3 * Handles POST uploads, generates filenames, moves files around and commits
4 * uploaded metadata to database.
7 require_once 'classes/Response.class.php';
8 require_once 'classes/UploadException.class.php';
9 require_once 'classes/UploadedFile.class.php';
10 require_once 'includes/database.inc.php';
13 * Generates a random name for the file, retrying until we get an unused one.
15 * @param UploadedFile $file
19 function generateName($file)
24 // We start at N retries, and --N until we give up
25 $tries = UGUU_FILES_RETRIES
;
26 $length = UGUU_FILES_LENGTH
;
28 $ext = pathinfo($file->name
, PATHINFO_EXTENSION
);
30 $finfo = finfo_open(FILEINFO_MIME_TYPE
);
31 $type_mime = finfo_file($finfo, $file->tempfile
);
34 // Check if extension is a double-dot extension and, if true, override $ext
35 $revname = strrev($file->name
);
36 foreach ($doubledots as $ddot) {
37 if (stripos($revname, $ddot) === 0) {
43 // Iterate until we reach the maximum number of retries
45 http_response_code(500);
47 'Gave up trying to find an unused name',
49 ); // HTTP status code "500 Internal Server Error"
54 for ($i = 0; $i < $length; ++
$i) {
55 $name .= $chars[mt_rand(0, strlen($chars))];
58 // Add the extension to the file name
59 if (isset($ext) && $ext !== '') {
63 //Check if mime is blacklisted
64 if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME
))) {
65 http_response_code(415);
66 throw new Exception ('Extension type not allowed.');
70 //Check if EXT is blacklisted
71 if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS
))) {
72 http_response_code(415);
73 throw new Exception ('Extension type not allowed.');
77 // Check if a file with the same name does already exist in the database
78 $q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
79 $q->bindValue(':name', $name, PDO
::PARAM_STR
);
81 $result = $q->fetchColumn();
82 // If it does, generate a new name
83 } while ($result > 0);
88 * Handles the uploading and db entry for a file.
90 * @param UploadedFile $file
94 function uploadFile($file)
100 // Handle file errors
102 throw new UploadException($file->error
);
105 // Generate a name for the file
106 $newname = generateName($file);
109 $ip = $_SERVER['REMOTE_ADDR'];
111 // Store the file's full file path in memory
112 $uploadFile = UGUU_FILES_ROOT
. $newname;
114 // Attempt to move it to the static directory
115 if (!move_uploaded_file($file->tempfile
, $uploadFile)) {
116 http_response_code(500);
118 'Failed to move file to destination',
120 ); // HTTP status code "500 Internal Server Error"
123 // Need to change permissions for the new file to make it world readable
124 if (!chmod($uploadFile, 0644)) {
125 http_response_code(500);
127 'Failed to change file permissions',
129 ); // HTTP status code "500 Internal Server Error"
132 // Add it to the database
134 $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)');
137 $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)');
139 // Common parameters binding
140 $q->bindValue(':hash', $file->getSha1(), PDO
::PARAM_STR
);
141 $q->bindValue(':orig', strip_tags($file->name
), PDO
::PARAM_STR
);
142 $q->bindValue(':name', $newname, PDO
::PARAM_STR
);
143 $q->bindValue(':size', $file->size
, PDO
::PARAM_INT
);
144 $q->bindValue(':date', time(), PDO
::PARAM_INT
);
145 $q->bindValue(':ip', $ip, PDO
::PARAM_STR
);
149 'hash' => $file->getSha1(),
150 'name' => $file->name
,
151 'url' => UGUU_URL
.rawurlencode($newname),
152 'size' => $file->size
,
157 * Reorder files array by file.
163 function diverseArray($files)
167 foreach ($files as $key1 => $value1) {
168 foreach ($value1 as $key2 => $value2) {
169 $result[$key2][$key1] = $value2;
177 * Reorganize the $_FILES array into something saner.
183 function refiles($files)
186 $files = diverseArray($files);
188 foreach ($files as $file) {
189 $f = new UploadedFile();
190 $f->name
= $file['name'];
191 $f->mime
= $file['type'];
192 $f->size
= $file['size'];
193 $f->tempfile
= $file['tmp_name'];
194 $f->error
= $file['error'];
201 $type = isset($_GET['output']) ? $_GET['output'] : 'json';
202 $response = new Response($type);
204 if (isset($_FILES['files'])) {
205 $uploads = refiles($_FILES['files']);
208 foreach ($uploads as $upload) {
209 $res[] = uploadFile($upload);
211 $response->send($res);
212 } catch (Exception
$e) {
213 $response->error($e->getCode(), $e->getMessage());
216 $response->error(400, 'No input file(s)');