function FileUpload($resourceType, $currentFolder, $sCommand) { if (!isset($_FILES)) { global $_FILES; } $sErrorNumber = '0'; $sFileName = ''; if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) { global $Config; $oFile = $_FILES['NewFile']; // Map the virtual path to the local server path. $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand); // Get the uploaded file name. $sFileName = $oFile['name']; $sFileName = SanitizeFileName($sFileName); $sOriginalFileName = $sFileName; // Get the extension. $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1); $sExtension = strtolower($sExtension); if (isset($Config['SecureImageUploads'])) { if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) { $sErrorNumber = '202'; } } if (isset($Config['HtmlExtensions'])) { if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) { $sErrorNumber = '202'; } } // Check if it is an allowed extension. if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { $iCounter = 0; while (true) { $sFilePath = $sServerDir . $sFileName; if (is_file($sFilePath)) { $iCounter++; $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension; $sErrorNumber = '201'; } else { move_uploaded_file($oFile['tmp_name'], $sFilePath); if (is_file($sFilePath)) { if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { break; } $permissions = 0777; if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) { $permissions = $Config['ChmodOnUpload']; } $oldumask = umask(0); chmod($sFilePath, $permissions); umask($oldumask); } break; } } if (file_exists($sFilePath)) { //previous checks failed, try once again if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $sErrorNumber = '202'; } else { if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) { @unlink($sFilePath); $sErrorNumber = '202'; } } } } else { $sErrorNumber = '202'; } } else { $sErrorNumber = '202'; } $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); SendUploadResults($sErrorNumber, $sFileUrl, $sFileName); exit; }
function FileUpload($resourceType, $currentFolder, $sCommand) { if (!isset($_FILES)) { global $_FILES; } $sErrorNumber = '0'; $sFileName = ''; if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) { global $Config; $oFile = $_FILES['NewFile']; // No POST errors in uploading? if ($oFile['error'] !== UPLOAD_ERR_OK) { $sErrorNumber = '1'; switch ($oFile['error']) { case UPLOAD_ERR_INI_SIZE: $err_msg = 'The uploaded file exceeds the upload_max_filesize directive in php.ini'; break; case UPLOAD_ERR_FORM_SIZE: $err_msg = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'; break; case UPLOAD_ERR_PARTIAL: $err_msg = 'The uploaded file was only partially uploaded'; break; case UPLOAD_ERR_NO_FILE: $err_msg = 'No file was uploaded'; break; case UPLOAD_ERR_NO_TMP_DIR: $err_msg = 'Missing a temporary folder'; break; case UPLOAD_ERR_CANT_WRITE: $err_msg = 'Failed to write file to disk'; break; case UPLOAD_ERR_EXTENSION: $err_msg = 'File upload stopped by extension'; break; default: $err_msg = 'Unknown upload error'; } SendUploadResults($sErrorNumber, '', '', $err_msg); exit; } // Is of proper size? if ($Config['k_max_upload_size']) { $max = $Config['k_max_upload_size'] * 1024 * 1024; if ($oFile['size'] > $Config['k_max_upload_size'] * 1024 * 1024) { $sErrorNumber = '1'; $err_msg = 'File too large. Cannot be over ' . $Config['k_max_upload_size'] . ' MB in size.'; SendUploadResults($sErrorNumber, '', '', $err_msg); exit; } } // Map the virtual path to the local server path. $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand); // Get the uploaded file name. $sFileName = $oFile['name']; $sFileName = SanitizeFileName($sFileName); $sOriginalFileName = $sFileName; // Get the extension. $sExtension = ''; if (strrpos($sFileName, '.') !== false) { $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1); $sExtension = strtolower($sExtension); } if ($sExtension != '') { if (isset($Config['SecureImageUploads'])) { if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) { $sErrorNumber = '202'; } } if (isset($Config['HtmlExtensions'])) { if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) { $sErrorNumber = '202'; } } } // Check if it is an allowed extension. if ($sExtension != '' && !$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { $iCounter = 0; while (true) { $sFilePath = $sServerDir . $sFileName; if (is_file($sFilePath)) { $iCounter++; $sFileName = RemoveExtension($sOriginalFileName) . '-' . $iCounter . '.' . $sExtension; $sErrorNumber = '201'; } else { if (defined('K_GALLERY_UPLOAD')) { $res = rename($oFile['tmp_name'], $sFilePath); } else { $res = move_uploaded_file($oFile['tmp_name'], $sFilePath); } if ($res === FALSE) { $sErrorNumber = '203'; break; } if (is_file($sFilePath)) { if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { break; } $permissions = 0777; if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) { $permissions = $Config['ChmodOnUpload']; } $oldumask = umask(0); chmod($sFilePath, $permissions); umask($oldumask); } break; } } if (file_exists($sFilePath)) { //previous checks failed, try once again if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $sErrorNumber = '202'; } else { if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) { @unlink($sFilePath); $sErrorNumber = '202'; } } } } else { $sErrorNumber = '202'; } } else { $sErrorNumber = '202'; } $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); $res = SendUploadResults($sErrorNumber, $sFileUrl, $sFileName); if (defined('K_GALLERY_UPLOAD')) { return $res; } exit; }
function FileUpload($resourceType, $currentFolder, $sCommand) { global $cfg; global $db; $tbl_attachment = $cfg['tbl_attachment']; if (!isset($_FILES)) { global $_FILES; } //print_r($_FILES['type']); $sErrorNumber = '0'; $sFileName = ''; if (!isset($_FILES['NewFile'])) { $temp = $_FILES['file']; $_FILES['NewFile'] = $temp; $flag = 0; } else { $flag = 1; } if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) { global $Config; $oFile = $_FILES['NewFile']; $mime_type = $oFile['type']; // Map the virtual path to the local server path. $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand); // Get the uploaded file name. $sFileName = $oFile['name']; $sFileName = SanitizeFileName($sFileName); $sOriginalFileName = $sFileName; // Get the extension. $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1); $sExtension = strtolower($sExtension); $sFileName = "flow_" . str_replace(array("0.", " "), array("", "_"), microtime()) . "." . $sExtension; if (isset($Config['SecureImageUploads'])) { if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) { $sErrorNumber = '202'; } } if (isset($Config['HtmlExtensions'])) { if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) { $sErrorNumber = '202'; } } // Check if it is an allowed extension. if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { $iCounter = 0; while (true) { $sFilePath = $sServerDir . $sFileName; if (is_file($sFilePath)) { $iCounter++; $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension; $sErrorNumber = '201'; } else { move_uploaded_file($oFile['tmp_name'], $sFilePath); if (is_file($sFilePath)) { if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { break; } $permissions = 0777; if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) { $permissions = $Config['ChmodOnUpload']; } $oldumask = umask(0); chmod($sFilePath, $permissions); umask($oldumask); } break; } } if (file_exists($sFilePath)) { //previous checks failed, try once again if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $sErrorNumber = '202'; } else { if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) { @unlink($sFilePath); $sErrorNumber = '202'; } } } } else { $sErrorNumber = '202'; } } else { $sErrorNumber = '202'; } if (isset($_GET['object_id'])) { $object_id = intval($_GET['object_id']); } else { if (isset($_POST['object_id'])) { $object_id = intval($_POST['object_id']); } else { global $object_id; } } if (isset($_GET['class_id'])) { $class_id = intval($_GET['class_id']); } else { if (isset($_POST['class_id'])) { $class_id = intval($_POST['class_id']); } else { $class_id = 1; } } if (!$sErrorNumber && file_exists($sFilePath)) { $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); $sql = "insert into {$tbl_attachment} (catalog_id,object_id,filename,formername,ext,mime,mime_type,dt) values ('{$class_id}','{$object_id}','{$sFileName}','{$sOriginalFileName}','{$sExtension}','{$resourceType}','{$mime_type}','" . date("Y-m-d H:i:s", time() + 8 * 3600) . "')"; @$db->Execute($sql); if ($resourceType == "File") { $cmd = "download"; } else { $cmd = "preview"; } $sFileUrl = $cfg['flow_basedir'] . "file.php?cmd=" . $cmd . "&id=" . $db->Insert_ID(); } if ($flag == "1") { SendUploadResults($sErrorNumber, $sFileUrl, $sFileName); } else { echo "\r\n\t\t\t<script language='JavaScript'>\r\n\t\t\t\t<!--\r\n\t\t\t\t\twindow.location.href='" . $cfg['flow_basedir'] . "flowcms/filebrowser.php?Type={$resourceType}&class_id={$class_id}&object_id={$object_id}';\r\n\t\t\t\t//-->\r\n\t\t\t</script>\r\n\t\t"; } exit; }
function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '') { if (!isset($_FILES)) { global $_FILES; } $sErrorNumber = '0'; $sFileName = ''; $customError = ''; //PATCH to detect a quick file upload. if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name']) || isset($_FILES['upload']) && !is_null($_FILES['upload']['tmp_name'])) { global $config; //PATCH to detect a quick file upload. $oFile = isset($_FILES['NewFile']) ? $_FILES['NewFile'] : $_FILES['upload']; // Map the virtual path to the local server path. $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand); // Get the uploaded file name. $sFileName = $oFile['name']; $sFileName = SanitizeFileName($sFileName); $sOriginalFileName = $sFileName; // Get the extension. $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1); $sExtension = strtolower($sExtension); if (isset($config['SecureImageUploads'])) { if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) == false) { $sErrorNumber = '202'; } } if (isset($config['HtmlExtensions'])) { if (!IsHtmlExtension($sExtension, $config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) == true) { $sErrorNumber = '202'; } } if ($oFile["size"] / 1024 > $config['MaxImageSize']) { $sErrorNumber = '1'; $customError = "Can't upload max size " . $config['MaxImageSize'] . "KB"; } // Check if it is an allowed extension. if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { if ($config['UploadOrginalFilename']) { // อัปโหลดใช้ชื่อเดิม $iCounter = 0; while (true) { $sFilePath = $sServerDir . $sFileName; if (is_file($sFilePath)) { $iCounter++; $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension; $sErrorNumber = '201'; } else { move_uploaded_file($oFile['tmp_name'], $sFilePath); if (is_file($sFilePath)) { if (isset($config['ChmodOnUpload']) && !$config['ChmodOnUpload']) { break; } $permissions = 0777; if (isset($config['ChmodOnUpload']) && $config['ChmodOnUpload']) { $permissions = $config['ChmodOnUpload']; } $oldumask = umask(0); chmod($sFilePath, $permissions); umask($oldumask); } break; } } } else { // อัปโหลดโดยใช้เวลาเป็นชื่อไฟล์ $iCounter = date('U'); while (true) { $sFileName = "{$iCounter}.{$sExtension}"; $sFilePath = $sServerDir . $sFileName; if (is_file($sFilePath)) { $iCounter++; $sFileName = "{$iCounter}.{$sExtension}"; } else { move_uploaded_file($oFile['tmp_name'], $sFilePath); if (is_file($sFilePath)) { if (isset($config['ChmodOnUpload']) && !$config['ChmodOnUpload']) { break; } $permissions = 0777; if (isset($config['ChmodOnUpload']) && $config['ChmodOnUpload']) { $permissions = $config['ChmodOnUpload']; } $oldumask = umask(0); chmod($sFilePath, $permissions); umask($oldumask); } break; } } } if (file_exists($sFilePath)) { //previous checks failed, try once again if (isset($isImageValid) && $isImageValid == -1 && IsImageValid($sFilePath, $sExtension) == false) { @unlink($sFilePath); $sErrorNumber = '202'; } elseif (isset($detectHtml) && $detectHtml == -1 && DetectHtml($sFilePath) == true) { @unlink($sFilePath); $sErrorNumber = '202'; } } } else { $sErrorNumber = $sErrorNumber; } } else { $sErrorNumber = '202'; } $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); if ($CKEcallback == '') { SendUploadResults($sErrorNumber, $sFileUrl, $sFileName); } else { //issue the CKEditor Callback //SendCKEditorResults($sErrorNumber, $CKEcallback, WEB_URL.'/'.$sFileUrl, $sFileName); SendCKEditorResults($sErrorNumber, $CKEcallback, $sFileUrl, $sFileName, $customError == "" ? "" : $customError); } exit; }
function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '') { if (!isset($_FILES)) { global $_FILES; } $sErrorNumber = '0'; $sFileName = ''; if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name']) || isset($_FILES['upload']) && !is_null($_FILES['upload']['tmp_name'])) { global $Config; $oFile = isset($_FILES['NewFile']) ? $_FILES['NewFile'] : $_FILES['upload']; // Map the virtual path to the local server path. $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand); // Get the uploaded file name. $sFileName = filemanager_translit($oFile['name']); $sFileName = SanitizeFileName($sFileName); $sOriginalFileName = $sFileName; // Get the extension. $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1); $sExtension = strtolower($sExtension); if (isset($Config['SecureImageUploads'])) { if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) { $sErrorNumber = '202'; } } if (isset($Config['HtmlExtensions'])) { if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) { $sErrorNumber = '202'; } } // Check if it is an allowed extension. if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { $iCounter = 0; while (true) { $sFilePath = $sServerDir . $sFileName; if (is_file($sFilePath)) { $iCounter++; $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension; $sErrorNumber = '201'; } else { move_uploaded_file($oFile['tmp_name'], $sFilePath); if (is_file($sFilePath)) { if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { break; } $permissions = 0777; if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) { $permissions = $Config['ChmodOnUpload']; } $oldumask = umask(0); chmod($sFilePath, $permissions); umask($oldumask); if ($Config['ThumbCreate'] && $_POST['thumb'] && in_array($sExtension, array("gif", "jpg", "jpeg", "png", "wbmp"))) { filemanager_thumb($sFilePath, $_POST['thumb_x'], $_POST['thumb_y']); } if ($Config['ThumbList'] && $resourceType == 'Image') { $sThumbPath = CombinePaths($_SERVER['DOCUMENT_ROOT'] . GetResourceTypePath('ImageThumb', 'Upload'), filemanager_getthumbname($currentFolder . $sFileName)); filemanager_thumb($sFilePath, $Config['ThumbListSize'], $Config['ThumbListSize'], $sThumbPath); } } break; } } if (!empty($sFilePath) && file_exists($sFilePath)) { //previous checks failed, try once again if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $sErrorNumber = '202'; } else { if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) { @unlink($sFilePath); $sErrorNumber = '202'; } } } } else { $sErrorNumber = '202'; } } else { $sErrorNumber = '202'; } $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); if ($CKEcallback == '') { SendUploadResults($sErrorNumber, $sFileUrl, $sFileName); } else { //issue the CKEditor Callback SendCKEditorResults($sErrorNumber, $CKEcallback, $sFileUrl, $sFileName); } exit; }
function FileUpload($resourceType, $currentFolder, $sCommand) { if (!isset($_FILES)) { global $_FILES; } $sErrorNumber = '0'; $sFileName = ''; if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) { global $Config; $oFile = $_FILES['NewFile']; // Map the virtual path to the local server path. $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand); // Get the uploaded file name. $sFileName = time() . "." . strtolower(array_pop(explode(".", $oFile['name']))); $sFileName = SanitizeFileName($sFileName); $sOriginalFileName = $sFileName; // Get the extension. $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1); $sExtension = strtolower($sExtension); if (isset($Config['SecureImageUploads'])) { if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) { $sErrorNumber = '202'; } } if (isset($Config['HtmlExtensions'])) { if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) { $sErrorNumber = '202'; } } // Check if it is an allowed extension. if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { $iCounter = 0; while (true) { $sFilePath = $sServerDir . $sFileName; if (is_file($sFilePath)) { $iCounter++; $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension; $sErrorNumber = '201'; } else { move_uploaded_file($oFile['tmp_name'], $sFilePath); if (is_file($sFilePath)) { if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { break; } $permissions = 0777; if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) { $permissions = $Config['ChmodOnUpload']; } $oldumask = umask(0); chmod($sFilePath, $permissions); umask($oldumask); } break; } } if ($_POST['C1'] == "ON") { $watermark = 1; //是否附加水印(1为加水印,其他为不加水印); } else { $watermark = 2; } if ($_POST['R1'] == "V1") { $watertype = 1; //水印类型(1为文字,2为图片) } else { $watertype = 2; } if ($_POST['T1'] == "") { $waterstring = 'http://www.bb580.com.cn'; //水印字符串 } else { $waterstring = $_POST['T1']; } $waterimg = "logo.png"; //水印图片 if ($watermark == 1) { $image_size = getimagesize($sFilePath); $awidth = $image_size[0]; $aheight = $image_size[1]; $iinfo = getimagesize($sFilePath, $iinfo); $nimage = imagecreatetruecolor($image_size[0], $image_size[1]); $white = imagecolorallocate($nimage, 255, 255, 255); $black = imagecolorallocate($nimage, 0, 0, 0); $red = imagecolorallocate($nimage, 255, 0, 0); imagefill($nimage, 0, 0, $white); switch ($iinfo[2]) { case 1: $simage = imagecreatefromgif($sFilePath); break; case 2: $simage = imagecreatefromjpeg($sFilePath); break; case 3: $simage = imagecreatefrompng($sFilePath); break; case 6: $simage = imagecreatefromwbmp($sFilePath); break; default: die("不支持的文件类型"); exit; } imagecopy($nimage, $simage, 0, 0, 0, 0, $image_size[0], $image_size[1]); switch ($watertype) { case 1: //加水印字符串 imagestring($nimage, 2, 3, $image_size[1] - 15, $waterstring, $black); break; case 2: //加水印图片 $simage1 = imagecreatefrompng($waterimg); imagecopy($nimage, $simage1, $awidth - 151, $aheight - 50, 0, 0, 151, 50); imagedestroy($simage1); break; } switch ($iinfo[2]) { case 1: imagegif($nimage, $sFilePath); imagejpeg($nimage, $sFilePath); break; case 2: imagejpeg($nimage, $sFilePath); break; case 3: imagepng($nimage, $sFilePath); break; case 6: imagewbmp($nimage, $sFilePath); imagejpeg($nimage, $sFilePath); break; } //覆盖原上传文件 imagedestroy($nimage); imagedestroy($simage); } if (file_exists($sFilePath)) { //previous checks failed, try once again if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $sErrorNumber = '202'; } else { if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) { @unlink($sFilePath); $sErrorNumber = '202'; } } } } else { $sErrorNumber = '202'; } } else { $sErrorNumber = '202'; } $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); SendUploadResults($sErrorNumber, $sFileUrl, $sFileName); exit; }
function MoreFileUpload($resourceType, $currentFolder, $sCommand) { if (!isset($_FILES)) { global $_FILES; } global $Config; $sErrorNumber = '0'; $sFileName = ''; if (is_array($_FILES['NewFile']['name'])) { foreach ($_FILES['NewFile']['name'] as $key => $value) { if (!empty($_FILES['NewFile']['tmp_name'][$key])) { // Map the virtual path to the local server path. $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand); // Get the uploaded file name. $sFileName = $_FILES['NewFile']['name'][$key]; $sFileName = SanitizeFileName($sFileName); $sOriginalFileName = $sFileName; // Get the extension. $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1); $sExtension = strtolower($sExtension); if (isset($Config['SecureImageUploads'])) { if (($isImageValid = IsImageValid($_FILES['NewFile']['tmp_name'][$key], $sExtension)) === false) { $sErrorNumber = '202'; } } if (isset($Config['HtmlExtensions'])) { if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($_FILES['NewFile']['tmp_name'][$key])) === true) { $sErrorNumber = '202'; } } // Check if it is an allowed extension. if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { $iCounter = 0; while (true) { $sFilePath = $sServerDir . $sFileName; if (is_file($sFilePath)) { $iCounter++; $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension; $sErrorNumber = '201'; } else { move_uploaded_file($_FILES['NewFile']['tmp_name'][$key], $sFilePath); //判断并给符合条件图片加上水印 if ($sExtension == 'jpg' || $sExtension == 'jpeg' || $sExtension == 'png' || $sExtension == 'gif' || $sExtension == 'bmp') { require_once ROOT_PATH . '/includes/cls_image.php'; $image = new cls_image($GLOBALS['_CFG']['bgcolor']); if (intval($GLOBALS['_CFG']['watermark_place']) > 0 && !empty($GLOBALS['_CFG']['watermark'])) { $image->add_watermark($sFilePath, '', '../../../../../' . $GLOBALS['_CFG']['watermark'], $GLOBALS['_CFG']['watermark_place'], $GLOBALS['_CFG']['watermark_alpha']); } } if (is_file($sFilePath)) { if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { break; } $permissions = 0777; if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) { $permissions = $Config['ChmodOnUpload']; } $oldumask = umask(0); chmod($sFilePath, $permissions); umask($oldumask); } break; } } if (file_exists($sFilePath)) { //previous checks failed, try once again if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $sErrorNumber = '202'; } else { if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) { @unlink($sFilePath); $sErrorNumber = '202'; } } } } else { $sErrorNumber = '202'; } if ($sErrorNumber == '202') { $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); SendUploadResults($sErrorNumber, $sFileUrl, $sFileName); } } else { continue; } } $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); SendUploadResults($sErrorNumber, $sFileUrl, $sFileName, $key); } else { $sErrorNumber = '202'; $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); SendUploadResults($sErrorNumber, $sFileUrl, $sFileName); } exit; }
function FileUpload($resourceType, $currentFolder, $sCommand) { if (!isset($_FILES)) { global $_FILES; } $sErrorNumber = '0'; $sFileName = ''; if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) { global $Config; $oFile = $_FILES['NewFile']; // Map the virtual path to the local server path. $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand); // Get the uploaded file name. $sFileName = $oFile['name']; $sFileName = SanitizeFileName($sFileName, $oFile['type']); $sOriginalFileName = $sFileName; // Get the extension. $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1); $sExtension = strtolower($sExtension); if (isset($Config['SecureImageUploads'])) { if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) { $sErrorNumber = '202'; } } if (isset($Config['HtmlExtensions'])) { if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) { $sErrorNumber = '202'; } } // Check if it is an allowed extension. if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { $iCounter = 0; while (true) { $sFilePath = $sServerDir . $sFileName; if (is_file($sFilePath)) { $iCounter++; $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension; $sErrorNumber = '0'; // Change $sErrorNumber '201' to '0' to allow create record files renamed } else { move_uploaded_file($oFile['tmp_name'], $sFilePath); if (is_file($sFilePath)) { if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { break; } $permissions = 0777; if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) { $permissions = $Config['ChmodOnUpload']; } //$oldumask = umask(0) ; chmod($sFilePath, $permissions); //umask( $oldumask ) ; } break; } } if (file_exists($sFilePath)) { //previous checks failed, try once again if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $sErrorNumber = '202'; } else { if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) { @unlink($sFilePath); $sErrorNumber = '202'; } } } } else { $sErrorNumber = '202'; } } else { $sErrorNumber = '202'; } if ($sErrorNumber == '0') { // While we are in a course: Registering the newly uploaded file in the course's database. if (api_is_in_course()) { global $_course, $_user; $repository_path = api_get_path(REL_COURSE_PATH) . api_get_course_path() . '/document/'; $to_group_id = 0; if (api_is_in_group()) { global $group_properties; $to_group_id = $group_properties['id']; } if (file_exists($sFilePath)) { $file_path = substr($sFilePath, strpos($sFilePath, $repository_path) + strlen($repository_path) - 1); $path = explode('/', $file_path); $file_name = $path[count($path) - 1]; $path[count($path) - 1] = ''; $folder_path = '/' + implode('/', $path); $file_size = @filesize($sFilePath); $doc_id = add_document($_course, $file_path, 'file', $file_size, $file_name); api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $_user['user_id'], $to_group_id); item_property_update_on_folder($_course, $folder_path, $_user['user_id']); } } } $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); SendUploadResults($sErrorNumber, $sFileUrl, $sFileName); exit; }
function FileUpload($resourceType, $currentFolder, $sCommand) { dbConn(); $email = getEmailFCK(); $thumb_widthpx = 160; if (!isset($_FILES)) { global $_FILES; } $sErrorNumber = '0'; $sFileName = ''; if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name']) && $email != "") { global $Config; $oFile = $_FILES['NewFile']; // Map the virtual path to the local server path. //$sServerDir = ServerMapFolder( $resourceType, $currentFolder, $sCommand ) ; $s = GetRootPath() . $Config['UserTempPath'] . $currentFolder . "/"; $s = str_replace("\\", "/", $s); $sServerDir = $s; $f = fopen("log2.txt", "a"); fwrite($f, "\r\n s = {$s} \r\n"); // Get the uploaded file name. $sFileName = $oFile['name']; $sFileName = SanitizeFileName($sFileName); $sOriginalFileName = $sFileName; // Get the extension. $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1); $sExtension = strtolower($sExtension); if (isset($Config['SecureImageUploads'])) { if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) { $sErrorNumber = '202'; } } if (isset($Config['HtmlExtensions'])) { if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) { $sErrorNumber = '202'; } } // Check if it is an allowed extension. if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { $iCounter = 0; while (true) { $sFilePath = $sServerDir . "/" . $sFileName; //fwrite($f, "\r\n sFilePath = $sFilePath \r\n"); //fwrite($f, "\nsServerDir = $sServerDir\n"); if (is_file($sFilePath)) { $iCounter++; $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension; $sErrorNumber = '201'; } else { move_uploaded_file($oFile['tmp_name'], $sFilePath); if (is_file($sFilePath)) { $ftype = $_FILES['NewFile']['type']; $file_size = $_FILES['NewFile']['size']; $originalpic = file_get_contents($sFilePath); list($width, $height) = getimagesize($sFilePath); if ($width > $thumb_widthpx) { $count = 1; $p = str_replace($sFileName, "", $sFilePath, $count); //fwrite($f, "\r\nfpath: $sFilePath\r\n"); $thumbpic = getThumbImage($p, $thumb_widthpx, $sFileName); } else { $thumbpic = $originalpic; unlink($sFilePath); } $album_id = getAlbumId($email); $table = 'user_imgs'; $fields = array('id', 'user_email', 'large_image', 'thumb_image', 'file_type', 'stat', 'file_name', 'file_size', 'album_id', 'admin_perm', 'view_count', 'rating'); $values = array(null, $email, $originalpic, $thumbpic, $ftype, 1, $sFileName, $file_size, $album_id, 1, 0, 0); $rs = insertData($table, $fields, $values); if (is_string($rs) || $rs == false) { //$sErrorNumber = '202' ; //file_put_contents("$sFileName", $thumbpic); } else { //fwrite($f, "is inserted = true"); } if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { break; } $permissions = 0777; if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) { $permissions = $Config['ChmodOnUpload']; } $oldumask = umask(0); chmod($sFilePath, $permissions); umask($oldumask); } break; } } if (file_exists($sFilePath)) { //previous checks failed, try once again if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $sErrorNumber = '202'; } else { if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) { @unlink($sFilePath); $sErrorNumber = '202'; } } } } else { $sErrorNumber = '202'; } } else { $sErrorNumber = '202'; } $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); SendUploadResults($sErrorNumber, $sFileUrl, $sFileName); exit; }
function FileUpload($resourceType, $currentFolder, $sCommand) { if (!isset($_FILES)) { global $_FILES; } $sErrorNumber = '0'; $sFileName = ''; if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) { global $Config; $oFile = $_FILES['NewFile']; // Map the virtual path to the local server path. $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand); // Get the uploaded file name. $sFileName = $oFile['name']; $sFileName = SanitizeFileName($sFileName); $sOriginalFileName = $sFileName; // Get the extension. $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1); $sExtension = strtolower($sExtension); if (isset($Config['SecureImageUploads'])) { if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) { $sErrorNumber = '202'; } } if (isset($Config['HtmlExtensions'])) { if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) { $sErrorNumber = '202'; } } // hack for XOOPS CHINA by ezsky < *****@*****.** > $name_pattern = ""; if (!empty($Config['UserFilesNamePattern'])) { $patterns = explode("|", $Config['UserFilesNamePattern']); $delimiter = ""; foreach ($patterns as $pattern) { switch ($pattern) { case "date": $name_pattern .= $delimiter . date("YmdHis"); break; case "time": $name_pattern .= $delimiter . strval(time()); break; case "uid": $name_pattern .= $delimiter . (is_object($GLOBALS["xoopsUser"]) ? str_pad($GLOBALS["xoopsUser"]->getVar("uid"), 10, "0", STR_PAD_LEFT) : "0"); break; } $delimiter = "-"; } } if (!empty($name_pattern)) { $sFileName = $name_pattern . "." . $sExtension; } if (!empty($Config['UserFilesPathPattern'])) { $sServerDir .= date($Config['UserFilesPathPattern']) . '/'; CreateServerFolder($sServerDir); if (is_dir($sServerDir)) { $currentFolder .= date($Config['UserFilesPathPattern']) . '/'; } } // end hack // Check if it is an allowed extension. if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { $iCounter = 0; while (true) { $sFilePath = $sServerDir . $sFileName; if (is_file($sFilePath)) { $iCounter++; $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension; $sErrorNumber = '201'; } else { move_uploaded_file($oFile['tmp_name'], $sFilePath); if (is_file($sFilePath)) { if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { break; } $permissions = 0777; if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) { $permissions = $Config['ChmodOnUpload']; } $oldumask = umask(0); chmod($sFilePath, $permissions); umask($oldumask); } break; } } if (file_exists($sFilePath)) { //previous checks failed, try once again if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $sErrorNumber = '202'; } else { if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) { @unlink($sFilePath); $sErrorNumber = '202'; } } } } else { $sErrorNumber = '202'; } } else { $sErrorNumber = '202'; } $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); SendUploadResults($sErrorNumber, $sFileUrl, $sFileName); exit; }
function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '') { if (!isset($_FILES)) { global $_FILES; } $sErrorNumber = '0' ; $sFileName = '' ; if ( isset( $_FILES['NewFile'] ) && !is_null( $_FILES['NewFile']['tmp_name'] ) # This is for the QuickUpload tab box or (isset($_FILES['upload']) and !is_null($_FILES['upload']['tmp_name']))) { global $Config ; $oFile = isset($_FILES['NewFile']) ? $_FILES['NewFile'] : $_FILES['upload']; // Map the virtual path to the local server path. $sServerDir = ServerMapFolder( $resourceType, $currentFolder, $sCommand ) ; // Get the uploaded file name. $sFileName = $oFile['name'] ; $sFileName = SanitizeFileName( $sFileName ) ; $sOriginalFileName = $sFileName ; // Get the extension. $sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ; $sExtension = strtolower( $sExtension ) ; if ( isset( $Config['SecureImageUploads'] ) ) { if ( ( $isImageValid = IsImageValid( $oFile['tmp_name'], $sExtension ) ) === false ) { $sErrorNumber = '202' ; } } if ( isset( $Config['HtmlExtensions'] ) ) { if ( !IsHtmlExtension( $sExtension, $Config['HtmlExtensions'] ) && ( $detectHtml = DetectHtml( $oFile['tmp_name'] ) ) === true ) { $sErrorNumber = '202' ; } } // Check if it is an allowed extension. if ( !$sErrorNumber && IsAllowedExt( $sExtension, $resourceType ) ) { $iCounter = 0 ; while ( true ) { $sFilePath = $sServerDir . $sFileName ; if ( is_file( $sFilePath ) ) { $iCounter++ ; $sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ; $sErrorNumber = '201' ; } else { move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ; if ( is_file( $sFilePath ) ) { if ( isset( $Config['ChmodOnUpload'] ) && !$Config['ChmodOnUpload'] ) { break ; } $permissions = 0777; if ( isset( $Config['ChmodOnUpload'] ) && $Config['ChmodOnUpload'] ) { $permissions = $Config['ChmodOnUpload'] ; } $oldumask = umask(0) ; chmod( $sFilePath, $permissions ) ; umask( $oldumask ) ; } break ; } } if ( file_exists( $sFilePath ) ) { //previous checks failed, try once again if ( isset( $isImageValid ) && $isImageValid === -1 && IsImageValid( $sFilePath, $sExtension ) === false ) { @unlink( $sFilePath ) ; $sErrorNumber = '202' ; } else if ( isset( $detectHtml ) && $detectHtml === -1 && DetectHtml( $sFilePath ) === true ) { @unlink( $sFilePath ) ; $sErrorNumber = '202' ; } } } else $sErrorNumber = '202' ; } else $sErrorNumber = '202' ; $sFileUrl = CombinePaths( GetResourceTypePath( $resourceType, $sCommand ) , $currentFolder ) ; $sFileUrl = CombinePaths( $sFileUrl, $sFileName ) ; // DOL_CHANGE //SendUploadResults( $sErrorNumber, $sFileUrl, $sFileName ) ; if($CKEcallback == '') { // this line already exists so wrap the if block around it SendUploadResults( $sErrorNumber, $sFileUrl, $sFileName ) ; } else { //issue the CKEditor Callback SendCKEditorResults ($CKEcallback, $sFileUrl, ($sErrorNumber != 0 ? 'Error '. $sErrorNumber. ' upload failed. '. $sErrorMsg : 'Upload Successful')); } exit ; }