/**
* Processing current upload, aka 'after user click upload button to upload his files'
*/
function process()
{
global $SQL, $dbprefix, $config, $lang;
($hook = kleeja_run_hook('kljuploader_process_func')) ? eval($hook) : null;
//run hook
# check folder our real folder
if (!file_exists($this->folder)) {
if (!make_folder($this->folder)) {
$this->messages[] = array($lang['CANT_DIR_CRT'], 'index_err');
}
}
# check the live-exts-folder, live exts plugin codes
if (!empty($config['imagefolderexts']) && !file_exists($config['imagefolder'])) {
if (!make_folder($config['imagefolder'])) {
$this->messages[] = array($lang['CANT_DIR_CRT'], 'index_err');
}
}
# when uploading_type = 1, then we upload from _file input
# if uploading_type = 2, then we uploading from url which is disabled by default and is buggy
$uploading_type = isset($_POST['submitr']) ? 1 : (isset($_POST['submittxt']) ? 2 : false);
# add your uploading_type through the hook
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type')) ? eval($hook) : null;
//run hook
#no uploading yet, or just go to index.php, so we have make a new session
if (!$uploading_type) {
unset($_SESSION['FIILES_NOT_DUPLI'], $_SESSION['FIILES_NOT_DUPLI_LINKS']);
}
# is captcha on, and there is uploading going on
if ($this->safe_code && $uploading_type) {
#captcha is wrong
if (!kleeja_check_captcha()) {
return $this->messages[] = array($lang['WRONG_VERTY_CODE'], 'index_err');
}
}
# to prevent flooding, user must wait, waiting-time is grapped from Kleeja settings, admin is exceptional
if (!$this->user_is_adm && user_is_flooding($this->id_user)) {
return $this->messages[] = array(sprintf($lang['YOU_HAVE_TO_WAIT'], $this->id_user == '-1' ? $config['guestsectoupload'] : $config['usersectoupload']), 'index_err');
}
# flooading ..
if ($uploading_type == 1 && isset($_SESSION['FIILES_NOT_DUPLI'])) {
for ($i = 0; $i <= $this->filesnum; $i++) {
if (!empty($_SESSION['FIILES_NOT_DUPLI']['file_' . $i . '_']['name']) && !empty($_FILES['file_' . $i . '_']['name']) && $_SESSION['FIILES_NOT_DUPLI']['file_' . $i . '_']['name'] == $_FILES['file_' . $i . '_']['name']) {
redirect('./');
}
}
}
if ($uploading_type == 2 && isset($_SESSION['FIILES_NOT_DUPLI_LINKS'])) {
for ($i = 0; $i <= $this->filesnum; $i++) {
if (!empty($_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_']) && !empty($_POST['file_' . $i . '_']) && trim($_POST['file_' . $i . '_']) != $lang['PAST_URL_HERE'] && trim($_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_']) != $lang['PAST_URL_HERE'] && $_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_'] == $_POST['file_' . $i . '_']) {
redirect('./');
}
}
}
# flooding code, making sure every ok session is cleared
if (isset($_POST['submitr'])) {
if (isset($_SESSION['FIILES_NOT_DUPLI'])) {
unset($_SESSION['FIILES_NOT_DUPLI']);
}
$_SESSION['FIILES_NOT_DUPLI'] = $_FILES;
} elseif (isset($_POST['submittxt'])) {
if (isset($_SESSION['FIILES_NOT_DUPLI_LINKS'])) {
unset($_SESSION['FIILES_NOT_DUPLI_LINKS']);
}
$_SESSION['FIILES_NOT_DUPLI_LINKS'] = $_POST;
}
#now close session to let user open any other page in Kleeja
@session_write_close();
# uploading process, empty check-list for now
$check = false;
# add your uploading_type through the hook
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_later')) ? eval($hook) : null;
//run hook
# do upload
switch ($uploading_type) {
#uploading from a _files input
case 1:
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_1')) ? eval($hook) : null;
//run hook
# loop the uploaded files
for ($i = 0; $i <= $this->filesnum; $i++) {
//no file!
if (empty($_FILES['file_' . $i . '_']['tmp_name'])) {
continue;
}
# file name
$this->filename = isset($_FILES['file_' . $i . '_']['name']) ? htmlspecialchars(str_replace(array(';', ','), '', $_FILES['file_' . $i . '_']['name'])) : '';
# add the file to the check-list
$check .= isset($_FILES['file_' . $i . '_']['name']) ? $_FILES['file_' . $i . '_']['name'] : '';
# get the extension of file
$this->typet = strtolower(array_pop(explode('.', $this->filename)));
# them the size
$this->sizet = !empty($_FILES['file_' . $i . '_']['size']) ? intval($_FILES['file_' . $i . '_']['size']) : null;
# get the other filename, changed depend on kleeja settings
$this->filename2 = change_filename_decoding($this->filename, $i, $this->typet, $this->decode);
# filename templates {rand:..}, {date:..}
$this->filename2 = change_filename_templates(trim($this->prefix) . $this->filename2);
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_1_loop')) ? eval($hook) : null;
//run hook
# file exists before? change it a little
if (file_exists($this->folder . '/' . $this->filename2)) {
$this->filename2 = change_filename_decoding($this->filename2, $i, $this->typet, 'exists');
}
# now, let process it
if (!in_array(strtolower($this->typet), array_keys($this->types))) {
# guest
if ($this->id_user == '-1') {
$this->messages[] = array(sprintf($lang['FORBID_EXT'], $this->typet) . '<br /> <a href="' . ($config['mod_writer'] ? "register.html" : "ucp.php?go=register") . '" title="' . htmlspecialchars($lang['REGISTER']) . '">' . $lang['REGISTER'] . '</a>', 'index_err');
} else {
$this->messages[] = array(sprintf($lang['FORBID_EXT'], $this->typet), 'index_err');
}
} elseif (preg_match("#[\\\\/\\:\\*\\?\\<\\>\\|\"]#", $this->filename2)) {
$this->messages[] = array(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err');
} elseif (ext_check_safe($_FILES['file_' . $i . '_']['name']) == false) {
$this->messages[] = array(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err');
} elseif (check_mime_type($_FILES['file_' . $i . '_']['type'], in_array(strtolower($this->typet), array('gif', 'png', 'jpg', 'jpeg', 'bmp')), $_FILES['file_' . $i . '_']['tmp_name']) == false) {
$this->messages[] = array(sprintf($lang['NOT_SAFE_FILE'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err');
} elseif ($this->types[strtolower($this->typet)] > 0 && $this->sizet >= $this->types[strtolower($this->typet)]) {
$this->messages[] = array(sprintf($lang['SIZE_F_BIG'], htmlspecialchars($_FILES['file_' . $i . '_']['name']), Customfile_size($this->types[strtolower($this->typet)])), 'index_err');
} else {
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_1_loop_upload')) ? eval($hook) : null;
//run hook
#if this is listed as live-ext from Kleeja settings
$live_exts = array_map('trim', explode(',', $config['imagefolderexts']));
$folder_to_upload = $this->folder;
if (in_array(strtolower($this->typet), $live_exts)) {
# live-exts folder, if empty use default folder
$folder_to_upload = trim($config['imagefolder']) == '' ? trim($config['foldername']) : trim($config['imagefolder']);
# change to time decoding for filename
if ((int) $config['imagefoldere']) {
//$this->filename2 = change_filename_decoding($this->filename2, $i, $this->typet, 'time');
}
}
# now, upload the file
$file = move_uploaded_file($_FILES['file_' . $i . '_']['tmp_name'], $folder_to_upload . "/" . $this->filename2);
if ($file) {
$this->saveit($this->filename2, $folder_to_upload, $this->sizet, $this->typet, $this->filename);
} else {
$this->messages[] = array(sprintf($lang['CANT_UPLAOD'], $this->filename2), 'index_err');
}
}
}
#loop
# well, there is no file uploaded
if (!isset($check) || empty($check)) {
$this->messages[] = array($lang['CHOSE_F'], 'index_err');
}
break;
#uploading from a url text-input
#uploading from a url text-input
case 2:
#if not enabled, quit it
if ((int) $config['www_url'] != '1') {
break;
}
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_2')) ? eval($hook) : null;
//run hook
#loop text inputs
for ($i = 0; $i <= $this->filesnum; $i++) {
# get file name
$this->filename = isset($_POST['file_' . $i . '_']) ? basename(htmlspecialchars($_POST['file_' . $i . '_'])) : '';
//print $this->filename;
# add it to the check-list
$check .= isset($_POST['file_' . $i . '_']) && trim($_POST['file_' . $i . '_']) != $lang['PAST_URL_HERE'] ? $_POST['file_' . $i . '_'] : '';
# file extension, type
$this->typet = explode(".", $this->filename);
if (in_array($this->typet[count($this->typet) - 1], array('html', 'php', 'html'))) {
$this->typet = strtolower($this->typet[count($this->typet) - 2]);
} else {
$this->typet = strtolower($this->typet[count($this->typet) - 1]);
}
# change to another filename depend on kleeja settings
$this->filename2 = change_filename_decoding($this->filename, $i, $this->typet, $this->decode);
$this->filename2 = change_filename_templates(trim($this->prefix) . $this->filename2);
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_2_loop')) ? eval($hook) : null;
//run hook
# process is begun
if (empty($_POST['file_' . $i . '_']) || trim($_POST['file_' . $i . '_']) == $lang['PAST_URL_HERE']) {
#if empty is not big deal, it's a multi-text-input, remember?
} elseif (!in_array(strtolower($this->typet), array_keys($this->types))) {
$this->messages[] = array(sprintf($lang['FORBID_EXT'], htmlspecialchars($_POST['file_' . $i . '_']), $this->typet), 'index_err');
} elseif (file_exists($this->folder . '/' . $this->filename2)) {
$this->messages[] = array(sprintf($lang['SAME_FILE_EXIST'], htmlspecialchars($this->filename2)), 'index_err');
} else {
($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_2_loop_upload')) ? eval($hook) : null;
//run hook
#if this is listed as live-ext from Kleeja settings
$live_exts = explode(',', $config['imagefolderexts']);
$folder_to_upload = $this->folder;
if (in_array(strtolower($this->typet), $live_exts)) {
# live-exts folder, if empty use default folder
$folder_to_upload = trim($config['imagefolder']) == '' ? trim($config['foldername']) : trim($config['imagefolder']);
# change to time decoding for filename
if ((int) $config['imagefoldere']) {
//$this->filename2 = change_filename_decoding($this->filename2, $i, $this->typet, 'time');
}
}
#no prefix ? http or even ftp, then add one
if (!in_array(substr($_POST['file_' . $i . '_'], 0, 4), array('http', 'ftp:'))) {
$_POST['file_' . $i . '_'] = 'http://' . $_POST['file_' . $i . '_'];
}
#get size, if big quit it
$this->sizet = get_remote_file_size($_POST['file_' . $i . '_']);
if ($this->types[strtolower($this->typet)] > 0 && $this->sizet >= $this->types[strtolower($this->typet)]) {
$this->messages[] = array(sprintf($lang['SIZE_F_BIG'], htmlspecialchars($_POST['file_' . $i . '_']), Customfile_size($this->types[strtolower($this->typet)])), 'index_err');
} else {
#get remote data, if no data quit it
$data = fetch_remote_file($_POST['file_' . $i . '_'], $folder_to_upload . "/" . $this->filename2, 6, false, 2, true);
if ($data === false) {
$this->messages[] = array($lang['URL_CANT_GET'], 'index_err');
} else {
$this->saveit($this->filename2, $folder_to_upload, $this->sizet, $this->typet);
}
}
}
#else
}
#end loop
# if not file uploaded as the check-list said, then show error
if (!isset($check) || empty($check)) {
$this->messages[] = array($lang['CHOSE_F'], 'index_err');
}
break;
default:
($hook = kleeja_run_hook('kljuploader_process_switch_default_func')) ? eval($hook) : null;
//run hook
}
#end switch
}
/**
* Processing current upload, aka 'after user click upload button to upload his files'
*
* @param bool $just_check If enabled, no uploading will occur, just checking process
*/
public function process($just_check = false)
{
global $SQL, $dbprefix, $config, $lang;
($hook = kleeja_run_hook('process_func_uploading_cls')) ? eval($hook) : null;
//run hook
#To prevent flooding, user must wait, waiting-time is grapped from Kleeja settings, admin is exceptional
if (!user_can('enter_acp') && user_is_flooding()) {
return $this->errors[] = sprintf($lang['YOU_HAVE_TO_WAIT'], $config['usersectoupload']);
}
#if captcha enabled
if ($config['safe_code']) {
#captcha is wrong
if (!kleeja_check_captcha()) {
return $this->errors[] = $lang['WRONG_VERTY_CODE'];
}
}
#files uploading
$files = rearrange_files_input($_FILES['file']);
if (empty($files)) {
$this->errors[] = $lang['CHOSE_F'];
}
foreach ($files as $file) {
#if total uploaded files reached the limit
if ($this->total >= $config['filesnum']) {
break;
}
#no file content
if (empty($file['tmp_name'])) {
continue;
}
#filename without extension?
if (strpos($file['name'], '.') === false) {
#TODO: try to figure out the extension for popular files
$this->errors[] = sprintf($lang['WRONG_F_NAME'], htmlspecialchars($file['name']));
continue;
}
#clean filename, what about other language?
$filename = strtr($file['name'], 'ŠŽšžŸÀÁÂÃÄÅÇÈÉÊËÌÍÎÏÑÒÓÔÕÖØÙÚÛÜÝàáâãäåçèéêëìíîïñòóôõöøùúûüýÿ', 'SZszYAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy');
$filename = preg_replace(array('/\\s/', '/\\.[\\.]+/', '/[^\\w_\\.\\-]/'), array('_', '.', ''), strtolower($filename));
#get the extension and the right filename
$file_extension = strtolower(substr($filename, strrpos($filename, '.') + 1));
$filename = str_replace('.', '_', substr($filename, 0, strrpos($filename, '.')));
#if file extension is not allowed?
if (!in_array($file_extension, array_keys($this->allowed_extensions))) {
$this->errors[] = sprintf($lang['FORBID_EXT'], $file_extension);
continue;
}
#file check for first 265 content
if (check_file_content($file['tmp_name']) == false && !$just_check) {
$this->errors[] = sprintf($lang['NOT_SAFE_FILE'], $filename);
continue;
}
#file size exceed allowed one
if ($this->allowed_extensions[$file_extension] > 0 && $file['size'] >= $this->allowed_extensions[$file_extension]) {
$this->errors[] = sprintf($lang['SIZE_F_BIG'], htmlspecialchars($file_extension['name']), readable_size($this->allowed_extensions[$file_extension]));
continue;
}
#modify filename to apply Admin changes
$filename = change_filename($file['name'], $file_extension);
($hook = kleeja_run_hook('uploading_process_func_loop_files')) ? eval($hook) : null;
//run hook
#if this is listed as live-ext from Kleeja settings
$live_exts = array_map('trim', explode(',', $config['imagefolderexts']));
$folder_to_upload = $this->uploading_folder;
if (in_array($file_extension, $live_exts)) {
# live-exts folder, if empty use default folder
$folder_to_upload = trim($config['imagefolder']) == '' ? trim($config['foldername']) : $this->uploading_folder;
}
#is this file an image?
$is_img = in_array($file_extension, array('png', 'gif', 'jpg', 'jpeg')) ? true : false;
#now upload
$upload_result = move_uploaded_file($file['tmp_name'], $folder_to_upload . '/' . $filename);
#if uploading went ok
if ($upload_result && !$just_check) {
#sometime can nott see the file after uploading without this fix
@chmod($folder . '/' . $filename, 0644);
#generate delete code
$delete_code = md5($filename . uniqid());
#insert to the DB
$insert_id = $this->add_to_database($filename, $folder_to_upload, $file['size'], $file_extension, $file['name'], $delete_code);
#if insertion goes bad, rollback, delete the file and show error
if (!$insert_id) {
@unlink($folder . '/' . $filname);
$this->errors[] = sprintf($lang['CANT_UPLAOD'], $filename);
continue;
}
# inforamation of file, used for generating a url boxes
$file_info = array('::ID::' => $insert_id, '::NAME::' => $filename, '::DIR::' => $folder_to_upload, '::FNAME::' => $file['name'], '::EXT::' => $file_extension, '::CODE::' => $delete_code);
#if image
if ($is_img) {
# generate thumb always
create_thumb($folder_to_upload . '/' . $filename, $file_extension, $folder_to_upload . '/thumbs/' . $filename, $this->thumb_dimensions['width'], $this->thumb_dimensions['height']);
#show thumb if enabled
if ($config['thumbs_imgs']) {
$this->results[$insert_id]['thumb'] = kleeja_get_link('thumb', $file_info);
}
#if watermark enabled
if ($config['write_imgs']) {
create_watermark($folder_to_upload . '/' . $filename, $file_extension);
}
$this->results[$insert_id]['image'] = kleeja_get_link('image', $file_info);
} else {
$this->results[$insert_id]['file'] = kleeja_get_link('file', $file_info);
}
#if delete code is enabled to be displayed
if ($config['del_url_file']) {
$this->results[$insert_id]['delete_code'] = kleeja_get_link('del', $file_info);
}
#uploaded files increment++
$this->total++;
} else {
$this->errors[] = sprintf($lang['CANT_UPLAOD'], $filename);
}
}
#end-foreach
#total files equal zero, then show a message to tell user to select files
if ($this->total == 0 && !sizeof($this->errors)) {
$this->errors[] = $lang['CHOSE_F'];
}
}
