/**
* Called from ImportZip class
*
* @param string $file The string of the local file path stored in .elabftw.json of the zip archive
*/
public function uploadLocalFile($file)
{
if (!is_readable($file)) {
throw new Exception('No file here!');
}
$realName = basename($file);
$longName = $this->getCleanName() . "." . Tools::getExt($realName);
$fullPath = ELAB_ROOT . 'uploads/' . $longName;
$this->moveFile($file, $fullPath);
$this->dbInsert($realName, $longName, $this->getHash($fullPath));
}
}
if ($count > 0) {
echo "<div class='box'>";
echo "<img src='img/attached.png' class='bot5px'> <h3 style='display:inline'>" . ngettext('Attached file', 'Attached files', $count) . "</h3>";
echo "<div class='row'>";
while ($uploads_data = $req->fetch()) {
echo "<div class='col-md-4 col-sm-6'>";
echo "<div class='thumbnail'>";
// show the delete button only in edit mode, not in view mode
if ($_GET['mode'] === 'edit') {
echo "<a class='align_right' href='app/delete_file.php?id=" . $uploads_data['id'] . "&type=" . $uploads_data['type'] . "&item_id=" . $uploads_data['item_id'] . "' onClick=\"return confirm('Delete this file ?');\">";
echo "<img src='img/small-trash.png' title='delete' alt='delete' /></a>";
}
// end if it is in edit mode
// get file extension
$ext = filter_var(Tools::getExt($uploads_data['real_name']), FILTER_SANITIZE_STRING);
$filepath = 'uploads/' . $uploads_data['long_name'];
$thumbpath = $filepath . '_th.jpg';
// list of extensions with a corresponding img/thumb-*.png image
$common_extensions = array('avi', 'csv', 'doc', 'docx', 'mov', 'pdf', 'ppt', 'rar', 'xls', 'xlsx', 'zip');
// Make thumbnail only if it isn't done already
if (!file_exists($thumbpath)) {
make_thumb($filepath, $ext, $thumbpath, 100);
}
// only display the thumbnail if the file is here
if (file_exists($thumbpath) && preg_match('/(jpg|jpeg|png|gif)$/i', $ext)) {
// we add rel='gallery' to the images for fancybox to display it as an album (possibility to go next/previous)
echo "<a href='uploads/" . $uploads_data['long_name'] . "' class='fancybox' rel='gallery' ";
if ($uploads_data['comment'] != 'Click to add a comment') {
echo "title='" . $uploads_data['comment'] . "'";
}
public function testGetExt()
{
$this->assertEquals('gif', \Elabftw\Elabftw\Tools::getExt('myfile.gif'));
$this->assertEquals('gif', \Elabftw\Elabftw\Tools::getExt('/path/to/myfile.gif'));
$this->assertEquals('unknown', \Elabftw\Elabftw\Tools::getExt('/path/to/myfilegif'));
}
$sql = "DELETE FROM items WHERE id = :id";
$req = $pdo->prepare($sql);
$result[] = $req->execute(array('id' => $id));
// delete associated tags
$sql = "DELETE FROM items_tags WHERE item_id = :id";
$req = $pdo->prepare($sql);
$result[] = $req->execute(array('id' => $id));
// delete associated files
$sql = "SELECT real_name, long_name FROM uploads WHERE item_id = :id AND type = :type";
$req = $pdo->prepare($sql);
$req->execute(array('id' => $id, 'type' => 'items'));
while ($uploads = $req->fetch()) {
$filepath = ELAB_ROOT . 'uploads/' . $uploads['long_name'];
unlink($filepath);
// remove thumbnail
$ext = Tools::getExt($uploads['real_name']);
if (file_exists(ELAB_ROOT . 'uploads/' . $uploads['long_name'] . '_th.' . $ext)) {
unlink(ELAB_ROOT . 'uploads/' . $uploads['long_name'] . '_th.' . $ext);
}
}
// now remove them from the database
$sql = "DELETE FROM uploads WHERE item_id = :id AND type = :type";
$req = $pdo->prepare($sql);
$result[] = $req->execute(array('id' => $id, 'type' => 'items'));
// delete links of this item in experiments with this item linked
// get all experiments with that item linked
$sql = "SELECT id FROM experiments_links WHERE link_id = :link_id";
$req = $pdo->prepare($sql);
$result[] = $req->execute(array('link_id' => $id));
while ($links = $req->fetch()) {
$delete_sql = "DELETE FROM experiments_links WHERE id = :links_id";
/**
* If files are attached we want them!
*
* @throws Exception if it cannot rename the file or SQL request failed
* @param string $file The path of the file in the archive
*/
private function importFile($file)
{
// first move the file to the uploads folder
$longName = hash("sha512", uniqid(rand(), true)) . '.' . \Elabftw\Elabftw\Tools::getExt($file);
$newPath = ELAB_ROOT . 'uploads/' . $longName;
if (!rename($this->tmpPath . '/' . $file, $newPath)) {
throw new Exception('Cannot rename file!');
}
// make md5sum
$md5 = hash_file('md5', $newPath);
// now insert it in sql
$sql = "INSERT INTO uploads(\n real_name,\n long_name,\n comment,\n item_id,\n userid,\n type,\n md5\n ) VALUES(\n :real_name,\n :long_name,\n :comment,\n :item_id,\n :userid,\n :type,\n :md5\n )";
$req = $this->pdo->prepare($sql);
$req->bindParam(':real_name', basename($file));
$req->bindParam(':long_name', $longName);
$req->bindValue(':comment', 'Click to add a comment');
$req->bindParam(':item_id', $this->newItemId);
$req->bindParam(':userid', $_SESSION['userid']);
$req->bindValue(':type', $this->category);
$req->bindParam(':md5', $md5);
if (!$req->execute()) {
throw new Exception('Cannot import in database!');
}
}
if ($type === 'experiments') {
// we check that the user owns the experiment before adding things to it
if (!is_owned_by_user($item_id, 'experiments', $_SESSION['userid'])) {
die('Not your experiment');
}
}
// check we actually have files
if (count($_FILES) === 0) {
die('No files received');
}
// UPLOAD A FILE TO AN EXPERIMENT OR DB ITEM
if ($type === 'experiments' || $type == 'items') {
// Create a clean filename : remplace all non letters/numbers by '.' (this way we don't lose the file extension)
$realname = preg_replace('/[^A-Za-z0-9]/', '.', $_FILES['file']['name']);
// get extension
$ext = \Elabftw\Elabftw\Tools::getExt($realname);
// Create a unique long filename + extension
$longname = hash("sha512", uniqid(rand(), true)) . "." . $ext;
// Try to move the file to its final place
if (rename($_FILES['file']['tmp_name'], ELAB_ROOT . 'uploads/' . $longname)) {
// generate a md5sum of the file if it's not too big
if ($_FILES['file']['size'] < 5000000) {
$md5 = hash_file('md5', ELAB_ROOT . 'uploads/' . $longname);
} else {
$md5 = null;
}
// SQL TO PUT FILE IN UPLOADS TABLE
$sql = "INSERT INTO uploads(\n real_name,\n long_name,\n comment,\n item_id,\n userid,\n type,\n md5\n ) VALUES(\n :real_name,\n :long_name,\n :comment,\n :item_id,\n :userid,\n :type,\n :md5\n )";
$req = $pdo->prepare($sql);
$req->execute(array('real_name' => $realname, 'long_name' => $longname, 'comment' => 'Click to add a comment', 'item_id' => $item_id, 'userid' => $_SESSION['userid'], 'type' => $type, 'md5' => $md5));
} else {
/**
* Reference the attached files (if any) in the pdf
* Add also the hash sum
*/
private function addAttachedFiles()
{
// SQL to get attached files
$sql = "SELECT * FROM uploads WHERE item_id = :id AND type = :type";
$req = $this->pdo->prepare($sql);
$req->bindParam(':id', $this->id);
$req->bindParam(':type', $this->type);
$req->execute();
$real_name = array();
$long_name = array();
$comment = array();
$hash = array();
$hash_algorithm = array();
while ($uploads = $req->fetch()) {
$real_name[] = $uploads['real_name'];
$long_name[] = $uploads['long_name'];
$comment[] = $uploads['comment'];
$hash[] = $uploads['hash'];
$hash_algorithm[] = $uploads['hash_algorithm'];
}
// do we have files attached ?
if ($req->rowCount() > 0) {
$this->content .= "<section class='no_break'>";
if ($req->rowCount() === 1) {
$this->content .= "<h3>Attached file :</h3>";
} else {
$this->content .= "<h3>Attached files :</h3>";
}
$this->content .= "<ul>";
$real_name_cnt = $req->rowCount();
for ($i = 0; $i < $real_name_cnt; $i++) {
$this->content .= "<li>" . $real_name[$i];
// add a comment ? don't add if it's the default text
if ($comment[$i] != 'Click to add a comment') {
$this->content .= " (" . stripslashes(htmlspecialchars_decode($comment[$i])) . ")";
}
// add hash ? don't add if we don't have it
// length must be greater (sha2 hashes) or equal (md5) 32 bits
if (strlen($hash[$i]) >= 32) {
// we have hash
$this->content .= "<br>" . $hash_algorithm[$i] . " : " . $hash[$i];
}
// if this is an image file, add the thumbnail picture
$ext = filter_var(Tools::getExt($real_name[$i]), FILTER_SANITIZE_STRING);
$filepath = 'uploads/' . $long_name[$i];
if (file_exists($filepath) && preg_match('/(jpg|jpeg|png|gif)$/i', $ext)) {
$this->content .= "<br /><img class='attached_image' src='" . $filepath . "' alt='attached image' />";
}
$this->content .= "</li>";
}
$this->content .= "</ul></section>";
}
}
$sql = "SELECT userid, real_name, long_name, item_id FROM uploads WHERE id = :id";
$req = $pdo->prepare($sql);
$req->bindParam(':id', $id, PDO::PARAM_INT);
$req->execute();
$data = $req->fetch();
if ($data['userid'] == $_SESSION['userid']) {
// Good to go -> delete file from SQL table
$sql = "DELETE FROM uploads WHERE id = :id";
$reqdel = $pdo->prepare($sql);
$reqdel->bindParam(':id', $id, PDO::PARAM_INT);
$reqdel->execute();
// now delete it from filesystem
$filepath = ELAB_ROOT . 'uploads/' . $data['long_name'];
unlink($filepath);
// remove thumbnail
$ext = Tools::getExt($data['real_name']);
if (file_exists(ELAB_ROOT . 'uploads/' . $data['long_name'] . '_th.' . $ext)) {
unlink(ELAB_ROOT . 'uploads/' . $data['long_name'] . '_th.' . $ext);
}
// Redirect to the viewXP
$msg_arr = array();
$msg_arr[] = sprintf(_('File %s deleted successfully.'), $data['real_name']);
$_SESSION['infos'] = $msg_arr;
header("location: ../experiments.php?mode=edit&id=" . $data['item_id']);
} else {
die;
}
// DATABASE ITEM
} elseif ($_GET['type'] === 'items') {
// Get realname
$sql = "SELECT real_name, long_name, item_id FROM uploads WHERE id = :id AND type = 'items'";
