/** * Upload a file to the profile via AJAX * * @return string */ public function doajaxuploadTask() { //allowed extensions for uplaod $allowedExtensions = array('png', 'jpe', 'jpeg', 'jpg', 'gif'); //max upload size $sizeLimit = $this->config->get('maxAllowed', '40000000'); // get the file if (isset($_GET['qqfile'])) { $stream = true; $file = $_GET['qqfile']; $size = (int) $_SERVER["CONTENT_LENGTH"]; } elseif (isset($_FILES['qqfile'])) { $stream = false; $file = $_FILES['qqfile']['name']; $size = (int) $_FILES['qqfile']['size']; } else { echo json_encode(array('error' => Lang::txt('Please select a file to upload'))); return; } //check to make sure we have a file and its not too big if ($size == 0) { echo json_encode(array('error' => Lang::txt('File is empty'))); return; } if ($size > $sizeLimit) { $max = preg_replace('/<abbr \\w+=\\"\\w+\\">(\\w{1,3})<\\/abbr>/', '$1', \Hubzero\Utility\Number::formatBytes($sizeLimit)); echo json_encode(array('error' => Lang::txt('File is too large. Max file upload size is ') . $max)); return; } //check to make sure we have an allowable extension $pathinfo = pathinfo($file); $filename = $pathinfo['filename']; $ext = $pathinfo['extension']; if ($allowedExtensions && !in_array(strtolower($ext), $allowedExtensions)) { $these = implode(', ', $allowedExtensions); echo json_encode(array('error' => Lang::txt('File has an invalid extension, it should be one of ' . $these . '.'))); return; } // Make the filename safe $file = Filesystem::clean($file); // Check project exists if (!$this->model->exists()) { echo json_encode(array('error' => Lang::txt('Error loading project'))); return; } // Make sure user is authorized (project manager) if (!$this->model->access('manager')) { echo json_encode(array('error' => Lang::txt('Unauthorized action'))); return; } // Build project image path $path = PATH_APP . DS . trim($this->config->get('imagepath', '/site/projects'), DS); $path .= DS . $this->model->get('alias') . DS . 'images'; if (!is_dir($path)) { if (!Filesystem::makeDirectory($path, 0755, true, true)) { echo json_encode(array('error' => Lang::txt('COM_PROJECTS_UNABLE_TO_CREATE_UPLOAD_PATH'))); return; } } // Delete older file with same name if (file_exists($path . DS . $file)) { Filesystem::delete($path . DS . $file); } if ($stream) { //read the php input stream to upload file $input = fopen("php://input", "r"); $temp = tmpfile(); $realSize = stream_copy_to_stream($input, $temp); fclose($input); if (Helpers\Html::virusCheck($temp)) { echo json_encode(array('error' => Lang::txt('Virus detected, refusing to upload'))); return; } //move from temp location to target location which is user folder $target = fopen($path . DS . $file, "w"); fseek($temp, 0, SEEK_SET); stream_copy_to_stream($temp, $target); fclose($target); } else { move_uploaded_file($_FILES['qqfile']['tmp_name'], $path . DS . $file); } // Perform the upload if (!is_file($path . DS . $file)) { echo json_encode(array('error' => Lang::txt('COM_PROJECTS_ERROR_UPLOADING'))); return; } else { //resize image to max 200px and rotate in case user didnt before uploading $hi = new \Hubzero\Image\Processor($path . DS . $file); if (count($hi->getErrors()) == 0) { $hi->autoRotate(); $hi->resize(200); $hi->setImageType(IMAGETYPE_PNG); $hi->save($path . DS . $file); } else { echo json_encode(array('error' => $hi->getError())); return; } // Delete previous thumb if (file_exists($path . DS . 'thumb.png')) { Filesystem::delete($path . DS . 'thumb.png'); } // create thumb $hi = new \Hubzero\Image\Processor($path . DS . $file); if (count($hi->getErrors()) == 0) { $hi->resize(50, false, true, true); $hi->save($path . DS . 'thumb.png'); } else { echo json_encode(array('error' => $hi->getError())); return; } // Save picture name $this->model->set('picture', $file); if (!$this->model->store()) { echo json_encode(array('error' => $this->model->getError())); return; } elseif (!$this->model->inSetup()) { // Record activity $this->model->recordActivity(Lang::txt('COM_PROJECTS_REPLACED_PROJECT_PICTURE')); } } echo json_encode(array('success' => true)); return; }
/** * Pre-insert checks * * @return boolean */ protected function _check($file, $tmp_name, $size, &$available, $virusChecked = FALSE) { if (!isset($this->_sizeLimit)) { $pParams = Plugin::params('projects', 'files'); $this->_sizeLimit = $pParams->get('maxUpload', '104857600'); } // Check against upload size limit if (intval($this->_sizeLimit) && $size > intval($this->_sizeLimit)) { $this->setError(Lang::txt('COM_PROJECTS_FILES_ERROR_EXCEEDS_LIMIT') . ' ' . \Hubzero\Utility\Number::formatBytes($this->_sizeLimit) . '. ' . Lang::txt('COM_PROJECTS_FILES_ERROR_TOO_LARGE_USE_OTHER_METHOD')); return false; } // Check against quota if ($size >= $available) { $this->setError(Lang::txt('COM_PROJECTS_FILES_ERROR_OVER_QUOTA')); return false; } // One last check if ($tmp_name && ($virusChecked !== TRUE || $virusChecked === FALSE)) { if (Helpers\Html::virusCheck($tmp_name)) { $this->setError(Lang::txt('COM_PROJECTS_FILES_ERROR_VIRUS')); return false; } } // Reduce available space $available = $available - $size; return true; }