/** * Processing current upload, aka 'after user click upload button to upload his files' */ function process() { global $SQL, $dbprefix, $config, $lang; ($hook = kleeja_run_hook('kljuploader_process_func')) ? eval($hook) : null; //run hook # check folder our real folder if (!file_exists($this->folder)) { if (!make_folder($this->folder)) { $this->messages[] = array($lang['CANT_DIR_CRT'], 'index_err'); } } # check the live-exts-folder, live exts plugin codes if (!empty($config['imagefolderexts']) && !file_exists($config['imagefolder'])) { if (!make_folder($config['imagefolder'])) { $this->messages[] = array($lang['CANT_DIR_CRT'], 'index_err'); } } # when uploading_type = 1, then we upload from _file input # if uploading_type = 2, then we uploading from url which is disabled by default and is buggy $uploading_type = isset($_POST['submitr']) ? 1 : (isset($_POST['submittxt']) ? 2 : false); # add your uploading_type through the hook ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type')) ? eval($hook) : null; //run hook #no uploading yet, or just go to index.php, so we have make a new session if (!$uploading_type) { unset($_SESSION['FIILES_NOT_DUPLI'], $_SESSION['FIILES_NOT_DUPLI_LINKS']); } # is captcha on, and there is uploading going on if ($this->safe_code && $uploading_type) { #captcha is wrong if (!kleeja_check_captcha()) { return $this->messages[] = array($lang['WRONG_VERTY_CODE'], 'index_err'); } } # to prevent flooding, user must wait, waiting-time is grapped from Kleeja settings, admin is exceptional if (!$this->user_is_adm && user_is_flooding($this->id_user)) { return $this->messages[] = array(sprintf($lang['YOU_HAVE_TO_WAIT'], $this->id_user == '-1' ? $config['guestsectoupload'] : $config['usersectoupload']), 'index_err'); } # flooading .. if ($uploading_type == 1 && isset($_SESSION['FIILES_NOT_DUPLI'])) { for ($i = 0; $i <= $this->filesnum; $i++) { if (!empty($_SESSION['FIILES_NOT_DUPLI']['file_' . $i . '_']['name']) && !empty($_FILES['file_' . $i . '_']['name']) && $_SESSION['FIILES_NOT_DUPLI']['file_' . $i . '_']['name'] == $_FILES['file_' . $i . '_']['name']) { redirect('./'); } } } if ($uploading_type == 2 && isset($_SESSION['FIILES_NOT_DUPLI_LINKS'])) { for ($i = 0; $i <= $this->filesnum; $i++) { if (!empty($_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_']) && !empty($_POST['file_' . $i . '_']) && trim($_POST['file_' . $i . '_']) != $lang['PAST_URL_HERE'] && trim($_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_']) != $lang['PAST_URL_HERE'] && $_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_'] == $_POST['file_' . $i . '_']) { redirect('./'); } } } # flooding code, making sure every ok session is cleared if (isset($_POST['submitr'])) { if (isset($_SESSION['FIILES_NOT_DUPLI'])) { unset($_SESSION['FIILES_NOT_DUPLI']); } $_SESSION['FIILES_NOT_DUPLI'] = $_FILES; } elseif (isset($_POST['submittxt'])) { if (isset($_SESSION['FIILES_NOT_DUPLI_LINKS'])) { unset($_SESSION['FIILES_NOT_DUPLI_LINKS']); } $_SESSION['FIILES_NOT_DUPLI_LINKS'] = $_POST; } #now close session to let user open any other page in Kleeja @session_write_close(); # uploading process, empty check-list for now $check = false; # add your uploading_type through the hook ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_later')) ? eval($hook) : null; //run hook # do upload switch ($uploading_type) { #uploading from a _files input case 1: ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_1')) ? eval($hook) : null; //run hook # loop the uploaded files for ($i = 0; $i <= $this->filesnum; $i++) { //no file! if (empty($_FILES['file_' . $i . '_']['tmp_name'])) { continue; } # file name $this->filename = isset($_FILES['file_' . $i . '_']['name']) ? htmlspecialchars(str_replace(array(';', ','), '', $_FILES['file_' . $i . '_']['name'])) : ''; # add the file to the check-list $check .= isset($_FILES['file_' . $i . '_']['name']) ? $_FILES['file_' . $i . '_']['name'] : ''; # get the extension of file $this->typet = strtolower(array_pop(explode('.', $this->filename))); # them the size $this->sizet = !empty($_FILES['file_' . $i . '_']['size']) ? intval($_FILES['file_' . $i . '_']['size']) : null; # get the other filename, changed depend on kleeja settings $this->filename2 = change_filename_decoding($this->filename, $i, $this->typet, $this->decode); # filename templates {rand:..}, {date:..} $this->filename2 = change_filename_templates(trim($this->prefix) . $this->filename2); ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_1_loop')) ? eval($hook) : null; //run hook # file exists before? change it a little if (file_exists($this->folder . '/' . $this->filename2)) { $this->filename2 = change_filename_decoding($this->filename2, $i, $this->typet, 'exists'); } # now, let process it if (!in_array(strtolower($this->typet), array_keys($this->types))) { # guest if ($this->id_user == '-1') { $this->messages[] = array(sprintf($lang['FORBID_EXT'], $this->typet) . '<br /> <a href="' . ($config['mod_writer'] ? "register.html" : "ucp.php?go=register") . '" title="' . htmlspecialchars($lang['REGISTER']) . '">' . $lang['REGISTER'] . '</a>', 'index_err'); } else { $this->messages[] = array(sprintf($lang['FORBID_EXT'], $this->typet), 'index_err'); } } elseif (preg_match("#[\\\\/\\:\\*\\?\\<\\>\\|\"]#", $this->filename2)) { $this->messages[] = array(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err'); } elseif (ext_check_safe($_FILES['file_' . $i . '_']['name']) == false) { $this->messages[] = array(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err'); } elseif (check_mime_type($_FILES['file_' . $i . '_']['type'], in_array(strtolower($this->typet), array('gif', 'png', 'jpg', 'jpeg', 'bmp')), $_FILES['file_' . $i . '_']['tmp_name']) == false) { $this->messages[] = array(sprintf($lang['NOT_SAFE_FILE'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err'); } elseif ($this->types[strtolower($this->typet)] > 0 && $this->sizet >= $this->types[strtolower($this->typet)]) { $this->messages[] = array(sprintf($lang['SIZE_F_BIG'], htmlspecialchars($_FILES['file_' . $i . '_']['name']), Customfile_size($this->types[strtolower($this->typet)])), 'index_err'); } else { ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_1_loop_upload')) ? eval($hook) : null; //run hook #if this is listed as live-ext from Kleeja settings $live_exts = array_map('trim', explode(',', $config['imagefolderexts'])); $folder_to_upload = $this->folder; if (in_array(strtolower($this->typet), $live_exts)) { # live-exts folder, if empty use default folder $folder_to_upload = trim($config['imagefolder']) == '' ? trim($config['foldername']) : trim($config['imagefolder']); # change to time decoding for filename if ((int) $config['imagefoldere']) { //$this->filename2 = change_filename_decoding($this->filename2, $i, $this->typet, 'time'); } } # now, upload the file $file = move_uploaded_file($_FILES['file_' . $i . '_']['tmp_name'], $folder_to_upload . "/" . $this->filename2); if ($file) { $this->saveit($this->filename2, $folder_to_upload, $this->sizet, $this->typet, $this->filename); } else { $this->messages[] = array(sprintf($lang['CANT_UPLAOD'], $this->filename2), 'index_err'); } } } #loop # well, there is no file uploaded if (!isset($check) || empty($check)) { $this->messages[] = array($lang['CHOSE_F'], 'index_err'); } break; #uploading from a url text-input #uploading from a url text-input case 2: #if not enabled, quit it if ((int) $config['www_url'] != '1') { break; } ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_2')) ? eval($hook) : null; //run hook #loop text inputs for ($i = 0; $i <= $this->filesnum; $i++) { # get file name $this->filename = isset($_POST['file_' . $i . '_']) ? basename(htmlspecialchars($_POST['file_' . $i . '_'])) : ''; //print $this->filename; # add it to the check-list $check .= isset($_POST['file_' . $i . '_']) && trim($_POST['file_' . $i . '_']) != $lang['PAST_URL_HERE'] ? $_POST['file_' . $i . '_'] : ''; # file extension, type $this->typet = explode(".", $this->filename); if (in_array($this->typet[count($this->typet) - 1], array('html', 'php', 'html'))) { $this->typet = strtolower($this->typet[count($this->typet) - 2]); } else { $this->typet = strtolower($this->typet[count($this->typet) - 1]); } # change to another filename depend on kleeja settings $this->filename2 = change_filename_decoding($this->filename, $i, $this->typet, $this->decode); $this->filename2 = change_filename_templates(trim($this->prefix) . $this->filename2); ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_2_loop')) ? eval($hook) : null; //run hook # process is begun if (empty($_POST['file_' . $i . '_']) || trim($_POST['file_' . $i . '_']) == $lang['PAST_URL_HERE']) { #if empty is not big deal, it's a multi-text-input, remember? } elseif (!in_array(strtolower($this->typet), array_keys($this->types))) { $this->messages[] = array(sprintf($lang['FORBID_EXT'], htmlspecialchars($_POST['file_' . $i . '_']), $this->typet), 'index_err'); } elseif (file_exists($this->folder . '/' . $this->filename2)) { $this->messages[] = array(sprintf($lang['SAME_FILE_EXIST'], htmlspecialchars($this->filename2)), 'index_err'); } else { ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_2_loop_upload')) ? eval($hook) : null; //run hook #if this is listed as live-ext from Kleeja settings $live_exts = explode(',', $config['imagefolderexts']); $folder_to_upload = $this->folder; if (in_array(strtolower($this->typet), $live_exts)) { # live-exts folder, if empty use default folder $folder_to_upload = trim($config['imagefolder']) == '' ? trim($config['foldername']) : trim($config['imagefolder']); # change to time decoding for filename if ((int) $config['imagefoldere']) { //$this->filename2 = change_filename_decoding($this->filename2, $i, $this->typet, 'time'); } } #no prefix ? http or even ftp, then add one if (!in_array(substr($_POST['file_' . $i . '_'], 0, 4), array('http', 'ftp:'))) { $_POST['file_' . $i . '_'] = 'http://' . $_POST['file_' . $i . '_']; } #get size, if big quit it $this->sizet = get_remote_file_size($_POST['file_' . $i . '_']); if ($this->types[strtolower($this->typet)] > 0 && $this->sizet >= $this->types[strtolower($this->typet)]) { $this->messages[] = array(sprintf($lang['SIZE_F_BIG'], htmlspecialchars($_POST['file_' . $i . '_']), Customfile_size($this->types[strtolower($this->typet)])), 'index_err'); } else { #get remote data, if no data quit it $data = fetch_remote_file($_POST['file_' . $i . '_'], $folder_to_upload . "/" . $this->filename2, 6, false, 2, true); if ($data === false) { $this->messages[] = array($lang['URL_CANT_GET'], 'index_err'); } else { $this->saveit($this->filename2, $folder_to_upload, $this->sizet, $this->typet); } } } #else } #end loop # if not file uploaded as the check-list said, then show error if (!isset($check) || empty($check)) { $this->messages[] = array($lang['CHOSE_F'], 'index_err'); } break; default: ($hook = kleeja_run_hook('kljuploader_process_switch_default_func')) ? eval($hook) : null; //run hook } #end switch }
/** * Processing current upload, aka 'after user click upload button to upload his files' * * @param bool $just_check If enabled, no uploading will occur, just checking process */ public function process($just_check = false) { global $SQL, $dbprefix, $config, $lang; ($hook = kleeja_run_hook('process_func_uploading_cls')) ? eval($hook) : null; //run hook #To prevent flooding, user must wait, waiting-time is grapped from Kleeja settings, admin is exceptional if (!user_can('enter_acp') && user_is_flooding()) { return $this->errors[] = sprintf($lang['YOU_HAVE_TO_WAIT'], $config['usersectoupload']); } #if captcha enabled if ($config['safe_code']) { #captcha is wrong if (!kleeja_check_captcha()) { return $this->errors[] = $lang['WRONG_VERTY_CODE']; } } #files uploading $files = rearrange_files_input($_FILES['file']); if (empty($files)) { $this->errors[] = $lang['CHOSE_F']; } foreach ($files as $file) { #if total uploaded files reached the limit if ($this->total >= $config['filesnum']) { break; } #no file content if (empty($file['tmp_name'])) { continue; } #filename without extension? if (strpos($file['name'], '.') === false) { #TODO: try to figure out the extension for popular files $this->errors[] = sprintf($lang['WRONG_F_NAME'], htmlspecialchars($file['name'])); continue; } #clean filename, what about other language? $filename = strtr($file['name'], 'ŠŽšžŸÀÁÂÃÄÅÇÈÉÊËÌÍÎÏÑÒÓÔÕÖØÙÚÛÜÝàáâãäåçèéêëìíîïñòóôõöøùúûüýÿ', 'SZszYAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy'); $filename = preg_replace(array('/\\s/', '/\\.[\\.]+/', '/[^\\w_\\.\\-]/'), array('_', '.', ''), strtolower($filename)); #get the extension and the right filename $file_extension = strtolower(substr($filename, strrpos($filename, '.') + 1)); $filename = str_replace('.', '_', substr($filename, 0, strrpos($filename, '.'))); #if file extension is not allowed? if (!in_array($file_extension, array_keys($this->allowed_extensions))) { $this->errors[] = sprintf($lang['FORBID_EXT'], $file_extension); continue; } #file check for first 265 content if (check_file_content($file['tmp_name']) == false && !$just_check) { $this->errors[] = sprintf($lang['NOT_SAFE_FILE'], $filename); continue; } #file size exceed allowed one if ($this->allowed_extensions[$file_extension] > 0 && $file['size'] >= $this->allowed_extensions[$file_extension]) { $this->errors[] = sprintf($lang['SIZE_F_BIG'], htmlspecialchars($file_extension['name']), readable_size($this->allowed_extensions[$file_extension])); continue; } #modify filename to apply Admin changes $filename = change_filename($file['name'], $file_extension); ($hook = kleeja_run_hook('uploading_process_func_loop_files')) ? eval($hook) : null; //run hook #if this is listed as live-ext from Kleeja settings $live_exts = array_map('trim', explode(',', $config['imagefolderexts'])); $folder_to_upload = $this->uploading_folder; if (in_array($file_extension, $live_exts)) { # live-exts folder, if empty use default folder $folder_to_upload = trim($config['imagefolder']) == '' ? trim($config['foldername']) : $this->uploading_folder; } #is this file an image? $is_img = in_array($file_extension, array('png', 'gif', 'jpg', 'jpeg')) ? true : false; #now upload $upload_result = move_uploaded_file($file['tmp_name'], $folder_to_upload . '/' . $filename); #if uploading went ok if ($upload_result && !$just_check) { #sometime can nott see the file after uploading without this fix @chmod($folder . '/' . $filename, 0644); #generate delete code $delete_code = md5($filename . uniqid()); #insert to the DB $insert_id = $this->add_to_database($filename, $folder_to_upload, $file['size'], $file_extension, $file['name'], $delete_code); #if insertion goes bad, rollback, delete the file and show error if (!$insert_id) { @unlink($folder . '/' . $filname); $this->errors[] = sprintf($lang['CANT_UPLAOD'], $filename); continue; } # inforamation of file, used for generating a url boxes $file_info = array('::ID::' => $insert_id, '::NAME::' => $filename, '::DIR::' => $folder_to_upload, '::FNAME::' => $file['name'], '::EXT::' => $file_extension, '::CODE::' => $delete_code); #if image if ($is_img) { # generate thumb always create_thumb($folder_to_upload . '/' . $filename, $file_extension, $folder_to_upload . '/thumbs/' . $filename, $this->thumb_dimensions['width'], $this->thumb_dimensions['height']); #show thumb if enabled if ($config['thumbs_imgs']) { $this->results[$insert_id]['thumb'] = kleeja_get_link('thumb', $file_info); } #if watermark enabled if ($config['write_imgs']) { create_watermark($folder_to_upload . '/' . $filename, $file_extension); } $this->results[$insert_id]['image'] = kleeja_get_link('image', $file_info); } else { $this->results[$insert_id]['file'] = kleeja_get_link('file', $file_info); } #if delete code is enabled to be displayed if ($config['del_url_file']) { $this->results[$insert_id]['delete_code'] = kleeja_get_link('del', $file_info); } #uploaded files increment++ $this->total++; } else { $this->errors[] = sprintf($lang['CANT_UPLAOD'], $filename); } } #end-foreach #total files equal zero, then show a message to tell user to select files if ($this->total == 0 && !sizeof($this->errors)) { $this->errors[] = $lang['CHOSE_F']; } }