function wfu_ajax_action_download_file_monitor() { $file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : ''); $id = isset($_POST['id']) ? $_POST['id'] : (isset($_GET['id']) ? $_GET['id'] : ''); if ($file_enc == '' || $id == '') { die; } //ensure that this is not a CSRF attack by checking validity of a security ticket if (!isset($_SESSION['wfu_download_monitor_ticket_' . $id]) || time() > $_SESSION['wfu_download_monitor_ticket_' . $id]) { die; } //destroy monitor ticket so it cannot be used again unset($_SESSION['wfu_download_monitor_ticket_' . $id]); //initiate loop of 30secs to check the download status of the file; //the download status is controlled by the actual download script; //if the file finishes within the 30secs of the loop, then this routine logs the action and notifies //the client side about the download status of the file, otherwise an instruction //to the client side to repeat this routine and wait for another 30secs is dispatched $end_time = time() + 30; $upload_ended = false; while (time() < $end_time) { $upload_ended = isset($_SESSION['wfu_download_status_' . $id]) ? $_SESSION['wfu_download_status_' . $id] == 'downloaded' || $_SESSION['wfu_download_status_' . $id] == 'failed' ? true : false : false; if ($upload_ended) { break; } usleep(100); } if ($upload_ended) { $user = wp_get_current_user(); // $filepath = wfu_plugin_decode_string($file_code); $filepath = wfu_get_filepath_from_safe($file_code); if ($filepath === false) { die; } $filepath = wfu_path_rel2abs(wfu_flatten_path($filepath)); wfu_log_action('download', $filepath, $user->ID, '', 0, 0, '', null); die('wfu_ajax_action_download_file_monitor:' . $_SESSION['wfu_download_status_' . $id] . ':'); } else { //regenerate monitor ticket $_SESSION['wfu_download_monitor_ticket_' . $id] = time() + 30; die('wfu_ajax_action_download_file_monitor:repeat:' . $id); } }
function wfu_get_filtered_recs($filter) { global $wpdb; $table_name1 = $wpdb->prefix . "wfu_log"; $table_name2 = $wpdb->prefix . "wfu_userdata"; $plugin_options = wfu_decode_plugin_options(get_option("wordpress_file_upload_options")); $queries = array(); // add default filters array_push($queries, 'action <> \'other\''); array_push($queries, 'date_to = 0'); // construct user filter if (isset($filter['user'])) { if ($filter['user']['all']) { if ($filter['user']['guests']) { $query = 'uploaduserid >= 0'; } else { $query = 'uploaduserid > 0'; } } elseif (count($filter['user']['ids']) == 1 && substr($filter['user']['ids'][0], 0, 5) == 'guest') { $query = 'uploaduserid = 0 AND sessionid = \'' . substr($filter['user']['ids'][0], 5) . '\''; } else { if ($filter['user']['guests']) { array_push($filter['user']['ids'], '0'); } if (count($filter['user']['ids']) == 1) { $query = 'uploaduserid = ' . $filter['user']['ids'][0]; } else { $query = 'uploaduserid in (' . implode(",", $filter['user']['ids']) . ')'; } } array_push($queries, $query); } // construct size filter if (isset($filter['size'])) { if (isset($filter['size']['lower']) && isset($filter['size']['upper'])) { $query = 'filesize > ' . $filter['size']['lower'] . ' AND filesize < ' . $filter['size']['upper']; } elseif (isset($filter['size']['lower'])) { $query = 'filesize > ' . $filter['size']['lower']; } else { $query = 'filesize < ' . $filter['size']['upper']; } array_push($queries, $query); } // construct date filter if (isset($filter['date'])) { if (isset($filter['date']['lower']) && isset($filter['date']['upper'])) { $query = 'uploadtime > ' . $filter['date']['lower'] . ' AND uploadtime < ' . $filter['date']['upper']; } elseif (isset($filter['date']['lower'])) { $query = 'uploadtime > ' . $filter['date']['lower']; } else { $query = 'uploadtime < ' . $filter['date']['upper']; } array_push($queries, $query); } // construct file pattern filter if (isset($filter['pattern'])) { $query = 'filepath REGEXP \'' . wfu_upload_plugin_wildcard_to_mysqlregexp($filter['pattern']) . '\''; array_push($queries, $query); } // construct page/post filter if (isset($filter['post'])) { if (count($filter['post']['ids']) == 1) { $query = 'pageid = ' . $filter['post']['ids'][0]; } else { $query = 'pageid in (' . implode(",", $filter['post']['ids']) . ')'; } array_push($queries, $query); } // construct blog filter if (isset($filter['blog'])) { if (count($filter['blog']['ids']) == 1) { $query = 'blogid = ' . $filter['blog']['ids'][0]; } else { $query = 'blogid in (' . implode(",", $filter['blog']['ids']) . ')'; } array_push($queries, $query); } // construct userdata filter if (isset($filter['userdata'])) { if ($filter['userdata']['criterion'] == "equal to") { $valuecriterion = 'propvalue = \'' . $filter['userdata']['value'] . '\''; } elseif ($filter['userdata']['criterion'] == "starts with") { $valuecriterion = 'propvalue LIKE \'' . $filter['userdata']['value'] . '%\''; } elseif ($filter['userdata']['criterion'] == "ends with") { $valuecriterion = 'propvalue LIKE \'%' . $filter['userdata']['value'] . '\''; } elseif ($filter['userdata']['criterion'] == "contains") { $valuecriterion = 'propvalue LIKE \'%' . $filter['userdata']['value'] . '%\''; } elseif ($filter['userdata']['criterion'] == "not equal to") { $valuecriterion = 'propvalue <> \'' . $filter['userdata']['value'] . '\''; } elseif ($filter['userdata']['criterion'] == "does not start with") { $valuecriterion = 'propvalue NOT LIKE \'' . $filter['userdata']['value'] . '%\''; } elseif ($filter['userdata']['criterion'] == "does not end with") { $valuecriterion = 'propvalue NOT LIKE \'%' . $filter['userdata']['value'] . '\''; } elseif ($filter['userdata']['criterion'] == "does not contain") { $valuecriterion = 'propvalue NOT LIKE \'%' . $filter['userdata']['value'] . '%\''; } else { $valuecriterion = 'propvalue = \'' . $filter['userdata']['value'] . '\''; } $query = 'uploadid in (SELECT DISTINCT uploadid FROM ' . $table_name2 . ' WHERE date_to = 0 AND property = \'' . $filter['userdata']['field'] . '\' AND ' . $valuecriterion . ')'; array_push($queries, $query); } $filerecs = $wpdb->get_results('SELECT * FROM ' . $table_name1 . ' WHERE ' . implode(' AND ', $queries)); $out = array(); foreach ($filerecs as $filerec) { $obsolete = true; //calculate full file path $filepath = wfu_path_rel2abs($filerec->filepath); if (file_exists($filepath)) { if ($plugin_options['hashfiles'] == '1') { $filehash = md5_file($filepath); if ($filehash == $filerec->filehash) { $obsolete = false; } } else { $filesize = filesize($filepath); if ($filesize == $filerec->filesize) { $obsolete = false; } } } if ($obsolete) { $now_date = date('Y-m-d H:i:s'); //make previous record obsolete $wpdb->update($table_name1, array('date_to' => $now_date), array('idlog' => $filerec->idlog), array('%s'), array('%d')); } else { $filerec->userdata = null; if ($filerec->uploadid != '') { $filerec->userdata = $wpdb->get_results('SELECT * FROM ' . $table_name2 . ' WHERE uploadid = \'' . $filerec->uploadid . '\' AND date_to = 0'); } array_push($out, $filerec); } } return $out; }
function wfu_edit_filedetails($file_code) { global $wpdb; $table_name2 = $wpdb->prefix . "wfu_userdata"; $user = wp_get_current_user(); $is_admin = current_user_can('manage_options'); //check if user is allowed to view file details if (!$is_admin) { return; } $file_code = wfu_sanitize_code($file_code); $dec_file = wfu_get_filepath_from_safe($file_code); if ($dec_file === false) { return; } $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file)); //check if user is allowed to perform this action if (!wfu_current_user_owes_file($dec_file)) { return; } //get file data from database with user data $filedata = wfu_get_file_rec($dec_file, true); if ($filedata == null) { return; } if (isset($_POST['submit'])) { if ($_POST['submit'] == "Update") { //check for errors $is_error = false; foreach ($filedata->userdata as $userdata) { if (!isset($_POST['wfu_filedetails_userdata_' . $userdata->propkey])) { $is_error = true; break; } } if (!$is_error) { $now_date = date('Y-m-d H:i:s'); $userdata_count = 0; foreach ($filedata->userdata as $userdata) { $userdata_count++; //make existing userdata record obsolete $wpdb->update($table_name2, array('date_to' => $now_date), array('uploadid' => $userdata->uploadid, 'propkey' => $userdata->propkey), array('%s'), array('%s', '%s')); //insert new userdata record $wpdb->insert($table_name2, array('uploadid' => $userdata->uploadid, 'property' => $userdata->property, 'propkey' => $userdata->propkey, 'propvalue' => $_POST['wfu_filedetails_userdata_' . $userdata->propkey], 'date_from' => $now_date, 'date_to' => 0), array('%s', '%s', '%d', '%s', '%s', '%s')); } if ($userdata_count > 0) { wfu_log_action('modify:' . $now_date, $dec_file, $user->ID, '', 0, 0, '', null); } } } } return true; }
function wfu_export_uploaded_files($params) { global $wpdb; $table_name1 = $wpdb->prefix . "wfu_log"; $table_name2 = $wpdb->prefix . "wfu_userdata"; $plugin_options = wfu_decode_plugin_options(get_option("wordpress_file_upload_options")); $contents = ""; $header = "Name,Path,Upload User,Upload Time,Size,Page ID,Blog ID,Shortcode ID,Upload ID,User Data"; $contents = $header; $filerecs = $wpdb->get_results('SELECT * FROM ' . $table_name1 . ' WHERE action <> \'other\' AND date_to = 0'); foreach ($filerecs as $filerec) { $obsolete = true; //calculate full file path $filepath = wfu_path_rel2abs($filerec->filepath); if (file_exists($filepath)) { if ($plugin_options['hashfiles'] == '1') { $filehash = md5_file($filepath); if ($filehash == $filerec->filehash) { $obsolete = false; } } else { $filesize = filesize($filepath); if ($filesize == $filerec->filesize) { $obsolete = false; } } } //export file data if file is not obsolete if (!$obsolete) { $username = wfu_get_username_by_id($filerec->uploaduserid); $filerec->userdata = $wpdb->get_results('SELECT * FROM ' . $table_name2 . ' WHERE uploadid = \'' . $filerec->uploadid . '\' AND date_to = 0'); $line = wfu_basename($filerec->filepath); $line .= "," . wfu_basedir($filerec->filepath); $line .= "," . $username; $line .= "," . ($filerec->uploadtime == null ? "" : date("Y-m-d H:i:s", $filerec->uploadtime)); $line .= "," . $filerec->filesize; $line .= "," . ($filerec->pageid == null ? "" : $filerec->pageid); $line .= "," . ($filerec->blogid == null ? "" : $filerec->blogid); $line .= "," . ($filerec->sid == null ? "" : $filerec->sid); $line .= "," . $filerec->uploadid; $line2 = ""; foreach ($filerec->userdata as $userdata) { if ($line2 != "") { $line2 .= ";"; } $line2 .= $userdata->property . ":" . str_replace(array("\n", "\r", "\r\n"), " ", $userdata->propvalue); } $line .= "," . $line2; $contents .= "\n" . $line; } } //create file $path = tempnam(sys_get_temp_dir(), 'wfu'); file_put_contents($path, $contents); return $path; }
function wfu_ajax_action_include_file() { $file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : ''); $nonce = isset($_POST['nonce']) ? $_POST['nonce'] : (isset($_GET['nonce']) ? $_GET['nonce'] : ''); if ($file_code == '' || $nonce == '') { die; } if (!current_user_can('manage_options')) { die; } //security check to avoid CSRF attacks if (!wp_verify_nonce($nonce, 'wfu_include_file')) { die; } $plugin_options = wfu_decode_plugin_options(get_option("wordpress_file_upload_options")); if ($plugin_options['includeotherfiles'] != "1") { die; } $file_code = wfu_sanitize_code($file_code); $dec_file = wfu_get_filepath_from_safe($file_code); if ($dec_file === false) { die; } $user = wp_get_current_user(); $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file)); $fileid = wfu_log_action('include', $dec_file, $user->ID, '', '', get_current_blog_id(), '', null); if ($fileid !== false) { die("wfu_include_file:success:" . $fileid); } else { die("wfu_include_file:fail:"); } }