function wfu_file_details($file_code, $errorstatus) { global $wpdb; $table_name1 = $wpdb->prefix . "wfu_log"; $siteurl = site_url(); $user = wp_get_current_user(); $is_admin = current_user_can('manage_options'); //check if user is allowed to view file details if (!$is_admin) { return; } $file_code = wfu_sanitize_code($file_code); $dec_file = wfu_get_filepath_from_safe($file_code); if ($dec_file === false) { return; } //extract file browser data from $file variable $ret = wfu_extract_sortdata_from_path($dec_file); $filepath = wfu_path_rel2abs($ret['path']); //check if user is allowed to perform this action if (!wfu_current_user_owes_file($filepath)) { return; } //get file data from database with user data $filedata = wfu_get_file_rec($filepath, true); if ($filedata == null) { return; } //get the username of the uploader $uploadername = wfu_get_username_by_id($filedata->uploaduserid); //extract sort info and construct contained dir $parts = pathinfo($filepath); $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($parts['dirname']) . '[[' . $ret['sort'] . ']]'); $stat = stat($filepath); $echo_str = '<div class="regev_wrap">'; if ($errorstatus == 'error') { $echo_str .= "\n\t" . '<div class="error">'; $echo_str .= "\n\t\t" . '<p>' . $_SESSION['wfu_filedetails_error'] . '</p>'; $echo_str .= "\n\t" . '</div>'; } //show file detais $echo_str .= "\n\t" . '<h2>Detais of File: ' . $parts['basename'] . '</h2>'; $echo_str .= "\n\t" . '<div style="margin-top:10px;">'; if ($is_admin) { $echo_str .= "\n\t\t" . '<a href="' . $siteurl . '/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir=' . $dir_code . '" class="button" title="go back">Go back</a>'; $echo_str .= "\n\t\t" . '<form enctype="multipart/form-data" name="editfiledetails" id="editfiledetails" method="post" action="/wp-admin/options-general.php?page=wordpress_file_upload&action=edit_filedetails" class="validate">'; } $echo_str .= "\n\t\t\t" . '<h3 style="margin-bottom: 10px; margin-top: 40px;">Upload Details</h3>'; $echo_str .= "\n\t\t\t" . '<input type="hidden" name="action" value="edit_filedetails" />'; $echo_str .= "\n\t\t\t" . '<input type="hidden" name="dir" value="' . $dir_code . '">'; $echo_str .= "\n\t\t\t" . '<input type="hidden" name="file" value="' . $file_code . '">'; $echo_str .= "\n\t\t\t" . '<table class="form-table">'; $echo_str .= "\n\t\t\t\t" . '<tbody>'; if ($is_admin) { $echo_str .= "\n\t\t\t\t\t" . '<tr>'; $echo_str .= "\n\t\t\t\t\t\t" . '<th scope="row">'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<label>Full Path</label>'; $echo_str .= "\n\t\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t\t\t" . '<td>'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<input type="text" value="' . $filepath . '" readonly="readonly" />'; $echo_str .= "\n\t\t\t\t\t\t" . '</td>'; $echo_str .= "\n\t\t\t\t\t" . '</tr>'; $echo_str .= "\n\t\t\t\t\t" . '<tr>'; $echo_str .= "\n\t\t\t\t\t\t" . '<th scope="row">'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<label>Uploaded From User</label>'; $echo_str .= "\n\t\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t\t\t" . '<td>'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<input type="text" value="' . $uploadername . '" readonly="readonly" style="width:auto;" />'; $echo_str .= "\n\t\t\t\t\t\t" . '</td>'; $echo_str .= "\n\t\t\t\t\t" . '</tr>'; } $echo_str .= "\n\t\t\t\t\t" . '<tr>'; $echo_str .= "\n\t\t\t\t\t\t" . '<th scope="row">'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<label>File Size</label>'; $echo_str .= "\n\t\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t\t\t" . '<td>'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<input type="text" value="' . $filedata->filesize . '" readonly="readonly" style="width:auto;" />'; $echo_str .= "\n\t\t\t\t\t\t" . '</td>'; $echo_str .= "\n\t\t\t\t\t" . '</tr>'; $echo_str .= "\n\t\t\t\t\t" . '<tr>'; $echo_str .= "\n\t\t\t\t\t\t" . '<th scope="row">'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<label>File Date</label>'; $echo_str .= "\n\t\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t\t\t" . '<td>'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<input type="text" value="' . date("d/m/Y H:i:s", $stat['mtime']) . '" readonly="readonly" style="width:auto;" />'; $echo_str .= "\n\t\t\t\t\t\t" . '</td>'; $echo_str .= "\n\t\t\t\t\t" . '</tr>'; $echo_str .= "\n\t\t\t\t\t" . '<tr>'; $echo_str .= "\n\t\t\t\t\t\t" . '<th scope="row">'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<label>Uploaded From Page</label>'; $echo_str .= "\n\t\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t\t\t" . '<td>'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<input type="text" value="' . get_the_title($filedata->pageid) . ' (' . $filedata->pageid . ')' . '" readonly="readonly" style="width:50%;" />'; $echo_str .= "\n\t\t\t\t\t\t" . '</td>'; $echo_str .= "\n\t\t\t\t\t" . '</tr>'; if ($is_admin) { $echo_str .= "\n\t\t\t\t\t" . '<tr>'; $echo_str .= "\n\t\t\t\t\t\t" . '<th scope="row">'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<label>Upload Plugin ID</label>'; $echo_str .= "\n\t\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t\t\t" . '<td>'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<input type="text" value="' . $filedata->sid . '" readonly="readonly" style="width:auto;" />'; $echo_str .= "\n\t\t\t\t\t\t" . '</td>'; $echo_str .= "\n\t\t\t\t\t" . '</tr>'; } $echo_str .= "\n\t\t\t\t" . '</tbody>'; $echo_str .= "\n\t\t\t" . '</table>'; if ($is_admin) { //show history details $echo_str .= "\n\t\t\t" . '<h3 style="margin-bottom: 10px; margin-top: 40px;">File History</h3>'; $echo_str .= "\n\t\t\t" . '<table class="form-table">'; $echo_str .= "\n\t\t\t\t" . '<tbody>'; $echo_str .= "\n\t\t\t\t\t" . '<tr>'; $echo_str .= "\n\t\t\t\t\t\t" . '<th scope="row">'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<label></label>'; $echo_str .= "\n\t\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t\t\t" . '<td>'; //read all linked records $filerecs = array(); array_push($filerecs, $filedata); $currec = $filedata; while ($currec->linkedto > 0) { $currec = $wpdb->get_row('SELECT * FROM ' . $table_name1 . ' WHERE idlog = ' . $currec->linkedto); if ($currec != null) { array_push($filerecs, $currec); } else { break; } } //construct report from db records $rep = ''; foreach ($filerecs as $filerec) { $username = wfu_get_username_by_id($filerec->userid); $fileparts = pathinfo($filerec->filepath); if ($rep != '') { $rep .= "<br />"; } $rep .= '<strong>[' . $filerec->date_from . ']</strong> '; if ($filerec->action == 'upload') { $rep .= 'File uploaded with name <strong>' . $fileparts['basename'] . '</strong> by user <strong>' . $username . '</strong>'; } elseif ($filerec->action == 'download') { $rep .= 'File downloaded by user <strong>' . $username . '</strong>'; } elseif ($filerec->action == 'rename') { $rep .= 'File renamed to <strong>' . $fileparts['basename'] . '</strong> by user <strong>' . $username . '</strong>'; } elseif ($filerec->action == 'delete') { $rep .= 'File deleted by user <strong>' . $username . '</strong>'; } elseif ($filerec->action == 'modify') { $rep .= 'File userdata modified by user <strong>' . $username . '</strong>'; } } $echo_str .= "\n\t\t\t\t\t\t\t" . '<div style="border:1px solid #dfdfdf; border-radius:3px; width:50%; overflow:scroll; padding:6px; height:100px; background-color:#eee;">'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<span style="white-space:nowrap;">' . $rep . '</span>'; $echo_str .= "\n\t\t\t\t\t\t\t" . '</div>'; $echo_str .= "\n\t\t\t\t\t\t" . '</td>'; $echo_str .= "\n\t\t\t\t\t" . '</tr>'; $echo_str .= "\n\t\t\t\t" . '</tbody>'; $echo_str .= "\n\t\t\t" . '</table>'; } $echo_str .= "\n\t\t\t" . '<h3 style="margin-bottom: 10px; margin-top: 40px;">User Data Details</h3>'; $echo_str .= "\n\t\t\t" . '<table class="form-table">'; $echo_str .= "\n\t\t\t\t" . '<tbody>'; if (count($filedata->userdata) > 0) { foreach ($filedata->userdata as $userdata) { $echo_str .= "\n\t\t\t\t\t" . '<tr>'; $echo_str .= "\n\t\t\t\t\t\t" . '<th scope="row">'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<label>' . $userdata->property . '</label>'; $echo_str .= "\n\t\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t\t\t" . '<td>'; // $echo_str .= "\n\t\t\t\t\t\t\t".'<input id="wfu_filedetails_userdata_value_'.$userdata->propkey.'" name="wfu_filedetails_userdata" type="text"'.( $is_admin ? '' : ' readonly="readonly"' ).' value="'.$userdata->propvalue.'" />'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<textarea id="wfu_filedetails_userdata_value_' . $userdata->propkey . '" name="wfu_filedetails_userdata" ' . ($is_admin ? '' : ' readonly="readonly"') . ' value="' . $userdata->propvalue . '">' . $userdata->propvalue . '</textarea>'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<input id="wfu_filedetails_userdata_default_' . $userdata->propkey . '" type="hidden" value="' . $userdata->propvalue . '" />'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<input id="wfu_filedetails_userdata_' . $userdata->propkey . '" name="wfu_filedetails_userdata_' . $userdata->propkey . '" type="hidden" value="' . $userdata->propvalue . '" />'; $echo_str .= "\n\t\t\t\t\t\t" . '</td>'; $echo_str .= "\n\t\t\t\t\t" . '</tr>'; } } else { $echo_str .= "\n\t\t\t\t\t" . '<tr>'; $echo_str .= "\n\t\t\t\t\t\t" . '<th scope="row">'; $echo_str .= "\n\t\t\t\t\t\t\t" . '<label>No user data</label>'; $echo_str .= "\n\t\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t\t\t" . '<td></td>'; $echo_str .= "\n\t\t\t\t\t" . '</tr>'; } $echo_str .= "\n\t\t\t\t" . '</tbody>'; $echo_str .= "\n\t\t\t" . '</table>'; if ($is_admin) { $echo_str .= "\n\t\t\t" . '<p class="submit">'; $echo_str .= "\n\t\t\t\t" . '<input id="dp_filedetails_submit_fields" type="submit" class="button-primary" name="submit" value="Update" disabled="disabled" />'; $echo_str .= "\n\t\t\t" . '</p>'; } $echo_str .= "\n\t\t" . '</form>'; $echo_str .= "\n\t" . '</div>'; $handler = 'function() { wfu_Attach_FileDetails_Admin_Events(); }'; $echo_str .= "\n\t" . '<script type="text/javascript">if(window.addEventListener) { window.addEventListener("load", ' . $handler . ', false); } else if(window.attachEvent) { window.attachEvent("onload", ' . $handler . '); } else { window["onload"] = ' . $handler . '; }</script>'; $echo_str .= '</div>'; return $echo_str; }
function wfu_view_log($page = 1, $only_table_rows = false) { global $wpdb; $siteurl = site_url(); $table_name1 = $wpdb->prefix . "wfu_log"; $table_name2 = $wpdb->prefix . "wfu_userdata"; $plugin_options = wfu_decode_plugin_options(get_option("wordpress_file_upload_options")); if (!current_user_can('manage_options')) { return; } //get log data from database $files_total = $wpdb->get_var('SELECT COUNT(idlog) FROM ' . $table_name1); $filerecs = $wpdb->get_results('SELECT * FROM ' . $table_name1 . ' ORDER BY date_from DESC' . (WFU_VAR("WFU_HISTORYLOG_TABLE_MAXROWS") > 0 ? ' LIMIT ' . WFU_VAR("WFU_HISTORYLOG_TABLE_MAXROWS") . ' OFFSET ' . ($page - 1) * (int) WFU_VAR("WFU_HISTORYLOG_TABLE_MAXROWS") : '')); $echo_str = ""; if (!$only_table_rows) { $echo_str .= "\n" . '<div class="wrap">'; $echo_str .= "\n\t" . '<h2>Wordpress File Upload Control Panel</h2>'; $echo_str .= "\n\t" . '<div style="margin-top:20px;">'; $echo_str .= wfu_generate_dashboard_menu("\n\t\t", "View Log"); $echo_str .= "\n\t" . '<div style="position:relative;">'; $echo_str .= wfu_add_loading_overlay("\n\t\t", "historylog"); $echo_str .= "\n\t\t" . '<div class="wfu_historylog_header" style="width: 100%;">'; if (WFU_VAR("WFU_HISTORYLOG_TABLE_MAXROWS") > 0) { $pages = ceil($files_total / WFU_VAR("WFU_HISTORYLOG_TABLE_MAXROWS")); $echo_str .= wfu_add_pagination_header("\n\t\t\t", "historylog", 1, $pages); } $echo_str .= "\n\t\t" . '</div>'; $echo_str .= "\n\t\t" . '<table id="wfu_historylog_table" class="wp-list-table widefat fixed striped">'; $echo_str .= "\n\t\t\t" . '<thead>'; $echo_str .= "\n\t\t\t\t" . '<tr>'; $echo_str .= "\n\t\t\t\t\t" . '<th scope="col" width="5%" style="text-align:center;">'; $echo_str .= "\n\t\t\t\t\t\t" . '<label>#</label>'; $echo_str .= "\n\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t\t" . '<th scope="col" width="15%" style="text-align:left;">'; $echo_str .= "\n\t\t\t\t\t\t" . '<label>Date</label>'; $echo_str .= "\n\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t\t" . '<th scope="col" width="10%" style="text-align:center;">'; $echo_str .= "\n\t\t\t\t\t\t" . '<label>Action</label>'; $echo_str .= "\n\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t\t" . '<th scope="col" width="30%" style="text-align:left;">'; $echo_str .= "\n\t\t\t\t\t\t" . '<label>File</label>'; $echo_str .= "\n\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t\t" . '<th scope="col" width="15%" style="text-align:center;">'; $echo_str .= "\n\t\t\t\t\t\t" . '<label>User</label>'; $echo_str .= "\n\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t\t" . '<th scope="col" width="25%" style="text-align:left;">'; $echo_str .= "\n\t\t\t\t\t\t" . '<label>Remarks</label>'; $echo_str .= "\n\t\t\t\t\t" . '</th>'; $echo_str .= "\n\t\t\t\t" . '</tr>'; $echo_str .= "\n\t\t\t" . '</thead>'; $echo_str .= "\n\t\t\t" . '<tbody>'; } $userdatarecs = $wpdb->get_results('SELECT * FROM ' . $table_name2); $deletedfiles = array(); $filecodes = array(); $time0 = strtotime("0000-00-00 00:00:00"); $i = ($page - 1) * (int) WFU_VAR("WFU_HISTORYLOG_TABLE_MAXROWS"); foreach ($filerecs as $filerec) { $remarks = ''; $filepath = ABSPATH; if (substr($filepath, -1) == '/') { $filepath = substr($filepath, 0, -1); } $filepath .= $filerec->filepath; $enc_file = wfu_plugin_encode_string($filepath . '[[name]]'); if ($filerec->action == 'delete') { array_push($deletedfiles, $filerec->linkedto); } elseif ($filerec->action == 'rename') { $prevfilepath = ''; foreach ($filerecs as $key => $prevfilerec) { if ($prevfilerec->idlog == $filerec->linkedto) { $prevfilepath = $prevfilerec->filepath; break; } } if ($prevfilepath != '') { $remarks = "\n\t\t\t\t\t\t" . '<label>Previous filepath: ' . $prevfilepath . '</label>'; } } elseif ($filerec->action == 'upload' || $filerec->action == 'modify') { foreach ($userdatarecs as $userdata) { if ($userdata->uploadid == $filerec->uploadid) { $userdata_datefrom = strtotime($userdata->date_from); $userdata_dateto = strtotime($userdata->date_to); $filerec_datefrom = strtotime($filerec->date_from); if ($filerec_datefrom >= $userdata_datefrom && ($userdata_dateto == $time0 || $filerec_datefrom < $userdata_dateto)) { $remarks .= "\n\t\t\t\t\t\t\t" . '<option>' . $userdata->property . ': ' . $userdata->propvalue . '</option>'; } } } if ($remarks != '') { $remarks = "\n\t\t\t\t\t\t" . '<select multiple="multiple" style="width:100%; height:40px; background:none; font-size:small;">' . $remarks; $remarks .= "\n\t\t\t\t\t\t" . '</select>'; } } elseif ($filerec->action == 'other') { $info = $filerec->filepath; $filerec->filepath = ''; $remarks = "\n\t\t\t\t\t\t" . '<textarea style="width:100%; resize:vertical; background:none;" readonly="readonly">' . $info . '</textarea>'; } $i++; $otheraction = $filerec->action == 'other'; $echo_str .= "\n\t\t\t\t" . '<tr>'; $echo_str .= "\n\t\t\t\t\t" . '<td style="padding: 5px 5px 5px 10px; text-align:center;">' . $i . '</td>'; $echo_str .= "\n\t\t\t\t\t" . '<td style="padding: 5px 5px 5px 10px; text-align:left;">' . $filerec->date_from . '</td>'; $echo_str .= "\n\t\t\t\t\t" . '<td style="padding: 5px 5px 5px 10px; text-align:center;">' . $filerec->action . '</td>'; if (!$otheraction) { $echo_str .= "\n\t\t\t\t\t" . '<td style="padding: 5px 5px 5px 10px; text-align:left;">'; if (in_array($filerec->linkedto, $deletedfiles) || in_array($filerec->idlog, $deletedfiles)) { $echo_str .= "\n\t\t\t\t\t\t" . '<span>' . $filerec->filepath . '</span>'; } else { $lid = 0; if ($filerec->action == 'upload' || $filerec->action == 'include') { $lid = $filerec->idlog; } elseif ($filerec->linkedto > 0) { $lid = $filerec->linkedto; } if ($lid > 0) { if (!isset($filecodes[$lid])) { $filecodes[$lid] = wfu_safe_store_filepath($filerec->filepath); } $echo_str .= "\n\t\t\t\t\t\t" . '<a class="row-title" href="' . $siteurl . '/wp-admin/options-general.php?page=wordpress_file_upload&action=file_details&file=' . $filecodes[$lid] . '" title="View and edit file details" style="font-weight:normal;">' . $filerec->filepath . '</a>'; } else { $echo_str .= "\n\t\t\t\t\t\t" . '<span>' . $filerec->filepath . '</span>'; } } $echo_str .= "\n\t\t\t\t\t" . '</td>'; $echo_str .= "\n\t\t\t\t\t" . '<td style="padding: 5px 5px 5px 10px; text-align:center;">' . wfu_get_username_by_id($filerec->userid) . '</td>'; } $echo_str .= "\n\t\t\t\t\t" . '<td style="padding: 5px 5px 5px 10px; text-align:left;"' . ($otheraction ? ' colspan="3"' : '') . '>'; $echo_str .= $remarks; $echo_str .= "\n\t\t\t\t\t" . '</td>'; $echo_str .= "\n\t\t\t\t" . '</tr>'; } if (!$only_table_rows) { $echo_str .= "\n\t\t\t" . '</tbody>'; $echo_str .= "\n\t\t" . '</table>'; $echo_str .= "\n\t" . '</div>'; $echo_str .= "\n" . '</div>'; } return $echo_str; }
function wfu_ajax_action_download_file_invoker() { $file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : ''); $nonce = isset($_POST['nonce']) ? $_POST['nonce'] : (isset($_GET['nonce']) ? $_GET['nonce'] : ''); if ($file_code == '' || $nonce == '') { die; } //security check to avoid CSRF attacks if (!wp_verify_nonce($nonce, 'wfu_download_file_invoker')) { die; } //check if user is allowed to download files if (!current_user_can('manage_options')) { die; } $file_code = wfu_sanitize_code($file_code); //if file_code is exportdata, then export of data has been requested and //we need to create a file with export data and recreate file_code if ($file_code == "exportdata" && current_user_can('manage_options')) { $filepath = wfu_export_uploaded_files(null); if ($filepath === false) { die; } $file_code = "exportdata" . wfu_safe_store_filepath($filepath); } else { $filepath = wfu_get_filepath_from_safe($file_code); if ($filepath === false) { die; } $filepath = wfu_path_rel2abs(wfu_flatten_path($filepath)); //for back-end browser check if user is allowed to perform this action on this file if (!wfu_current_user_owes_file($filepath)) { die; } } //generate download unique id to monitor this download $download_id = wfu_create_random_string(16); //store download status of this download $_SESSION['wfu_download_status_' . $download_id] = 'starting'; //generate download ticket which expires in 30sec and store it in session //it will be used as security measure for the downloader script, which runs outside Wordpress environment $_SESSION['wfu_download_ticket_' . $download_id] = time() + 30; //generate download monitor ticket which expires in 30sec and store it in session //it will be used as security measure for the monitor script that will check download status $_SESSION['wfu_download_monitor_ticket_' . $download_id] = time() + 30; //this routine returns a dynamically created iframe element, that will call the actual download script; //the actual download script runs outside Wordpress environment in order to ensure that no php warnings //or echo from other plugins is generated, that could scramble the downloaded file; //a ticket, similar to nonces, is passed to the download script to check that it is not a CSRF attack; moreover,the ticket is destroyed //by the time it is consumed by the download script, so it cannot be used again $response = '<iframe src="' . WFU_DOWNLOADER_URL . '?file=' . $file_code . '&ticket=' . $download_id . '" style="display: none;"></iframe>'; die('wfu_ajax_action_download_file_invoker:wfu_download_id;' . $download_id . ':' . $response); }