public function processform()
 {
     $files = tfiles::i();
     $html = $this->html;
     if (empty($_GET['action'])) {
         $isauthor = 'author' == litepublisher::$options->group;
         if ($_POST['uploadmode'] == 'file') {
             if (isset($_FILES['filename']['error']) && $_FILES['filename']['error'] > 0) {
                 return $html->h4(tlocal::get('uploaderrors', $_FILES['filename']['error']));
             }
             if (!is_uploaded_file($_FILES['filename']['tmp_name'])) {
                 return sprintf($this->html->h4red->attack, $_FILES["filename"]["name"]);
             }
             if ($isauthor && ($r = tauthor_rights::i()->canupload())) {
                 return $r;
             }
             $overwrite = isset($_POST['overwrite']);
             $parser = tmediaparser::i();
             $id = $parser->uploadfile($_FILES['filename']['name'], $_FILES['filename']['tmp_name'], $_POST['title'], $_POST['description'], $_POST['keywords'], $overwrite);
         } else {
             //downloadurl
             $content = http::get($_POST['downloadurl']);
             if ($content == false) {
                 return $this->html->h2->errordownloadurl;
             }
             $filename = basename(trim($_POST['downloadurl'], '/'));
             if ($filename == '') {
                 $filename = 'noname.txt';
             }
             if ($isauthor && ($r = tauthor_rights::i()->canupload())) {
                 return $r;
             }
             $overwrite = isset($_POST['overwrite']);
             $parser = tmediaparser::i();
             $id = $parser->upload($filename, $content, $_POST['title'], $_POST['description'], $_POST['keywords'], $overwrite);
         }
         if (isset($_POST['idperm'])) {
             tprivatefiles::i()->setperm($id, (int) $_POST['idperm']);
         }
         return $this->html->h4->success;
     } elseif ($_GET['action'] == 'edit') {
         $id = $this->idget();
         if (!$files->itemexists($id)) {
             return $this->notfound;
         }
         $files->edit($id, $_POST['title'], $_POST['description'], $_POST['keywords']);
         if (isset($_POST['idperm'])) {
             tprivatefiles::i()->setperm($id, (int) $_POST['idperm']);
         }
         return $this->html->h4->edited;
     }
     return '';
 }
Esempio n. 2
0
 public function files_upload(array $args)
 {
     if ('POST' != $_SERVER['REQUEST_METHOD']) {
         return $this->forbidden();
     }
     if (!isset($_FILES['Filedata']) || !is_uploaded_file($_FILES['Filedata']['tmp_name']) || $_FILES['Filedata']['error'] != 0) {
         return $this->forbidden();
     }
     //psevdo logout
     litepublisher::$options->user = null;
     if (!litepublisher::$options->hasgroup('author')) {
         return $this->forbidden();
     }
     if (in_array(litepublisher::$options->groupnames['author'], litepublisher::$options->idgroups) && ($r = tauthor_rights::i()->canupload())) {
         return $r;
     }
     $parser = tmediaparser::i();
     $id = $parser->uploadfile($_FILES['Filedata']['name'], $_FILES['Filedata']['tmp_name'], '', '', '', false);
     if (isset($_POST['idperm'])) {
         $idperm = (int) $_POST['idperm'];
         if ($idperm > 0) {
             tprivatefiles::i()->setperm($id, (int) $_POST['idperm']);
         }
     }
     $this->uploaded($id);
     $files = tfiles::i();
     $item = $files->db->getitem($id);
     $files->items[$id] = $item;
     $result = array('id' => $id, 'item' => $item);
     if ($item['preview'] > 0) {
         $result['preview'] = $files->db->getitem($item['preview']);
     }
     return $result;
 }
 public function processform()
 {
     if (!($id = $this->getidfile())) {
         return $this->notfound;
     }
     $files = tfiles::i();
     $item = $files->getitem($id);
     if (isset($_POST['delete'])) {
         $files->delete($item['preview']);
         $files->setvalue($id, 'preview', 0);
         return $this->html->h4->deleted;
     }
     $isauthor = 'author' == litepublisher::$options->group;
     if (isset($_FILES['filename']['error']) && $_FILES['filename']['error'] > 0) {
         $error = tlocal::get('uploaderrors', $_FILES["filename"]["error"]);
         return "<h3>{$error}</h3>\n";
     }
     if (!is_uploaded_file($_FILES['filename']['tmp_name'])) {
         return sprintf($this->html->h4red->attack, $_FILES["filename"]["name"]);
     }
     if ($isauthor && ($r = tauthor_rights::i()->canupload())) {
         return $r;
     }
     $filename = $_FILES['filename']['name'];
     $tempfilename = $_FILES['filename']['tmp_name'];
     $parser = tmediaparser::i();
     $filename = tmediaparser::linkgen($filename);
     $parts = pathinfo($filename);
     $newtemp = $parser->gettempname($parts);
     if (!move_uploaded_file($tempfilename, litepublisher::$paths->files . $newtemp)) {
         return sprintf($this->html->h4->attack, $_FILES["filename"]["name"]);
     }
     $resize = !isset($_POST['noresize']);
     $idpreview = $parser->add(array('filename' => $filename, 'tempfilename' => $newtemp, 'enabledpreview' => $resize, 'ispreview' => $resize));
     if ($idpreview) {
         if ($item['preview'] > 0) {
             $files->delete($item['preview']);
         }
         $files->setvalue($id, 'preview', $idpreview);
         $files->setvalue($idpreview, 'parent', $id);
         if ($item['idperm'] > 0) {
             $files->setvalue($idpreview, 'idperm', $item['idperm']);
             tprivatefiles::i()->setperm($idpreview, (int) $item['idperm']);
         }
         return $this->html->h4->success;
     }
 }