/**
* Updates the file-table (but only the selected files):
* - if a file is deleted manualy (not with ComaCMS) it removes the database-entry
* - if a file is there but it isn't in the database it will be added
* @access private
*/
function _updateDatabasePage()
{
// get the selected files
$changes = GetPostOrGet('change');
// are files selected? no?
if (count($changes) <= 0) {
// 'go home!'
return $this->_homePage();
}
// for each selcted file
foreach ($changes as $change) {
// 'repair' the filepath
$change = rawurldecode($change);
$change = utf8_decode($change);
// is the file in the table?
$sql = "SELECT file_id, file_path\r\n\t\t\t\t\tFROM " . DB_PREFIX . "files\r\n\t\t\t\t\tWHERE file_path = '{$change}'\r\n\t\t\t\t\tLIMIT 1";
$file_result = $this->_SqlConnection->SqlQuery($sql);
// is the file in the database?
if ($file = mysql_fetch_object($file_result)) {
// the file doesn't exist?
if (!file_exists($change)) {
// remove the database entry
$sql = "DELETE FROM " . DB_PREFIX . "files\r\n\t\t\t\t\t\t\tWHERE file_id = {$file->file_id}\r\n\t\t\t\t\t\t\tLIMIT 1";
$this->_SqlConnection->SqlQuery($sql);
} else {
// update the values, which could be changed
$sql = "UPDATE " . DB_PREFIX . "files\r\n \t\t\t\t\t\t\tSET file_size = " . filesize($file->file_path) . ",\r\n \t\t\t\t\t\t\tfile_md5 = '" . md5_file($file->file_path) . "'\r\n\t\t\t\t\t\t\tWHERE file_id ={$file->file_id}\r\n\t\t\t\t\t\t\tLIMIT 1";
$this->_SqlConnection->SqlQuery($sql);
}
} elseif (file_exists($change)) {
// create him a database-entry
$sql = "INSERT INTO " . DB_PREFIX . "files (file_name, file_type, file_path, file_size, file_md5, file_date, file_creator)\r\n\t\t\t\t\t\tVALUES('" . basename($change) . "', '" . GetMimeContentType($change) . "', '{$change}', '" . filesize($change) . "', '" . md5_file($change) . "', " . mktime() . ", {$this->_User->ID})";
$this->_SqlConnection->SqlQuery($sql);
}
}
// 'go home!'
return $this->_homePage();
}
/**
* uploads files...
* @access private
*/
function _uploadPage()
{
// TODO: make it configurable
$uploadPath = './data/upload/';
$path = GetPostOrGet('path');
if ($path == '/') {
$path = '';
}
if (strlen($path) > 0 && substr($path, -1, 0) != '/') {
$path .= '/';
}
$out = '';
// foreach file that is 'posted' with this request
foreach ($_FILES as $name => $file) {
// has it a trusted name? and has it some content
if (strpos($name, 'uploadfile') === 0 && $file['error'] != 4) {
// get the 'number of the upload'
$nr = substr($name, 10);
// alow to upload max. 5 files in one action
if ($nr < 5) {
// genereate the new location of the file
$savePath = $uploadPath . $file['name'];
// if there exists a file try to rename the file that it is possible to save both
if (file_exists($savePath)) {
$savePath = uniqid($uploadPath) . $file['name'];
}
// maximum filesize: ~1.5MB
// TODO: make it configutable
if ($file['size'] > 1600000) {
$file['error'] = 2;
}
// no upload errors?
if ($file['error'] == 0) {
// dont allow an upload if a file with the same md5 exists
$file_md5 = md5_file($file['tmp_name']);
$sql = "SELECT file_name\n\t\t\t\t\t\t\t\tFROM " . DB_PREFIX . "files\n\t\t\t\t\t\t\t\tWHERE file_md5 = '{$file_md5}'\n\t\t\t\t\t\t\t\tLIMIT 1";
$md5ExistsResult = $this->_SqlConnection->SqlQuery($sql);
// is there a file with the same md5?
if ($md5Exists = mysql_fetch_object($md5ExistsResult)) {
// show the user that the same file is already uploaded
$out .= "<div class=\"error\"><strong>" . $this->_Translation->GetTranslation('error') . ":</strong> " . sprintf($this->_Translation->GetTranslation('the_file_%file%_is already_uploaded'), $file['name']);
/*Die Datei "<strong>" . $file['name'] . "</strong>" ist bereits hochgeladen worden" . " .*/
if ($md5Exists->file_name != $file['name']) {
$out .= ' ' . sprintf($this->_Translation->GetTranslation('the_file_has_a_different_name_%file%'), $md5Exists->file_name);
}
//$out .= "(Sie hat nur einen anderen Namen: "<strong>$md5exists->file_name</strong>").";
$out .= "</div>\r\n";
} else {
// move the file into the uploadfolder
if (move_uploaded_file($file['tmp_name'], $savePath)) {
// add the database-entry for the file
$sql = "INSERT INTO " . DB_PREFIX . "files (file_name, file_type, file_path, file_size, file_md5, file_date, file_creator)\n\t\t\t\t\t\t\t\t\t\tVALUES('" . $path . $file['name'] . "', '" . GetMimeContentType($savePath) . "', '{$savePath}', '" . filesize($savePath) . "', '" . md5_file($savePath) . "', " . mktime() . ", {$this->_User->ID})";
$this->_SqlConnection->SqlQuery($sql);
// prevent uploads, which aren't dowloadable(read-/writeable) by another user(ftp-access etc.)
chmod($savePath, 0755);
$out .= "<div><strong>" . $this->_Translation->GetTranslation('ok') . ":</strong> " . sprintf($this->_Translation->GetTranslation('the_file_%file%_was_uploaded'), $file['name']) . "</div>\r\n";
}
}
} else {
$out .= "<div class=\"error\"><strong>" . $this->_Translation->GetTranslation('error') . ":</strong> ";
switch ($file['error']) {
// file is to big (php.ini)
case 1:
$out .= sprintf($this->_Translation->GetTranslation('the_file_%file%_is_bigger_than_the_maximum_upload_size_of_the_server'), $file['name']);
break;
// file is to big (MAX_FILE_SIZE)
// file is to big (MAX_FILE_SIZE)
case 2:
$out .= sprintf($this->_Translation->GetTranslation('the_file_%file%_is_bigger_than_the_maximum_upload_size_of_%maximumsize%'), $file['name'], '1.5MB');
break;
// file isn't completly transmitted
// file isn't completly transmitted
case 3:
$out .= $this->_Translation->GetTranslation('the_file_was_only_partly_transmitted');
break;
// no upload
// no upload
case 4:
$out .= $this->_Translation->GetTranslation('there_was_no_file_transmitted');
break;
// unknown error -> say it wasn't possible to upload
// unknown error -> say it wasn't possible to upload
default:
$out .= $this->_Translation->GetTranslation('wasnt_able_to_transmit_the_file');
break;
}
$out .= "</div>\r\n";
}
}
}
}
// 'go home'
return $out . $this->_homePage();
}
function AddFile($Path)
{
if ($this->GetIDByPath($Path) != -1) {
return;
}
$sql = "INSERT INTO " . DB_PREFIX . "files (file_name, file_type, file_path, file_size, file_md5, file_date, file_creator)\n\t\t\t\t\tVALUES('" . basename($Path) . "', '" . GetMimeContentType($Path) . "', '{$Path}', '" . filesize($Path) . "', '" . md5_file($Path) . "', " . mktime() . ", {$this->_User->ID})";
$this->_SqlConnection->SqlQuery($sql);
}
