/** * This function should be called when an attachment is uploaded. It will * save the attachment to the appropriate place on the disk, and create a * database entry for the file. * * @param array $p_fileVar * <pre> * The variable from the $_FILES array. The array specifies the following: * $a["name"] = original name of the file. * $a["type"] = the MIME type of the file * $a["tmp_name"] = the temporary storage location on disk of the file * $a["size"] = size of the file, in bytes (not required) * $a["error"] = 0 (zero) if there was no error * </pre> * * @param array $p_attributes * Optional attributes which are stored in the database. * Indexes can be the following: 'content_disposition', 'fk_language_id', 'http_charset', 'fk_user_id' * * @param int $p_id * If the attachment already exists and we just want to update it, specify the * current ID here. * * @param bool $p_uploaded * If the attachment was uploaded with other mechanism (ex: plUploader) * this is set so that the single upload file from article functionality is still secured. * * @return mixed * The Attachment object that was created or updated. * Return a PEAR_Error on failure. */ public static function OnFileUpload($p_fileVar, $p_attributes, $p_id = null, $p_uploaded = false) { if (!is_array($p_fileVar)) { return null; } // Verify its a valid file. $filesize = filesize($p_fileVar['tmp_name']); if ($filesize === false) { return new PEAR_Error("Attachment::OnFileUpload(): invalid parameters received."); } // Are we updating or creating? if (!is_null($p_id)) { // Updating the attachment $attachment = new Attachment($p_id); $attachment->update($p_attributes); // Remove the old file because // the new file may have a different file extension. if (file_exists($attachment->getStorageLocation())) { unlink($attachment->getStorageLocation()); } } else { // Creating the attachment $attachment = new Attachment(); $attachment->create($p_attributes); $attachment->setProperty('time_created', 'NULL', true, true); } $attachment->setProperty('file_name', $p_fileVar['name'], false); $attachment->setProperty('mime_type', $p_fileVar['type'], false); $attachment->setProperty('size_in_bytes', $p_fileVar['size'], false); $extension = ""; $fileParts = explode('.', $p_fileVar['name']); if (count($fileParts) > 1) { $extension = array_pop($fileParts); $attachment->setProperty('extension', $extension, false); } $target = $attachment->getStorageLocation(); $attachment->makeDirectories(); ob_start(); var_dump(is_uploaded_file($p_fileVar['tmp_name'])); $dump = ob_get_clean(); /** * for security reason * for file uploaded normal not with other mechanism (ex: plUploader) * we still need the move_uploaded_file functionality */ if (!$p_uploaded && !move_uploaded_file($p_fileVar['tmp_name'], $target)) { $attachment->delete(); return new PEAR_Error(camp_get_error_message(CAMP_ERROR_CREATE_FILE, $target), CAMP_ERROR_CREATE_FILE); } // if the file was uploaded with other mechanism (ex: plUploader) use rename(move) functionality if ($p_uploaded && !rename($p_fileVar['tmp_name'], $target)) { $attachment->delete(); return new PEAR_Error(camp_get_error_message(CAMP_ERROR_CREATE_FILE, $target), CAMP_ERROR_CREATE_FILE); } chmod($target, 0644); $attachment->commit(); return $attachment; }
public function uploadAction() { global $Campsite; $auth = Zend_Auth::getInstance(); $userId = $auth->getIdentity(); $_FILES['file']['name'] = preg_replace('/[^\\w\\._]+/', '', $_FILES['file']['name']); $mimeType = $_FILES['file']['type']; $type = explode('/', $mimeType); if ($type[0] == 'image') { $file = Plupload::OnMultiFileUploadCustom($Campsite['IMAGE_DIRECTORY']); $image = Image::ProcessFile($_FILES['file']['name'], $_FILES['file']['name'], $userId, array('Source' => 'feedback', 'Status' => 'Unapproved', 'Date' => date('Y-m-d'))); $this->view->response = $image->getImageId(); } else { if ($type[1] == 'pdf') { $attachment = new Attachment(); $attachment->makeDirectories(); $file = Plupload::OnMultiFileUploadCustom($attachment->getStorageLocation()); $document = Attachment::ProcessFile($_FILES['file']['name'], $_FILES['file']['name'], $userId, array('Source' => 'feedback', 'Status' => 'Unapproved')); $this->view->response = $document->getAttachmentId(); } } }
<?php /** * @package Newscoop * * @author Mihai Nistor <*****@*****.**> * @copyright 2010 Sourcefabric o.p.s. * @license http://www.gnu.org/licenses/gpl.txt * @link http://www.sourcefabric.org */ require_once($GLOBALS['g_campsiteDir']. "/classes/Plupload.php"); require_once($GLOBALS['g_campsiteDir'].'/classes/Attachment.php'); if (!$g_user->hasPermission('AddFile')) { camp_html_display_error(getGS("You do not have the right to add files.")); exit; } $attachmentObj = new Attachment(); $attachmentObj->makeDirectories(); // Plupload $files = Plupload::OnMultiFileUpload($attachmentObj->getStorageLocation()); ?>