/**
* @noAuth
* @url POST /?submissions
* @url PUT /?submissions/$id
*/
function insertSubmission($id = null, $data)
{
if ($data == null) {
$data = $_POST;
} else {
$data = get_object_vars($data);
}
//var_dump($data);
//check if file submitted
$file = false;
if (isset($_FILES['file']) && !empty($_FILES['file']['name']) && $_FILES['file']['size'] > 0) {
$file = $_FILES['file'];
$data['image_result'] = $file['name'];
}
//validate
$validationRules = array();
if (isset($data['text_question']) && !empty($data['text_question'])) {
$validationRules['text_result'] = VALIDATE_RULE_NON_EMPTY_STRING | VALIDATE_RULE_REQUIRED;
}
if (isset($data['image_question']) && !empty($data['image_question'])) {
$validationRules['image_result'] = VALIDATE_RULE_NON_EMPTY_STRING | VALIDATE_RULE_REQUIRED;
}
$validator = new Validator($data);
$errors = $validator->validate($validationRules);
if (!empty($errors)) {
throw new RestException(400, implode(" ", $errors));
}
//add new entry
if ($id == null) {
//insert into database
$db = new SubmissionDatabase();
$db->insertSubmission($data);
$id = $db->lastInsertRowid();
//upload file
if ($file) {
$upload_dir = DIR_SUBMISSION_FILES . '/' . $id;
try {
checkFileType($file['name'], array("jpg", "jpeg", "gif", "png"));
uploadFile($file['tmp_name'], $upload_dir, $file['name']);
} catch (Exception $e) {
// delete entry if upload failed
$db->deleteSubmission($id);
throw new RestException(400, $e->getMessage());
}
}
return $db->getSubmission($id);
// modify entry
} else {
//insert Model and return it
$db = new SubmissionDatabase();
$db->insertSubmission($data);
return $db->getSubmission($id);
}
}
/**
* @noAuth
* @url POST /?documents
* @url PUT /?documents/$id
*/
function insertDocument($id = null)
{
//validate post data
$validator = new Validator($_POST);
$errors = $validator->validate(array('title' => VALIDATE_RULE_REQUIRED | VALIDATE_RULE_NON_EMPTY_STRING, 'author' => VALIDATE_RULE_REQUIRED | VALIDATE_RULE_NON_EMPTY_STRING, 'published' => VALIDATE_RULE_YEAR, 'keywords' => VALIDATE_RULE_REQUIRED, 'isbn' => VALIDATE_RULE_ISBN));
if (!empty($errors)) {
throw new RestException(400, implode(" ", $errors));
}
//change string cases
$_POST['title'] = ucfirst($_POST['title']);
$_POST['author'] = ucwords($_POST['author']);
$_POST['keywords'] = strtolower($_POST['keywords']);
// submit new entry and upload file
if ($id == null) {
if (!isset($_FILES['file']) || empty($_FILES['file']['name'])) {
throw new RestException(400, 'No File submitted');
}
$file = $_FILES['file'];
if ($file['size'] < 1 || $file['size'] > UPLOAD_FILE_MAX_SIZE) {
throw new RestException(400, "File is too large, maximum file size is " . strval(UPLOAD_FILE_MAX_SIZE / 8 / 1024 / 1024) . " MB.");
}
// append filename to post data and insert in database
$db = new DocumentsDatabase();
$_POST['file'] = $file['name'];
$db->insertDocument($_POST);
//upload file
$id = $db->lastInsertRowid();
$upload_dir = DIR_RECORD_FILES . '/' . $id;
try {
checkFileType($file['name']);
uploadFile($file['tmp_name'], $upload_dir, $file['name']);
} catch (Exception $e) {
// delete entry if upload failed
$db->deleteDocument($id);
throw new RestException(400, $e->getMessage());
}
return $db->getDocument($id);
// modify entry
} else {
//insert Model and return it
$db = new DocumentsDatabase();
$db->insertDocument($_POST);
return $db->getDocument($id);
}
}
<?php
require_once 'config.php';
require_once 'gini.php';
$path = '/rechnung/';
$allowedFileTypes = array('pdf', 'png', 'jpg', 'gif', 'jpeg');
if (!empty($_FILES)) {
$tempFile = $_FILES['file']['tmp_name'];
if (!checkFileType(basename($_FILES['file']['name']), $allowedFileTypes)) {
$A['status'] = 0;
$A['answer'] = 'file extension not supported';
header('Content-type: application/json');
echo json_encode($A);
die;
}
$gini = new gini();
$status = $gini->upload($tempFile);
header('Content-type: application/json');
echo json_encode(array('url' => $path . $status['document_id']));
die;
}
// does uploaded file has allowed extension?
function checkFileType($filename, $allowedFileTypes)
{
$ext = getExtension($filename);
return in_array($ext, $allowedFileTypes);
}
// get the file extension
function getExtension($filename)
{
$extension = substr($filename, strrpos($filename, '.') + 1);
$basedir = isset($_GET['basedir']) ? $_GET['basedir'] : "../attachments/";
if (strrpos($basedir, "/") != strlen($basedir) - 1) {
$basedir .= "/";
}
//echo $basedir;
//保存数据
if ($action == "save") {
$check_info = 1;
//检测输入内容
if ($_FILES['myfile'] == "") {
$ActionMessage = $strErrNull;
$check_info = 0;
$action = "add";
}
//检测允许上传类型
if ($check_info == 1 && !checkFileType($_FILES["myfile"]["name"])) {
$ActionMessage = $strAttachmentsError;
$check_info = 0;
$action = "add";
}
if ($check_info == 1 && $_FILES["myfile"]["name"] != "") {
//上传
$attachment = upload_file($_FILES["myfile"]["tmp_name"], $_FILES["myfile"]["name"], $basedir);
do_filter("f2_attach", $basedir . "/" . $attachment);
}
}
//保存修改文件名
if ($action == "savefile") {
$attach_id = $_POST['attach_id'];
$new_file = $_POST['attach_name'] . substr($attach_id, strrpos($attach_id, "."));
$sql = "update " . $DBPrefix . "attachments set attTitle='" . $new_file . "' where name like '%" . $attach_id . "'";
function validateSingleEpisode($episodeFile)
{
//include functions and variables in config.php
include "core/includes.php";
$episodeFile_parts = divideFilenameFromExtension($episodeFile);
// PHP >= 5.2.0 needed
$episodeFilenameWithoutExtension = $episodeFile_parts[0];
$EpisodeFileExtension = strtolower($episodeFile_parts[1]);
//lowercase extension
$checkEpisodeFileFormat = checkFileType($EpisodeFileExtension, $absoluteurl);
$episodeFileType = $checkEpisodeFileFormat[0];
$episodeFileMimeType = $checkEpisodeFileFormat[1];
$episodeFileFullPath = $absoluteurl . $upload_dir . $episodeFile;
$episodeFileXMLDB = $absoluteurl . $upload_dir . $episodeFilenameWithoutExtension . '.xml';
//database file
//If media file is ok and XML file is associated to it
if (isset($episodeFileType) and $EpisodeFileExtension == $episodeFileType and file_exists($episodeFileXMLDB)) {
//NB. $GoForIt = TRUE means that the episode file format is supported, it has a corresponding XML data file
$GoForIt = TRUE;
$OkButNoXMLDBpresent = FALSE;
} else {
if (isset($episodeFileType) and $EpisodeFileExtension == $episodeFileType and !file_exists($episodeFileXMLDB)) {
$GoForIt = FALSE;
$OkButNoXMLDBpresent = TRUE;
} else {
$GoForIt = FALSE;
$OkButNoXMLDBpresent = FALSE;
}
}
return array($GoForIt, $episodeFileFullPath, $episodeFileXMLDB, $episodeFileType, $episodeFileMimeType, $episodeFilenameWithoutExtension, $OkButNoXMLDBpresent);
}
}
} else {
if (!@unlink($file)) {
echo "<p class=\"error\">" . printMsg("err") . printMsg("errFileNotDel", $file) . "</p>";
} else {
echo "<p class=\"okay\">" . printMsg("textFileDel", $file) . "</p>";
}
}
} elseif ($action == "upload") {
// If we are to upload a file we will do so.
$tmp_name = $_FILES['localfile']['tmp_name'];
$name = stripslashes("{$dir}/{$_FILES['localfile']['name']}");
$ext = getExt($name);
$type = $_FILES["localfile"]["type"];
if ($_FILES["localfile"]["error"] == 0) {
if (checkFileType($type, getExt($name)) == TRUE) {
if (@move_uploaded_file($tmp_name, $name)) {
@chmod($name, 0777);
echo "<p class=\"okay\">" . printMsg("textUp", $name) . "</p>";
}
} else {
echo "<p class=\"error\">" . printMsg("err") . printMsg("errUp0", $_FILES["localfile"]["type"], getExt($name)) . "</p>";
}
} else {
switch ($_FILES["localfile"]["error"]) {
case 1:
$currenterror = printMsg("errUp1");
break;
case 2:
$currenterror = printMsg("errUp1");
break;
$ActionMessage = $Error_Message . $OK_Message;
}
}
}
//保存修改文件名
if ($action == "savefile" && !empty($_POST['file_id'])) {
$file_id = intval($_POST['file_id']);
//更新附件
if (!empty($_FILES['myfile'])) {
$check_info = 1;
$arrFileName = $_FILES['myfile']["name"];
$arrFileSize = $_FILES['myfile']["size"];
$arrTempName = $_FILES['myfile']["tmp_name"];
$arrFileType = $_FILES['myfile']["type"];
$fileTitle = encode($_POST['fileTitle']);
if (!checkFileType($arrFileName)) {
$ActionMessage = $strAttachmentsError;
$check_info = 0;
$action = "edit";
}
if ($check_info == 1 && $arrFileName != "") {
//上传
$attachment = upload_file($arrTempName, $arrFileName, $basedir);
if ($attachment == "") {
$ActionMessage = $strAttachmentsError;
$action = "edit";
} else {
do_filter("f2_attach", $basedir . "/" . $attachment);
$filename = str_replace("../attachments/", "", $basedir . $attachment);
if ($imageAtt = getimagesize("../attachments/{$filename}")) {
$fileWidth = $imageAtt[0];
function upload_file($temp_file, $file_name, $dir, $tmp_name = "")
{
if (empty($tmp_name)) {
$tmp_name = validCode(10);
}
$return = "";
if ($temp_file != "") {
if (check_dir($dir)) {
$type = getFileType($file_name);
if (checkFileType($file_name)) {
$file_path = "{$dir}/{$tmp_name}.{$type}";
//$copy_result=copy($temp_file,"$file_path");
if (@copy($temp_file, $file_path) || function_exists('move_uploaded_file') && @move_uploaded_file($temp_file, $file_path)) {
@unlink($temp_file);
$check_info = true;
}
if (!$check_info && is_readable($temp_file)) {
$attachedfile = readfromfile($temp_file);
$fp = @fopen($file_path, 'wb');
@flock($fp, 2);
if (@fwrite($fp, $attachedfile)) {
@unlink($temp_file);
$check_info = true;
}
@fclose($fp);
}
$return = $check_info ? $tmp_name . "." . $type : "";
}
}
}
return $return;
}
function upload_file($temp_file, $file_name, $dir)
{
global $cfg_upload_file;
$tmp_name = time();
$return = "";
if ($temp_file != "") {
if (check_dir($dir)) {
$type = getFileType($file_name);
if (checkFileType($file_name)) {
$file_path = "{$dir}/{$tmp_name}.{$type}";
$copy_result = @copy($temp_file, "{$file_path}");
$return = $tmp_name . "." . $type;
}
}
}
return $return;
}
<?php
namespace Home\Service\FileAppService;
$file = $_FILES["picture"];
$allowFileType = array('jpeg', 'doc', 'docx', 'gif', 'bmp', 'png', 'rar', 'txt', 'pdf', 'zip', 'xlsx', 'xls');
$fileInfo = explode('.', $_POST['fileURL']);
// $handle=fopen('/home/testFile','w+');
// foreach($_POST as $key=>$value){
// $string="$key=>$value;";
// fwrite($handle, $string);
// }
// fclose($handle);
$fileType = checkFileType($file["tmp_name"]);
if (in_array($fileType, $allowFileType) || $fileInfo[count($fileInfo) - 1] == 'txt') {
if ($file["error"] > 0) {
// 记录日志
Logger::log("Upload failed. Field \$file['error'] is true.");
} else {
if (file_exists("upload/" . $file["name"])) {
echo $file["name"] . " already exists. ";
} else {
$targetURL = $_POST["fileURL"];
if (!file_exists(dirname($targetURL))) {
mkdir(dirname($targetURL), 0777, true);
}
if (file_exists(dirname($targetURL))) {
if (!file_exists($file["tmp_name"])) {
// 记录日志
Logger::log("Upload failed. File " . $file["tmp_name"] . " dosen't exist.");
return;
########### End
//// FORCE DOWNLOAD OF SUPPORTED FILES (e.g. files don't play in the browser, even when a plugin is installed)
//NB. does not work with some mobile browsers
include "config.php";
include $absoluteurl . "core/functions.php";
$filename = $_GET['filename'];
//Clean variable, avoid downloading of file outside podcast generator root directory.
$filename = str_replace("/", "", $filename);
// Replace / in the filename
$filename = str_replace("\\", "", $filename);
// Replace \ in the filename
$filename_path = $absoluteurl . $upload_dir . $filename;
// absolute path of the filename to download
if (file_exists($filename_path)) {
$file_media = divideFilenameFromExtension($filename);
$fileData = checkFileType($file_media[1], $absoluteurl);
$podcast_filetype = $fileData[0];
$filemimetype = $fileData[1];
$isFileSupported = $fileData[2];
// SECURITY OPTION: if extension is supported (file to download must have a known episode extension)
if ($isFileSupported == TRUE and $file_media[1] == $podcast_filetype and !publishInFuture($filename_path)) {
//// Headers
### required by internet explorer
if (ini_get('zlib.output_compression')) {
ini_set('zlib.output_compression', 'Off');
}
###
header("Pragma: public");
// required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
if (!is_dir("{$uploadFolder}")) {
$aErrors[] = "The directory <b>" . $uploadFolder . "</b> doesn't exist.";
}
//check if the directory is writable.
if (count($aErrors) == 0 && !is_writeable("{$uploadFolder}")) {
$aErrors[] = "Unable to write to directory: <b>" . $uploadFolder . "</b>. Change directory permissions: First try 0755, and if that fails 0777";
}
//not determining correctly if writeable or not. Might be checking for writeable via PHP, not public
//Check first if a file has been sent via HTTP POST. Returns false otherwise.
if (count($aErrors) == 0 && is_uploaded_file($_FILES['FileToUpload']['tmp_name'])) {
$size = $_FILES['FileToUpload']['size'];
//Get the Size of the File
if (count($aErrors) == 0 && $size > $sizeBytes) {
$aErrors[] = "The File you tried to upload is <b>" . $size . "</b>K. Maximum file size: <b>" . $sizeBytes . "</b>K. Please upload a smaller file.";
}
if (count($aErrors) == 0 && !checkFileType($file_types, $_FILES['FileToUpload']['type'])) {
//Make sure file is of allowable file types
$aErrors[] = "File you tried to upload is <b>" . $_FILES['FileToUpload']['type'] . "</b>. This file type is not currently allowed.";
}
//move_filetoupload_file('filename','destination') Moves file to directory
if (count($aErrors) == 0 && move_uploaded_file($_FILES['FileToUpload']['tmp_name'], $uploadFolder . $FileName)) {
if ($createThumb == "TRUE") {
//create thumbnail in same folder, add thumbSuffix
$tempImage = ImageCreateFromJPEG($uploadFolder . $FileName);
//copy to temporary image
$width = ImageSx($tempImage);
// Original picture width
$height = ImageSy($tempImage);
// Original picture height
$thumbHeight = floor($height * ($thumbWidth / $width));
// calculate proper thumbnail height
$auth_email = NULL;
//ignore email
}
#show submitted data (debug purposes)
//$PG_mainbody .= "Dati inseriti:</b><br><br>Titolo: <i>$title</i> <br>Descrizione breve: <i>$description</i> <br>Descrizione lunga: <i>$long_description</i>";
###
## start processing podcast
$PG_mainbody .= "<p><b>" . _("Processing episode...") . "</b></p>";
$PG_mainbody .= "<p>" . _("Original filename:") . " <i>{$file}</i></p>";
$file_parts = divideFilenameFromExtension($file);
$filenameWithoutExtension = $file_parts[0];
$fileExtension = $file_parts[1];
// $PG_mainbody .= "<p>"._("File")."_ext <i>$fileExtension</i></p>"; //display file extension
##############
### processing file extension
$fileData = checkFileType(strtolower($fileExtension), $absoluteurl);
//lowercase extension to compare with the accepted extensions array
if (isset($fileData[0])) {
//avoids php notice if array [0] doesn't exist
$podcast_filetype = $fileData[0];
} else {
$podcast_filetype = NULL;
}
if ($fileExtension == strtoupper($podcast_filetype)) {
$podcast_filetype = strtoupper($podcast_filetype);
}
//accept also uppercase extension
if ($fileExtension == $podcast_filetype) {
//003 (if file extension is accepted, go on....
##############
##############
