/**
* handles a file upload
*
* @param string $name the name of the current field
* @param array $file the $_FILES array element corresponding to one file
* @param int|bool record id if the action is an update
*
* @return string the path to the uploaded file or false if error
*/
private static function _handle_file_upload($field_name, $file, $id = false)
{
$field_atts = self::get_field_atts($field_name);
$type = 'image-upload' == $field_atts->form_element ? 'image' : 'file';
$delete_checked = (bool) (isset($_POST[$field_name . '-deletefile']) and $_POST[$field_name . '-deletefile'] == 'delete');
$_POST[$field_name . '-deletefile'] = '';
// attempt to create the target directory if it does not exist
if (!is_dir(PDb_Path::files_path())) {
if (false === PDb_Path::_make_uploads_dir()) {
return false;
}
}
if (!is_uploaded_file(realpath($file['tmp_name']))) {
self::_show_validation_error(__('There is something wrong with the file you tried to upload. Try another.', 'participants-database'), $field_name);
return false;
}
/* get the allowed file types and test the uploaded file for an allowed file
* extension
*/
$extensions = empty($field_atts->values) ? self::$plugin_options['allowed_file_types'] : implode(',', self::unserialize_array($field_atts->values));
$test = preg_match('#^(.+)\\.(' . implode('|', array_map('trim', explode(',', str_replace('.', '', strtolower($extensions))))) . ')$#', strtolower($file['name']), $matches);
//error_log(__METHOD__.' ext:'.$extensions.' test:'. $test.' matches:'.print_r($matches,1));
if (0 === $test) {
if ($type == 'image' && empty($field_atts->values)) {
self::_show_validation_error(sprintf(__('For "%s", you may only upload image files like JPEGs, GIFs or PNGs.', 'participants-database'), $field_atts->title), $field_name);
} else {
self::_show_validation_error(sprintf(__('The file selected for "%s" must be one of these types: %s. ', 'participants-database'), $field_atts->title, preg_replace('#(,)(?=[^,])#U', ', ', $extensions)), $field_name);
}
return false;
} else {
// validate and construct the new filename using only the allowed file extension
$new_filename = preg_replace(array('#\\.#', "/\\s+/", "/[^-\\.\\w]+/"), array("-", "_", ""), $matches[1]) . '.' . $matches[2];
// now make sure the name is unique by adding an index if needed
$index = 1;
while (file_exists(PDb_Path::files_path() . $new_filename)) {
$filename_parts = pathinfo($new_filename);
$new_filename = preg_replace(array('#_[0-9]+$#'), array(''), $filename_parts['filename']) . '_' . $index . '.' . $filename_parts['extension'];
$index++;
}
}
if ($type == 'image') {
/*
* we perform a validity check on the image files, this also makes sure only
* images are uploaded in image upload fields
*/
$fileinfo = getimagesize($file['tmp_name']);
$valid_image = in_array($fileinfo[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG, IMAGETYPE_WBMP));
if (!$valid_image) {
self::_show_validation_error(sprintf(__('For "%s", you may only upload image files like JPEGs, GIFs or PNGs.', 'participants-database'), $field_atts->title), $field_name);
return false;
}
}
if ($file['size'] > self::$plugin_options['image_upload_limit'] * 1024) {
self::_show_validation_error(sprintf(__('The file you tried to upload is too large. The file must be smaller than %sK.', 'participants-database'), self::$plugin_options['image_upload_limit']), $field_name);
return false;
}
if (false === move_uploaded_file($file['tmp_name'], PDb_Path::files_path() . $new_filename)) {
self::_show_validation_error(__('The file could not be saved.', 'participants-database'));
return false;
}
/*
* if a previously uploaded file exists and the preference is to allow user deletes,
* the previously uploaded file is deleted. If an admin wants to delete a file while
* user deletes are not allowed, they must check the delete box.
*
* as of 1.5.5
*/
if ($id !== false) {
$record_data = self::get_participant($id);
if (!empty($record_data[$field_name])) {
$image_obj = new PDb_Image(array('filename' => $record_data[$field_name]));
if ($image_obj->image_defined and self::$plugin_options['file_delete'] == '1' || is_admin() && $delete_checked) {
self::delete_file($record_data[$field_name]);
}
}
}
/*
* as of 1.3.2 we save the image as filename only; the image is retrieved from
* the directory defined in the plugin setting using the self::get_image function
*/
return $new_filename;
}
/**
* sets the uploads directory path
*
* @return bool true if the directory is located
*/
function _set_upload_dir()
{
$this->upload_directory = PDb_Path::files_location();
// check for the target directory; attept to create if it doesn't exist
return is_dir($this->root_path . $this->upload_directory) ? true : PDb_Path::_make_uploads_dir($this->upload_directory);
}
