* $Id$
*/
/**
* File/folder manipulation handler
*
* @package e107
* @subpackage e107_handlers
* @version $Id$
* @author e107 Inc.
*/
if (!defined('e107_INIT')) {
exit;
}
@set_time_limit(10 * 60);
//session_write_close();
@e107_ini_set("max_execution_time", 10 * 60);
//while (@ob_end_clean()); // kill all output buffering else it eats server resources
//ob_implicit_flush(TRUE);
/*
Class to return a list of files, with options to specify a filename matching string and exclude specified directories.
get_files() is the usual entry point.
$path - start directory (doesn't matter whether it has a trailing '/' or not - its stripped)
$fmask - regex expression of file names to match (empty string matches all). Omit the start and end delimiters - '#' is added here.
If the first character is '~', this becomes a list of files to exclude (the '~' is stripped)
Note that 'special' characters such as '.' must be escaped by the caller
There is a standard list of files which are always excluded (not affected by the leading '~')
The regex is case-sensitive.
$omit - specifies directories to exclude, in addition to the standard list. Does an exact, case-sensitive match.
'standard' or empty string - uses the standard exclude list
Otherwise a single directory name, or an array of names.
$recurse_level - number of directory levels to search.
e107_ini_set('magic_quotes_runtime', 0);
e107_ini_set('magic_quotes_sybase', 0);
e107_ini_set('arg_separator.output', '&');
e107_ini_set('session.use_only_cookies', 1);
e107_ini_set('session.use_trans_sid', 0);
define('MAGIC_QUOTES_GPC', ini_get('magic_quotes_gpc') ? true : false);
$php_version = phpversion();
if (version_compare($php_version, MIN_PHP_VERSION, "<")) {
die('A newer version of PHP is required');
}
// Ensure that '.' is the first part of the include path
$inc_path = explode(PATH_SEPARATOR, ini_get('include_path'));
if ($inc_path[0] != ".") {
array_unshift($inc_path, ".");
$inc_path = implode(PATH_SEPARATOR, $inc_path);
e107_ini_set("include_path", $inc_path);
}
unset($inc_path);
if (!function_exists("mysql_connect")) {
die("e107 requires PHP to be installed or compiled with the MySQL extension to work correctly, please see the MySQL manual for more information.");
}
# Check for the realpath(). Some hosts (I'm looking at you, Awardspace) are totally dumb and
# they think that disabling realpath() will somehow (I'm assuming) help improve their pathetic
# local security. Fact is, it just prevents apps from doing their proper local inclusion security
# checks. So, we refuse to work with these people.
$functions_ok = true;
$disabled_functions = ini_get('disable_functions');
if (trim($disabled_functions) != '') {
$disabled_functions = explode(',', $disabled_functions);
foreach ($disabled_functions as $function) {
if (trim($function) == "realpath") {
/**
* Send a file down to the user
*
* @param int $pmid - PM ID
* @param string $filenum - attachment number within the list associated with the PM
*
* @return none
*
* @todo Can we use core send routine?
*/
function send_file($pmid, $filenum)
{
$pm_info = $this->pm_get($pmid);
$attachments = explode(chr(0), $pm_info['pm_attachments']);
if (!isset($attachments[$filenum])) {
return FALSE;
}
$fname = $attachments[$filenum];
list($timestamp, $fromid, $rand, $file) = explode("_", $fname, 4);
$filename = getcwd() . "/attachments/{$fname}";
if ($fromid != $pm_info['pm_from']) {
return FALSE;
}
if (!is_file($filename)) {
return FALSE;
}
@set_time_limit(10 * 60);
@e107_ini_set("max_execution_time", 10 * 60);
while (@ob_end_clean()) {
}
// kill all output buffering else it eats server resources
if (connection_status() == 0) {
if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) {
$file = preg_replace('/\\./', '%2e', $file, substr_count($file, '.') - 1);
}
if (isset($_SERVER['HTTP_RANGE'])) {
$seek = intval(substr($_SERVER['HTTP_RANGE'], strlen('bytes=')));
}
$bufsize = 2048;
ignore_user_abort(true);
$data_len = filesize($filename);
if ($seek > $data_len - 1) {
$seek = 0;
}
$res =& fopen($filename, 'rb');
if ($seek) {
fseek($res, $seek);
}
$data_len -= $seek;
header("Expires: 0");
header("Cache-Control: max-age=30");
header("Content-Type: application/force-download");
header("Content-Disposition: attachment; filename={$file}");
header("Content-Length: {$data_len}");
header("Pragma: public");
if ($seek) {
header("Accept-Ranges: bytes");
header("HTTP/1.0 206 Partial Content");
header("status: 206 Partial Content");
header("Content-Range: bytes {$seek}-" . ($data_len - 1) . "/{$data_len}");
}
while (!connection_aborted() && $data_len > 0) {
echo fread($res, $bufsize);
$data_len -= $bufsize;
}
fclose($res);
}
}
/**
* Get Remote XML file contents
* use setOptArrayTags above if you require a consistent array result by in 1 item or many.
* @param string $address
* @param integer $timeout [optional] seconds
* @return string
*/
function getRemoteFile($address, $timeout = 10, $postData = null)
{
$_file = e107::getFile();
$this->xmlFileContents = $_file->getRemoteContent($address, array('timeout' => $timeout, 'post' => $postData));
$this->error = $_file->error;
return $this->xmlFileContents;
// ------ MOVED TO FILE HANDLER ------ //
// Could do something like: if ($timeout <= 0) $timeout = $pref['get_remote_timeout']; here
$timeout = min($timeout, 120);
$timeout = max($timeout, 3);
$this->xmlFileContents = '';
$mes = e107::getMessage();
if ($this->_feedUrl) {
$mes->addDebug("getting Remote File: " . $this->_feedUrl);
} else {
$address = str_replace(array("\r", "\n", "\t"), '', $address);
// May be paranoia, but streaky thought it might be a good idea
// ... and there shouldn't be unprintable characters in the URL anyway
}
if ($this->urlPrefix !== false) {
$address = $this->urlPrefix . $address;
}
// ... and there shouldn't be unprintable characters in the URL anyway
// Keep this in first position.
if (function_exists("curl_init")) {
$cu = curl_init();
curl_setopt($cu, CURLOPT_URL, $address);
curl_setopt($cu, CURLOPT_RETURNTRANSFER, true);
curl_setopt($cu, CURLOPT_HEADER, 0);
curl_setopt($cu, CURLOPT_TIMEOUT, $timeout);
curl_setopt($cu, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($cu, CURLOPT_REFERER, e_REQUEST_HTTP);
curl_setopt($cu, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($cu, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($cu, CURLOPT_COOKIEFILE, e_SYSTEM . 'cookies.txt');
curl_setopt($cu, CURLOPT_COOKIEJAR, e_SYSTEM . 'cookies.txt');
if (!file_exists(e_SYSTEM . 'cookies.txt')) {
file_put_contents(e_SYSTEM . 'cookies.txt', '');
}
$this->xmlFileContents = curl_exec($cu);
if (curl_error($cu)) {
$this->error = "Curl error: " . curl_errno($cu) . ", " . curl_error($cu);
return FALSE;
}
curl_close($cu);
return $this->xmlFileContents;
}
if (function_exists('file_get_contents') && ini_get('allow_url_fopen')) {
$old_timeout = e107_ini_set('default_socket_timeout', $timeout);
$address = $this->_feedUrl ? $this->_feedUrl : urldecode($address);
$data = file_get_contents($address);
// $data = file_get_contents(htmlspecialchars($address)); // buggy - sometimes fails.
if ($old_timeout !== FALSE) {
e107_ini_set('default_socket_timeout', $old_timeout);
}
if ($data !== FALSE) {
$this->xmlFileContents = $data;
return $data;
}
$this->error = "File_get_contents(XML) error";
// Fill in more info later
return FALSE;
}
if (ini_get("allow_url_fopen")) {
$old_timeout = e107_ini_set('default_socket_timeout', $timeout);
$remote = @fopen($address, "r");
if (!$remote) {
$this->error = "fopen: Unable to open remote XML file: " . $address;
return FALSE;
}
} else {
$old_timeout = $timeout;
$tmp = parse_url($address);
if (!($remote = fsockopen($tmp['host'], 80, $errno, $errstr, $timeout))) {
$this->error = "Sockets: Unable to open remote XML file: " . $address;
return FALSE;
} else {
socket_set_timeout($remote, $timeout);
fputs($remote, "GET " . urlencode($address) . " HTTP/1.0\r\n\r\n");
}
}
$this->xmlFileContents = "";
while (!feof($remote)) {
$this->xmlFileContents .= fgets($remote, 4096);
}
fclose($remote);
if ($old_timeout != $timeout) {
if ($old_timeout !== FALSE) {
e107_ini_set('default_socket_timeout', $old_timeout);
}
}
return $this->xmlFileContents;
}
/**
* File retrieval function. by Cam.
* @param $file actual path or {e_xxxx} path to file.
*
*/
function send($file)
{
global $e107;
$pref = e107::getPref();
$tp = e107::getParser();
$DOWNLOADS_DIR = e107::getFolder('DOWNLOADS');
$DOWNLOADS_DIRECTORY = $DOWNLOADS_DIR[0] == DIRECTORY_SEPARATOR ? $DOWNLOADS_DIR : e_BASE . $DOWNLOADS_DIR;
// support for full path eg. /home/account/folder.
$FILES_DIRECTORY = e_BASE . e107::getFolder('FILES');
$MEDIA_DIRECTORY = realpath(e_MEDIA);
// could be image, file or other type.
$SYSTEM_DIRECTORY = realpath(e_SYSTEM);
// downloading of logs etc. via browser if required. (Admin-only)
$file = $tp->replaceConstants($file);
@set_time_limit(10 * 60);
@session_write_close();
@e107_ini_set("max_execution_time", 10 * 60);
while (@ob_end_clean()) {
}
// kill all output buffering else it eats server resources
@ob_implicit_flush(TRUE);
$filename = $file;
$file = basename($file);
$path = realpath($filename);
$path_downloads = realpath($DOWNLOADS_DIRECTORY);
$path_public = realpath($FILES_DIRECTORY . "public/");
if (strstr($path, $SYSTEM_DIRECTORY) && !ADMIN) {
header("location: {$e107->base_path}");
exit;
}
if (!strstr($path, $path_downloads) && !strstr($path, $path_public) && !strstr($path, $MEDIA_DIRECTORY) && !strstr($path, $SYSTEM_DIRECTORY)) {
if (E107_DEBUG_LEVEL > 0 && ADMIN) {
echo "Failed to Download <b>" . $file . "</b><br />";
echo "The file-path <b>" . $path . "<b> didn't match with either of \n\t\t\t\t<ul><li><b>{$path_downloads}</b></li>\n\t\t\t\t<li><b>{$path_public}</b></li></ul><br />";
echo "Downloads Path: " . $path_downloads . " (" . $DOWNLOADS_DIRECTORY . ")";
exit;
} else {
header("location: {$e107->base_path}");
exit;
}
} else {
if (is_file($filename) && is_readable($filename) && connection_status() == 0) {
$seek = 0;
if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) {
$file = preg_replace('/\\./', '%2e', $file, substr_count($file, '.') - 1);
}
if (isset($_SERVER['HTTP_RANGE'])) {
$seek = intval(substr($_SERVER['HTTP_RANGE'], strlen('bytes=')));
}
$bufsize = 2048;
ignore_user_abort(true);
$data_len = filesize($filename);
if ($seek > $data_len - 1) {
$seek = 0;
}
if ($filename == null) {
$filename = basename($this->data);
}
$res =& fopen($filename, 'rb');
if ($seek) {
fseek($res, $seek);
}
$data_len -= $seek;
header("Expires: 0");
header("Cache-Control: max-age=30");
header("Content-Type: application/force-download");
header("Content-Disposition: attachment; filename=\"{$file}\"");
header("Content-Length: {$data_len}");
header("Pragma: public");
if ($seek) {
header("Accept-Ranges: bytes");
header("HTTP/1.0 206 Partial Content");
header("status: 206 Partial Content");
header("Content-Range: bytes {$seek}-" . ($data_len - 1) . "/{$data_len}");
}
while (!connection_aborted() && $data_len > 0) {
echo fread($res, $bufsize);
$data_len -= $bufsize;
}
fclose($res);
} else {
if (E107_DEBUG_LEVEL > 0 && ADMIN) {
echo "file failed =" . $file . "<br />";
echo "path =" . $path . "<br />";
exit;
} else {
header("location: " . e_BASE . "index.php");
exit;
}
}
}
}
/**
* Get Remote file contents
* use setOptArrayTags above if you require a consistent array result by in 1 item or many.
* @param string $address
* @param integer $timeout [optional] seconds
* @return string
*/
function getRemoteFile($address, $timeout = 10)
{
// Could do something like: if ($timeout <= 0) $timeout = $pref['get_remote_timeout']; here
$timeout = min($timeout, 120);
$timeout = max($timeout, 3);
if ($this->_feedUrl) {
$address = $this->_feedUrl;
echo "address=" . $address;
} else {
$address = str_replace(array("\r", "\n", "\t"), '', $address);
// May be paranoia, but streaky thought it might be a good idea
// ... and there shouldn't be unprintable characters in the URL anyway
}
// ... and there shouldn't be unprintable characters in the URL anyway
if (function_exists('file_get_contents') && ini_get('allow_url_fopen')) {
$old_timeout = e107_ini_set('default_socket_timeout', $timeout);
$address = $this->_feedUrl ? $this->_feedUrl : urldecode($address);
$data = file_get_contents($address);
// $data = file_get_contents(htmlspecialchars($address)); // buggy - sometimes fails.
if ($old_timeout !== FALSE) {
e107_ini_set('default_socket_timeout', $old_timeout);
}
if ($data !== FALSE) {
$this->xmlFileContents = $data;
return $data;
}
$this->error = "File_get_contents(XML) error";
// Fill in more info later
return FALSE;
}
if (function_exists("curl_init")) {
$cu = curl_init();
curl_setopt($cu, CURLOPT_URL, $address);
curl_setopt($cu, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($cu, CURLOPT_HEADER, 0);
curl_setopt($cu, CURLOPT_TIMEOUT, $timeout);
$this->xmlFileContents = curl_exec($cu);
if (curl_error($cu)) {
$this->error = "Curl error: " . curl_errno($cu) . ", " . curl_error($cu);
return FALSE;
}
curl_close($cu);
return $this->xmlFileContents;
}
if (ini_get("allow_url_fopen")) {
$old_timeout = e107_ini_set('default_socket_timeout', $timeout);
$remote = @fopen($address, "r");
if (!$remote) {
$this->error = "fopen: Unable to open remote XML file: " . $address;
return FALSE;
}
} else {
$old_timeout = $timeout;
$tmp = parse_url($address);
if (!($remote = fsockopen($tmp['host'], 80, $errno, $errstr, $timeout))) {
$this->error = "Sockets: Unable to open remote XML file: " . $address;
return FALSE;
} else {
socket_set_timeout($remote, $timeout);
fputs($remote, "GET " . urlencode($address) . " HTTP/1.0\r\n\r\n");
}
}
$this->xmlFileContents = "";
while (!feof($remote)) {
$this->xmlFileContents .= fgets($remote, 4096);
}
fclose($remote);
if ($old_timeout != $timeout) {
if ($old_timeout !== FALSE) {
e107_ini_set('default_socket_timeout', $old_timeout);
}
}
return $this->xmlFileContents;
}
function send_file($file)
{
global $DOWNLOADS_DIRECTORY, $FILES_DIRECTORY, $e107;
$pref = e107::getPref();
/* PHP handling by default.
if (!$pref['download_php'])
{
header("Location: ".SITEURL.$file);
exit();
}
*/
@set_time_limit(10 * 60);
@session_write_close();
@e107_ini_set("max_execution_time", 10 * 60);
while (@ob_end_clean()) {
}
// kill all output buffering else it eats server resources
@ob_implicit_flush(TRUE);
$filename = $file;
$file = basename($file);
$path = realpath($filename);
$path_downloads = realpath($DOWNLOADS_DIRECTORY);
$path_public = realpath($FILES_DIRECTORY . "public/");
if (!strstr($path, $path_downloads) && !strstr($path, $path_public)) {
if (E107_DEBUG_LEVEL > 0 && ADMIN) {
echo "Failed to Download <b>" . $file . "</b><br />";
echo "The file-path <b>" . $path . "<b> didn't match with either <b>{$path_downloads}</b> or <b>{$path_public}</b><br />";
exit;
} else {
header("location: {$e107->base_path}");
exit;
}
} else {
if (is_file($filename) && is_readable($filename) && connection_status() == 0) {
$seek = 0;
if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) {
$file = preg_replace('/\\./', '%2e', $file, substr_count($file, '.') - 1);
}
if (isset($_SERVER['HTTP_RANGE'])) {
$seek = intval(substr($_SERVER['HTTP_RANGE'], strlen('bytes=')));
}
$bufsize = 2048;
ignore_user_abort(true);
$data_len = filesize($filename);
if ($seek > $data_len - 1) {
$seek = 0;
}
if ($filename == null) {
$filename = basename($this->data);
}
$res =& fopen($filename, 'rb');
if ($seek) {
fseek($res, $seek);
}
$data_len -= $seek;
header("Expires: 0");
header("Cache-Control: max-age=30");
header("Content-Type: application/force-download");
header("Content-Disposition: attachment; filename=\"{$file}\"");
header("Content-Length: {$data_len}");
header("Pragma: public");
if ($seek) {
header("Accept-Ranges: bytes");
header("HTTP/1.0 206 Partial Content");
header("status: 206 Partial Content");
header("Content-Range: bytes {$seek}-" . ($data_len - 1) . "/{$data_len}");
}
while (!connection_aborted() && $data_len > 0) {
echo fread($res, $bufsize);
$data_len -= $bufsize;
}
fclose($res);
} else {
if (E107_DEBUG_LEVEL > 0 && ADMIN) {
echo "file failed =" . $file . "<br />";
echo "path =" . $path . "<br />";
exit;
} else {
header("location: " . e_BASE . "index.php");
exit;
}
}
}
}
public function __construct()
{
e107_ini_set('soap.wsdl_cache_enabled', 0);
e107_ini_set('soap.wsdl_cache_ttl', 0);
$options = array("trace" => true, 'exception' => true, "uri" => "http://server.soap.e107.inc.com/", 'cache_wsdl' => WSDL_CACHE_NONE, 'connection_timeout' => 60);
$this->client = new SoapClient($this->serviceUrl, $options);
if (function_exists('xdebug_disable')) {
xdebug_disable();
}
}