Exemplo n.º 1
0
 /**
  * Updates the file-table (but only the selected files):
  *  - if a file is deleted manualy (not with ComaCMS) it removes the database-entry
  *  - if a file is there but it isn't in the database it will be added
  * @access private
  */
 function _updateDatabasePage()
 {
     // get the selected files
     $changes = GetPostOrGet('change');
     // are files selected? no?
     if (count($changes) <= 0) {
         // 'go home!'
         return $this->_homePage();
     }
     // for each selcted file
     foreach ($changes as $change) {
         // 'repair' the filepath
         $change = rawurldecode($change);
         $change = utf8_decode($change);
         // is the file in the table?
         $sql = "SELECT file_id, file_path\r\n\t\t\t\t\tFROM " . DB_PREFIX . "files\r\n\t\t\t\t\tWHERE file_path = '{$change}'\r\n\t\t\t\t\tLIMIT 1";
         $file_result = $this->_SqlConnection->SqlQuery($sql);
         // is the file in the database?
         if ($file = mysql_fetch_object($file_result)) {
             // the file doesn't exist?
             if (!file_exists($change)) {
                 // remove the database entry
                 $sql = "DELETE FROM " . DB_PREFIX . "files\r\n\t\t\t\t\t\t\tWHERE file_id = {$file->file_id}\r\n\t\t\t\t\t\t\tLIMIT 1";
                 $this->_SqlConnection->SqlQuery($sql);
             } else {
                 // update the values, which could be changed
                 $sql = "UPDATE " . DB_PREFIX . "files\r\n \t\t\t\t\t\t\tSET file_size = " . filesize($file->file_path) . ",\r\n \t\t\t\t\t\t\tfile_md5 = '" . md5_file($file->file_path) . "'\r\n\t\t\t\t\t\t\tWHERE file_id ={$file->file_id}\r\n\t\t\t\t\t\t\tLIMIT 1";
                 $this->_SqlConnection->SqlQuery($sql);
             }
         } elseif (file_exists($change)) {
             // create him a database-entry
             $sql = "INSERT INTO " . DB_PREFIX . "files (file_name, file_type, file_path, file_size, file_md5, file_date, file_creator)\r\n\t\t\t\t\t\tVALUES('" . basename($change) . "', '" . GetMimeContentType($change) . "', '{$change}', '" . filesize($change) . "', '" . md5_file($change) . "', " . mktime() . ", {$this->_User->ID})";
             $this->_SqlConnection->SqlQuery($sql);
         }
     }
     // 'go home!'
     return $this->_homePage();
 }
Exemplo n.º 2
0
 /**
  * uploads files...
  * @access private
  */
 function _uploadPage()
 {
     // TODO: make it configurable
     $uploadPath = './data/upload/';
     $path = GetPostOrGet('path');
     if ($path == '/') {
         $path = '';
     }
     if (strlen($path) > 0 && substr($path, -1, 0) != '/') {
         $path .= '/';
     }
     $out = '';
     // foreach file that is 'posted' with this request
     foreach ($_FILES as $name => $file) {
         // has it a trusted name? and has it some content
         if (strpos($name, 'uploadfile') === 0 && $file['error'] != 4) {
             // get the 'number of the upload'
             $nr = substr($name, 10);
             // alow to upload max. 5 files in one action
             if ($nr < 5) {
                 // genereate the new location of the file
                 $savePath = $uploadPath . $file['name'];
                 // if there exists a file try to rename the file that it is possible to save both
                 if (file_exists($savePath)) {
                     $savePath = uniqid($uploadPath) . $file['name'];
                 }
                 // maximum filesize: ~1.5MB
                 // TODO: make it configutable
                 if ($file['size'] > 1600000) {
                     $file['error'] = 2;
                 }
                 // no upload errors?
                 if ($file['error'] == 0) {
                     // dont allow an upload if a file with the same md5 exists
                     $file_md5 = md5_file($file['tmp_name']);
                     $sql = "SELECT file_name\n\t\t\t\t\t\t\t\tFROM " . DB_PREFIX . "files\n\t\t\t\t\t\t\t\tWHERE file_md5 = '{$file_md5}'\n\t\t\t\t\t\t\t\tLIMIT 1";
                     $md5ExistsResult = $this->_SqlConnection->SqlQuery($sql);
                     // is there a file with the same md5?
                     if ($md5Exists = mysql_fetch_object($md5ExistsResult)) {
                         // show the user that the same file is already uploaded
                         $out .= "<div class=\"error\"><strong>" . $this->_Translation->GetTranslation('error') . ":</strong> " . sprintf($this->_Translation->GetTranslation('the_file_%file%_is already_uploaded'), $file['name']);
                         /*Die Datei &quot;<strong>" . $file['name'] . "</strong>&quot; ist bereits hochgeladen worden" . " .*/
                         if ($md5Exists->file_name != $file['name']) {
                             $out .= ' ' . sprintf($this->_Translation->GetTranslation('the_file_has_a_different_name_%file%'), $md5Exists->file_name);
                         }
                         //$out .= "(Sie hat nur einen anderen Namen: &quot;<strong>$md5exists->file_name</strong>&quot;).";
                         $out .= "</div>\r\n";
                     } else {
                         // move the file into the uploadfolder
                         if (move_uploaded_file($file['tmp_name'], $savePath)) {
                             // add the database-entry for the file
                             $sql = "INSERT INTO " . DB_PREFIX . "files (file_name, file_type, file_path, file_size, file_md5, file_date, file_creator)\n\t\t\t\t\t\t\t\t\t\tVALUES('" . $path . $file['name'] . "', '" . GetMimeContentType($savePath) . "', '{$savePath}', '" . filesize($savePath) . "', '" . md5_file($savePath) . "', " . mktime() . ", {$this->_User->ID})";
                             $this->_SqlConnection->SqlQuery($sql);
                             // prevent uploads, which aren't dowloadable(read-/writeable) by another user(ftp-access etc.)
                             chmod($savePath, 0755);
                             $out .= "<div><strong>" . $this->_Translation->GetTranslation('ok') . ":</strong> " . sprintf($this->_Translation->GetTranslation('the_file_%file%_was_uploaded'), $file['name']) . "</div>\r\n";
                         }
                     }
                 } else {
                     $out .= "<div class=\"error\"><strong>" . $this->_Translation->GetTranslation('error') . ":</strong> ";
                     switch ($file['error']) {
                         // file is to big (php.ini)
                         case 1:
                             $out .= sprintf($this->_Translation->GetTranslation('the_file_%file%_is_bigger_than_the_maximum_upload_size_of_the_server'), $file['name']);
                             break;
                             // file is to big (MAX_FILE_SIZE)
                         // file is to big (MAX_FILE_SIZE)
                         case 2:
                             $out .= sprintf($this->_Translation->GetTranslation('the_file_%file%_is_bigger_than_the_maximum_upload_size_of_%maximumsize%'), $file['name'], '1.5MB');
                             break;
                             // file isn't completly transmitted
                         // file isn't completly transmitted
                         case 3:
                             $out .= $this->_Translation->GetTranslation('the_file_was_only_partly_transmitted');
                             break;
                             // no upload
                         // no upload
                         case 4:
                             $out .= $this->_Translation->GetTranslation('there_was_no_file_transmitted');
                             break;
                             // unknown error -> say it wasn't possible to upload
                         // unknown error -> say it wasn't possible to upload
                         default:
                             $out .= $this->_Translation->GetTranslation('wasnt_able_to_transmit_the_file');
                             break;
                     }
                     $out .= "</div>\r\n";
                 }
             }
         }
     }
     // 'go home'
     return $out . $this->_homePage();
 }
Exemplo n.º 3
0
 function AddFile($Path)
 {
     if ($this->GetIDByPath($Path) != -1) {
         return;
     }
     $sql = "INSERT INTO " . DB_PREFIX . "files (file_name, file_type, file_path, file_size, file_md5, file_date, file_creator)\n\t\t\t\t\tVALUES('" . basename($Path) . "', '" . GetMimeContentType($Path) . "', '{$Path}', '" . filesize($Path) . "', '" . md5_file($Path) . "', " . mktime() . ", {$this->_User->ID})";
     $this->_SqlConnection->SqlQuery($sql);
 }