/**
* initialize.
*
* @internal
*/
public function __construct()
{
if (!Session::isLoggedIn()) {
exit;
}
$this->query = Request::getStrParam('q', Request::getStrParam('term'));
$this->querySimiliar = strlen($this->query) > 1 ? $this->query . '%' : '';
parent::__construct();
}
/**
* Make a thumb image.
*
* @internal
*/
public function thumb()
{
$this->width = Request::getIntParam('width', 100);
$this->height = Request::getIntParam('height', 100);
$this->cropimage = Request::getBoolParam('cropimage', false);
$this->processing = true;
$this->stats_disable = true;
$this->path_sendfile = sprintf(Application::$CACHE_ROOT . 'thumb/%s/%s_%sx%s.thumb', $this->sid[0], $this->sid, $this->width, $this->height);
$this->download();
}
/**
* Initialize the form property.
*
* @api
*/
protected function initializeForm($namespace = null)
{
if ($namespace !== null) {
$classname = $namespace . '\\';
} else {
$classname = Application::$NAMESPACE . 'form\\';
}
$classname .= Router::getModule() . 'Form';
$show = Request::getStrParam('show');
$this->form = new $classname();
if (method_exists($classname, $show)) {
$this->form->{$show}();
$this->form->setActive(true);
}
}
/**
* Download a file.
*
* @internal
*/
public function download()
{
// get and check sid
if (empty($this->sid) || strlen($this->sid) > 32) {
self::sendNotFound();
}
$db = DBConnection::getInstance();
$db->beginTransaction();
// get file details
$stmt = $db->prepare("\n SELECT\n id,\n content_oid,\n mimetype,\n size,\n name,\n to_char(modify,'Dy, DD Mon YYYY HH24:MI:SS TZ') AS modify\n FROM tbl_file\n WHERE\n sid=:sid\n AND visible IS TRUE\n AND disabled IS FALSE\n ");
$stmt->bindParam('sid', $this->sid, \PDO::PARAM_INT);
$stmt->execute();
if ($stmt->rowCount() == 0) {
self::sendNotFound();
}
$file = $stmt->fetch(\PDO::FETCH_ASSOC);
// set path to unprocessed cache file
$path_cachefile = sprintf(Application::$CACHE_ROOT . 'files/%s/%s.file', $this->sid[0], $this->sid);
// load file from database if cache file doesn't exist
$handle = false;
if (file_exists($path_cachefile) === false) {
// open db handle if no cached file available
$handle = $db->pgsqlLOBOpen($file['content_oid'], 'r');
if (feof($handle)) {
self::sendNotFound();
}
// try to create cache
if (!FileUtil::makedir(dirname($path_cachefile))) {
error_log('cache' . $path_cachefile . ' not writeable');
} else {
// create cache file
$fcache = fopen($path_cachefile, 'w');
stream_copy_to_stream($handle, $fcache);
fclose($fcache);
// close db handle
fclose($handle);
$handle = false;
}
}
// check wether path_sendfile is set explicitly
if (!empty($this->path_sendfile)) {
// update stat data if exists
if (is_readable($this->path_sendfile)) {
$stat = stat($this->path_sendfile);
$file['modify'] = $stat['mtime'];
$file['size'] = $stat['size'];
} elseif (isset($this->processing) && method_exists($this, 'processCachefile')) {
// check for processing
$file['cachefile'] = $path_cachefile;
$this->processCachefile($file);
} else {
self::sendNotFound();
}
} else {
$this->path_sendfile = $path_cachefile;
}
if (!is_readable($this->path_sendfile) && !is_resource($handle)) {
self::sendNotFound();
}
// check wether stats_disable is set
if ($this->stats_disable === false) {
// insert statistics
$stmt = $db->prepare("\n INSERT INTO tbl_statistic_file (user_id, ip, file_id)\n VALUES (:user_id, :ip, :file_id)\n ");
if (is_null(Session::getUserId())) {
$stmt->bindValue('user_id', null, \PDO::PARAM_NULL);
} else {
$stmt->bindValue('user_id', Session::getUserId(), \PDO::PARAM_INT);
}
$stmt->bindValue('ip', Request::getIp(), \PDO::PARAM_STR);
$stmt->bindValue('file_id', $file['id'], \PDO::PARAM_INT);
$stmt->execute();
}
$db->commit();
// there is nothing to write, tell the session it is no longer needed (and thus no longer blocking output
// flushing)
session_write_close();
// check if http_range is sent by browser
if (isset($_SERVER['HTTP_RANGE'])) {
$unit = explode('=', $_SERVER['HTTP_RANGE'])[0];
if ($unit == 'bytes') {
$range_list = explode('=', $_SERVER['HTTP_RANGE'], 2)[1];
// multiple ranges could be specified at the same time, but for simplicity only serve the first range
// http://tools.ietf.org/id/draft-ietf-http-range-retrieval-00.txt
$ranges = explode(',', $range_list);
foreach ($ranges as $range) {
$seek_start = explode('-', $range)[0];
$seek_end = explode('-', $range)[1];
// set valid and in range for seek end
if (empty($seek_end)) {
$seek_end = $file['size'] - 1;
} else {
$seek_end = min(abs($seek_end), $file['size'] - 1);
}
// set valid and in range for seek start
if (empty($seek_start) || $seek_end < abs($seek_start)) {
$seek_start = 0;
} else {
$seek_start = max(abs($seek_start), 0);
}
if (!is_resource($handle)) {
$handle = fopen($path_cachefile, 'rb');
}
// seek to start of missing part
if (($seek_start > 0 || $seek_end < $file['size'] - 1) && fseek($handle, $seek_start) !== -1) {
$length = $seek_end - $seek_start + 1;
header('HTTP/1.1 206 Partial Content');
header('Accept-Ranges: bytes');
header('Content-Range: bytes ' . $seek_start . '-' . $seek_end . '/' . $file['size']);
header('Content-Type: ' . $file['mimetype']);
header('Content-Disposition: attachment; filename="' . $file['name'] . '"');
header('Content-Length: ' . $length);
// start buffered download of 8 KB chunks while the connection is alive
$transfered = 0;
while (!feof($handle) && connection_status() == CONNECTION_NORMAL && $transfered < $length) {
// reset time limit for big files
set_time_limit(0);
// @codingStandardsIgnoreStart
echo fread($handle, 8192);
// @codingStandardsIgnoreEnd
$transfered += 8192;
flush();
ob_flush();
}
// while
fclose($handle);
exit;
}
// if fseek
}
// foreach ranges
}
// if unit bytes
}
// if http_range
// prepare headers
header('Last-Modified: ' . $file['modify']);
header('Accept-Ranges: bytes');
header('Content-Type: ' . $file['mimetype']);
header('Content-Length: ' . $file['size']);
header('Content-Transfer-Encoding: binary');
session_cache_limiter(false);
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= strtotime($file['modify'])) {
header('HTTP/1.0 304 Not Modified');
exit;
}
if (is_resource($handle)) {
// write to output buffer in small chunks to bypass memory limit of large files (which fpassthru would
// exceed)
while (!feof($handle) && connection_status() == CONNECTION_NORMAL) {
// reset time limit for big files
set_time_limit(0);
// @codingStandardsIgnoreStart
echo fread($handle, 8192);
// @codingStandardsIgnoreEnd
flush();
ob_flush();
}
// while
fclose($handle);
} elseif (Config::get('use_sendfile') && in_array('mod_xsendfile', apache_get_modules())) {
header('X-Sendfile: ' . $this->path_sendfile);
} else {
readfile($this->path_sendfile);
exit;
}
}
/**
* Builds transactions about command executions and catches \Exceptions, set error messages and redirects to
* bypass form re-submit of data. Specific actions are defined in handleCommand. Use class property 'atomic' to
* disable cmd wide transactions
*
* @internal
*
* @param string $cmd
*
* @throws exception\ControllerException|\Exception|exception\NotAuthorizedException
*/
protected final function executeCommand($cmd)
{
$this->command = $cmd;
if ($this->isJSON && Request::getBoolParam('json_blacklist')) {
self::sendInternalError();
}
try {
if ($this->atomic) {
DBConnection::getInstance()->beginTransaction();
}
// call command
if (method_exists($this, $cmd) === false) {
Logger::getInstance()->error(_s('method %s::%s does not exist.', get_class($this), $cmd));
throw new exception\ControllerException(_s('Die Aktion konnte nicht ausgeführt werden.'));
}
$this->{$cmd}();
if ($this->atomic) {
DBConnection::getInstance()->commit();
}
} catch (exception\InvalidParameterException $e) {
$this->error(_s('Die folgenden Angaben sind unvollständig:'));
foreach ($e->getParameters() as $param) {
$this->error($param['description'], $param['name']);
}
} catch (exception\ControllerException $e) {
$this->error($e->getMessage());
} catch (exception\NotAuthorizedException $e) {
if (DBConnection::getInstance()->inTransaction()) {
DBConnection::getInstance()->rollBack();
}
throw $e;
} catch (exception\UnexpectedIntegrityConstraintViolationException $e) {
$this->error(_s('Integritätsprüfung fehlgeschlagen.'));
} catch (\Exception $e) {
Logger::getInstance()->exception($e);
$this->error(_s('Fehler beim ausführen der Aktion.: ') . $e->getMessage());
}
// by default, guess it failed and roll back the queries
if (DBConnection::getInstance()->inTransaction()) {
DBConnection::getInstance()->rollBack();
}
}