/**
* Upload files
*
* @since 1.0
*/
function upload()
{
// Check for request forgeries
JRequest::checkToken('request') or jexit('Invalid Token');
$user = JFactory::getUser();
$app = JFactory::getApplication();
$task = JRequest::getVar('task');
// calculate access
$canupload = $user->authorise('flexicontent.uploadfiles', 'com_flexicontent');
$is_authorised = $canupload;
// check access
if (!$is_authorised) {
if ($task == 'uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "' . JText::_('FLEXI_ALERTNOTAUTH') . '"}, "id" : "id"}');
} else {
JError::raiseNotice(403, JText::_('FLEXI_ALERTNOTAUTH'));
$this->setRedirect('index.php?option=com_flexicontent&view=filemanager', '');
}
return;
}
$option = JRequest::getVar('option');
if ($task == 'uploads') {
$file = JRequest::getVar('file', '', 'files', 'array');
} else {
// Default field <input type="file" is name="Filedata" ... get the file
$ffname = JRequest::getCmd('file-ffname', 'Filedata', 'post');
$file = JRequest::getVar($ffname, '', 'files', 'array');
// Refactor the array swapping positions
$file = $this->refactorFilesArray($file);
// Get nested position, and reach the final file data array
$fname_level1 = JRequest::getCmd('fname_level1', null, 'post');
$fname_level2 = JRequest::getCmd('fname_level2', null, 'post');
$fname_level3 = JRequest::getCmd('fname_level3', null, 'post');
if (strlen($fname_level1)) {
$file = $file[$fname_level1];
}
if (strlen($fname_level2)) {
$file = $file[$fname_level2];
}
if (strlen($fname_level3)) {
$file = $file[$fname_level3];
}
}
$format = JRequest::getVar('format', 'html', '', 'cmd');
$secure = JRequest::getInt('secure', 1);
$secure = $secure ? 1 : 0;
$return = JRequest::getVar('return-url', null, '', 'base64');
$filetitle = JRequest::getVar('file-title', '');
$filedesc = JRequest::getVar('file-desc', '');
$filelang = JRequest::getVar('file-lang', '');
$fieldid = JRequest::getVar('fieldid', 0);
$u_item_id = JRequest::getVar('u_item_id', 0);
$file_mode = JRequest::getVar('folder_mode', 0) ? 'folder_mode' : 'db_mode';
$err = null;
$model = $this->getModel('filemanager');
if ($file_mode != 'folder_mode' && $fieldid) {
// Check if FORCED secure/media mode parameter exists and if it is forced
$field_params = $model->getFieldParams($fieldid);
$target_dir = $field_params->get('target_dir', '');
if (strlen($target_dir) && $target_dir != 2) {
$secure = $target_dir ? 1 : 0;
// force secure / media
} else {
// allow filter secure via form/URL variable
}
}
// *****************************************
// Check that a file was provided / uploaded
// *****************************************
if (!isset($file['name'])) {
if ($task == 'uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "' . JText::_('Filename has invalid characters (or other error occured)') . '"}, "id" : "id"}');
} else {
JError::raiseWarning(100, JText::_('Filename has invalid characters (or other error occured)'));
$this->setRedirect($_SERVER['HTTP_REFERER'], '');
}
return;
}
// Chunking might be enabled
$chunks = JRequest::getInt('chunks');
if ($chunks) {
$chunk = JRequest::getInt('chunk');
// Get / Create target directory
$targetDir = (ini_get("upload_tmp_dir") ? ini_get("upload_tmp_dir") : sys_get_temp_dir()) . DIRECTORY_SEPARATOR . "fc_fileselement";
if (!file_exists($targetDir)) {
@mkdir($targetDir);
}
// Create name of the unique temporary filename to use for concatenation of the chunks, or get the filename from session
$fileName = JRequest::getVar('filename');
$fileName_tmp = $app->getUserState($fileName, date('Y_m_d_') . uniqid());
$app->setUserState($fileName, $fileName_tmp);
$filePath_tmp = $targetDir . DIRECTORY_SEPARATOR . $fileName_tmp;
// Open temp file
if (!($out = @fopen("{$filePath_tmp}", "ab"))) {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream: ' . $fileName_tmp . '."}, "id" : "id"}');
}
if (!empty($_FILES)) {
if ($_FILES["file"]["error"] || !is_uploaded_file($_FILES["file"]["tmp_name"])) {
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
}
if (!($in = @fopen($_FILES["file"]["tmp_name"], "rb"))) {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
} else {
if (!($in = @fopen("php://input", "rb"))) {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
}
// Read binary input stream and append it to temp file
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
@fclose($out);
@fclose($in);
// If not last chunk terminate further execution
if ($chunk < $chunks - 1) {
// Return Success JSON-RPC response
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
}
$app->setUserState($fileName, null);
// Cleanup left-over files
if (file_exists($targetDir)) {
foreach (new DirectoryIterator($targetDir) as $fileInfo) {
if ($fileInfo->isDot()) {
continue;
}
if (time() - $fileInfo->getCTime() >= 60) {
unlink($fileInfo->getRealPath());
}
}
}
//echo "-- chunk: $chunk \n-- chunks: $chunks \n-- targetDir: $targetDir \n--filePath_tmp: $filePath_tmp \n--fileName: $fileName";
//echo "\n"; print_r($_REQUEST);
$file['name'] = $fileName;
$file['tmp_name'] = $filePath_tmp;
$file['size'] = filesize($filePath_tmp);
$file['error'] = 0;
//echo "\n"; print_r($file);
}
if ($file_mode == 'folder_mode') {
$upload_path_var = 'fc_upload_path_' . $fieldid . '_' . $u_item_id;
$path = $app->getUserState($upload_path_var, '') . DS;
if ($task != 'uploads') {
$app->setUserState($upload_path_var, '');
}
// Do not clear in multi-upload
} else {
$path = $secure ? COM_FLEXICONTENT_FILEPATH . DS : COM_FLEXICONTENT_MEDIAPATH . DS;
}
jimport('joomla.utilities.date');
// Set FTP credentials, if given
jimport('joomla.client.helper');
JClientHelper::setCredentialsFromRequest('ftp');
// Make the filename safe
jimport('joomla.filesystem.file');
// Sanitize filename further and make unique
$params = null;
$filename_original = strip_tags($file['name']);
// Store original filename before sanitizing the filename
$upload_check = flexicontent_upload::check($file, $err, $params);
$filename = flexicontent_upload::sanitize($path, $file['name']);
$filepath = JPath::clean($path . strtolower($filename));
// Check if uploaded file is valid
if (!$upload_check) {
if ($format == 'json') {
jimport('joomla.error.log');
$log = JLog::getInstance('com_flexicontent.error.php');
$log->addEntry(array('comment' => 'Invalid: ' . $filepath . ': ' . $err));
header('HTTP/1.0 415 Unsupported Media Type');
if ($task == 'uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Error. Unsupported Media Type!"}, "id" : "id"}');
} else {
die('Error. Unsupported Media Type!');
}
} else {
if ($task == 'uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 104, "message": "' . $err . '"}, "id" : "id"}');
} else {
JError::raiseNotice(100, JText::_($err));
// REDIRECT
if ($return) {
$app->redirect(base64_decode($return) . "&" . (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) . "=1");
}
}
return;
}
}
// Get the extension to record it in the DB
$ext = strtolower(flexicontent_upload::getExt($filename));
// Upload Failed
//echo "\n". $file['tmp_name'] ." => ". $filepath ."\n";
$move_success = $chunks ? rename($file['tmp_name'], $filepath) : JFile::upload($file['tmp_name'], $filepath);
if (!$move_success) {
if ($format == 'json') {
jimport('joomla.error.log');
$log = JLog::getInstance('com_flexicontent.error.php');
$log->addEntry(array('comment' => 'Cannot upload: ' . $filepath));
header('HTTP/1.0 409 Conflict');
if ($task == 'uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 105, "message": "File already exists"}, "id" : "id"}');
} else {
jexit('Error. File already exists');
}
} else {
if ($task == 'uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 106, "message": "' . JText::_('FLEXI_UNABLE_TO_UPLOAD_FILE') . '"}, "id" : "id"}');
} else {
JError::raiseWarning(100, JText::_('FLEXI_UNABLE_TO_UPLOAD_FILE'));
// REDIRECT
if ($return) {
$app->redirect(base64_decode($return) . "&" . (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) . "=1");
}
}
return;
}
// Upload Successful
} else {
// a. Database mode
if ($file_mode == 'db_mode') {
if ($format == 'json') {
jimport('joomla.error.log');
$log = JLog::getInstance();
$log->addEntry(array('comment' => $filepath));
}
$db = JFactory::getDBO();
$user = JFactory::getUser();
$path = $secure ? COM_FLEXICONTENT_FILEPATH . DS : COM_FLEXICONTENT_MEDIAPATH . DS;
// JPATH_ROOT . DS . <media_path | file_path> . DS
$filepath = $path . $filename;
$filesize = file_exists($filepath) ? filesize($filepath) : 0;
$obj = new stdClass();
$obj->filename = $filename;
$obj->filename_original = $filename_original;
$obj->altname = $filetitle ? $filetitle : $filename_original;
$obj->url = 0;
$obj->secure = $secure;
$obj->ext = $ext;
$obj->hits = 0;
$obj->size = $filesize;
$obj->description = $filedesc;
$obj->language = $filelang ? $filelang : '*';
$obj->uploaded = JFactory::getDate('now')->toSql();
$obj->uploaded_by = $user->get('id');
// Insert file record in DB
$db->insertObject('#__flexicontent_files', $obj);
// Get id of new file record
$file_id = (int) $db->insertid();
$option = JRequest::getVar('option');
$filter_item = $app->getUserStateFromRequest($option . '.fileselement.item_id', 'item_id', '', 'int');
if ($filter_item) {
$session = JFactory::getSession();
$files = $session->get('fileselement.' . $filter_item, null);
if (!$files) {
$files = array();
}
$files[] = $db->insertid();
$session->set('fileselement.' . $filter_item, $files);
}
// b. Custom Folder mode
} else {
$file_id = 0;
}
// JSON output: Terminate printing a message
if ($format == 'json') {
if ($task == 'uploads') {
// Return Success JSON-RPC response
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
} else {
jexit('Upload complete');
}
// Normal output: Redirect setting a message
} else {
if ($task == 'uploads') {
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
} else {
$app->enqueueMessage(JText::_('FLEXI_UPLOAD_COMPLETE'));
if (!$return) {
return $file_id;
}
// No return URL, return the file ID
$this->setRedirect(base64_decode($return) . "&newfileid=" . $file_id . "&newfilename=" . base64_encode($filename) . "&" . (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) . "=1", '');
}
}
}
}
function uploadOriginalFile($field, &$post, $file)
{
$app = JFactory::getApplication();
$format = JRequest::getVar('format', 'html', '', 'cmd');
$err = null;
// Get the component configuration
$cparams = JComponentHelper::getParams('com_flexicontent');
$params = clone $cparams;
// Merge field parameters into the global parameters
$fparams = $field->parameters;
$params->merge($fparams);
jimport('joomla.utilities.date');
jimport('joomla.filesystem.file');
jimport('joomla.client.helper');
// Set FTP credentials, if given
JClientHelper::setCredentialsFromRequest('ftp');
// Make the filename safe
$file['name'] = JFile::makeSafe($file['name']);
$all_media = $field->parameters->get('list_all_media_files', 0);
$unique_thumb_method = $field->parameters->get('unique_thumb_method', 0);
$image_source = $field->parameters->get('image_source', 0);
// This should be always ZERO inside this function
if ($image_source > 1) {
global $fc_folder_mode_err;
if (empty($fc_folder_mode_err[$field->id])) {
echo __FUNCTION__ . "(): folder-mode: " . $image_source . " not implemented please change image-source mode in image/gallery field with id: " . $field->id;
$fc_folder_mode_err[$field->id] = 1;
$image_source = 1;
}
}
// FLAG to indicate if images are shared across fields, has the effect of adding field id to image thumbnails
$multiple_image_usages = !$image_source && $all_media && $unique_thumb_method == 0;
$extra_prefix = $multiple_image_usages ? 'fld' . $field->id . '_' : '';
if (isset($file['name']) && $file['name'] != '') {
// only handle the secure folder
$path = COM_FLEXICONTENT_FILEPATH . DS;
//sanitize filename further and make unique
$filename = flexicontent_upload::sanitize($path, $file['name']);
$filepath = JPath::clean(COM_FLEXICONTENT_FILEPATH . DS . strtolower($filename));
//perform security check according
if (!flexicontent_upload::check($file, $err, $params)) {
if ($format == 'json') {
jimport('joomla.error.log');
$log = JLog::getInstance('com_flexicontent.error.php');
$log->addEntry(array('comment' => 'Invalid: ' . $filepath . ': ' . $err));
header('HTTP/1.0 415 Unsupported Media Type');
die('Error. Unsupported Media Type!');
} else {
JError::raiseNotice(100, $field->label . ' : ' . JText::_($err));
return false;
}
}
//get the extension to record it in the DB
$ext = strtolower(JFile::getExt($filename));
if (!JFile::upload($file['tmp_name'], $filepath)) {
if ($format == 'json') {
jimport('joomla.error.log');
$log = JLog::getInstance('com_flexicontent.error.php');
$log->addEntry(array('comment' => 'Cannot upload: ' . $filepath));
header('HTTP/1.0 409 Conflict');
jexit('Error. File already exists');
} else {
JError::raiseWarning(100, $field->label . ' : ' . JText::_('Error. Unable to upload file'));
return false;
}
} else {
$db = JFactory::getDBO();
$user = JFactory::getUser();
$config = JFactory::getConfig();
$timezone = $config->get('offset');
$date = JFactory::getDate('now');
$date->setTimeZone(new DateTimeZone($timezone));
$obj = new stdClass();
$obj->filename = $filename;
$obj->altname = $file['name'];
$obj->url = 0;
$obj->secure = 1;
$obj->ext = $ext;
$obj->hits = 0;
$obj->uploaded = FLEXI_J16GE ? $date->toSql() : $date->toMySQL();
$obj->uploaded_by = $user->get('id');
if ($format == 'json') {
jimport('joomla.error.log');
$log = JLog::getInstance();
$log->addEntry(array('comment' => $filepath));
$db->insertObject('#__flexicontent_files', $obj);
jexit('Upload complete');
} else {
$db->insertObject('#__flexicontent_files', $obj);
$app->enqueueMessage($field->label . ' : ' . JText::_('Upload complete'));
$sizes = array('l', 'm', 's', 'b');
foreach ($sizes as $size) {
// create the thumbnail
$this->create_thumb($field, $filename, $size, $origpath = '', $destpath = '', $copy_original = 0, $extra_prefix);
// set the filename for posting
$post['originalname'] = $filename;
}
return true;
}
}
} else {
$err = 'File upload failed';
JError::raiseNotice(100, $field->label . ' : ' . JText::_($err));
return false;
}
}
/**
* Upload files
*
* @since 1.0
*/
function upload()
{
// Check for request forgeries
JRequest::checkToken('request') or jexit('Invalid Token');
$user = JFactory::getUser();
$app = JFactory::getApplication();
$task = JRequest::getVar('task');
$option = JRequest::getVar('option');
if ($task == 'uploads') {
$file = JRequest::getVar('file', '', 'files', 'array');
} else {
$file = JRequest::getVar('Filedata', '', 'files', 'array');
}
$format = JRequest::getVar('format', 'html', '', 'cmd');
$secure = JRequest::getVar('secure', 1, '', 'int');
$return = JRequest::getVar('return-url', null, 'post', 'base64');
$filetitle = JRequest::getVar('file-title', '');
$filedesc = JRequest::getVar('file-desc', '');
$filelang = JRequest::getVar('file-lang', '');
$fieldid = JRequest::getVar('fieldid', 0);
$u_item_id = JRequest::getVar('u_item_id', 0);
$file_mode = JRequest::getVar('folder_mode', 0) ? 'folder_mode' : 'db_mode';
$err = null;
// *****************************************
// Check that a file was provided / uploaded
// *****************************************
if (!isset($file['name'])) {
if ($task == 'uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "' . JText::_('Filename has invalid characters (or other error occured)') . '"}, "id" : "id"}');
} else {
JError::raiseWarning(100, JText::_('Filename has invalid characters (or other error occured)'));
$this->setRedirect($_SERVER['HTTP_REFERER'], '');
}
return;
}
if ($file_mode == 'folder_mode') {
$upload_path_var = 'fc_upload_path_' . $fieldid . '_' . $u_item_id;
$path = $app->getUserState($upload_path_var, '') . DS;
if ($task != 'uploads') {
$app->setUserState($upload_path_var, '');
}
// Do not clear in multi-upload
} else {
$path = $secure ? COM_FLEXICONTENT_FILEPATH . DS : COM_FLEXICONTENT_MEDIAPATH . DS;
}
jimport('joomla.utilities.date');
// Set FTP credentials, if given
jimport('joomla.client.helper');
JClientHelper::setCredentialsFromRequest('ftp');
// Make the filename safe
jimport('joomla.filesystem.file');
// Sanitize filename further and make unique
$params = null;
$filename_original = strip_tags($file['name']);
// Store original filename before sanitizing the filename
$upload_check = flexicontent_upload::check($file, $err, $params);
$filename = flexicontent_upload::sanitize($path, $file['name']);
$filepath = JPath::clean($path . strtolower($filename));
// Check if uploaded file is valid
if (!$upload_check) {
if ($format == 'json') {
jimport('joomla.error.log');
$log = JLog::getInstance('com_flexicontent.error.php');
$log->addEntry(array('comment' => 'Invalid: ' . $filepath . ': ' . $err));
header('HTTP/1.0 415 Unsupported Media Type');
if ($task == 'uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Error. Unsupported Media Type!"}, "id" : "id"}');
} else {
die('Error. Unsupported Media Type!');
}
} else {
if ($task == 'uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 104, "message": "' . $err . '"}, "id" : "id"}');
} else {
JError::raiseNotice(100, JText::_($err));
// REDIRECT
if ($return) {
$app->redirect(base64_decode($return) . "&" . (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) . "=1");
}
}
return;
}
}
// Get the extension to record it in the DB
$ext = strtolower(flexicontent_upload::getExt($filename));
// Upload Failed
if (!JFile::upload($file['tmp_name'], $filepath)) {
if ($format == 'json') {
jimport('joomla.error.log');
$log = JLog::getInstance('com_flexicontent.error.php');
$log->addEntry(array('comment' => 'Cannot upload: ' . $filepath));
header('HTTP/1.0 409 Conflict');
if ($task == 'uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 105, "message": "File already exists"}, "id" : "id"}');
} else {
jexit('Error. File already exists');
}
} else {
if ($task == 'uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 106, "message": "' . JText::_('FLEXI_UNABLE_TO_UPLOAD_FILE') . '"}, "id" : "id"}');
} else {
JError::raiseWarning(100, JText::_('FLEXI_UNABLE_TO_UPLOAD_FILE'));
// REDIRECT
if ($return) {
$app->redirect(base64_decode($return) . "&" . (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) . "=1");
}
}
return;
}
// Upload Successful
} else {
// a. Database mode
if ($file_mode == 'db_mode') {
if ($format == 'json') {
jimport('joomla.error.log');
$log = JLog::getInstance();
$log->addEntry(array('comment' => $filepath));
}
$db = JFactory::getDBO();
$user = JFactory::getUser();
$config = JFactory::getConfig();
$date = JFactory::getDate('now');
$obj = new stdClass();
$obj->filename = $filename;
$obj->filename_original = $filename_original;
$obj->altname = $filetitle ? $filetitle : $filename_original;
$obj->url = 0;
$obj->secure = $secure;
$obj->ext = $ext;
$obj->hits = 0;
$obj->description = $filedesc;
$obj->language = $filelang ? $filelang : '*';
$obj->uploaded = FLEXI_J16GE ? $date->toSql() : $date->toMySQL();
$obj->uploaded_by = $user->get('id');
// Insert file record in DB
$db->insertObject('#__flexicontent_files', $obj);
// Get id of new file record
$file_id = (int) $db->insertid();
$option = JRequest::getVar('option');
$filter_item = $app->getUserStateFromRequest($option . '.fileselement.item_id', 'item_id', '', 'int');
if ($filter_item) {
$session = JFactory::getSession();
$files = $session->get('fileselement.' . $filter_item, null);
if (!$files) {
$files = array();
}
$files[] = $db->insertid();
$session->set('fileselement.' . $filter_item, $files);
}
// b. Custom Folder mode
} else {
$file_id = 0;
}
// JSON output: Terminate printing a message
if ($format == 'json') {
if ($task == 'uploads') {
// Return Success JSON-RPC response
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
} else {
jexit('Upload complete');
}
// Normal output: Redirect setting a message
} else {
if ($task == 'uploads') {
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
} else {
$app->enqueueMessage(JText::_('FLEXI_UPLOAD_COMPLETE'));
if (!$return) {
return;
}
// No return URL
$app->redirect(base64_decode($return) . "&newfileid=" . $file_id . "&newfilename=" . base64_encode($filename) . "&" . (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) . "=1");
}
}
}
}
