function uploadFileToBlob($FILE_DESCRIPTOR, $SAFETY_CHECK = true) { global $CFG, $CONTEXT, $PDOX; if ($SAFETY_CHECK && checkFileSafety($FILE_DESCRIPTOR) !== true) { return false; } if ($FILE_DESCRIPTOR['error'] == 1) { return false; } if ($FILE_DESCRIPTOR['error'] == 0) { $filename = basename($FILE_DESCRIPTOR['name']); if (strpos($filename, '.php') !== false) { return false; } // $data = file_get_contents($FILE_DESCRIPTOR['tmp_name']); // $sha256 = lti_sha256($data); $sha256 = hash_file('sha256', $FILE_DESCRIPTOR['tmp_name']); $stmt = $PDOX->queryDie("SELECT file_id, file_sha256 from {$CFG->dbprefix}blob_file\n WHERE context_id = :CID AND file_sha256 = :SHA", array(":CID" => $CONTEXT->id, ":SHA" => $sha256)); $row = $stmt->fetch(PDO::FETCH_NUM); if ($row !== false) { error_log("Already had instance of {$filename}"); $row[0] = $row[0] + 0; // Make sure the id is an integer return $row; } $fp = fopen($FILE_DESCRIPTOR['tmp_name'], "rb"); $stmt = $PDOX->prepare("INSERT INTO {$CFG->dbprefix}blob_file\n (context_id, file_sha256, file_name, contenttype, content, created_at)\n VALUES (?, ?, ?, ?, ?, NOW())"); $stmt->bindParam(1, $CONTEXT->id); $stmt->bindParam(2, $sha256); $stmt->bindParam(3, $filename); $stmt->bindParam(4, $FILE_DESCRIPTOR['type']); $stmt->bindParam(5, $fp, PDO::PARAM_LOB); // $stmt->bindParam(5, $data, PDO::PARAM_LOB); $PDOX->beginTransaction(); $stmt->execute(); $id = 0 + $PDOX->lastInsertId(); $PDOX->commit(); fclose($fp); return array($id, $sha256); } return false; }
$fname = 'uploaded_file_' . $partno; if (!isset($_FILES[$fname])) { $_SESSION['error'] = 'Problem with uploaded files - perhaps your files were too large'; header('Location: ' . addSession('index.php')); return; } $fdes = $_FILES[$fname]; $filename = isset($fdes['name']) ? basename($fdes['name']) : false; // Check to see if they left off a file if ($fdes['error'] == 4) { $_SESSION['error'] = 'Missing file, make sure to select all files before pressing submit'; header('Location: ' . addSession('index.php')); return; } // Sanity-check the file $safety = checkFileSafety($fdes); if ($safety !== true) { $_SESSION['error'] = "Error: " . $safety; error_log("Upload Error: " . $safety); header('Location: ' . addSession('index.php')); return; } // Check the kind of file if (!isPngOrJpeg($fdes)) { $_SESSION['error'] = 'Files must either contain JPG, or PNG images: ' . $filename; error_log("Upload Error - Not an Image: " . $filename); header('Location: ' . addSession('index.php')); return; } $blob_id = uploadFileToBlob($fdes); if ($blob_id === false) {
function uploadFileToString($FILE_DESCRIPTOR, $SAFETY_CHECK = true) { global $CFG, $CONTEXT, $PDOX; if ($SAFETY_CHECK && checkFileSafety($FILE_DESCRIPTOR) !== true) { return false; } if ($FILE_DESCRIPTOR['error'] == 1) { return false; } if ($FILE_DESCRIPTOR['error'] == 0) { $filename = basename($FILE_DESCRIPTOR['name']); if (strpos($filename, '.php') !== false) { return false; } $data = file_get_contents($FILE_DESCRIPTOR['tmp_name']); return $data; } return false; }