/**
* This function should be called when an attachment is uploaded. It will
* save the attachment to the appropriate place on the disk, and create a
* database entry for the file.
*
* @param array $p_fileVar
* <pre>
* The variable from the $_FILES array. The array specifies the following:
* $a["name"] = original name of the file.
* $a["type"] = the MIME type of the file
* $a["tmp_name"] = the temporary storage location on disk of the file
* $a["size"] = size of the file, in bytes (not required)
* $a["error"] = 0 (zero) if there was no error
* </pre>
*
* @param array $p_attributes
* Optional attributes which are stored in the database.
* Indexes can be the following: 'content_disposition', 'fk_language_id', 'http_charset', 'fk_user_id'
*
* @param int $p_id
* If the attachment already exists and we just want to update it, specify the
* current ID here.
*
* @param bool $p_uploaded
* If the attachment was uploaded with other mechanism (ex: plUploader)
* this is set so that the single upload file from article functionality is still secured.
*
* @return mixed
* The Attachment object that was created or updated.
* Return a PEAR_Error on failure.
*/
public static function OnFileUpload($p_fileVar, $p_attributes, $p_id = null, $p_uploaded = false)
{
if (!is_array($p_fileVar)) {
return null;
}
// Verify its a valid file.
$filesize = filesize($p_fileVar['tmp_name']);
if ($filesize === false) {
return new PEAR_Error("Attachment::OnFileUpload(): invalid parameters received.");
}
// Are we updating or creating?
if (!is_null($p_id)) {
// Updating the attachment
$attachment = new Attachment($p_id);
$attachment->update($p_attributes);
// Remove the old file because
// the new file may have a different file extension.
if (file_exists($attachment->getStorageLocation())) {
unlink($attachment->getStorageLocation());
}
} else {
// Creating the attachment
$attachment = new Attachment();
$attachment->create($p_attributes);
$attachment->setProperty('time_created', 'NULL', true, true);
}
$attachment->setProperty('file_name', $p_fileVar['name'], false);
$attachment->setProperty('mime_type', $p_fileVar['type'], false);
$attachment->setProperty('size_in_bytes', $p_fileVar['size'], false);
$extension = "";
$fileParts = explode('.', $p_fileVar['name']);
if (count($fileParts) > 1) {
$extension = array_pop($fileParts);
$attachment->setProperty('extension', $extension, false);
}
$target = $attachment->getStorageLocation();
$attachment->makeDirectories();
ob_start();
var_dump(is_uploaded_file($p_fileVar['tmp_name']));
$dump = ob_get_clean();
/**
* for security reason
* for file uploaded normal not with other mechanism (ex: plUploader)
* we still need the move_uploaded_file functionality
*/
if (!$p_uploaded && !move_uploaded_file($p_fileVar['tmp_name'], $target)) {
$attachment->delete();
return new PEAR_Error(camp_get_error_message(CAMP_ERROR_CREATE_FILE, $target), CAMP_ERROR_CREATE_FILE);
}
// if the file was uploaded with other mechanism (ex: plUploader) use rename(move) functionality
if ($p_uploaded && !rename($p_fileVar['tmp_name'], $target)) {
$attachment->delete();
return new PEAR_Error(camp_get_error_message(CAMP_ERROR_CREATE_FILE, $target), CAMP_ERROR_CREATE_FILE);
}
chmod($target, 0644);
$attachment->commit();
return $attachment;
}
public function uploadAction()
{
global $Campsite;
$auth = Zend_Auth::getInstance();
$userId = $auth->getIdentity();
$_FILES['file']['name'] = preg_replace('/[^\\w\\._]+/', '', $_FILES['file']['name']);
$mimeType = $_FILES['file']['type'];
$type = explode('/', $mimeType);
if ($type[0] == 'image') {
$file = Plupload::OnMultiFileUploadCustom($Campsite['IMAGE_DIRECTORY']);
$image = Image::ProcessFile($_FILES['file']['name'], $_FILES['file']['name'], $userId, array('Source' => 'feedback', 'Status' => 'Unapproved', 'Date' => date('Y-m-d')));
$this->view->response = $image->getImageId();
} else {
if ($type[1] == 'pdf') {
$attachment = new Attachment();
$attachment->makeDirectories();
$file = Plupload::OnMultiFileUploadCustom($attachment->getStorageLocation());
$document = Attachment::ProcessFile($_FILES['file']['name'], $_FILES['file']['name'], $userId, array('Source' => 'feedback', 'Status' => 'Unapproved'));
$this->view->response = $document->getAttachmentId();
}
}
}
<?php
/**
* @package Newscoop
*
* @author Mihai Nistor <*****@*****.**>
* @copyright 2010 Sourcefabric o.p.s.
* @license http://www.gnu.org/licenses/gpl.txt
* @link http://www.sourcefabric.org
*/
require_once($GLOBALS['g_campsiteDir']. "/classes/Plupload.php");
require_once($GLOBALS['g_campsiteDir'].'/classes/Attachment.php');
if (!$g_user->hasPermission('AddFile')) {
camp_html_display_error(getGS("You do not have the right to add files."));
exit;
}
$attachmentObj = new Attachment();
$attachmentObj->makeDirectories();
// Plupload
$files = Plupload::OnMultiFileUpload($attachmentObj->getStorageLocation());
?>
