   if($initsecs < 120){
    1219. 

  1219. 	  $time_string .= ($t['secs']) ? $t['secs'] . " $str_secs" . ((intval($t['secs']) == 1) ? "" : "s ") : " ";
    1220. 

  1220.   }else{
    1221. 

  1221.     if($secs > 30){
    1222. 

  1222. 		$pre = ">";
    1223. 

  1223. 	}else{
    1224. 

  1224. 		$pre = "about";
    1225. 

  1225. 	}
    1226. 

  1226.   	$time_string = "$pre $time_string";
    1227. 

  1227.   }
    1228. 

  1228.   
    1229. 

  1229.   return empty($time_string) ? 0 : $time_string;
    1230. 

  1230. }
    1231. 

  1231. 

  1232. 

  1233. /*
    1234. 

  1234. JSON STUFF JSON STUFF JSON STUFF JSON STUFF JSON STUFF JSON STUFF JSON STUFF
    1235. 

  1235. JSON STUFF JSON STUFF JSON STUFF JSON STUFF JSON STUFF JSON STUFF JSON STUFF
    1236. 

  1236. JSON STUFF JSON STUFF JSON STUFF JSON STUFF JSON STUFF JSON STUFF JSON STUFF
    1237. 

  1237. JSON STUFF JSON STUFF JSON STUFF JSON STUFF JSON STUFF JSON STUFF JSON STUFF
    1238. 

  1238. */
    1239. 

  1239. 

  1240. function jsonStart(){
    1241. 

  1241.   global $json;
    1242. 

  1242.   $json = '';
    1243. 

  1243. }
    1244. 

  1244. 

  1245. function jsonAdd($jsonLine){
    1246. 

  1246.   global $json;
    1247. 

  1247.   if($json != '')
    1248. 

  1248.     $json .= ",";
    1249. 

  1249.   $json .= "{ $jsonLine }";
    1250. 

  1250. }
    1251. 

  1251. 

  1252. function jsonReturn($variableName){
    1253. 

  1253.   global $json;
    1254. 

  1254.   return "{\"bindings\": [ $json ]}";
    1255. 

  1255. }
    1256. 

  1256. 

  1257. ?>
    1258. 

  1258.