3 * Require the settings and DB files.
5 require_once 'classes/Response.class.php';
6 require_once 'classes/UploadException.class.php';
7 require_once 'classes/UploadedFile.class.php';
8 require_once 'includes/database.inc.php';
11 * Generates name and checks in DB
14 function generateName($file)
19 // We start at N retries, and --N until we give up
20 $tries = POMF_FILES_RETRIES
;
21 $length = POMF_FILES_LENGTH
;
23 $ext = pathinfo($file->name
, PATHINFO_EXTENSION
);
25 $finfo = finfo_open(FILEINFO_MIME_TYPE
);
26 $type_mime = finfo_file($finfo, $file->tempfile
);
29 // Check if extension is a double-dot extension and, if true, override $ext
30 $revname = strrev($file->name
);
31 foreach ($doubledots as $ddot) {
32 if (stripos($revname, $ddot) === 0) {
38 // Iterate until we reach the maximum number of retries
41 'Gave up trying to find an unused name',
43 ); // HTTP status code "500 Internal Server Error"
48 for ($i = 0; $i < $length; ++
$i) {
49 $name .= $chars[mt_rand(0, strlen($chars))];
52 // Add the extension to the file name
53 if (isset($ext) && $ext !== '') {
57 //Check if mime is blacklisted
58 if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME
))) {
59 throw new Exception('Extension type not allowed.');
63 //Check if EXT is blacklisted
64 if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS
))) {
65 throw new Exception('Extension type not allowed.');
69 // Check if a file with the same name does already exist in the database
70 $q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
71 $q->bindValue(':name', $name, PDO
::PARAM_STR
);
73 $result = $q->fetchColumn();
74 // If it does, generate a new name
75 } while ($result > 0);
81 * Handles the uploading and db entry for a file.
83 * @param UploadedFile $file
87 function uploadFile($file)
95 throw new UploadException($file->error
);
98 // Generate a name for the file
99 $newname = generateName($file);
101 // Store the file's full file path in memory
102 $uploadFile = POMF_FILES_ROOT
.$newname;
104 // Attempt to move it to the static directory
105 if (!move_uploaded_file($file->tempfile
, $uploadFile)) {
107 'Failed to move file to destination',
109 ); // HTTP status code "500 Internal Server Error"
112 // Need to change permissions for the new file to make it world readable
113 if (!chmod($uploadFile, 0644)) {
115 'Failed to change file permissions',
117 ); // HTTP status code "500 Internal Server Error"
120 // Add it to the database
121 $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date) VALUES (:hash, :orig, :name, :size, :date)');
123 // Common parameters binding
124 $q->bindValue(':hash', $file->getSha1(), PDO
::PARAM_STR
);
125 $q->bindValue(':orig', strip_tags($file->name
), PDO
::PARAM_STR
);
126 $q->bindValue(':name', $newname, PDO
::PARAM_STR
);
127 $q->bindValue(':size', $file->size
, PDO
::PARAM_INT
);
128 $q->bindValue(':date', time(), PDO
::PARAM_INT
);
132 'hash' => $file->getSha1(),
133 'name' => $file->name
,
134 'url' => POMF_URL
.rawurlencode($newname),
135 'size' => $file->size
,
140 * Reorder files array by file.
144 function diverseArray($files)
148 foreach ($files as $key1 => $value1) {
149 foreach ($value1 as $key2 => $value2) {
150 $result[$key2][$key1] = $value2;
158 * Reorganize the $_FILES array into something saner.
162 function refiles($files)
165 $files = diverseArray($files);
167 foreach ($files as $file) {
168 $f = new UploadedFile();
169 $f->name
= $file['name'];
170 $f->mime
= $file['type'];
171 $f->size
= $file['size'];
172 $f->tempfile
= $file['tmp_name'];
173 $f->error
= $file['error'];
180 $type = isset($_GET['output']) ? $_GET['output'] : 'json';
181 $response = new Response($type);
183 if (isset($_FILES['files'])) {
184 $uploads = refiles($_FILES['files']);
187 foreach ($uploads as $upload) {
188 $res[] = uploadFile($upload);
190 $response->send($res);
191 } catch (Exception
$e) {
192 $response->error($e->getCode(), $e->getMessage());
195 $response->error(400, 'No input file(s)');