예제 #1
0
function acceptFiles($uploadedFilesArray)
{
    // --------------
    // This PHP function takes files that were just uploaded with HTTP POST,
    // verifies if the size is smaller than a certain value, and moves them
    // using move_uploaded_file() from the server's temporary directory to
    // net2ftp's temporary directory
    //
    // $uploadedFilesArray[number]["name"] and $acceptedFilesArray[number]["name"] contain the real name of the file
    // $uploadedFilesArray[number]["tmp_name"] contains the temporary name of the file in the *webserver's* temporary directory (eg C:\temp)
    // $acceptedFilesArray[number]["tmp_name"] contains the temporary name of the file in *net2ftp's* temporary directory (eg C:\web\net2ftp\temp)
    //
    // Note 1 - $acceptedFilesArray[number]["tmp_name"] may not be the same as $uploadedFilesArray[number]["tmp_name"] because
    //          $acceptedFilesArray[number]["tmp_name"] should be unique at the moment the file is transferred to the new directory.
    // Note 2 - $acceptedFilesArray[number]["tmp_name"]
    //            - starts with upload (or upl on Windows, because on that platform only the first 3 letters are kept)
    //            - has the same filename extension as the real filename
    //            - ends with .txt
    //     The filename extension is needed by the PCL TAR library, which needs to determine if the archive is tar, tgz or gz.
    //     The additional .txt is to ensure that no temporary file would be executed on the web server, which could compromise it.
    //
    // For example: script.php is uploaded to the web server's temporary directory C:\temp\f9skpqri
    //              Then it is moved to net2ftp's temporary directory C:\web\net2ftp\temp\upload9oeic.php.txt
    //              And finally it is transferred to the FTP server as script.php in functions ftp_transferfiles() and ftp_unziptransferfiles() -- see below
    // --------------
    // -------------------------------------------------------------------------
    // Global variables
    // -------------------------------------------------------------------------
    global $net2ftp_globals, $net2ftp_settings, $net2ftp_output;
    $max_filesize = $net2ftp_settings["max_filesize"];
    $skipped = 0;
    // Index of the files which are too big / contain a banned keyword
    $moved_ok = 0;
    // Index of the files that have been treated successfully
    $moved_notok = 0;
    // Index of the files that have been treated unsuccessfully
    for ($i = 1; $i <= sizeof($uploadedFilesArray); $i++) {
        // -------------------------------------------------------------------------
        // 1 -- Get the data from the filesArray (for each file, its location, name, size, ftpmode
        // -------------------------------------------------------------------------
        $file_name = $uploadedFilesArray["{$i}"]["name"];
        $file_tmp_name = $uploadedFilesArray["{$i}"]["tmp_name"];
        $file_size = $uploadedFilesArray["{$i}"]["size"];
        if ($file_name != "" && $file_tmp_name == "" || $file_size > $max_filesize) {
            // The case ($file_name != "" && $file_tmp_name == "") occurs when the file is bigger than the directives set in php.ini
            // In that case, only $uploadedFilesArray["$i"]["name"] is filled in.
            $net2ftp_output["acceptFiles"][] = __("File <b>%1\$s</b> is too big. This file will not be uploaded.", $file_name);
            $skipped = $skipped + 1;
            @unlink($file_tmp_name);
            continue;
        } elseif (checkAuthorizedName($file_name) == false) {
            $net2ftp_output["acceptFiles"][] = __("File <b>%1\$s</b> is contains a banned keyword. This file will not be uploaded.", $file_name);
            $skipped = $skipped + 1;
            @unlink($file_tmp_name);
            continue;
        }
        // -------------------------------------------------------------------------
        // 3 -- upload and copy the file; if a file with the same name already exists, it is overwritten with the new file
        // -------------------------------------------------------------------------
        $extension = get_filename_extension($file_name);
        if (substr($file_name, -6) == "tar.gz") {
            $extension = "tar.gz";
        }
        $tempfilename = tempnam2($net2ftp_globals["application_tempdir"], "upload__", "." . $extension . ".txt");
        if ($tempfilename == false) {
            @unlink($tempfilename);
            $errormessage = __("Could not generate a temporary file.");
            setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
            return false;
        }
        $success2 = move_uploaded_file($file_tmp_name, $tempfilename);
        if ($success2 == false) {
            $net2ftp_output["acceptFiles"][] = __("File <b>%1\$s</b> could not be moved", $file_name);
            @unlink($file_tmp_name);
            @unlink($tempfilename);
            $moved_notok = $moved_notok + 1;
            continue;
        } else {
            // When uploading files, print some output
            // When updating files, do not print anything
            registerTempfile("register", $tempfilename);
            if ($net2ftp_globals["state"] == "upload") {
                $net2ftp_output["acceptFiles"][] = __("File <b>%1\$s</b> is OK", $file_name);
            }
            $moved_ok = $moved_ok + 1;
            $acceptedFilesArray[$moved_ok]["name"] = $file_name;
            $acceptedFilesArray[$moved_ok]["tmp_name"] = $tempfilename;
        }
    }
    // End for
    if ($moved_notok > 0) {
        $errormessage = __("Unable to move the uploaded file to the temp directory.<br /><br />The administrator of this website has to <b>chmod 777</b> the /temp directory of net2ftp.");
        setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
        return false;
    } elseif ($moved_ok == 0 && $skipped == 0) {
        $errormessage = __("You did not provide any file to upload.");
        setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
        return false;
    } elseif ($moved_ok == 0 && $skipped > 0) {
        return "all_uploaded_files_are_too_big";
    } else {
        return $acceptedFilesArray;
    }
}
예제 #2
0
function net2ftp_module_sendHttpHeaders()
{
    // --------------
    // This function sends HTTP headers
    // --------------
    global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result, $net2ftp_output;
    // ------------------------------------
    // 1. Register the global variables
    // ------------------------------------
    if ($net2ftp_globals["screen"] == 2) {
        // Code for old file jupload applet (jupload version 0.86)
        //		$file_counter = 0;
        //		foreach($_FILES as $tagname=>$object) {
        //			if ($object['name'] != "") {
        //				$file_counter = $file_counter + 1;
        //				$uploadedFilesArray["$file_counter"]["name"]               = $object['name'];
        //				$uploadedFilesArray["$file_counter"]["tmp_name"]           = $object['tmp_name'];
        //				$uploadedFilesArray["$file_counter"]["size"]               = $object['size'];
        //				$uploadedFilesArray["$file_counter"]["error"]              = $object['error'];
        //				// Look for special encoded jupload files
        //				$contentType = $object['type'];
        //				if (substr($contentType,0,7) == "jupload") {
        //					$base64_encoded_path = substr($contentType,8);
        //					$base64_decoded_path = base64_decode($base64_encoded_path);
        //					$uploadedFilesArray["$file_counter"]["absolute_directory"] = $base64_decoded_path;
        //				} // end if
        //			} // end if
        //		} // end foreach
        // Code for new file jupload applet (jupload version 5.0.8)
        $file_counter = 0;
        foreach ($_FILES as $tagname => $object) {
            if ($object['name'] != "") {
                $file_counter = $file_counter + 1;
                $uploadedFilesArray["{$file_counter}"]["name"] = $object['name'];
                $uploadedFilesArray["{$file_counter}"]["type"] = $object['type'];
                $uploadedFilesArray["{$file_counter}"]["tmp_name"] = $object['tmp_name'];
                $uploadedFilesArray["{$file_counter}"]["error"] = $object['error'];
                $uploadedFilesArray["{$file_counter}"]["size"] = $object['size'];
                $uploadedFilesArray["{$file_counter}"]["mime"] = validateEntry($_POST["mimetype" . $file_counter]);
                $uploadedFilesArray["{$file_counter}"]["relative_directory"] = validateDirectory($_POST["relpathinfo" . $file_counter]);
                $uploadedFilesArray["{$file_counter}"]["mtime"] = validateEntry($_POST["filemodificationdate" . $file_counter]);
            }
            // end if
        }
        // end foreach
        echo "Please wait, the files are being transferred to the FTP server...<br />\n";
        flush();
        // ------------------------------------
        // 2. POST METHOD: Move files from the *webserver's* temporary directory to *net2ftp's*
        // temporary directory (move_uploaded_files).
        // ------------------------------------
        if ($_SERVER["REQUEST_METHOD"] == "POST" && sizeof($uploadedFilesArray) > 0) {
            $moved_counter = 0;
            for ($j = 1; $j <= sizeof($uploadedFilesArray); $j++) {
                $file_name = $uploadedFilesArray["{$j}"]["name"];
                $file_tmp_name = $uploadedFilesArray["{$j}"]["tmp_name"];
                $file_size = $uploadedFilesArray["{$j}"]["size"];
                $file_error = $uploadedFilesArray["{$j}"]["error"];
                $file_relative_directory = $uploadedFilesArray["{$j}"]["relative_directory"];
                if ($file_name != "" && $file_tmp_name == "" || $file_size > $net2ftp_settings["max_filesize"]) {
                    // The case ($file_name != "" && $file_tmp_name == "") occurs when the file is bigger than the directives set in php.ini
                    // In that case, only $uploadedFilesArray["$j"]["name"] is filled in.
                    echo "WARNING: File <b>{$file_name}</b> skipped: this file is too big.<br />\n";
                    @unlink($file_tmp_name);
                    continue;
                } elseif (checkAuthorizedName($file_name) == false || checkAuthorizedName($file_relative_directory) == false) {
                    echo "WARNING: File <b>{$file_relative_directory}</b> skipped: it contains a banned keyword.<br />\n";
                    $skipped = $skipped + 1;
                    @unlink($file_tmp_name);
                    continue;
                }
                // Create the temporary filename as follows: (from left to right)
                // - Use prefix "upload__", to be able to identify from where this temporary file comes from
                // - Create a random filename
                // - Add the original filename extension, to be able to identify the filetype
                // - Add suffix ".txt" to avoid that the file would be executed on the webserver
                $extension = get_filename_extension($file_name);
                if (substr($file_name, -6) == "tar.gz") {
                    $extension = "tar.gz";
                }
                $tempfilename = tempnam2($net2ftp_globals["application_tempdir"], "upload__", "." . $extension . ".txt");
                if ($tempfilename == false) {
                    // If you get this warning message, you've probably forgotten to chmod 777 the /temp directory
                    echo "WARNING: File <b>{$file_name}</b> skipped: unable to create a temporary file on the webserver.<br />\n";
                    @unlink($file_tmp_name);
                    continue;
                }
                // Move the uploaded file
                $move_uploaded_file_result = move_uploaded_file($uploadedFilesArray["{$j}"]["tmp_name"], $tempfilename);
                if ($move_uploaded_file_result == false) {
                    echo "WARNING: File <b>{$file_name}</b> skipped: unable to move the uploaded file to the webserver's temporary directory.<br />\n";
                    @unlink($file_tmp_name);
                    @unlink($tempfilename);
                    continue;
                } else {
                    $moved_counter = $moved_counter + 1;
                    $acceptedFilesArray["{$moved_counter}"] = $uploadedFilesArray["{$j}"];
                    // Copy all parameters for this file from the $uploadedFilesArray to the $acceptedFilesArray
                    $acceptedFilesArray["{$moved_counter}"]["tmp_name"] = $tempfilename;
                    // Overwrite the old temporary name by the new one
                }
            }
            // end for j
            flush();
        }
        // end if elseif
        // ------------------------------------
        // 3. Move the files from net2ftp's temporary directory to the FTP server.
        // ------------------------------------
        if (sizeof($acceptedFilesArray) == 0 && sizeof($uploadedFilesArray) != 0) {
            echo "WARNING: No files were accepted (see messages above), so nothing will be transferred to the FTP server.<br />\n";
        } elseif (sizeof($acceptedFilesArray) > 0) {
            // ------------------------------
            // 3.1 Open connection
            // ------------------------------
            // Open connection
            echo __("Connecting to the FTP server") . "<br />\n";
            $conn_id = ftp_openconnection();
            if ($net2ftp_result["success"] == false) {
                echo "ERROR: " . $net2ftp_result["errormessage"] . "<br />\n";
                return false;
            }
            // ------------------------------
            // For loop (loop over all the files)
            // ------------------------------
            for ($k = 1; $k <= sizeof($acceptedFilesArray); $k++) {
                $file_name = $acceptedFilesArray["{$k}"]["name"];
                $file_tmp_name = $acceptedFilesArray["{$k}"]["tmp_name"];
                $file_size = $acceptedFilesArray["{$k}"]["size"];
                $file_error = $acceptedFilesArray["{$k}"]["error"];
                $file_relative_directory = $acceptedFilesArray["{$k}"]["relative_directory"];
                $ftpmode = ftpAsciiBinary($file_name);
                if ($ftpmode == FTP_ASCII) {
                    $printftpmode = "FTP_ASCII";
                } elseif ($ftpmode == FTP_BINARY) {
                    $printftpmode = "FTP_BINARY";
                }
                // ------------------------------
                // 3.2 Within the for loop: create the subdirectory if needed
                // ------------------------------
                // Replace Windows-style backslashes \ by Unix-style slashes /
                $file_relative_directory = str_replace("\\", "/", trim($file_relative_directory));
                // Get the names of the subdirectories by splitting the string using slashes /
                $file_subdirectories = explode("/", $file_relative_directory);
                // $targetdirectory contains the successive directories to be created
                $targetdirectory = $net2ftp_globals["directory"];
                // Loop over sizeof()-1 because the last part is the filename itself:
                for ($m = 0; $m < sizeof($file_subdirectories) - 1; $m++) {
                    // Create the targetdirectory string
                    $targetdirectory = glueDirectories($targetdirectory, $file_subdirectories[$m]);
                    // Check if the subdirectories exist
                    if ($targetdirectory != "") {
                        $result = @ftp_chdir($conn_id, $targetdirectory);
                        if ($result == false) {
                            $ftp_mkdir_result = ftp_mkdir($conn_id, $targetdirectory);
                            if ($ftp_mkdir_result == false) {
                                echo "WARNING: Unable to create the directory <b>{$targetdirectory}</b>. The script will try to continue...<br />\n";
                                continue;
                            }
                            echo "Directory {$targetdirectory} created.<br />\n";
                        }
                        // end if
                        flush();
                    }
                    // end if
                }
                // end for m
                // Store the $targetdirectory in the $acceptedFilesArray
                if ($targetdirectory != "" && $targetdirectory != "/") {
                    $acceptedFilesArray["{$k}"]["targetdirectory"] = $targetdirectory;
                }
                // ------------------------------
                // 3.3 Within the for loop: put local file to remote file
                // ------------------------------
                ftp_putfile($conn_id, "", $acceptedFilesArray["{$k}"]["tmp_name"], $acceptedFilesArray["{$k}"]["targetdirectory"], $acceptedFilesArray["{$k}"]["name"], $ftpmode, "move");
                if ($net2ftp_result["success"] == false) {
                    echo "ERROR: File <b>{$file_name}</b> skipped. Message: " . $net2ftp_result["errormessage"] . "<br />\n";
                    setErrorVars(true, "", "", "", "");
                    continue;
                } else {
                    echo "The file <b>{$file_name}</b> was transferred to the FTP server successfully. <br />\n";
                }
                flush();
            }
            // End for k
            // Note: the java applet is looking for the word "SUCCESS" to determine if the upload result is OK or not (see applet parameter stringUploadSuccess)
            // The applet doesn't seem to recognize the words "SUCCESS", "WARNING" or "ERROR" when they are issued by the code above
            echo "SUCCESS";
            // ------------------------------
            // 3.4 Close connection
            // ------------------------------
            ftp_quit($conn_id);
        }
        // end if
    }
    // end if $screen == 2
}