Enano CMS (1.1.x): plugins/SpecialUpdownload.php@902822492a68 (annotated)

0 902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	1	<?php
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	2	/*
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	3	Plugin Name: Upload/download frontend
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	4	Plugin URI: http://enano.homelinux.org/
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	5	Description: Provides the pages Special:UploadFile and Special:DownloadFile. UploadFile is used to upload files to the site, and DownloadFile fetches the file from the database, creates thumbnails if necessary, and sends the file to the user.
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	6	Author: Dan Fuhry
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	7	Version: 1.0
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	8	Author URI: http://enano.homelinux.org/
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	9	*/
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	10
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	11	/*
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	12	* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	13	* Version 1.0 release candidate 2
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	14	* Copyright (C) 2006-2007 Dan Fuhry
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	15	* SpecialUpdownload.php - handles uploading and downloading of user-uploaded files - possibly the most rigorously security-enforcing script in all of Enano, although sessions.php comes in a close second
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	16	*
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	17	* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	18	* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	19	*
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	20	* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	21	* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	22	*/
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	23
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	24	global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	25
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	26	$plugins->attachHook('base_classes_initted', '
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	27	global $paths;
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	28	$paths->add_page(Array(
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	29	\'name\'=>\'Upload file\',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	30	\'urlname\'=>\'UploadFile\',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	31	\'namespace\'=>\'Special\',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	32	\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	33	));
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	34
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	35	$paths->add_page(Array(
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	36	\'name\'=>\'Download file\',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	37	\'urlname\'=>\'DownloadFile\',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	38	\'namespace\'=>\'Special\',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	39	\'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	40	));
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	41	');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	42
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	43	function page_Special_UploadFile()
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	44	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	45	global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	46	global $mime_types;
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	47	if(getConfig('enable_uploads')!='1') { die_friendly('Access denied', '<p>File uploads are disabled this website.</p>'); }
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	48	if ( !$session->get_permissions('upload_files') )
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	49	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	50	die_friendly('Access denied', '<p>File uploads are disabled for your user account or group.<p>');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	51	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	52	if(isset($_POST['doit']))
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	53	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	54	if(isset($_FILES['data']))
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	55	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	56	$file =& $_FILES['data'];
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	57	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	58	else
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	59	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	60	$file = false;
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	61	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	62	if(!is_array($file)) die_friendly('Upload failed', '<p>The server could not retrieve the array $_FILES[\'data\'].</p>');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	63	if($file['size'] == 0 \|\| $file['size'] > (int)getConfig('max_file_size')) die_friendly('Upload failed', '<p>The file you uploaded is either too large or 0 bytes in length.</p>');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	64	/*
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	65	$allowed_mime_types = Array(
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	66	'text/plain',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	67	'image/png',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	68	'image/jpeg',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	69	'image/tiff',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	70	'image/gif',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	71	'text/html', // Safe because the file is stashed in the database
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	72	'application/x-bzip2',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	73	'application/x-gzip',
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	74	'text/x-c++'
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	75	);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	76	if(function_exists('finfo_open') && $fi = finfo_open(FILEINFO_MIME, ENANO_ROOT.'/includes/magic')) // First try to use the fileinfo extension, this is the best way to determine the mimetype
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	77	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	78	if(!$fi) die_friendly('Upload failed', '<p>Enano was unable to determine the format of the uploaded file.</p><p>'.@finfo_file($fi, $file['tmp_name']).'</p>');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	79	$type = @finfo_file($fi, $file['tmp_name']);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	80	@finfo_close($fi);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	81	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	82	elseif(function_exists('mime_content_type'))
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	83	$type = mime_content_type($file['tmp_name']); // OK, no fileinfo function. Use a (usually) built-in PHP function
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	84	elseif(isset($file['type']))
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	85	$type = $file['type']; // LAST RESORT: use the mimetype the browser sent us, though this is likely to be spoofed
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	86	else // DANG! Not even the browser told us. Bail out.
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	87	die_friendly('Upload failed', '<p>Enano was unable to determine the format of the uploaded file.</p>');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	88	*/
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	89	$types = fetch_allowed_extensions();
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	90	$ext = substr($file['name'], strrpos($file['name'], '.')+1, strlen($file['name']));
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	91	if(!isset($types[$ext]) \|\| ( isset($types[$ext]) && !$types[$ext] ) )
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	92	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	93	die_friendly('Upload failed', '<p>The file type ".'.$ext.'" is not allowed.</p>');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	94	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	95	$type = $mime_types[$ext];
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	96	//$type = explode(';', $type); $type = $type[0];
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	97	//if(!in_array($type, $allowed_mime_types)) die_friendly('Upload failed', '<p>The file type "'.$type.'" is not allowed.</p>');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	98	if($_POST['rename'] != '')
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	99	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	100	$filename = $_POST['rename'];
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	101	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	102	else
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	103	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	104	$filename = $file['name'];
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	105	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	106	$bad_chars = Array(':', '\\', '/', '<', '>', '\|', '*', '?', '"', '#', '+');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	107	foreach($bad_chars as $ch)
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	108	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	109	if(strstr($filename, $ch) \|\| preg_match('/^([ ]+)$/is', $filename)) die_friendly('Upload failed', '<p>The filename contains invalid characters.</p>');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	110	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	111
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	112	if ( isset ( $paths->pages[ $paths->nslist['File'] . $filename ] ) && !isset ( $_POST['update'] ) )
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	113	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	114	die_friendly('Upload failed', '<p>The file already exists. You can <a href="'.makeUrlNS('Special', 'UploadFile/'.$filename).'">upload a new version of this file</a>.</p>');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	115	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	116	else if ( isset($_POST['update']) &&
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	117	( !isset($paths->pages[$paths->nslist['File'].$filename]) \|\|
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	118	(isset($paths->pages[$paths->nslist['File'].$filename]) &&
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	119	$paths->pages[$paths->nslist['File'].$filename]['protected'] == 1 )
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	120	)
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	121	)
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	122	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	123	die_friendly('Upload failed', '<p>Either the file does not exist (and therefore cannot be updated) or the file is protected.</p>');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	124	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	125
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	126	$utime = time();
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	127
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	128	$filename = $db->escape($filename);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	129	$ext = substr($filename, strrpos($filename, '.'), strlen($filename));
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	130	$flen = filesize($file['tmp_name']);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	131
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	132	$comments = $db->escape(RenderMan::strip_php($_POST['comments']));
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	133	$chartag = sha1(microtime());
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	134	$urln = str_replace(' ', '_', $filename);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	135
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	136	$key = md5($filename . '_' . file_get_contents($file['tmp_name']));
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	137	$targetname = ENANO_ROOT . '/files/' . $key . '_' . $utime . $ext;
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	138
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	139	if(!@move_uploaded_file($file['tmp_name'], $targetname))
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	140	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	141	die_friendly('Upload failed', '<p>Could not move uploaded file to the new location.</p>');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	142	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	143
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	144	if(getConfig('file_history') != '1')
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	145	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	146	if(!$db->sql_query('DELETE FROM '.table_prefix.'files WHERE filename=\''.$filename.'\' LIMIT 1;')) $db->_die('The old file data could not be deleted.');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	147	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	148	if(!$db->sql_query('INSERT INTO '.table_prefix.'files(time_id,page_id,filename,size,mimetype,file_extension,file_key) VALUES('.$utime.', \''.$urln.'\', \''.$filename.'\', '.$flen.', \''.$type.'\', \''.$ext.'\', \''.$key.'\')')) $db->_die('The file data entry could not be inserted.');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	149	if(!isset($_POST['update']))
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	150	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	151	if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.$utime.', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\');')) $db->_die('The page log could not be updated.');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	152	if(!$db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,protected,delvotes,delvote_ips) VALUES(\''.$filename.'\', \''.$urln.'\', \'File\', 0, 0, \'\')')) $db->_die('The page listing entry could not be inserted.');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	153	if(!$db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$urln.'\', \'File\', \''.$comments.'\', \''.$chartag.'\')')) $db->_die('The page text entry could not be inserted.');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	154	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	155	else
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	156	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	157	if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.$utime.', \''.date('d M Y h:i a').'\', \'page\', \'reupload\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\', \''.$comments.'\');')) $db->_die('The page log could not be updated.');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	158	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	159	die_friendly('Upload complete', '<p>Your file has been uploaded successfully. View the <a href="'.makeUrlNS('File', $filename).'">file\'s page</a>.</p>');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	160	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	161	else
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	162	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	163	$template->header();
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	164	$fn = $paths->getParam(0);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	165	if ( $fn && !$session->get_permissions('upload_new_version') )
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	166	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	167	die_friendly('Access denied', '<p>Uploading new versions of files has been disabled for your user account or group.<p>');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	168	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	169	?>
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	170	<p>Using this form you can upload a file to the <?php echo getConfig('site_name'); ?> site.</p>
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	171	<p>The maximum file size is <?php
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	172	// Get the max file size, and format it in a way that is user-friendly
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	173	$fs = getConfig('max_file_size');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	174	echo commatize($fs).' bytes';
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	175	$fs = (int)$fs;
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	176	if($fs >= 1048576)
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	177	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	178	$fs = round($fs / 1048576, 1);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	179	echo ' ('.$fs.' MB)';
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	180	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	181	elseif($fs >= 1024)
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	182	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	183	$fs = round($fs / 1024, 1);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	184	echo ' ('.$fs.' KB)';
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	185	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	186	?>.</p>
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	187	<form action="<?php echo makeUrl($paths->page); ?>" method="post" enctype="multipart/form-data">
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	188	<table border="0" cellspacing="1" cellpadding="4">
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	189	<tr><td>File:</td><td><input name="data" type="file" size="40" /></td></tr>
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	190	<tr><td>Rename to:</td><td><input name="rename" type="text" size="40"<?php if($fn) echo ' value="'.$fn.'" readonly="readonly"'; ?> /></td></tr>
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	191	<?php
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	192	if(!$fn) echo '<tr><td>Comments:<br />(can be wiki-formatted)</td><td><textarea name="comments" rows="20" cols="60"></textarea></td></tr>';
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	193	else echo '<tr><td>Reason for uploading the new version: </td><td><input name="comments" size="50" /></td></tr>';
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	194	?>
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	195	<tr><td colspan="2" style="text-align: center">
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	196	<?php
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	197	if($fn)
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	198	echo '<input type="hidden" name="update" value="true" />';
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	199	?>
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	200	<input type="submit" name="doit" value="Upload file" />
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	201	</td></tr>
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	202	</table>
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	203	</form>
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	204	<?php
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	205	$template->footer();
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	206	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	207	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	208
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	209	function page_Special_DownloadFile()
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	210	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	211	global $db, $session, $paths, $template, $plugins; // Common objects
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	212	global $do_gzip;
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	213	$filename = rawurldecode($paths->getParam(0));
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	214	$timeid = $paths->getParam(1);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	215	if($timeid && preg_match('#^([0-9]+)$#', (string)$timeid)) $tid = ' AND time_id='.$timeid;
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	216	else $tid = '';
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	217	$filename = $db->escape($filename);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	218	$q = $db->sql_query('SELECT page_id,size,mimetype,time_id,file_extension,file_key FROM '.table_prefix.'files WHERE filename=\''.$filename.'\''.$tid.' ORDER BY time_id DESC;');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	219	if(!$q) $db->_die('The file data could not be selected.');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	220	if($db->numrows() < 1) { header('HTTP/1.1 404 Not Found'); die_friendly('File not found', '<p>The file "'.$filename.'" cannot be found.</p>'); }
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	221	$row = $db->fetchrow();
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	222	$db->free_result();
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	223
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	224	// Check permissions
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	225	$perms = $session->fetch_page_acl($row['page_id'], 'File');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	226	if ( !$perms->get_permissions('read') )
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	227	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	228	die_friendly('Access denied', '<p>Access to the specified file is denied.</p>');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	229	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	230
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	231	$fname = ENANO_ROOT . '/files/' . $row['file_key'] . '_' . $row['time_id'] . $row['file_extension'];
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	232	$data = file_get_contents($fname);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	233	if(isset($_GET['preview']) && getConfig('enable_imagemagick')=='1' && file_exists(getConfig('imagemagick_path')) && substr($row['mimetype'], 0, 6) == 'image/')
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	234	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	235	$nam = tempnam('/tmp', $filename);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	236	$h = @fopen($nam, 'w');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	237	if(!$h) die('Error opening '.$nam.' for writing');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	238	fwrite($h, $data);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	239	fclose($h);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	240	/* Make sure the request doesn't contain commandline injection - yow! */
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	241	if(!isset($_GET['width' ]) \|\| (isset($_GET['width'] ) && !preg_match('#^([0-9]+)$#', $_GET['width'] ))) $width = '320'; else $width = $_GET['width' ];
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	242	if(!isset($_GET['height']) \|\| (isset($_GET['height']) && !preg_match('#^([0-9]+)$#', $_GET['height'] ))) $height = '240'; else $height = $_GET['height'];
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	243	$cache_filename=ENANO_ROOT.'/cache/'.$filename.'-'.$row['time_id'].'-'.$width.'x'.$height.$row['file_extension'];
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	244	if(getConfig('cache_thumbs')=='1' && file_exists($cache_filename) && is_writable(ENANO_ROOT.'/cache')) {
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	245	$data = file_get_contents($cache_filename);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	246	} elseif(getConfig('enable_imagemagick')=='1' && file_exists(getConfig('imagemagick_path'))) {
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	247	// Use ImageMagick to convert the image
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	248	//unlink($nam);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	249	error_reporting(E_ALL);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	250	$cmd = ''.getConfig('imagemagick_path').' "'.$nam.'" -resize "'.$width.'x'.$height.'>" "'.$nam.'.scaled'.$row['file_extension'].'"';
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	251	system($cmd, $stat);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	252	if(!file_exists($nam.'.scaled'.$row['file_extension'])) die('Failed to call ImageMagick (return value '.$stat.'), command line was:<br />'.$cmd);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	253	$data = file_get_contents($nam.'.scaled'.$row['file_extension']);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	254	// Be stingy about it - better to re-generate the image hundreds of times than to fail completely
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	255	if(getConfig('cache_thumbs')=='1' && !file_exists($cache_filename)) {
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	256	// Write the generated thumbnail to the cache directory
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	257	$h = @fopen($cache_filename, 'w');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	258	if(!$h) die('Error opening cache file "'.$cache_filename.'" for writing.');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	259	fwrite($h, $data);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	260	fclose($h);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	261	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	262	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	263	unlink($nam);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	264	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	265	$len = strlen($data);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	266	header('Content-type: '.$row['mimetype']);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	267	if(isset($_GET['download'])) header('Content-disposition: attachment, filename="'.$filename.'";');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	268	header('Content-length: '.$len);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	269	header('Last-Modified: '.date('r', $row['time_id']));
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	270	echo($data);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	271
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	272	//
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	273	// Compress buffered output if required and send to browser
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	274	//
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	275	if ( $do_gzip )
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	276	{
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	277	//
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	278	// Copied from phpBB, which was in turn borrowed from php.net
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	279	//
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	280	$gzip_contents = ob_get_contents();
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	281	ob_end_clean();
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	282
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	283	$gzip_size = strlen($gzip_contents);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	284	$gzip_crc = crc32($gzip_contents);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	285
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	286	$gzip_contents = gzcompress($gzip_contents, 9);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	287	$gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	288
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	289	header('Content-encoding: gzip');
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	290	echo "\x1f\x8b\x08\x00\x00\x00\x00\x00";
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	291	echo $gzip_contents;
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	292	echo pack('V', $gzip_crc);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	293	echo pack('V', $gzip_size);
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	294	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	295
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	296	exit;
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	297
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	298	}
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	299
902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	300	?>

author	dan@scribus.fuhry.local.fuhry.local
	Wed, 13 Jun 2007 16:03:00 -0400
changeset 0	902822492a68
child 23	320acf077276
permissions	-rw-r--r--