protected function getInput() {
$userId = (string) $this->form->getValue($this->element['name']);
return PhocaDownloadUser::usersList($this->name, $this->id, $userId, 1, NULL,'name', 0 );
}
public static function canUpload( $file, &$err, $manager = '', $frontEnd = 0, $chunkEnabled = 0, $realSize = 0) {
$paramsC = JComponentHelper::getParams( 'com_phocadownload' );
if ($frontEnd == 1) {
$aft = $paramsC->get( 'allowed_file_types_upload', PhocaDownloadSettings::getDefaultAllowedMimeTypesUpload() );
$dft = $paramsC->get( 'disallowed_file_types_upload', '' );
$allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft);
$disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft);
$ignoreUploadCh = 0;
$ignoreUploadCheck = $params->get( 'ignore_file_types_check', 2 );
if ($ignoreUploadCheck == 1 || $ignoreUploadCheck == 4 ) {
$ignoreUploadCh = 1;
}
} else {
$aft = $paramsC->get( 'allowed_file_types_download', PhocaDownloadSettings::getDefaultAllowedMimeTypesDownload() );
$dft = $paramsC->get( 'disallowed_file_types_download', '' );
$allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft);
$disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft);
$ignoreUploadCh = 0;
$ignoreUploadCheck = $paramsC->get( 'ignore_file_types_check', 2 );
if ($ignoreUploadCheck == 5 || $ignoreUploadCheck == 5 ) {
$ignoreUploadCh = 1;
}
}
$paramsL = array();
$group = PhocaDownloadSettings::getManagerGroup($manager);
if ($group['f'] == 2) {
$paramsL['upload_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['image_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['upload_mime'] = 'image/jpeg,image/gif,image/png';
$paramsL['upload_mime_illegal'] ='application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html';
$paramsL['upload_ext_illegal'] = $disallowedMimeType['ext'];
} else {
$paramsL['upload_extensions'] = $allowedMimeType['ext'];
$paramsL['image_extensions'] = 'bmp,gif,jpg,png,jpeg';
$paramsL['upload_mime'] = $allowedMimeType['mime'];
$paramsL['upload_mime_illegal'] = $disallowedMimeType['mime'];
$paramsL['upload_ext_illegal'] = $disallowedMimeType['ext'];
}
// The file doesn't exist
if(empty($file['name'])) {
$err = 'COM_PHOCADOWNLOAD_WARNING_INPUT_FILE_UPLOAD';
return false;
}
// Not safe file
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = 'COM_PHOCADOWNLOAD_WARNFILENAME';
return false;
}
$format = strtolower(JFile::getExt($file['name']));
if ($ignoreUploadCh == 1) {
} else {
$allowable = explode( ',', $paramsL['upload_extensions']);
$notAllowable = explode( ',', $paramsL['upload_ext_illegal']);
if(in_array($format, $notAllowable)) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_DISALLOWED';
return false;
}
//if (!in_array($format, $allowable)) {
if ($format == '' || $format == false || (!in_array($format, $allowable))) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_NOT_ALLOWED';
return false;
}
}
// Max size of image
// If chunk method is used, we need to get computed size
$maxSize = $paramsC->get( 'upload_maxsize', 3145728 );
if ((int)$frontEnd > 0) {
$maxSize = $paramsC->get( 'user_file_upload_size', 3145728 );
} else {
$maxSize = $paramsC->get( 'upload_maxsize', 3145728 );
}
if ($chunkEnabled == 1) {
if ((int)$maxSize > 0 && (int)$realSize > (int)$maxSize) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE';
return false;
}
} else {
if ((int)$maxSize > 0 && (int)$file['size'] > (int)$maxSize) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE';
return false;
}
}
// User (only in ucp) - Check the size of all files by users
if ($frontEnd == 2) {
$user = JFactory::getUser();
$maxUserUploadSize = (int)$paramsC->get( 'user_files_max_size', 20971520 );
$maxUserUploadCount = (int)$paramsC->get( 'user_files_max_count', 5 );
$allFile = PhocaDownloadUser:: getUserFileInfo($file, $user->id);
if ($chunkEnabled == 1) {
$fileSize = $realSize;
} else {
$fileSize = $file['size'];
}
if ((int)$maxUserUploadSize > 0 && (int) $allFile['size'] > $maxUserUploadSize) {
$err = JText::_('COM_PHOCADOWNLOAD_WARNUSERFILESTOOLARGE');
return false;
}
if ((int) $allFile['count'] > $maxUserUploadCount) {
$err = JText::_('COM_PHOCADOWNLOAD_WARNUSERFILESTOOMUCH');
return false;
}
}
// Image check
$imginfo = null;
$images = explode( ',', $paramsL['image_extensions']);
if(in_array($format, $images)) { // if its an image run it through getimagesize
$group = PhocaDownloadSettings::getManagerGroup($manager);
if($group['i'] == 1) {
if ($chunkEnabled != 1) {
if(($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDIMG';
$err = $imginfo[0];
return false;
}
}
}
} else if(!in_array($format, $images)) { // if its not an image...and we're not ignoring it
$allowed_mime = explode(',', $paramsL['upload_mime']);
$illegal_mime = explode(',', $paramsL['upload_mime_illegal']);
if(function_exists('finfo_open')) {// We have fileinfo
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, $file['tmp_name']);
if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDMIME';
return false;
}
finfo_close($finfo);
} else if(function_exists('mime_content_type')) { // we have mime magic
$type = mime_content_type($file['tmp_name']);
if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDMIME';
return false;
}
}
}
// XSS Check
$xss_check = JFile::read($file['tmp_name'],false,256);
$html_tags = PhocaDownloadSettings::getHTMLTagsUpload();
foreach($html_tags as $tag) { // A tag is '<tagname ', so we need to add < and a space or '<tagname>'
if(stristr($xss_check, '<'.$tag.' ') || stristr($xss_check, '<'.$tag.'>')) {
$err = 'COM_PHOCADOWNLOAD_WARNIEXSS';
return false;
}
}
return true;
}
function _save($data, $filename, &$errSaveMsg, $fileExists = 0) {
$user = JFactory::getUser();
$fileId = false;
if ($fileExists == 1) {
// We not only owerwrite the file but we must update it
if (isset($filename) && $filename != '') {
$db = JFactory::getDBO();
$query = 'SELECT a.id AS id'
.' FROM #__phocadownload AS a'
.' WHERE a.filename = '.$db->Quote($filename);
$db->setQuery($query, 0, 1);
$fileId = $db->loadObject();
if (!$db->query()) {
$this->setError($db->getErrorMsg());
return false;
}
}
}
$row = $this->getTable('phocadownload');
if (isset($fileId->id) && (int)$fileId->id > 0) {
$data['id'] = (int)$fileId->id;
}
$data['filesize'] = PhocaDownloadFile::getFileSize($filename, 0);
$data['userid'] = $user->id;
$data['author_email'] = $data['email'];
$data['author_url'] = $data['website'];
$data['token'] = PhocaDownloadUtils::getToken($data['title'].$filename);
//$data['token'] = PhocaDownloadUtils::getToken($data['title'].$data['filename']);
// Bind the form fields to the Phoca gallery table
if (!$row->bind($data)) {
$this->setError($this->_db->getErrorMsg());
return false;
}
// Create the timestamp for the date
//$row->date = gmdate('Y-m-d H:i:s');
//$row->publish_up = gmdate('Y-m-d H:i:s');
//$jnow =JFactory::getDate();
/*$jnowU = $jnow->toUnix();
if (isset($jnowU)) {
$jnowU = (int)$jnowU - 2; // to not display pending because of 1 second
}*/
$unow = time();
$unow = $unow - 2;//Frontend will display pending if standard $jnow->toSql(); will be used
$jnow = JFactory::getDate($unow);// the class JDate construct works with unix date
$now = $jnow->toSql();
$row->date = $now;
$row->publish_up = $now; //date('Y-m-d H:i:s', $jnowU);
$row->publish_down = null;
$row->filename = $filename;
$row->catid = $data['catidfiles'];
// Lang
$userLang = PhocaDownloadUser::getUserLang();
$row->language = $userLang['lang'];
// if new item, order last in appropriate group
if (!$row->id) {
$where = 'catid = ' . (int) $row->catid ;
$row->ordering = $row->getNextOrder( $where );
}
// Make sure the Phoca gallery table is valid
if (!$row->check()) {
$this->setError($this->_db->getErrorMsg());
return false;
}
// Store the Phoca gallery table to the database
if (!$row->store()) {
$this->setError($this->_db->getErrorMsg());
return false;
}
PhocaDownloadLog::log($row->id, 2);
return true;
}
