* @requires App.inc.php * @version 1.0 */ require_once dirname(__FILE__) . '/App.inc.php'; class Upload { // General object parameters. var $_params = array( 'display_messages' => true, 'allow_overwriting' => false, ); // Disk path where new image(s) will be uploaded. var $upload_directory_path = null; // Array of files with errors. var $errors = array(); // Array of acceptable file extensions (lowercase). var $valid_file_extensions = array('jpg', 'jpeg', 'gif', 'png', 'pdf', 'txt', 'text', 'html', 'htm'); // The uploaded files will normally be owned by user 'apache'. Set world-read/write // if the website admin needs to read/delete these files. var $dest_file_perms = 0600; // Array of file extensions and corresponding mime-types. var $mime_extension_map = array( 'Z' => 'application/x-compress', 'ai' => 'application/postscript', 'aif' => 'audio/x-aiff', 'aifc' => 'audio/x-aiff', 'aiff' => 'audio/x-aiff', 'asc' => 'text/plain', 'asf' => 'video/x-ms-asf', 'asx' => 'video/x-ms-asf', 'au' => 'audio/basic', 'avi' => 'video/x-msvideo', 'bcpio' => 'application/x-bcpio', 'bin' => 'application/octet-stream', 'bmp' => 'image/bmp', 'cdf' => 'application/x-netcdf', 'class' => 'application/octet-stream', 'cpio' => 'application/x-cpio', 'cpt' => 'application/mac-compactpro', 'csh' => 'application/x-csh', 'css' => 'text/css', 'dcr' => 'application/x-director', 'diff' => 'text/diff', 'dir' => 'application/x-director', 'dll' => 'application/octet-stream', 'dms' => 'application/octet-stream', 'doc' => 'application/msword', 'dvi' => 'application/x-dvi', 'dxr' => 'application/x-director', 'eps' => 'application/postscript', 'etx' => 'text/x-setext', 'exe' => 'application/octet-stream', 'ez' => 'application/andrew-inset', 'gif' => 'image/gif', 'gtar' => 'application/x-gtar', 'gz' => 'application/x-gzip', 'hdf' => 'application/x-hdf', 'hqx' => 'application/mac-binhex40', 'htm' => 'text/html', 'html' => 'text/html', 'ice' => 'x-conference/x-cooltalk', 'ics' => 'text/calendar', 'ief' => 'image/ief', 'ifb' => 'text/calendar', 'iges' => 'model/iges', 'igs' => 'model/iges', 'jpe' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'jpg' => 'image/jpeg', 'js' => 'application/x-javascript', 'kar' => 'audio/midi', 'latex' => 'application/x-latex', 'lha' => 'application/octet-stream', 'log' => 'text/plain', 'lzh' => 'application/octet-stream', 'm3u' => 'audio/x-mpegurl', 'man' => 'application/x-troff-man', 'me' => 'application/x-troff-me', 'mesh' => 'model/mesh', 'mid' => 'audio/midi', 'midi' => 'audio/midi', 'mif' => 'application/vnd.mif', 'mov' => 'video/quicktime', 'movie' => 'video/x-sgi-movie', 'mp2' => 'audio/mpeg', 'mp3' => 'audio/mpeg', 'mpe' => 'video/mpeg', 'mpeg' => 'video/mpeg', 'mpg' => 'video/mpeg', 'mpga' => 'audio/mpeg', 'ms' => 'application/x-troff-ms', 'msh' => 'model/mesh', 'mxu' => 'video/vnd.mpegurl', 'nc' => 'application/x-netcdf', 'oda' => 'application/oda', 'patch' => 'text/diff', 'pbm' => 'image/x-portable-bitmap', 'pdb' => 'chemical/x-pdb', 'pdf' => 'application/pdf', 'pgm' => 'image/x-portable-graymap', 'pgn' => 'application/x-chess-pgn', 'php' => 'application/x-httpd-php', 'php3' => 'application/x-httpd-php3', 'pl' => 'application/x-perl', 'pm' => 'application/x-perl', 'png' => 'image/png', 'pnm' => 'image/x-portable-anymap', 'po' => 'text/plain', 'ppm' => 'image/x-portable-pixmap', 'ppt' => 'application/vnd.ms-powerpoint', 'ps' => 'application/postscript', 'qt' => 'video/quicktime', 'ra' => 'audio/x-realaudio', 'ram' => 'audio/x-pn-realaudio', 'ras' => 'image/x-cmu-raster', 'rgb' => 'image/x-rgb', 'rm' => 'audio/x-pn-realaudio', 'roff' => 'application/x-troff', 'rpm' => 'audio/x-pn-realaudio-plugin', 'rtf' => 'text/rtf', 'rtx' => 'text/richtext', 'sgm' => 'text/sgml', 'sgml' => 'text/sgml', 'sh' => 'application/x-sh', 'shar' => 'application/x-shar', 'shtml' => 'text/html', 'silo' => 'model/mesh', 'sit' => 'application/x-stuffit', 'skd' => 'application/x-koan', 'skm' => 'application/x-koan', 'skp' => 'application/x-koan', 'skt' => 'application/x-koan', 'smi' => 'application/smil', 'smil' => 'application/smil', 'snd' => 'audio/basic', 'so' => 'application/octet-stream', 'spl' => 'application/x-futuresplash', 'src' => 'application/x-wais-source', 'stc' => 'application/vnd.sun.xml.calc.template', 'std' => 'application/vnd.sun.xml.draw.template', 'sti' => 'application/vnd.sun.xml.impress.template', 'stw' => 'application/vnd.sun.xml.writer.template', 'sv4cpio' => 'application/x-sv4cpio', 'sv4crc' => 'application/x-sv4crc', 'swf' => 'application/x-shockwave-flash', 'sxc' => 'application/vnd.sun.xml.calc', 'sxd' => 'application/vnd.sun.xml.draw', 'sxg' => 'application/vnd.sun.xml.writer.global', 'sxi' => 'application/vnd.sun.xml.impress', 'sxm' => 'application/vnd.sun.xml.math', 'sxw' => 'application/vnd.sun.xml.writer', 't' => 'application/x-troff', 'tar' => 'application/x-tar', 'tcl' => 'application/x-tcl', 'tex' => 'application/x-tex', 'texi' => 'application/x-texinfo', 'texinfo' => 'application/x-texinfo', 'tgz' => 'application/x-gtar', 'tif' => 'image/tiff', 'tiff' => 'image/tiff', 'tr' => 'application/x-troff', 'tsv' => 'text/tab-separated-values', 'txt' => 'text/plain', 'ustar' => 'application/x-ustar', 'vcd' => 'application/x-cdlink', 'vcf' => 'text/x-vcard', 'vcs' => 'text/calendar', 'vfb' => 'text/calendar', 'vrml' => 'model/vrml', 'vsd' => 'application/vnd.visio', 'wav' => 'audio/x-wav', 'wax' => 'audio/x-ms-wax', 'wbmp' => 'image/vnd.wap.wbmp', 'wbxml' => 'application/vnd.wap.wbxml', 'wm' => 'video/x-ms-wm', 'wma' => 'audio/x-ms-wma', 'wmd' => 'application/x-ms-wmd', 'wml' => 'text/vnd.wap.wml', 'wmlc' => 'application/vnd.wap.wmlc', 'wmls' => 'text/vnd.wap.wmlscript', 'wmlsc' => 'application/vnd.wap.wmlscriptc', 'wmv' => 'video/x-ms-wmv', 'wmx' => 'video/x-ms-wmx', 'wmz' => 'application/x-ms-wmz', 'wrl' => 'model/vrml', 'wvx' => 'video/x-ms-wvx', 'xbm' => 'image/x-xbitmap', 'xht' => 'application/xhtml+xml', 'xhtml' => 'application/xhtml+xml', 'xls' => 'application/vnd.ms-excel', 'xml' => 'application/xml', 'xpm' => 'image/x-xpixmap', 'xsl' => 'text/xml', 'xwd' => 'image/x-xwindowdump', 'xyz' => 'chemical/x-xyz', 'zip' => 'application/zip' ); /** * Set (or overwrite existing) parameters by passing an array of new parameters. * * @access public * @param array $params Array of parameters (key => val pairs). */ function setParam($params) { if (isset($params) && is_array($params)) { // Merge new parameters with old overriding only those passed. $this->_params = array_merge($this->_params, $params); } else { App::logMsg(sprintf('Parameters are not an array: %s', $params), LOG_ERR, __FILE__, __LINE__); } } /** * Return the value of a parameter, if it exists. * * @access public * @param string $param Which parameter to return. * @return mixed Configured parameter value. */ function getParam($param) { if (isset($this->_params[$param])) { return $this->_params[$param]; } else { App::logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); return null; } } /** * */ function setUploadPath($path) { $path = realpath($path); if (!is_dir($path)) { App::logMsg(sprintf('Upload directory invalid: %s', $path), LOG_ERR, __FILE__, __LINE__); } if (!is_writable($path)) { App::logMsg(sprintf('Upload directory not writable: %s', $path), LOG_ERR, __FILE__, __LINE__); } // Set the default upload path, stripping any extra slashes if needed. $this->upload_directory_path = preg_replace('!/+$!', '', $path); } /** * */ function process($form_name, $custom_file_name=null) { // Ensure we have a upload directory. if (!isset($this->upload_directory_path)) { App::logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__); $this->raiseMsg(_("There was a problem with the file upload. Please try again later."), MSG_ERR, __FILE__, __LINE__); return false; } if (!isset($_FILES[$form_name])) { App::logMsg(sprintf(_("Form element %s not posted."), $form_name), LOG_ERR, __FILE__, __LINE__); $this->raiseMsg(_("There was a problem with the file upload. Please try again."), MSG_ERR, __FILE__, __LINE__); return false; } if (is_array($_FILES[$form_name]['name'])) { $files = $_FILES[$form_name]; } else { // Convert variables to single-cell array so it will loop. $files = array( 'name' => array($_FILES[$form_name]['name']), 'type' => array($_FILES[$form_name]['type']), 'tmp_name' => array($_FILES[$form_name]['tmp_name']), 'error' => array($_FILES[$form_name]['error']), 'size' => array($_FILES[$form_name]['size']), ); } // To keep this script running even if user tries to stop browser. ignore_user_abort(true); if (!ini_get('safe_mode')) { set_time_limit(300); } $new_file_names = array(); $num = sizeof($files['name']); for ($i=0; $i<$num; $i++) { $file_path_name = ''; if ('' == trim($files['tmp_name'][$i])) { // User may not have attached a file. continue; } // Check The php upload error messages. if (UPLOAD_ERR_INI_SIZE === $files['error'][$i]) { if ($this->getParam('display_messages')) { $this->raiseMsg(sprintf(_("The file %s failed uploading: it exceeds the maximum allowed upload file size of %s."), $files['name'][$i], ini_get('upload_max_filesize')), MSG_ERR, __FILE__, __LINE__); } App::logMsg(sprintf(_("The file %s failed uploading with PHP error %s UPLOAD_ERR_INI_SIZE (currently %s)."), $files['error'][$i], $files['name'][$i], ini_get('upload_max_filesize')), LOG_ERR, __FILE__, __LINE__); $this->errors[] = $files['name'][$i]; continue; } if (UPLOAD_ERR_FORM_SIZE === $files['error'][$i]) { $this->raiseMsg(sprintf(_("The file %s failed uploading: it exceeds the maximum allowed upload file size of %s."), $files['name'][$i], $_POST['MAX_FILE_SIZE']), MSG_ERR, __FILE__, __LINE__); App::logMsg(sprintf(_("The file %s failed uploading with PHP error %s UPLOAD_ERR_FORM_SIZE (currently %s)."), $files['error'][$i], $files['name'][$i], $_POST['MAX_FILE_SIZE']), LOG_ERR, __FILE__, __LINE__); $this->errors[] = $files['name'][$i]; continue; } if (UPLOAD_ERR_PARTIAL === $files['error'][$i]) { $this->raiseMsg(sprintf(_("The file %s failed uploading: it was only partially uploaded."), $files['name'][$i]), MSG_ERR, __FILE__, __LINE__); App::logMsg(sprintf(_("The file %s failed uploading with PHP error %s UPLOAD_ERR_PARTIAL."), $files['error'][$i], $files['name'][$i]), LOG_ERR, __FILE__, __LINE__); $this->errors[] = $files['name'][$i]; continue; } if (UPLOAD_ERR_NO_FILE === $files['error'][$i]) { $this->raiseMsg(sprintf(_("The file %s failed uploading: no file was uploaded."), $files['name'][$i]), MSG_ERR, __FILE__, __LINE__); App::logMsg(sprintf(_("The file %s failed uploading with PHP error %s UPLOAD_ERR_NO_FILE."), $files['error'][$i], $files['name'][$i]), LOG_ERR, __FILE__, __LINE__); $this->errors[] = $files['name'][$i]; continue; } if (UPLOAD_ERR_NO_TMP_DIR === $files['error'][$i]) { $this->raiseMsg(sprintf(_("The file %s failed uploading: temporary upload directory missing."), $files['name'][$i]), MSG_ERR, __FILE__, __LINE__); App::logMsg(sprintf(_("The file %s failed uploading with PHP error %s UPLOAD_ERR_NO_TMP_DIR."), $files['error'][$i], $files['name'][$i]), LOG_ERR, __FILE__, __LINE__); $this->errors[] = $files['name'][$i]; continue; } // Check to be sure it's an uploaded file. if (!is_uploaded_file($files['tmp_name'][$i])) { $this->raiseMsg(sprintf(_("The file %s failed uploading."), $files['name'][$i]), MSG_ERR, __FILE__, __LINE__); App::logMsg(sprintf(_("The file %s failed is_uploaded_file."), $files['name'][$i]), LOG_ERR, __FILE__, __LINE__); $this->errors[] = $files['name'][$i]; continue; } // Check to be sure the file is not empty. if ($files['size'][$i] < 1) { $this->raiseMsg(sprintf(_("The file %s failed uploading: it contains zero bytes."), $files['name'][$i]), MSG_ERR, __FILE__, __LINE__); App::logMsg(sprintf(_("The uploaded file %s contains zero bytes."), $files['name'][$i]), LOG_ERR, __FILE__, __LINE__); $this->errors[] = $files['name'][$i]; continue; } // Check to be sure the file has a valid file extension. if (!in_array(strtolower($this->getFilenameExtension($files['name'][$i])), $this->valid_file_extensions)) { $this->raiseMsg(sprintf(_("The file %s failed uploading: it is an unrecognized type. Files must have one of the following file extensions: %s."), $files['name'][$i], join(', ', $this->valid_file_extensions)), MSG_ERR, __FILE__, __LINE__); App::logMsg(sprintf(_("The uploaded file %s has an unrecognized file extension."), $files['name'][$i]), LOG_WARNING, __FILE__, __LINE__); $this->errors[] = $files['name'][$i]; continue; } // Check to be sure the file has a unique file name. if (!$this->getParam('allow_overwriting') && $this->exists($files['name'][$i])) { $this->raiseMsg(sprintf(_("The file %s failed uploading: a file with that name already exists."), $files['name'][$i]), MSG_ERR, __FILE__, __LINE__); App::logMsg(sprintf(_("The uploaded file %s doesn't have a unique filename."), $files['name'][$i]), LOG_WARNING, __FILE__, __LINE__); $this->errors[] = $files['name'][$i]; continue; } // Determine file name. if ($num == 1) { // Single upload. if (isset($custom_file_name) && '' != $custom_file_name) { // Valid custom file name. $file_name = $custom_file_name; $this->raiseMsg(sprintf(_("The file %s has been renamed to %s."), $files['name'][$i], $file_name), MSG_NOTICE, __FILE__, __LINE__); App::logMsg(sprintf('Using custom file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__); } else { // Invalid custom file name provided. Use uploaded file name. $file_name = $files['name'][$i]; App::logMsg(sprintf('Using uploaded file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__); } } else { // Multiple upload. Final file names must be array. if (isset($custom_file_name) && is_array($custom_file_name) && '' != $custom_file_name[$i]) { // Valid custom file name. $file_name = $custom_file_name[$i]; $this->raiseMsg(sprintf(_("The file %s has been renamed to %s."), $files['name'][$i], $file_name), MSG_NOTICE, __FILE__, __LINE__); App::logMsg(sprintf('Using custom file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__); } else { // Invalid custom file name provided. Use uploaded file name. $file_name = $files['name'][$i]; App::logMsg(sprintf('Using uploaded file name: %s', $file_name), LOG_DEBUG, __FILE__, __LINE__); } } // Clean the file name of bad characters. $file_name = $this->cleanFileName($file_name); // If the file name has no extension, use the mime-type extension. if (!preg_match('/\.[^.]{1,5}$/', $file_name) && function_exists('mime_content_type')) { if ($ext = array_search(mime_content_type($files['type'][$i]), $this->mime_extension_map)) { $file_name .= ".$ext"; } } // Set the path and file name. $file_path_name = $this->upload_directory_path . '/' . $file_name; // Move the file to the final place. if (move_uploaded_file($files['tmp_name'][$i], $file_path_name)) { chmod($file_path_name, $this->dest_file_perms); $this->raiseMsg(sprintf(_("The file %s uploaded successfully."), $files['name'][$i]), MSG_SUCCESS, __FILE__, __LINE__); if (!isset($custom_file_name) && $files['name'][$i] != $file_name) { // Notify user if uploaded file name was modified (unless a custom file name will be used anyways). $this->raiseMsg(sprintf(_("The file %s was renamed to %s."), $files['name'][$i], $file_name), MSG_NOTICE, __FILE__, __LINE__); } $new_file_names[] = array( 'name' => $file_name, 'size' => filesize($file_path_name), 'extension' => strtolower(substr($file_name, strrpos($file_name, '.') + 1)), ); continue; } else { $this->raiseMsg(sprintf(_("The file %s failed uploading."), $files['name'][$i]), MSG_ERR, __FILE__, __LINE__); App::logMsg(sprintf(_("Moving file failed: %s -> %s"), $files['tmp_name'][$i], $file_path_name), LOG_ALERT, __FILE__, __LINE__); $this->errors[] = $files['name'][$i]; continue; } } return (sizeof($new_file_names) > 0) ? $new_file_names : false; } /** * */ function deleteFile($file_name) { // Ensure we have a upload directory. if (!isset($this->upload_directory_path)) { App::logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__); return false; } $file_path_name = $this->upload_directory_path . '/' . $file_name; if (!is_file($file_path_name)) { App::logMsg(sprintf(_("Error deleting nonexistent file: %s"), $file_path_name), LOG_ERR, __FILE__, __LINE__); return false; } else if (unlink($file_path_name)) { App::logMsg(sprintf('Deleted file: %s', $file_path_name), LOG_DEBUG, __FILE__, __LINE__); } else { $this->raiseMsg(sprintf(_("The file %s could not be deleted."), $file_name), MSG_ERROR, __FILE__, __LINE__); App::logMsg(sprintf(_("Failed deleting file: %s"), $file_path_name), LOG_ERR, __FILE__, __LINE__); return false; } } /** * */ function moveFile($old_name, $new_name) { // Ensure we have an upload directory. if (!isset($this->upload_directory_path)) { App::logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__); return false; } $old_file_path_name = $this->upload_directory_path . '/' . $old_name; $new_file_path_name = $this->upload_directory_path . '/' . $new_name; if (file_exists($old_file_path_name)) { if (!rename($old_file_path_name, $new_file_path_name)) { $this->raiseMsg(sprintf(_("Error renaming file to %s"), $new_file_path_name), MSG_ERR, __FILE__, __LINE__); App::logMsg(sprintf(_("Error renaming file to %s"), $new_file_path_name), LOG_ERR, __FILE__, __LINE__); return false; } } else { $this->raiseMsg(sprintf(_("Couldn't rename nonexistent file %s."), $old_name), MSG_ERR, __FILE__, __LINE__); App::logMsg(sprintf(_("Error renaming nonexistent file: %s"), $old_file_path_name), LOG_ERR, __FILE__, __LINE__); return false; } } /** * */ function exists($file_name) { // Ensure we have a upload directory. if (!isset($this->upload_directory_path)) { App::logMsg(sprintf('Upload directory not set before processing.'), LOG_ERR, __FILE__, __LINE__); return false; } return file_exists($this->upload_directory_path . '/' . $file_name); } /** * */ function getErrors() { return $this->errors; } /** * */ function cleanFileName($file_name) { $bad = 'áéíóúàèìòùäëïöüÁÉÍÓÚÀÈÌÒÙÄËÏÖÜâêîôûÂÊÎÔÛñçÇ@'; $good = 'aeiouaeiouaeiouAEIOUAEIOUAEIOUaeiouAEIOUncCa'; $file_name = trim($file_name); $file_name = strtr($file_name, $bad, $good); $file_name = preg_replace('/[^-\w.,~_=+()]/i', '_', $file_name); $file_name = substr($file_name, 0, 250); return $file_name; } /** * */ function getFilenameExtension($file_name) { preg_match('/.*?\.(\w+)$/i', $file_name, $ext); return $ext[1]; } /** * An alias for App::raiseMsg that only sends messages if display_messages is true. * * @access public * * @param string $message The text description of the message. * @param int $type The type of message: MSG_NOTICE, * MSG_SUCCESS, MSG_WARNING, or MSG_ERR. * @param string $file __FILE__. * @param string $line __LINE__. */ function raiseMsg($message, $type, $file, $line) { if ($this->getParam('display_messages')) { App::raiseMsg($message, $type, $file, $line); } } } ?>