3 * Handles POST uploads, generates filenames, moves files around and commits
4 * uploaded metadata to database.
6 require_once 'classes/Response.class.php';
7 require_once 'classes/UploadException.class.php';
8 require_once 'classes/UploadedFile.class.php';
9 require_once 'includes/database.inc.php';
12 * Generates a random name for the file, retrying until we get an unused one.
14 * @param UploadedFile $file
18 function generateName($file)
23 // We start at N retries, and --N until we give up
24 $tries = UGUU_FILES_RETRIES
;
25 $length = UGUU_FILES_LENGTH
;
28 $ext = pathinfo($file->name
, PATHINFO_EXTENSION
);
31 $finfo = finfo_open(FILEINFO_MIME_TYPE
);
32 $type_mime = finfo_file($finfo, $file->tempfile
);
35 // Check if extension is a double-dot extension and, if true, override $ext
36 $revname = strrev($file->name
);
37 foreach ($doubledots as $ddot) {
38 if (stripos($revname, $ddot) === 0) {
44 // Iterate until we reach the maximum number of retries
46 http_response_code(500);
48 'Gave up trying to find an unused name',
50 ); // HTTP status code "500 Internal Server Error"
55 for ($i = 0; $i < $length; ++
$i) {
56 $name .= $chars[mt_rand(0, strlen($chars))];
59 // Add the extension to the file name
60 if (isset($ext) && $ext !== '') {
64 //Check if MIME is blacklisted
65 if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME
))) {
66 http_response_code(415);
67 throw new UploadException(UPLOAD_ERR_EXTENSION
);
70 //Check if EXT is blacklisted
71 if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS
))) {
72 http_response_code(415);
73 throw new UploadException(UPLOAD_ERR_EXTENSION
);
77 // Check if a file with the same name does already exist in the database
78 $q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
79 $q->bindValue(':name', $name, PDO
::PARAM_STR
);
81 $result = $q->fetchColumn();
82 // If it does, generate a new name
83 } while ($result > 0);
89 * Handles the uploading and db entry for a file.
91 * @param UploadedFile $file
95 function uploadFile($file)
101 // Handle file errors
103 throw new UploadException($file->error
);
107 $lol = $file->getSha1();
109 // Check if a file with the same hash and size (a file which is the same)
110 // does already exist in the database; if it does, return the proper link
111 // and data. PHP deletes the temporary file just uploaded automatically.
112 if(ANTI_DUPE
== 'true'){
113 $q = $db->prepare('SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash) AND size = (:size)');
114 $q->bindValue(':hash', $file->getSha1(), PDO
::PARAM_STR
);
115 $q->bindValue(':size', $file->size
, PDO
::PARAM_INT
);
117 $result = $q->fetch();
118 if ($result['count'] > 0) {
120 'hash' => $file->getSha1(),
121 'name' => $file->name
,
122 'url' => UGUU_URL
.rawurlencode($result['filename']),
123 'size' => $file->size
,
129 $ip = $_SERVER['REMOTE_ADDR'];
131 // Generate a name for the file
132 $newname = generateName($file);
134 // Store the file's full file path in memory
135 $uploadFile = UGUU_FILES_ROOT
.$newname;
137 // Attempt to move it to the static directory
138 if (!move_uploaded_file($file->tempfile
, $uploadFile)) {
139 http_response_code(500);
141 'Failed to move file to destination',
143 ); // HTTP status code "500 Internal Server Error"
146 // Need to change permissions for the new file to make it world readable
147 if (!chmod($uploadFile, 0644)) {
148 http_response_code(500);
150 'Failed to change file permissions',
152 ); // HTTP status code "500 Internal Server Error"
155 // Add it to the database
156 if(LOG_IP
== 'true'){
157 $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)');
160 $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)');
163 // Common parameters binding
164 $q->bindValue(':hash', $file->getSha1(), PDO
::PARAM_STR
);
165 $q->bindValue(':orig', strip_tags($file->name
), PDO
::PARAM_STR
);
166 $q->bindValue(':name', $newname, PDO
::PARAM_STR
);
167 $q->bindValue(':size', $file->size
, PDO
::PARAM_INT
);
168 $q->bindValue(':date', time(), PDO
::PARAM_STR
);
169 $q->bindValue(':ip', $ip, PDO
::PARAM_STR
);
173 'hash' => $file->getSha1(),
174 'name' => $file->name
,
175 'url' => UGUU_URL
.rawurlencode($newname),
176 'size' => $file->size
,
181 * Reorder files array by file.
185 function diverseArray($files)
189 foreach ($files as $key1 => $value1) {
190 foreach ($value1 as $key2 => $value2) {
191 $result[$key2][$key1] = $value2;
199 * Reorganize the $_FILES array into something saner.
203 function refiles($files)
206 $files = diverseArray($files);
208 foreach ($files as $file) {
209 $f = new UploadedFile();
210 $f->name
= $file['name'];
211 $f->mime
= $file['type'];
212 $f->size
= $file['size'];
213 $f->tempfile
= $file['tmp_name'];
214 $f->error
= $file['error'];
221 $type = isset($_GET['output']) ? $_GET['output'] : 'json';
222 $response = new Response($type);
224 if (isset($_FILES['files'])) {
225 $uploads = refiles($_FILES['files']);
228 foreach ($uploads as $upload) {
229 $res[] = uploadFile($upload);
231 $response->send($res);
232 } catch (Exception
$e) {
233 $response->error($e->getCode(), $e->getMessage());
236 $response->error(400, 'No input file(s)');