$outputDropoffs = array(); $i = 0; foreach ($allDropoffs as $dropoff) { $outputDropoffs[$i] = array(); $outputDropoffs[$i]['claimID'] = $dropoff->claimID(); $outputDropoffs[$i]['senderName'] = $dropoff->senderName(); $outputDropoffs[$i]['senderOrg'] = $dropoff->senderOrganization(); $outputDropoffs[$i]['senderEmail'] = $dropoff->senderEmail(); $outputDropoffs[$i]['createdDate'] = timeForDate($dropoff->created()); $outputDropoffs[$i]['formattedBytes'] = $dropoff->formattedBytes(); $outputDropoffs[$i]['Bytes'] = $dropoff->Bytes(); $totalsize += $theDropbox->database()->DBBytesOfDropoff($dropoff->dropoffID()); $recipients = $allDropoffs[$i]->recipients(); $j = 0; $outputDropoffs[$i]['recipients'] = array(); foreach ($dropoff->recipients() as $recipient) { $outputDropoffs[$i]['recipients'][$j] = array(); $outputDropoffs[$i]['recipients'][$j]['name'] = htmlentities($recipient[0]); $outputDropoffs[$i]['recipients'][$j]['email'] = htmlentities($recipient[1]); $j++; } $i++; } $smarty->assignByRef('dropoffs', $outputDropoffs); $smarty->assign('formattedTotalBytes', NSSFormattedMemSize($totalsize)); } } else { NSSError($smarty->getConfigVariable('ErrorNotLoggedIn'), "Access Denied"); } $smarty->display('dropoff_list.tpl'); }
} if ($help || count($argv) != 2) { $prefs = getenv('ZENDTOPREFS'); if ($prefs == '') { printf("\n usage:\n \n %s <ZendTo preferences.php file>\n \n The ZendTo preferences.php file path should be canonical, not relative.\n (It must start with a \"/\")\n Alternatively, do\n export ZENDTOPREFS=<full file path of preferences.php>\n %s\n\n It will output a tab-separated line for each user showing:\n Username E-mail address Full name Organisation\n\n In addition, if you are using MyZendTo, it will add this to the line:\n Quota Remaining quota\n", $argv[0], $argv[0]); } else { printf("\n usage:\n \n %s\n \n The ZendTo preferences.php file path is pointed to by the environment\n variable ZENDTOPREFS, which is currently set to\n %s\n\n It will output a tab-separated line for each user showing:\n Username E-mail address Full name Organisation\n\n In addition, if you are using MyZendTo, it will add this to the line:\n Quota Remaining quota\n", $argv[0], $prefs); } return 0; } if (!preg_match('/^\\/.+/', $argv[1])) { echo "ERROR: You must provide a canonical path to the preference file.\n"; return 1; } include $argv[1]; require_once NSSDROPBOX_LIB_DIR . "Smartyconf.php"; include_once NSSDROPBOX_LIB_DIR . "NSSDropoff.php"; include_once NSSDROPBOX_LIB_DIR . "NSSUtils.php"; if ($theDropbox = new NSSDropbox($NSSDROPBOX_PREFS, FALSE, TRUE)) { $qResult = $theDropbox->database->DBListLocalUsers(); for ($i = 0; $i < count($qResult); $i++) { $u = $qResult[$i]; //$quota = $theDropbox->database->DBUserQuota($u['username']); printf($u['username'] . "\t" . $u['mail'] . "\t" . $u['displayname'] . "\t" . $u['organization'] . "\t"); if (preg_match('/^[yYtT1]/', MYZENDTO)) { $quotaLeft = $theDropbox->database->DBRemainingQuota($u['username']); printf("%.0f (%s)\t%.0f (%s)", $u['quota'], NSSFormattedMemSize($u['quota']), $quotaLeft, NSSFormattedMemSize($quotaLeft)); } printf("\n"); } }
// // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. // // // // Include the dropbox preferences -- we need this to have the // dropbox filepaths setup for us, beyond simply needing our // configuration! // require "../config/preferences.php"; require_once NSSDROPBOX_LIB_DIR . "MyZendTo.Smartyconf.php"; require_once NSSDROPBOX_LIB_DIR . "NSSDropbox.php"; if ($theDropbox = new NSSDropbox($NSSDROPBOX_PREFS, TRUE)) { $theDropbox->SetupPage(); $smarty->assign('maxFileSize', NSSFormattedMemSize($theDropbox->maxBytesForFile())); $smarty->assign('maxDropoffSize', NSSFormattedMemSize($theDropbox->maxBytesForDropoff())); $smarty->assign('keepForDays', $NSSDROPBOX_PREFS['numberOfDaysToRetain']); $smarty->display('about.tpl'); }
$prefs = getenv('ZENDTOPREFS'); if ($prefs == '') { printf("\n usage:\n \n %s <ZendTo preferences.php file> '<username>' '<new quota in bytes>'\n \n The ZendTo preferences.php file path should be canonical, not relative.\n (It must start with a \"/\")\n Alternatively, do\n export ZENDTOPREFS=<full file path of preferences.php>\n %s '<username>' '<new quota in bytes>'\n\n", $argv[0], $argv[0]); } else { printf("\n usage: \n\n %s '<username>' '<new quota in bytes>'\n \n The ZendTo preferences.php file path is pointed to by the environment\n variable ZENDTOPREFS, which is currently set to\n %s\n\n", $argv[0], $prefs); } return 0; } if (!preg_match('/^\\/.+/', $argv[1])) { echo "ERROR: You must provide a canonical path to the preference file.\n"; return 1; } include $argv[1]; require_once NSSDROPBOX_LIB_DIR . "Smartyconf.php"; include_once NSSDROPBOX_LIB_DIR . "NSSDropoff.php"; if ($theDropbox = new NSSDropbox($NSSDROPBOX_PREFS, FALSE, TRUE)) { $username = $argv[2]; $quota = $argv[3]; $oldquota = $theDropbox->database->DBUserQuota($username); $result = $theDropbox->database->DBUpdateQuotaLocalUser($username, $quota); $newquota = $theDropbox->database->DBUserQuota($username); if ($result == '') { printf("Username : {$username}\n"); printf("Old Quota: %.0f (%s)\n", $oldquota, NSSFormattedMemSize($oldquota)); printf("New Quota: %.0f (%s)\n", $newquota, NSSFormattedMemSize($newquota)); return 0; } else { printf("Failed: {$result}\n"); return 1; } }
// // Returns an array of all NSSDropoff instances belonging to // this user. // $allDropoffs = NSSDropoff::dropoffsForCurrentUser($theDropbox); if ($sortOrder == "rdate" && count($allDropoffs) > 0) { $allDropoffs = array_reverse($allDropoffs); } // // Start the web page and add some Javascript to automatically // fill-in and submit a pickup form when a dropoff on the page // is clicked. // $iMax = count($allDropoffs); $smarty->assign('countDropoffs', $iMax); $smarty->assign('remainingQuota', NSSFormattedMemSize($theDropbox->database->DBRemainingQuota($theDropbox->authorizedUser()))); if ($allDropoffs && $iMax > 0) { $outputDropoffs = array(); $i = 0; $dropoffsbyFile = array(); $dropoffsbyID = array(); $dropoffsbySize = array(); foreach ($allDropoffs as $dropoff) { $outputDropoffs[$i] = array(); $outputDropoffs[$i]['claimID'] = $dropoff->claimID(); $outputDropoffs[$i]['claimPasscode'] = $dropoff->claimPasscode(); $outputDropoffs[$i]['senderName'] = $dropoff->senderName(); $outputDropoffs[$i]['senderEmail'] = $dropoff->senderEmail(); $outputDropoffs[$i]['createdDate'] = timeForDate($dropoff->created()); $outputDropoffs[$i]['formattedBytes'] = $dropoff->formattedBytes(); // Customer doesn't want note, but list of filenames instead
// //echo "fghj"; require "../config/preferences.php"; require_once NSSDROPBOX_LIB_DIR . "Smartyconf.php"; require_once NSSDROPBOX_LIB_DIR . "NSSDropbox.php"; if ($theDropbox = new NSSDropbox($NSSDROPBOX_PREFS)) { // // This page handles several actions. By default, it simply // presents whatever "main menu" is appropriate. This page also // handles the presentation of the login "dialog" and subsequently // the logout facility. // // Find if they are an onsite-user or not, so we can show them to login. $smarty->assign('isLocalIP', $theDropbox->isLocalIP()); // These 2 are needed for the intro text on the home page $smarty->assign('maxFileSize', NSSFormattedMemSize($theDropbox->maxBytesForFile())); $smarty->assign('keepForDays', $NSSDROPBOX_PREFS['numberOfDaysToRetain']); switch (isset($_GET['action']) ? $_GET['action'] : (isset($_POST['action']) ? $_POST['action'] : '')) { case 'login': $aU = $theDropbox->authorizedUser(); if ($aU) { $theDropbox->SetupPage(); $smarty->display('main_menu.tpl'); } else { $theDropbox->SetupPage(); //"login.uname"); $smarty->display('login.tpl'); } break; case 'logout': $theDropbox->logout();
while ( $j < $fileCount ) { if ( fileCouldBeNaughty($files[$j]) ) { $message .= sprintf(" **** %s (%s)\n", $files[$j]['basename'], $files[$j]['mimeType'] ); } $j++; } */ } $i++; } $percentUsage = exec('/bin/df -k /opt/DropboxData | /bin/grep /opt'); $message .= "=========================================================================================\n"; $message .= sprintf("%-18s %3d file%s %10s", sprintf("%d dropoff%s", $iMax, $iMax ? "s" : ""), $totalFiles, $totalFiles != 1 ? "s" : " ", NSSFormattedMemSize($totalBytes)); if (preg_match("/^[\\/A-Za-z0-9]+[ ]*[0-9]+[ ]*[0-9]+[ ]*[0-9]+[ ]*([0-9]+\\%)/", $percentUsage, $values)) { $message .= " (" . $values[1] . " used on /opt)"; } if (count($argv) < 3) { print "{$message}\n\n"; } else { $today = getdate(time() - 24 * 60 * 60); mail($argv[2], sprintf("Dropoffs for %s %d, %04d", $today['month'], $today['mday'], $today['year']), $message); } } // Log the totals to our rrd: if (is_writeable($path = RRD_DATA)) { system(RRDTOOL . " update {$path} N:{$iMax}:{$totalFiles}:" . $totalBytes / 1024.0); $command = RRDTOOL . " graph " . RRD_DATA_DIR . "dropoff_count%d.png --start N-%dD --width 400 --height 125 DEF:var=" . RRD_DATA . ":dropoff_count:AVERAGE AREA:var#D0D0F080 LINE2:var#8080A0:\"total dropoffs\""; system(sprintf($command, 7, 7));
private function initWithFormData() { global $NSSDROPBOX_URL; global $smarty; // Start off with the data from the form posting, overwriting it with // stored data as necessary. $senderName = paramPrepare($_POST['senderName']); $senderEmail = paramPrepare(strtolower($_POST['senderEmail'])); $senderOrganization = paramPrepare($_POST['senderOrganization']); // SLASH $note = stripslashes($_POST['note']); $note = $_POST['note']; $expiry = 0; // If they have a valid req key, then they don't need to be verified // or logged in. $reqSubject = ''; $req = ''; if ($_POST['req'] != '') { $dummy = ''; $recipName = ''; // Never actually use this $recipEmail = ''; // Never actually use this $req = preg_replace('/[^a-zA-Z0-9]/', '', $_POST['req']); if ($this->_dropbox->ReadReqData($req, $recipName, $recipEmail, $senderOrganization, $senderName, $senderEmail, $dummy, $reqSubject, $expiry)) { if ($expiry < time()) { $this->_dropbox->DeleteReqData($req); return $smarty->getConfigVariable('ErrorReadAuth'); } // It was a valid req key, so leave $req alone (and true). $reqSubject = trim($reqSubject); $this->_subject = $reqSubject; } else { // Invalid request code, so ignore them $req = FALSE; $reqSubject = ''; } } // It is not a request, or not a valid request if ($req == '') { // So now they must be authorized as it's not a request if (!$this->_dropbox->authorizedUser()) { $auth = $_POST['auth']; // JKF Get the above from the auth database // JKF Fail if it doesn't exist or it's a pickup auth not a dropoff $authdatares = $this->_dropbox->ReadAuthData($auth, $senderName, $senderEmail, $senderOrganization, $expiry); if (!$authdatares) { return $smarty->getConfigVariable('ErrorReadAuth'); } // If the email is blank (and name has no spaces) then it's a pickup. // In a pickup, the name is used as the sender's IP address. if (!preg_match('/ /', $senderName) && $senderEmail == '') { return $smarty->getConfigVariable('ErrorReadAuth'); } if ($expiry < time()) { $this->_dropbox->DeleteAuthData($auth); return $smarty->getConfigVariable('ErrorReadAuth'); } } else { // Logged-in user so just read their data $senderName = $this->_dropbox->authorizedUserData("displayName"); $senderOrganization = paramPrepare($_POST['senderOrganization']); $senderEmail = trim($this->_dropbox->authorizedUserData("mail")); } } // Erase the note if it is just white space. if (preg_match('/^\\s*$/', $note)) { $note = ""; } // Check the length of the note. $notelength = strlen($note); $maxlen = $this->_dropbox->maxnotelength(); if ($notelength > $maxlen) { return sprintf($smarty->getConfigVariable('ErrorNoteTooLong'), $notelength, $maxlen); } $confirmDelivery = $_POST['confirmDelivery'] ? TRUE : FALSE; $informRecipients = $_POST['informRecipients'] ? TRUE : FALSE; $recipients = array(); $recipIndex = -1; // <0 => no recipients found $arraykeys = array_keys($_POST); foreach ($arraykeys as $arraykey) { $matches = array(); if (preg_match('/^recipient_(\\d+)/', $arraykey, $matches)) { $recipIndex = $matches[1]; //while ( array_key_exists('recipient_'.$recipIndex,$_POST) ) { $recipName = paramPrepare($_POST['recipName_' . $recipIndex]); $recipEmail = paramPrepare($_POST['recipEmail_' . $recipIndex]); if ($recipName || $recipEmail) { // Take the email to purely lowercase for simplicity: $recipEmail = strtolower($recipEmail); // Just a username? We add an implicit "@domain.com" for these and validate them! $emailParts[1] = NULL; $emailParts[2] = NULL; if (preg_match('/\\@/', $recipEmail)) { // Has an @ sign so is an email address. Must be valid! if (!preg_match($this->_dropbox->validEmailRegexp(), $recipEmail, $emailParts)) { return sprintf($smarty->getConfigVariable('ErrorBadRecipient'), $recipEmail); } } else { // No @ sign so just stick default domain in right hand side $emailParts[1] = $recipEmail; $emailParts[2] = $this->_dropbox->defaultEmailDomain(); } $recipEmailDomain = $emailParts[2]; // Don't think this line is needed any more, but harmless $recipEmail = $emailParts[1] . "@" . $emailParts[2]; // Look at the recipient's email domain; un-authenticated users can only deliver // to the dropbox's domain: // JKF Changed checkRecipientDomain to return true if it's a local user if (!$this->_dropbox->authorizedUser() && !$this->_dropbox->checkRecipientDomain($recipEmail)) { return $smarty->getConfigVariable('ErrorWillNotSend'); } $recipients[] = array($recipName ? $recipName : "", $recipEmail); } else { if ($recipName && !$recipEmail) { return $smarty->getConfigVariable('ErrorNoEmail'); } } //$recipIndex++; } } // No recipients found? if ($recipIndex < 0) { return $smarty->getConfigVariable('ErrorNoEmail'); } // // Check for an uploaded CSV/TXT file containing addresses: // if ($_FILES['recipient_csv']['tmp_name']) { if ($_FILES['recipient_csv']['error'] != UPLOAD_ERR_OK) { $error = sprintf($smarty->getConfigVariable('ErrorWhileUploading'), $_FILES['recipient_csv']['name']); switch ($_FILES['recipient_csv']['error']) { case UPLOAD_ERR_INI_SIZE: $error .= $smarty->getConfigVariable('ErrorRecipientsTooBigForPHP'); break; case UPLOAD_ERR_FORM_SIZE: $error .= sprintf($smarty->getConfigVariable('ErrorRecipientsFileTooBig'), $this->_dropbox->maxBytesForFile()); break; case UPLOAD_ERR_PARTIAL: $error .= $smarty->getConfigVariable('ErrorRecipientsPartialUpload'); break; case UPLOAD_ERR_NO_FILE: $error .= $smarty->getConfigVariable('ErrorNoRecipientsFile'); break; case UPLOAD_ERR_NO_TMP_DIR: $error .= $smarty->getConfigVariable('ErrorNoTemp'); break; case UPLOAD_ERR_CANT_WRITE: $error .= $smarty->getConfigVariable('ErrorBadTemp'); break; } return $error; } // Parse the CSV/TXT file: if ($csv = fopen($_FILES['recipient_csv']['tmp_name'], 'r')) { while ($fields = fgetcsv($csv)) { if ($fields[0] !== NULL) { // Got one; figure out which field is an email address: foreach ($fields as $recipEmail) { // Take the email to purely lowercase for simplicity: $recipEmail = strtolower($recipEmail); // JKF Don't allow just usernames in CSV file! if (!preg_match($this->_dropbox->validEmailRegexp(), $recipEmail, $emailParts)) { continue; } $recipEmailDomain = $emailParts[2]; $recipEmail = $emailParts[1] . "@" . $emailParts[2]; // Look at the recipient's email domain; // un-authenticated users can only deliver to the dropbox's // domain: if (!$this->_dropbox->authorizedUser() && !$this->_dropbox->checkRecipientDomain($recipEmail)) { return $smarty->getConfigVariable('ErrorWillNotSend'); } // $recipients[] = array(( $recipName ? $recipName : "" ),$recipEmail); $recipients[] = array("", $recipEmail); } } } fclose($csv); } else { return $smarty->getConfigVariable('ErrorBadRecipientsFile'); } //$fileCount = count( array_keys($_FILES) ) - 1; //} else { // //$fileCount = count( array_keys($_FILES) ); // $fileCount = numberOfFiles(); } // If it's in response to a request, and the recipient override // is set, then zap the first recipient and replace with ours. $reqRecipient = $this->_dropbox->reqRecipient(); if ($req != '' && $reqRecipient != '') { $recipients[0][1] = $reqRecipient; } // Reduce the list of recipients to those with unique email addresses uniqueifyRecipients($recipients); // Confirm that all fields are present and accounted for: $fileCount = $this->numberOfFiles(); if ($fileCount == 0) { return $smarty->getConfigVariable('ErrorNoFiles'); } // Now make sure each file was uploaded successfully, isn't too large, // and that the total size of the upload isn't over capacity: $i = 1; $totalBytes = 0.0; $totalFiles = 0; // while ( $i <= $fileCount ) { while ($i <= $this->maxFilesKey) { $key = "file_" . $i; if (array_key_exists('file_select_' . $i, $_POST) && $_POST['file_select_' . $i] != "-1") { $totalFiles++; } elseif ($_FILES[$key]['name']) { if ($_FILES[$key]['error'] != UPLOAD_ERR_OK) { $error = sprintf($smarty->getConfigVariable('ErrorWhileUploading'), $_FILES[$key]['name']); switch ($_FILES[$key]['error']) { case UPLOAD_ERR_INI_SIZE: $error .= $smarty->getConfigVariable('ErrorTooBigForPHP'); break; case UPLOAD_ERR_FORM_SIZE: $error .= sprintf($smarty->getConfigVariable('ErrorFileTooBig'), $this->_dropbox->maxBytesForFile()); break; case UPLOAD_ERR_PARTIAL: $error .= $smarty->getConfigVariable('ErrorPartialUpload'); break; case UPLOAD_ERR_NO_FILE: $error .= $smarty->getConfigVariable('ErrorNoFile'); break; case UPLOAD_ERR_NO_TMP_DIR: $error .= $smarty->getConfigVariable('ErrorNoTemp'); break; case UPLOAD_ERR_CANT_WRITE: $error .= $smarty->getConfigVariable('ErrorBadTemp'); break; } return $error; } if (($bytes = $_FILES[$key]['size']) < 0) { // Grrr...stupid 32-bit nonsense. Convert to the positive // value float-wise: $bytes = ($bytes & 0x7fffffff) + 2147483648.0; } if ($bytes > $this->_dropbox->maxBytesForFile()) { return sprintf($smarty->getConfigVariable('ErrorNamedFileTooBig'), $_FILES[$key]['name'], NSSFormattedMemSize($this->_dropbox->maxBytesForFile())); } if (($totalBytes += $bytes) > $this->_dropbox->maxBytesForDropoff()) { return sprintf($smarty->getConfigVariable('ErrorDropoffTooBig'), $_FILES[$key]['name'], NSSFormattedMemSize($this->_dropbox->maxBytesForDropoff())); } // MyZendTo: If they don't have enough quota left, disallow it if (preg_match('/^[yYtT1]/', MYZENDTO)) { $QuotaLeft = $this->_dropbox->database->DBRemainingQuota($this->_dropbox->authorizedUser()); if ($totalBytes > $QuotaLeft) { return sprintf($smarty->getConfigVariable('ErrorDropoffQuota'), NSSFormattedMemSize($totalBytes - $QuotaLeft)); } } $totalFiles++; } $i++; } //if ( $totalBytes == 0 ) { if ($totalFiles == 0) { return $smarty->getConfigVariable('ErrorNoFiles'); } // JKF Start // // Call clamdscan on all the files, fail if they are infected // If the name of the scanner is set to '' or 'DISABLED' then skip this. $clamdscancmd = $this->_dropbox->clamdscan(); if ($clamdscancmd != 'DISABLED') { $ccfilecount = 1; $ccfilelist = ''; $foundsometoscan = FALSE; while ($ccfilecount <= $this->maxFilesKey) { // For every possible file, we only add it to the list of clamd // targets if it's not a library file (assumed clean), but it is // an uploaded file, and that file-slot in the form was used. $filekey = "file_" . $ccfilecount; $selectkey = "file_select_" . $ccfilecount; if (!(array_key_exists($selectkey, $_POST) && $_POST[$selectkey] != "-1") && array_key_exists($filekey, $_FILES) && array_key_exists('tmp_name', $_FILES[$filekey]) && $_FILES[$filekey]['tmp_name'] !== '') { // and is not blank $ccfilelist .= ' ' . $_FILES[$filekey]['tmp_name']; $foundsometoscan = TRUE; } $ccfilecount++; } if ($foundsometoscan) { // Don't do any of this if they uploaded nothing exec("/bin/chmod go+r " . $ccfilelist); // Need clamd to read them! $clamdinfected = 0; $clamdoutput = array(); $clamcmd = exec($clamdscancmd . $ccfilelist, $clamdoutput, $clamdinfected); if ($clamdinfected == 1) { return $smarty->getConfigVariable('ErrorVirusFound'); } if ($clamdinfected == 2) { return $smarty->getConfigVariable('ErrorVirusFailed'); } } } // // JKF End if (!$senderName) { return $smarty->getConfigVariable('ErrorSenderName'); } if (!$senderEmail) { return $smarty->getConfigVariable('ErrorSenderEmail'); } if (!preg_match($this->_dropbox->validEmailRegexp(), $senderEmail, $emailParts)) { return $smarty->getConfigVariable('ErrorSenderBadEmail'); } $senderEmail = $emailParts[1] . "@" . $emailParts[2]; // Invent a passcode and claim ID: $claimPasscode = NSSGenerateCode(); $claimID = NULL; $claimDir = NULL; if (!$this->_dropbox->directoryForDropoff($claimID, $claimDir)) { return $smarty->getConfigVariable('ErrorUniqueDir'); } // Insert into database: if ($this->_dropbox->database->DBStartTran()) { if ($dropoffID = $this->_dropbox->database->DBAddDropoff($claimID, $claimPasscode, $this->_dropbox->authorizedUser(), $senderName, $senderOrganization, $senderEmail, $_SERVER['REMOTE_ADDR'], $confirmDelivery, timestampForTime(time()), $note)) { // Add recipients: if (!$this->_dropbox->database->DBAddRecipients($recipients, $dropoffID)) { $this->_dropbox->database->DBRollbackTran(); return $smarty->getConfigVariable('ErrorStoreRecipients'); } // Process the files: $i = 1; $realFileCount = 0; $tplFiles = array(); // These are the file hashes we process in tpl. //while ( $i <= $fileCount ) { while ($i <= $this->maxFilesKey) { $key = "file_" . $i; $selectkey = 'file_select_' . $i; if (array_key_exists($selectkey, $_POST) && $_POST[$selectkey] != "-1") { // It's a library file. // Get the name of the library file they want (safely) // by removing all "../" elements and things like it $libraryfile = preg_replace('/\\.\\.[:\\/\\\\]/', '', $_POST[$selectkey]); $libraryfile = paramPrepare($libraryfile); // Generate a random filename (collisions are very unlikely) $tmpname = mt_rand(10000000, 99999999); // Link in the library file symlink($this->_dropbox->libraryDirectory() . '/' . $libraryfile, $claimDir . '/' . $tmpname); // Now strip off the possible subdirectory name as we only // want it in the symlink and not after that. $libraryfilesize = filesize($this->_dropbox->libraryDirectory() . '/' . $libraryfile); $libraryfile = trim(preg_replace('/^.*\\//', '', $libraryfile)); // We use this a few times $librarydesc = paramPrepare(trim($_POST["desc_" . $i])); // Add to database: if (!$this->_dropbox->database->DBAddFile1($dropoffID, $tmpname, $libraryfile, $libraryfilesize, "application/octet-stream", $librarydesc)) { // Exit gracefully -- dump database changes and remove the dropoff // directory: $this->_dropbox->writeToLog("error while adding dropoff library file to database for {$claimID}"); if (!rmdir_r($claimDir)) { $this->_dropbox->writeToLog("unable to remove {$claimDir} -- orphaned!!"); } if (!$this->_dropbox->database->DBRollbackTran()) { $this->_dropbox->writeToLog("failed to ROLLBACK after botched dropoff: {$claimID}"); $this->_dropbox->writeToLog("there may be orphans"); } return sprintf($smarty->getConfigVariable('ErrorNamedStore'), $libraryfile); } // That's right, one more file! $tplFiles[$realFileCount] = array(); $tplFiles[$realFileCount]['name'] = $libraryfile; $tplFiles[$realFileCount]['type'] = 'Library'; $tplFiles[$realFileCount]['size'] = NSSFormattedMemSize($libraryfilesize); $tplFiles[$realFileCount]['description'] = $librarydesc; $realFileCount++; // Update the description in the library index $this->_dropbox->database()->DBUpdateLibraryDescription($libraryfile, $librarydesc); } elseif ($_FILES[$key]['name']) { // It's an uploaded file $tmpname = basename($_FILES[$key]['tmp_name']); // Get file size from local copy, not what browser told us $bytes = filesize($_FILES[$key]['tmp_name']); if (!move_uploaded_file($_FILES[$key]['tmp_name'], $claimDir . "/" . $tmpname)) { // Exit gracefully -- dump database changes and remove the dropoff // directory: $this->_dropbox->writeToLog("error while storing dropoff files for {$claimID}"); if (!rmdir_r($claimDir)) { $this->_dropbox->writeToLog("unable to remove {$claimDir} -- orphaned!!"); } if (!$this->_dropbox->database->DBRollbackTran()) { $this->_dropbox->writeToLog("failed to ROLLBACK after botched dropoff: {$claimID}"); $this->_dropbox->writeToLog("there may be orphans"); } return sprintf($smarty->getConfigVariable('ErrorNamedDrop'), $_FILES[$key]['name']); } //if ( ($bytes = $_FILES[$key]['size']) < 0 ) { // // Grrr...stupid 32-bit nonsense. Convert to the positive // // value float-wise: // $bytes = ($bytes & 0x7FFFFFFF) + 2147483648.0; //} // Add to database: if (!$this->_dropbox->database->DBAddFile1($dropoffID, $tmpname, paramPrepare($_FILES[$key]['name']), $bytes, $_FILES[$key]['type'] ? $_FILES[$key]['type'] : "application/octet-stream", paramPrepare($_POST["desc_" . $i]))) { // Exit gracefully -- dump database changes and remove the dropoff // directory: $this->_dropbox->writeToLog("error while adding dropoff file to database for {$claimID}"); if (!rmdir_r($claimDir)) { $this->_dropbox->writeToLog("unable to remove {$claimDir} -- orphaned!!"); } if (!$this->_dropbox->database->DBRollbackTran()) { $this->_dropbox->writeToLog("failed to ROLLBACK after botched dropoff: {$claimID}"); $this->_dropbox->writeToLog("there may be orphans"); } return sprintf($smarty->getConfigVariable('ErrorNamedStore'), $_FILES[$key]['name']); } // That's right, one more file! $tplFiles[$realFileCount] = array(); $tplFiles[$realFileCount]['name'] = paramPrepare($_FILES[$key]['name']); $tplFiles[$realFileCount]['type'] = $_FILES[$key]['type']; // Get filesize from local copy, not browser $tplFiles[$i]['size'] = NSSFormattedMemSize($_FILES[$key]['size']); $tplFiles[$realFileCount]['size'] = NSSFormattedMemSize($bytes); $tplFiles[$realFileCount]['description'] = paramPrepare($_POST["desc_" . $i]); $realFileCount++; } $i++; } // Once we get here, it's time to commit the stuff to the database: $this->_dropbox->database->DBCommitTran(); $this->_dropoffID = $dropoffID; // At long last, fill-in the fields: $this->_claimID = $claimID; $this->_claimPasscode = $claimPasscode; $this->_claimDir = $claimDir; $this->_authorizedUser = $this->_dropbox->authorizedUser(); $this->_note = $note; $this->_senderName = $senderName; $this->_senderOrganization = $senderOrganization; $this->_senderEmail = $senderEmail; $this->_senderIP = $_SERVER['REMOTE_ADDR']; $senderIP = $_SERVER['REMOTE_ADDR']; $senderHost = gethostbyaddr($_SERVER['REMOTE_ADDR']); if ($senderHost != '') { $senderHost = '(' . $senderHost . ')'; } $this->_confirmDelivery = $confirmDelivery; $this->_informRecipients = $informRecipients; $this->_created = getdate(); $this->_recipients = $recipients; // This Drop-off request has been fulfilled, so kill the keys // to stop playback attacks. if ($req) { $this->_dropbox->DeleteReqData($req); } if ($auth) { $this->_dropbox->DeleteAuthData($auth); } // Work out the real email subject line. if ($reqSubject != '') { $emailSubject = $reqSubject; } else { if ($realFileCount == 1) { $emailSubject = sprintf($smarty->getConfigVariable('DropoffEmailSubject1'), $senderName); } else { $emailSubject = sprintf($smarty->getConfigVariable('DropoffEmailSubject2'), $senderName); } } // Construct the email notification and deliver: $smarty->assign('senderName', $senderName); $smarty->assign('senderOrg', $senderOrganization); $smarty->assign('senderEmail', $senderEmail); $smarty->assign('senderIP', $senderIP); $smarty->assign('senderHost', $senderHost); $smarty->assign('note', trim($note)); $smarty->assign('subject', $emailSubject); $smarty->assign('now', timestampForTime(time())); $smarty->assign('claimID', $claimID); $smarty->assign('claimPasscode', $claimPasscode); $smarty->assign('fileCount', $realFileCount); $smarty->assign('retainDays', $this->_dropbox->retainDays()); $smarty->assignByRef('files', $tplFiles); $emailTemplate = $smarty->fetch('dropoff_email.tpl'); // Update the address book entries for this user $this->_dropbox->updateAddressbook($recipients); // Inform all the recipients by email if they want me to if ($informRecipients) { // Do we want to Bcc the sender as well? $emailBcc = ''; if ($this->_dropbox->bccSender()) { // and don't forget to encode it if there are intl chars in it if (preg_match('/[^\\x00-\\x7f]/', $senderEmail)) { $emailBcc = "Bcc: =?UTF-8?B?" . base64_encode(html_entity_decode($senderEmail)) . "?=" . PHP_EOL; } else { $emailBcc = "Bcc: {$senderEmail}" . PHP_EOL; } } // Make the mail come from the sender, not ZendTo foreach ($recipients as $recipient) { // In MyZendTo, don't send email to myself if (preg_match('/^[yYtT1]/', MYZENDTO) && $senderEmail != $recipient[1] || preg_match('/^[^yYtT1]/', MYZENDTO)) { $emailContent = preg_replace('/__EMAILADDR__/', urlencode($recipient[1]), $emailTemplate); $success = $this->_dropbox->deliverEmail($recipient[1], $senderEmail, $emailSubject, $emailContent, $emailBcc); $emailBcc = ''; // Only Bcc the sender on the first email out if (!$success) { $this->_dropbox->writeToLog(sprintf("notification email not delivered successfully to %s for claimID {$claimID}", $recipient[1])); } else { $this->_dropbox->writeToLog(sprintf("notification email delivered successfully to %s for claimID {$claimID}", $recipient[1])); } } } } // Log our success: $this->_dropbox->writeToLog(sprintf("{$senderName} <{$senderEmail}> => {$claimID} [%s]", $realFileCount == 1 ? "1 file" : "{$realFileCount} files")); } else { return $smarty->getConfigVariable('ErrorAddDropoff'); } } else { return $smarty->getConfigVariable('ErrorBeginTransaction'); } return NULL; }