1 | <?php |
---|
2 | /** |
---|
3 | * Upload.inc.php |
---|
4 | * Code by Strangecode :: www.strangecode.com :: This document contains copyrighted information |
---|
5 | * |
---|
6 | * The Upload class provides an interface to deal with http uploaded files. |
---|
7 | * |
---|
8 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
9 | * @requires App.inc.php |
---|
10 | * @version 1.4 |
---|
11 | */ |
---|
12 | |
---|
13 | // Upload error types. |
---|
14 | define('UPLOAD_USER_ERR_EMPTY_FILE', 100); |
---|
15 | define('UPLOAD_USER_ERR_NOT_UPLOADED_FILE', 101); |
---|
16 | define('UPLOAD_USER_ERR_INVALID_EXTENSION', 102); |
---|
17 | define('UPLOAD_USER_ERR_NOT_UNIQUE', 103); |
---|
18 | define('UPLOAD_USER_ERR_MOVE_FAILED', 104); |
---|
19 | |
---|
20 | class Upload { |
---|
21 | |
---|
22 | // General object parameters. |
---|
23 | var $_params = array( |
---|
24 | |
---|
25 | // Which messages do we pass to raiseMsg? |
---|
26 | 'display_messages' => MSG_ALL, |
---|
27 | |
---|
28 | // Existing files will be overwritten when there is a name conflict? |
---|
29 | 'allow_overwriting' => false, |
---|
30 | |
---|
31 | // The filesystem path to the final upload directory. |
---|
32 | 'upload_path' => null, |
---|
33 | |
---|
34 | // The file permissions of the uploaded files. Remember, files will be owned by the web server user. |
---|
35 | 'dest_file_perms' => 0600, |
---|
36 | |
---|
37 | // The file permissions of the uploaded files. Remember, files will be owned by the web server user. |
---|
38 | 'dest_dir_perms' => 0700, |
---|
39 | |
---|
40 | // Require file to have one of the following file name extentions. |
---|
41 | 'valid_file_extensions' => array('jpg', 'jpeg', 'gif', 'png', 'pdf', 'txt', 'text', 'html', 'htm'), |
---|
42 | ); |
---|
43 | |
---|
44 | // Array of files with errors. |
---|
45 | var $errors = array(); |
---|
46 | |
---|
47 | // Array of file name extensions and corresponding mime-types. |
---|
48 | var $mime_extension_map = array( 'ez' => 'application/andrew-inset', 'hqx' => 'application/mac-binhex40', 'cpt' => 'application/mac-compactpro', 'doc' => 'application/msword', 'bin' => 'application/octet-stream', 'class' => 'application/octet-stream', 'dll' => 'application/octet-stream', 'dms' => 'application/octet-stream', 'exe' => 'application/octet-stream', 'lha' => 'application/octet-stream', 'lzh' => 'application/octet-stream', 'so' => 'application/octet-stream', 'oda' => 'application/oda', 'pdf' => 'application/pdf', 'ai' => 'application/postscript', 'eps' => 'application/postscript', 'ps' => 'application/postscript', 'smi' => 'application/smil', 'smil' => 'application/smil', 'mif' => 'application/vnd.mif', 'xls' => 'application/vnd.ms-excel', 'ppt' => 'application/vnd.ms-powerpoint', 'sxc' => 'application/vnd.sun.xml.calc', 'stc' => 'application/vnd.sun.xml.calc.template', 'sxd' => 'application/vnd.sun.xml.draw', 'std' => 'application/vnd.sun.xml.draw.template', 'sxi' => 'application/vnd.sun.xml.impress', 'sti' => 'application/vnd.sun.xml.impress.template', 'sxm' => 'application/vnd.sun.xml.math', 'sxw' => 'application/vnd.sun.xml.writer', 'sxg' => 'application/vnd.sun.xml.writer.global', 'stw' => 'application/vnd.sun.xml.writer.template', 'vsd' => 'application/vnd.visio', 'wbxml' => 'application/vnd.wap.wbxml', 'wmlc' => 'application/vnd.wap.wmlc', 'wmlsc' => 'application/vnd.wap.wmlscriptc', 'bcpio' => 'application/x-bcpio', 'vcd' => 'application/x-cdlink', 'pgn' => 'application/x-chess-pgn', 'Z' => 'application/x-compress', 'cpio' => 'application/x-cpio', 'csh' => 'application/x-csh', 'dcr' => 'application/x-director', 'dir' => 'application/x-director', 'dxr' => 'application/x-director', 'dvi' => 'application/x-dvi', 'spl' => 'application/x-futuresplash', 'gtar' => 'application/x-gtar', 'tgz' => 'application/x-gtar', 'gz' => 'application/x-gzip', 'hdf' => 'application/x-hdf', 'php' => 'application/x-httpd-php', 'php3' => 'application/x-httpd-php3', 'js' => 'application/x-javascript', 'skd' => 'application/x-koan', 'skm' => 'application/x-koan', 'skp' => 'application/x-koan', 'skt' => 'application/x-koan', 'latex' => 'application/x-latex', 'wmd' => 'application/x-ms-wmd', 'wmz' => 'application/x-ms-wmz', 'cdf' => 'application/x-netcdf', 'nc' => 'application/x-netcdf', 'pl' => 'application/x-perl', 'pm' => 'application/x-perl', 'psd' => 'application/x-photoshop', 'sh' => 'application/x-sh', 'shar' => 'application/x-shar', 'swf' => 'application/x-shockwave-flash', 'sit' => 'application/x-stuffit', 'sv4cpio' => 'application/x-sv4cpio', 'sv4crc' => 'application/x-sv4crc', 'tar' => 'application/x-tar', 'tcl' => 'application/x-tcl', 'tex' => 'application/x-tex', 'texi' => 'application/x-texinfo', 'texinfo' => 'application/x-texinfo', 'roff' => 'application/x-troff', 't' => 'application/x-troff', 'tr' => 'application/x-troff', 'man' => 'application/x-troff-man', 'me' => 'application/x-troff-me', 'ms' => 'application/x-troff-ms', 'ustar' => 'application/x-ustar', 'src' => 'application/x-wais-source', 'xht' => 'application/xhtml+xml', 'xhtml' => 'application/xhtml+xml', 'xml' => 'application/xml', 'zip' => 'application/zip', 'au' => 'audio/basic', 'snd' => 'audio/basic', 'kar' => 'audio/midi', 'mid' => 'audio/midi', 'midi' => 'audio/midi', 'mp2' => 'audio/mpeg', 'mp3' => 'audio/mpeg', 'mpga' => 'audio/mpeg', 'aif' => 'audio/x-aiff', 'aifc' => 'audio/x-aiff', 'aiff' => 'audio/x-aiff', 'm3u' => 'audio/x-mpegurl', 'wax' => 'audio/x-ms-wax', 'wma' => 'audio/x-ms-wma', 'ram' => 'audio/x-pn-realaudio', 'rm' => 'audio/x-pn-realaudio', 'rpm' => 'audio/x-pn-realaudio-plugin', 'ra' => 'audio/x-realaudio', 'wav' => 'audio/x-wav', 'pdb' => 'chemical/x-pdb', 'xyz' => 'chemical/x-xyz', 'bmp' => 'image/bmp', 'gif' => 'image/gif', 'ief' => 'image/ief', 'jpe' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'jpg' => 'image/jpeg', 'png' => 'image/png', 'tif' => 'image/tiff', 'tiff' => 'image/tiff', 'wbmp' => 'image/vnd.wap.wbmp', 'ras' => 'image/x-cmu-raster', 'pnm' => 'image/x-portable-anymap', 'pbm' => 'image/x-portable-bitmap', 'pgm' => 'image/x-portable-graymap', 'ppm' => 'image/x-portable-pixmap', 'rgb' => 'image/x-rgb', 'xbm' => 'image/x-xbitmap', 'xpm' => 'image/x-xpixmap', 'xwd' => 'image/x-xwindowdump', 'iges' => 'model/iges', 'igs' => 'model/iges', 'mesh' => 'model/mesh', 'msh' => 'model/mesh', 'silo' => 'model/mesh', 'vrml' => 'model/vrml', 'wrl' => 'model/vrml', 'ics' => 'text/calendar', 'ifb' => 'text/calendar', 'vcs' => 'text/calendar', 'vfb' => 'text/calendar', 'css' => 'text/css', 'csv' => 'text/csv', 'diff' => 'text/diff', 'patch' => 'text/diff', 'htm' => 'text/html', 'html' => 'text/html', 'shtml' => 'text/html', 'asc' => 'text/plain', 'log' => 'text/plain', 'po' => 'text/plain', 'txt' => 'text/plain', 'rtx' => 'text/richtext', 'rtf' => 'text/rtf', 'sgm' => 'text/sgml', 'sgml' => 'text/sgml', 'tsv' => 'text/tab-separated-values', 'wml' => 'text/vnd.wap.wml', 'wmls' => 'text/vnd.wap.wmlscript', 'etx' => 'text/x-setext', 'vcf' => 'text/x-vcard', 'xsl' => 'text/xml', 'mp4' => 'video/mp4v-es', 'mpe' => 'video/mpeg', 'mpeg' => 'video/mpeg', 'mpg' => 'video/mpeg', 'mov' => 'video/quicktime', 'qt' => 'video/quicktime', 'mxu' => 'video/vnd.mpegurl', 'asf' => 'video/x-ms-asf', 'asx' => 'video/x-ms-asf', 'wm' => 'video/x-ms-wm', 'wmv' => 'video/x-ms-wmv', 'wmx' => 'video/x-ms-wmx', 'wvx' => 'video/x-ms-wvx', 'avi' => 'video/x-msvideo', 'movie' => 'video/x-sgi-movie', 'ice' => 'x-conference/x-cooltalk', ); |
---|
49 | |
---|
50 | /** |
---|
51 | * Set (or overwrite existing) parameters by passing an array of new parameters. |
---|
52 | * |
---|
53 | * @access public |
---|
54 | * @param array $params Array of parameters (key => val pairs). |
---|
55 | */ |
---|
56 | function setParam($params) |
---|
57 | { |
---|
58 | $app =& App::getInstance(); |
---|
59 | |
---|
60 | if (isset($params) && is_array($params)) { |
---|
61 | |
---|
62 | // Enforce valid upload_path parameter. |
---|
63 | if (isset($params['upload_path'])) { |
---|
64 | $params['upload_path'] = realpath($params['upload_path']); |
---|
65 | // Must be directory. |
---|
66 | if (!is_dir($params['upload_path'])) { |
---|
67 | $app->logMsg(sprintf('Attempting to auto-create upload directory: %s', $params['upload_path']), LOG_NOTICE, __FILE__, __LINE__); |
---|
68 | mkdir($params['upload_path'], $this->getParam('dest_dir_perms')); |
---|
69 | if (!is_dir($params['upload_path'])) { |
---|
70 | $app->logMsg(sprintf('Upload directory invalid: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__); |
---|
71 | trigger_error(sprintf('Upload directory invalid: %s', $params['upload_path']), E_USER_ERROR); |
---|
72 | } |
---|
73 | } |
---|
74 | // Must be writable. |
---|
75 | if (!is_writable($params['upload_path'])) { |
---|
76 | $app->logMsg(sprintf('Upload directory not writable: %s', $params['upload_path']), LOG_ERR, __FILE__, __LINE__); |
---|
77 | trigger_error(sprintf('Upload directory not writable: %s', $params['upload_path']), E_USER_ERROR); |
---|
78 | } |
---|
79 | } |
---|
80 | |
---|
81 | // Merge new parameters with old overriding only those passed. |
---|
82 | $this->_params = array_merge($this->_params, $params); |
---|
83 | } else { |
---|
84 | $app->logMsg(sprintf('Parameters are not an array: %s', $params), LOG_ERR, __FILE__, __LINE__); |
---|
85 | } |
---|
86 | } |
---|
87 | |
---|
88 | /** |
---|
89 | * Return the value of a parameter, if it exists. |
---|
90 | * |
---|
91 | * @access public |
---|
92 | * @param string $param Which parameter to return. |
---|
93 | * @return mixed Configured parameter value. |
---|
94 | */ |
---|
95 | function getParam($param) |
---|
96 | { |
---|
97 | $app =& App::getInstance(); |
---|
98 | |
---|
99 | if (isset($this->_params[$param])) { |
---|
100 | return $this->_params[$param]; |
---|
101 | } else { |
---|
102 | $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_NOTICE, __FILE__, __LINE__); |
---|
103 | return null; |
---|
104 | } |
---|
105 | } |
---|
106 | |
---|
107 | /** |
---|
108 | * Process uploaded files. Processes files existing within the specified $_FILES['form_name'] array. |
---|
109 | * It tests for errors, cleans the filename, optionally sets custom file names. It will process |
---|
110 | * multiple files automatically if the file form element is an array (<input type="file" name="myfiles[]" />). |
---|
111 | * |
---|
112 | * @access public |
---|
113 | * @param string $form_name The name of the form to process. |
---|
114 | * @param string $custom_file_name The new name of the file. An array of filename in the case of multiple files. |
---|
115 | * @return mixed Returns FALSE if a major error occured preventing any file uploads. |
---|
116 | * Returns an empty array if any minor errors occured or no files were found. |
---|
117 | * Returns a multidimentional array of filenames, sizes and extentions, if one-or-more files succeeded uploading. |
---|
118 | * Note: this last option presents a problem in the case of when some files uploaded successfully, and some failed. |
---|
119 | * In this case it is necessary to check the Upload::anyErrors method to discover if any did fail. |
---|
120 | */ |
---|
121 | function process($form_name, $custom_file_name=null) |
---|
122 | { |
---|
123 | $app =& App::getInstance(); |
---|
124 | |
---|
125 | // Ensure we have a upload directory. |
---|
126 | if (!$this->getParam('upload_path')) { |
---|
127 | $app->logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__); |
---|
128 | $this->_raiseMsg(_("There was a problem with the file upload. Please try again later."), MSG_ERR, __FILE__, __LINE__); |
---|
129 | return false; |
---|
130 | } |
---|
131 | |
---|
132 | // Ensure the file form element specified actually exists. |
---|
133 | if (!isset($_FILES[$form_name])) { |
---|
134 | $app->logMsg(sprintf(_("Form element %s does not exist."), $form_name), LOG_ERR, __FILE__, __LINE__); |
---|
135 | $this->_raiseMsg(_("There was a problem with the file upload. Please try again later."), MSG_ERR, __FILE__, __LINE__); |
---|
136 | return false; |
---|
137 | } |
---|
138 | |
---|
139 | if (is_array($_FILES[$form_name]['name'])) { |
---|
140 | $files = $_FILES[$form_name]; |
---|
141 | } else { |
---|
142 | // Convert variables to single-cell array so it will loop. |
---|
143 | $files = array( |
---|
144 | 'name' => array($_FILES[$form_name]['name']), |
---|
145 | 'type' => array($_FILES[$form_name]['type']), |
---|
146 | 'tmp_name' => array($_FILES[$form_name]['tmp_name']), |
---|
147 | 'error' => array($_FILES[$form_name]['error']), |
---|
148 | 'size' => array($_FILES[$form_name]['size']), |
---|
149 | ); |
---|
150 | } |
---|
151 | |
---|
152 | // To keep this script running even if user tries to stop browser. |
---|
153 | ignore_user_abort(true); |
---|
154 | ini_set('max_execution_time', 300); |
---|
155 | ini_set('max_input_time', 300); |
---|
156 | |
---|
157 | $new_file_names = array(); |
---|
158 | |
---|
159 | $num = sizeof($files['name']); |
---|
160 | for ($i=0; $i<$num; $i++) { |
---|
161 | $file_path_name = ''; |
---|
162 | |
---|
163 | if ('' == trim($files['name'][$i])) { |
---|
164 | // User may not have attached a file. |
---|
165 | continue; |
---|
166 | } |
---|
167 | |
---|
168 | // Determine final file name. |
---|
169 | if ($num == 1) { |
---|
170 | // Single upload. |
---|
171 | if (isset($custom_file_name) && '' != $custom_file_name) { |
---|
172 | // Valid custom file name. |
---|
173 | $file_name = $custom_file_name; |
---|
174 | $this->_raiseMsg(sprintf(_("The file %s has been renamed to %s."), $files['name'][$i], $file_name), MSG_NOTICE, __FILE__, __LINE__); |
---|
175 | $app->logMsg(sprintf('Using custom file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__); |
---|
176 | } else { |
---|
177 | // Invalid custom file name provided. Use uploaded file name. |
---|
178 | $file_name = $files['name'][$i]; |
---|
179 | $app->logMsg(sprintf('Using uploaded file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__); |
---|
180 | } |
---|
181 | } else { |
---|
182 | // Multiple upload. Final file names must be array. |
---|
183 | if (isset($custom_file_name) && is_array($custom_file_name) && is_array($custom_file_name[$i]) && '' != $custom_file_name[$i]) { |
---|
184 | // Valid custom file name. |
---|
185 | $file_name = $custom_file_name[$i]; |
---|
186 | $this->_raiseMsg(sprintf(_("The file %s has been renamed to %s."), $files['name'][$i], $file_name), MSG_NOTICE, __FILE__, __LINE__); |
---|
187 | $app->logMsg(sprintf('Using custom file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__); |
---|
188 | } else { |
---|
189 | // Invalid custom file name provided. Use uploaded file name. |
---|
190 | $file_name = $files['name'][$i]; |
---|
191 | $app->logMsg(sprintf('Using uploaded file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__); |
---|
192 | } |
---|
193 | } |
---|
194 | |
---|
195 | // Check The php upload error messages. |
---|
196 | if (UPLOAD_ERR_INI_SIZE === $files['error'][$i]) { |
---|
197 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: it exceeds the maximum allowed upload file size of %s."), $file_name, ini_get('upload_max_filesize')), MSG_ERR, __FILE__, __LINE__); |
---|
198 | $app->logMsg(sprintf(_("The file %s failed uploading with PHP error %s UPLOAD_ERR_INI_SIZE (currently %s)."), $files['error'][$i], $file_name, ini_get('upload_max_filesize')), LOG_ERR, __FILE__, __LINE__); |
---|
199 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_INI_SIZE); |
---|
200 | continue; |
---|
201 | } |
---|
202 | if (UPLOAD_ERR_FORM_SIZE === $files['error'][$i]) { |
---|
203 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: it exceeds the maximum allowed upload file size of %s."), $file_name, $_POST['MAX_FILE_SIZE']), MSG_ERR, __FILE__, __LINE__); |
---|
204 | $app->logMsg(sprintf(_("The file %s failed uploading with PHP error %s UPLOAD_ERR_FORM_SIZE (currently %s)."), $files['error'][$i], $file_name, $_POST['MAX_FILE_SIZE']), LOG_ERR, __FILE__, __LINE__); |
---|
205 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_FORM_SIZE); |
---|
206 | continue; |
---|
207 | } |
---|
208 | if (UPLOAD_ERR_PARTIAL === $files['error'][$i]) { |
---|
209 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: it was only partially uploaded."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
210 | $app->logMsg(sprintf(_("The file %s failed uploading with PHP error %s UPLOAD_ERR_PARTIAL."), $files['error'][$i], $file_name), LOG_ERR, __FILE__, __LINE__); |
---|
211 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_PARTIAL); |
---|
212 | continue; |
---|
213 | } |
---|
214 | if (UPLOAD_ERR_NO_FILE === $files['error'][$i]) { |
---|
215 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: no file was uploaded."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
216 | $app->logMsg(sprintf(_("The file %s failed uploading with PHP error %s UPLOAD_ERR_NO_FILE."), $files['error'][$i], $file_name), LOG_ERR, __FILE__, __LINE__); |
---|
217 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_NO_FILE); |
---|
218 | continue; |
---|
219 | } |
---|
220 | if (UPLOAD_ERR_NO_TMP_DIR === $files['error'][$i]) { |
---|
221 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: temporary upload directory missing."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
222 | $app->logMsg(sprintf(_("The file %s failed uploading with PHP error %s UPLOAD_ERR_NO_TMP_DIR."), $files['error'][$i], $file_name), LOG_ERR, __FILE__, __LINE__); |
---|
223 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_ERR_NO_TMP_DIR); |
---|
224 | continue; |
---|
225 | } |
---|
226 | |
---|
227 | // Check to be sure it's an uploaded file. |
---|
228 | if (!is_uploaded_file($files['tmp_name'][$i])) { |
---|
229 | $this->_raiseMsg(sprintf(_("The file %s failed uploading."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
230 | $app->logMsg(sprintf(_("The file %s failed is_uploaded_file."), $file_name), LOG_ERR, __FILE__, __LINE__); |
---|
231 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_NOT_UPLOADED_FILE); |
---|
232 | continue; |
---|
233 | } |
---|
234 | |
---|
235 | // Check to be sure the file is not empty. |
---|
236 | if ($files['size'][$i] <= 0) { |
---|
237 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: it contains zero bytes."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
238 | $app->logMsg(sprintf(_("The uploaded file %s contains zero bytes."), $file_name), LOG_ERR, __FILE__, __LINE__); |
---|
239 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_EMPTY_FILE); |
---|
240 | continue; |
---|
241 | } |
---|
242 | |
---|
243 | // Check to be sure the file has a valid file name extension. |
---|
244 | if (!in_array(strtolower($this->getFilenameExtension($file_name)), $this->getParam('valid_file_extensions'))) { |
---|
245 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: it is an unrecognized type. Files must have one of the following file name extensions: %s."), $file_name, join(', ', $this->getParam('valid_file_extensions'))), MSG_ERR, __FILE__, __LINE__); |
---|
246 | $app->logMsg(sprintf(_("The uploaded file %s has an unrecognized file name extension."), $file_name), LOG_WARNING, __FILE__, __LINE__); |
---|
247 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_INVALID_EXTENSION); |
---|
248 | continue; |
---|
249 | } |
---|
250 | |
---|
251 | // Check to be sure the file has a unique file name. |
---|
252 | if (!$this->getParam('allow_overwriting') && $this->exists($file_name)) { |
---|
253 | $this->_raiseMsg(sprintf(_("The file %s failed uploading: a file with that name already exists."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
254 | $app->logMsg(sprintf(_("The uploaded file %s doesn't have a unique filename."), $file_name), LOG_WARNING, __FILE__, __LINE__); |
---|
255 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_NOT_UNIQUE); |
---|
256 | continue; |
---|
257 | } |
---|
258 | |
---|
259 | // If the file name has no extension, use the mime-type to choose one. |
---|
260 | if (!preg_match('/\.[^.]{1,5}$/', $file_name) && function_exists('mime_content_type')) { |
---|
261 | if ($ext = array_search(mime_content_type($files['tmp_name'][$i]), $this->mime_extension_map)) { |
---|
262 | $file_name .= ".$ext"; |
---|
263 | } |
---|
264 | } |
---|
265 | |
---|
266 | // Clean the file name of bad characters. |
---|
267 | $file_name = $this->cleanFileName($file_name); |
---|
268 | |
---|
269 | // FINAL path and file name, lowercase extension. |
---|
270 | $file_extension = strtolower($this->getFilenameExtension($file_name)); |
---|
271 | $file_name = sprintf('%s.%s', substr($file_name, 0, strrpos($file_name, '.')), $file_extension); |
---|
272 | $file_path_name = sprintf('%s/%s', $this->getParam('upload_path'), $file_name); |
---|
273 | |
---|
274 | // Move the file to the final place. |
---|
275 | if (move_uploaded_file($files['tmp_name'][$i], $file_path_name)) { |
---|
276 | chmod($file_path_name, $this->getParam('dest_file_perms')); |
---|
277 | $app->logMsg(sprintf('File uploaded: %s', $file_path_name), LOG_INFO, __FILE__, __LINE__); |
---|
278 | $this->_raiseMsg(sprintf(_("The file %s uploaded successfully."), $file_name), MSG_SUCCESS, __FILE__, __LINE__); |
---|
279 | if (!isset($custom_file_name) && $files['name'][$i] != $file_name) { |
---|
280 | // Notify user if uploaded file name was modified (unless a custom file name will be used anyways). |
---|
281 | $this->_raiseMsg(sprintf(_("The file %s was renamed to %s."), $files['name'][$i], $file_name), MSG_NOTICE, __FILE__, __LINE__); |
---|
282 | } |
---|
283 | $new_file_names[] = array( |
---|
284 | 'name' => $file_name, |
---|
285 | 'mime' => $files['type'][$i], |
---|
286 | 'size' => filesize($file_path_name), |
---|
287 | 'extension' => $file_extension, |
---|
288 | 'original_index' => $i, |
---|
289 | ); |
---|
290 | } else { |
---|
291 | $this->_raiseMsg(sprintf(_("The file %s failed uploading."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
292 | $app->logMsg(sprintf(_("Moving file failed: %s -> %s"), $files['tmp_name'][$i], $file_path_name), LOG_ALERT, __FILE__, __LINE__); |
---|
293 | $this->errors[] = array('filename' => $file_name, 'errortype' => UPLOAD_USER_ERR_MOVE_FAILED); |
---|
294 | } |
---|
295 | |
---|
296 | // Check file extension with browsers interpretation of file type. |
---|
297 | if (isset($this->mime_extension_map[$file_extension]) && $files['type'][$i] != $this->mime_extension_map[$file_extension]) { |
---|
298 | $app->logMsg(sprintf('File extension (%s) does not match mime type (%s).', $file_extension, $files['type'][$i]), LOG_NOTICE, __FILE__, __LINE__); |
---|
299 | } |
---|
300 | } |
---|
301 | |
---|
302 | // Return names of files uploaded (or empty array when none processed). |
---|
303 | return $new_file_names; |
---|
304 | } |
---|
305 | |
---|
306 | /** |
---|
307 | * Remove file within upload path. |
---|
308 | * |
---|
309 | * @access public |
---|
310 | * @param string $file_name A name of a file. |
---|
311 | * @return bool Success of operation. |
---|
312 | */ |
---|
313 | function deleteFile($file_name) |
---|
314 | { |
---|
315 | $app =& App::getInstance(); |
---|
316 | |
---|
317 | // Ensure we have a upload directory. |
---|
318 | if (!$this->getParam('upload_path')) { |
---|
319 | $app->logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__); |
---|
320 | return false; |
---|
321 | } |
---|
322 | |
---|
323 | $file_path_name = $this->getParam('upload_path') . '/' . $file_name; |
---|
324 | |
---|
325 | if (!is_file($file_path_name)) { |
---|
326 | $app->logMsg(sprintf(_("Error deleting nonexistent file: %s"), $file_path_name), LOG_ERR, __FILE__, __LINE__); |
---|
327 | return false; |
---|
328 | } else if (unlink($file_path_name)) { |
---|
329 | $app->logMsg(sprintf('Deleted file: %s', $file_path_name), LOG_INFO, __FILE__, __LINE__); |
---|
330 | } else { |
---|
331 | $this->_raiseMsg(sprintf(_("The file %s could not be deleted."), $file_name), MSG_ERR, __FILE__, __LINE__); |
---|
332 | $app->logMsg(sprintf(_("Failed deleting file: %s"), $file_path_name), LOG_ERR, __FILE__, __LINE__); |
---|
333 | return false; |
---|
334 | } |
---|
335 | } |
---|
336 | |
---|
337 | /** |
---|
338 | * Renames a file within the upload path. |
---|
339 | * |
---|
340 | * @access public |
---|
341 | * @param string $old_name The currently existing file name. |
---|
342 | * @param string $new_name The new name for this file. |
---|
343 | * @return bool Success of operation. |
---|
344 | */ |
---|
345 | function moveFile($old_name, $new_name) |
---|
346 | { |
---|
347 | $app =& App::getInstance(); |
---|
348 | |
---|
349 | // Ensure we have an upload directory. |
---|
350 | if (!$this->getParam('upload_path')) { |
---|
351 | $app->logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__); |
---|
352 | return false; |
---|
353 | } |
---|
354 | |
---|
355 | $old_file_path_name = $this->getParam('upload_path') . '/' . $old_name; |
---|
356 | $new_file_path_name = $this->getParam('upload_path') . '/' . $new_name; |
---|
357 | if (file_exists($old_file_path_name)) { |
---|
358 | if (rename($old_file_path_name, $new_file_path_name)) { |
---|
359 | $this->_raiseMsg(sprintf(_("The file %s has been renamed to %s."), basename($old_file_path_name), basename($new_file_path_name)), MSG_NOTICE, __FILE__, __LINE__); |
---|
360 | $app->logMsg(sprintf('File renamed from %s to %s', $old_file_path_name, $new_file_path_name), LOG_DEBUG, __FILE__, __LINE__); |
---|
361 | } else { |
---|
362 | $this->_raiseMsg(sprintf(_("Error renaming file to %s"), $new_file_path_name), MSG_WARNING, __FILE__, __LINE__); |
---|
363 | $app->logMsg(sprintf(_("Error renaming file to %s"), $new_file_path_name), LOG_WARNING, __FILE__, __LINE__); |
---|
364 | return false; |
---|
365 | } |
---|
366 | } else { |
---|
367 | $this->_raiseMsg(sprintf(_("Couldn't rename nonexistent file %s."), $old_name), MSG_WARNING, __FILE__, __LINE__); |
---|
368 | $app->logMsg(sprintf(_("Error renaming nonexistent file: %s"), $old_file_path_name), LOG_WARNING, __FILE__, __LINE__); |
---|
369 | return false; |
---|
370 | } |
---|
371 | } |
---|
372 | |
---|
373 | /** |
---|
374 | * Tests if a file exists within the current upload_path. |
---|
375 | * |
---|
376 | * @access public |
---|
377 | * @param string $file_name A name of a file. |
---|
378 | * @return bool Existence of file. |
---|
379 | */ |
---|
380 | function exists($file_name) |
---|
381 | { |
---|
382 | $app =& App::getInstance(); |
---|
383 | |
---|
384 | // Ensure we have a upload directory. |
---|
385 | if (!$this->getParam('upload_path')) { |
---|
386 | $app->logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__); |
---|
387 | return false; |
---|
388 | } |
---|
389 | |
---|
390 | return file_exists($this->getParam('upload_path') . '/' . $file_name); |
---|
391 | } |
---|
392 | |
---|
393 | /** |
---|
394 | * Get filename by glob pattern. Searches a directory for an image that matches the |
---|
395 | * specified glob pattern and returns the filename of the first file found. |
---|
396 | * |
---|
397 | * @access public |
---|
398 | * @param string $pattern Pattern to match filename. |
---|
399 | * @return string filename on success, empty string on failure. |
---|
400 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
401 | * @since 15 Nov 2005 20:55:22 |
---|
402 | */ |
---|
403 | function getFilenameGlob($pattern) |
---|
404 | { |
---|
405 | $file_list = glob(sprintf('%s/%s', $this->getParam('upload_path'), $pattern)); |
---|
406 | if (isset($file_list[0])) { |
---|
407 | return basename($file_list[0]); |
---|
408 | } else { |
---|
409 | return ''; |
---|
410 | } |
---|
411 | } |
---|
412 | |
---|
413 | /** |
---|
414 | * Returns an array of file names that failed uploading. |
---|
415 | * |
---|
416 | * @access public |
---|
417 | * @return array List of file names. |
---|
418 | */ |
---|
419 | function getErrors() |
---|
420 | { |
---|
421 | return $this->errors; |
---|
422 | } |
---|
423 | |
---|
424 | /** |
---|
425 | * Determintes if any errors occured while calling the Upload::process method. |
---|
426 | * |
---|
427 | * @access public |
---|
428 | */ |
---|
429 | function anyErrors() |
---|
430 | { |
---|
431 | return sizeof($this->errors) > 0; |
---|
432 | } |
---|
433 | |
---|
434 | /** |
---|
435 | * Removes unsafe characters from file name. |
---|
436 | * |
---|
437 | * @access public |
---|
438 | * @param string $file_name A name of a file. |
---|
439 | * @return string The same name, but cleaned. |
---|
440 | */ |
---|
441 | function cleanFileName($file_name) |
---|
442 | { |
---|
443 | $bad = 'áéÃóúà ÚìòùÀëïöÌÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃâêîÎûÃÃÃÃÃñçÃ@'; |
---|
444 | $good = 'aeiouaeiouaeiouAEIOUAEIOUAEIOUaeiouAEIOUncCa'; |
---|
445 | $file_name = trim($file_name); |
---|
446 | $file_name = strtr($file_name, $bad, $good); |
---|
447 | $file_name = preg_replace('/[^-\w.,~_=+()]/i', '_', $file_name); |
---|
448 | $file_name = substr($file_name, 0, 250); |
---|
449 | return $file_name; |
---|
450 | } |
---|
451 | |
---|
452 | |
---|
453 | /** |
---|
454 | * Returns the extention of a file name, or an empty string if non exists. |
---|
455 | * |
---|
456 | * @access public |
---|
457 | * @param string $file_name A name of a file, with extention after a dot. |
---|
458 | * @return string The value found after the dot |
---|
459 | */ |
---|
460 | function getFilenameExtension($file_name) |
---|
461 | { |
---|
462 | preg_match('/.*?\.(\w+)$/i', trim($file_name), $ext); |
---|
463 | return isset($ext[1]) ? $ext[1] : ''; |
---|
464 | } |
---|
465 | |
---|
466 | /** |
---|
467 | * An alias for $app->raiseMsg that only sends messages configured by display_messages. |
---|
468 | * |
---|
469 | * @access public |
---|
470 | * |
---|
471 | * @param string $message The text description of the message. |
---|
472 | * @param int $type The type of message: MSG_NOTICE, |
---|
473 | * MSG_SUCCESS, MSG_WARNING, or MSG_ERR. |
---|
474 | * @param string $file __FILE__. |
---|
475 | * @param string $line __LINE__. |
---|
476 | */ |
---|
477 | function _raiseMsg($message, $type, $file, $line) |
---|
478 | { |
---|
479 | $app =& App::getInstance(); |
---|
480 | |
---|
481 | if ($this->getParam('display_messages') === true || (is_int($this->getParam('display_messages')) && $this->getParam('display_messages') & $type > 0)) { |
---|
482 | $app->raiseMsg($message, $type, $file, $line); |
---|
483 | } |
---|
484 | } |
---|
485 | } |
---|
486 | |
---|
487 | ?> |
---|