public static function getPathSet( $manager = '') {
$group = PhocaDownloadSettings::getManagerGroup($manager);
// Params
$paramsC = JComponentHelper::getParams( 'com_phocadownload' );
// Folder where to stored files for download
$downloadFolder = $paramsC->get( 'download_folder', 'phocadownload' );
$downloadFolderPap = $paramsC->get( 'download_folder_pap', 'phocadownloadpap' );
// Absolute path which can be outside public_html - if this will be set, download folder will be ignored
$absolutePath = $paramsC->get( 'absolute_path', '' );
// Path of preview and play
$downloadFolderPap = JPath::clean($downloadFolderPap);
$path['orig_abs_pap'] = JPATH_ROOT . DS . $downloadFolderPap;
$path['orig_abs_pap_ds'] = $path['orig_abs_pap'] . DS ;
if ($group['f'] == 2) {
// Images
$path['orig_abs'] = JPATH_ROOT . DS . 'images' . DS . 'phocadownload' ;
$path['orig_abs_ds'] = $path['orig_abs'] . DS ;
$path['orig_abs_user_upload'] = $path['orig_abs'] . DS . 'userupload' ;
$path['orig_abs_user_upload_pap']= $path['orig_abs_pap'] . DS . 'userupload' ;
$path['orig_rel_ds'] = '../images/phocadownload/';
} else if ($group['f'] == 3) {
// Play and Preview
$path['orig_abs'] = $path['orig_abs_pap'];
$path['orig_abs_ds'] = $path['orig_abs_pap_ds'];
$path['orig_abs_user_upload'] = $path['orig_abs'] . DS . 'userupload' ;
$path['orig_abs_user_upload_pap']= $path['orig_abs_pap'] . DS . 'userupload' ;
$path['orig_rel_ds'] = '../'.str_replace('/', DS, JPath::clean($downloadFolderPap)).'/';
} else {
// Standard Path
if ($absolutePath != '') {
$downloadFolder = str_replace('/', DS, JPath::clean($absolutePath));
$path['orig_abs'] = str_replace('/', DS, JPath::clean($absolutePath));
$path['orig_abs_ds'] = JPath::clean($path['orig_abs'] . DS) ;
$path['orig_abs_user_upload'] = JPath::clean($path['orig_abs'] . DS . 'userupload') ;
$path['orig_abs_user_upload_pap']= JPath::clean($path['orig_abs_pap'] . DS . 'userupload') ;
//$downloadFolderRel = str_replace(DS, '/', JPath::clean($downloadFolder));
$path['orig_rel_ds'] = '';
} else {
$downloadFolder = str_replace('/', DS, JPath::clean($downloadFolder));
$path['orig_abs'] = JPATH_ROOT . DS . $downloadFolder ;
$path['orig_abs_ds'] = JPATH_ROOT . DS . $downloadFolder . DS ;
$path['orig_abs_user_upload'] = $path['orig_abs'] . DS . 'userupload' ;
$path['orig_abs_user_upload_pap']= $path['orig_abs_pap'] . DS . 'userupload' ;
$downloadFolderRel = str_replace(DS, '/', JPath::clean($downloadFolder));
$path['orig_rel_ds'] = '../' . $downloadFolderRel .'/';
}
}
return $path;
}
protected function getInput()
{
// Initialize variables.
$html = array();
// Manager
$managerOutput = $this->element['manager'] ? '&manager=' . (string) $this->element['manager'] : '';
$group = PhocaDownloadSettings::getManagerGroup((string) $this->element['manager']);
$textButton = 'COM_PHOCADOWNLOAD_FORM_SELECT_' . strtoupper($group['t']);
$link = 'index.php?option=com_phocadownload&view=phocadownloadmanager' . $group['c'] . $managerOutput . '&field=' . $this->id;
// Initialize some field attributes.
$attr = $this->element['class'] ? ' class="' . (string) $this->element['class'] . '"' : '';
$attr .= $this->element['size'] ? ' size="' . (int) $this->element['size'] . '"' : '';
// Initialize JavaScript field attributes.
$onchange = (string) $this->element['onchange'];
// Load the modal behavior script.
JHtml::_('behavior.modal', 'a.modal_' . $this->id);
// If external image, we don't need the filename will be required
$extId = (int) $this->form->getValue('extid');
if ($extId > 0) {
$readonly = ' readonly="readonly"';
return '<input type="text" name="' . $this->name . '" id="' . $this->id . '" value="-" ' . $attr . $readonly . ' />';
}
// Build the script.
$script = array();
$script[] = ' function phocaSelectFileName_' . $this->id . '(title) {';
$script[] = ' document.getElementById("' . $this->id . '_id").value = title;';
$script[] = ' ' . $onchange;
$script[] = ' SqueezeBox.close();';
$script[] = ' }';
// Add the script to the document head.
JFactory::getDocument()->addScriptDeclaration(implode("\n", $script));
/*$html[] = '<div class="fltlft">';
$html[] = ' <input type="text" id="'.$this->id.'_id" name="'.$this->name.'" value="'. $this->value.'"' .
' '.$attr.' />';
$html[] = '</div>';
// Create the user select button.
$html[] = '<div class="button2-left">';
$html[] = ' <div class="blank">';
$html[] = ' <a class="modal_'.$this->id.'" title="'.JText::_($textButton).'"' .
' href="'.($this->element['readonly'] ? '' : $link).'"' .
' rel="{handler: \'iframe\', size: {x: 780, y: 560}}">';
$html[] = ' '.JText::_($textButton).'</a>';
$html[] = ' </div>';
$html[] = '</div>';*/
$html[] = '<div class="input-append">';
$html[] = '<input type="text" id="' . $this->id . '_id" name="' . $this->name . '" value="' . $this->value . '"' . ' ' . $attr . ' />';
$html[] = '<a class="modal_' . $this->id . ' btn" title="' . JText::_($textButton) . '"' . ' href="' . ($this->element['readonly'] ? '' : $link) . '"' . ' rel="{handler: \'iframe\', size: {x: 780, y: 560}}">' . JText::_($textButton) . '</a>';
$html[] = '</div>' . "\n";
return implode("\n", $html);
}
{pdfiledate}
{pddownloads}
{pddescription}
{pdfeatures}
{pdchangelog}
{pdnotes}
<div class="pd-mirrors">{pdmirrorlink2} {pdmirrorlink1}</div>
<div class="pd-report">{pdreportlink}</div>
<div class="pd-rating">{pdrating}</div>
<div class="pd-tags">{pdtags}</div>
<div class="pd-cb"></div>
</div>';*/
$fileLayout = PhocaDownloadSettings::getLayoutText('file');
$fileLayoutParams = PhocaDownloadSettings::getLayoutParams('file');
$replace = array($pdTitle, $pdImage, $pdFile, $pdFileSize, $pdVersion, $pdLicense, $pdAuthor, $pdAuthorEmail, $pdFileDate, $pdDownloads, $pdDescription, $pdFeatures, $pdChangelog, $pdNotes, $pdMirrorLink1, $pdMirrorLink2, $pdReportLink, $pdRating, $pdTags, $pdVideo);
$output = str_replace($fileLayoutParams['search'], $replace, $fileLayout);
echo $output;
}
// ---------------------------------------------------
$o = '<div class="pd-cb"> </div>';
if ((int)$v->confirm_license > 0) {
$o .= '<h4 class="pdfv-confirm-lic-text">'.JText::_('COM_PHOCADOWNLOAD_LICENSE_AGREEMENT').'</h4>';
$o .= '<div id="phoca-dl-license" style="height:'.(int)$this->t['licenseboxheight'].'px">'.$v->licensetext.'</div>';
if ($pdDesc != '') {
echo '<li class="description">' . $pdDesc . '</li>';
}
echo $pdSubcategories;
echo '</ul>';
echo '</div>';
echo $pdClear;
} else {
$categoriesLayout = PhocaDownloadSettings::getLayoutText('categories');
/*'<div class="pd-categoriesbox">
<div class="pd-title">{pdtitle}</div>
{pdsubcategories}
{pdclear}
</div>';
//<div class="pd-desc">{pdDescription}</div>*/
$categoriesLayoutParams = PhocaDownloadSettings::getLayoutParams('categories');
$replace = array($pdTitle, $pdDesc, $pdSubcategories, $pdClear);
$output = str_replace($categoriesLayoutParams['search'], $replace, $categoriesLayout);
echo $output;
}
}
}
}
//echo '</div>';
echo '<div class="pd-cb"></div>';
// - - - - - - - - - -
// Most viewed docs (files)
// - - - - - - - - - -
$outputFile = '';
if (!empty($this->t['mostvieweddocs']) && $this->t['displaymostdownload'] == 1) {
$l = new PhocaDownloadLayout();
public static function download($fileData, $downloadId, $currentLink, $type = 0)
{
$app = JFactory::getApplication();
$params = $app->getParams();
$directLink = $fileData['directlink'];
// Direct Link 0 or 1
$externalLink = $fileData['externallink'];
$absOrRelFile = $fileData['file'];
// Relative Path or Absolute Path
// Type = 1 - Token - unique download link - cannot be direct
if ($type == 1) {
$directLink = 0;
}
// NO FILES FOUND (abs file)
$error = false;
$error = preg_match("/COM_PHOCADOWNLOAD_ERROR/i", $absOrRelFile);
if ($error) {
$msg = JText::_('COM_PHOCADOWNLOAD_ERROR_WHILE_DOWNLOADING_FILE') . ' ' . JText::_($absOrRelFile);
$app->redirect(JRoute::_($currentLink), $msg);
} else {
// Get extensions
$extension = JFile::getExt(strtolower($absOrRelFile));
$aft = $params->get('allowed_file_types_download', PhocaDownloadSettings::getDefaultAllowedMimeTypesDownload());
$dft = $params->get('disallowed_file_types_download', '');
// Get Mime from params ( ext --> mime)
$allowedMimeType = PhocaDownloadFile::getMimeType($extension, $aft);
$disallowedMimeType = PhocaDownloadFile::getMimeType($extension, $dft);
// NO MIME FOUND
$errorAllowed = false;
// !!! IF YES - Disallow Downloading
$errorDisallowed = false;
// !!! IF YES - Allow Downloading
$errorAllowed = preg_match("/PhocaError/i", $allowedMimeType);
$errorDisallowed = preg_match("/PhocaError/i", $disallowedMimeType);
$ignoreDownloadCheck = $params->get('ignore_file_types_check', 2);
if ($ignoreDownloadCheck == 3 || $ignoreDownloadCheck == 4 || $ignoreDownloadCheck == 5) {
$errorAllowed = false;
$errorDisallowed = true;
}
if ($errorAllowed) {
$msg = JText::_('COM_PHOCADOWNLOAD_WARNFILETYPE_DOWNLOAD');
$app->redirect(JRoute::_($currentLink), $msg);
} else {
if (!$errorDisallowed) {
$msg = JText::_('COM_PHOCADOWNLOAD_WARNFILETYPE_DISALLOWED_DOWNLOAD');
$app->redirect(JRoute::_($currentLink), $msg);
} else {
if ($directLink == 1) {
// Direct Link on the same server
$fileWithoutPath = basename($absOrRelFile);
$addHit = self::hit($downloadId);
if ($type == 1) {
self::hitToken($downloadId);
}
if ((int) $params->get('send_mail_download', 0) > 0) {
PhocaDownloadMail::sendMail((int) $params->get('send_mail_download', 0), $fileWithoutPath, 1);
}
// USER Statistics
if ((int) $params->get('enable_user_statistics', 1) == 1) {
$addUserStat = PhocaDownloadStat::createUserStatEntry($downloadId);
}
PhocaDownloadLog::log($downloadId, 1);
$app->redirect($absOrRelFile);
exit;
} else {
if ($directLink == 0 && $externalLink != '') {
// External Link but with redirect
// In case there is directLink the external Link does not go this way but directly to the external URL
$addHit = self::hit($downloadId);
if ($type == 1) {
self::hitToken($downloadId);
}
if ((int) $params->get('send_mail_download', 0) > 0) {
PhocaDownloadMail::sendMail((int) $params->get('send_mail_download', 0), $externalLink, 1);
}
// USER Statistics
if ((int) $params->get('enable_user_statistics', 1) == 1) {
$addUserStat = PhocaDownloadStat::createUserStatEntry($downloadId);
}
PhocaDownloadLog::log($downloadId, 1);
$app->redirect($externalLink);
exit;
} else {
// Clears file status cache
clearstatcache();
$fileWithoutPath = basename($absOrRelFile);
$fileSize = filesize($absOrRelFile);
$mimeType = '';
$mimeType = $allowedMimeType;
// HIT Statistics
$addHit = self::hit($downloadId);
if ($type == 1) {
self::hitToken($downloadId);
}
if ((int) $params->get('send_mail_download', 0) > 0) {
PhocaDownloadMail::sendMail((int) $params->get('send_mail_download', 0), $fileWithoutPath, 1);
}
// USER Statistics
if ((int) $params->get('enable_user_statistics', 1) == 1) {
$addUserStat = PhocaDownloadStat::createUserStatEntry($downloadId);
}
PhocaDownloadLog::log($downloadId, 1);
if ($fileSize == 0) {
die(JText::_('COM_PHOCADOWNLOAD_FILE_SIZE_EMPTY'));
exit;
}
// Clean the output buffer
ob_end_clean();
// test for protocol and set the appropriate headers
jimport('joomla.environment.uri');
$_tmp_uri = JURI::getInstance(JURI::current());
$_tmp_protocol = $_tmp_uri->getScheme();
if ($_tmp_protocol == "https") {
// SSL Support
header('Cache-Control: private, max-age=0, must-revalidate, no-store');
} else {
header("Cache-Control: public, must-revalidate");
header('Cache-Control: pre-check=0, post-check=0, max-age=0');
header("Pragma: no-cache");
header("Expires: 0");
}
/* end if protocol https */
header("Content-Description: File Transfer");
header("Expires: Sat, 30 Dec 1990 07:07:07 GMT");
header("Accept-Ranges: bytes");
// HTTP Range
/* $httpRange = 0;
if(isset($_SERVER['HTTP_RANGE'])) {
list($a, $httpRange) = explode('=', $_SERVER['HTTP_RANGE']);
str_replace($httpRange, '-', $httpRange);
$newFileSize = $fileSize - 1;
$newFileSizeHR = $fileSize - $httpRange;
header("HTTP/1.1 206 Partial Content");
header("Content-Length: ".(string)$newFileSizeHR);
header("Content-Range: bytes ".$httpRange . $newFileSize .'/'. $fileSize);
} else {
$newFileSize = $fileSize - 1;
header("Content-Length: ".(string)$fileSize);
header("Content-Range: bytes 0-".$newFileSize . '/'.$fileSize);
}
header("Content-Type: " . (string)$mimeType);
header('Content-Disposition: attachment; filename="'.$fileWithoutPath.'"');
header("Content-Transfer-Encoding: binary\n");*/
// Modified by Rene
// HTTP Range - see RFC2616 for more informations (http://www.ietf.org/rfc/rfc2616.txt)
$httpRange = 0;
$newFileSize = $fileSize - 1;
// Default values! Will be overridden if a valid range header field was detected!
$resultLenght = (string) $fileSize;
$resultRange = "0-" . $newFileSize;
// We support requests for a single range only.
// So we check if we have a range field. If yes ensure that it is a valid one.
// If it is not valid we ignore it and sending the whole file.
if (isset($_SERVER['HTTP_RANGE']) && preg_match('%^bytes=\\d*\\-\\d*$%', $_SERVER['HTTP_RANGE'])) {
// Let's take the right side
list($a, $httpRange) = explode('=', $_SERVER['HTTP_RANGE']);
// and get the two values (as strings!)
$httpRange = explode('-', $httpRange);
// Check if we have values! If not we have nothing to do!
if (!empty($httpRange[0]) || !empty($httpRange[1])) {
// We need the new content length ...
$resultLenght = $fileSize - $httpRange[0] - $httpRange[1];
// ... and we can add the 206 Status.
header("HTTP/1.1 206 Partial Content");
// Now we need the content-range, so we have to build it depending on the given range!
// ex.: -500 -> the last 500 bytes
if (empty($httpRange[0])) {
$resultRange = $resultLenght . '-' . $newFileSize;
} elseif (empty($httpRange[1])) {
$resultRange = $httpRange[0] . '-' . $newFileSize;
} else {
$resultRange = $httpRange[0] . '-' . $httpRange[1];
}
//header("Content-Range: bytes ".$httpRange . $newFileSize .'/'. $fileSize);
}
}
header("Content-Length: " . $resultLenght);
header("Content-Range: bytes " . $resultRange . '/' . $fileSize);
header("Content-Type: " . (string) $mimeType);
header('Content-Disposition: attachment; filename="' . $fileWithoutPath . '"');
header("Content-Transfer-Encoding: binary\n");
// TEST TEMP SOLUTION
ob_end_clean();
//@readfile($absOrRelFile);
// Try to deliver in chunks
@set_time_limit(0);
$fp = @fopen($absOrRelFile, 'rb');
if ($fp !== false) {
while (!feof($fp)) {
echo fread($fp, 8192);
}
fclose($fp);
} else {
@readfile($absOrRelFile);
}
flush();
exit;
/*
http://www.phoca.cz/forum/viewtopic.php?f=31&t=11811
$fp = @fopen($absOrRelFile, 'rb');
// HTTP Range - see RFC2616 for more informations (http://www.ietf.org/rfc/rfc2616.txt)
$newFileSize = $fileSize - 1;
// Default values! Will be overridden if a valid range header field was detected!
$rangeStart = 0;
$rangeEnd = 0;
$resultLength = $fileSize;
// We support requests for a single range only.
// So we check if we have a range field. If yes ensure that it is a valid one.
// If it is not valid we ignore it and sending the whole file.
if ($fp && isset($_SERVER['HTTP_RANGE']) && preg_match('%^bytes=\d*\-\d*$%', $_SERVER['HTTP_RANGE'])) {
// Let's take the right side
list($a, $httpRange) = explode('=', $_SERVER['HTTP_RANGE']);
// and get the two values (as strings!)
$httpRange = explode('-', $httpRange);
// Check if we have values! If not we have nothing to do!
if (sizeof($httpRange) == 2) {
// Explictly convert to int
$rangeStart = intval($httpRange[0]);
$rangeEnd = intval($httpRange[1]); // Allowed to be empty == 0
if (($rangeStart || $rangeEnd) // something actually set?
&& $rangeStart < $fileSize // must be smaller
&& $rangeEnd < $fileSize // must be smaller
&& (!$rangeEnd || $rangeEnd > $rangeStart) // end > start, if end is set
) {
header("HTTP/1.1 206 Partial Content");
if (!$rangeEnd) {
$resultLength = $fileSize - $rangeStart;
$range = $rangeStart . "-" . ($fileSize - 1) . "/" . $fileSize;
} else {
$resultLength = ($rangeEnd - $rangeStart 1);
$range = $rangeStart . "-" . $rangeEnd . "/" . $fileSize;
}
header("Content-Range: bytes " . $range);
} else {
// Didn't validate: kill
$rangeStart = 0;
$rangeEnd = 0;
}
}
}
header("Content-Length: ". $resultLength);
header("Content-Type: " . (string)$mimeType);
header('Content-Disposition: attachment; filename="'.$fileWithoutPath.'"');
header("Content-Transfer-Encoding: binary\n");
@@ -211,13 +198,25 @@ class PhocaDownloadAccessFront
// Try to deliver in chunks
@set_time_limit(0);
if ($fp !== false) {
if ($rangeStart) {
// Need to pass only part of the file, starting at $rangeStart
fseek($fp, $rangeStart, SEEK_SET);
}
// If $rangeEnd is open ended (0, whole file from $rangeStart) try fpassthru,
// else send in small chunks
if ($rangeEnd || @!fpassthru($fp)) {
while ($resultLength > 0 && !feof($fp)) {
// 4 * 1460 (default MSS with ethernet 1500 MTU)
// This is optimized for network packets, not disk access
$bytes = min(5840, $resultLength);
echo fread($fp, $bytes);
$resultLength = $resultLength - $bytes;
}
}
fclose($fp);
} else {
// Ranges are disabled at this point and were never set up
@readfile($absOrRelFile);
}
flush();
exit;
*/
}
}
}
}
}
return false;
}
public static function canUpload( $file, &$err, $manager = '', $frontEnd = 0, $chunkEnabled = 0, $realSize = 0) {
$paramsC = JComponentHelper::getParams( 'com_phocadownload' );
if ($frontEnd == 1) {
$aft = $paramsC->get( 'allowed_file_types_upload', PhocaDownloadSettings::getDefaultAllowedMimeTypesUpload() );
$dft = $paramsC->get( 'disallowed_file_types_upload', '' );
$allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft);
$disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft);
$ignoreUploadCh = 0;
$ignoreUploadCheck = $params->get( 'ignore_file_types_check', 2 );
if ($ignoreUploadCheck == 1 || $ignoreUploadCheck == 4 ) {
$ignoreUploadCh = 1;
}
} else {
$aft = $paramsC->get( 'allowed_file_types_download', PhocaDownloadSettings::getDefaultAllowedMimeTypesDownload() );
$dft = $paramsC->get( 'disallowed_file_types_download', '' );
$allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft);
$disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft);
$ignoreUploadCh = 0;
$ignoreUploadCheck = $paramsC->get( 'ignore_file_types_check', 2 );
if ($ignoreUploadCheck == 5 || $ignoreUploadCheck == 5 ) {
$ignoreUploadCh = 1;
}
}
$paramsL = array();
$group = PhocaDownloadSettings::getManagerGroup($manager);
if ($group['f'] == 2) {
$paramsL['upload_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['image_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['upload_mime'] = 'image/jpeg,image/gif,image/png';
$paramsL['upload_mime_illegal'] ='application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html';
$paramsL['upload_ext_illegal'] = $disallowedMimeType['ext'];
} else {
$paramsL['upload_extensions'] = $allowedMimeType['ext'];
$paramsL['image_extensions'] = 'bmp,gif,jpg,png,jpeg';
$paramsL['upload_mime'] = $allowedMimeType['mime'];
$paramsL['upload_mime_illegal'] = $disallowedMimeType['mime'];
$paramsL['upload_ext_illegal'] = $disallowedMimeType['ext'];
}
// The file doesn't exist
if(empty($file['name'])) {
$err = 'COM_PHOCADOWNLOAD_WARNING_INPUT_FILE_UPLOAD';
return false;
}
// Not safe file
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = 'COM_PHOCADOWNLOAD_WARNFILENAME';
return false;
}
$format = strtolower(JFile::getExt($file['name']));
if ($ignoreUploadCh == 1) {
} else {
$allowable = explode( ',', $paramsL['upload_extensions']);
$notAllowable = explode( ',', $paramsL['upload_ext_illegal']);
if(in_array($format, $notAllowable)) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_DISALLOWED';
return false;
}
//if (!in_array($format, $allowable)) {
if ($format == '' || $format == false || (!in_array($format, $allowable))) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_NOT_ALLOWED';
return false;
}
}
// Max size of image
// If chunk method is used, we need to get computed size
$maxSize = $paramsC->get( 'upload_maxsize', 3145728 );
if ((int)$frontEnd > 0) {
$maxSize = $paramsC->get( 'user_file_upload_size', 3145728 );
} else {
$maxSize = $paramsC->get( 'upload_maxsize', 3145728 );
}
if ($chunkEnabled == 1) {
if ((int)$maxSize > 0 && (int)$realSize > (int)$maxSize) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE';
return false;
}
} else {
if ((int)$maxSize > 0 && (int)$file['size'] > (int)$maxSize) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE';
return false;
}
}
// User (only in ucp) - Check the size of all files by users
if ($frontEnd == 2) {
$user = JFactory::getUser();
$maxUserUploadSize = (int)$paramsC->get( 'user_files_max_size', 20971520 );
$maxUserUploadCount = (int)$paramsC->get( 'user_files_max_count', 5 );
$allFile = PhocaDownloadUser:: getUserFileInfo($file, $user->id);
if ($chunkEnabled == 1) {
$fileSize = $realSize;
} else {
$fileSize = $file['size'];
}
if ((int)$maxUserUploadSize > 0 && (int) $allFile['size'] > $maxUserUploadSize) {
$err = JText::_('COM_PHOCADOWNLOAD_WARNUSERFILESTOOLARGE');
return false;
}
if ((int) $allFile['count'] > $maxUserUploadCount) {
$err = JText::_('COM_PHOCADOWNLOAD_WARNUSERFILESTOOMUCH');
return false;
}
}
// Image check
$imginfo = null;
$images = explode( ',', $paramsL['image_extensions']);
if(in_array($format, $images)) { // if its an image run it through getimagesize
$group = PhocaDownloadSettings::getManagerGroup($manager);
if($group['i'] == 1) {
if ($chunkEnabled != 1) {
if(($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDIMG';
$err = $imginfo[0];
return false;
}
}
}
} else if(!in_array($format, $images)) { // if its not an image...and we're not ignoring it
$allowed_mime = explode(',', $paramsL['upload_mime']);
$illegal_mime = explode(',', $paramsL['upload_mime_illegal']);
if(function_exists('finfo_open')) {// We have fileinfo
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, $file['tmp_name']);
if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDMIME';
return false;
}
finfo_close($finfo);
} else if(function_exists('mime_content_type')) { // we have mime magic
$type = mime_content_type($file['tmp_name']);
if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDMIME';
return false;
}
}
}
// XSS Check
$xss_check = JFile::read($file['tmp_name'],false,256);
$html_tags = PhocaDownloadSettings::getHTMLTagsUpload();
foreach($html_tags as $tag) { // A tag is '<tagname ', so we need to add < and a space or '<tagname>'
if(stristr($xss_check, '<'.$tag.' ') || stristr($xss_check, '<'.$tag.'>')) {
$err = 'COM_PHOCADOWNLOAD_WARNIEXSS';
return false;
}
}
return true;
}
<?php
defined('_JEXEC') or die('Restricted access');
$group = PhocaDownloadSettings::getManagerGroup($this->manager);
$link = 'index.php?option=' . $this->t['o'] . '&view=' . $this->t['task'] . '&manager=' . $this->manager . $group['c'] . '&folder=' . $this->folderstate->parent . '&field=' . $this->field;
echo '<tr><td> </td>' . '<td class="ph-img-table">' . '<a href="' . $link . '" >' . JHTML::_('image', $this->t['i'] . 'icon-16-up.png', '') . '</a>' . '</td>' . '<td><a href="' . $link . '" >..</a></td>' . '</tr>';
public function display($tpl = null)
{
$this->t = PhocaDownloadUtils::setVars('manager');
$this->field = JRequest::getVar('field');
$this->fce = 'phocaSelectFileName_' . $this->field;
JHTML::stylesheet($this->t['s']);
$this->folderstate = $this->get('FolderState');
$this->files = $this->get('Files');
$this->folders = $this->get('Folders');
$this->session = JFactory::getSession();
$this->manager = JRequest::getVar('manager', '', '', 'file');
if ($this->manager == 'filemultiple') {
$this->form = $this->get('Form');
}
$params = JComponentHelper::getParams($this->t['o']);
$this->t['multipleuploadchunk'] = $params->get('multiple_upload_chunk', 0);
$this->t['uploadmaxsize'] = $params->get('upload_maxsize', 3145728);
$this->t['uploadmaxsizeread'] = PhocaDownloadFile::getFileSizeReadable($this->t['uploadmaxsize']);
$this->t['enablemultiple'] = $params->get('enable_multiple_upload_admin', 0);
$this->t['multipleuploadmethod'] = $params->get('multiple_upload_method', 1);
$this->currentFolder = '';
if (isset($this->folderstate->folder) && $this->folderstate->folder != '') {
$this->currentFolder = $this->folderstate->folder;
}
// - - - - - - - - - -
//TABS
// - - - - - - - - - -
$this->t['tab'] = JRequest::getVar('tab', '', '', 'string');
$this->t['displaytabs'] = 0;
// UPLOAD
$this->t['currenttab']['upload'] = $this->t['displaytabs'];
$this->t['displaytabs']++;
// MULTIPLE UPLOAD
if ((int) $this->t['enablemultiple'] >= 0) {
$this->t['currenttab']['multipleupload'] = $this->t['displaytabs'];
$this->t['displaytabs']++;
}
$group = PhocaDownloadSettings::getManagerGroup($this->manager);
// - - - - - - - - - - -
// Upload
// - - - - - - - - - - -
$sU = new PhocaDownloadFileUploadSingle();
$sU->returnUrl = 'index.php?option=com_phocadownload&view=phocadownloadmanager&tab=upload' . str_replace('&', '&', $group['c']) . '&manager=' . $this->manager . '&field=' . $this->field . '&folder=' . $this->currentFolder;
$sU->tab = 'upload';
$this->t['su_output'] = $sU->getSingleUploadHTML();
$this->t['su_url'] = JURI::base() . 'index.php?option=com_phocadownload&task=phocadownloadupload.upload&' . $this->session->getName() . '=' . $this->session->getId() . '&' . JSession::getFormToken() . '=1&viewback=phocadownloadmanager&manager=' . $this->manager . '&field=' . $this->field . '&' . 'folder=' . $this->currentFolder . '&tab=upload';
// - - - - - - - - - - -
// Multiple Upload
// - - - - - - - - - - -
// Get infos from multiple upload
$muFailed = JRequest::getVar('mufailed', '0', '', 'int');
$muUploaded = JRequest::getVar('muuploaded', '0', '', 'int');
$this->t['mu_response_msg'] = $muUploadedMsg = '';
if ($muUploaded > 0) {
$muUploadedMsg = JText::_('COM_PHOCADOWNLOAD_COUNT_UPLOADED_FILE') . ': ' . $muUploaded;
}
if ($muFailed > 0) {
$muFailedMsg = JText::_('COM_PHOCADOWNLOAD_COUNT_NOT_UPLOADED_FILE') . ': ' . $muFailed;
}
if ($muFailed > 0 && $muUploaded > 0) {
$this->t['mu_response_msg'] = '<div class="alert alert-info">' . '<button type="button" class="close" data-dismiss="alert">×</button>' . JText::_('COM_PHOCADOWNLOAD_COUNT_UPLOADED_FILE') . ': ' . $muUploaded . '<br />' . JText::_('COM_PHOCADOWNLOAD_COUNT_NOT_UPLOADED_FILE') . ': ' . $muFailed . '</div>';
} else {
if ($muFailed > 0 && $muUploaded == 0) {
$this->t['mu_response_msg'] = '<div class="alert alert-error">' . '<button type="button" class="close" data-dismiss="alert">×</button>' . JText::_('COM_PHOCADOWNLOAD_COUNT_NOT_UPLOADED_FILE') . ': ' . $muFailed . '</div>';
} else {
if ($muFailed == 0 && $muUploaded > 0) {
$this->t['mu_response_msg'] = '<div class="alert alert-success">' . '<button type="button" class="close" data-dismiss="alert">×</button>' . JText::_('COM_PHOCADOWNLOAD_COUNT_UPLOADED_FILE') . ': ' . $muUploaded . '</div>';
} else {
$this->t['mu_response_msg'] = '';
}
}
}
if ((int) $this->t['enablemultiple'] >= 0) {
PhocadownloadFileUploadMultiple::renderMultipleUploadLibraries();
$mU = new PhocaDownloadFileUploadMultiple();
$mU->frontEnd = 0;
$mU->method = $this->t['multipleuploadmethod'];
$mU->url = JURI::base() . 'index.php?option=com_phocadownload&task=phocadownloadupload.multipleupload&' . $this->session->getName() . '=' . $this->session->getId() . '&' . JSession::getFormToken() . '=1&tab=multipleupload&manager=' . $this->manager . '&field=' . $this->field . '&folder=' . $this->currentFolder;
$mU->reload = JURI::base() . 'index.php?option=com_phocadownload&view=phocadownloadmanager' . str_replace('&', '&', $group['c']) . '&' . $this->session->getName() . '=' . $this->session->getId() . '&' . JSession::getFormToken() . '=1&tab=multipleupload&' . 'manager=' . $this->manager . '&field=' . $this->field . '&folder=' . $this->currentFolder;
$mU->maxFileSize = PhocadownloadFileUploadMultiple::getMultipleUploadSizeFormat($this->t['uploadmaxsize']);
$mU->chunkSize = '1mb';
$mU->renderMultipleUploadJS(0, $this->t['multipleuploadchunk']);
$this->t['mu_output'] = $mU->getMultipleUploadHTML();
}
$this->t['ftp'] = !JClientHelper::hasCredentials('ftp');
$this->t['path'] = PhocaDownloadPath::getPathSet($this->manager);
$this->addToolbar();
parent::display($tpl);
echo JHTML::_('behavior.keepalive');
}
function getList()
{
static $list;
//Params
$params = JComponentHelper::getParams('com_phocadownload');
// Only process the list once per request
if (is_array($list)) {
return $list;
}
// Get current path from request
$current = $this->getState('folder');
// If undefined, set to empty
if ($current == 'undefined') {
$current = '';
}
// File Manager, Icon Manager
$manager = $this->getState('manager');
if ($manager == 'undefined') {
$manager = '';
}
$path = PhocaDownloadPath::getPathSet($manager);
$group = PhocaDownloadSettings::getManagerGroup($manager);
//$path = PhocaDownloadPath::getPathSet();
// Initialize variables
if (strlen($current) > 0) {
$orig_path = $path['orig_abs_ds'] . $current;
} else {
$orig_path = $path['orig_abs_ds'];
}
$orig_path_server = str_replace(DS, '/', $path['orig_abs'] . '/');
// Absolute Path defined by user
$absolutePath = $params->get('absolute_path', '');
$absolutePath = str_replace(DS, '/', $absolutePath);
// Be aware - absolute path is not set for images folder and for preview and play folder - see documentation
if ($absolutePath != '' && $group['f'] == 1) {
$orig_path_server = str_replace(DS, '/', JPath::clean($absolutePath . '/'));
//$absolutePath ;
}
$files = array();
$folders = array();
// Get the list of files and folders from the given folder
$file_list = JFolder::files($orig_path);
$folder_list = JFolder::folders($orig_path, '', false, false, array());
// Iterate over the files if they exist
//file - abc.img, file_no - folder/abc.img
if ($file_list !== false) {
foreach ($file_list as $file) {
if (is_file($orig_path . DS . $file) && substr($file, 0, 1) != '.' && strtolower($file) !== 'index.html') {
$tmp = new JObject();
$tmp->name = basename($file);
$tmp->path_with_name = str_replace(DS, '/', JPath::clean($orig_path . DS . $file));
$tmp->path_without_name_relative = $path['orig_rel_ds'] . str_replace($orig_path_server, '', $tmp->path_with_name);
$tmp->path_with_name = str_replace(DS, '/', JPath::clean($orig_path . DS . $file));
$tmp->path_with_name_relative_no = str_replace($orig_path_server, '', $tmp->path_with_name);
$files[] = $tmp;
}
}
}
// Iterate over the folders if they exist
if ($folder_list !== false) {
foreach ($folder_list as $folder) {
$tmp = new JObject();
$tmp->name = basename($folder);
$tmp->path_with_name = str_replace(DS, '/', JPath::clean($orig_path . DS . $folder));
$tmp->path_without_name_relative = $path['orig_rel_ds'] . str_replace($orig_path_server, '', $tmp->path_with_name);
$tmp->path_with_name_relative_no = str_replace($orig_path_server, '', $tmp->path_with_name);
$folders[] = $tmp;
}
}
$list = array('folders' => $folders, 'files' => $files);
return $list;
}
function createfolder()
{
$app = JFactory::getApplication();
// Check for request forgeries
JRequest::checkToken() or jexit('COM_PHOCADOWNLOAD_INVALID_TOKEN');
// Set FTP credentials, if given
jimport('joomla.client.helper');
JClientHelper::setCredentialsFromRequest('ftp');
$paramsC = JComponentHelper::getParams('com_phocadownload');
$folder_permissions = $paramsC->get('folder_permissions', 0755);
//$folder_permissions = octdec((int)$folder_permissions);
$folderNew = JRequest::getCmd('foldername', '');
$folderCheck = JRequest::getVar('foldername', null, '', 'string', JREQUEST_ALLOWRAW);
$parent = JRequest::getVar('folderbase', '', '', 'path');
$tab = JRequest::getVar('tab', 0, '', 'string');
$field = JRequest::getVar('field');
$viewBack = JRequest::getVar('viewback', '', '', 'phocadownloadmanager');
$manager = JRequest::getVar('manager', 'file', '', 'string');
$link = '';
if ($manager != '') {
$group = PhocaDownloadSettings::getManagerGroup($manager);
$link = 'index.php?option=com_phocadownload&view=' . (string) $viewBack . '&manager=' . (string) $manager . str_replace('&', '&', $group['c']) . '&folder=' . $parent . '&tab=' . (string) $tab . '&field=' . $field;
$path = PhocaDownloadPath::getPathSet($manager);
// we use viewback to get right path
} else {
$app->enqueueMessage(JText::_('COM_PHOCADOWNLOAD_ERROR_CONTROLLER_MANAGER_NOT_SET'));
$app->redirect('index.php?option=com_phocadownload');
exit;
}
JRequest::setVar('folder', $parent);
if ($folderCheck !== null && $folderNew !== $folderCheck) {
$app->enqueueMessage(JText::_('COM_PHOCADOWNLOAD_WARNING_DIRNAME'));
$app->redirect($link);
}
if (strlen($folderNew) > 0) {
$folder = JPath::clean($path['orig_abs_ds'] . $parent . DS . $folderNew);
if (!JFolder::exists($folder) && !JFile::exists($folder)) {
//JFolder::create($path, $folder_permissions );
switch ((int) $folder_permissions) {
case 777:
JFolder::create($folder, 0777);
break;
case 705:
JFolder::create($folder, 0705);
break;
case 666:
JFolder::create($folder, 0666);
break;
case 644:
JFolder::create($folder, 0644);
break;
case 755:
default:
JFolder::create($folder, 0755);
break;
}
if (isset($folder)) {
$data = "<html>\n<body bgcolor=\"#FFFFFF\">\n</body>\n</html>";
JFile::write($folder . DS . "index.html", $data);
} else {
$app->redirect($link, JText::_('COM_PHOCADOWNLOAD_ERROR_FOLDER_CREATING'));
}
$app->redirect($link, JText::_('COM_PHOCADOWNLOAD_SUCCESS_FOLDER_CREATING'));
} else {
$app->redirect($link, JText::_('COM_PHOCADOWNLOAD_ERROR_FOLDER_CREATING_EXISTS'));
}
//JRequest::setVar('folder', ($parent) ? $parent.'/'.$folder : $folder);
}
$app->redirect($link);
}
