Esempio n. 1
0
function handleUpload($FILE, $params)
{
    global $auth, $locale, $dataDir, $db, $defaults, $passHasher;
    // fix file size overflow (when possible) in php 5.4-5.5
    if ($FILE['size'] < 0) {
        $FILE['size'] = filesize($FILE["tmp_name"]);
        if ($FILE['size'] < 0) {
            logError($FILE["tmp_name"] . ": uncorrectable PHP file size overflow");
            return false;
        }
    }
    // generate new unique id/file name
    list($id, $tmpFile) = genTicketId();
    $tmpFile = preg_replace('/(\\/.*\\/)/', "\\1{$FILE['name']}_", $tmpFile);
    if (!move_uploaded_file($FILE["tmp_name"], $tmpFile)) {
        logError("cannot move file " . $FILE["tmp_name"] . " into {$tmpFile}");
        return handleUploadFailure($tmpFile);
    }
    // check DB connection after upload
    reconnectDB();
    // prepare data
    $sql = "INSERT INTO ticket (id, user_id, name, path, size, cmt, pass_ph" . ", time, expire, last_time, expire_dln, notify_email, sent_email, locale) VALUES (";
    $sql .= $db->quote($id);
    $sql .= ", " . $auth['id'];
    $sql .= ", " . $db->quote(mb_sane_base($FILE["name"]));
    $sql .= ", " . $db->quote($tmpFile);
    $sql .= ", " . $FILE["size"];
    $sql .= ", " . (empty($params["comment"]) ? 'NULL' : $db->quote($params["comment"]));
    $sql .= ", " . (empty($params["pass"]) ? 'NULL' : $db->quote($passHasher->HashPassword($params["pass"])));
    $sql .= ", " . time();
    if (@$params["permanent"]) {
        $sql .= ", NULL";
        $sql .= ", NULL";
        $sql .= ", NULL";
    } else {
        if (!isset($params["ticket_total"]) && !isset($params["ticket_lastdl"]) && !isset($params["ticket_maxdl"])) {
            $params["ticket_total"] = $defaults['ticket']['total'];
            $params["ticket_lastdl"] = $defaults['ticket']['lastdl'];
            $params["ticket_maxdl"] = $defaults['ticket']['maxdl'];
        }
        $sql .= ", " . (empty($params["ticket_total"]) ? 'NULL' : time() + $params["ticket_total"]);
        $sql .= ", " . (empty($params["ticket_lastdl"]) ? 'NULL' : $params["ticket_lastdl"]);
        $sql .= ", " . (empty($params["ticket_maxdl"]) ? 'NULL' : (int) $params["ticket_maxdl"]);
    }
    $sql .= ", " . (empty($params["notify"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["notify"])));
    $sql .= ", " . (empty($params["send_to"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["send_to"])));
    $sql .= ", " . $db->quote($locale);
    $sql .= ")";
    if ($db->exec($sql) != 1) {
        logDBError($db, "cannot commit new ticket to database");
        return handleUploadFailure($tmpFile);
    }
    // fetch defaults
    $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
    $DATA = $db->query($sql)->fetch();
    $DATA['pass'] = empty($params["pass"]) ? NULL : $params["pass"];
    // trigger creation hooks
    onTicketCreate($DATA);
    return $DATA;
}
Esempio n. 2
0
File: grant.php Progetto: dg-wfk/dl
function handleUpload($GRANT, $FILE)
{
    global $dataDir, $db;
    // fix file size overflow (when possible) in php 5.4-5.5
    if ($FILE['size'] < 0) {
        $FILE['size'] = filesize($FILE["tmp_name"]);
        if ($FILE['size'] < 0) {
            logError($FILE["tmp_name"] . ": uncorrectable PHP file size overflow");
            return false;
        }
    }
    // generate new unique id/file name
    list($id, $tmpFile) = genTicketId($FILE["name"]);
    if (!move_uploaded_file($FILE["tmp_name"], $tmpFile)) {
        logError("cannot move file " . $FILE["tmp_name"] . " into {$tmpFile}");
        return failUpload($tmpFile);
    }
    // convert the upload to a ticket
    $db->beginTransaction();
    $sql = "INSERT INTO ticket (id, user_id, name, path, size, cmt, pass_ph" . ", time, last_time, expire, expire_dln, locale) VALUES (";
    $sql .= $db->quote($id);
    $sql .= ", " . $GRANT['user_id'];
    $sql .= ", " . $db->quote(mb_sane_base($FILE["name"]));
    $sql .= ", " . $db->quote($tmpFile);
    $sql .= ", " . $FILE["size"];
    $sql .= ", " . (empty($GRANT["cmt"]) ? 'NULL' : $db->quote($GRANT["cmt"]));
    $sql .= ", " . (empty($GRANT["pass_ph"]) ? 'NULL' : $db->quote($GRANT["pass_ph"]));
    $sql .= ", " . time();
    $sql .= ", " . (empty($GRANT["last_time"]) ? 'NULL' : $GRANT['last_time']);
    $sql .= ", " . (empty($GRANT["expire"]) ? 'NULL' : $GRANT['expire']);
    $sql .= ", " . (empty($GRANT["expire_dln"]) ? 'NULL' : $GRANT['expire_dln']);
    $sql .= ", " . (empty($GRANT["locale"]) ? 'NULL' : $db->quote($GRANT['locale']));
    $sql .= ")";
    $db->exec($sql);
    $sql = "DELETE FROM \"grant\" WHERE id = " . $db->quote($GRANT['id']);
    $db->exec($sql);
    if (!$db->commit()) {
        logDBError($db, "cannot commit new ticket to database");
        return failUpload($tmpFile);
    }
    // fetch defaults
    $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
    $DATA = $db->query($sql)->fetch();
    if (!empty($GRANT['pass'])) {
        $DATA['pass'] = $GRANT['pass'];
    }
    // trigger use hooks
    onGrantUse($GRANT, $DATA);
    return $DATA;
}