function wfu_edit_filedetails($file_code)
{
global $wpdb;
$table_name2 = $wpdb->prefix . "wfu_userdata";
$user = wp_get_current_user();
$is_admin = current_user_can('manage_options');
//check if user is allowed to view file details
if (!$is_admin) {
return;
}
$file_code = wfu_sanitize_code($file_code);
$dec_file = wfu_get_filepath_from_safe($file_code);
if ($dec_file === false) {
return;
}
$dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
//check if user is allowed to perform this action
if (!wfu_current_user_owes_file($dec_file)) {
return;
}
//get file data from database with user data
$filedata = wfu_get_file_rec($dec_file, true);
if ($filedata == null) {
return;
}
if (isset($_POST['submit'])) {
if ($_POST['submit'] == "Update") {
//check for errors
$is_error = false;
foreach ($filedata->userdata as $userdata) {
if (!isset($_POST['wfu_filedetails_userdata_' . $userdata->propkey])) {
$is_error = true;
break;
}
}
if (!$is_error) {
$now_date = date('Y-m-d H:i:s');
$userdata_count = 0;
foreach ($filedata->userdata as $userdata) {
$userdata_count++;
//make existing userdata record obsolete
$wpdb->update($table_name2, array('date_to' => $now_date), array('uploadid' => $userdata->uploadid, 'propkey' => $userdata->propkey), array('%s'), array('%s', '%s'));
//insert new userdata record
$wpdb->insert($table_name2, array('uploadid' => $userdata->uploadid, 'property' => $userdata->property, 'propkey' => $userdata->propkey, 'propvalue' => $_POST['wfu_filedetails_userdata_' . $userdata->propkey], 'date_from' => $now_date, 'date_to' => 0), array('%s', '%s', '%d', '%s', '%s', '%s'));
}
if ($userdata_count > 0) {
wfu_log_action('modify:' . $now_date, $dec_file, $user->ID, '', 0, 0, '', null);
}
}
}
}
return true;
}
function wfu_log_action($action, $filepath, $userid, $uploadid, $pageid, $blogid, $sid, $userdata)
{
global $wpdb;
$table_name1 = $wpdb->prefix . "wfu_log";
$table_name2 = $wpdb->prefix . "wfu_userdata";
$plugin_options = wfu_decode_plugin_options(get_option("wordpress_file_upload_options"));
if (!file_exists($filepath) && substr($action, 0, 5) != 'other') {
return;
}
$parts = pathinfo($filepath);
$relativepath = wfu_path_abs2rel($filepath);
// if ( substr($relativepath, 0, 1) != '/' ) $relativepath = '/'.$relativepath;
$retid = 0;
if ($action == 'upload') {
// calculate and store file hash if this setting is enabled from Settings
$filehash = '';
if ($plugin_options['hashfiles'] == '1') {
$filehash = md5_file($filepath);
}
// calculate file size
$filesize = filesize($filepath);
// first make obsolete records having the same file path because the old file has been replaced
$wpdb->update($table_name1, array('date_to' => date('Y-m-d H:i:s')), array('filepath' => $relativepath), array('%s'), array('%s'));
// attempt to create new log record
$now_date = date('Y-m-d H:i:s');
if ($wpdb->insert($table_name1, array('userid' => $userid, 'uploaduserid' => $userid, 'uploadtime' => time(), 'sessionid' => session_id(), 'filepath' => $relativepath, 'filehash' => $filehash, 'filesize' => $filesize, 'uploadid' => $uploadid, 'pageid' => $pageid, 'blogid' => $blogid, 'sid' => $sid, 'date_from' => $now_date, 'date_to' => 0, 'action' => 'upload'), array('%d', '%d', '%d', '%s', '%s', '%s', '%d', '%s', '%d', '%d', '%s', '%s', '%s', '%s')) !== false) {
$retid = $wpdb->insert_id;
// if new log record has been created, also create user data records
if ($userdata != null && $uploadid != '') {
foreach ($userdata as $userdata_key => $userdata_field) {
$existing = $wpdb->get_row('SELECT * FROM ' . $table_name2 . ' WHERE uploadid = \'' . $uploadid . '\' AND property = \'' . $userdata_key . '\'');
if ($existing == null) {
$wpdb->insert($table_name2, array('uploadid' => $uploadid, 'property' => $userdata_field['label'], 'propkey' => $userdata_key, 'propvalue' => $userdata_field['value'], 'date_from' => $now_date, 'date_to' => 0), array('%s', '%s', '%d', '%s', '%s', '%s'));
}
}
}
}
} elseif (substr($action, 0, 6) == 'rename') {
//get new filepath
$newfilepath = substr($action, 7);
$relativepath = wfu_path_abs2rel($newfilepath);
// if ( substr($relativepath, 0, 1) != '/' ) $relativepath = '/'.$relativepath;
//get stored file data from database without user data
$filerec = wfu_get_file_rec($filepath, false);
//log action only if there are previous stored file data
if ($filerec != null) {
$now_date = date('Y-m-d H:i:s');
//make previous record obsolete
$wpdb->update($table_name1, array('date_to' => $now_date), array('idlog' => $filerec->idlog), array('%s'), array('%d'));
//insert new rename record
if ($wpdb->insert($table_name1, array('userid' => $userid, 'uploaduserid' => $filerec->uploaduserid, 'uploadtime' => $filerec->uploadtime, 'sessionid' => $filerec->sessionid, 'filepath' => $relativepath, 'filehash' => $filerec->filehash, 'filesize' => $filerec->filesize, 'uploadid' => $filerec->uploadid, 'pageid' => $filerec->pageid, 'blogid' => $filerec->blogid, 'sid' => $filerec->sid, 'date_from' => $now_date, 'date_to' => 0, 'action' => 'rename', 'linkedto' => $filerec->idlog), array('%d', '%d', '%d', '%s', '%s', '%s', '%d', '%s', '%d', '%d', '%s', '%s', '%s', '%s', '%d')) !== false) {
$retid = $wpdb->insert_id;
}
}
} elseif ($action == 'delete') {
//get stored file data from database without user data
$filerec = wfu_get_file_rec($filepath, false);
//log action only if there are previous stored file data
if ($filerec != null) {
$now_date = date('Y-m-d H:i:s');
//make previous record obsolete
$wpdb->update($table_name1, array('date_to' => $now_date), array('idlog' => $filerec->idlog), array('%s'), array('%d'));
//insert new delete record
if ($wpdb->insert($table_name1, array('userid' => $userid, 'uploaduserid' => $filerec->uploaduserid, 'uploadtime' => $filerec->uploadtime, 'sessionid' => $filerec->sessionid, 'filepath' => $filerec->filepath, 'filehash' => $filerec->filehash, 'filesize' => $filerec->filesize, 'uploadid' => $filerec->uploadid, 'pageid' => $filerec->pageid, 'blogid' => $filerec->blogid, 'sid' => $filerec->sid, 'date_from' => $now_date, 'date_to' => $now_date, 'action' => 'delete', 'linkedto' => $filerec->idlog), array('%d', '%d', '%d', '%s', '%s', '%s', '%d', '%s', '%d', '%d', '%s', '%s', '%s', '%s', '%d')) != false) {
$retid = $wpdb->insert_id;
}
}
} elseif ($action == 'download') {
//get stored file data from database without user data
$filerec = wfu_get_file_rec($filepath, false);
//log action only if there are previous stored file data
if ($filerec != null) {
$now_date = date('Y-m-d H:i:s');
//make previous record obsolete
$wpdb->update($table_name1, array('date_to' => $now_date), array('idlog' => $filerec->idlog), array('%s'), array('%d'));
//insert new download record
if ($wpdb->insert($table_name1, array('userid' => $userid, 'uploaduserid' => $filerec->uploaduserid, 'uploadtime' => $filerec->uploadtime, 'sessionid' => $filerec->sessionid, 'filepath' => $filerec->filepath, 'filehash' => $filerec->filehash, 'filesize' => $filerec->filesize, 'uploadid' => $filerec->uploadid, 'pageid' => $filerec->pageid, 'blogid' => $filerec->blogid, 'sid' => $filerec->sid, 'date_from' => $now_date, 'date_to' => 0, 'action' => 'download', 'linkedto' => $filerec->idlog), array('%d', '%d', '%d', '%s', '%s', '%s', '%d', '%s', '%d', '%d', '%s', '%s', '%s', '%s', '%d')) != false) {
$retid = $wpdb->insert_id;
}
}
} elseif (substr($action, 0, 6) == 'modify') {
$now_date = substr($action, 7);
//get stored file data from database without user data
$filerec = wfu_get_file_rec($filepath, false);
//log action only if there are previous stored file data
if ($filerec != null) {
//make previous record obsolete
$wpdb->update($table_name1, array('date_to' => $now_date), array('idlog' => $filerec->idlog), array('%s'), array('%d'));
//insert new modify record
if ($wpdb->insert($table_name1, array('userid' => $userid, 'uploaduserid' => $filerec->uploaduserid, 'uploadtime' => $filerec->uploadtime, 'sessionid' => $filerec->sessionid, 'filepath' => $filerec->filepath, 'filehash' => $filerec->filehash, 'filesize' => $filerec->filesize, 'uploadid' => $filerec->uploadid, 'pageid' => $filerec->pageid, 'blogid' => $filerec->blogid, 'sid' => $filerec->sid, 'date_from' => $now_date, 'date_to' => 0, 'action' => 'modify', 'linkedto' => $filerec->idlog), array('%d', '%d', '%d', '%s', '%s', '%s', '%d', '%s', '%d', '%d', '%s', '%s', '%s', '%s', '%d')) != false) {
$retid = $wpdb->insert_id;
}
}
} elseif (substr($action, 0, 5) == 'other') {
$info = substr($action, 6);
$now_date = date('Y-m-d H:i:s');
//insert new other type record
if ($wpdb->insert($table_name1, array('userid' => $userid, 'uploaduserid' => -1, 'uploadtime' => 0, 'sessionid' => '', 'filepath' => $info, 'filehash' => '', 'filesize' => 0, 'uploadid' => '', 'pageid' => 0, 'blogid' => 0, 'sid' => '', 'date_from' => $now_date, 'date_to' => $now_date, 'action' => 'other', 'linkedto' => -1), array('%d', '%d', '%d', '%s', '%s', '%s', '%d', '%s', '%d', '%d', '%s', '%s', '%s', '%s', '%d')) != false) {
$retid = $wpdb->insert_id;
}
}
return $retid;
}
function wfu_ajax_action_download_file_invoker()
{
$file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : '');
$nonce = isset($_POST['nonce']) ? $_POST['nonce'] : (isset($_GET['nonce']) ? $_GET['nonce'] : '');
if ($file_code == '' || $nonce == '') {
die;
}
//security check to avoid CSRF attacks
if (!wp_verify_nonce($nonce, 'wfu_download_file_invoker')) {
die;
}
//check if user is allowed to download files
if (!current_user_can('manage_options')) {
die;
}
$file_code = wfu_sanitize_code($file_code);
//if file_code is exportdata, then export of data has been requested and
//we need to create a file with export data and recreate file_code
if ($file_code == "exportdata" && current_user_can('manage_options')) {
$filepath = wfu_export_uploaded_files(null);
if ($filepath === false) {
die;
}
$file_code = "exportdata" . wfu_safe_store_filepath($filepath);
} else {
$filepath = wfu_get_filepath_from_safe($file_code);
if ($filepath === false) {
die;
}
$filepath = wfu_path_rel2abs(wfu_flatten_path($filepath));
//for front-end browser apply wfu_browser_check_file_action filter to allow or restrict the download
if (isset($_POST['browser'])) {
$changable_data["error_message"] = "";
$filerec = wfu_get_file_rec($filepath, true);
$userdata = array();
foreach ($filerec->userdata as $data) {
array_push($userdata, array("label" => $data->property, "value" => propvalue));
}
$additional_data = array("file_action" => "download", "filepath" => $filepath, "uploaduser" => $filerec->uploaduserid, "userdata" => $userdata);
$changable_data = apply_filters("wfu_browser_check_file_action", $changable_data, $additional_data);
if ($changable_data["error_message"] != "") {
die('wfu_ajax_action_download_file_invoker:not_allowed:' . $changable_data["error_message"]);
}
}
//for back-end browser check if user is allowed to perform this action on this file
if (!wfu_current_user_owes_file($filepath)) {
die;
}
}
//generate download unique id to monitor this download
$download_id = wfu_create_random_string(16);
//store download status of this download
$_SESSION['wfu_download_status_' . $download_id] = 'starting';
//generate download ticket which expires in 30sec and store it in session
//it will be used as security measure for the downloader script, which runs outside Wordpress environment
$_SESSION['wfu_download_ticket_' . $download_id] = time() + 30;
//generate download monitor ticket which expires in 30sec and store it in session
//it will be used as security measure for the monitor script that will check download status
$_SESSION['wfu_download_monitor_ticket_' . $download_id] = time() + 30;
//this routine returns a dynamically created iframe element, that will call the actual download script;
//the actual download script runs outside Wordpress environment in order to ensure that no php warnings
//or echo from other plugins is generated, that could scramble the downloaded file;
//a ticket, similar to nonces, is passed to the download script to check that it is not a CSRF attack; moreover,the ticket is destroyed
//by the time it is consumed by the download script, so it cannot be used again
$response = '<iframe src="' . WFU_DOWNLOADER_URL . '?file=' . $file_code . '&ticket=' . $download_id . '" style="display: none;"></iframe>';
die('wfu_ajax_action_download_file_invoker:wfu_download_id;' . $download_id . ':' . $response);
}
