function acceptFiles($uploadedFilesArray)
{
// --------------
// This PHP function takes files that were just uploaded with HTTP POST,
// verifies if the size is smaller than a certain value, and moves them
// using move_uploaded_file() from the server's temporary directory to
// net2ftp's temporary directory
//
// $uploadedFilesArray[number]["name"] and $acceptedFilesArray[number]["name"] contain the real name of the file
// $uploadedFilesArray[number]["tmp_name"] contains the temporary name of the file in the *webserver's* temporary directory (eg C:\temp)
// $acceptedFilesArray[number]["tmp_name"] contains the temporary name of the file in *net2ftp's* temporary directory (eg C:\web\net2ftp\temp)
//
// Note 1 - $acceptedFilesArray[number]["tmp_name"] may not be the same as $uploadedFilesArray[number]["tmp_name"] because
// $acceptedFilesArray[number]["tmp_name"] should be unique at the moment the file is transferred to the new directory.
// Note 2 - $acceptedFilesArray[number]["tmp_name"]
// - starts with upload (or upl on Windows, because on that platform only the first 3 letters are kept)
// - has the same filename extension as the real filename
// - ends with .txt
// The filename extension is needed by the PCL TAR library, which needs to determine if the archive is tar, tgz or gz.
// The additional .txt is to ensure that no temporary file would be executed on the web server, which could compromise it.
//
// For example: script.php is uploaded to the web server's temporary directory C:\temp\f9skpqri
// Then it is moved to net2ftp's temporary directory C:\web\net2ftp\temp\upload9oeic.php.txt
// And finally it is transferred to the FTP server as script.php in functions ftp_transferfiles() and ftp_unziptransferfiles() -- see below
// --------------
// -------------------------------------------------------------------------
// Global variables
// -------------------------------------------------------------------------
global $net2ftp_globals, $net2ftp_settings, $net2ftp_output;
$max_filesize = $net2ftp_settings["max_filesize"];
$skipped = 0;
// Index of the files which are too big / contain a banned keyword
$moved_ok = 0;
// Index of the files that have been treated successfully
$moved_notok = 0;
// Index of the files that have been treated unsuccessfully
for ($i = 1; $i <= sizeof($uploadedFilesArray); $i++) {
// -------------------------------------------------------------------------
// 1 -- Get the data from the filesArray (for each file, its location, name, size, ftpmode
// -------------------------------------------------------------------------
$file_name = $uploadedFilesArray["{$i}"]["name"];
$file_tmp_name = $uploadedFilesArray["{$i}"]["tmp_name"];
$file_size = $uploadedFilesArray["{$i}"]["size"];
if ($file_name != "" && $file_tmp_name == "" || $file_size > $max_filesize) {
// The case ($file_name != "" && $file_tmp_name == "") occurs when the file is bigger than the directives set in php.ini
// In that case, only $uploadedFilesArray["$i"]["name"] is filled in.
$net2ftp_output["acceptFiles"][] = __("File <b>%1\$s</b> is too big. This file will not be uploaded.", $file_name);
$skipped = $skipped + 1;
@unlink($file_tmp_name);
continue;
} elseif (checkAuthorizedName($file_name) == false) {
$net2ftp_output["acceptFiles"][] = __("File <b>%1\$s</b> is contains a banned keyword. This file will not be uploaded.", $file_name);
$skipped = $skipped + 1;
@unlink($file_tmp_name);
continue;
}
// -------------------------------------------------------------------------
// 3 -- upload and copy the file; if a file with the same name already exists, it is overwritten with the new file
// -------------------------------------------------------------------------
$extension = get_filename_extension($file_name);
if (substr($file_name, -6) == "tar.gz") {
$extension = "tar.gz";
}
$tempfilename = tempnam2($net2ftp_globals["application_tempdir"], "upload__", "." . $extension . ".txt");
if ($tempfilename == false) {
@unlink($tempfilename);
$errormessage = __("Could not generate a temporary file.");
setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
return false;
}
$success2 = move_uploaded_file($file_tmp_name, $tempfilename);
if ($success2 == false) {
$net2ftp_output["acceptFiles"][] = __("File <b>%1\$s</b> could not be moved", $file_name);
@unlink($file_tmp_name);
@unlink($tempfilename);
$moved_notok = $moved_notok + 1;
continue;
} else {
// When uploading files, print some output
// When updating files, do not print anything
registerTempfile("register", $tempfilename);
if ($net2ftp_globals["state"] == "upload") {
$net2ftp_output["acceptFiles"][] = __("File <b>%1\$s</b> is OK", $file_name);
}
$moved_ok = $moved_ok + 1;
$acceptedFilesArray[$moved_ok]["name"] = $file_name;
$acceptedFilesArray[$moved_ok]["tmp_name"] = $tempfilename;
}
}
// End for
if ($moved_notok > 0) {
$errormessage = __("Unable to move the uploaded file to the temp directory.<br /><br />The administrator of this website has to <b>chmod 777</b> the /temp directory of net2ftp.");
setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
return false;
} elseif ($moved_ok == 0 && $skipped == 0) {
$errormessage = __("You did not provide any file to upload.");
setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
return false;
} elseif ($moved_ok == 0 && $skipped > 0) {
return "all_uploaded_files_are_too_big";
} else {
return $acceptedFilesArray;
}
}
function net2ftp_module_sendHttpHeaders()
{
// --------------
// This function sends HTTP headers
// --------------
global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result, $net2ftp_output;
// ------------------------------------
// 1. Register the global variables
// ------------------------------------
if ($net2ftp_globals["screen"] == 2) {
// Code for old file jupload applet (jupload version 0.86)
// $file_counter = 0;
// foreach($_FILES as $tagname=>$object) {
// if ($object['name'] != "") {
// $file_counter = $file_counter + 1;
// $uploadedFilesArray["$file_counter"]["name"] = $object['name'];
// $uploadedFilesArray["$file_counter"]["tmp_name"] = $object['tmp_name'];
// $uploadedFilesArray["$file_counter"]["size"] = $object['size'];
// $uploadedFilesArray["$file_counter"]["error"] = $object['error'];
// // Look for special encoded jupload files
// $contentType = $object['type'];
// if (substr($contentType,0,7) == "jupload") {
// $base64_encoded_path = substr($contentType,8);
// $base64_decoded_path = base64_decode($base64_encoded_path);
// $uploadedFilesArray["$file_counter"]["absolute_directory"] = $base64_decoded_path;
// } // end if
// } // end if
// } // end foreach
// Code for new file jupload applet (jupload version 5.0.8)
$file_counter = 0;
foreach ($_FILES as $tagname => $object) {
if ($object['name'] != "") {
$file_counter = $file_counter + 1;
$uploadedFilesArray["{$file_counter}"]["name"] = $object['name'];
$uploadedFilesArray["{$file_counter}"]["type"] = $object['type'];
$uploadedFilesArray["{$file_counter}"]["tmp_name"] = $object['tmp_name'];
$uploadedFilesArray["{$file_counter}"]["error"] = $object['error'];
$uploadedFilesArray["{$file_counter}"]["size"] = $object['size'];
$uploadedFilesArray["{$file_counter}"]["mime"] = validateEntry($_POST["mimetype" . $file_counter]);
$uploadedFilesArray["{$file_counter}"]["relative_directory"] = validateDirectory($_POST["relpathinfo" . $file_counter]);
$uploadedFilesArray["{$file_counter}"]["mtime"] = validateEntry($_POST["filemodificationdate" . $file_counter]);
}
// end if
}
// end foreach
echo "Please wait, the files are being transferred to the FTP server...<br />\n";
flush();
// ------------------------------------
// 2. POST METHOD: Move files from the *webserver's* temporary directory to *net2ftp's*
// temporary directory (move_uploaded_files).
// ------------------------------------
if ($_SERVER["REQUEST_METHOD"] == "POST" && sizeof($uploadedFilesArray) > 0) {
$moved_counter = 0;
for ($j = 1; $j <= sizeof($uploadedFilesArray); $j++) {
$file_name = $uploadedFilesArray["{$j}"]["name"];
$file_tmp_name = $uploadedFilesArray["{$j}"]["tmp_name"];
$file_size = $uploadedFilesArray["{$j}"]["size"];
$file_error = $uploadedFilesArray["{$j}"]["error"];
$file_relative_directory = $uploadedFilesArray["{$j}"]["relative_directory"];
if ($file_name != "" && $file_tmp_name == "" || $file_size > $net2ftp_settings["max_filesize"]) {
// The case ($file_name != "" && $file_tmp_name == "") occurs when the file is bigger than the directives set in php.ini
// In that case, only $uploadedFilesArray["$j"]["name"] is filled in.
echo "WARNING: File <b>{$file_name}</b> skipped: this file is too big.<br />\n";
@unlink($file_tmp_name);
continue;
} elseif (checkAuthorizedName($file_name) == false || checkAuthorizedName($file_relative_directory) == false) {
echo "WARNING: File <b>{$file_relative_directory}</b> skipped: it contains a banned keyword.<br />\n";
$skipped = $skipped + 1;
@unlink($file_tmp_name);
continue;
}
// Create the temporary filename as follows: (from left to right)
// - Use prefix "upload__", to be able to identify from where this temporary file comes from
// - Create a random filename
// - Add the original filename extension, to be able to identify the filetype
// - Add suffix ".txt" to avoid that the file would be executed on the webserver
$extension = get_filename_extension($file_name);
if (substr($file_name, -6) == "tar.gz") {
$extension = "tar.gz";
}
$tempfilename = tempnam2($net2ftp_globals["application_tempdir"], "upload__", "." . $extension . ".txt");
if ($tempfilename == false) {
// If you get this warning message, you've probably forgotten to chmod 777 the /temp directory
echo "WARNING: File <b>{$file_name}</b> skipped: unable to create a temporary file on the webserver.<br />\n";
@unlink($file_tmp_name);
continue;
}
// Move the uploaded file
$move_uploaded_file_result = move_uploaded_file($uploadedFilesArray["{$j}"]["tmp_name"], $tempfilename);
if ($move_uploaded_file_result == false) {
echo "WARNING: File <b>{$file_name}</b> skipped: unable to move the uploaded file to the webserver's temporary directory.<br />\n";
@unlink($file_tmp_name);
@unlink($tempfilename);
continue;
} else {
$moved_counter = $moved_counter + 1;
$acceptedFilesArray["{$moved_counter}"] = $uploadedFilesArray["{$j}"];
// Copy all parameters for this file from the $uploadedFilesArray to the $acceptedFilesArray
$acceptedFilesArray["{$moved_counter}"]["tmp_name"] = $tempfilename;
// Overwrite the old temporary name by the new one
}
}
// end for j
flush();
}
// end if elseif
// ------------------------------------
// 3. Move the files from net2ftp's temporary directory to the FTP server.
// ------------------------------------
if (sizeof($acceptedFilesArray) == 0 && sizeof($uploadedFilesArray) != 0) {
echo "WARNING: No files were accepted (see messages above), so nothing will be transferred to the FTP server.<br />\n";
} elseif (sizeof($acceptedFilesArray) > 0) {
// ------------------------------
// 3.1 Open connection
// ------------------------------
// Open connection
echo __("Connecting to the FTP server") . "<br />\n";
$conn_id = ftp_openconnection();
if ($net2ftp_result["success"] == false) {
echo "ERROR: " . $net2ftp_result["errormessage"] . "<br />\n";
return false;
}
// ------------------------------
// For loop (loop over all the files)
// ------------------------------
for ($k = 1; $k <= sizeof($acceptedFilesArray); $k++) {
$file_name = $acceptedFilesArray["{$k}"]["name"];
$file_tmp_name = $acceptedFilesArray["{$k}"]["tmp_name"];
$file_size = $acceptedFilesArray["{$k}"]["size"];
$file_error = $acceptedFilesArray["{$k}"]["error"];
$file_relative_directory = $acceptedFilesArray["{$k}"]["relative_directory"];
$ftpmode = ftpAsciiBinary($file_name);
if ($ftpmode == FTP_ASCII) {
$printftpmode = "FTP_ASCII";
} elseif ($ftpmode == FTP_BINARY) {
$printftpmode = "FTP_BINARY";
}
// ------------------------------
// 3.2 Within the for loop: create the subdirectory if needed
// ------------------------------
// Replace Windows-style backslashes \ by Unix-style slashes /
$file_relative_directory = str_replace("\\", "/", trim($file_relative_directory));
// Get the names of the subdirectories by splitting the string using slashes /
$file_subdirectories = explode("/", $file_relative_directory);
// $targetdirectory contains the successive directories to be created
$targetdirectory = $net2ftp_globals["directory"];
// Loop over sizeof()-1 because the last part is the filename itself:
for ($m = 0; $m < sizeof($file_subdirectories) - 1; $m++) {
// Create the targetdirectory string
$targetdirectory = glueDirectories($targetdirectory, $file_subdirectories[$m]);
// Check if the subdirectories exist
if ($targetdirectory != "") {
$result = @ftp_chdir($conn_id, $targetdirectory);
if ($result == false) {
$ftp_mkdir_result = ftp_mkdir($conn_id, $targetdirectory);
if ($ftp_mkdir_result == false) {
echo "WARNING: Unable to create the directory <b>{$targetdirectory}</b>. The script will try to continue...<br />\n";
continue;
}
echo "Directory {$targetdirectory} created.<br />\n";
}
// end if
flush();
}
// end if
}
// end for m
// Store the $targetdirectory in the $acceptedFilesArray
if ($targetdirectory != "" && $targetdirectory != "/") {
$acceptedFilesArray["{$k}"]["targetdirectory"] = $targetdirectory;
}
// ------------------------------
// 3.3 Within the for loop: put local file to remote file
// ------------------------------
ftp_putfile($conn_id, "", $acceptedFilesArray["{$k}"]["tmp_name"], $acceptedFilesArray["{$k}"]["targetdirectory"], $acceptedFilesArray["{$k}"]["name"], $ftpmode, "move");
if ($net2ftp_result["success"] == false) {
echo "ERROR: File <b>{$file_name}</b> skipped. Message: " . $net2ftp_result["errormessage"] . "<br />\n";
setErrorVars(true, "", "", "", "");
continue;
} else {
echo "The file <b>{$file_name}</b> was transferred to the FTP server successfully. <br />\n";
}
flush();
}
// End for k
// Note: the java applet is looking for the word "SUCCESS" to determine if the upload result is OK or not (see applet parameter stringUploadSuccess)
// The applet doesn't seem to recognize the words "SUCCESS", "WARNING" or "ERROR" when they are issued by the code above
echo "SUCCESS";
// ------------------------------
// 3.4 Close connection
// ------------------------------
ftp_quit($conn_id);
}
// end if
}
// end if $screen == 2
}