all copies or substantial portions of the Software.
PGRFileManager IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
//Authorization
if (PGRFileManagerConfig::$authorize) {
session_start();
if (isset($_POST) && isset($_POST['logoff'])) {
unset($_SESSION['PGRFileManagerAuthorized']);
include_once dirname(__FILE__) . '/utils.php';
header('Location:' . PGRFileManagerUtils::curPageURL());
die;
}
if (!isset($_SESSION['PGRFileManagerAuthorized'])) {
if (isset($_POST) && isset($_POST['user']) && isset($_POST['pass']) && $_POST['user'] == PGRFileManagerConfig::$authorizeUser && $_POST['pass'] == PGRFileManagerConfig::$authorizePass) {
$_SESSION['PGRFileManagerAuthorized'] = true;
include_once dirname(__FILE__) . '/utils.php';
header('Location:' . PGRFileManagerUtils::curPageURL());
die;
} else {
include_once dirname(__FILE__) . '/login.php';
die;
}
}
}
$tempFile = $_FILES['Filedata']['tmp_name'];
$targetFile = $directory . '/' . $_FILES['Filedata']['name'];
// Validate the file size (Warning: the largest files supported by this code is 2GB)
$file_size = filesize($tempFile);
if (!$file_size || $file_size > PGRFileManagerConfig::$fileMaxSize) {
exit(0);
}
//check file ext
if (PGRFileManagerConfig::$allowedExtensions != "") {
if (preg_match('/^.*\\.(' . PGRFileManagerConfig::$allowedExtensions . ')$/', strtolower($_FILES['Filedata']['name'])) === 0) {
exit(0);
}
}
move_uploaded_file($tempFile, $targetFile);
//if image check size, and rescale if necessary
try {
if (preg_match('/^.*\\.(jpg|gif|jpeg|png|bmp)$/', strtolower($_FILES['Filedata']['name'])) > 0) {
$targetFile = realpath($targetFile);
$imageInfo = PGRFileManagerUtils::getImageInfo($targetFile);
if ($imageInfo !== false && ($imageInfo['height'] > PGRFileManagerConfig::$imageMaxHeight || $imageInfo['width'] > PGRFileManagerConfig::$imageMaxWidth)) {
require_once realpath(dirname(__FILE__) . '/../PGRThumb/php/Image.php');
$image = PGRThumb_Image::factory($targetFile);
$image->maxSize(PGRFileManagerConfig::$imageMaxWidth, PGRFileManagerConfig::$imageMaxHeight);
$image->saveImage($targetFile, 80);
}
}
} catch (Exception $e) {
//todo
}
}
exit(0);
//check for extra function to do
if (isset($_POST['fun']) && PGRFileManagerConfig::$allowEdit) {
$fun = $_POST['fun'];
if ($fun === 'deleteDir' && isset($_POST['dirname'])) {
$dirname = $_POST['dirname'];
$dir = realpath($directory . $dirname);
//check if dir is not a rootdir
if ($dir === $directory) {
die;
}
//check if dir is in rootdir
if (strpos($dir, $directory) !== 0) {
die;
}
if (is_dir($dir)) {
PGRFileManagerUtils::deleteDirectory($dir);
}
echo json_encode(array('res' => 'OK'));
exit(0);
} else {
if ($fun === 'addDir' && isset($_POST['dirname']) && isset($_POST['newDirname'])) {
$dirname = $_POST['dirname'];
$newDirname = $_POST['newDirname'];
//allowed chars
if (preg_match("/^[.A-Z0-9_ !@#\$%^&()+={}\\[\\]\\',~`-]+\$/i", $newDirname) === 0) {
die;
}
$dirnameLength = strlen($newDirname);
if ($dirnameLength === 0) {
die;
}
}
//check file ext
if (PGRFileManagerConfig::$allowedExtensions != "") {
if (preg_match('/^.*\\.(' . PGRFileManagerConfig::$allowedExtensions . ')$/', strtolower($elem)) === 0) {
continue;
}
}
$filepath = $directory . '/' . $elem;
if (is_file($filepath)) {
$file = array();
$file['filename'] = $elem;
$file['shortname'] = strlen($elem) > 17 ? substr($elem, 0, 17) . '...' : $elem;
$file['size'] = PGRFileManagerUtils::formatBytes(filesize($filepath));
$file['md5'] = md5(filemtime($filepath));
if (PGRFileManagerConfig::$ckEditorExtensions != "") {
$file['ckEdit'] = preg_match('/^.*\\.(' . PGRFileManagerConfig::$ckEditorExtensions . ')$/', strtolower($elem)) > 0;
} else {
$file['ckEdit'] = false;
}
$file['date'] = date('Y-m-d H:i:s', filemtime($filepath));
$file['imageInfo'] = PGRFileManagerUtils::getImageInfo($filepath);
if ($file['imageInfo'] != false) {
$file['thumb'] = PGRFileManagerUtils::getPhpThumb("src=" . urlencode(PGRFileManagerConfig::$rootPath . $_POST['dir'] . '/' . $elem) . "&w=64&h=64&md5=" . $file['md5']);
} else {
$file['thumb'] = false;
}
$files[] = $file;
}
}
echo json_encode(array('res' => 'OK', 'files' => $files));
exit(0);
