plugins/SpecialUpdownload.php~
author dan@scribus.fuhry.local.fuhry.local
Wed, 13 Jun 2007 16:03:00 -0400
changeset 0 902822492a68
permissions -rw-r--r--
Initial population
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     1
<?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     2
/*
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     3
Plugin Name: Upload/download frontend
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     4
Plugin URI: http://enano.homelinux.org/
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     5
Description: Provides the pages Special:UploadFile and Special:DownloadFile. UploadFile is used to upload files to the site, and DownloadFile fetches the file from the database, creates thumbnails if necessary, and sends the file to the user.
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     6
Author: Dan Fuhry
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     7
Version: 1.0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     8
Author URI: http://enano.homelinux.org/
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     9
*/
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    10
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    11
/*
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    12
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    13
 * Version 1.0 release candidate 2
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    14
 * Copyright (C) 2006-2007 Dan Fuhry
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    15
 * SpecialUpdownload.php - handles uploading and downloading of user-uploaded files - possibly the most rigorously security-enforcing script in all of Enano, although sessions.php comes in a close second
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    16
 *
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    17
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    18
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    19
 *
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    20
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    21
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    22
 */
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    23
 
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    24
global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    25
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    26
$plugins->attachHook('base_classes_initted', '
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    27
  global $paths;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    28
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    29
      \'name\'=>\'Upload file\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    30
      \'urlname\'=>\'UploadFile\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    31
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    32
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    33
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    34
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    35
    $paths->add_page(Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    36
      \'name\'=>\'Download file\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    37
      \'urlname\'=>\'DownloadFile\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    38
      \'namespace\'=>\'Special\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    39
      \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    40
      ));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    41
    ');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    42
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    43
function page_Special_UploadFile()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    44
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    45
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    46
  global $mime_types;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    47
  if(getConfig('enable_uploads')!='1') { die_friendly('Access denied', '<p>File uploads are disabled this website.</p>'); }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    48
  if ( !$session->get_permissions('upload_files') )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    49
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    50
    die_friendly('Access denied', '<p>File uploads are disabled for your user account or group.<p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    51
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    52
  if(isset($_POST['doit']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    53
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    54
    if(isset($_FILES['data']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    55
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    56
      $file =& $_FILES['data'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    57
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    58
    else
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    59
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    60
      $file = false;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    61
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    62
    if(!is_array($file)) die_friendly('Upload failed', '<p>The server could not retrieve the array $_FILES[\'data\'].</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    63
    if($file['size'] == 0 || $file['size'] > (int)getConfig('max_file_size')) die_friendly('Upload failed', '<p>The file you uploaded is either too large or 0 bytes in length.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    64
    /*
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    65
    $allowed_mime_types = Array(
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    66
        'text/plain',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    67
        'image/png',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    68
        'image/jpeg',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    69
        'image/tiff',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    70
        'image/gif',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    71
        'text/html', // Safe because the file is stashed in the database
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    72
        'application/x-bzip2',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    73
        'application/x-gzip',
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    74
        'text/x-c++'
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    75
      );
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    76
    if(function_exists('finfo_open') && $fi = finfo_open(FILEINFO_MIME, ENANO_ROOT.'/includes/magic')) // First try to use the fileinfo extension, this is the best way to determine the mimetype
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    77
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    78
      if(!$fi) die_friendly('Upload failed', '<p>Enano was unable to determine the format of the uploaded file.</p><p>'.@finfo_file($fi, $file['tmp_name']).'</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    79
      $type = @finfo_file($fi, $file['tmp_name']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    80
      @finfo_close($fi);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    81
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    82
    elseif(function_exists('mime_content_type'))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    83
      $type = mime_content_type($file['tmp_name']); // OK, no fileinfo function. Use a (usually) built-in PHP function
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    84
    elseif(isset($file['type']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    85
      $type = $file['type']; // LAST RESORT: use the mimetype the browser sent us, though this is likely to be spoofed
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    86
    else // DANG! Not even the browser told us. Bail out.
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    87
      die_friendly('Upload failed', '<p>Enano was unable to determine the format of the uploaded file.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    88
    */
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    89
    $types = fetch_allowed_extensions();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    90
    $ext = substr($file['name'], strrpos($file['name'], '.')+1, strlen($file['name']));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    91
    if(!isset($types[$ext]) || ( isset($types[$ext]) && !$types[$ext] ) )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    92
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    93
      die_friendly('Upload failed', '<p>The file type ".'.$ext.'" is not allowed.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    94
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    95
    $type = $mime_types[$ext];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    96
    //$type = explode(';', $type); $type = $type[0];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    97
    //if(!in_array($type, $allowed_mime_types)) die_friendly('Upload failed', '<p>The file type "'.$type.'" is not allowed.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    98
    if($_POST['rename'] != '')
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    99
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   100
      $filename = $_POST['rename'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   101
    } else {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   102
      $filename = $file['name'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   103
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   104
    $bad_chars = Array(':', '\\', '/', '<', '>', '|', '*', '?', '"', '#', '+');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   105
    foreach($bad_chars as $ch)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   106
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   107
      if(strstr($filename, $ch) || preg_match('/^([ ]+)$/is', $filename)) die_friendly('Upload failed', '<p>The filename contains invalid characters.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   108
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   109
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   110
    if(isset($paths->pages[$paths->nslist['File'].$filename]) && !isset($_POST['update'])) die_friendly('Upload failed', '<p>The file already exists. You can <a href="'.makeUrlNS('Special', 'UploadFile/'.$filename).'">upload a new version of this file</a>.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   111
    elseif( isset($_POST['update']) && 
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   112
           (!isset($paths->pages[$paths->nslist['File'].$filename]) ||
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   113
             (isset($paths->pages[$paths->nslist['File'].$filename]) &&
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   114
               $paths->pages[$paths->nslist['File'].$filename]['protected']==1)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   115
             )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   116
           )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   117
           die_friendly('Upload failed', '<p>Either the file does not exist (and therefore cannot be updated) or the file is protected.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   118
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   119
    $utime = time();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   120
           
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   121
    $filename = $db->escape($filename);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   122
    $ext = substr($filename, strrpos($filename, '.'), strlen($filename));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   123
    $flen = filesize($file['tmp_name']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   124
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   125
    $comments = $db->escape(RenderMan::strip_php($_POST['comments']));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   126
    $chartag = sha1(microtime());
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   127
    $urln = str_replace(' ', '_', $filename);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   128
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   129
    $key = md5($filename . '_' . file_get_contents($file['tmp_name']));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   130
    $targetname = ENANO_ROOT . '/files/' . $key . '_' . $utime . $ext;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   131
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   132
    if(!@move_uploaded_file($file['tmp_name'], $targetname))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   133
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   134
      die_friendly('Upload failed', '<p>Could not move uploaded file to the new location.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   135
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   136
    
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   137
    if(getConfig('file_history') != '1')
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   138
      if(!$db->sql_query('DELETE FROM  '.table_prefix.'files WHERE filename=\''.$filename.'\' LIMIT 1;')) $db->_die('The old file data could not be deleted.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   139
    if(!$db->sql_query('INSERT INTO '.table_prefix.'files(time_id,page_id,filename,size,mimetype,file_extension,file_key) VALUES('.$utime.', \''.$urln.'\', \''.$filename.'\', '.$flen.', \''.$type.'\', \''.$ext.'\', \''.$key.'\')')) $db->_die('The file data entry could not be inserted.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   140
    if(!isset($_POST['update']))
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   141
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   142
      if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.$utime.', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\');')) $db->_die('The page log could not be updated.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   143
      if(!$db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,protected,delvotes,delvote_ips) VALUES(\''.$filename.'\', \''.$urln.'\', \'File\', 0, 0, \'\')')) $db->_die('The page listing entry could not be inserted.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   144
      if(!$db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$urln.'\', \'File\', \''.$comments.'\', \''.$chartag.'\')')) $db->_die('The page text entry could not be inserted.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   145
    } else {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   146
      if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.$utime.', \''.date('d M Y h:i a').'\', \'page\', \'reupload\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\', \''.$comments.'\');')) $db->_die('The page log could not be updated.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   147
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   148
    die_friendly('Upload complete', '<p>Your file has been uploaded successfully. View the <a href="'.makeUrlNS('File', $filename).'">file\'s page</a>.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   149
  } else {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   150
    $template->header();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   151
    $fn = $paths->getParam(0);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   152
    if ( $fn && !$session->get_permissions('upload_new_version') )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   153
    {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   154
      die_friendly('Access denied', '<p>Uploading new versions of files has been disabled for your user account or group.<p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   155
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   156
    ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   157
    <p>Using this form you can upload a file to the <?php echo getConfig('site_name'); ?> site.</p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   158
    <p>The maximum file size is <?php 
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   159
      // Get the max file size, and format it in a way that is user-friendly
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   160
      $fs = getConfig('max_file_size');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   161
      echo $fs.' bytes';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   162
      $fs = (int)$fs;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   163
      if($fs >= 1048576)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   164
      {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   165
        $fs = round($fs / 1048576, 1);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   166
        echo ' ('.$fs.' MB)';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   167
      } elseif($fs >= 1024) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   168
        $fs = round($fs / 1024, 1);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   169
        echo ' ('.$fs.' KB)';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   170
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   171
    ?>.</p>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   172
    <form action="<?php echo makeUrl($paths->page); ?>" method="post" enctype="multipart/form-data">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   173
      <table border="0" cellspacing="1" cellpadding="4">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   174
        <tr><td>File:</td><td><input name="data" type="file" size="40" /></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   175
        <tr><td>Rename to:</td><td><input name="rename" type="text" size="40"<?php if($fn) echo ' value="'.$fn.'" readonly="readonly"'; ?> /></td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   176
        <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   177
        if(!$fn) echo '<tr><td>Comments:<br />(can be wiki-formatted)</td><td><textarea name="comments" rows="20" cols="60"></textarea></td></tr>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   178
        else echo '<tr><td>Reason for uploading the new version: </td><td><input name="comments" size="50" /></td></tr>';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   179
        ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   180
        <tr><td colspan="2" style="text-align: center">
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   181
          <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   182
          if($fn)
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   183
            echo '<input type="hidden" name="update" value="true" />';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   184
          ?>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   185
          <input type="submit" name="doit" value="Upload file" />
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   186
        </td></tr>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   187
      </table>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   188
    </form>
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   189
    <?php
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   190
    $template->footer();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   191
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   192
}                                                                                                                                                          
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   193
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   194
function page_Special_DownloadFile()
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   195
{
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   196
  global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   197
  global $do_gzip;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   198
  $filename = rawurldecode($paths->getParam(0));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   199
  $timeid = $paths->getParam(1);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   200
  if($timeid && preg_match('#^([0-9]+)$#', (string)$timeid)) $tid = ' AND time_id='.$timeid;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   201
  else $tid = '';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   202
  $filename = $db->escape($filename);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   203
  $q = $db->sql_query('SELECT page_id,size,mimetype,time_id,file_extension,file_key FROM '.table_prefix.'files WHERE filename=\''.$filename.'\''.$tid.' ORDER BY time_id DESC;');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   204
  if(!$q) $db->_die('The file data could not be selected.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   205
  if($db->numrows() < 1) { header('HTTP/1.1 404 Not Found'); die_friendly('File not found', '<p>The file "'.$filename.'" cannot be found.</p>'); }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   206
  $row = $db->fetchrow();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   207
  $db->free_result();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   208
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   209
  // Check permissions
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   210
  $perms = $session->fetch_page_acl($row['page_id'], 'File');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   211
  if ( !$perms->get_permissions('read') )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   212
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   213
    die_friendly('Access denied', '<p>Access to the specified file is denied.</p>');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   214
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   215
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   216
  $fname = ENANO_ROOT . '/files/' . $row['file_key'] . '_' . $row['time_id'] . $row['file_extension'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   217
  $data = file_get_contents($fname);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   218
  if(isset($_GET['preview']) && getConfig('enable_imagemagick')=='1' && file_exists(getConfig('imagemagick_path')) && substr($row['mimetype'], 0, 6) == 'image/')
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   219
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   220
    $nam = tempnam('/tmp', $filename);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   221
    $h = @fopen($nam, 'w');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   222
    if(!$h) die('Error opening '.$nam.' for writing');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   223
    fwrite($h, $data);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   224
    fclose($h);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   225
    /* Make sure the request doesn't contain commandline injection - yow! */
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   226
    if(!isset($_GET['width' ]) || (isset($_GET['width'] ) && !preg_match('#^([0-9]+)$#', $_GET['width']  ))) $width  = '320'; else $width  = $_GET['width' ];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   227
    if(!isset($_GET['height']) || (isset($_GET['height']) && !preg_match('#^([0-9]+)$#', $_GET['height'] ))) $height = '240'; else $height = $_GET['height'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   228
    $cache_filename=ENANO_ROOT.'/cache/'.$filename.'-'.$row['time_id'].'-'.$width.'x'.$height.$row['file_extension'];
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   229
    if(getConfig('cache_thumbs')=='1' && file_exists($cache_filename) && is_writable(ENANO_ROOT.'/cache')) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   230
      $data = file_get_contents($cache_filename);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   231
    } elseif(getConfig('enable_imagemagick')=='1' && file_exists(getConfig('imagemagick_path'))) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   232
      // Use ImageMagick to convert the image
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   233
      //unlink($nam);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   234
      error_reporting(E_ALL);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   235
      $cmd = ''.getConfig('imagemagick_path').' "'.$nam.'" -resize "'.$width.'x'.$height.'>" "'.$nam.'.scaled'.$row['file_extension'].'"';
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   236
      system($cmd, $stat);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   237
      if(!file_exists($nam.'.scaled'.$row['file_extension'])) die('Failed to call ImageMagick (return value '.$stat.'), command line was:<br />'.$cmd);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   238
      $data = file_get_contents($nam.'.scaled'.$row['file_extension']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   239
      // Be stingy about it - better to re-generate the image hundreds of times than to fail completely
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   240
      if(getConfig('cache_thumbs')=='1' && !file_exists($cache_filename)) {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   241
        // Write the generated thumbnail to the cache directory
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   242
        $h = @fopen($cache_filename, 'w');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   243
        if(!$h) die('Error opening cache file "'.$cache_filename.'" for writing.');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   244
        fwrite($h, $data);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   245
        fclose($h);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   246
      }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   247
    }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   248
    unlink($nam);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   249
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   250
  $len = strlen($data);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   251
  header('Content-type: '.$row['mimetype']);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   252
  if(isset($_GET['download'])) header('Content-disposition: attachment, filename="'.$filename.'";');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   253
  header('Content-length: '.$len);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   254
  header('Last-Modified: '.date('r', $row['time_id']));
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   255
  echo($data);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   256
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   257
  //
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   258
  // Compress buffered output if required and send to browser
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   259
  //
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   260
  if ( $do_gzip )
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   261
  {
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   262
    //
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   263
    // Copied from phpBB, which was in turn borrowed from php.net
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   264
    //
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   265
    $gzip_contents = ob_get_contents();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   266
    ob_end_clean();
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   267
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   268
    $gzip_size = strlen($gzip_contents);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   269
    $gzip_crc = crc32($gzip_contents);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   270
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   271
    $gzip_contents = gzcompress($gzip_contents, 9);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   272
    $gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   273
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   274
    header('Content-encoding: gzip');
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   275
    echo "\x1f\x8b\x08\x00\x00\x00\x00\x00";
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   276
    echo $gzip_contents;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   277
    echo pack('V', $gzip_crc);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   278
    echo pack('V', $gzip_size);
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   279
  }
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   280
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   281
  exit;
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   282
  
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   283
}
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   284
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   285
?>