コード例 #1
0
ファイル: index.php プロジェクト: lordbasex/elastix-gui
function handleJSON_changeImageProfile($smarty, $module_name)
{
    global $arrConf;
    Header('Content-Type: application/json');
    $arrCredentials = getUserCredentials($_SESSION['elastix_user']);
    $pDB = new paloDB($arrConf['elastix_dsn']["elastix"]);
    $pACL = new paloACL($pDB);
    $jsonObject = new PaloSantoJSON();
    $idUser = $arrCredentials['idUser'];
    foreach ($_FILES['picture']['error'] as $key => $error) {
        if ($error == UPLOAD_ERR_OK) {
            $pictureUpload = $_FILES['picture']['name'][$key];
            if (!preg_match("/^(\\w|-|\\.|\\(|\\)|\\s)+\\.(png|PNG|JPG|jpg|JPEG|jpeg)\$/", $pictureUpload)) {
                $jsonObject->set_error(_tr("Invalid file extension.- It must be png or jpg or jpeg"));
                return $jsonObject->createJSON();
            } elseif (preg_match("/(\\.php)/", $pictureUpload)) {
                $jsonObject->set_error(_tr("Possible file upload attack."));
                return $jsonObject->createJSON();
            } else {
                if (is_uploaded_file($_FILES['picture']['tmp_name'][$key])) {
                    $ancho = 159;
                    $alto = 159;
                    redimensionarImagen($_FILES['picture']['tmp_name'][$key], $_FILES['picture']['tmp_name'][$key], $ancho, $alto);
                    $picture_type = $_FILES['picture']['type'][$key];
                    $picture_content = file_get_contents($_FILES['picture']['tmp_name'][$key]);
                    $Exito = $pACL->setUserPicture($idUser, $picture_type, $picture_content);
                    if ($Exito === false) {
                        $jsonObject->set_error(_tr("Image couldn't be upload."));
                        return $jsonObject->createJSON();
                    }
                } else {
                    $jsonObject->set_error(_tr("Possible file upload attack. Filename") . " : " . $pictureUpload);
                    return $jsonObject->createJSON();
                }
            }
            $url = "index.php?menu=_elastixutils&action=getImage&ID={$idUser}&rawmode=yes";
            $jsonObject->set_message($url);
            return $jsonObject->createJSON();
        }
    }
    return $jsonObject->createJSON();
}
コード例 #2
0
ファイル: index.php プロジェクト: hardikk/HNH
function save_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk, $update = FALSE)
{
    $arrForm = createFieldForm($arrLang);
    $oForm = new paloForm($smarty, $arrForm);
    $pACL = new paloACL($pDB_2);
    $id_user = $pACL->getIdUser($_SESSION["elastix_user"]);
    $bandera = true;
    if (!$oForm->validateForm($_POST)) {
        // Falla la validación básica del formulario
        $smarty->assign("mb_title", $arrLang["Validation Error"]);
        $arrErrores = $oForm->arrErroresValidacion;
        $strErrorMsg = "<b>{$arrLang['The following fields contain errors']}:</b><br/>";
        if (is_array($arrErrores) && count($arrErrores) > 0) {
            foreach ($arrErrores as $k => $v) {
                $strErrorMsg .= "{$k}, ";
            }
        }
        $smarty->assign("mb_message", $strErrorMsg);
        $smarty->assign("REQUIRED_FIELD", $arrLang["Required field"]);
        $smarty->assign("SAVE", $arrLang["Save"]);
        $smarty->assign("CANCEL", $arrLang["Cancel"]);
        $smarty->assign("title", $arrLang["Address Book"]);
        $smarty->assign("new_contact", $arrLang["New Contact"]);
        $smarty->assign("address_from_csv", $arrLang["Address Book from CSV"]);
        $smarty->assign("private_contact", $arrLang["Private Contact"]);
        $smarty->assign("public_contact", $arrLang["Public Contact"]);
        if (isset($_POST['address_book_options']) && $_POST['address_book_options'] == 'address_from_csv') {
            $smarty->assign("check_csv", "checked");
        } else {
            $smarty->assign("check_new_contact", "checked");
        }
        if (isset($_POST['address_book_status']) && $_POST['address_book_status'] == 'isPrivate') {
            $smarty->assign("check_isPrivate", "checked");
        } else {
            $smarty->assign("check_isPublic", "checked");
        }
        $smarty->assign("SAVE", $arrLang["Save"]);
        $smarty->assign("CANCEL", $arrLang["Cancel"]);
        $smarty->assign("REQUIRED_FIELD", $arrLang["Required field"]);
        $smarty->assign("label_file", $arrLang["File"]);
        $smarty->assign("DOWNLOAD", $arrLang["Download Address Book"]);
        $smarty->assign("HeaderFile", $arrLang["Header File Address Book"]);
        $smarty->assign("AboutContacts", $arrLang["About Address Book"]);
        if ($update) {
            $_POST["edit"] = 'edit';
            return view_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
        } else {
            $smarty->assign("Show", 1);
            $smarty->assign("ShowImg", 1);
            $htmlForm = $oForm->fetchForm("{$local_templates_dir}/new_adress_book.tpl", $arrLang["Address Book"], $_POST);
            $contenidoModulo = "<form  method='POST' enctype='multipart/form-data' style='margin-bottom:0;' action='?menu={$module_name}'>" . $htmlForm . "</form>";
            return $contenidoModulo;
        }
    } else {
        $pictureUpload = $_FILES['picture']['name'];
        $file_upload = "";
        $ruta_destino = "/var/www/address_book_images";
        $idPost = $_POST['id'];
        $data = array();
        $padress_book = new paloAdressBook($pDB);
        $contactData = $padress_book->contactData($idPost, $id_user);
        $lastId = 0;
        if ($update) {
            $idImg = $contactData['id'];
        } else {
            $idImg = date("Ymdhis");
        }
        //valido el tipo de archivo
        if (isset($pictureUpload) && $pictureUpload != "") {
            // \w cualquier caracter, letra o guion bajo
            // \s cualquier espacio en blanco
            if (!preg_match("/^(\\w|-|\\.|\\(|\\)|\\s)+\\.(png|PNG|JPG|jpg|JPEG|jpeg)\$/", $pictureUpload)) {
                $smarty->assign("mb_title", $arrLang["Validation Error"]);
                $smarty->assign("mb_message", $arrLang["Invalid file extension.- It must be png or jpg or jpeg"]);
                if ($update) {
                    return view_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk, TRUE);
                } else {
                    return new_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
                }
            } else {
                if (is_uploaded_file($_FILES['picture']['tmp_name'])) {
                    $file_upload = basename($_FILES['picture']['tmp_name']);
                    // verificando que solo tenga la ruta al archivo
                    $file_name = basename("/tmp/" . $_FILES['picture']['name']);
                    $ruta_archivo = "/tmp/{$file_upload}";
                    $arrIm = explode(".", $pictureUpload);
                    $renameFile = "{$ruta_destino}/{$idImg}." . $arrIm[count($arrIm) - 1];
                    $file_upload = $idImg . "." . $arrIm[count($arrIm) - 1];
                    $filesize = $_FILES['picture']['size'];
                    $filetype = $_FILES['picture']['type'];
                    $sizeImgUp = getimagesize($ruta_archivo);
                    if (!$sizeImgUp) {
                        $smarty->assign("mb_title", $arrLang["ERROR"]);
                        $smarty->assign("mb_message", $arrLang["Possible file upload attack. Filename"] . " : " . $pictureUpload);
                        if ($update) {
                            return view_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk, TRUE);
                        } else {
                            return new_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
                        }
                    }
                    //realizar acciones
                    if (!rename($ruta_archivo, $renameFile)) {
                        $smarty->assign("mb_title", $arrLang["ERROR"]);
                        $smarty->assign("mb_message", $arrLang["Error to Upload"] . " : " . $pictureUpload);
                        if ($update) {
                            return view_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk, TRUE);
                        } else {
                            return new_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
                        }
                    } else {
                        //redimensiono la imagen
                        $ancho_thumbnail = 48;
                        $alto_thumbnail = 48;
                        $thumbnail_path = $ruta_destino . "/{$idImg}" . "_Thumbnail." . $arrIm[count($arrIm) - 1];
                        if (is_file($renameFile)) {
                            if (!redimensionarImagen($renameFile, $thumbnail_path, $ancho_thumbnail, $alto_thumbnail)) {
                                $smarty->assign("mb_title", $arrLang["ERROR"]);
                                $smarty->assign("mb_message", $arrLang["Possible file upload attack. Filename"] . " : " . $pictureUpload);
                                if ($update) {
                                    return view_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk, TRUE);
                                } else {
                                    return new_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
                                }
                            }
                        }
                        $ancho = 280;
                        $alto = 200;
                        if (is_file($renameFile)) {
                            if (!redimensionarImagen($renameFile, $renameFile, $ancho, $alto)) {
                                $smarty->assign("mb_title", $arrLang["ERROR"]);
                                $smarty->assign("mb_message", $arrLang["Possible file upload attack. Filename"] . " : " . $pictureUpload);
                                if ($update) {
                                    return view_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk, TRUE);
                                } else {
                                    return new_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
                                }
                            }
                        }
                    }
                } else {
                    $smarty->assign("mb_title", $arrLang["ERROR"]);
                    $smarty->assign("mb_message", $arrLang["Possible file upload attack. Filename"] . " : " . $pictureUpload);
                    if ($update) {
                        return view_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk, TRUE);
                    } else {
                        return new_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
                    }
                }
            }
        }
        $namedb = isset($_POST['name']) ? $_POST['name'] : "";
        $last_namedb = isset($_POST['last_name']) ? $_POST['last_name'] : "";
        $telefonodb = isset($_POST['telefono']) ? $_POST['telefono'] : "";
        //$extensiondb  = isset($_POST['extension'])?$_POST['extension']:"";
        $emaildb = isset($_POST['email']) ? $_POST['email'] : "";
        $iduserdb = isset($id_user) ? "{$id_user}" : "";
        $picturedb = isset($file_upload) ? "{$file_upload}" : "";
        $addressdb = isset($_POST['address']) ? $_POST['address'] : "";
        $companydb = isset($_POST['company']) ? $_POST['company'] : "";
        $notesdb = isset($_POST['notes']) ? $_POST['notes'] : "";
        $statusdb = isset($_POST['address_book_status']) ? $_POST['address_book_status'] : "";
        $data = array($namedb, $last_namedb, $telefonodb, $emaildb, $iduserdb, $picturedb, $addressdb, $companydb, $notesdb, $statusdb);
        if ($update) {
            // actualizacion del contacto
            if ($contactData) {
                if ($file_upload == "") {
                    $data[5] = $contactData['picture'];
                }
                $result = $padress_book->updateContact($data, $_POST['id']);
                if (!$result) {
                    $smarty->assign("mb_title", $arrLang["Validation Error"]);
                    $smarty->assign("mb_message", $arrLang["Internal Error"]);
                    return report_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
                }
            } else {
                $smarty->assign("mb_title", $arrLang["Validation Error"]);
                $smarty->assign("mb_message", $arrLang["Internal Error"]);
                return report_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
            }
        } else {
            //// creacion de contacto
            $result = $padress_book->addContact($data);
            if (!$result) {
                $smarty->assign("mb_title", $arrLang["Validation Error"]);
                $smarty->assign("mb_message", $arrLang["Internal Error"]);
                return new_adress_book($smarty, $module_name, $local_templates_dir, $pDB, $pDB_2, $arrLang, $arrConf, $dsn_agi_manager, $dsnAsterisk);
            }
            $lastId = $pDB->getLastInsertId();
            $contactData2 = $padress_book->contactData($lastId, $id_user);
            if ($contactData2['picture'] != "" && isset($contactData2['picture'])) {
                $arrIm = explode(".", $contactData2['picture']);
                $renameFile = "{$ruta_destino}/" . $lastId . "." . $arrIm[count($arrIm) - 1];
                $file_upload = $lastId . "." . $arrIm[count($arrIm) - 1];
                rename($ruta_destino . "/" . $contactData2['picture'], $renameFile);
                rename($ruta_destino . "/" . $idImg . "_Thumbnail." . $arrIm[count($arrIm) - 1], $ruta_destino . "/" . $lastId . "_Thumbnail." . $arrIm[count($arrIm) - 1]);
                $data[5] = $file_upload;
                $padress_book->updateContact($data, $lastId);
            }
        }
        if (!$result) {
            return $pDB->errMsg;
        }
        //'?menu=$module_name&action=show&id=".$adress_book['id']."'
        if ($_POST['id']) {
            header("Location: ?menu={$module_name}&action=show&id=" . $_POST['id']);
        } else {
            header("Location: ?menu={$module_name}");
        }
    }
}
コード例 #3
0
ファイル: index.php プロジェクト: lordbasex/elastix-gui
function uploadImage($idUser, $pDB, &$error)
{
    $pACL = new paloACL($pDB);
    $pictureUpload = $_FILES['picture']['name'];
    $Exito = false;
    //valido el tipo de archivo
    // \w cualquier caracter, letra o guion bajo
    // \s cualquier espacio en blanco
    if (!preg_match("/^(\\w|-|\\.|\\(|\\)|\\s)+\\.(png|PNG|JPG|jpg|JPEG|jpeg)\$/", $pictureUpload)) {
        $error = _tr("Invalid file extension.- It must be png or jpg or jpeg");
    } elseif (preg_match("/(\\.php)/", $pictureUpload)) {
        $error = _tr("Possible file upload attack.");
    } else {
        if (is_uploaded_file($_FILES['picture']['tmp_name'])) {
            $ancho = 240;
            $alto = 200;
            redimensionarImagen($_FILES['picture']['tmp_name'], $_FILES['picture']['tmp_name'], $ancho, $alto);
            $picture_type = $_FILES['picture']['type'];
            $picture_content = file_get_contents($_FILES['picture']['tmp_name']);
            $Exito = $pACL->setUserPicture($idUser, $picture_type, $picture_content);
            if ($Exito === false) {
                $error = "Image couldn't be upload";
            }
        } else {
            $error = _tr("Possible file upload attack. Filename") . " : " . $pictureUpload;
        }
    }
    return $Exito;
}