[3367] | 1 | <?php
|
---|
| 2 |
|
---|
| 3 | /**
|
---|
| 4 | * This class manage upload, with use of the JUpload applet. It's both a sample to show how to use the applet, and
|
---|
| 5 | * a class you can use directly into your own application.
|
---|
| 6 | *
|
---|
| 7 | * Recommandation: Don't update its code !
|
---|
| 8 | *
|
---|
| 9 | * By doing this, you'll be able to reuse directly any update coming from the JUpload project, instead of reporting your
|
---|
| 10 | * modifications into any new version of this class. This guarantees you that your project can use the last version of
|
---|
| 11 | * JUpload, without any code modification. We work so that the applet behavior remains unchanged, but from time to time,
|
---|
| 12 | * a change can appear.
|
---|
| 13 | *
|
---|
| 14 | * Sample:
|
---|
| 15 | * - See the index.php samples, in the same folder.
|
---|
| 16 | *
|
---|
| 17 | * Notes:
|
---|
| 18 | * - maxChunkSize: this class use a default maxChunkSize of 500K (or less, depending on the script max size). This allows
|
---|
| 19 | * upload of FILES OF ANY SIZE on quite all ISP hosting. If it's too big for you (the max upload size of your ISP is less
|
---|
| 20 | * than 500K), or if you want no chunk at all, you can, of course, override this default value.
|
---|
| 21 | *
|
---|
| 22 | *
|
---|
| 23 | *
|
---|
| 24 | * Parameters:
|
---|
| 25 | * - $appletparams contains a map for applet parameters: key is the applet parameter name. The value is the value to transmit
|
---|
| 26 | * to the applet. See the applet documentation for information on all applet parameters.
|
---|
| 27 | * - $classparams contains the parameter specific for the JUpload class below. Here are the main class parameters:
|
---|
| 28 | * - demo_mode. Files are uploaded to the server, but not stored on its hard drive. That is: you can simulate the global
|
---|
| 29 | * behavior, but won't consume hard drive space. This mode is used on sourceforge web site.
|
---|
| 30 | *
|
---|
| 31 | *
|
---|
| 32 | * Output generated for uploaded files:
|
---|
| 33 | * - $files is an array of array. This can be managed by (a) the function given in the callbackAfterUploadManagement class
|
---|
| 34 | * parameter, or (b) within the page whose URL is given in the afterUploadURL applet parameter, or (c) you can Extend the
|
---|
| 35 | * class and redeclare defaultAfterUploadManagement() to your needs.
|
---|
| 36 | * See the defaultAfterUploadManagement() for a sample on howto manage this array.
|
---|
| 37 | *
|
---|
| 38 | * This array contains:
|
---|
| 39 | * - One entry per file. Each entry is an array, that contains all files properties, stored as $key=>$value.
|
---|
| 40 | * The available keys are:
|
---|
| 41 | * - name: the filename, as it is now stored on the system.
|
---|
| 42 | * - size: the file size
|
---|
| 43 | * - path: the absolute path, where the file has been stored.
|
---|
| 44 | * - fullName: the canonical file name (i.e. including the absolute path)
|
---|
| 45 | * - md5sum: the md5sum of the file, if further control is needed.
|
---|
| 46 | * - mimetype: the calculated mime type of the file
|
---|
| 47 | * - If the formData applet parameter is used: all attributes (key and value) uploaded by the applet, are put here,
|
---|
| 48 | * repeated for each file.
|
---|
| 49 | *
|
---|
| 50 | * Note: if you are using a callback function (i.e. callbackAfterUploadManagement) and you do not see a global 'object' you
|
---|
| 51 | * are expecting then it might have been destroyed by PHP - c.f. http://bugs.php.net/bug.php?id=39693
|
---|
| 52 | *
|
---|
| 53 | */
|
---|
| 54 | class JUpload {
|
---|
| 55 |
|
---|
[3894] | 56 | var $appletparams;
|
---|
| 57 | var $classparams;
|
---|
| 58 | var $files;
|
---|
[3367] | 59 |
|
---|
[3894] | 60 | public function JUpload($appletparams = array(), $classparams = array()) {
|
---|
| 61 | if (gettype($classparams) != 'array')
|
---|
| 62 | $this->abort('Invalid type of parameter classparams: Expecting an array');
|
---|
| 63 | if (gettype($appletparams) != 'array')
|
---|
| 64 | $this->abort('Invalid type of parameter appletparams: Expecting an array');
|
---|
[3367] | 65 |
|
---|
[3894] | 66 | // set some defaults for the applet params
|
---|
| 67 | if (!isset($appletparams['afterUploadURL']))
|
---|
| 68 | $appletparams['afterUploadURL'] = $_SERVER['PHP_SELF'] . '?afterupload=1';
|
---|
| 69 | if (!isset($appletparams['name']))
|
---|
| 70 | $appletparams['name'] = 'JUpload';
|
---|
| 71 | if (!isset($appletparams['archive']))
|
---|
| 72 | $appletparams['archive'] = 'wjhk.jupload.jar';
|
---|
| 73 | if (!isset($appletparams['code']))
|
---|
| 74 | $appletparams['code'] = 'wjhk.jupload2.JUploadApplet';
|
---|
| 75 | if (!isset($appletparams['debugLevel']))
|
---|
| 76 | $appletparams['debugLevel'] = 0;
|
---|
| 77 | if (!isset($appletparams['httpUploadParameterType']))
|
---|
| 78 | $appletparams['httpUploadParameterType'] = 'array';
|
---|
| 79 | if (!isset($appletparams['showLogWindow']))
|
---|
| 80 | $appletparams['showLogWindow'] = ($appletparams['debugLevel'] > 0) ? 'true' : 'false';
|
---|
| 81 | if (!isset($appletparams['width']))
|
---|
| 82 | $appletparams['width'] = 500;
|
---|
| 83 | if (!isset($appletparams['height']))
|
---|
| 84 | $appletparams['height'] = ($appletparams['showLogWindow'] == 'true') ? 500 : 300;
|
---|
| 85 | if (!isset($appletparams['mayscript']))
|
---|
| 86 | $appletparams['mayscript'] = 'true';
|
---|
| 87 | if (!isset($appletparams['scriptable']))
|
---|
| 88 | $appletparams['scriptable'] = 'false';
|
---|
| 89 | //if (!isset($appletparams['stringUploadSuccess']))
|
---|
| 90 | $appletparams['stringUploadSuccess'] = 'SUCCESS';
|
---|
| 91 | //if (!isset($appletparams['stringUploadError']))
|
---|
| 92 | $appletparams['stringUploadError'] = 'ERROR: (.*)';
|
---|
| 93 | $maxpost = $this->tobytes(ini_get('post_max_size'));
|
---|
| 94 | $maxmem = $this->tobytes(ini_get('memory_limit'));
|
---|
| 95 | $maxfs = $this->tobytes(ini_get('upload_max_filesize'));
|
---|
| 96 | $obd = ini_get('open_basedir');
|
---|
| 97 | if (!isset($appletparams['maxChunkSize'])) {
|
---|
| 98 | $maxchunk = ($maxpost < $maxmem) ? $maxpost : $maxmem;
|
---|
| 99 | $maxchunk = ($maxchunk < $maxfs) ? $maxchunk : $maxfs;
|
---|
| 100 | $maxchunk /= 4;
|
---|
| 101 | $optchunk = (500000 > $maxchunk) ? $maxchunk : 500000;
|
---|
| 102 | $appletparams['maxChunkSize'] = $optchunk;
|
---|
| 103 | }
|
---|
| 104 | $appletparams['maxChunkSize'] = $this->tobytes($appletparams['maxChunkSize']);
|
---|
| 105 | if (!isset($appletparams['maxFileSize']))
|
---|
| 106 | $appletparams['maxFileSize'] = $maxfs;
|
---|
| 107 | $appletparams['maxFileSize'] = $this->tobytes($appletparams['maxFileSize']);
|
---|
| 108 | if (isset($classparams['errormail'])) {
|
---|
| 109 | $appletparams['urlToSendErrorTo'] = $_SERVER["PHP_SELF"] . '?errormail';
|
---|
| 110 | }
|
---|
[3367] | 111 |
|
---|
[3894] | 112 | // Same for class parameters
|
---|
| 113 | if (!isset($classparams['demo_mode']))
|
---|
| 114 | $classparams['demo_mode'] = false;
|
---|
| 115 | if ($classparams['demo_mode']) {
|
---|
| 116 | $classparams['create_destdir'] = false;
|
---|
| 117 | $classparams['allow_subdirs'] = true;
|
---|
| 118 | $classparams['allow_zerosized'] = true;
|
---|
| 119 | $classparams['duplicate'] = 'overwrite';
|
---|
| 120 | }
|
---|
| 121 | if (!isset($classparams['debug_php'])) // set true to log some messages in PHP log
|
---|
| 122 | $classparams['debug_php'] = false;
|
---|
| 123 | if (!isset($this->classparams['allowed_mime_types'])) // array of allowed MIME type
|
---|
| 124 | $classparams['allowed_mime_types'] = 'all';
|
---|
| 125 | if (!isset($this->classparams['allowed_file_extensions'])) // array of allowed file extensions
|
---|
| 126 | $classparams['allowed_file_extensions'] = 'all';
|
---|
| 127 | if (!isset($classparams['verbose_errors'])) // shouldn't display server info on a production site!
|
---|
| 128 | $classparams['verbose_errors'] = true;
|
---|
| 129 | if (!isset($classparams['session_regenerate']))
|
---|
| 130 | $classparams['session_regenerate'] = false;
|
---|
| 131 | if (!isset($classparams['create_destdir']))
|
---|
| 132 | $classparams['create_destdir'] = true;
|
---|
| 133 | if (!isset($classparams['allow_subdirs']))
|
---|
| 134 | $classparams['allow_subdirs'] = false;
|
---|
| 135 | if (!isset($classparams['spaces_in_subdirs']))
|
---|
| 136 | $classparams['spaces_in_subdirs'] = false;
|
---|
| 137 | if (!isset($classparams['allow_zerosized']))
|
---|
| 138 | $classparams['allow_zerosized'] = false;
|
---|
| 139 | if (!isset($classparams['duplicate']))
|
---|
| 140 | $classparams['duplicate'] = 'rename';
|
---|
| 141 | if (!isset($classparams['dirperm']))
|
---|
| 142 | $classparams['dirperm'] = 0755;
|
---|
| 143 | if (!isset($classparams['fileperm']))
|
---|
| 144 | $classparams['fileperm'] = 0644;
|
---|
| 145 | if (!isset($classparams['destdir'])) {
|
---|
| 146 | if ($obd != '')
|
---|
| 147 | $classparams['destdir'] = $obd;
|
---|
| 148 | else
|
---|
| 149 | $classparams['destdir'] = '/var/tmp/jupload_test';
|
---|
| 150 | }
|
---|
| 151 | if ($classparams['create_destdir'])
|
---|
| 152 | @mkdir($classparams['destdir'], $classparams['dirperm']);
|
---|
| 153 | if (!is_dir($classparams['destdir']) && is_writable($classparams['destdir']))
|
---|
| 154 | $this->abort('Destination dir not accessible');
|
---|
| 155 | if (!isset($classparams['tmp_prefix']))
|
---|
| 156 | $classparams['tmp_prefix'] = 'jutmp.';
|
---|
| 157 | if (!isset($classparams['var_prefix']))
|
---|
| 158 | $classparams['var_prefix'] = 'juvar.';
|
---|
| 159 | if (!isset($classparams['jscript_wrapper']))
|
---|
| 160 | $classparams['jscript_wrapper'] = 'JUploadSetProperty';
|
---|
| 161 | if (!isset($classparams['tag_jscript']))
|
---|
| 162 | $classparams['tag_jscript'] = '<!--JUPLOAD_JSCRIPT-->';
|
---|
| 163 | if (!isset($classparams['tag_applet']))
|
---|
| 164 | $classparams['tag_applet'] = '<!--JUPLOAD_APPLET-->';
|
---|
| 165 | if (!isset($classparams['tag_flist']))
|
---|
| 166 | $classparams['tag_flist'] = '<!--JUPLOAD_FILES-->';
|
---|
| 167 | if (!isset($classparams['http_flist_start']))
|
---|
| 168 | $classparams['http_flist_start'] =
|
---|
| 169 | "<table border='1'><TR><TH>Filename</TH><TH>file size</TH><TH>Relative path</TH><TH>Full name</TH><TH>md5sum</TH><TH>Specific parameters</TH></TR>";
|
---|
| 170 | if (!isset($classparams['http_flist_end']))
|
---|
| 171 | $classparams['http_flist_end'] = "</table>\n";
|
---|
| 172 | if (!isset($classparams['http_flist_file_before']))
|
---|
| 173 | $classparams['http_flist_file_before'] = "<tr><td>";
|
---|
| 174 | if (!isset($classparams['http_flist_file_between']))
|
---|
| 175 | $classparams['http_flist_file_between'] = "</td><td>";
|
---|
| 176 | if (!isset($classparams['http_flist_file_after']))
|
---|
| 177 | $classparams['http_flist_file_after'] = "</td></tr>\n";
|
---|
[3367] | 178 |
|
---|
[3894] | 179 | $this->appletparams = $appletparams;
|
---|
| 180 | $this->classparams = $classparams;
|
---|
| 181 | $this->page_start();
|
---|
| 182 | }
|
---|
[3367] | 183 |
|
---|
[3894] | 184 | /**
|
---|
| 185 | * Log a message on the current output, as a HTML comment.
|
---|
| 186 | */
|
---|
| 187 | protected function logDebug($function, $msg, $htmlComment=true)
|
---|
| 188 | {
|
---|
| 189 | $output = "[DEBUG] [$function] $msg";
|
---|
| 190 | if ($htmlComment) {
|
---|
| 191 | echo("<!-- $output -->\r\n");
|
---|
| 192 | } else {
|
---|
| 193 | echo("$output\r\n");
|
---|
| 194 | }
|
---|
| 195 | }
|
---|
[3367] | 196 |
|
---|
[3894] | 197 | /**
|
---|
| 198 | * Log a message to the PHP log.
|
---|
| 199 | * Declared "protected" so it may be Extended if you require customised logging (e.g. particular log file location).
|
---|
| 200 | */
|
---|
| 201 | protected function logPHPDebug($function, $msg)
|
---|
| 202 | {
|
---|
| 203 | if ($this->classparams['debug_php'] === true) {
|
---|
| 204 | $output = "[DEBUG] [$function] " . $this->arrayexpand($msg);
|
---|
| 205 | error_log($output);
|
---|
| 206 | }
|
---|
| 207 | }
|
---|
[3367] | 208 |
|
---|
[3894] | 209 | private function arrayexpand($array)
|
---|
| 210 | {
|
---|
| 211 | $output = '';
|
---|
| 212 | if (is_array($array)) {
|
---|
| 213 | foreach ($array as $key => $value) {
|
---|
| 214 | $output .= "\n " . $key . ' => ' . $this->arrayexpand($value);
|
---|
| 215 | }
|
---|
| 216 | } else {
|
---|
| 217 | $output .= $array;
|
---|
| 218 | }
|
---|
| 219 | return $output;
|
---|
| 220 | }
|
---|
[3367] | 221 |
|
---|
[3894] | 222 | /**
|
---|
| 223 | * Convert a value ending in 'G','M' or 'K' to bytes
|
---|
| 224 | *
|
---|
| 225 | */
|
---|
| 226 | private function tobytes($val)
|
---|
| 227 | {
|
---|
| 228 | $val = trim($val);
|
---|
| 229 | $last = strtolower($val{strlen($val) - 1});
|
---|
| 230 | switch ($last) {
|
---|
| 231 | case 'g':
|
---|
| 232 | $val *= 1024;
|
---|
| 233 | case 'm':
|
---|
| 234 | $val *= 1024;
|
---|
| 235 | case 'k':
|
---|
| 236 | $val *= 1024;
|
---|
| 237 | }
|
---|
| 238 | return $val;
|
---|
| 239 | }
|
---|
[3367] | 240 |
|
---|
[3894] | 241 | /**
|
---|
| 242 | * Build a string, containing a javascript wrapper function
|
---|
| 243 | * for setting applet properties via JavaScript. This is necessary,
|
---|
| 244 | * because we use the "modern" method of including the applet (using
|
---|
| 245 | * <object> resp. <embed> tags) in order to trigger automatic JRE downloading.
|
---|
| 246 | * Therefore, in Netscape-like browsers, the applet is accessible via
|
---|
| 247 | * the document.embeds[] array while in others, it is accessible via the
|
---|
| 248 | * document.applets[] array.
|
---|
| 249 | *
|
---|
| 250 | * @return A string, containing the necessary wrapper function (named JUploadSetProperty)
|
---|
| 251 | */
|
---|
| 252 | private function str_jsinit()
|
---|
| 253 | {
|
---|
| 254 | $N = "\n";
|
---|
| 255 | $name = $this->appletparams['name'];
|
---|
| 256 | $ret = '<script type="text/javascript">' . $N;
|
---|
| 257 | $ret .= '<!--' . $N;
|
---|
| 258 | $ret .= 'function ' . $this->classparams['jscript_wrapper'] . '(name, value) {' . $N;
|
---|
| 259 | $ret .= ' document.applets["' . $name . '"] == null || document.applets["' . $name . '"].setProperty(name,value);' . $N;
|
---|
| 260 | $ret .= ' document.embeds["' . $name . '"] == null || document.embeds["' . $name . '"].setProperty(name,value);' . $N;
|
---|
| 261 | $ret .= '}' . $N;
|
---|
| 262 | $ret .= '//-->' . $N;
|
---|
| 263 | $ret .= '</script>';
|
---|
| 264 | return $ret;
|
---|
| 265 | }
|
---|
[3367] | 266 |
|
---|
[3894] | 267 | /**
|
---|
| 268 | * Build a string, containing the applet tag with all parameters.
|
---|
| 269 | *
|
---|
| 270 | * @return A string, containing the applet tag
|
---|
| 271 | */
|
---|
| 272 | private function str_applet() {
|
---|
| 273 | $N = "\n";
|
---|
| 274 | $params = $this->appletparams;
|
---|
| 275 | // return the actual applet tag
|
---|
| 276 | $ret = '<object classid = "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"' . $N;
|
---|
| 277 | $ret .= ' codebase = "http://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab#Version=5,0,0,3"' . $N;
|
---|
| 278 | $ret .= ' width = "' . $params['width'] . '"' . $N;
|
---|
| 279 | $ret .= ' height = "' . $params['height'] . '"' . $N;
|
---|
| 280 | $ret .= ' name = "' . $params['name'] . '">' . $N;
|
---|
| 281 | foreach ($params as $key => $val) {
|
---|
| 282 | if ($key != 'width' && $key != 'height')
|
---|
| 283 | $ret .= ' <param name = "' . $key . '" value = "' . $val . '" />' . $N;
|
---|
| 284 | }
|
---|
| 285 | $ret .= ' <comment>' . $N;
|
---|
| 286 | $ret .= ' <embed' . $N;
|
---|
| 287 | $ret .= ' type = "application/x-java-applet;version=1.5"' . $N;
|
---|
| 288 | foreach ($params as $key => $val)
|
---|
| 289 | $ret .= ' ' . $key . ' = "' . $val . '"' . $N;
|
---|
| 290 | $ret .= ' pluginspage = "http://java.sun.com/products/plugin/index.html#download">' . $N;
|
---|
| 291 | $ret .= ' <noembed>' . $N;
|
---|
| 292 | $ret .= ' Java 1.5 or higher plugin required.' . $N;
|
---|
| 293 | $ret .= ' </noembed>' . $N;
|
---|
| 294 | $ret .= ' </embed>' . $N;
|
---|
| 295 | $ret .= ' </comment>' . $N;
|
---|
| 296 | $ret .= '</object>';
|
---|
| 297 | return $ret;
|
---|
| 298 | }
|
---|
[3367] | 299 |
|
---|
[3894] | 300 | private function abort($msg = '')
|
---|
| 301 | {
|
---|
| 302 | $this->cleanup();
|
---|
| 303 | if ($msg != '')
|
---|
| 304 | die(str_replace('(.*)', $msg, $this->appletparams['stringUploadError']) . "\n");
|
---|
| 305 | exit;
|
---|
| 306 | }
|
---|
[3367] | 307 |
|
---|
[3894] | 308 | private function warning($msg = '')
|
---|
| 309 | {
|
---|
| 310 | $this->cleanup();
|
---|
| 311 | if ($msg != '')
|
---|
| 312 | echo('WARNING: ' . $msg . "\n");
|
---|
| 313 | echo $this->appletparams['stringUploadSuccess'] . "\n";
|
---|
| 314 | exit;
|
---|
| 315 | }
|
---|
[3367] | 316 |
|
---|
[3894] | 317 | private function cleanup()
|
---|
| 318 | {
|
---|
| 319 | // remove all uploaded files of *this* request
|
---|
| 320 | if (isset($_FILES)) {
|
---|
| 321 | foreach ($_FILES as $key => $val)
|
---|
| 322 | @unlink($val['tmp_name']);
|
---|
| 323 | }
|
---|
| 324 | // remove accumulated file, if any.
|
---|
| 325 | @unlink($this->classparams['destdir'] . '/' . $this->classparams['tmp_prefix'] . session_id());
|
---|
| 326 | @unlink($this->classparams['destdir'] . '/' . $this->classparams['tmp_prefix'] . 'tmp' . session_id());
|
---|
| 327 | // reset session var
|
---|
| 328 | $_SESSION[$this->classparams['var_prefix'] . 'size'] = 0;
|
---|
| 329 | return;
|
---|
| 330 | }
|
---|
[3367] | 331 |
|
---|
[3894] | 332 | private function mkdirp($path)
|
---|
| 333 | {
|
---|
| 334 | // create subdir (hierary) below destdir;
|
---|
| 335 | $dirs = explode('/', $path);
|
---|
| 336 | $path = $this->classparams['destdir'];
|
---|
| 337 | foreach ($dirs as $dir)
|
---|
| 338 | {
|
---|
| 339 | $path .= '/' . $dir;
|
---|
| 340 | if (!file_exists($path)) { // @ does NOT always supress the error!
|
---|
| 341 | @mkdir($path, $this->classparams['dirperm']);
|
---|
| 342 | }
|
---|
| 343 | }
|
---|
| 344 | if (!is_dir($path) && is_writable($path))
|
---|
| 345 | $this->abort('Destination dir not accessible');
|
---|
| 346 | }
|
---|
[3367] | 347 |
|
---|
| 348 | /**
|
---|
| 349 | * This method:
|
---|
| 350 | * - Replaces some potentially dangerous characters by '_' (in the given name an relative path)
|
---|
| 351 | * - Checks if a files of the same name already exists.
|
---|
| 352 | * - If no: no problem.
|
---|
| 353 | * - If yes, and the duplicate class param is set to rename, the file is renamed.
|
---|
| 354 | * - If yes, and the duplicate class param is set to overwrite, the file is not renamed. The existing one will be erased.
|
---|
| 355 | * - If yes, and the duplicate class param is set to reject, an error is thrown.
|
---|
| 356 | */
|
---|
[3894] | 357 | private function dstfinal(&$name, &$subdir)
|
---|
| 358 | {
|
---|
| 359 | $name = preg_replace('![`$\\\\/|]!', '_', $name);
|
---|
| 360 | if ($this->classparams['allow_subdirs'] && ($subdir != '')) {
|
---|
| 361 | $subdir = trim(preg_replace('!\\\\!', '/', $subdir), '/');
|
---|
| 362 | $subdir = preg_replace('![`$|]!', '_', $subdir);
|
---|
| 363 | if (!$this->classparams['spaces_in_subdirs']) {
|
---|
| 364 | $subdir = str_replace(' ', '_', $subdir);
|
---|
| 365 | }
|
---|
| 366 | // recursively create subdir
|
---|
| 367 | if (!$this->classparams['demo_mode'])
|
---|
| 368 | $this->mkdirp($subdir);
|
---|
| 369 | // append a slash
|
---|
| 370 | $subdir .= '/';
|
---|
| 371 | } else {
|
---|
| 372 | $subdir = '';
|
---|
| 373 | }
|
---|
| 374 | $ret = $this->classparams['destdir'] . '/' . $subdir . $name;
|
---|
| 375 | if (file_exists($ret)) {
|
---|
| 376 | if ($this->classparams['duplicate'] == 'overwrite') {
|
---|
| 377 | return $ret;
|
---|
| 378 | }
|
---|
| 379 | if ($this->classparams['duplicate'] == 'reject') {
|
---|
| 380 | $this->abort('A file with the same name already exists');
|
---|
| 381 | }
|
---|
| 382 | if ($this->classparams['duplicate'] == 'warning') {
|
---|
| 383 | $this->warning("File $name already exists - rejected");
|
---|
| 384 | }
|
---|
| 385 | if ($this->classparams['duplicate'] == 'rename') {
|
---|
| 386 | $cnt = 1;
|
---|
| 387 | $dir = $this->classparams['destdir'] . '/' . $subdir;
|
---|
| 388 | $ext = strrchr($name, '.');
|
---|
| 389 | if ($ext) {
|
---|
| 390 | $nameWithoutExtension = substr($name, 0, strlen($name) - strlen($ext));
|
---|
| 391 | } else {
|
---|
| 392 | $ext = '';
|
---|
| 393 | $nameWithoutExtension = $name;
|
---|
| 394 | }
|
---|
[3367] | 395 |
|
---|
[3894] | 396 | $rtry = $dir . $nameWithoutExtension . '.[' . $cnt . ']' . $ext;
|
---|
| 397 | while (file_exists($rtry)) {
|
---|
| 398 | $cnt++;
|
---|
| 399 | $rtry = $dir . $nameWithoutExtension . '.[' . $cnt . ']' . $ext;
|
---|
| 400 | }
|
---|
| 401 | //We store the result name in the byReference name parameter.
|
---|
| 402 | $name = $nameWithoutExtension . '.[' . $cnt . ']' . $ext;
|
---|
| 403 | $ret = $rtry;
|
---|
| 404 | }
|
---|
| 405 | }
|
---|
| 406 | return $ret;
|
---|
| 407 | }
|
---|
[3367] | 408 |
|
---|
[3894] | 409 | /**
|
---|
| 410 | * Example function to process the files uploaded. This one simply displays the files' data.
|
---|
| 411 | *
|
---|
| 412 | */
|
---|
| 413 | public function defaultAfterUploadManagement()
|
---|
| 414 | {
|
---|
| 415 | $flist = '[defaultAfterUploadManagement] Nb uploaded files is: ' . sizeof($this->files);
|
---|
| 416 | $flist = $this->classparams['http_flist_start'];
|
---|
| 417 | foreach ($this->files as $f) {
|
---|
| 418 | //$f is an array, that contains all info about the uploaded file.
|
---|
| 419 | $this->logDebug('defaultAfterUploadManagement', " Reading file ${f['name']}");
|
---|
| 420 | $flist .= $this->classparams['http_flist_file_before'];
|
---|
| 421 | $flist .= $f['name'];
|
---|
| 422 | $flist .= $this->classparams['http_flist_file_between'];
|
---|
| 423 | $flist .= $f['size'];
|
---|
| 424 | $flist .= $this->classparams['http_flist_file_between'];
|
---|
| 425 | $flist .= $f['relativePath'];
|
---|
| 426 | $flist .= $this->classparams['http_flist_file_between'];
|
---|
| 427 | $flist .= $f['fullName'];
|
---|
| 428 | $flist .= $this->classparams['http_flist_file_between'];
|
---|
| 429 | $flist .= $f['md5sum'];
|
---|
| 430 | $addBR = false;
|
---|
| 431 | foreach ($f as $key => $value) {
|
---|
| 432 | //If it's a specific key, let's display it:
|
---|
| 433 | if ($key != 'name' && $key != 'size' && $key != 'relativePath' && $key != 'fullName' && $key != 'md5sum') {
|
---|
| 434 | if ($addBR) {
|
---|
| 435 | $flist .= "<br>";
|
---|
| 436 | } else {
|
---|
| 437 | // First line. We must add a new 'official' list separator.
|
---|
| 438 | $flist .= $this->classparams['http_flist_file_between'];
|
---|
| 439 | $addBR = true;
|
---|
| 440 | }
|
---|
| 441 | $flist .= "$key => $value";
|
---|
| 442 | }
|
---|
| 443 | }
|
---|
| 444 | $flist .= $this->classparams['http_flist_file_after'];
|
---|
| 445 | }
|
---|
| 446 | $flist .= $this->classparams['http_flist_end'];
|
---|
[3367] | 447 |
|
---|
[3894] | 448 | return $flist;
|
---|
| 449 | }
|
---|
[3367] | 450 |
|
---|
[3894] | 451 | /**
|
---|
| 452 | * Generation of the applet tag, and necessary things around (js content). Insertion of this into the content of the
|
---|
| 453 | * page.
|
---|
| 454 | * See the tag_jscript and tag_applet class parameters.
|
---|
| 455 | */
|
---|
| 456 | private function generateAppletTag($str)
|
---|
| 457 | {
|
---|
| 458 | $this->logDebug('generateAppletTag', 'Entering function');
|
---|
| 459 | $str = preg_replace('/' . $this->classparams['tag_jscript'] . '/', $this->str_jsinit(), $str);
|
---|
| 460 | return preg_replace('/' . $this->classparams['tag_applet'] . '/', $this->str_applet(), $str);
|
---|
| 461 | }
|
---|
[3367] | 462 |
|
---|
[3894] | 463 | /**
|
---|
| 464 | * This function is called when constructing the page, when we're not reveiving uploaded files. It 'just' construct
|
---|
| 465 | * the applet tag, by calling the relevant function.
|
---|
| 466 | *
|
---|
| 467 | * This *must* be public, because it is called from PHP's output buffering
|
---|
| 468 | */
|
---|
| 469 | public function interceptBeforeUpload($str)
|
---|
| 470 | {
|
---|
| 471 | $this->logDebug('interceptBeforeUpload', 'Entering function');
|
---|
| 472 | return $this->generateAppletTag($str);
|
---|
| 473 | }
|
---|
[3367] | 474 |
|
---|
| 475 | /**
|
---|
| 476 | * This function displays the uploaded files description in the current page (see tag_flist class parameter)
|
---|
| 477 | *
|
---|
| 478 | * This *must* be public, because it is called from PHP's output buffering.
|
---|
| 479 | */
|
---|
[3894] | 480 | public function interceptAfterUpload($str)
|
---|
| 481 | {
|
---|
| 482 | $this->logDebug('interceptAfterUpload', 'Entering function');
|
---|
| 483 | $this->logPHPDebug('interceptAfterUpload', $this->files);
|
---|
[3367] | 484 |
|
---|
[3894] | 485 | if (count($this->files) > 0) {
|
---|
| 486 | if (isset($this->classparams['callbackAfterUploadManagement'])) {
|
---|
| 487 | $this->logDebug('interceptAfterUpload', 'Before call of ' . $this->classparams['callbackAfterUploadManagement']);
|
---|
| 488 | $strForFListContent = call_user_func($this->classparams['callbackAfterUploadManagement'], $this, $this->files);
|
---|
| 489 | } else {
|
---|
| 490 | $strForFListContent = $this->defaultAfterUploadManagement();
|
---|
| 491 | }
|
---|
| 492 | $str = preg_replace('/' . $this->classparams['tag_flist'] . '/', $strForFListContent, $str);
|
---|
| 493 | }
|
---|
| 494 | return $this->generateAppletTag($str);
|
---|
| 495 | }
|
---|
[3367] | 496 |
|
---|
[3894] | 497 | /**
|
---|
| 498 | * This method manages the receiving of the debug log, when an error occurs.
|
---|
| 499 | */
|
---|
| 500 | private function receive_debug_log()
|
---|
| 501 | {
|
---|
| 502 | // handle error report
|
---|
| 503 | if (isset($_POST['description']) && isset($_POST['log'])) {
|
---|
| 504 | $msg = $_POST['log'];
|
---|
| 505 | mail($this->classparams['errormail'], $_POST['description'], $msg);
|
---|
| 506 | } else {
|
---|
| 507 | if (isset($_SERVER['SERVER_ADMIN']))
|
---|
| 508 | mail($_SERVER['SERVER_ADMIN'], 'Empty jupload error log', 'An empty log has just been posted.');
|
---|
| 509 | $this->logPHPDebug('receive_debug_log', 'Empty error log received');
|
---|
| 510 | }
|
---|
| 511 | exit;
|
---|
| 512 | }
|
---|
[3367] | 513 |
|
---|
[3894] | 514 | /**
|
---|
| 515 | * This method is the heart of the system. It manage the files sent by the applet, check the incoming parameters (md5sum) and
|
---|
| 516 | * reconstruct the files sent in chunk mode.
|
---|
| 517 | *
|
---|
| 518 | * The result is stored in the $files array, and can then be managed by the function given in the callbackAfterUploadManagement
|
---|
| 519 | * class parameter, or within the page whose URL is given in the afterUploadURL applet parameter.
|
---|
| 520 | * Or you can Extend the class and redeclare defaultAfterUploadManagement() to your needs.
|
---|
| 521 | */
|
---|
| 522 | private function receive_uploaded_files()
|
---|
| 523 | {
|
---|
| 524 | $this->logDebug('receive_uploaded_files', 'Entering POST management');
|
---|
[3367] | 525 |
|
---|
[3894] | 526 | if (session_id() == '') {
|
---|
| 527 | include_once('../../header.session.inc.php');
|
---|
| 528 | }
|
---|
| 529 | // we check for the session *after* handling possible error log
|
---|
| 530 | // because an error could have happened because the session-id is missing.
|
---|
| 531 | if (!isset($_SESSION[$this->classparams['var_prefix'] . 'size'])) {
|
---|
| 532 | $this->abort('Invalid session (in afterupload, POST, check of size)');
|
---|
| 533 | }
|
---|
| 534 | if (!isset($_SESSION[$this->classparams['var_prefix'] . 'files'])) {
|
---|
| 535 | $this->abort('Invalid session (in afterupload, POST, check of files)');
|
---|
| 536 | }
|
---|
| 537 | $this->files = $_SESSION[$this->classparams['var_prefix'] . 'files'];
|
---|
| 538 | if (!is_array($this->files)) {
|
---|
| 539 | $this->abort('Invalid session (in afterupload, POST, is_array(files))');
|
---|
| 540 | }
|
---|
| 541 | if ($this->appletParameters['sendMD5Sum'] && !isset($_POST['md5sum'])) {
|
---|
| 542 | $this->abort('Required POST variable md5sum is missing');
|
---|
| 543 | }
|
---|
| 544 | $cnt = 0;
|
---|
| 545 | foreach ($_FILES as $key => $value) {
|
---|
| 546 | //Let's read the $_FILES data
|
---|
| 547 | if (isset($files_data)) {
|
---|
| 548 | unset($files_data);
|
---|
[3367] | 549 | }
|
---|
[3894] | 550 | $jupart = (isset($_POST['jupart'])) ? (int) $_POST['jupart'] : 0;
|
---|
| 551 | $jufinal = (isset($_POST['jufinal'])) ? (int) $_POST['jufinal'] : 1;
|
---|
| 552 | $relpaths = (isset($_POST['relpathinfo'])) ? $_POST['relpathinfo'] : null;
|
---|
| 553 | $md5sums = (isset($_POST['md5sum'])) ? $_POST['md5sum'] : null;
|
---|
| 554 | $mimetypes = (isset($_POST['mimetype'])) ? $_POST['mimetype'] : null;
|
---|
| 555 | //$relpaths = (isset($_POST["relpathinfo$cnt"])) ? $_POST["relpathinfo$cnt"] : null;
|
---|
| 556 | //$md5sums = (isset($_POST["md5sum$cnt"])) ? $_POST["md5sum$cnt"] : null;
|
---|
| 557 |
|
---|
| 558 | if (gettype($relpaths) == 'string') {
|
---|
| 559 | $relpaths = array($relpaths);
|
---|
[3367] | 560 | }
|
---|
[3894] | 561 | if (gettype($md5sums) == 'string') {
|
---|
| 562 | $md5sums = array($md5sums);
|
---|
[3367] | 563 | }
|
---|
[3894] | 564 | if ($this->appletParameters['sendMD5Sum'] && !is_array($md5sums)) {
|
---|
| 565 | $this->abort('Expecting an array of MD5 checksums');
|
---|
[3367] | 566 | }
|
---|
[3894] | 567 | if (!is_array($relpaths)) {
|
---|
| 568 | $this->abort('Expecting an array of relative paths');
|
---|
| 569 | }
|
---|
| 570 | if (!is_array($mimetypes)) {
|
---|
| 571 | $this->abort('Expecting an array of MIME types');
|
---|
| 572 | }
|
---|
| 573 | // Check the MIME type (note: this is easily forged!)
|
---|
| 574 | if (isset($this->classparams['allowed_mime_types']) && is_array($this->classparams['allowed_mime_types'])) {
|
---|
| 575 | if (!in_array($mimetypes[$cnt], $this->classparams['allowed_mime_types'])) {
|
---|
| 576 | $this->abort('MIME type ' . $mimetypes[$cnt] . ' not allowed');
|
---|
[3367] | 577 | }
|
---|
[3894] | 578 | }
|
---|
| 579 | if (isset($this->classparams['allowed_file_extensions']) && is_array($this->classparams['allowed_file_extensions'])) {
|
---|
| 580 | $fileExtension = substr(strrchr($value['name'][$cnt], "."), 1);
|
---|
| 581 | if (!in_array($fileExtension, $this->classparams['allowed_file_extensions'])) {
|
---|
| 582 | $this->abort('File extension ' . $fileExtension . ' not allowed');
|
---|
| 583 | }
|
---|
| 584 | }
|
---|
[3367] | 585 |
|
---|
[3894] | 586 | $dstdir = $this->classparams['destdir'];
|
---|
| 587 | $dstname = $dstdir . '/' . $this->classparams['tmp_prefix'] . session_id();
|
---|
| 588 | $tmpname = $dstdir . '/' . $this->classparams['tmp_prefix'] . 'tmp' . session_id();
|
---|
[3367] | 589 |
|
---|
[3894] | 590 | // Controls are now done. Let's store the current uploaded files properties in an array, for future use.
|
---|
| 591 | $files_data['name'] = $value['name'][$cnt];
|
---|
| 592 | $files_data['size'] = 'not calculated yet';
|
---|
| 593 | $files_data['tmp_name'] = $value['tmp_name'][$cnt];
|
---|
| 594 | $files_data['error'] = $value['error'][$cnt];
|
---|
| 595 | $files_data['relativePath'] = $relpaths[$cnt];
|
---|
| 596 | $files_data['md5sum'] = $md5sums[$cnt];
|
---|
| 597 | $files_data['mimetype'] = $mimetypes[$cnt];
|
---|
[3367] | 598 |
|
---|
[3894] | 599 | if (!move_uploaded_file($files_data['tmp_name'], $tmpname)) {
|
---|
| 600 | if ($classparams['verbose_errors']) {
|
---|
| 601 | $this->abort("Unable to move uploaded file (from ${files_data['tmp_name']} to $tmpname)");
|
---|
| 602 | } else {
|
---|
| 603 | trigger_error("Unable to move uploaded file (from ${files_data['tmp_name']} to $tmpname)", E_USER_WARNING);
|
---|
| 604 | $this->abort("Unable to move uploaded file");
|
---|
| 605 | }
|
---|
| 606 | }
|
---|
[3367] | 607 |
|
---|
[3894] | 608 | // In demo mode, no file storing is done. We just delete the newly uploaded file.
|
---|
| 609 | if ($this->classparams['demo_mode']) {
|
---|
| 610 | if ($jufinal || (!$jupart)) {
|
---|
| 611 | if ($jupart) {
|
---|
| 612 | $files_data['size'] = ($jupart - 1) * $this->appletparams['maxChunkSize'] + filesize($tmpname);
|
---|
| 613 | } else {
|
---|
| 614 | $files_data['size'] = filesize($tmpname);
|
---|
| 615 | }
|
---|
| 616 | $files_data['fullName'] = 'Demo mode<BR>No file storing';
|
---|
| 617 | array_push($this->files, $files_data);
|
---|
| 618 | }
|
---|
| 619 | unlink($tmpname);
|
---|
| 620 | $cnt++;
|
---|
| 621 | continue;
|
---|
| 622 | }
|
---|
| 623 | //If we get here, the upload is a real one (no demo)
|
---|
| 624 | if ($jupart) {
|
---|
| 625 | // got a chunk of a multi-part upload
|
---|
| 626 | $len = filesize($tmpname);
|
---|
| 627 | $_SESSION[$this->classparams['var_prefix'] . 'size'] += $len;
|
---|
| 628 | if ($len > 0) {
|
---|
| 629 | $src = fopen($tmpname, 'rb');
|
---|
| 630 | $dst = fopen($dstname, ($jupart == 1) ? 'wb' : 'ab');
|
---|
| 631 | while ($len > 0) {
|
---|
| 632 | $rlen = ($len > 8192) ? 8192 : $len;
|
---|
| 633 | $buf = fread($src, $rlen);
|
---|
| 634 | if (!$buf) {
|
---|
| 635 | fclose($src);
|
---|
| 636 | fclose($dst);
|
---|
| 637 | unlink($dstname);
|
---|
| 638 | $this->abort('read IO error');
|
---|
| 639 | }
|
---|
| 640 | if (!fwrite($dst, $buf, $rlen)) {
|
---|
| 641 | fclose($src);
|
---|
| 642 | fclose($dst);
|
---|
| 643 | unlink($dstname);
|
---|
| 644 | $this->abort('write IO error');
|
---|
| 645 | }
|
---|
| 646 | $len -= $rlen;
|
---|
| 647 | }
|
---|
| 648 | fclose($src);
|
---|
| 649 | fclose($dst);
|
---|
| 650 | unlink($tmpname);
|
---|
| 651 | }
|
---|
| 652 | if ($jufinal) {
|
---|
| 653 | // This is the last chunk. Check total lenght and
|
---|
| 654 | // rename it to it's final name.
|
---|
| 655 | $dlen = filesize($dstname);
|
---|
| 656 | if ($dlen != $_SESSION[$this->classparams['var_prefix'] . 'size'])
|
---|
| 657 | $this->abort('file size mismatch');
|
---|
| 658 | if ($this->appletParameters['sendMD5Sum']) {
|
---|
| 659 | if ($md5sums[$cnt] != md5_file($dstname))
|
---|
| 660 | $this->abort('MD5 checksum mismatch');
|
---|
| 661 | }
|
---|
| 662 | // remove zero sized files
|
---|
| 663 | if (($dlen > 0) || $this->classparams['allow_zerosized']) {
|
---|
| 664 | $dstfinal = $this->dstfinal($files_data['name'], $files_data['relativePath']);
|
---|
| 665 | if (!rename($dstname, $dstfinal))
|
---|
| 666 | $this->abort('rename IO error');
|
---|
| 667 | if (!chmod($dstfinal, $this->classparams['fileperm']))
|
---|
| 668 | $this->abort('chmod IO error');
|
---|
| 669 | $files_data['size'] = filesize($dstfinal);
|
---|
| 670 | $files_data['fullName'] = $dstfinal;
|
---|
| 671 | $files_data['path'] = dirname($dstfinal);
|
---|
| 672 | array_push($this->files, $files_data);
|
---|
| 673 | } else {
|
---|
| 674 | unlink($dstname);
|
---|
| 675 | }
|
---|
| 676 | // reset session var
|
---|
| 677 | $_SESSION[$this->classparams['var_prefix'] . 'size'] = 0;
|
---|
| 678 | }
|
---|
| 679 | } else {
|
---|
| 680 | // Got a single file upload. Trivial.
|
---|
| 681 | if ($md5sums[$cnt] != md5_file($tmpname))
|
---|
| 682 | $this->abort('MD5 checksum mismatch');
|
---|
| 683 | $dstfinal = $this->dstfinal($files_data['name'], $files_data['relativePath']);
|
---|
| 684 | if (!rename($tmpname, $dstfinal))
|
---|
| 685 | $this->abort('rename IO error');
|
---|
| 686 | if (!chmod($dstfinal, $this->classparams['fileperm']))
|
---|
| 687 | $this->abort('chmod IO error');
|
---|
| 688 | $files_data['size'] = filesize($dstfinal);
|
---|
| 689 | $files_data['fullName'] = $dstfinal;
|
---|
| 690 | $files_data['path'] = dirname($dstfinal);
|
---|
| 691 | array_push($this->files, $files_data);
|
---|
| 692 | }
|
---|
| 693 | $cnt++;
|
---|
| 694 | }
|
---|
[3367] | 695 |
|
---|
[3894] | 696 | echo $this->appletparams['stringUploadSuccess'] . "\n";
|
---|
| 697 | $_SESSION[$this->classparams['var_prefix'] . 'files'] = $this->files;
|
---|
| 698 | session_write_close();
|
---|
| 699 | exit;
|
---|
| 700 | }
|
---|
[3367] | 701 |
|
---|
[3894] | 702 | /**
|
---|
| 703 | *
|
---|
| 704 | *
|
---|
| 705 | */
|
---|
| 706 | private function page_start() {
|
---|
| 707 | $this->logDebug('page_start', 'Entering function');
|
---|
[3367] | 708 |
|
---|
[3894] | 709 | // If the applet checks for the serverProtocol, it issues a HEAD request
|
---|
| 710 | // -> Simply return an empty doc.
|
---|
| 711 | if ($_SERVER['REQUEST_METHOD'] == 'HEAD') {
|
---|
| 712 | // Nothing to do
|
---|
| 713 | } else if ($_SERVER['REQUEST_METHOD'] == 'GET') {
|
---|
| 714 | // A GET request means: return upload page
|
---|
| 715 | $this->logDebug('page_start', 'Entering GET management');
|
---|
[3367] | 716 |
|
---|
[3894] | 717 | if (session_id() == '') {
|
---|
| 718 | include_once('../../header.session.inc.php');
|
---|
| 719 | }
|
---|
| 720 | if (isset($_GET['afterupload'])) {
|
---|
| 721 | $this->logDebug('page_start', 'afterupload is set');
|
---|
| 722 | if (!isset($_SESSION[$this->classparams['var_prefix'] . 'files'])) {
|
---|
| 723 | $this->abort('Invalid session (in afterupload, GET, check of $_SESSION): files array is not set');
|
---|
| 724 | }
|
---|
| 725 | $this->files = $_SESSION[$this->classparams['var_prefix'] . 'files'];
|
---|
| 726 | if (!is_array($this->files)) {
|
---|
| 727 | $this->abort('Invalid session (in afterupload, GET, check of is_array(files)): files is not an array');
|
---|
| 728 | }
|
---|
| 729 | // clear session data ready for new upload
|
---|
| 730 | $_SESSION[$this->classparams['var_prefix'] . 'files'] = array();
|
---|
[3367] | 731 |
|
---|
[3894] | 732 | // start intercepting the content of the calling page, to display the upload result.
|
---|
| 733 | ob_start(array(& $this, 'interceptAfterUpload'));
|
---|
| 734 | } else {
|
---|
| 735 | $this->logDebug('page_start', 'afterupload is not set');
|
---|
| 736 | if ($this->classparams['session_regenerate']) {
|
---|
| 737 | session_regenerate_id(true);
|
---|
[3367] | 738 | }
|
---|
[3894] | 739 | $this->files = array();
|
---|
| 740 | $_SESSION[$this->classparams['var_prefix'] . 'size'] = 0;
|
---|
| 741 | $_SESSION[$this->classparams['var_prefix'] . 'files'] = $this->files;
|
---|
| 742 | // start intercepting the content of the calling page, to display the applet tag.
|
---|
| 743 | ob_start(array(& $this, 'interceptBeforeUpload'));
|
---|
[3367] | 744 | }
|
---|
[3894] | 745 | } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
---|
| 746 | // If we got a POST request, this is the real work.
|
---|
| 747 | if (isset($_GET['errormail'])) {
|
---|
| 748 | //Hum, an error occurs on server side. Let's manage the debug log, that we just received.
|
---|
| 749 | $this->receive_debug_log();
|
---|
| 750 | } else {
|
---|
| 751 | $this->receive_uploaded_files();
|
---|
| 752 | }
|
---|
| 753 | }
|
---|
| 754 | }
|
---|
| 755 |
|
---|
[3367] | 756 | }
|
---|
| 757 |
|
---|
[3894] | 758 | // PHP end tag omitted intentionally!! |
---|