/** * Updates the file-table (but only the selected files): * - if a file is deleted manualy (not with ComaCMS) it removes the database-entry * - if a file is there but it isn't in the database it will be added * @access private */ function _updateDatabasePage() { // get the selected files $changes = GetPostOrGet('change'); // are files selected? no? if (count($changes) <= 0) { // 'go home!' return $this->_homePage(); } // for each selcted file foreach ($changes as $change) { // 'repair' the filepath $change = rawurldecode($change); $change = utf8_decode($change); // is the file in the table? $sql = "SELECT file_id, file_path\r\n\t\t\t\t\tFROM " . DB_PREFIX . "files\r\n\t\t\t\t\tWHERE file_path = '{$change}'\r\n\t\t\t\t\tLIMIT 1"; $file_result = $this->_SqlConnection->SqlQuery($sql); // is the file in the database? if ($file = mysql_fetch_object($file_result)) { // the file doesn't exist? if (!file_exists($change)) { // remove the database entry $sql = "DELETE FROM " . DB_PREFIX . "files\r\n\t\t\t\t\t\t\tWHERE file_id = {$file->file_id}\r\n\t\t\t\t\t\t\tLIMIT 1"; $this->_SqlConnection->SqlQuery($sql); } else { // update the values, which could be changed $sql = "UPDATE " . DB_PREFIX . "files\r\n \t\t\t\t\t\t\tSET file_size = " . filesize($file->file_path) . ",\r\n \t\t\t\t\t\t\tfile_md5 = '" . md5_file($file->file_path) . "'\r\n\t\t\t\t\t\t\tWHERE file_id ={$file->file_id}\r\n\t\t\t\t\t\t\tLIMIT 1"; $this->_SqlConnection->SqlQuery($sql); } } elseif (file_exists($change)) { // create him a database-entry $sql = "INSERT INTO " . DB_PREFIX . "files (file_name, file_type, file_path, file_size, file_md5, file_date, file_creator)\r\n\t\t\t\t\t\tVALUES('" . basename($change) . "', '" . GetMimeContentType($change) . "', '{$change}', '" . filesize($change) . "', '" . md5_file($change) . "', " . mktime() . ", {$this->_User->ID})"; $this->_SqlConnection->SqlQuery($sql); } } // 'go home!' return $this->_homePage(); }
/** * uploads files... * @access private */ function _uploadPage() { // TODO: make it configurable $uploadPath = './data/upload/'; $path = GetPostOrGet('path'); if ($path == '/') { $path = ''; } if (strlen($path) > 0 && substr($path, -1, 0) != '/') { $path .= '/'; } $out = ''; // foreach file that is 'posted' with this request foreach ($_FILES as $name => $file) { // has it a trusted name? and has it some content if (strpos($name, 'uploadfile') === 0 && $file['error'] != 4) { // get the 'number of the upload' $nr = substr($name, 10); // alow to upload max. 5 files in one action if ($nr < 5) { // genereate the new location of the file $savePath = $uploadPath . $file['name']; // if there exists a file try to rename the file that it is possible to save both if (file_exists($savePath)) { $savePath = uniqid($uploadPath) . $file['name']; } // maximum filesize: ~1.5MB // TODO: make it configutable if ($file['size'] > 1600000) { $file['error'] = 2; } // no upload errors? if ($file['error'] == 0) { // dont allow an upload if a file with the same md5 exists $file_md5 = md5_file($file['tmp_name']); $sql = "SELECT file_name\n\t\t\t\t\t\t\t\tFROM " . DB_PREFIX . "files\n\t\t\t\t\t\t\t\tWHERE file_md5 = '{$file_md5}'\n\t\t\t\t\t\t\t\tLIMIT 1"; $md5ExistsResult = $this->_SqlConnection->SqlQuery($sql); // is there a file with the same md5? if ($md5Exists = mysql_fetch_object($md5ExistsResult)) { // show the user that the same file is already uploaded $out .= "<div class=\"error\"><strong>" . $this->_Translation->GetTranslation('error') . ":</strong> " . sprintf($this->_Translation->GetTranslation('the_file_%file%_is already_uploaded'), $file['name']); /*Die Datei "<strong>" . $file['name'] . "</strong>" ist bereits hochgeladen worden" . " .*/ if ($md5Exists->file_name != $file['name']) { $out .= ' ' . sprintf($this->_Translation->GetTranslation('the_file_has_a_different_name_%file%'), $md5Exists->file_name); } //$out .= "(Sie hat nur einen anderen Namen: "<strong>$md5exists->file_name</strong>")."; $out .= "</div>\r\n"; } else { // move the file into the uploadfolder if (move_uploaded_file($file['tmp_name'], $savePath)) { // add the database-entry for the file $sql = "INSERT INTO " . DB_PREFIX . "files (file_name, file_type, file_path, file_size, file_md5, file_date, file_creator)\n\t\t\t\t\t\t\t\t\t\tVALUES('" . $path . $file['name'] . "', '" . GetMimeContentType($savePath) . "', '{$savePath}', '" . filesize($savePath) . "', '" . md5_file($savePath) . "', " . mktime() . ", {$this->_User->ID})"; $this->_SqlConnection->SqlQuery($sql); // prevent uploads, which aren't dowloadable(read-/writeable) by another user(ftp-access etc.) chmod($savePath, 0755); $out .= "<div><strong>" . $this->_Translation->GetTranslation('ok') . ":</strong> " . sprintf($this->_Translation->GetTranslation('the_file_%file%_was_uploaded'), $file['name']) . "</div>\r\n"; } } } else { $out .= "<div class=\"error\"><strong>" . $this->_Translation->GetTranslation('error') . ":</strong> "; switch ($file['error']) { // file is to big (php.ini) case 1: $out .= sprintf($this->_Translation->GetTranslation('the_file_%file%_is_bigger_than_the_maximum_upload_size_of_the_server'), $file['name']); break; // file is to big (MAX_FILE_SIZE) // file is to big (MAX_FILE_SIZE) case 2: $out .= sprintf($this->_Translation->GetTranslation('the_file_%file%_is_bigger_than_the_maximum_upload_size_of_%maximumsize%'), $file['name'], '1.5MB'); break; // file isn't completly transmitted // file isn't completly transmitted case 3: $out .= $this->_Translation->GetTranslation('the_file_was_only_partly_transmitted'); break; // no upload // no upload case 4: $out .= $this->_Translation->GetTranslation('there_was_no_file_transmitted'); break; // unknown error -> say it wasn't possible to upload // unknown error -> say it wasn't possible to upload default: $out .= $this->_Translation->GetTranslation('wasnt_able_to_transmit_the_file'); break; } $out .= "</div>\r\n"; } } } } // 'go home' return $out . $this->_homePage(); }
function AddFile($Path) { if ($this->GetIDByPath($Path) != -1) { return; } $sql = "INSERT INTO " . DB_PREFIX . "files (file_name, file_type, file_path, file_size, file_md5, file_date, file_creator)\n\t\t\t\t\tVALUES('" . basename($Path) . "', '" . GetMimeContentType($Path) . "', '{$Path}', '" . filesize($Path) . "', '" . md5_file($Path) . "', " . mktime() . ", {$this->_User->ID})"; $this->_SqlConnection->SqlQuery($sql); }