Example #1
0
function wfu_ajax_action_download_file_monitor()
{
    $file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : '');
    $id = isset($_POST['id']) ? $_POST['id'] : (isset($_GET['id']) ? $_GET['id'] : '');
    if ($file_enc == '' || $id == '') {
        die;
    }
    //ensure that this is not a CSRF attack by checking validity of a security ticket
    if (!isset($_SESSION['wfu_download_monitor_ticket_' . $id]) || time() > $_SESSION['wfu_download_monitor_ticket_' . $id]) {
        die;
    }
    //destroy monitor ticket so it cannot be used again
    unset($_SESSION['wfu_download_monitor_ticket_' . $id]);
    //initiate loop of 30secs to check the download status of the file;
    //the download status is controlled by the actual download script;
    //if the file finishes within the 30secs of the loop, then this routine logs the action and notifies
    //the client side about the download status of the file, otherwise an instruction
    //to the client side to repeat this routine and wait for another 30secs is dispatched
    $end_time = time() + 30;
    $upload_ended = false;
    while (time() < $end_time) {
        $upload_ended = isset($_SESSION['wfu_download_status_' . $id]) ? $_SESSION['wfu_download_status_' . $id] == 'downloaded' || $_SESSION['wfu_download_status_' . $id] == 'failed' ? true : false : false;
        if ($upload_ended) {
            break;
        }
        usleep(100);
    }
    if ($upload_ended) {
        $user = wp_get_current_user();
        //		$filepath = wfu_plugin_decode_string($file_code);
        $filepath = wfu_get_filepath_from_safe($file_code);
        if ($filepath === false) {
            die;
        }
        $filepath = wfu_path_rel2abs(wfu_flatten_path($filepath));
        wfu_log_action('download', $filepath, $user->ID, '', 0, 0, '', null);
        die('wfu_ajax_action_download_file_monitor:' . $_SESSION['wfu_download_status_' . $id] . ':');
    } else {
        //regenerate monitor ticket
        $_SESSION['wfu_download_monitor_ticket_' . $id] = time() + 30;
        die('wfu_ajax_action_download_file_monitor:repeat:' . $id);
    }
}
Example #2
0
function wfu_get_filtered_recs($filter)
{
    global $wpdb;
    $table_name1 = $wpdb->prefix . "wfu_log";
    $table_name2 = $wpdb->prefix . "wfu_userdata";
    $plugin_options = wfu_decode_plugin_options(get_option("wordpress_file_upload_options"));
    $queries = array();
    // add default filters
    array_push($queries, 'action <> \'other\'');
    array_push($queries, 'date_to = 0');
    // construct user filter
    if (isset($filter['user'])) {
        if ($filter['user']['all']) {
            if ($filter['user']['guests']) {
                $query = 'uploaduserid >= 0';
            } else {
                $query = 'uploaduserid > 0';
            }
        } elseif (count($filter['user']['ids']) == 1 && substr($filter['user']['ids'][0], 0, 5) == 'guest') {
            $query = 'uploaduserid = 0 AND sessionid = \'' . substr($filter['user']['ids'][0], 5) . '\'';
        } else {
            if ($filter['user']['guests']) {
                array_push($filter['user']['ids'], '0');
            }
            if (count($filter['user']['ids']) == 1) {
                $query = 'uploaduserid = ' . $filter['user']['ids'][0];
            } else {
                $query = 'uploaduserid in (' . implode(",", $filter['user']['ids']) . ')';
            }
        }
        array_push($queries, $query);
    }
    // construct size filter
    if (isset($filter['size'])) {
        if (isset($filter['size']['lower']) && isset($filter['size']['upper'])) {
            $query = 'filesize > ' . $filter['size']['lower'] . ' AND filesize < ' . $filter['size']['upper'];
        } elseif (isset($filter['size']['lower'])) {
            $query = 'filesize > ' . $filter['size']['lower'];
        } else {
            $query = 'filesize < ' . $filter['size']['upper'];
        }
        array_push($queries, $query);
    }
    // construct date filter
    if (isset($filter['date'])) {
        if (isset($filter['date']['lower']) && isset($filter['date']['upper'])) {
            $query = 'uploadtime > ' . $filter['date']['lower'] . ' AND uploadtime < ' . $filter['date']['upper'];
        } elseif (isset($filter['date']['lower'])) {
            $query = 'uploadtime > ' . $filter['date']['lower'];
        } else {
            $query = 'uploadtime < ' . $filter['date']['upper'];
        }
        array_push($queries, $query);
    }
    // construct file pattern filter
    if (isset($filter['pattern'])) {
        $query = 'filepath REGEXP \'' . wfu_upload_plugin_wildcard_to_mysqlregexp($filter['pattern']) . '\'';
        array_push($queries, $query);
    }
    // construct page/post filter
    if (isset($filter['post'])) {
        if (count($filter['post']['ids']) == 1) {
            $query = 'pageid = ' . $filter['post']['ids'][0];
        } else {
            $query = 'pageid in (' . implode(",", $filter['post']['ids']) . ')';
        }
        array_push($queries, $query);
    }
    // construct blog filter
    if (isset($filter['blog'])) {
        if (count($filter['blog']['ids']) == 1) {
            $query = 'blogid = ' . $filter['blog']['ids'][0];
        } else {
            $query = 'blogid in (' . implode(",", $filter['blog']['ids']) . ')';
        }
        array_push($queries, $query);
    }
    // construct userdata filter
    if (isset($filter['userdata'])) {
        if ($filter['userdata']['criterion'] == "equal to") {
            $valuecriterion = 'propvalue = \'' . $filter['userdata']['value'] . '\'';
        } elseif ($filter['userdata']['criterion'] == "starts with") {
            $valuecriterion = 'propvalue LIKE \'' . $filter['userdata']['value'] . '%\'';
        } elseif ($filter['userdata']['criterion'] == "ends with") {
            $valuecriterion = 'propvalue LIKE \'%' . $filter['userdata']['value'] . '\'';
        } elseif ($filter['userdata']['criterion'] == "contains") {
            $valuecriterion = 'propvalue LIKE \'%' . $filter['userdata']['value'] . '%\'';
        } elseif ($filter['userdata']['criterion'] == "not equal to") {
            $valuecriterion = 'propvalue <> \'' . $filter['userdata']['value'] . '\'';
        } elseif ($filter['userdata']['criterion'] == "does not start with") {
            $valuecriterion = 'propvalue NOT LIKE \'' . $filter['userdata']['value'] . '%\'';
        } elseif ($filter['userdata']['criterion'] == "does not end with") {
            $valuecriterion = 'propvalue NOT LIKE \'%' . $filter['userdata']['value'] . '\'';
        } elseif ($filter['userdata']['criterion'] == "does not contain") {
            $valuecriterion = 'propvalue NOT LIKE \'%' . $filter['userdata']['value'] . '%\'';
        } else {
            $valuecriterion = 'propvalue = \'' . $filter['userdata']['value'] . '\'';
        }
        $query = 'uploadid in (SELECT DISTINCT uploadid FROM ' . $table_name2 . ' WHERE date_to = 0 AND property = \'' . $filter['userdata']['field'] . '\' AND ' . $valuecriterion . ')';
        array_push($queries, $query);
    }
    $filerecs = $wpdb->get_results('SELECT * FROM ' . $table_name1 . ' WHERE ' . implode(' AND ', $queries));
    $out = array();
    foreach ($filerecs as $filerec) {
        $obsolete = true;
        //calculate full file path
        $filepath = wfu_path_rel2abs($filerec->filepath);
        if (file_exists($filepath)) {
            if ($plugin_options['hashfiles'] == '1') {
                $filehash = md5_file($filepath);
                if ($filehash == $filerec->filehash) {
                    $obsolete = false;
                }
            } else {
                $filesize = filesize($filepath);
                if ($filesize == $filerec->filesize) {
                    $obsolete = false;
                }
            }
        }
        if ($obsolete) {
            $now_date = date('Y-m-d H:i:s');
            //make previous record obsolete
            $wpdb->update($table_name1, array('date_to' => $now_date), array('idlog' => $filerec->idlog), array('%s'), array('%d'));
        } else {
            $filerec->userdata = null;
            if ($filerec->uploadid != '') {
                $filerec->userdata = $wpdb->get_results('SELECT * FROM ' . $table_name2 . ' WHERE uploadid = \'' . $filerec->uploadid . '\' AND date_to = 0');
            }
            array_push($out, $filerec);
        }
    }
    return $out;
}
Example #3
0
function wfu_edit_filedetails($file_code)
{
    global $wpdb;
    $table_name2 = $wpdb->prefix . "wfu_userdata";
    $user = wp_get_current_user();
    $is_admin = current_user_can('manage_options');
    //check if user is allowed to view file details
    if (!$is_admin) {
        return;
    }
    $file_code = wfu_sanitize_code($file_code);
    $dec_file = wfu_get_filepath_from_safe($file_code);
    if ($dec_file === false) {
        return;
    }
    $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
    //check if user is allowed to perform this action
    if (!wfu_current_user_owes_file($dec_file)) {
        return;
    }
    //get file data from database with user data
    $filedata = wfu_get_file_rec($dec_file, true);
    if ($filedata == null) {
        return;
    }
    if (isset($_POST['submit'])) {
        if ($_POST['submit'] == "Update") {
            //check for errors
            $is_error = false;
            foreach ($filedata->userdata as $userdata) {
                if (!isset($_POST['wfu_filedetails_userdata_' . $userdata->propkey])) {
                    $is_error = true;
                    break;
                }
            }
            if (!$is_error) {
                $now_date = date('Y-m-d H:i:s');
                $userdata_count = 0;
                foreach ($filedata->userdata as $userdata) {
                    $userdata_count++;
                    //make existing userdata record obsolete
                    $wpdb->update($table_name2, array('date_to' => $now_date), array('uploadid' => $userdata->uploadid, 'propkey' => $userdata->propkey), array('%s'), array('%s', '%s'));
                    //insert new userdata record
                    $wpdb->insert($table_name2, array('uploadid' => $userdata->uploadid, 'property' => $userdata->property, 'propkey' => $userdata->propkey, 'propvalue' => $_POST['wfu_filedetails_userdata_' . $userdata->propkey], 'date_from' => $now_date, 'date_to' => 0), array('%s', '%s', '%d', '%s', '%s', '%s'));
                }
                if ($userdata_count > 0) {
                    wfu_log_action('modify:' . $now_date, $dec_file, $user->ID, '', 0, 0, '', null);
                }
            }
        }
    }
    return true;
}
function wfu_export_uploaded_files($params)
{
    global $wpdb;
    $table_name1 = $wpdb->prefix . "wfu_log";
    $table_name2 = $wpdb->prefix . "wfu_userdata";
    $plugin_options = wfu_decode_plugin_options(get_option("wordpress_file_upload_options"));
    $contents = "";
    $header = "Name,Path,Upload User,Upload Time,Size,Page ID,Blog ID,Shortcode ID,Upload ID,User Data";
    $contents = $header;
    $filerecs = $wpdb->get_results('SELECT * FROM ' . $table_name1 . ' WHERE action <> \'other\' AND date_to = 0');
    foreach ($filerecs as $filerec) {
        $obsolete = true;
        //calculate full file path
        $filepath = wfu_path_rel2abs($filerec->filepath);
        if (file_exists($filepath)) {
            if ($plugin_options['hashfiles'] == '1') {
                $filehash = md5_file($filepath);
                if ($filehash == $filerec->filehash) {
                    $obsolete = false;
                }
            } else {
                $filesize = filesize($filepath);
                if ($filesize == $filerec->filesize) {
                    $obsolete = false;
                }
            }
        }
        //export file data if file is not obsolete
        if (!$obsolete) {
            $username = wfu_get_username_by_id($filerec->uploaduserid);
            $filerec->userdata = $wpdb->get_results('SELECT * FROM ' . $table_name2 . ' WHERE uploadid = \'' . $filerec->uploadid . '\' AND date_to = 0');
            $line = wfu_basename($filerec->filepath);
            $line .= "," . wfu_basedir($filerec->filepath);
            $line .= "," . $username;
            $line .= "," . ($filerec->uploadtime == null ? "" : date("Y-m-d H:i:s", $filerec->uploadtime));
            $line .= "," . $filerec->filesize;
            $line .= "," . ($filerec->pageid == null ? "" : $filerec->pageid);
            $line .= "," . ($filerec->blogid == null ? "" : $filerec->blogid);
            $line .= "," . ($filerec->sid == null ? "" : $filerec->sid);
            $line .= "," . $filerec->uploadid;
            $line2 = "";
            foreach ($filerec->userdata as $userdata) {
                if ($line2 != "") {
                    $line2 .= ";";
                }
                $line2 .= $userdata->property . ":" . str_replace(array("\n", "\r", "\r\n"), " ", $userdata->propvalue);
            }
            $line .= "," . $line2;
            $contents .= "\n" . $line;
        }
    }
    //create file
    $path = tempnam(sys_get_temp_dir(), 'wfu');
    file_put_contents($path, $contents);
    return $path;
}
function wfu_ajax_action_include_file()
{
    $file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : '');
    $nonce = isset($_POST['nonce']) ? $_POST['nonce'] : (isset($_GET['nonce']) ? $_GET['nonce'] : '');
    if ($file_code == '' || $nonce == '') {
        die;
    }
    if (!current_user_can('manage_options')) {
        die;
    }
    //security check to avoid CSRF attacks
    if (!wp_verify_nonce($nonce, 'wfu_include_file')) {
        die;
    }
    $plugin_options = wfu_decode_plugin_options(get_option("wordpress_file_upload_options"));
    if ($plugin_options['includeotherfiles'] != "1") {
        die;
    }
    $file_code = wfu_sanitize_code($file_code);
    $dec_file = wfu_get_filepath_from_safe($file_code);
    if ($dec_file === false) {
        die;
    }
    $user = wp_get_current_user();
    $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
    $fileid = wfu_log_action('include', $dec_file, $user->ID, '', '', get_current_blog_id(), '', null);
    if ($fileid !== false) {
        die("wfu_include_file:success:" . $fileid);
    } else {
        die("wfu_include_file:fail:");
    }
}