function readDirR($dir = "./", $base_path = './', $mp = '') { if ($listing = opendir($dir)) { $return = array(); while (($entry = readdir($listing)) !== false) { if ($entry != "." && $entry != ".." && substr($entry, 0, 1) != '.') { $dir = preg_replace("/^(.*)(\\/)+\$/", "\$1", $dir); $item = $dir . "/" . $entry; $isfile = is_file($item); $dirend = $isfile ? '' : '/'; $path_to_file = $dir . "/" . $entry . $dirend; $path_to_file = str_replace($mp, $base_path, $path_to_file); $link = '<a rel="' . getExt($entry) . '" href="' . $path_to_file . '">' . $entry . '</a>'; if ($isfile && isValidFile($entry)) { $return[] = $link; } elseif (is_dir($item)) { $return[$link] = readDirR($item, $base_path, $mp); } else { } } else { } } return $return; } else { die('Can\'t read directory.'); } }
function uploadFile($userID, $groupID, $file) { $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); if ($user->getRole()->getRoleID() == "4") { return "This user was forbidden to upload file!"; } if (!isValidID($groupID)) { return "Group id is not valid!"; } $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return "Can not find this group!"; } if ($group->getActivateStatus() === "2") { return "Group is not activated!"; } $groupMemberDAO = new GroupMemberDAO(); $groupMember = $groupMemberDAO->getGroupMember($group, $user); if ($groupMember === null) { return "User didn't belong to this group!"; } if (gettype($file["error"]) == "array") { return "Only accept one file!"; } $res = isValidUploadFile($file["error"]); if ($res !== true) { return $res; } $fileType = -1; $res = isValidImage($file["name"]); if ($res === true) { $fileType = "2"; } $res = isValidFile($file["name"]); if ($res === true) { $fileType = "3"; } if ($fileType === -1) { return "Only accepts jpeg/jpg/gif/png/zip file!"; } $record = new Record($group, $user, $fileType, "temp", "1"); $recordDAO = new RecordDAO(); $recordDAO->insertRecord($record); $fileDir = "upload/"; $filePath = $fileDir . $record->getRecordID() . "_" . $file["name"]; $record->setContent($filePath); $recordDAO->updateRecord($record); if (file_exists($filePath)) { unlink($filePath); } if (!move_uploaded_file($file['tmp_name'], $filePath)) { return "Fail to move file, please contact administrator!"; } return true; }
function printEntry($path) { global $encoding; if (!findEntry(".", $path, "findFromXML")) { $classpath = array('./', "../WEB-INF/classes"); foreach ($classpath as $dir) { if (file_exists(realpath("{$dir}/{$path}")) && isValidFile($dir, $path)) { header("Content-Type:" . findMimiType($path) . ";charset={$encoding}"); readfile(realpath("{$dir}/{$path}")); return; } } if (!findEntry("../WEB-INF/lib/", $path, "findFromZip")) { header("HTTP/1.0 404 Not Found"); } } }
public static function upload(&$return) { if (!isset($_POST['meta']) || empty($_POST['meta'])) { $return['sucess'] = false; $return['error'] = 'Please provide a meta type for the file upload (TEXT, FILE).'; return; } $meta = strtoupper($_POST['meta']); if ($meta != 'FILE' && $meta != 'TEXT') { $return['sucess'] = false; $return['error'] = 'Invalid meta type! : ' . $meta; return; } if ($meta == 'FILE') { $err = isValidFile(PASTE_FILE_TMP_NAME, PASTE_MAX_LENGTH_MB * 1000 * 1000); if ($err != true) { $return['sucess'] = false; $return['error'] = 'Bad file! Error: ' . $err; return; } } /* ensure that no output is sent to the json output */ /* create and fill the paste object */ $paste = new PasteHandler_Paste(); $paste->fill($_POST); $paste->type = $meta; if ($meta == 'FILE') { $fileName = $_FILES[PASTE_FILE_TMP_NAME]['name']; if (!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); } $dir = currentSite()->relativePath . 'uploads/'; $permFile = $dir . getRandomString() . '_' . $fileName; $tmp = $_FILES[PASTE_FILE_TMP_NAME]["tmp_name"]; /* change name so there's no colissions if someone uploads a file named the same thing */ // $_FILES[PASTE_FILE_TMP_NAME]["tmp_name"] = $_FILES[PASTE_FILE_TMP_NAME]["name"] = getRandomString() . $_FILES[PASTE_FILE_TMP_NAME]["name"] ; /* move the file out of the tmp directory */ move_uploaded_file($tmp, $permFile); //echo 'tmp: ' . $tmp; //echo 'path : ' . currentSite()->absolutePath . 'uploads/' . getRandomString() . $_FILES[PASTE_FILE_TMP_NAME]["name"]; if (exif_imagetype($permFile) !== false) { $paste->type = 'IMAGE'; } $paste->datapath = $permFile; $paste->title = $fileName; } if (strlen($paste->data) > PASTE_MAX_LENGTH_MB * 1000 * 1000) { $return['sucess'] = false; $return['error'] = 'Paste too big. Please paste below ' . PASTE_MAX_LENGTH_MB . 'MB of data!'; return; } if ($paste->exposure === 'private' && !Account_AccountAPI::getLoggedIn()) { $return['sucess'] = false; $return['error'] = 'You cannot use private pastes without being logged in.'; return; } $longIP = findIPLong(); /* check that this ip has not submitted more then the limit of pastes in last hour */ $res = Lunor::$base->db->query('SELECT id from ' . TABLE_PREFIX . PASTE_TABLE_PREFIX . 'paste where `ip` = \'' . $longIP . '\' and DATE_SUB(NOW(), INTERVAL 1 HOUR) <= `since`;'); if ($res !== false) { $res = Lunor::$base->dbi->fetchAll($res); $entries = sizeof($res); if ($entries >= PASTE_MAX_UPLOADS_PER_HOUR) { $return['sucess'] = false; $return['error'] = 'You have pasted too many items within the last hour. Please slow down. This is in place to stop spam bots.'; return; } } /* give generated id */ $paste->id = self::generateUID(); $cur = new ORM_Operator(new PasteHandler_Paste(), array('id' => $paste->id)); while (!$cur->isEmpty()) { $paste->id = self::generateUID(); $cur = new ORM_Operator(new PasteHandler_Paste(), array('id' => $paste->id)); } $paste->views = 0; $paste->since = 'CURRENT_TIMESTAMP'; $paste->ip = $longIP; /* inset data into db */ Lunor::$base->dbi->beginTransaction(); Lunor::$base->dbi->setAdditionalPrefix(PASTE_TABLE_PREFIX); /* insert base class into the db */ $paste->insert(); /* now need to put in variable table data */ if ($_POST['expiration'] === 'views') { /* we are using the views table*/ Lunor::$base->dbi->insert('expiration_views')->map(array('paste_id' => $paste->id, 'view_limit' => $_POST['views']))->go(); } else { /* otherwise we use the time table */ Lunor::$base->dbi->insert('expiration_time')->map(array('paste_id' => $paste->id, 'expires' => self::getTimestamp()))->go(); } if ($_POST['meta'] === 'text') { /* if type is text we need to insert for the syntax highlighting */ Lunor::$base->dbi->insert('paste_text')->map(array('paste_id' => $paste->id, 'syntax_highlighting' => $_POST['paste_mode']))->go(); } /* adds our ip to the viewed list so we don't increment it ourself */ Lunor::$base->dbi->insert('paste_view')->map(array('paste_id' => $paste->id, 'ip_address' => $longIP))->go(); /* poster is not Guest! */ if (Account_AccountAPI::getLoggedIn()) { Lunor::$base->dbi->insert('user_paste')->map(array('paste_id' => $paste->id, 'user_id' => Account_AccountAPI::getUserId()))->go(); } /* if the transaction has to rollback then we let the client know it failed */ if (Lunor::$base->dbi->endTransaction() === false) { $return['sucess'] = false; return; } $return['id'] = $paste->id; $return['sucess'] = true; return; }
function validate(&$key, &$value, $error_array = array(), $index = 0, $array_key = NULL) { // echo "Switch Test \$key: " . $key . " \$value: " . $value . " <br>\n" ; switch ($key) { case "numauthors": case "numpages": // echo "Switch Number \$key: " . $key . " \$value: " . $value . " <br>\n" ; isIntegerMoreThanZero($value, &$error_array, &$index); break; case "email": case "emailHome": case "ConferenceContact": // echo "Switch Email \$key: " . $key . " \$value: " . $value . " <br>\n" ; valid_email($value, &$error_array, &$index); break; case "faxno": case "phoneno": // echo "Switch Phone \$key: " . $key . " \$value: " . $value . " <br>\n" ; isValidPhoneNumber($value, &$error_array, &$index); break; case "phonenoHome": // echo "Switch Phone \$key: " . $key . " \$value: " . $value . " <br>\n" ; isValidPhoneNumber($value, &$error_array, &$index); break; case "userfile": case "state": case "commentfile": // echo "Switch File \$key: " . $key . " \$value: " . $value . " <br>\n" ; isValidFile($value, &$error_array, &$index, &$array_key); break; case "logofile": isValidLogoFile($value, &$error_array, &$index, &$array_key); break; case "country": isValidCountryCode($value, &$error_array, &$index); break; case "password": case "newpwd": isValidPassword($value, &$error_array, &$index); break; case "date": case "ConferenceStartDate": case "ConferenceEndDate": case "arrStartDate": case "arrEndDate": if (isValidDate($value, &$error_array, &$index)) { //is_date_expired( $value , date ( "j/m/Y" , time() ) , &$error_array , &$index ) ; is_date_expired($value, date("Y-m-d", time()), &$error_array, &$index); } break; default: // echo "Default \$key: " . $key . " \$value: " . $value . " <br>\n" ; break; } }