コード例 #1
0
ファイル: pvlib.php プロジェクト: wborbajr/TecnodataApp
/**
 *  Saves a file, and outputs some feedback, if wanted.
 */
function write_file($filename, $output, $mode = 'w')
{
    global $Paths, $VerboseGenerate;
    if ($VerboseGenerate) {
        echo lang('general', 'write') . ": " . $filename . "<br />\n";
    }
    // open up..
    $opened = false;
    if ($fh = @fopen($filename, $mode)) {
        $opened = true;
    } else {
        if ($fh = @fopen(fixpath($Paths['pivot_path'] . $filename), 'w')) {
            $opened = true;
        }
    }
    // if opening failed it's no reason to continue
    if (!$opened) {
        debug("Unable to open (handle to) {$filename} - can not write to file");
        if ($VerboseGenerate) {
            echo lang('general', 'write_open_error') . ": " . $filename . "<br />\n";
        }
        return;
    }
    // wrrrriting!
    if (!fwrite($fh, $output)) {
        if ($VerboseGenerate) {
            echo lang('general', 'write_write_error') . ": " . $filename . "<br />\n";
        }
    }
    fclose($fh);
    chmod_file($filename);
}
コード例 #2
0
ファイル: gettbkey.php プロジェクト: wborbajr/TecnodataApp
$tbkey_debug = false;
include_once "../../pv_core.php";
$keydir = $Paths["pivot_path"] . "db/tbkeys/";
$tburl = $Paths["host"] . $Paths["pivot_url"] . "tb.php?tb_id=" . $_GET["id"] . "&amp;key=";
if (!strstr($_SERVER["HTTP_REFERER"], $_SERVER["SERVER_NAME"])) {
    // Creating a bogus key
    $tbkey = md5(microtime());
    debug("hardened trackbacks: illegal request - creating bogus key");
} else {
    makedir($keydir);
    $tbkey = md5($Cfg['server_spam_key'] . $_SERVER["REMOTE_ADDR"] . $_GET["id"] . time());
    if (!touch($keydir . $tbkey)) {
        debug("hardened trackbacks: directory {$keydir} isn't writable - can't create key");
    } else {
        chmod_file($keydir . $tbkey);
    }
}
// Getting the time offset between the web and file server (if there is any)
$offset = timediffwebfile($tbkey_debug);
// delete keys older than 15 minutes
$nNow = time();
$handle = opendir($keydir);
while (false !== ($file = readdir($handle))) {
    $filepath = $keydir . $file;
    if (!is_dir($filepath) && $file != "index.html") {
        $Diff = $nNow - filectime($filepath);
        if ($Diff > 60 * 15 + $offset && $tbkey_debug != true) {
            unlink($filepath);
        }
    }
コード例 #3
0
 /**
  * bool save_file ( string path[, int overwrite_mode] );
  * 
  * Cleans up the filename, copies the file from PHP's temp location to $path, 
  * and checks the overwrite_mode
  * 
  * @param path				(string) File path to your upload directory
  * @param overwrite_mode	(int) 	1 = overwrite existing file
  * 									2 = rename if filename already exists (file.txt becomes file_copy0.txt)
  * 									3 = do nothing if a file exists
  * 
  */
 function save_file($path, $overwrite_mode = "3")
 {
     if ($this->error) {
         return false;
     }
     if (strlen($path) > 0) {
         if ($path[strlen($path) - 1] != "/") {
             $path = $path . "/";
         }
     }
     $this->path = $path;
     $copy = "";
     $n = 1;
     $success = false;
     if ($this->accepted) {
         // Clean up file name (only lowercase letters, numbers, underscores and hyphens)
         $this->file["name"] = ereg_replace("[^a-z0-9._-]", "", str_replace(" ", "_", str_replace("%20", "_", strtolower($this->file["name"]))));
         // Clean up text file breaks
         if (stristr($this->file["type"], "text")) {
             $this->cleanup_text_file($this->file["tmp_name"]);
         }
         // Overriding default extension set in the upload
         // functions, since it's the list in
         // $allowed_extensions that is controlling.
         if (!empty($ext) && $this->file["extention"] != $ext) {
             $this->file["extention"] = "." . $ext;
         }
         // get the raw name of the file (without its extenstion)
         if (ereg("(\\.)([a-z0-9]{2,5})\$", $this->file["name"])) {
             $pos = strrpos($this->file["name"], ".");
             if (!$this->file["extention"]) {
                 $this->file["extention"] = substr($this->file["name"], $pos, strlen($this->file["name"]));
             }
             $this->file['raw_name'] = substr($this->file["name"], 0, $pos);
         } else {
             $this->file['raw_name'] = $this->file["name"];
             if ($this->file["extention"]) {
                 $this->file["name"] = $this->file["name"] . $this->file["extention"];
             }
         }
         switch ((int) $overwrite_mode) {
             case 1:
                 // overwrite mode
                 if (@move_uploaded_file($this->file["tmp_name"], $this->path . $this->file["name"])) {
                     $success = true;
                     chmod_file($this->path . $this->file["name"]);
                 } else {
                     $success = false;
                     $this->error = $this->get_error(5);
                 }
                 break;
             case 2:
                 // create new with incremental extention
                 while (file_exists($this->path . $this->file['raw_name'] . $copy . $this->file["extention"])) {
                     $copy = "_copy" . $n;
                     $n++;
                 }
                 $this->file["name"] = $this->file['raw_name'] . $copy . $this->file["extention"];
                 if (@move_uploaded_file($this->file["tmp_name"], $this->path . $this->file["name"])) {
                     $success = true;
                     chmod_file($this->path . $this->file["name"]);
                 } else {
                     $success = false;
                     $this->error = $this->get_error(5);
                 }
                 break;
             default:
                 // do nothing if exists, highest protection
                 if (file_exists($this->path . $this->file["name"])) {
                     $this->error = $this->get_error(4);
                     $success = false;
                 } else {
                     if (@move_uploaded_file($this->file["tmp_name"], $this->path . $this->file["name"])) {
                         $success = true;
                         chmod_file($this->path . $this->file["name"]);
                     } else {
                         $success = false;
                         $this->error = $this->get_error(5);
                     }
                 }
                 break;
         }
         // check if the uploaded file was something that could be used as an exploit, if so, add a .file extension
         // Addition by Bob.
         $allowed_extensions = explode(",", "gif,jpg,jpeg,png,pdf,ppt,tif,tiff,xls,csv,doc,txt,zip,rar,mp3,wmv,mpg,mpeg,avi,mov,htm,html,xml,swf,flv,svg");
         $ext = getextension($this->file["name"]);
         if (!in_array($ext, $allowed_extensions)) {
             $this->file["name"] .= ".file";
             $this->file["extention"] = ".file";
         }
         if (!$success) {
             unset($this->file['tmp_name']);
         }
         return (bool) $success;
     } else {
         $this->error = $this->get_error(3);
         return FALSE;
     }
 }