Exemple #1
0
 /**
  * add one activity record
  *
  * @param array e.g., array('anchor' => 'article:123', 'action' => 'edit')
  * @return mixed some error array, or 'OK'
  */
 function post($parameters)
 {
     global $context;
     // look for an anchor
     if (empty($parameters['anchor'])) {
         return array('code' => -32602, 'message' => 'Invalid param "anchor"');
     }
     // look for an action
     if (empty($parameters['action'])) {
         return array('code' => -32602, 'message' => 'Invalid param "action"');
     }
     // save this in the database
     Activities::post($parameters['anchor'], $parameters['action']);
     // done
     return 'OK';
 }
Exemple #2
0
 /**
  * record a click
  *
  * @param string the external url that is targeted
  *
  */
 public static function click($url)
 {
     global $context;
     // we record only GET requests
     if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] != 'GET') {
         return;
     }
     // do not count crawling
     if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match('/(blo\\.gs|\\bblog|bot\\b|crawler\\b|frontier\\b|slurp\\b|spider\\b)/i', $_SERVER['HTTP_USER_AGENT'])) {
         return;
     }
     // record the activity
     Activities::post($url, 'click');
     // do not record clicks driving to search engines
     if (preg_match('/\\b(google|yahoo)\\b/i', $url)) {
         return;
     }
     // if this url is known
     $query = "SELECT * FROM " . SQL::table_name('links') . " AS links" . " WHERE links.link_url LIKE '" . SQL::escape($url) . "'";
     if ($item = SQL::query_first($query)) {
         // increment the number of clicks
         $query = "UPDATE " . SQL::table_name('links') . " SET hits=hits+1 WHERE id = " . SQL::escape($item['id']);
         SQL::query($query);
         // else create a new record with a count of one click
     } else {
         // get the section for clicks
         $anchor = Sections::lookup('clicks');
         // no section yet, create one
         if (!$anchor) {
             $fields['nick_name'] = 'clicks';
             $fields['title'] = i18n::c('Clicks');
             $fields['introduction'] = i18n::c('Clicked links are referenced here.');
             $fields['description'] = i18n::c('YACS ties automatically external links to this section on use. Therefore, you will have below a global picture of external sites that are referenced through your site.');
             $fields['active_set'] = 'N';
             // for associates only
             $fields['locked'] = 'Y';
             // no direct contributions
             $fields['index_map'] = 'N';
             // listd only to associates
             $fields['rank'] = 20000;
             // towards the end of the list
             // reference the new section
             if ($fields['id'] = Sections::post($fields)) {
                 $anchor = 'section:' . $fields['id'];
             }
         }
         // create a new link in the database
         $fields = array();
         $fields['anchor'] = $anchor;
         $fields['link_url'] = $url;
         $fields['hits'] = 1;
         Surfer::check_default_editor($fields);
         if ($fields['id'] = Links::post($fields)) {
             Links::clear($fields);
         }
     }
 }
Exemple #3
0
    $menu[] = Skin::build_submit_button(i18n::s('Download this file'), NULL, NULL, 'confirmed', 'no_spin_on_click');
    $menu[] = Skin::build_link($anchor->get_url('files'), i18n::s('Cancel'), 'span');
    // to get the actual file
    $target_href = $context['url_to_home'] . $context['url_to_root'] . Files::get_url($item['id'], 'fetch', $item['file_name']);
    // render commands
    $context['text'] .= '<form method="post" action="' . $context['script_url'] . '" id="main_form"><div>' . "\n" . Skin::finalize_list($menu, 'assistant_bar') . '<input type="hidden" name="id" value="' . $item['id'] . '" />' . "\n" . '<input type="hidden" name="action" value="confirm" />' . "\n" . '</div></form>' . "\n";
    // set the focus
    Page::insert_script('$("#confirmed").focus();');
    //actual transfer
} elseif ($item['id'] && $item['anchor']) {
    // increment the count of downloads
    if (!Surfer::is_crawler()) {
        Files::increment_hits($item['id']);
    }
    // record surfer activity
    Activities::post('file:' . $item['id'], 'fetch');
    $anchor->touch('file:fetch', 'file:' . $item['id'], true);
    // if we have an external reference, use it
    if (isset($item['file_href']) && $item['file_href']) {
        $target_href = $item['file_href'];
        // we have direct access to the file
    } else {
        // ensure a valid file name
        $file_name = utf8::to_ascii($item['file_name']);
        // where the file is located
        $path = Files::get_path($item['anchor']) . '/' . $item['file_name'];
        // file attributes
        $attributes = array();
        // transmit file content
        if (!headers_sent() && ($handle = Safe::fopen($context['path_to_root'] . $path, "rb")) && ($stat = Safe::fstat($handle))) {
            // stream FLV files if required to do so
Exemple #4
0
        }
        if (is_object($anchor) && Surfer::may_upload()) {
            $menu = array_merge($menu, array('files/edit.php?anchor=' . $anchor->get_reference() => i18n::s('Upload another file')));
        }
        $follow_up .= Skin::build_list($menu, 'menu_bar');
        $context['text'] .= Skin::build_block($follow_up, 'bottom');
        // forward to the updated page
    } else {
        // touch the related anchor
        $anchor->touch('file:update', $_REQUEST['id'], isset($_REQUEST['silent']) && $_REQUEST['silent'] == 'Y');
        // clear cache
        Files::clear($_REQUEST);
        // increment the post counter of the surfer
        Users::increment_posts(Surfer::get_id());
        // record surfer activity
        Activities::post('file:' . $_REQUEST['id'], 'upload');
        if ($render_overlaid) {
            echo 'post done';
            die;
        }
        // forward to the anchor page
        Safe::redirect($anchor->get_url('files'));
    }
    // display the form on GET
} else {
    $with_form = TRUE;
}
// display the form
if ($with_form) {
    // prevent updates from section owner or associate
    if (isset($item['assign_id']) && $item['assign_id'] && !Surfer::is($item['assign_id'])) {
Exemple #5
0
 /**
  * process uploaded file
  *
  * This function processes files from the temporary directory, and put them at their definitive
  * place.
  *
  * It returns FALSE if there is a disk error, or if some virus has been detected, or if
  * the operation fails for some other reason (e.g., file size).
  *
  * @param array usually, $_FILES['upload']
  * @param string target location for the file
  * @param mixed reference to the target anchor, of a function to parse every file individually
  * @return mixed file name or array of file names or FALSE if an error has occured
  */
 public static function upload($input, $file_path, $target = NULL, $overlay = NULL)
 {
     global $context, $_REQUEST;
     // size exceeds php.ini settings -- UPLOAD_ERR_INI_SIZE
     if (isset($input['error']) && $input['error'] == 1) {
         Logger::error(i18n::s('The size of this file is over limit.'));
     } elseif (isset($input['error']) && $input['error'] == 2) {
         Logger::error(i18n::s('The size of this file is over limit.'));
     } elseif (isset($input['error']) && $input['error'] == 3) {
         Logger::error(i18n::s('No file has been transmitted.'));
     } elseif (isset($input['error']) && $input['error'] == 4) {
         Logger::error(i18n::s('No file has been transmitted.'));
     } elseif (!$input['size']) {
         Logger::error(i18n::s('No file has been transmitted.'));
     }
     // do we have a file?
     if (!isset($input['name']) || !$input['name'] || $input['name'] == 'none') {
         return FALSE;
     }
     // access the temporary uploaded file
     $file_upload = $input['tmp_name'];
     // $_FILES transcoding to utf8 is not automatic
     $input['name'] = utf8::encode($input['name']);
     // enhance file name
     $file_name = $input['name'];
     $file_extension = '';
     $position = strrpos($input['name'], '.');
     if ($position !== FALSE) {
         $file_name = substr($input['name'], 0, $position);
         $file_extension = strtolower(substr($input['name'], $position + 1));
     }
     $input['name'] = $file_name;
     if ($file_extension) {
         $input['name'] .= '.' . $file_extension;
     }
     // ensure we have a file name
     $file_name = utf8::to_ascii($input['name']);
     // uploads are not allowed
     if (!Surfer::may_upload()) {
         Logger::error(i18n::s('You are not allowed to perform this operation.'));
     } elseif (!Files::is_authorized($input['name'])) {
         Logger::error(i18n::s('This type of file is not allowed.'));
     } elseif ($file_path && !Safe::is_uploaded_file($file_upload)) {
         Logger::error(i18n::s('Possible file attack.'));
     } else {
         // create folders
         if ($file_path) {
             Safe::make_path($file_path);
         }
         // sanity check
         if ($file_path && $file_path[strlen($file_path) - 1] != '/') {
             $file_path .= '/';
         }
         // move the uploaded file
         if ($file_path && !Safe::move_uploaded_file($file_upload, $context['path_to_root'] . $file_path . $file_name)) {
             Logger::error(sprintf(i18n::s('Impossible to move the upload file to %s.'), $file_path . $file_name));
         } else {
             // process the file where it is
             if (!$file_path) {
                 $file_path = str_replace($context['path_to_root'], '', dirname($file_upload));
                 $file_name = basename($file_upload);
             }
             // check against viruses
             $result = Files::has_virus($context['path_to_root'] . $file_path . '/' . $file_name);
             // no virus has been found in this file
             if ($result == 'N') {
                 $context['text'] .= Skin::build_block(i18n::s('No virus has been found.'), 'note');
             }
             // this file has been infected!
             if ($result == 'Y') {
                 // delete this file immediately
                 Safe::unlink($file_path . '/' . $file_name);
                 Logger::error(i18n::s('This file has been infected by a virus and has been rejected!'));
                 return FALSE;
             }
             // explode a .zip file
             include_once $context['path_to_root'] . 'shared/zipfile.php';
             if (preg_match('/\\.zip$/i', $file_name) && isset($_REQUEST['explode_files'])) {
                 $zipfile = new zipfile();
                 // check files extracted from the archive file
                 function explode_callback($name)
                 {
                     global $context;
                     // reject all files put in sub-folders
                     if (($path = substr($name, strlen($context['uploaded_path'] . '/'))) && strpos($path, '/') !== FALSE) {
                         Safe::unlink($name);
                     } elseif (!Files::is_authorized($name)) {
                         Safe::unlink($name);
                     } else {
                         // make it easy to download
                         $ascii = utf8::to_ascii(basename($name));
                         Safe::rename($name, $context['uploaded_path'] . '/' . $ascii);
                         // remember this name
                         $context['uploaded_files'][] = $ascii;
                     }
                 }
                 // extract archive components and save them in mentioned directory
                 $context['uploaded_files'] = array();
                 $context['uploaded_path'] = $file_path;
                 if (!($count = $zipfile->explode($context['path_to_root'] . $file_path . '/' . $file_name, $file_path, '', 'explode_callback'))) {
                     Logger::error(sprintf('Nothing has been extracted from %s.', $file_name));
                     return FALSE;
                 }
                 // one single file has been uploaded
             } else {
                 $context['uploaded_files'] = array($file_name);
             }
             // ensure we know the surfer
             Surfer::check_default_editor($_REQUEST);
             // post-process all uploaded files
             foreach ($context['uploaded_files'] as $file_name) {
                 // this will be filtered by umask anyway
                 Safe::chmod($context['path_to_root'] . $file_path . $file_name, $context['file_mask']);
                 // invoke post-processing function
                 if ($target && is_callable($target)) {
                     call_user_func($target, $file_name, $context['path_to_root'] . $file_path);
                     // we have to update an anchor page
                 } elseif ($target && is_string($target)) {
                     $fields = array();
                     // update a file with the same name for this anchor
                     if ($matching =& Files::get_by_anchor_and_name($target, $file_name)) {
                         $fields['id'] = $matching['id'];
                     } elseif (isset($input['id']) && ($matching = Files::get($input['id']))) {
                         $fields['id'] = $matching['id'];
                         // silently delete the previous version of the file
                         if (isset($matching['file_name'])) {
                             Safe::unlink($file_path . '/' . $matching['file_name']);
                         }
                     }
                     // prepare file record
                     $fields['file_name'] = $file_name;
                     $fields['file_size'] = filesize($context['path_to_root'] . $file_path . $file_name);
                     $fields['file_href'] = '';
                     $fields['anchor'] = $target;
                     // change title
                     if (isset($_REQUEST['title'])) {
                         $fields['title'] = $_REQUEST['title'];
                     }
                     // change has been documented
                     if (!isset($_REQUEST['version']) || !$_REQUEST['version']) {
                         $_REQUEST['version'] = '';
                     } else {
                         $_REQUEST['version'] = ' - ' . $_REQUEST['version'];
                     }
                     // always remember file uploads, for traceability
                     $_REQUEST['version'] = $fields['file_name'] . ' (' . Skin::build_number($fields['file_size'], i18n::s('bytes')) . ')' . $_REQUEST['version'];
                     // add to file history
                     $fields['description'] = Files::add_to_history($matching, $_REQUEST['version']);
                     // if this is an image, maybe we can derive a thumbnail for it?
                     if (Files::is_image($file_name)) {
                         include_once $context['path_to_root'] . 'images/image.php';
                         Image::shrink($context['path_to_root'] . $file_path . $file_name, $context['path_to_root'] . $file_path . 'thumbs/' . $file_name);
                         if (file_exists($context['path_to_root'] . $file_path . 'thumbs/' . $file_name)) {
                             $fields['thumbnail_url'] = $context['url_to_home'] . $context['url_to_root'] . $file_path . 'thumbs/' . rawurlencode($file_name);
                         }
                     }
                     // change active_set
                     if (isset($_REQUEST['active_set'])) {
                         $fields['active_set'] = $_REQUEST['active_set'];
                     }
                     // change source
                     if (isset($_REQUEST['source'])) {
                         $fields['source'] = $_REQUEST['source'];
                     }
                     // change keywords
                     if (isset($_REQUEST['keywords'])) {
                         $fields['keywords'] = $_REQUEST['keywords'];
                     }
                     // change alternate_href
                     if (isset($_REQUEST['alternate_href'])) {
                         $fields['alternate_href'] = $_REQUEST['alternate_href'];
                     }
                     // overlay, if any
                     if (is_object($overlay)) {
                         // allow for change detection
                         $overlay->snapshot();
                         // update the overlay from form content
                         $overlay->parse_fields($_REQUEST);
                         // save content of the overlay in this item
                         $fields['overlay'] = $overlay->save();
                         $fields['overlay_id'] = $overlay->get_id();
                     }
                     // create the record in the database
                     if (!($fields['id'] = Files::post($fields))) {
                         return FALSE;
                     }
                     // record surfer activity
                     Activities::post('file:' . $fields['id'], 'upload');
                 }
             }
             // so far so good
             if (count($context['uploaded_files']) == 1) {
                 return $context['uploaded_files'][0];
             } else {
                 return $context['uploaded_files'];
             }
         }
     }
     // some error has occured
     return FALSE;
 }
Exemple #6
0
 /**
  * retrieve recipients of last post
  *
  * This is useful to list all persons notified after a post for example.
  *
  * @param string the reference of the notifying item, if any
  * @return mixed text to be integrated into the page
  */
 public static function build_recipients($reference = '')
 {
     global $context;
     // nothing to show
     if (!isset($context['mailer_recipients'])) {
         return '';
     }
     // title mentions number of recipients
     $count = count($context['mailer_recipients']);
     $title = sprintf(i18n::ns('%d person has been notified', '%d persons have been notified', $count), $count);
     // remember the number of notifications sent from this anchor
     if ($reference) {
         Activities::post($reference, 'notify', $count);
     }
     // return the bare list
     if (!$title) {
         return $context['mailer_recipients'];
     }
     // build a nice list
     $list = array();
     if ($count > 50) {
         $count = 30;
     } else {
         $count = 100;
     }
     //never reached
     foreach ($context['mailer_recipients'] as $recipient) {
         $list[] = htmlspecialchars($recipient);
         if ($count-- == 1) {
             $list[] = sprintf(i18n::s('and %d other persons'), count($context['mailer_recipients']) - 30);
             break;
         }
     }
     return '<hr align="left" size="1" width="200" />' . Skin::build_box($title, Skin::finalize_list($list, 'compact'), 'folded');
 }