/** * file copy to blob * @param type $source_file * @param type $filename * @return type */ function file_copy_to_blob($source_file, $filename) { $arrext = explode('.', $source_file['name']); $jml = count($arrext) - 1; $ext = $arrext[$jml]; $ext = strtolower($ext); $image['mime'] = check_mime_type($source_file); $image['name'] = $filename . "." . $ext; $image['ext'] = $ext; $image['tmp_file'] = file_get_contents($source_file['tmp_name']); return $image; }
/** * Processing current upload, aka 'after user click upload button to upload his files' */ function process() { global $SQL, $dbprefix, $config, $lang; ($hook = kleeja_run_hook('kljuploader_process_func')) ? eval($hook) : null; //run hook # check folder our real folder if (!file_exists($this->folder)) { if (!make_folder($this->folder)) { $this->messages[] = array($lang['CANT_DIR_CRT'], 'index_err'); } } # check the live-exts-folder, live exts plugin codes if (!empty($config['imagefolderexts']) && !file_exists($config['imagefolder'])) { if (!make_folder($config['imagefolder'])) { $this->messages[] = array($lang['CANT_DIR_CRT'], 'index_err'); } } # when uploading_type = 1, then we upload from _file input # if uploading_type = 2, then we uploading from url which is disabled by default and is buggy $uploading_type = isset($_POST['submitr']) ? 1 : (isset($_POST['submittxt']) ? 2 : false); # add your uploading_type through the hook ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type')) ? eval($hook) : null; //run hook #no uploading yet, or just go to index.php, so we have make a new session if (!$uploading_type) { unset($_SESSION['FIILES_NOT_DUPLI'], $_SESSION['FIILES_NOT_DUPLI_LINKS']); } # is captcha on, and there is uploading going on if ($this->safe_code && $uploading_type) { #captcha is wrong if (!kleeja_check_captcha()) { return $this->messages[] = array($lang['WRONG_VERTY_CODE'], 'index_err'); } } # to prevent flooding, user must wait, waiting-time is grapped from Kleeja settings, admin is exceptional if (!$this->user_is_adm && user_is_flooding($this->id_user)) { return $this->messages[] = array(sprintf($lang['YOU_HAVE_TO_WAIT'], $this->id_user == '-1' ? $config['guestsectoupload'] : $config['usersectoupload']), 'index_err'); } # flooading .. if ($uploading_type == 1 && isset($_SESSION['FIILES_NOT_DUPLI'])) { for ($i = 0; $i <= $this->filesnum; $i++) { if (!empty($_SESSION['FIILES_NOT_DUPLI']['file_' . $i . '_']['name']) && !empty($_FILES['file_' . $i . '_']['name']) && $_SESSION['FIILES_NOT_DUPLI']['file_' . $i . '_']['name'] == $_FILES['file_' . $i . '_']['name']) { redirect('./'); } } } if ($uploading_type == 2 && isset($_SESSION['FIILES_NOT_DUPLI_LINKS'])) { for ($i = 0; $i <= $this->filesnum; $i++) { if (!empty($_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_']) && !empty($_POST['file_' . $i . '_']) && trim($_POST['file_' . $i . '_']) != $lang['PAST_URL_HERE'] && trim($_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_']) != $lang['PAST_URL_HERE'] && $_SESSION['FIILES_NOT_DUPLI_LINKS']['file_' . $i . '_'] == $_POST['file_' . $i . '_']) { redirect('./'); } } } # flooding code, making sure every ok session is cleared if (isset($_POST['submitr'])) { if (isset($_SESSION['FIILES_NOT_DUPLI'])) { unset($_SESSION['FIILES_NOT_DUPLI']); } $_SESSION['FIILES_NOT_DUPLI'] = $_FILES; } elseif (isset($_POST['submittxt'])) { if (isset($_SESSION['FIILES_NOT_DUPLI_LINKS'])) { unset($_SESSION['FIILES_NOT_DUPLI_LINKS']); } $_SESSION['FIILES_NOT_DUPLI_LINKS'] = $_POST; } #now close session to let user open any other page in Kleeja @session_write_close(); # uploading process, empty check-list for now $check = false; # add your uploading_type through the hook ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_later')) ? eval($hook) : null; //run hook # do upload switch ($uploading_type) { #uploading from a _files input case 1: ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_1')) ? eval($hook) : null; //run hook # loop the uploaded files for ($i = 0; $i <= $this->filesnum; $i++) { //no file! if (empty($_FILES['file_' . $i . '_']['tmp_name'])) { continue; } # file name $this->filename = isset($_FILES['file_' . $i . '_']['name']) ? htmlspecialchars(str_replace(array(';', ','), '', $_FILES['file_' . $i . '_']['name'])) : ''; # add the file to the check-list $check .= isset($_FILES['file_' . $i . '_']['name']) ? $_FILES['file_' . $i . '_']['name'] : ''; # get the extension of file $this->typet = strtolower(array_pop(explode('.', $this->filename))); # them the size $this->sizet = !empty($_FILES['file_' . $i . '_']['size']) ? intval($_FILES['file_' . $i . '_']['size']) : null; # get the other filename, changed depend on kleeja settings $this->filename2 = change_filename_decoding($this->filename, $i, $this->typet, $this->decode); # filename templates {rand:..}, {date:..} $this->filename2 = change_filename_templates(trim($this->prefix) . $this->filename2); ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_1_loop')) ? eval($hook) : null; //run hook # file exists before? change it a little if (file_exists($this->folder . '/' . $this->filename2)) { $this->filename2 = change_filename_decoding($this->filename2, $i, $this->typet, 'exists'); } # now, let process it if (!in_array(strtolower($this->typet), array_keys($this->types))) { # guest if ($this->id_user == '-1') { $this->messages[] = array(sprintf($lang['FORBID_EXT'], $this->typet) . '<br /> <a href="' . ($config['mod_writer'] ? "register.html" : "ucp.php?go=register") . '" title="' . htmlspecialchars($lang['REGISTER']) . '">' . $lang['REGISTER'] . '</a>', 'index_err'); } else { $this->messages[] = array(sprintf($lang['FORBID_EXT'], $this->typet), 'index_err'); } } elseif (preg_match("#[\\\\/\\:\\*\\?\\<\\>\\|\"]#", $this->filename2)) { $this->messages[] = array(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err'); } elseif (ext_check_safe($_FILES['file_' . $i . '_']['name']) == false) { $this->messages[] = array(sprintf($lang['WRONG_F_NAME'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err'); } elseif (check_mime_type($_FILES['file_' . $i . '_']['type'], in_array(strtolower($this->typet), array('gif', 'png', 'jpg', 'jpeg', 'bmp')), $_FILES['file_' . $i . '_']['tmp_name']) == false) { $this->messages[] = array(sprintf($lang['NOT_SAFE_FILE'], htmlspecialchars($_FILES['file_' . $i . '_']['name'])), 'index_err'); } elseif ($this->types[strtolower($this->typet)] > 0 && $this->sizet >= $this->types[strtolower($this->typet)]) { $this->messages[] = array(sprintf($lang['SIZE_F_BIG'], htmlspecialchars($_FILES['file_' . $i . '_']['name']), Customfile_size($this->types[strtolower($this->typet)])), 'index_err'); } else { ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_1_loop_upload')) ? eval($hook) : null; //run hook #if this is listed as live-ext from Kleeja settings $live_exts = array_map('trim', explode(',', $config['imagefolderexts'])); $folder_to_upload = $this->folder; if (in_array(strtolower($this->typet), $live_exts)) { # live-exts folder, if empty use default folder $folder_to_upload = trim($config['imagefolder']) == '' ? trim($config['foldername']) : trim($config['imagefolder']); # change to time decoding for filename if ((int) $config['imagefoldere']) { //$this->filename2 = change_filename_decoding($this->filename2, $i, $this->typet, 'time'); } } # now, upload the file $file = move_uploaded_file($_FILES['file_' . $i . '_']['tmp_name'], $folder_to_upload . "/" . $this->filename2); if ($file) { $this->saveit($this->filename2, $folder_to_upload, $this->sizet, $this->typet, $this->filename); } else { $this->messages[] = array(sprintf($lang['CANT_UPLAOD'], $this->filename2), 'index_err'); } } } #loop # well, there is no file uploaded if (!isset($check) || empty($check)) { $this->messages[] = array($lang['CHOSE_F'], 'index_err'); } break; #uploading from a url text-input #uploading from a url text-input case 2: #if not enabled, quit it if ((int) $config['www_url'] != '1') { break; } ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_2')) ? eval($hook) : null; //run hook #loop text inputs for ($i = 0; $i <= $this->filesnum; $i++) { # get file name $this->filename = isset($_POST['file_' . $i . '_']) ? basename(htmlspecialchars($_POST['file_' . $i . '_'])) : ''; //print $this->filename; # add it to the check-list $check .= isset($_POST['file_' . $i . '_']) && trim($_POST['file_' . $i . '_']) != $lang['PAST_URL_HERE'] ? $_POST['file_' . $i . '_'] : ''; # file extension, type $this->typet = explode(".", $this->filename); if (in_array($this->typet[count($this->typet) - 1], array('html', 'php', 'html'))) { $this->typet = strtolower($this->typet[count($this->typet) - 2]); } else { $this->typet = strtolower($this->typet[count($this->typet) - 1]); } # change to another filename depend on kleeja settings $this->filename2 = change_filename_decoding($this->filename, $i, $this->typet, $this->decode); $this->filename2 = change_filename_templates(trim($this->prefix) . $this->filename2); ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_2_loop')) ? eval($hook) : null; //run hook # process is begun if (empty($_POST['file_' . $i . '_']) || trim($_POST['file_' . $i . '_']) == $lang['PAST_URL_HERE']) { #if empty is not big deal, it's a multi-text-input, remember? } elseif (!in_array(strtolower($this->typet), array_keys($this->types))) { $this->messages[] = array(sprintf($lang['FORBID_EXT'], htmlspecialchars($_POST['file_' . $i . '_']), $this->typet), 'index_err'); } elseif (file_exists($this->folder . '/' . $this->filename2)) { $this->messages[] = array(sprintf($lang['SAME_FILE_EXIST'], htmlspecialchars($this->filename2)), 'index_err'); } else { ($hook = kleeja_run_hook('kljuploader_process_func_uploading_type_2_loop_upload')) ? eval($hook) : null; //run hook #if this is listed as live-ext from Kleeja settings $live_exts = explode(',', $config['imagefolderexts']); $folder_to_upload = $this->folder; if (in_array(strtolower($this->typet), $live_exts)) { # live-exts folder, if empty use default folder $folder_to_upload = trim($config['imagefolder']) == '' ? trim($config['foldername']) : trim($config['imagefolder']); # change to time decoding for filename if ((int) $config['imagefoldere']) { //$this->filename2 = change_filename_decoding($this->filename2, $i, $this->typet, 'time'); } } #no prefix ? http or even ftp, then add one if (!in_array(substr($_POST['file_' . $i . '_'], 0, 4), array('http', 'ftp:'))) { $_POST['file_' . $i . '_'] = 'http://' . $_POST['file_' . $i . '_']; } #get size, if big quit it $this->sizet = get_remote_file_size($_POST['file_' . $i . '_']); if ($this->types[strtolower($this->typet)] > 0 && $this->sizet >= $this->types[strtolower($this->typet)]) { $this->messages[] = array(sprintf($lang['SIZE_F_BIG'], htmlspecialchars($_POST['file_' . $i . '_']), Customfile_size($this->types[strtolower($this->typet)])), 'index_err'); } else { #get remote data, if no data quit it $data = fetch_remote_file($_POST['file_' . $i . '_'], $folder_to_upload . "/" . $this->filename2, 6, false, 2, true); if ($data === false) { $this->messages[] = array($lang['URL_CANT_GET'], 'index_err'); } else { $this->saveit($this->filename2, $folder_to_upload, $this->sizet, $this->typet); } } } #else } #end loop # if not file uploaded as the check-list said, then show error if (!isset($check) || empty($check)) { $this->messages[] = array($lang['CHOSE_F'], 'index_err'); } break; default: ($hook = kleeja_run_hook('kljuploader_process_switch_default_func')) ? eval($hook) : null; //run hook } #end switch }