public function processform() { $files = tfiles::i(); $html = $this->html; if (empty($_GET['action'])) { $isauthor = 'author' == litepublisher::$options->group; if ($_POST['uploadmode'] == 'file') { if (isset($_FILES['filename']['error']) && $_FILES['filename']['error'] > 0) { return $html->h4(tlocal::get('uploaderrors', $_FILES['filename']['error'])); } if (!is_uploaded_file($_FILES['filename']['tmp_name'])) { return sprintf($this->html->h4red->attack, $_FILES["filename"]["name"]); } if ($isauthor && ($r = tauthor_rights::i()->canupload())) { return $r; } $overwrite = isset($_POST['overwrite']); $parser = tmediaparser::i(); $id = $parser->uploadfile($_FILES['filename']['name'], $_FILES['filename']['tmp_name'], $_POST['title'], $_POST['description'], $_POST['keywords'], $overwrite); } else { //downloadurl $content = http::get($_POST['downloadurl']); if ($content == false) { return $this->html->h2->errordownloadurl; } $filename = basename(trim($_POST['downloadurl'], '/')); if ($filename == '') { $filename = 'noname.txt'; } if ($isauthor && ($r = tauthor_rights::i()->canupload())) { return $r; } $overwrite = isset($_POST['overwrite']); $parser = tmediaparser::i(); $id = $parser->upload($filename, $content, $_POST['title'], $_POST['description'], $_POST['keywords'], $overwrite); } if (isset($_POST['idperm'])) { tprivatefiles::i()->setperm($id, (int) $_POST['idperm']); } return $this->html->h4->success; } elseif ($_GET['action'] == 'edit') { $id = $this->idget(); if (!$files->itemexists($id)) { return $this->notfound; } $files->edit($id, $_POST['title'], $_POST['description'], $_POST['keywords']); if (isset($_POST['idperm'])) { tprivatefiles::i()->setperm($id, (int) $_POST['idperm']); } return $this->html->h4->edited; } return ''; }
public function files_upload(array $args) { if ('POST' != $_SERVER['REQUEST_METHOD']) { return $this->forbidden(); } if (!isset($_FILES['Filedata']) || !is_uploaded_file($_FILES['Filedata']['tmp_name']) || $_FILES['Filedata']['error'] != 0) { return $this->forbidden(); } //psevdo logout litepublisher::$options->user = null; if (!litepublisher::$options->hasgroup('author')) { return $this->forbidden(); } if (in_array(litepublisher::$options->groupnames['author'], litepublisher::$options->idgroups) && ($r = tauthor_rights::i()->canupload())) { return $r; } $parser = tmediaparser::i(); $id = $parser->uploadfile($_FILES['Filedata']['name'], $_FILES['Filedata']['tmp_name'], '', '', '', false); if (isset($_POST['idperm'])) { $idperm = (int) $_POST['idperm']; if ($idperm > 0) { tprivatefiles::i()->setperm($id, (int) $_POST['idperm']); } } $this->uploaded($id); $files = tfiles::i(); $item = $files->db->getitem($id); $files->items[$id] = $item; $result = array('id' => $id, 'item' => $item); if ($item['preview'] > 0) { $result['preview'] = $files->db->getitem($item['preview']); } return $result; }
public function processform() { if (!($id = $this->getidfile())) { return $this->notfound; } $files = tfiles::i(); $item = $files->getitem($id); if (isset($_POST['delete'])) { $files->delete($item['preview']); $files->setvalue($id, 'preview', 0); return $this->html->h4->deleted; } $isauthor = 'author' == litepublisher::$options->group; if (isset($_FILES['filename']['error']) && $_FILES['filename']['error'] > 0) { $error = tlocal::get('uploaderrors', $_FILES["filename"]["error"]); return "<h3>{$error}</h3>\n"; } if (!is_uploaded_file($_FILES['filename']['tmp_name'])) { return sprintf($this->html->h4red->attack, $_FILES["filename"]["name"]); } if ($isauthor && ($r = tauthor_rights::i()->canupload())) { return $r; } $filename = $_FILES['filename']['name']; $tempfilename = $_FILES['filename']['tmp_name']; $parser = tmediaparser::i(); $filename = tmediaparser::linkgen($filename); $parts = pathinfo($filename); $newtemp = $parser->gettempname($parts); if (!move_uploaded_file($tempfilename, litepublisher::$paths->files . $newtemp)) { return sprintf($this->html->h4->attack, $_FILES["filename"]["name"]); } $resize = !isset($_POST['noresize']); $idpreview = $parser->add(array('filename' => $filename, 'tempfilename' => $newtemp, 'enabledpreview' => $resize, 'ispreview' => $resize)); if ($idpreview) { if ($item['preview'] > 0) { $files->delete($item['preview']); } $files->setvalue($id, 'preview', $idpreview); $files->setvalue($idpreview, 'parent', $id); if ($item['idperm'] > 0) { $files->setvalue($idpreview, 'idperm', $item['idperm']); tprivatefiles::i()->setperm($idpreview, (int) $item['idperm']); } return $this->html->h4->success; } }