Context Navigation

source: branches/2.2/filemanager/inc/jupload.php @ 3386

Revision 3386, 33.2 KB checked in by amuller, 14 years ago (diff)
Ticket #1379 - Implementação do applet numa janela

Line
1	<?php
2
3
4	/**
5	* This class manage upload, with use of the JUpload applet. It's both a sample to show how to use the applet, and
6	* a class you can use directly into your own application.
7	*
8	* Recommandation: Don't update its code !
9	*
10	* By doing this, you'll be able to reuse directly any update coming from the JUpload project, instead of reporting your
11	* modifications into any new version of this class. This guarantees you that your project can use the last version of
12	* JUpload, without any code modification. We work so that the applet behavior remains unchanged, but from time to time,
13	* a change can appear.
14	*
15	* Sample:
16	* - See the index.php samples, in the same folder.
17	*
18	* Notes:
19	* - maxChunkSize: this class use a default maxChunkSize of 500K (or less, depending on the script max size). This allows
20	* upload of FILES OF ANY SIZE on quite all ISP hosting. If it's too big for you (the max upload size of your ISP is less
21	* than 500K), or if you want no chunk at all, you can, of course, override this default value.
22	*
23	*
24	*
25	* Parameters:
26	* - $appletparams contains a map for applet parameters: key is the applet parameter name. The value is the value to transmit
27	* to the applet. See the applet documentation for information on all applet parameters.
28	* - $classparams contains the parameter specific for the JUpload class below. Here are the main class parameters:
29	* - demo_mode. Files are uploaded to the server, but not stored on its hard drive. That is: you can simulate the global
30	* behavior, but won't consume hard drive space. This mode is used on sourceforge web site.
31	*
32	*
33	* Output generated for uploaded files:
34	* - $files is an array of array. This can be managed by (a) the function given in the callbackAfterUploadManagement class
35	* parameter, or (b) within the page whose URL is given in the afterUploadURL applet parameter, or (c) you can Extend the
36	* class and redeclare defaultAfterUploadManagement() to your needs.
37	* See the defaultAfterUploadManagement() for a sample on howto manage this array.
38	*
39	* This array contains:
40	* - One entry per file. Each entry is an array, that contains all files properties, stored as $key=>$value.
41	* The available keys are:
42	* - name: the filename, as it is now stored on the system.
43	* - size: the file size
44	* - path: the absolute path, where the file has been stored.
45	* - fullName: the canonical file name (i.e. including the absolute path)
46	* - md5sum: the md5sum of the file, if further control is needed.
47	* - mimetype: the calculated mime type of the file
48	* - If the formData applet parameter is used: all attributes (key and value) uploaded by the applet, are put here,
49	* repeated for each file.
50	*
51	* Note: if you are using a callback function (i.e. callbackAfterUploadManagement) and you do not see a global 'object' you
52	* are expecting then it might have been destroyed by PHP - c.f. http://bugs.php.net/bug.php?id=39693
53	*
54	*/
55
56	class JUpload {
57
58	var $appletparams;
59	var $classparams;
60	var $files;
61
62	public function JUpload($appletparams = array(), $classparams = array()) {
63	if (gettype($classparams) != 'array')
64	$this->abort('Invalid type of parameter classparams: Expecting an array');
65	if (gettype($appletparams) != 'array')
66	$this->abort('Invalid type of parameter appletparams: Expecting an array');
67
68	// set some defaults for the applet params
69	if (!isset($appletparams['afterUploadURL']))
70	$appletparams['afterUploadURL'] = $_SERVER['PHP_SELF'] . '?afterupload=1';
71	if (!isset($appletparams['name']))
72	$appletparams['name'] = 'JUpload';
73	if (!isset($appletparams['archive']))
74	$appletparams['archive'] = 'wjhk.jupload.jar';
75	if (!isset($appletparams['code']))
76	$appletparams['code'] = 'wjhk.jupload2.JUploadApplet';
77	if (!isset($appletparams['debugLevel']))
78	$appletparams['debugLevel'] = 0;
79	if (!isset($appletparams['httpUploadParameterType']))
80	$appletparams['httpUploadParameterType'] = 'array';
81	if (!isset($appletparams['showLogWindow']))
82	$appletparams['showLogWindow'] = ($appletparams['debugLevel'] > 0) ? 'true' : 'false';
83	if (!isset($appletparams['width']))
84	$appletparams['width'] = 500;
85	if (!isset($appletparams['height']))
86	$appletparams['height'] = ($appletparams['showLogWindow'] == 'true') ? 500 : 300;
87	if (!isset($appletparams['mayscript']))
88	$appletparams['mayscript'] = 'true';
89	if (!isset($appletparams['scriptable']))
90	$appletparams['scriptable'] = 'false';
91	//if (!isset($appletparams['stringUploadSuccess']))
92	$appletparams['stringUploadSuccess'] = 'SUCCESS';
93	//if (!isset($appletparams['stringUploadError']))
94	$appletparams['stringUploadError'] = 'ERROR: (.*)';
95	$maxpost = $this->tobytes(ini_get('post_max_size'));
96	$maxmem = $this->tobytes(ini_get('memory_limit'));
97	$maxfs = $this->tobytes(ini_get('upload_max_filesize'));
98	$obd = ini_get('open_basedir');
99	if (!isset($appletparams['maxChunkSize'])) {
100	$maxchunk = ($maxpost < $maxmem) ? $maxpost : $maxmem;
101	$maxchunk = ($maxchunk < $maxfs) ? $maxchunk : $maxfs;
102	$maxchunk /= 4;
103	$optchunk = (500000 > $maxchunk) ? $maxchunk : 500000;
104	$appletparams['maxChunkSize'] = $optchunk;
105	}
106	$appletparams['maxChunkSize'] = $this->tobytes($appletparams['maxChunkSize']);
107	if (!isset($appletparams['maxFileSize']))
108	$appletparams['maxFileSize'] = $maxfs;
109	$appletparams['maxFileSize'] = $this->tobytes($appletparams['maxFileSize']);
110	if (isset($classparams['errormail'])) {
111	$appletparams['urlToSendErrorTo'] = $_SERVER["PHP_SELF"] . '?errormail';
112	}
113
114	// Same for class parameters
115	if (!isset($classparams['demo_mode']))
116	$classparams['demo_mode'] = false;
117	if ($classparams['demo_mode']) {
118	$classparams['create_destdir'] = false;
119	$classparams['allow_subdirs'] = true;
120	$classparams['allow_zerosized'] = true;
121	$classparams['duplicate'] = 'overwrite';
122	}
123	if (!isset($classparams['debug_php'])) // set true to log some messages in PHP log
124	$classparams['debug_php'] = false;
125	if (!isset($this->classparams['allowed_mime_types'])) // array of allowed MIME type
126	$classparams['allowed_mime_types'] = 'all';
127	if (!isset($this->classparams['allowed_file_extensions'])) // array of allowed file extensions
128	$classparams['allowed_file_extensions'] = 'all';
129	if (!isset($classparams['verbose_errors'])) // shouldn't display server info on a production site!
130	$classparams['verbose_errors'] = true;
131	if (!isset($classparams['session_regenerate']))
132	$classparams['session_regenerate'] = false;
133	if (!isset($classparams['create_destdir']))
134	$classparams['create_destdir'] = true;
135	if (!isset($classparams['allow_subdirs']))
136	$classparams['allow_subdirs'] = false;
137	if (!isset($classparams['spaces_in_subdirs']))
138	$classparams['spaces_in_subdirs'] = false;
139	if (!isset($classparams['allow_zerosized']))
140	$classparams['allow_zerosized'] = false;
141	if (!isset($classparams['duplicate']))
142	$classparams['duplicate'] = 'rename';
143	if (!isset($classparams['dirperm']))
144	$classparams['dirperm'] = 0755;
145	if (!isset($classparams['fileperm']))
146	$classparams['fileperm'] = 0644;
147	if (!isset($classparams['destdir'])) {
148	if ($obd != '')
149	$classparams['destdir'] = $obd;
150	else
151	$classparams['destdir'] = '/var/tmp/jupload_test';
152	}
153	if ($classparams['create_destdir'])
154	@mkdir($classparams['destdir'], $classparams['dirperm']);
155	if (!is_dir($classparams['destdir']) && is_writable($classparams['destdir']))
156	$this->abort('Destination dir not accessible');
157	if (!isset($classparams['tmp_prefix']))
158	$classparams['tmp_prefix'] = 'jutmp.';
159	if (!isset($classparams['var_prefix']))
160	$classparams['var_prefix'] = 'juvar.';
161	if (!isset($classparams['jscript_wrapper']))
162	$classparams['jscript_wrapper'] = 'JUploadSetProperty';
163	if (!isset($classparams['tag_jscript']))
164	$classparams['tag_jscript'] = '<!--JUPLOAD_JSCRIPT-->';
165	if (!isset($classparams['tag_applet']))
166	$classparams['tag_applet'] = '<!--JUPLOAD_APPLET-->';
167	if (!isset($classparams['tag_flist']))
168	$classparams['tag_flist'] = '<!--JUPLOAD_FILES-->';
169	if (!isset($classparams['http_flist_start']))
170	$classparams['http_flist_start'] =
171	"<table border='1'><TR><TH>Filename</TH><TH>file size</TH><TH>Relative path</TH><TH>Full name</TH><TH>md5sum</TH><TH>Specific parameters</TH></TR>";
172	if (!isset($classparams['http_flist_end']))
173	$classparams['http_flist_end'] = "</table>\n";
174	if (!isset($classparams['http_flist_file_before']))
175	$classparams['http_flist_file_before'] = "<tr><td>";
176	if (!isset($classparams['http_flist_file_between']))
177	$classparams['http_flist_file_between'] = "</td><td>";
178	if (!isset($classparams['http_flist_file_after']))
179	$classparams['http_flist_file_after'] = "</td></tr>\n";
180
181	$this->appletparams = $appletparams;
182	$this->classparams = $classparams;
183	$this->page_start();
184	}
185
186	/**
187	* Log a message on the current output, as a HTML comment.
188	*/
189	protected function logDebug($function, $msg, $htmlComment=true) {
190	$output = "[DEBUG] [$function] $msg";
191	if ($htmlComment) {
192	echo("<!-- $output -->\r\n");
193	} else {
194	echo("$output\r\n");
195	}
196	}
197
198	/**
199	* Log a message to the PHP log.
200	* Declared "protected" so it may be Extended if you require customised logging (e.g. particular log file location).
201	*/
202	protected function logPHPDebug($function, $msg) {
203	if ($this->classparams['debug_php'] === true) {
204	$output = "[DEBUG] [$function] ".$this->arrayexpand($msg);
205	error_log($output);
206	}
207	}
208
209	private function arrayexpand($array) {
210	$output = '';
211	if (is_array($array)) {
212	foreach ($array as $key => $value) {
213	$output .= "\n ".$key.' => '.$this->arrayexpand($value);
214	}
215	} else {
216	$output .= $array;
217	}
218	return $output;
219	}
220
221
222	/**
223	* Convert a value ending in 'G','M' or 'K' to bytes
224	*
225	*/
226	private function tobytes($val) {
227	$val = trim($val);
228	$last = strtolower($val{strlen($val)-1});
229	switch($last) {
230	case 'g':
231	$val *= 1024;
232	case 'm':
233	$val *= 1024;
234	case 'k':
235	$val *= 1024;
236	}
237	return $val;
238	}
239
240	/**
241	* Build a string, containing a javascript wrapper function
242	* for setting applet properties via JavaScript. This is necessary,
243	* because we use the "modern" method of including the applet (using
244	* <object> resp. <embed> tags) in order to trigger automatic JRE downloading.
245	* Therefore, in Netscape-like browsers, the applet is accessible via
246	* the document.embeds[] array while in others, it is accessible via the
247	* document.applets[] array.
248	*
249	* @return A string, containing the necessary wrapper function (named JUploadSetProperty)
250	*/
251	private function str_jsinit() {
252	$N = "\n";
253	$name = $this->appletparams['name'];
254	$ret = '<script type="text/javascript">'.$N;
255	$ret .= '<!--'.$N;
256	$ret .= 'function '.$this->classparams['jscript_wrapper'].'(name, value) {'.$N;
257	$ret .= ' document.applets["'.$name.'"] == null \|\| document.applets["'.$name.'"].setProperty(name,value);'.$N;
258	$ret .= ' document.embeds["'.$name.'"] == null \|\| document.embeds["'.$name.'"].setProperty(name,value);'.$N;
259	$ret .= '}'.$N;
260	$ret .= '//-->'.$N;
261	$ret .= '</script>';
262	return $ret;
263	}
264
265	/**
266	* Build a string, containing the applet tag with all parameters.
267	*
268	* @return A string, containing the applet tag
269	*/
270	private function str_applet() {
271	$N = "\n";
272	$params = $this->appletparams;
273	// return the actual applet tag
274	$ret = '<object classid = "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"'.$N;
275	$ret .= ' codebase = "http://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab#Version=5,0,0,3"'.$N;
276	$ret .= ' width = "'.$params['width'].'"'.$N;
277	$ret .= ' height = "'.$params['height'].'"'.$N;
278	$ret .= ' name = "'.$params['name'].'">'.$N;
279	foreach ($params as $key => $val) {
280	if ($key != 'width' && $key != 'height')
281	$ret .= ' <param name = "'.$key.'" value = "'.$val.'" />'.$N;
282	}
283	$ret .= ' <comment>'.$N;
284	$ret .= ' <embed'.$N;
285	$ret .= ' type = "application/x-java-applet;version=1.5"'.$N;
286	foreach ($params as $key => $val)
287	$ret .= ' '.$key.' = "'.$val.'"'.$N;
288	$ret .= ' pluginspage = "http://java.sun.com/products/plugin/index.html#download">'.$N;
289	$ret .= ' <noembed>'.$N;
290	$ret .= ' Java 1.5 or higher plugin required.'.$N;
291	$ret .= ' </noembed>'.$N;
292	$ret .= ' </embed>'.$N;
293	$ret .= ' </comment>'.$N;
294	$ret .= '</object>';
295	return $ret;
296	}
297
298	private function abort($msg = '') {
299	$this->cleanup();
300	if ($msg != '')
301	die(str_replace('(.*)',$msg,$this->appletparams['stringUploadError'])."\n");
302	exit;
303	}
304
305	private function warning($msg = '') {
306	$this->cleanup();
307	if ($msg != '')
308	echo('WARNING: '.$msg."\n");
309	echo $this->appletparams['stringUploadSuccess']."\n";
310	exit;
311	}
312
313	private function cleanup() {
314	// remove all uploaded files of this request
315	if (isset($_FILES)) {
316	foreach ($_FILES as $key => $val)
317	@unlink($val['tmp_name']);
318	}
319	// remove accumulated file, if any.
320	@unlink($this->classparams['destdir'].'/'.$this->classparams['tmp_prefix'].session_id());
321	@unlink($this->classparams['destdir'].'/'.$this->classparams['tmp_prefix'].'tmp'.session_id());
322	// reset session var
323	$_SESSION[$this->classparams['var_prefix'].'size'] = 0;
324	return;
325	}
326
327	private function mkdirp($path) {
328	// create subdir (hierary) below destdir;
329	$dirs = explode('/', $path);
330	$path = $this->classparams['destdir'];
331	foreach ($dirs as $dir) {
332	$path .= '/'.$dir;
333	if (!file_exists($path)) { // @ does NOT always supress the error!
334	@mkdir($path, $this->classparams['dirperm']);
335	}
336	}
337	if (!is_dir($path) && is_writable($path))
338	$this->abort('Destination dir not accessible');
339	}
340
341	/**
342	* This method:
343	* - Replaces some potentially dangerous characters by '_' (in the given name an relative path)
344	* - Checks if a files of the same name already exists.
345	* - If no: no problem.
346	* - If yes, and the duplicate class param is set to rename, the file is renamed.
347	* - If yes, and the duplicate class param is set to overwrite, the file is not renamed. The existing one will be erased.
348	* - If yes, and the duplicate class param is set to reject, an error is thrown.
349	*/
350	private function dstfinal(&$name, &$subdir) {
351	$name = preg_replace('![`$\\\\/\|]!', '_', $name);
352	if ($this->classparams['allow_subdirs'] && ($subdir != '')) {
353	$subdir = trim(preg_replace('!\\\\!','/',$subdir),'/');
354	$subdir = preg_replace('![`$\|]!', '_', $subdir);
355	if (!$this->classparams['spaces_in_subdirs']) {
356	$subdir = str_replace(' ','_',$subdir);
357	}
358	// recursively create subdir
359	if (!$this->classparams['demo_mode'])
360	$this->mkdirp($subdir);
361	// append a slash
362	$subdir .= '/';
363	} else {
364	$subdir = '';
365	}
366	$ret = $this->classparams['destdir'].'/'.$subdir.$name;
367	if (file_exists($ret)) {
368	if ($this->classparams['duplicate'] == 'overwrite') {
369	return $ret;
370	}
371	if ($this->classparams['duplicate'] == 'reject') {
372	$this->abort('A file with the same name already exists');
373	}
374	if ($this->classparams['duplicate'] == 'warning') {
375	$this->warning("File $name already exists - rejected");
376	}
377	if ($this->classparams['duplicate'] == 'rename') {
378	$cnt = 1;
379	$dir = $this->classparams['destdir'].'/'.$subdir;
380	$ext = strrchr($name, '.');
381	if ($ext) {
382	$nameWithoutExtension = substr($name, 0, strlen($name) - strlen($ext));
383	} else {
384	$ext = '';
385	$nameWithoutExtension = $name;
386	}
387
388	$rtry = $dir.$nameWithoutExtension.'.['.$cnt.']'.$ext;
389	while (file_exists($rtry)) {
390	$cnt++;
391	$rtry = $dir.$nameWithoutExtension.'.['.$cnt.']'.$ext;
392	}
393	//We store the result name in the byReference name parameter.
394	$name = $nameWithoutExtension.'.['.$cnt.']'.$ext;
395	$ret = $rtry;
396	}
397	}
398	return $ret;
399	}
400
401	/**
402	* Example function to process the files uploaded. This one simply displays the files' data.
403	*
404	*/
405	public function defaultAfterUploadManagement() {
406	$flist = '[defaultAfterUploadManagement] Nb uploaded files is: ' . sizeof($this->files);
407	$flist = $this->classparams['http_flist_start'];
408	foreach ($this->files as $f) {
409	//$f is an array, that contains all info about the uploaded file.
410	$this->logDebug('defaultAfterUploadManagement', " Reading file ${f['name']}");
411	$flist .= $this->classparams['http_flist_file_before'];
412	$flist .= $f['name'];
413	$flist .= $this->classparams['http_flist_file_between'];
414	$flist .= $f['size'];
415	$flist .= $this->classparams['http_flist_file_between'];
416	$flist .= $f['relativePath'];
417	$flist .= $this->classparams['http_flist_file_between'];
418	$flist .= $f['fullName'];
419	$flist .= $this->classparams['http_flist_file_between'];
420	$flist .= $f['md5sum'];
421	$addBR = false;
422	foreach ($f as $key=>$value) {
423	//If it's a specific key, let's display it:
424	if ($key != 'name' && $key != 'size' && $key != 'relativePath' && $key != 'fullName' && $key != 'md5sum') {
425	if ($addBR) {
426	$flist .= "<br>";
427	} else {
428	// First line. We must add a new 'official' list separator.
429	$flist .= $this->classparams['http_flist_file_between'];
430	$addBR = true;
431	}
432	$flist .= "$key => $value";
433	}
434	}
435	$flist .= $this->classparams['http_flist_file_after'];
436	}
437	$flist .= $this->classparams['http_flist_end'];
438
439	return $flist;
440	}
441
442	/**
443	* Generation of the applet tag, and necessary things around (js content). Insertion of this into the content of the
444	* page.
445	* See the tag_jscript and tag_applet class parameters.
446	*/
447	private function generateAppletTag($str) {
448	$this->logDebug('generateAppletTag', 'Entering function');
449	$str = preg_replace('/'.$this->classparams['tag_jscript'].'/', $this->str_jsinit(), $str);
450	return preg_replace('/'.$this->classparams['tag_applet'].'/', $this->str_applet(), $str);
451	}
452
453	/**
454	* This function is called when constructing the page, when we're not reveiving uploaded files. It 'just' construct
455	* the applet tag, by calling the relevant function.
456	*
457	* This must be public, because it is called from PHP's output buffering
458	*/
459	public function interceptBeforeUpload($str) {
460	$this->logDebug('interceptBeforeUpload', 'Entering function');
461	return $this->generateAppletTag($str);
462	}
463
464	/**
465	* This function displays the uploaded files description in the current page (see tag_flist class parameter)
466	*
467	* This must be public, because it is called from PHP's output buffering.
468	*/
469	public function interceptAfterUpload($str) {
470	$this->logDebug('interceptAfterUpload', 'Entering function');
471	$this->logPHPDebug('interceptAfterUpload', $this->files);
472
473	if (count($this->files) > 0) {
474	if (isset($this->classparams['callbackAfterUploadManagement'])) {
475	$this->logDebug('interceptAfterUpload', 'Before call of ' .$this->classparams['callbackAfterUploadManagement']);
476	$strForFListContent = call_user_func($this->classparams['callbackAfterUploadManagement'], $this, $this->files);
477	} else {
478	$strForFListContent = $this->defaultAfterUploadManagement();
479	}
480	$str = preg_replace('/'.$this->classparams['tag_flist'].'/', $strForFListContent, $str);
481	}
482	return $this->generateAppletTag($str);
483	}
484
485	/**
486	* This method manages the receiving of the debug log, when an error occurs.
487	*/
488	private function receive_debug_log() {
489	// handle error report
490	if (isset($_POST['description']) && isset($_POST['log'])) {
491	$msg = $_POST['log'];
492	mail($this->classparams['errormail'], $_POST['description'], $msg);
493	} else {
494	if (isset($_SERVER['SERVER_ADMIN']))
495	mail($_SERVER['SERVER_ADMIN'], 'Empty jupload error log',
496	'An empty log has just been posted.');
497	$this->logPHPDebug('receive_debug_log', 'Empty error log received');
498	}
499	exit;
500	}
501
502	/**
503	* This method is the heart of the system. It manage the files sent by the applet, check the incoming parameters (md5sum) and
504	* reconstruct the files sent in chunk mode.
505	*
506	* The result is stored in the $files array, and can then be managed by the function given in the callbackAfterUploadManagement
507	* class parameter, or within the page whose URL is given in the afterUploadURL applet parameter.
508	* Or you can Extend the class and redeclare defaultAfterUploadManagement() to your needs.
509	*/
510	private function receive_uploaded_files() {
511	$this->logDebug('receive_uploaded_files', 'Entering POST management');
512
513	if (session_id() == '') { include_once('../../header.session.inc.php'); }
514	// we check for the session after handling possible error log
515	// because an error could have happened because the session-id is missing.
516	if (!isset($_SESSION[$this->classparams['var_prefix'].'size'])) {
517	$this->abort('Invalid session (in afterupload, POST, check of size)');
518	}
519	if (!isset($_SESSION[$this->classparams['var_prefix'].'files'])) {
520	$this->abort('Invalid session (in afterupload, POST, check of files)');
521	}
522	$this->files = $_SESSION[$this->classparams['var_prefix'].'files'];
523	if (!is_array($this->files)) {
524	$this->abort('Invalid session (in afterupload, POST, is_array(files))');
525	}
526	if ($this->appletParameters['sendMD5Sum'] && !isset($_POST['md5sum'])) {
527	$this->abort('Required POST variable md5sum is missing');
528	}
529	$cnt = 0;
530	foreach ($_FILES as $key => $value) {
531	//Let's read the $_FILES data
532	if (isset($files_data)) {
533	unset($files_data);
534	}
535	$jupart = (isset($_POST['jupart'])) ? (int)$_POST['jupart'] : 0;
536	$jufinal = (isset($_POST['jufinal'])) ? (int)$_POST['jufinal'] : 1;
537	$relpaths = (isset($_POST['relpathinfo'])) ? $_POST['relpathinfo'] : null;
538	$md5sums = (isset($_POST['md5sum'])) ? $_POST['md5sum'] : null;
539	$mimetypes = (isset($_POST['mimetype'])) ? $_POST['mimetype'] : null;
540	//$relpaths = (isset($_POST["relpathinfo$cnt"])) ? $_POST["relpathinfo$cnt"] : null;
541	//$md5sums = (isset($_POST["md5sum$cnt"])) ? $_POST["md5sum$cnt"] : null;
542
543	if (gettype($relpaths) == 'string') {
544	$relpaths = array($relpaths);
545	}
546	if (gettype($md5sums) == 'string') {
547	$md5sums = array($md5sums);
548	}
549	if ($this->appletParameters['sendMD5Sum'] && !is_array($md5sums)) {
550	$this->abort('Expecting an array of MD5 checksums');
551	}
552	if (!is_array($relpaths)) {
553	$this->abort('Expecting an array of relative paths');
554	}
555	if (!is_array($mimetypes)) {
556	$this->abort('Expecting an array of MIME types');
557	}
558	// Check the MIME type (note: this is easily forged!)
559	if (isset($this->classparams['allowed_mime_types']) && is_array($this->classparams['allowed_mime_types'])) {
560	if (!in_array($mimetypes[$cnt], $this->classparams['allowed_mime_types'])) {
561	$this->abort('MIME type '.$mimetypes[$cnt].' not allowed');
562	}
563	}
564	if (isset($this->classparams['allowed_file_extensions']) && is_array($this->classparams['allowed_file_extensions'])) {
565	$fileExtension = substr(strrchr($value['name'][$cnt], "."), 1);
566	if (!in_array($fileExtension, $this->classparams['allowed_file_extensions'])) {
567	$this->abort('File extension '.$fileExtension.' not allowed');
568	}
569	}
570
571	$dstdir = $this->classparams['destdir'];
572	$dstname = $dstdir.'/'.$this->classparams['tmp_prefix'].session_id();
573	$tmpname = $dstdir.'/'.$this->classparams['tmp_prefix'].'tmp'.session_id();
574
575	// Controls are now done. Let's store the current uploaded files properties in an array, for future use.
576	$files_data['name'] = $value['name'][$cnt];
577	$files_data['size'] = 'not calculated yet';
578	$files_data['tmp_name'] = $value['tmp_name'][$cnt];
579	$files_data['error'] = $value['error'][$cnt];
580	$files_data['relativePath'] = $relpaths[$cnt];
581	$files_data['md5sum'] = $md5sums[$cnt];
582	$files_data['mimetype'] = $mimetypes[$cnt];
583
584	if (!move_uploaded_file($files_data['tmp_name'], $tmpname)) {
585	if ($classparams['verbose_errors']) {
586	$this->abort("Unable to move uploaded file (from ${files_data['tmp_name']} to $tmpname)");
587	} else {
588	trigger_error("Unable to move uploaded file (from ${files_data['tmp_name']} to $tmpname)",E_USER_WARNING);
589	$this->abort("Unable to move uploaded file");
590	}
591	}
592
593	// In demo mode, no file storing is done. We just delete the newly uploaded file.
594	if ($this->classparams['demo_mode']) {
595	if ($jufinal \|\| (!$jupart)) {
596	if ($jupart) {
597	$files_data['size'] = ($jupart-1) * $this->appletparams['maxChunkSize'] + filesize($tmpname);
598	} else {
599	$files_data['size'] = filesize($tmpname);
600	}
601	$files_data['fullName'] = 'Demo mode<BR>No file storing';
602	array_push($this->files, $files_data);
603	}
604	unlink($tmpname);
605	$cnt++;
606	continue;
607	}
608	//If we get here, the upload is a real one (no demo)
609	if ($jupart) {
610	// got a chunk of a multi-part upload
611	$len = filesize($tmpname);
612	$_SESSION[$this->classparams['var_prefix'].'size'] += $len;
613	if ($len > 0) {
614	$src = fopen($tmpname, 'rb');
615	$dst = fopen($dstname, ($jupart == 1) ? 'wb' : 'ab');
616	while ($len > 0) {
617	$rlen = ($len > 8192) ? 8192 : $len;
618	$buf = fread($src, $rlen);
619	if (!$buf) {
620	fclose($src);
621	fclose($dst);
622	unlink($dstname);
623	$this->abort('read IO error');
624	}
625	if (!fwrite($dst, $buf, $rlen)) {
626	fclose($src);
627	fclose($dst);
628	unlink($dstname);
629	$this->abort('write IO error');
630	}
631	$len -= $rlen;
632	}
633	fclose($src);
634	fclose($dst);
635	unlink($tmpname);
636	}
637	if ($jufinal) {
638	// This is the last chunk. Check total lenght and
639	// rename it to it's final name.
640	$dlen = filesize($dstname);
641	if ($dlen != $_SESSION[$this->classparams['var_prefix'].'size'])
642	$this->abort('file size mismatch');
643	if ($this->appletParameters['sendMD5Sum'] ) {
644	if ($md5sums[$cnt] != md5_file($dstname))
645	$this->abort('MD5 checksum mismatch');
646	}
647	// remove zero sized files
648	if (($dlen > 0) \|\| $this->classparams['allow_zerosized']) {
649	$dstfinal = $this->dstfinal($files_data['name'],$files_data['relativePath']);
650	if (!rename($dstname, $dstfinal))
651	$this->abort('rename IO error');
652	if (!chmod($dstfinal, $this->classparams['fileperm']))
653	$this->abort('chmod IO error');
654	$files_data['size'] = filesize($dstfinal);
655	$files_data['fullName'] = $dstfinal;
656	$files_data['path'] = dirname($dstfinal);
657	array_push($this->files, $files_data);
658	} else {
659	unlink($dstname);
660	}
661	// reset session var
662	$_SESSION[$this->classparams['var_prefix'].'size'] = 0;
663	}
664	} else {
665	// Got a single file upload. Trivial.
666	if ($md5sums[$cnt] != md5_file($tmpname))
667	$this->abort('MD5 checksum mismatch');
668	$dstfinal = $this->dstfinal($files_data['name'],$files_data['relativePath']);
669	if (!rename($tmpname, $dstfinal))
670	$this->abort('rename IO error');
671	if (!chmod($dstfinal, $this->classparams['fileperm']))
672	$this->abort('chmod IO error');
673	$files_data['size'] = filesize($dstfinal);
674	$files_data['fullName'] = $dstfinal;
675	$files_data['path'] = dirname($dstfinal);
676	array_push($this->files, $files_data);
677	}
678	$cnt++;
679	}
680
681	echo $this->appletparams['stringUploadSuccess']."\n";
682	$_SESSION[$this->classparams['var_prefix'].'files'] = $this->files;
683	session_write_close();
684	exit;
685	}
686
687	/**
688	*
689	*
690	*/
691	private function page_start() {
692	$this->logDebug('page_start', 'Entering function');
693
694	// If the applet checks for the serverProtocol, it issues a HEAD request
695	// -> Simply return an empty doc.
696	if ($_SERVER['REQUEST_METHOD'] == 'HEAD') {
697	// Nothing to do
698
699	} else if ($_SERVER['REQUEST_METHOD'] == 'GET') {
700	// A GET request means: return upload page
701	$this->logDebug('page_start', 'Entering GET management');
702
703	if (session_id() == '') { include_once('../../header.session.inc.php'); }
704	if (isset($_GET['afterupload'])) {
705	$this->logDebug('page_start', 'afterupload is set');
706	if (!isset($_SESSION[$this->classparams['var_prefix'].'files'])) {
707	$this->abort('Invalid session (in afterupload, GET, check of $_SESSION): files array is not set');
708	}
709	$this->files = $_SESSION[$this->classparams['var_prefix'].'files'];
710	if (!is_array($this->files)) {
711	$this->abort('Invalid session (in afterupload, GET, check of is_array(files)): files is not an array');
712	}
713	// clear session data ready for new upload
714	$_SESSION[$this->classparams['var_prefix'].'files'] = array();
715
716	// start intercepting the content of the calling page, to display the upload result.
717	ob_start(array(& $this, 'interceptAfterUpload'));
718
719	} else {
720	$this->logDebug('page_start', 'afterupload is not set');
721	if ($this->classparams['session_regenerate']) { session_regenerate_id(true); }
722	$this->files = array();
723	$_SESSION[$this->classparams['var_prefix'].'size'] = 0;
724	$_SESSION[$this->classparams['var_prefix'].'files'] = $this->files;
725	// start intercepting the content of the calling page, to display the applet tag.
726	ob_start(array(& $this, 'interceptBeforeUpload'));
727	}
728
729	} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
730	// If we got a POST request, this is the real work.
731	if (isset($_GET['errormail'])) {
732	//Hum, an error occurs on server side. Let's manage the debug log, that we just received.
733	$this->receive_debug_log();
734	} else {
735	$this->receive_uploaded_files();
736	}
737	}
738	}
739	}
740
741	// PHP end tag omitted intentionally!!

Note: See TracBrowser for help on using the repository browser.

Download in other formats: