/**
* 用户app 添加、编辑
*/
public function user_app()
{
$path = _DIR($this->in['path']);
if (isset($this->in['action']) && $this->in['action'] == 'add') {
$path .= '.oexe';
}
if (!checkExt($path)) {
show_json($this->L['error']);
exit;
}
$data = json_decode(rawurldecode($this->in['data']), true);
unset($data['name']);
unset($data['desc']);
unset($data['group']);
$res = file_put_contents($path, json_encode($data));
show_json($this->L['success']);
}
public function serverDownload()
{
$uuid = 'download_' . $this->in['uuid'];
if ($this->in['type'] == 'percent') {
//获取下载进度
//show_json($_SESSION[$uuid]);
if (isset($_SESSION[$uuid])) {
$info = $_SESSION[$uuid];
$result = array('uuid' => $this->in['uuid'], 'length' => (int) $info['length'], 'size' => (int) filesize($info['path']), 'time' => mtime());
show_json($result);
} else {
show_json('', false);
}
} else {
if ($this->in['type'] == 'remove') {
//取消下载;文件被删掉则自动停止
del_file($_SESSION[$uuid]['path']);
unset($_SESSION[$uuid]);
show_json('', false);
}
}
//下载
$save_path = _DIR($this->in['save_path']);
if (!is_writeable($save_path)) {
show_json($this->L['no_permission_write'], false);
}
$url = rawurldecode($this->in['url']);
$header = url_header($url);
if (!$header) {
show_json($this->L['download_error_exists'], false);
}
$save_path = $save_path . urldecode($header['name']);
if (!checkExt($save_path)) {
//不允许的扩展名
$save_path = _DIR($this->in['save_path']) . date() . '.txt';
}
$save_path = get_filename_auto(iconv_system($save_path));
$save_path_temp = $save_path . '.downloading';
session_start();
$_SESSION[$uuid] = array('length' => $header['length'], 'path' => $save_path_temp);
session_write_close();
if (file_download_this($url, $save_path_temp)) {
if (@rename($save_path_temp, $save_path)) {
//下载完后重命名
$name = get_path_this(iconv_app($save_path));
show_json($this->L['download_success'], true, $name);
} else {
show_json($this->L['download_error_create'], false);
}
} else {
show_json($this->L['download_error_create'], false);
}
}
/**
* 权限验证;统一入口检验
*/
public function authCheck()
{
if (isset($GLOBALS['is_root']) && $GLOBALS['is_root'] == 1) {
return;
}
if (in_array(ACT, $this->notCheck)) {
return;
}
if (!array_key_exists(ST, $this->config['role_setting'])) {
return;
}
if (!in_array(ACT, $this->config['role_setting'][ST])) {
return;
}
//有权限限制的函数
$key = ST . ':' . ACT;
$group = new fileCache($this->config['system_file']['group']);
$GLOBALS['auth'] = $auth = $group->get($this->user['role']);
//默认扩张功能等价权限
$auth['explorer:pathChmod'] = $auth['explorer:pathRname'];
$auth['explorer:pathCopyDrag'] = $auth['explorer:pathCuteDrag'];
if ($auth[$key] !== 1) {
show_json($this->L['no_permission'], false);
}
//扩展名限制:新建文件&上传文件&重命名文件&保存文件&zip解压文件
$check_arr = array('mkfile' => isset($this->in['path']) ? $this->in['path'] : '', 'pathRname' => isset($this->in['rname_to']) ? $this->in['rname_to'] : '', 'fileUpload' => isset($_FILES['file']['name']) ? $_FILES['file']['name'] : '', 'fileSave' => isset($this->in['path']) ? $this->in['path'] : '');
if (array_key_exists(ACT, $check_arr) && !checkExt($check_arr[ACT])) {
show_json($this->L['no_permission_ext'], false);
}
}
/**
* 权限验证;统一入口检验
*/
public function authCheck()
{
if (isset($GLOBALS['is_root']) && $GLOBALS['is_root'] == 1) {
return;
}
if (in_array(ACT, $this->notCheck)) {
return;
}
if (!array_key_exists(ST, $this->config['role_setting'])) {
return;
}
if (!in_array(ACT, $this->config['role_setting'][ST]) && ST . ':' . ACT != 'user:common_js') {
return;
}
//输出处理过的权限
//有权限限制的函数
$key = ST . ':' . ACT;
$group = new fileCache(USER_SYSTEM . 'group.php');
$auth = $group->get($this->user['role']);
//向下版本兼容处理
//未定义;新版本首次使用默认开放的功能
if (!isset($auth['userShare:set'])) {
$auth['userShare:set'] = 1;
}
if (!isset($auth['explorer:fileDownload'])) {
$auth['explorer:fileDownload'] = 1;
}
//默认扩展功能 等价权限
$auth['user:common_js'] = 1;
//权限数据配置后输出到前端
$auth['explorer:pathChmod'] = $auth['explorer:pathRname'];
$auth['explorer:pathDeleteRecycle'] = $auth['explorer:pathDelete'];
$auth['explorer:pathCopyDrag'] = $auth['explorer:pathCuteDrag'];
$auth['explorer:fileDownloadRemove'] = $auth['explorer:fileDownload'];
$auth['explorer:zipDownload'] = $auth['explorer:fileDownload'];
$auth['explorer:fileProxy'] = $auth['explorer:fileDownload'];
$auth['editor:fileGet'] = $auth['explorer:fileDownload'];
$auth['explorer:officeView'] = $auth['explorer:fileDownload'];
$auth['explorer:officeSave'] = $auth['editor:fileSave'];
$auth['userShare:del'] = $auth['userShare:set'];
if ($auth[$key] != 1) {
show_json($this->L['no_permission'], false);
}
$GLOBALS['auth'] = $auth;
//全局
//扩展名限制:新建文件&上传文件&重命名文件&保存文件&zip解压文件
$check_arr = array('mkfile' => $this->check_key('path'), 'pathRname' => $this->check_key('rname_to'), 'fileUpload' => isset($_FILES['file']['name']) ? $_FILES['file']['name'] : '', 'fileSave' => $this->check_key('path'));
if (array_key_exists(ACT, $check_arr) && !checkExt($check_arr[ACT])) {
show_json($this->L['no_permission_ext'], false);
}
}
function checkExtUnzip($s, $info)
{
return checkExt($info['stored_filename']);
}
function addUrls($urls)
{
if (is_array($urls)) {
for ($i = 0; $i < count($urls['href']); $i++) {
$skip = 0;
# Cycle through to make sure url is unique
for ($x = 0; $x < count($GLOBALS['urls']); $x++) {
if ($GLOBALS['urls'][$x] == $urls['href'][$i]) {
$skip = 1;
break;
}
}
# Check extension
$extgood = 0;
foreach ($GLOBALS['extensions'] as $ext) {
if (checkExt($urls['href'][$i], $ext)) {
$extgood = 1;
}
}
# And finally make sure its in the current website
if (!stristr($urls['href'][$i], $GLOBALS['siteurl'])) {
$skip = 1;
}
if ($skip == 0 && $extgood == 1) {
$GLOBALS['urls'][] = $urls['href'][$i];
}
}
}
}
* @author Jan Pecha, <*****@*****.**>
* @license New BSD License
*/
if (($dir = getcwd()) !== false) {
include __DIR__ . '/nette.min.php';
$args = NULL;
if (isset($_SERVER['argc']) && $_SERVER['argc'] > 1) {
$args = $_SERVER['argv'];
array_shift($args);
} else {
$args = array('mp4', 'flv');
}
$errors = array();
$masks = array();
foreach ($args as $arg) {
if (checkExt($arg)) {
$masks[] = "*.{$arg}";
} else {
$errors[] = $arg;
}
}
if (count($errors)) {
foreach ($errors as $ext) {
echo "[error] Pripona '{$ext}' je divna, zkus to opravit nebo smazat (pripona muze obsahovat pouze a-Z a 0-9 a nesmi byt 'mp3')\n";
}
exit;
}
$numOfFiles = 0;
$errors = array();
foreach (\Nette\Utils\Finder::findFiles($masks)->in($dir) as $file) {
if (($pos = strrpos($file, '.')) !== false) {
/**
* Permission Validation; unified entrance examination
*/
public function authCheck()
{
if (isset($GLOBALS['is_root']) && $GLOBALS['is_root'] == 1) {
return;
}
if (in_array(ACT, $this->notCheck)) {
return;
}
if (!array_key_exists(ST, $this->config['role_setting'])) {
return;
}
if (!in_array(ACT, $this->config['role_setting'][ST]) && ST . ':' . ACT != 'user:common_js') {
return;
}
//Outputs the processed permissions
//With restricted access function
$key = ST . ':' . ACT;
$group = new fileCache(USER_SYSTEM . 'group.php');
$auth = $group->get($this->user['role']);
// Downward compatible with version handling
// Undefined; the new version features the first use of the default open
if (!isset($auth['userShare:set'])) {
$auth['userShare:set'] = 1;
}
if (!isset($auth['explorer:fileDownload'])) {
$auth['explorer:fileDownload'] = 1;
}
//The default extension is functionally equivalent authority
$auth['user:common_js'] = 1;
//After permission to configure the output data to the front end
$auth['explorer:pathChmod'] = $auth['explorer:pathRname'];
$auth['explorer:pathDeleteRecycle'] = $auth['explorer:pathDelete'];
$auth['explorer:pathCopyDrag'] = $auth['explorer:pathCuteDrag'];
$auth['explorer:fileDownloadRemove'] = $auth['explorer:fileDownload'];
$auth['explorer:zipDownload'] = $auth['explorer:fileDownload'];
$auth['explorer:fileProxy'] = $auth['explorer:fileDownload'];
$auth['editor:fileGet'] = $auth['explorer:fileDownload'];
$auth['explorer:officeView'] = $auth['explorer:fileDownload'];
$auth['explorer:officeSave'] = $auth['editor:fileSave'];
$auth['userShare:del'] = $auth['userShare:set'];
if ($auth[$key] != 1) {
show_json($this->L['no_permission'], false);
}
$GLOBALS['auth'] = $auth;
//Overall situation
//Extension restrictions: New File Upload & File & rename files & save files Unzip & zip file
$check_arr = array('mkfile' => $this->check_key('path'), 'pathRname' => $this->check_key('rname_to'), 'fileUpload' => isset($_FILES['file']['name']) ? $_FILES['file']['name'] : '', 'fileSave' => $this->check_key('path'));
if (array_key_exists(ACT, $check_arr) && !checkExt($check_arr[ACT])) {
show_json($this->L['no_permission_ext'], false);
}
}
public function serverDownload()
{
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) {
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
$uuid = 'download_' . $this->in['uuid'];
if ($this->in['type'] == 'percent') {
//Get the download progress
//show_json($_SESSION[$uuid]);
if (isset($_SESSION[$uuid])) {
$info = $_SESSION[$uuid];
$result = array('uuid' => $this->in['uuid'], 'length' => (int) $info['length'], 'size' => (int) filesize($info['path']), 'time' => mtime());
show_json($result);
} else {
show_json('', false);
}
} else {
if ($this->in['type'] == 'remove') {
//Cancel download; files are deleted automatically stops
del_file($_SESSION[$uuid]['path']);
unset($_SESSION[$uuid]);
show_json('', false);
}
}
//download
$save_path = _DIR($this->in['save_path']);
if (!is_writeable($save_path)) {
show_json($this->L['no_permission_write'], false);
}
$url = rawurldecode($this->in['url']);
$header = url_header($url);
if (!$header) {
show_json($this->L['download_error_exists'], false);
}
$save_path = $save_path . urldecode($header['name']);
if (!checkExt($save_path)) {
//Allowed extension
$save_path = _DIR($this->in['save_path']) . date() . '.txt';
}
$save_path = get_filename_auto(iconv_system($save_path));
$save_path_temp = $save_path . '.downloading';
session_start();
$_SESSION[$uuid] = array('length' => $header['length'], 'path' => $save_path_temp);
session_write_close();
if (file_download_this($url, $save_path_temp)) {
if (@rename($save_path_temp, $save_path)) {
//After downloading rename
$name = get_path_this(iconv_app($save_path));
show_json($this->L['download_success'], true, $name);
} else {
show_json($this->L['download_error_create'], false);
}
} else {
show_json($this->L['download_error_create'], false);
}
}
} else {
header('Location: 403.php');
}
}
return false;
}
/*
* Check if the file name has not allowed characters, removes them, and check if it is windows reserved
*/
$tmp_fn = $file_name;
$file_name = checkName($file_name);
if (!$file_name) {
echo json_encode(array('name' => $tmp_fn, 'size' => $full_size, 'status' => -1, 'info' => 'File name is not allowed. Windows reserved.'));
return false;
}
/*
* Check if file extension is in the allowed extensions
* By defaul php, exe, html, js... are deny
*/
if (!checkExt($file_name, $allow_ext)) {
echo json_encode(array('name' => $file_name, 'size' => $full_size, 'status' => -1, 'info' => 'File extension is not allowed'));
return false;
}
}
/*
* Calculate full upload path and check if file already exists.
* If file exists just rename it in the format :filename(N).ext
*/
$full_path = '';
if ($is_ajax) {
//we get the path only for the first chunk
$full_path = $currByte == 0 ? checkFileExits($file_name, $upload_path) : $upload_path . $file_name;
//Just optional, avoid to write on exisiting file, but in theory filename should be unique from the checkFileExits function
$flag = $currByte == 0 ? 0 : FILE_APPEND;
//formData post files just normal upload in $_FILES, older ajax upload post it in input
