Context Navigation

source: temp/test-xoops.ec-cube.net/html/class/uploader.php @ 405

Visit:

Revision 405, 15.8 KB checked in by root, 20 years ago (diff)

Line
1	<?php
2	// $Id: uploader.php,v 1.5 2005/10/24 11:44:16 onokazu Exp $
3	// ------------------------------------------------------------------------ //
4	// XOOPS - PHP Content Management System //
5	// Copyright (c) 2000 XOOPS.org //
6	// <http://www.xoops.org/> //
7	// ------------------------------------------------------------------------ //
8	// This program is free software; you can redistribute it and/or modify //
9	// it under the terms of the GNU General Public License as published by //
10	// the Free Software Foundation; either version 2 of the License, or //
11	// (at your option) any later version. //
12	// //
13	// You may not change or alter any portion of this comment or credits //
14	// of supporting developers from this source code or any supporting //
15	// source code which is considered copyrighted (c) material of the //
16	// original comment or credit authors. //
17	// //
18	// This program is distributed in the hope that it will be useful, //
19	// but WITHOUT ANY WARRANTY; without even the implied warranty of //
20	// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
21	// GNU General Public License for more details. //
22	// //
23	// You should have received a copy of the GNU General Public License //
24	// along with this program; if not, write to the Free Software //
25	// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
26	// ------------------------------------------------------------------------ //
27	// Author: Kazumi Ono (AKA onokazu) //
28	// URL: http://www.myweb.ne.jp/, http://www.xoops.org/, http://jp.xoops.org/ //
29	// Project: The XOOPS Project //
30	// ------------------------------------------------------------------------- //
31
32	/**
33	* Upload Media files
34	*
35	* Example of usage:
36	* <code>
37	* include_once 'uploader.php';
38	* $allowed_mimetypes = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png');
39	* $maxfilesize = 50000;
40	* $maxfilewidth = 120;
41	* $maxfileheight = 120;
42	* $uploader = new XoopsMediaUploader('/home/xoops/uploads', $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight);
43	* if ($uploader->fetchMedia($_POST['uploade_file_name'])) {
44	* if (!$uploader->upload()) {
45	* echo $uploader->getErrors();
46	* } else {
47	* echo '<h4>File uploaded successfully!</h4>'
48	* echo 'Saved as: ' . $uploader->getSavedFileName() . '<br />';
49	* echo 'Full path: ' . $uploader->getSavedDestination();
50	* }
51	* } else {
52	* echo $uploader->getErrors();
53	* }
54	* </code>
55	*
56	* @package kernel
57	* @subpackage core
58	*
59	* @author Kazumi Ono <[email protected]>
60	* @copyright (c) 2000-2003 The Xoops Project - www.xoops.org
61	*/
62
63	define("XCUBE_IMAGETYPE_ENUM_GIF",1);
64	define("XCUBE_IMAGETYPE_ENUM_JPG",2);
65	define("XCUBE_IMAGETYPE_ENUM_PNG",3);
66	define("XCUBE_IMAGETYPE_ENUM_BMP",6);
67
68	class XoopsMediaUploader
69	{
70	/**
71	* Flag indicating if unrecognized mimetypes should be allowed (use with precaution ! may lead to security issues )
72	**/
73	var $allowUnknownTypes = false;
74	var $mediaName;
75	var $mediaType;
76	var $mediaSize;
77	var $mediaTmpName;
78	var $mediaError;
79	var $mediaRealType = '';
80	var $uploadDir = '';
81	var $allowedMimeTypes = array();
82	var $allowedExtensions = array();
83	var $maxFileSize = 0;
84	var $maxWidth;
85	var $maxHeight;
86	var $targetFileName;
87	var $prefix;
88	var $errors = array();
89	var $savedDestination;
90	var $savedFileName;
91	var $extensionToMime = array();
92
93	var $_strictCheckExtensions = array();
94
95	/**
96	* Constructor
97	*
98	* @param string $uploadDir
99	* @param array $allowedMimeTypes
100	* @param int $maxFileSize
101	* @param int $maxWidth
102	* @param int $maxHeight
103	* @param int $cmodvalue
104	**/
105	function XoopsMediaUploader($uploadDir, $allowedMimeTypes, $maxFileSize=0, $maxWidth=null, $maxHeight=null)
106	{
107	@$this->extensionToMime = include( XOOPS_ROOT_PATH . '/class/mimetypes.inc.php' );
108	if ( !is_array( $this->extensionToMime ) ) {
109	$this->extensionToMime = array();
110	return false;
111	}
112	if (is_array($allowedMimeTypes)) {
113	$this->allowedMimeTypes =& $allowedMimeTypes;
114	}
115	$this->uploadDir = $uploadDir;
116	$this->maxFileSize = intval($maxFileSize);
117	if(isset($maxWidth)) {
118	$this->maxWidth = intval($maxWidth);
119	}
120	if(isset($maxHeight)) {
121	$this->maxHeight = intval($maxHeight);
122	}
123
124	$this->_strictCheckExtensions = array("gif"=>XCUBE_IMAGETYPE_ENUM_GIF,
125	"jpg"=>XCUBE_IMAGETYPE_ENUM_JPG,
126	"jpeg"=>XCUBE_IMAGETYPE_ENUM_JPG,
127	"png"=>XCUBE_IMAGETYPE_ENUM_PNG,
128	"bmp"=>XCUBE_IMAGETYPE_ENUM_BMP);
129	}
130
131	function setAllowedExtensions($extensions)
132	{
133	$this->allowedExtensions = is_array($extensions) ? $extensions : array();
134	}
135
136	function setStrictCheckExtensions($extensions)
137	{
138	$this->_strictCheckExtensions = $extensions;
139	}
140
141	/**
142	* Fetch the uploaded file
143	*
144	* @param string $media_name Name of the file field
145	* @param int $index Index of the file (if more than one uploaded under that name)
146	* @return bool
147	**/
148	function fetchMedia($media_name, $index = null)
149	{
150	if ( empty( $this->extensionToMime ) ) {
151	$this->setErrors( 'Error loading mimetypes definition' );
152	return false;
153	}
154	if (!isset($_FILES[$media_name])) {
155	$this->setErrors('File not found');
156	return false;
157	} elseif (is_array($_FILES[$media_name]['name']) && isset($index)) {
158	$index = intval($index);
159	$this->mediaName = (get_magic_quotes_gpc()) ? stripslashes($_FILES[$media_name]['name'][$index]) : $_FILES[$media_name]['name'][$index];
160	$this->mediaType = $_FILES[$media_name]['type'][$index];
161	$this->mediaSize = $_FILES[$media_name]['size'][$index];
162	$this->mediaTmpName = $_FILES[$media_name]['tmp_name'][$index];
163	$this->mediaError = !empty($_FILES[$media_name]['error'][$index]) ? $_FILES[$media_name]['errir'][$index] : 0;
164	} else {
165	$media_name =& $_FILES[$media_name];
166	$this->mediaName = (get_magic_quotes_gpc()) ? stripslashes($media_name['name']) : $media_name['name'];
167	$this->mediaName = $media_name['name'];
168	$this->mediaType = $media_name['type'];
169	$this->mediaSize = $media_name['size'];
170	$this->mediaTmpName = $media_name['tmp_name'];
171	$this->mediaError = !empty($media_name['error']) ? $media_name['error'] : 0;
172	}
173	if ( ($ext = strrpos( $this->mediaName, '.' )) !== false ) {
174	$this->ext = strtolower ( substr( $this->mediaName, $ext + 1 ) );
175	if ( isset( $this->extensionToMime[$this->ext] ) ) {
176	$this->mediaRealType = $this->extensionToMime[$this->ext];
177	//trigger_error( "XoopsMediaUploader: Set mediaRealType to {$this->mediaRealType} (file extension is ".$this->ext.")", E_USER_NOTICE );
178	}
179	} else {
180	$this->setErrors('Invalid Extension');
181	return false;
182	}
183	$this->errors = array();
184	if (intval($this->mediaSize) < 0) {
185	$this->setErrors('Invalid File Size');
186	return false;
187	}
188	if ($this->mediaName == '') {
189	$this->setErrors('Filename Is Empty');
190	return false;
191	}
192	if ($this->mediaTmpName == 'none' \|\| !is_uploaded_file($this->mediaTmpName)) {
193	$this->setErrors('No file uploaded');
194	return false;
195	}
196	if ($this->mediaError > 0) {
197	$this->setErrors('Error occurred: Error #'.$this->mediaError);
198	return false;
199	}
200	return true;
201	}
202
203	/**
204	* Set the target filename
205	*
206	* @param string $value
207	**/
208	function setTargetFileName($value){
209	$this->targetFileName = strval(trim($value));
210	}
211
212	/**
213	* Set the prefix
214	*
215	* @param string $value
216	**/
217	function setPrefix($value){
218	$this->prefix = strval(trim($value));
219	}
220
221	/**
222	* Get the uploaded filename
223	*
224	* @return string
225	**/
226	function getMediaName()
227	{
228	return $this->mediaName;
229	}
230
231	/**
232	* Get the type of the uploaded file
233	*
234	* @return string
235	**/
236	function getMediaType()
237	{
238	return $this->mediaType;
239	}
240
241	/**
242	* Get the size of the uploaded file
243	*
244	* @return int
245	**/
246	function getMediaSize()
247	{
248	return $this->mediaSize;
249	}
250
251	/**
252	* Get the temporary name that the uploaded file was stored under
253	*
254	* @return string
255	**/
256	function getMediaTmpName()
257	{
258	return $this->mediaTmpName;
259	}
260
261	/**
262	* Get the saved filename
263	*
264	* @return string
265	**/
266	function getSavedFileName(){
267	return $this->savedFileName;
268	}
269
270	/**
271	* Get the destination the file is saved to
272	*
273	* @return string
274	**/
275	function getSavedDestination(){
276	return $this->savedDestination;
277	}
278
279	/**
280	* Check the file and copy it to the destination
281	*
282	* @return bool
283	**/
284	function upload($chmod = 0644)
285	{
286	if ($this->uploadDir == '') {
287	$this->setErrors('Upload directory not set');
288	return false;
289	}
290	if (!is_dir($this->uploadDir)) {
291	$this->setErrors('Failed opening directory: '.$this->uploadDir);
292	}
293	if (!is_writeable($this->uploadDir)) {
294	$this->setErrors('Failed opening directory with write permission: '.$this->uploadDir);
295	}
296	if (!$this->checkMaxFileSize()) {
297	$this->setErrors('File size too large: '.$this->mediaSize);
298	}
299	if (!$this->checkMaxWidth()) {
300	$this->setErrors(sprintf('File width must be smaller than %u', $this->maxWidth));
301	}
302	if (!$this->checkMaxHeight()) {
303	$this->setErrors(sprintf('File height must be smaller than %u', $this->maxHeight));
304	}
305	if (!$this->checkMimeType()) {
306	$this->setErrors("Invalid file type");
307	}
308	if (count($this->errors) > 0) {
309	return false;
310	}
311	if (!$this->_copyFile($chmod)) {
312	$this->setErrors('Failed uploading file: '.$this->mediaName);
313	return false;
314	}
315	return true;
316	}
317
318	/**
319	* Copy the file to its destination
320	*
321	* @return bool
322	**/
323	function _copyFile($chmod)
324	{
325	if (isset($this->targetFileName)) {
326	$this->savedFileName = $this->targetFileName;
327	} elseif (isset($this->prefix)) {
328	$this->savedFileName = uniqid($this->prefix).'.'.strtolower($this->ext);
329	} else {
330	$this->savedFileName = strtolower($this->mediaName);
331	}
332	$this->savedDestination = $this->uploadDir.'/'.$this->savedFileName;
333	if (!move_uploaded_file($this->mediaTmpName, $this->savedDestination)) {
334	return false;
335	}
336	@chmod($this->savedDestination, $chmod);
337	return true;
338	}
339
340	/**
341	* Is the file the right size?
342	*
343	* @return bool
344	**/
345	function checkMaxFileSize()
346	{
347	if ($this->mediaSize > $this->maxFileSize) {
348	return false;
349	}
350	return true;
351	}
352
353	/**
354	* Is the picture the right width?
355	*
356	* @return bool
357	**/
358	function checkMaxWidth()
359	{
360	if (!isset($this->maxWidth)) {
361	return true;
362	}
363	if (false !== $dimension = getimagesize($this->mediaTmpName)) {
364	if ($dimension[0] > $this->maxWidth) {
365	return false;
366	}
367	} else {
368	trigger_error(sprintf('Failed fetching image size of %s, skipping max width check..', $this->mediaTmpName), E_USER_WARNING);
369	}
370	return true;
371	}
372
373	/**
374	* Is the picture the right height?
375	*
376	* @return bool
377	**/
378	function checkMaxHeight()
379	{
380	if (!isset($this->maxHeight)) {
381	return true;
382	}
383	if (false !== $dimension = getimagesize($this->mediaTmpName)) {
384	if ($dimension[1] > $this->maxHeight) {
385	return false;
386	}
387	} else {
388	trigger_error(sprintf('Failed fetching image size of %s, skipping max height check..', $this->mediaTmpName), E_USER_WARNING);
389	}
390	return true;
391	}
392
393	/**
394	* Check whether or not the uploaded file type is allowed
395	*
396	* @return bool
397	**/
398	function checkMimeType()
399	{
400	if (!empty($this->allowedExtensions)) {
401	if (!in_array($this->ext, $this->allowedExtensions)) {
402	$this->setErrors( 'File extension not allowed' );
403	return false;
404	}
405	// Since the file extension is already checked against
406	// allowed file extension values, it is safe to use
407	// $this->mediaType for the allowed mime type check as was in
408	// <= 2.0.9.2
409	if (!empty($this->allowedMimeTypes)&& !in_array($this->mediaType, $this->allowedMimeTypes)) {
410	$this->setErrors('Unexpected MIME Type');
411	return false;
412	}
413	} else {
414	// use $this->mediaRealType for the allowed mime type check to
415	// make it more restrictive/secure
416	if (empty( $this->mediaRealType ) && !$this->allowUnknownTypes) {
417	return false;
418	}
419	if (!empty($this->allowedMimeTypes)&& !in_array($this->mediaRealType, $this->allowedMimeTypes)) {
420	$this->setErrors('Unexpected MIME Type');
421	return false;
422	}
423	}
424
425	// If this extension need strict check, call method for it.
426	if(isset($this->_strictCheckExtensions[$this->ext])) {
427	return $this->_checkStrict();
428	}
429	else {
430	return true;
431	}
432	}
433
434	function _checkStrict()
435	{
436	$parseValue = getimagesize($this->mediaTmpName);
437
438	if($parseValue===false)
439	return false;
440
441	return $parseValue[2]==$this->_strictCheckExtensions[$this->ext];
442	}
443
444	/**
445	* Check whether or not the uploaded file type is allowed
446	*
447	* @return bool
448	**/
449	function checkExpectedMimeType()
450	{
451	if ( empty( $this->mediaRealType ) && !$this->allowUnknownTypes ) {
452	return false;
453	}
454
455	return ( empty($this->allowedMimeTypes) \|\| in_array($this->mediaRealType, $this->allowedMimeTypes) );
456	}
457
458	/**
459	* Add an error
460	*
461	* @param string $error
462	**/
463	function setErrors($error)
464	{
465	$this->errors[] = trim($error);
466	}
467
468	/**
469	* Get generated errors
470	*
471	* @param bool $ashtml Format using HTML?
472	*
473	* @return array\|string Array of array messages OR HTML string
474	*/
475	function &getErrors($ashtml = true)
476	{
477	if (!$ashtml) {
478	return $this->errors;
479	} else {
480	$ret = '';
481	if (count($this->errors) > 0) {
482	$ret = '<h4>Errors Returned While Uploading</h4>';
483	foreach ($this->errors as $error) {
484	$ret .= $error.'<br />';
485	}
486	}
487	return $ret;
488	}
489	}
490	}
491	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: