/**
* Validates an uploaded image. Creates UNIX commands to be used
* by the process_images function, which has to be called after
* the validation.
* @author jep
* @author soeren
* @static
* @param array $d
* @param string $field_name The name of the field in the table $table, the image is assigned to [e.g. product_thumb_image]
* @param string $table_name The name of a table in the database [e.g. #__{vm}_product]
* @return boolean When the upload validation was sucessfull, true is returned, otherwise false
*/
function validate_image(&$d, $field_name, $table_name)
{
global $vmLogger;
// The commands to be executed by the process_images
// function are returned as strings in an array here.
if (empty($d['image_commands']) || !empty($_REQUEST['image_commands'])) {
unset($_REQUEST['image_commands']);
$d['image_commands'] = array();
}
// Generate the path to images
$path = IMAGEPATH;
$path .= $table_name . "/";
// Check permissions to write to destination directory
// Workaround for Window$
if (strstr($path, ":")) {
$path_begin = substr($path, strpos($path, ":") + 1, strlen($path));
$path = str_replace("//", "/", $path_begin);
}
if (!is_dir($path)) {
mkdir($path, 0777);
$vmLogger->debug('Had to create the directory ' . $path);
}
if (!is_writable($path) && !empty($_FILES[$field_name]["tmp_name"])) {
$vmLogger->err('Cannot write to ' . $table_name . ' image directory: ' . $path);
return false;
}
if (PSHOP_IMG_WIDTH == 0 or PSHOP_IMG_HEIGHT == 0) {
$vmLogger->err('Thumb default height or width is set to 0! Cannot resize the image');
return false;
}
// Check for upload errors
require_once CLASSPATH . 'ps_product_files.php';
ps_product_files::checkUploadedFile($field_name);
// proof of concept fix by jmarsik 20090422 - safely move the uploaded file from upload_tmp_dir to temporary location (hopefully) included in open_basedir, following code will be much happier :)
// if the file is not moved, following code will try to manipulate it using functions that check open_basedir (for example copy, file_exists, unlink, getimagesize)
if (!empty($_FILES[$field_name]["tmp_name"]) && is_uploaded_file($_FILES[$field_name]["tmp_name"])) {
$tmpfile_moved_from_uploaded_file = $path . "tmpForThumb_" . basename($_FILES[$field_name]["tmp_name"]);
$vmLogger->debug("Moving file from " . $_FILES[$field_name]["tmp_name"] . " to " . $tmpfile_moved_from_uploaded_file . " (helps when upload_tmp_dir is not in open_basedir)");
move_uploaded_file($_FILES[$field_name]["tmp_name"], $tmpfile_moved_from_uploaded_file);
$_FILES[$field_name]["tmp_name"] = $tmpfile_moved_from_uploaded_file;
}
$tmp_field_name = str_replace("thumb", "full", $field_name);
// Class for resizing Thumbnails
require_once CLASSPATH . "class.img2thumb.php";
if (@$d[$tmp_field_name . '_action'] == 'auto_resize') {
// proof of concept fix by jmarsik 20090422 - safely move the uploaded file from upload_tmp_dir to temporary location (hopefully) included in open_basedir, following code will be much happier :)
// if the file is not moved, following code will try to manipulate it using functions that check open_basedir (for example copy, file_exists, unlink, getimagesize)
if (!empty($_FILES[$tmp_field_name]["tmp_name"]) && is_uploaded_file($_FILES[$tmp_field_name]["tmp_name"])) {
$tmpfile_moved_from_uploaded_file = $path . "tmpForThumb_" . basename($_FILES[$tmp_field_name]["tmp_name"]);
$vmLogger->debug("Moving file from " . $_FILES[$tmp_field_name]["tmp_name"] . " to " . $tmpfile_moved_from_uploaded_file . " (helps when upload_tmp_dir is not in open_basedir)");
move_uploaded_file($_FILES[$tmp_field_name]["tmp_name"], $tmpfile_moved_from_uploaded_file);
$_FILES[$tmp_field_name]["tmp_name"] = $tmpfile_moved_from_uploaded_file;
}
// Resize the Full Image
if (!empty($_FILES[$tmp_field_name]["tmp_name"])) {
$full_file = $_FILES[$tmp_field_name]["tmp_name"];
$image_info = getimagesize($full_file);
} elseif (!empty($d[$tmp_field_name . "_url"])) {
$tmp_file_from_url = $full_file = ps_product_files::getRemoteFile($d[$tmp_field_name . "_url"]);
if ($full_file) {
$vmLogger->debug('Successfully fetched the image file from ' . $d[$tmp_field_name . "_url"] . ' for later resizing');
$image_info = getimagesize($full_file);
}
}
if (!empty($image_info)) {
if ($image_info[2] == 1) {
if (function_exists("imagegif")) {
$ext = ".gif";
$noimgif = "";
} else {
$ext = ".jpg";
$noimgif = ".gif";
}
} elseif ($image_info[2] == 2) {
$ext = ".jpg";
$noimgif = "";
} elseif ($image_info[2] == 3) {
$ext = ".png";
$noimgif = "";
}
$vmLogger->debug('The resized Thumbnail will have extension ' . $noimgif . $ext);
/* Generate Image Destination File Name */
if (!empty($d[$table_name . '_name'])) {
$filename = substr($d[$table_name . '_name'], 0, 16);
$filename = vmSafeFileName($filename);
} else {
$filename = md5('virtuemart');
}
$to_file_thumb = uniqid($filename . '_');
$fileout = IMAGEPATH . "{$table_name}/resized/{$to_file_thumb}" . '_' . PSHOP_IMG_WIDTH . 'x' . PSHOP_IMG_HEIGHT . $noimgif . $ext;
if (!file_exists(dirname($fileout))) {
mkdir(dirname($fileout));
$vmLogger->debug('Created Directory ' . dirname($fileout));
}
$neu = new Img2Thumb($full_file, PSHOP_IMG_WIDTH, PSHOP_IMG_HEIGHT, $fileout, 0, 255, 255, 255);
$thumbname = 'resized/' . basename($fileout);
$vmLogger->debug('Finished creating the thumbnail ' . $thumbname);
if (isset($tmp_file_from_url)) {
unlink(realpath($tmp_file_from_url));
}
$tmp_field_name = str_replace("full", "thumb", $tmp_field_name);
$tmp_field_name = str_replace("_url", "", $tmp_field_name);
$_FILES[$tmp_field_name]['tmp_name'] = $fileout;
$_FILES[$tmp_field_name]['name'] = $thumbname;
$d[$tmp_field_name] = $thumbname;
$curr_file = isset($_REQUEST[$tmp_field_name . "_curr"]) ? $_REQUEST[$tmp_field_name . "_curr"] : "";
if (!empty($curr_file)) {
$delete = str_replace("\\", "/", realpath($path . "/" . $curr_file));
$d["image_commands"][] = array('command' => 'unlink', 'param1' => $delete);
$vmLogger->debug('Preparing: delete old thumbnail image: ' . $delete);
/* Remove the resized image if exists */
if (PSHOP_IMG_RESIZE_ENABLE == "1") {
$pathinfo = pathinfo($delete);
isset($pathinfo["dirname"]) or $pathinfo["dirname"] = "";
isset($pathinfo["extension"]) or $pathinfo["extension"] = "";
$filehash = basename($delete, "." . $pathinfo["extension"]);
$resizedfilename = $pathinfo["dirname"] . "/resized/" . $filehash . "_" . PSHOP_IMG_WIDTH . "x" . PSHOP_IMG_HEIGHT . "." . $pathinfo["extension"];
$d["image_commands"][] = array('command' => 'unlink', 'param1' => $resizedfilename);
$vmLogger->debug('Preparing: delete resized thumbnail ' . $resizedfilename);
}
}
}
}
$temp_file = isset($_FILES[$field_name]['tmp_name']) ? $_FILES[$field_name]['tmp_name'] : "";
$file_type = isset($_FILES[$field_name]['type']) ? $_FILES[$field_name]['type'] : "";
$orig_file = isset($_FILES[$field_name]["name"]) ? $_FILES[$field_name]['name'] : "";
$curr_file = isset($_REQUEST[$field_name . "_curr"]) ? $_REQUEST[$field_name . "_curr"] : "";
/* Generate text to display in error messages */
if (stristr("thumb", $field_name)) {
$image_type = "thumbnail image";
} elseif (stristr("full", $field_name)) {
$image_type = "full image";
} else {
$image_type = str_replace("_", " ", $field_name);
}
/* If User types "none" in Image Upload Field */
if (@$d[$field_name . "_action"] == "delete") {
/* If there is a current image file */
if (!empty($curr_file)) {
$delete = str_replace("\\", "/", realpath($path . "/" . $curr_file));
$d["image_commands"][] = array('command' => 'unlink', 'param1' => $delete);
$vmLogger->debug('Preparing: delete old ' . $image_type . ' ' . $delete);
/* Remove the resized image if exists */
if (PSHOP_IMG_RESIZE_ENABLE == "1" && $image_type == "thumbnail image") {
$pathinfo = pathinfo($delete);
isset($pathinfo["dirname"]) or $pathinfo["dirname"] = "";
isset($pathinfo["extension"]) or $pathinfo["extension"] = "";
$filehash = basename($delete, "." . $pathinfo["extension"]);
$resizedfilename = $pathinfo["dirname"] . "/resized/" . $filehash . "_" . PSHOP_IMG_WIDTH . "x" . PSHOP_IMG_HEIGHT . "." . $pathinfo["extension"];
$d["image_commands"][] = array('command' => 'unlink', 'param1' => $resizedfilename);
$vmLogger->debug('Preparing: delete resized thumbnail ' . $resizedfilename);
}
}
$d[$field_name] = "";
return true;
} elseif ($orig_file and $temp_file == "none") {
$vmLogger->err($image_type . ' upload failed.');
return false;
} else {
// If nothing was entered in the Upload box, there is no image to process
if (!$orig_file) {
$d[$field_name] = $curr_file;
return true;
}
}
if (empty($temp_file)) {
$vmLogger->err('The File Upload was not successful: there\'s no uploaded temporary file!');
return false;
}
/* Generate Image Destination File Name */
if (!empty($d[$table_name . '_name'])) {
$filename = substr($d[$table_name . '_name'], 0, 16);
$filename = vmSafeFileName($filename);
} else {
$filename = md5('virtuemart');
}
$to_file = uniqid($filename . '_');
/* Check image file format */
if ($orig_file != "none") {
$to_file .= $ext = '.' . Img2Thumb::GetImgType($temp_file);
if (!$to_file) {
$vmLogger->err($image_type . ' file is invalid: ' . $file_type . '.');
return false;
}
}
/*
** If it gets to this point then there is an uploaded file in the system
** and it is a valid image file.
*/
/* If Updating */
if (!empty($curr_file)) {
/* Command to remove old image file */
$delete = str_replace("\\", "/", realpath($path) . "/" . $curr_file);
$d["image_commands"][] = array('command' => 'unlink', 'param1' => $delete);
/* Remove the resized image if exists */
if (PSHOP_IMG_RESIZE_ENABLE == "1" && $image_type == "thumbnail image") {
$pathinfo = pathinfo($delete);
$filehash = basename($delete, "." . $pathinfo["extension"]);
$resizedfilename = $pathinfo["dirname"] . "/resized/" . $filehash . "_" . PSHOP_IMG_WIDTH . "x" . PSHOP_IMG_HEIGHT . "." . $pathinfo["extension"];
$d["image_commands"][] = array('command' => 'unlink', 'param1' => $resizedfilename);
$vmLogger->debug('Preparing: delete resized thumbnail ' . $resizedfilename);
}
}
/* Command to move uploaded file into destination directory */
// Command to move uploaded file into destination directory
$d["image_commands"][] = array('command' => 'move_uploaded_file', 'param1' => $temp_file, 'param2' => $path . $to_file);
$d["image_commands"][] = array('command' => 'unlink', 'param1' => $temp_file);
if (empty($d[$field_name])) {
/* Return new image file name */
$d[$field_name] = $to_file;
}
return true;
}
/**
* Handles a download Request
*
* @param array $d
* @return boolean
*/
function download_request(&$d)
{
global $download_id, $VM_LANG, $vmLogger;
$db = new ps_DB();
$download_id = $db->getEscaped(vmGet($d, "download_id"));
$q = "SELECT * FROM #__{vm}_product_download WHERE";
$q .= " download_id = '{$download_id}'";
$db->query($q);
$db->next_record();
$download_id = $db->f("download_id");
$file_name = $db->f("file_name");
if (strncmp($file_name, 'http', 4) !== 0) {
$datei = DOWNLOADROOT . $file_name;
} else {
$datei = $file_name;
}
$download_max = $db->f("download_max");
$end_date = $db->f("end_date");
$zeit = time();
if (!$download_id) {
$vmLogger->err($VM_LANG->_('PHPSHOP_DOWNLOADS_ERR_INV', false));
return false;
//vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]);
} elseif ($download_max == "0") {
$q = "DELETE FROM #__{vm}_product_download";
$q .= " WHERE download_id = '" . $download_id . "'";
$db->query($q);
$db->next_record();
$vmLogger->err($VM_LANG->_('PHPSHOP_DOWNLOADS_ERR_MAX', false));
return false;
//vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]);
} elseif ($end_date != "0" && $zeit > $end_date) {
$q = "DELETE FROM #__{vm}_product_download";
$q .= " WHERE download_id = '" . $download_id . "'";
$db->query($q);
$db->next_record();
$vmLogger->err($VM_LANG->_('PHPSHOP_DOWNLOADS_ERR_EXP', false));
return false;
//vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]);
}
require_once CLASSPATH . 'connectionTools.class.php';
$download_count = true;
if (@file_exists($datei)) {
// Check if this is a request for a special range of the file (=Resume Download)
$range_request = vmConnector::http_rangeRequest(filesize($datei), false);
if ($range_request[0] == 0) {
// this is not a request to resume a download,
$download_count = true;
} else {
$download_count = false;
}
} else {
$download_count = false;
}
// Parameter to check if the file should be removed after download, which is only true,
// if we have a remote file, which was transferred to this server into a temporary file
$unlink = false;
if (strncmp($datei, 'http', 4) === 0) {
require_once CLASSPATH . 'ps_product_files.php';
$datei_local = ps_product_files::getRemoteFile($datei);
if ($datei_local !== false) {
$datei = $datei_local;
$unlink = true;
} else {
$vmLogger->err($VM_LANG->_('VM_DOWNLOAD_FILE_NOTFOUND', false));
return false;
}
} else {
// Check, if file path is correct
// and file is
if (!@file_exists($datei)) {
$vmLogger->err($VM_LANG->_('VM_DOWNLOAD_FILE_NOTFOUND', false));
return false;
//vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]);
}
if (!@is_readable($datei)) {
$vmLogger->err($VM_LANG->_('VM_DOWNLOAD_FILE_NOTREADABLE', false));
return false;
//vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]);
}
}
if ($download_count) {
// decrement the download_max to limit the number of downloads
$q = "UPDATE `#__{vm}_product_download` SET";
$q .= " `download_max`=`download_max` - 1";
$q .= " WHERE download_id = '" . $download_id . "'";
$db->query($q);
$db->next_record();
}
if ($end_date == "0") {
// Set the Download Expiry Date, so the download can expire after DOWNLOAD_EXPIRE seconds
$end_date = time('u') + DOWNLOAD_EXPIRE;
$q = "UPDATE #__{vm}_product_download SET";
$q .= " end_date={$end_date}";
$q .= " WHERE download_id = '" . $download_id . "'";
$db->query($q);
$db->next_record();
}
if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $_SERVER['HTTP_USER_AGENT'])) {
$UserBrowser = "Opera";
} elseif (ereg('MSIE ([0-9].[0-9]{1,2})', $_SERVER['HTTP_USER_AGENT'])) {
$UserBrowser = "IE";
} else {
$UserBrowser = '';
}
$mime_type = $UserBrowser == 'IE' || $UserBrowser == 'Opera' ? 'application/octetstream' : 'application/octet-stream';
// dump anything in the buffer
while (@ob_end_clean()) {
}
vmConnector::sendFile($datei, $mime_type, basename($file_name));
if ($unlink) {
// remove the temporarily downloaded remote file
@unlink($datei);
}
$GLOBALS['vm_mainframe']->close(true);
}
