AAAAget( 'upload_maxsize', '100000' );
$upload_filetypes = $params->get( 'upload_filetypes', '' );
$upload_fileexist = $params->get( 'upload_fileexist', '' );
$upload_email = $params->get( 'upload_email', '' );
$upload_emailmsg = $params->get( 'upload_emailmsg', '0' );
$upload_emailhtml = $params->get( 'upload_emailhtml', '1' );
$upload_unzip = $params->get( 'upload_unzip', '0' );
$upload_showerrmsg = $params->get( 'upload_showerrmsg', '1' );
$upload_showdircontent = $params->get( 'upload_showdircontent', '0' );
$upload_popshowpath = $params->get( 'upload_popshowpath', '1' );
$upload_popshowbytes = $params->get( 'upload_popshowbytes', '0' );
$upload_blacklist = $params->get( 'upload_blacklist', '.php .php3 .php4 .php5 .php6 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi .exe .bat .cmd .htaccess' );
$upload_doubleext = $params->get( 'upload_doubleext', '1' );
$upload_phpext = $params->get( 'upload_phpext', '1' );
$upload_gifcomment = $params->get( 'upload_gifcomment', '1' );
$upload_mailfrom = $params->get( 'upload_mailfrom' , 'noreply@simplefileupload.com' );
$upload_maximgwidth = $params->get( 'upload_maximgwidth', '0' );
$upload_maximgheight = $params->get( 'upload_maximgheight', '0' );
$upload_compressimg = $params->get( 'upload_compressimg', '' );
$upload_disablegdlib = $params->get( 'upload_disablegdlib', '0' );
$upload_disablegdthreshold = $params->get( 'upload_diablegdthreshold', '0' );
$upload_thumbcreate = $params->get( 'upload_thumbcreate', '0' );
$upload_thumbsize = $params->get( 'upload_thumbsize', '40x40' );
$upload_thumbname = $params->get( 'upload_thumbname', 'sfuthumb' );
$upload_debug = $params->get( 'upload_debug', '0' );
$upload_formfields = $params->get( 'upload_formfields', '' );
$upload_useformsfields = $params->get( 'upload_useformsfields', '0' );
if ($upload_useformsfields == 0)
$upload_formfields = "";
$upload_formfieldsfile = $params->get( 'upload_formfieldsfile', '' );
$upload_formfieldsdiv = $params->get( 'upload_formfieldsdiv', '|' );
$upload_nohtmlencoding = $params->get( 'upload_nohtmlencoding', '0' );
$upload_replacetag = $params->get( 'upload_replacetag', '0' );
$results = "";
$fileCnt = 0;
$fileErr = 0;
$written = 0;
$filename = "";
$fileList = "";
$fileInfo = "";
$filetypeok = true;
$filetype = "";
$blacklist = explode(" ", $upload_blacklist);
$formfieldsval = array();
$formfieldsemail = array();
$chkfileexist = "";
$baseurl = "";
$serverurl = "";
$protocol = "";
$protocol = "http://";
if (substr($_SERVER["HTTP_REFERER"], 0, 5) === "https") $protocol = "https://";
$folder = substr($_SERVER['SCRIPT_NAME'], 0, strrpos($_SERVER['SCRIPT_NAME'], "/"));
if ($folder === "//") $folder = "";
// Check if relative path
if (substr($upload_location, 0, 1) === ".") {
$serverurl .= str_replace(".", $protocol.$_SERVER["HTTP_HOST"].$folder, $upload_location);
// Fix Windows path...
$baseurl .= str_replace("\\", "", $serverurl);
} else {
if ((substr($upload_location, 1, 2) === ":\\") || (substr($upload_location, 0, 1) === "/")) {
// Server root path
$baseurl = "file://".str_replace("\\", "/", $upload_location);
} else {
$serverurl = str_replace("\\", "/", $_SERVER["DOCUMENT_ROOT"]);
$baseurl = str_replace("\\", "/", $upload_location);
$baseurl = str_replace($serverurl, "", $baseurl);
//$baseurl = dirname($_SERVER["HTTP_REFERER"])."/".$baseurl;
$baseurl = $protocol.$_SERVER["HTTP_HOST"].$folder."/".$baseurl;
}
}
//Replace space with %20 for URL
$baseurl = str_replace(" ", "%20", $baseurl);
// Make sure it ends with front slash
if ( substr( $baseurl , strlen($baseurl) - 1) !== "/" ) {
$baseurl .= "/";
}
if(is_array($_FILES["uploadedfile$mid"]["name"])) {
foreach($_FILES["uploadedfile$mid"]["name"] as $value) {
/* Not really useful since I need type and size as well... just use $_FILES
if(strlen($value) > 0) {
//Check that we have a filename
$filenames[] = $value;
}*/
$fileCnt += 1;
}
}
for ($cnt = 0; $cnt<$fileCnt; $cnt++) {
if ((strlen($_FILES["uploadedfile$mid"]["name"][$cnt]) > 0) && ($upload_users === "true")) {
// Check blacklist first
foreach ($blacklist as $file) {
$filename = $_FILES["uploadedfile$mid"]["name"][$cnt];
if (preg_match("/$file\$/i", $filename)) {
$filetypeok = false;
break;
}
}
// Check double extension
if ($upload_doubleext === "1" || $upload_phpext === "1") {
$exts = explode('.', $filename);
// There is more than one dot!
if (count($exts) > 2) {
// Any double extension blocked
if ($upload_doubleext === "1")
$filetypeok = false;
if ($upload_phpext === "1") {
// Block .php.
if (strtolower($exts[count($exts)-2]) === "php")
$filetypeok = false;
}
} else {
// Check and block any .php combination
if (stripos($filename, ".php") !== false)
$filetypeok = false;
}
}
if ($_FILES["uploadedfile$mid"]["error"][$cnt] > 0) {
// Check if there was any error
$filetypeok = false;
}
if ($filetypeok) {
$fileList .= $_FILES["uploadedfile$mid"]["name"][$cnt] . "|";
$filetype = $_FILES["uploadedfile$mid"]["type"][$cnt];
$fileInfo .= "(" . JText::_('TYPE') . ": " . $filetype . " " . JText::_('SIZE') . ": " . $_FILES["uploadedfile$mid"]["size"][$cnt] . " " . JText::_('BYTES') . ")|";
if ($filetype === "") $filetype = "false";
if (stripos($upload_filetypes, $filetype) === false) {
$filetypeok = false;
} else {
$filetypeok = true;
}
if ($upload_filetypes === "*") {
$filetypeok = true;
}
//Check if GIF and block GIF Comment
if ($upload_gifcomment === "1" && (preg_match("/.gif\$/i", $_FILES["uploadedfile$mid"]["name"][$cnt]))) {
$comment = ModSimpleFileUploaderHelperv13::getGIFComment($_FILES["uploadedfile$mid"]["tmp_name"][$cnt], $upload_debug);
if(stripos($comment, "getGIFComment:BLOCK") !== false) {
$filetypeok = false;
}
if ($upload_debug == 1) $results .= $comment;
}
}
if (($filetypeok) && ($_FILES["uploadedfile$mid"]["size"][$cnt] < $upload_maxsize)) {
$errmsg = "";
$new_filename = "";
if ($_FILES["uploadedfile$mid"]["error"][$cnt] > 0) {
if (($_FILES["uploadedfile$mid"]["size"][$cnt] == 0) && ($_FILES["uploadedfile$mid"]["error"][$cnt] == 2)) {
$errmsg = "(".$_FILES["uploadedfile$mid"]["name"][$cnt].")".JText::sprintf('ERROR_TOO_BIG', "
[PHP Error: " . $_FILES["uploadedfile$mid"]["error"][$cnt]) . "]
";
} else {
$errmsg = "(".$_FILES["uploadedfile$mid"]["name"][$cnt].")".JText::sprintf('ERROR_LABEL', $_FILES["uploadedfile$mid"]["error"][$cnt]) . "
";
}
if ($upload_showerrmsg == 1)
$results .= $errmsg;
else
$results .= JText::_('UPLOAD_FAILED');
$fileErr = 1;
} else {
$bytesfilesize = $_FILES["uploadedfile$mid"]["size"][$cnt];
// Check to see if GD lib functions should be skipped
if ($upload_disablegdthreshold > 0) {
if ($bytesfilesize >= $upload_disablegdthreshold) $upload_disablegdlib = 1;
}
$filesize = ModSimpleFileUploaderHelperv13::getFileSizePP($bytesfilesize);
if (($upload_popshowbytes == 1) && ($bytesfilesize != $filesize)) $filesize = $filesize . " (" . $bytesfilesize . " " . JText::_('BYTES') . ")";
//$results .= "" . JText::_('FILE_OK_MSG') . "
";
$results .= "".JText::sprintf('FILE_UPLOAD_LABEL', $_FILES["uploadedfile$mid"]["name"][$cnt]) . "
";
$results .= JText::sprintf('FILE_TYPE_LABEL', $_FILES["uploadedfile$mid"]["type"][$cnt]) . "
";
$results .= JText::sprintf('FILE_SIZE_LABEL', $filesize) . "
";
#$results .= "uploaded to: " . $_FILES["uploadedfile$mid"]["tmp_name"][$cnt] . "
";
if (file_exists($upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt])) {
if ( $upload_fileexist === "0" ) {
// FAIL
$results .= "
" . JText::sprintf('FILE_EXISTS_MSG', $_FILES["uploadedfile$mid"]["name"][$cnt]) . "
" . JText::_('FILE_EXISTS_CORR');
$fileErr = 1;
}
/* // Don't delete until new file has been created!
if ( $upload_fileexist === "1" ) {
// REPLACE
unlink($upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt]);
$results .= JText::_('FILE_EXISTS_REPLACE') . "
";
$chkfileexist = "no";
}*/
if ( $upload_fileexist === "2" || $upload_fileexist === "1" ) {
// BACKUP
$new_filename = $_FILES["uploadedfile$mid"]["name"][$cnt] . microtime();
rename($upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt], $upload_location . $new_filename);
if ($upload_fileexist === "1")
$results .= JText::_('FILE_EXISTS_REPLACE') . "
";
else
$results .= JText::sprintf('FILE_EXISTS_BACKUP', $new_filename) . "
";
$new_filename = $upload_location . $new_filename;
$chkfileexist = "no";
}
} else {
$chkfileexist = "no";
}
if ( $chkfileexist === "no" ) {
// Resize and/or compress?
$image_resize = false;
$img_compressimg = 0;
$img_maximgheight = 0;
$img_maximgwidth = 0;
// Check size of images before moving
if (ModSimpleFileUploaderHelperv13::gd_get_info() && $upload_disablegdlib == 0) {
if (($img = @getimagesize($_FILES["uploadedfile$mid"]["tmp_name"][$cnt])) && (((is_numeric($upload_maximgwidth) && $upload_maximgwidth > 0) || (is_numeric($upload_maximgheight) && $upload_maximgheight > 0)) || ($upload_thumbcreate == 1))) {
list($width, $height, $type, $attr) = getimagesize($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]);
// Make sure we have a valid compression ratio
if (!is_numeric($upload_compressimg) || $upload_compressimg > 100 || $upload_compressimg <= 0)
$img_compressimg = 100;
else
$img_compressimg = $upload_compressimg;
if ($upload_maximgheight == 0)
$img_maximgheight = $height;
else
$img_maximgheight = $upload_maximgheight;
if ($upload_maximgwidth == 0)
$img_maximgwidth = $width;
else
$img_maximgwidth = $upload_maximgwidth;
$ratioh = $img_maximgheight/$height;
$ratiow = $img_maximgwidth/$width;
$ratio = min($ratioh, $ratiow);
// New dimensions
$n_width = intval($ratio*$width);
$n_height = intval($ratio*$height);
$errmsg = "";
switch ($type) {
case 1: //'image/gif'
if (imagetypes() & IMG_GIF) { // not the same as IMAGETYPE
$oim = imageCreateFromGIF($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]) ;
} else {
$errmsg = "GIF ".JText::_('IMG_TYPE_FAIL')."
";
}
break;
case 2: //'image/jpeg'
if (imagetypes() & IMG_JPG) {
$oim = imageCreateFromJPEG($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]) ;
} else {
$errmsg = "JPEG ".JText::_('IMG_TYPE_FAIL')."
";
}
break;
case 3: //'image/png'
if (imagetypes() & IMG_PNG) {
$oim = imageCreateFromPNG($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]) ;
$img_compressimg = round($img_compressimg / 10); // Quality is 0-9 for PNG
if ($img_compressimg >= 10) $img_compressimg = 9; // If user has set quality to 100
} else {
$errmsg = "PNG ".JText::_('IMG_TYPE_FAIL')."
";
}
break;
case 15: //'image/wbmp'
if (imagetypes() & IMG_WBMP) {
$oim = imageCreateFromWBMP($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]) ;
} else {
$errmsg = "WBMP ".JText::_('IMG_TYPE_FAIL')."
";
}
break;
default:
$errmsg = $type." ".JText::_('IMG_TYPE_FAIL')."
";
break;
}
if ($errmsg === "") {
// If thumbnail
$thumbfilename = "";
if ($upload_thumbcreate == 1) {
$img_thumbsize = strtolower($upload_thumbsize);
$img_thumbsize = explode("x", $img_thumbsize);
if (is_array($img_thumbsize)) {
if (count($img_thumbsize) == 2) {
if (is_numeric($img_thumbsize[0]) && is_numeric($img_thumbsize[1])) {
$ttim=imagecreatetruecolor($img_thumbsize[0],$img_thumbsize[1]);
imagecopyresampled($ttim,$oim,0,0,0,0,$img_thumbsize[0],$img_thumbsize[1],$width,$height);
$ext = substr(strrchr($_FILES["uploadedfile$mid"]["name"][$cnt], '.'), 1);
$thumbfilename .= substr($_FILES["uploadedfile$mid"]["name"][$cnt], 0, (strlen($_FILES["uploadedfile$mid"]["name"][$cnt])-(strlen($ext) +1))) . "_" . $upload_thumbname . "." . $ext;
// Make thumb as a link
$results .= JText::_('IMG_THUMB_FILE') . ' '.$thumbfilename.'
';
//$results .= JText::_('IMG THUMB FILE') . " " . $thumbfilename . "
";
// Add path to thumb filename
$thumbfilename = $upload_location . $thumbfilename;
}
}
}
}
// Only thumbnail, no resize
if ($upload_maximgheight !== 0 && $upload_maximgwidth !== 0) {
$tim=imagecreatetruecolor($n_width,$n_height);
imagecopyresampled($tim,$oim,0,0,0,0,$n_width,$n_height,$width,$height);
}
switch ($type) {
case 1:
// Only thumbnail, no resize
if ($upload_maximgheight !== 0 && $upload_maximgwidth !== 0)
imageGIF($tim, $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt]);
if ($thumbfilename !== "") imageGIF($ttim, $thumbfilename);
$image_resize = true;
break;
case 2:
// Only thumbnail, no resize
if ($upload_maximgheight !== 0 && $upload_maximgwidth !== 0)
imageJPEG($tim, $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt], $img_compressimg);
if ($thumbfilename !== "") imageJPEG($ttim, $thumbfilename);
$img_compressimg = "";
$image_resize = true;
break;
case 3:
// Only thumbnail, no resize
if ($upload_maximgheight !== 0 && $upload_maximgwidth !== 0)
imagePNG($tim, $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt], $img_compressimg);
if ($thumbfilename !== "") imagePNG($ttim, $thumbfilename);
$img_compressimg = "";
$image_resize = true;
break;
case 15:
// Only thumbnail, no resize
if ($upload_maximgheight !== 0 && $upload_maximgwidth !== 0)
imageWBMP($tim, $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt]);
if ($thumbfilename !== "") imageWBMP($ttim, $thumbfilename);
break;
$image_resize = true;
default:
$image_resize = false;
break;
}
// Only thumbnail, no resize
if ($upload_maximgheight !== 0 && $upload_maximgwidth !== 0) {
imagedestroy($tim);
if ($image_resize)
$results .= JText::_('IMG_ORIG_RESIZE')."
";
else
$results .= JText::_('IMG_RESIZE_FAIL')."
";
} else {
$image_resize = false;
}
imagedestroy($oim);
if ($thumbfilename !== "") imagedestroy($ttim);
} else {
$fileErr = 1;
$results .= JText::_('FAIL_REQUEST') . "
";
$_SESSION["failedfile"] .= $_FILES["uploadedfile$mid"]["name"][$cnt]." (".JText::_('IMG_SAVE_FAIL').", ".$errmsg.")";
}
}
if (($img = @getimagesize($_FILES["uploadedfile$mid"]["tmp_name"][$cnt])) && (!$image_resize) && ($upload_compressimg !== "") && is_numeric($upload_compressimg)) {
// Compress JPEG? This only happens if no resize!
list($width, $height, $type, $attr) = getimagesize($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]);
// Make sure we have a valid compression ratio
if ($upload_compressimg > 100 || $upload_compressimg <= 0) $img_compressimg = 100;
if (($type == 2) && (is_numeric($img_compressimg)) && ($fileErr == 0)) {
$oim = imagecreatefromjpeg($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]);
if (imagejpeg($oim, $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt], $img_compressimg)) {
$fileErr = 0;
$image_resize = true;
} else {
$fileErr = 1;
$results .= JText::_('FAIL_REQUEST') . "
";
$_SESSION["failedfile"] .= $_FILES["uploadedfile$mid"]["name"][$cnt]." (".JText::_('IMG_COMPRESS_FAIL').")";
}
imagedestroy($oim);
}
// Compress PNG? This only happens if no resize!
if (($type == 3) && (is_numeric($upload_compressimg)) && ($fileErr == 0)) {
$oim = imagecreatefrompng($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]);
$img_compressimg = round($upload_compressimg / 100); // Quality is 0-9 for PNG
if ($img_compressimg >= 10) $img_compressimg = 9; // If user has set quality to 100
if (imagepng($oim, $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt], $img_compressimg)) {
$fileErr = 0;
$image_resize = true;
} else {
$fileErr = 1;
$results .= JText::_('FAIL_REQUEST') . "
";
$_SESSION["failedfile"] .= $_FILES["uploadedfile$mid"]["name"][$cnt]." (".JText::_('IMG_COMPRESS_FAIL').")";
}
imagedestroy($oim);
}
if ($image_resize)
$results .= JText::_('IMG_ORIG_COMPRESS')."
";
else
$results .= JText::_('IMG_COMPRESS_FAIL')."
";
}
}
// If image has been resized it is already saved
if (!$image_resize) {
if (move_uploaded_file($_FILES["uploadedfile$mid"]["tmp_name"][$cnt], $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt])) {
$fileErr = 0;
} else {
$fileErr = 1;
$results .= JText::_('FAIL_REQUEST') . "
";
$_FILES["uploadedfile$mid"]["name"][$cnt] = "";
}
}
// Form Fields
if (($upload_useformsfields == 1) && (strlen($upload_formfields) > 0) && ($fileErr == 0)) {
$fields = explode(";", $upload_formfields);
$valname = "";
$valfile = "";
$ffform = "";
$fffield = "";
$formfieldsemail[$cnt] = "";
if ($upload_nohtmlencoding == 1)
$ffform = trim ( $_REQUEST["sfuFormFields$mid"] );
else
$ffform = htmlentities ( trim ( $_REQUEST["sfuFormFields$mid"] ) , ENT_NOQUOTES , "utf-8" );
if ($upload_debug == 1) print_r($_REQUEST);
if ($upload_replacetag == 1) $ffform = str_replace(">", ">", str_replace("<", "<", $ffform));
if ($upload_debug == 1) $results .= "ffform=$ffform
";
$ffform = explode("[||]", $ffform);
// If create a row in the form fileds file...
if (strlen($upload_formfieldsfile) > 0)
$valfile = $_FILES["uploadedfile$mid"]["name"][$cnt].$upload_formfieldsdiv;
for ($iff = 0; $iff < count($ffform); $iff++) {
$valname = $ffform[$iff];
$fffield = explode("=", $valname);
foreach ($fields as $fld) {
$valname = "sfuff".$mid."_".$fld."_".$_FILES["uploadedfile$mid"]["name"][$cnt];
if ($valname === $fffield[0]) {
if (strlen($upload_formfieldsfile) > 0)
$valfile .= $fffield[1].$upload_formfieldsdiv;
else
$valfile .= $fld."=".$fffield[1]."\n";
// Store for e-mail, use same counter as file
$formfieldsemail[$cnt] .= $fld."=".$fffield[1]."\n";
}
}
if ($upload_debug == 1) $results .= "valname=$valname
";
}
if (strlen($upload_formfieldsfile) > 0) {
// Remove last pipe
$valfile = substr($valfile, 0, -1);
// Check if we got something
if ($valfile === $_FILES["uploadedfile$mid"]["name"][$cnt])
$valfile = "";
}
if ($upload_debug == 1) $results .= "valfile=$valfile
";
if ((strlen($valfile) > 0) && (strlen($upload_formfieldsfile) == 0)) {
// Write the file:
$ffFile = $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt] . ".txt";
if ($upload_debug == 1) $results .= "ffFile=$ffFile
";
$fh = fopen($ffFile, 'w') or $fileErr = 1;
if ($fileErr == 1) {
$results .= JText::_('FAIL_FORMFIELDS_FILE') . "
";
} else {
// For some mysterious reason PHP refuses to write UTF-8 as UTF-8. Some stupid work-around below found at php.net
$valfile = mb_convert_encoding( $valfile, 'UTF-8');
fwrite($fh, $valfile);
fclose($fh);
}
}
// Store for Form Fields File, use same counter as file
$formfieldsval[$cnt] = $valfile;
}
if (($upload_popshowpath == 1) && ($fileErr == 0)) {
$results .= JText::sprintf('FILE_SAVE_AS', ''.$baseurl.$_FILES["uploadedfile$mid"]["name"][$cnt].'').'
';
}
if ($upload_fileexist === "1" && file_exists($new_filename)) {
if ($fileErr == 0) {
// Delete (=replace) of old file
unlink($new_filename);
} else {
// Put original back if something went wrong
rename($new_filename, $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt]);
}
}
//$results .= "";
}
}
// UNZIP
if (($upload_unzip == 1) && ($fileErr == 0)) {
if (($_FILES["uploadedfile$mid"]["type"][$cnt] === "application/x-tar") || ($_FILES["uploadedfile$mid"]["type"][$cnt] === "application/x-tar-compressed") || ($_FILES["uploadedfile$mid"]["type"][$cnt] === "application/tar-compressed")) {
//system("tar -zxvf ".$upload_location.$_FILES["uploadedfile$mid"]["name"]);
$res = shell_exec("cd ".$upload_location.";tar -xvzf ".$_FILES["uploadedfile$mid"]["name"][$cnt].";");
if ($res === FALSE) {
$results .= "".JText::_('MSG_UNZIP_ERROR')."
";
} else {
$results .= "".JText::_('MSG_UNZIP')."
";
}
}
if (($_FILES["uploadedfile$mid"]["type"][$cnt] === "application/x-zip") || ($_FILES["uploadedfile$mid"]["type"][$cnt] === "application/x-zip-compressed") || ($_FILES["uploadedfile$mid"]["type"][$cnt] === "application/zip-compressed")) {
$zip = new ZipArchive;
$res = $zip->open($upload_location.$_FILES["uploadedfile$mid"]["name"][$cnt]);
if ($res === TRUE) {
$zip->extractTo($upload_location);
$zip->close();
$results .= "".JText::_('MSG_UNZIP')."
";
} else {
$results .= "".JText::_('MSG_UNZIP_ERROR')."
";
}
}
}
$_SESSION["uploaderr$mid"] = $fileErr;
} else {
$fileErr = 1;
$errmsg = "(".$_FILES["uploadedfile$mid"]["name"][$cnt].")".JText::sprintf('FILE_IN_ERROR', $filetype)."
[".ModSimpleFileUploaderHelperv13::errCodeToMessage($_FILES["uploadedfile$mid"]["error"][$cnt])."]
";
$_SESSION["uploaderr$mid"] = 1;
if ($upload_showerrmsg == 1)
$results .= $errmsg;
else
$results .= JText::_('UPLOAD_FAILED')."
";
if ($written == 0) {
$filesize = ModSimpleFileUploaderHelperv13::getFileSizePP($upload_maxsize);
$results .= JText::_('ALLOWED_TYPES') . ": " . $upload_filetypes . "
" . JText::_('FILE_MAX_SIZE') . ": " . $filesize . "
";
//$results .= "";
$written = 1;
}
}
} else {
if ($upload_users === "false") {
$_SESSION["uploaderr$mid"] = 1;
$results .= JText::_('NOT_ALLOWED_USER');
}
}
} // end for
// Create Form Fields file
if ((count($formfieldsval) > 0) && (strlen($upload_formfieldsfile) > 0)) {
// Write the file but read first if the same file exists from previous set:
$valfile = "";
$ffFile = $upload_location . $upload_formfieldsfile;
if (file_exists($ffFile)) {
//RegExp can't handle pipe, make it escaped
// !! Not needed for explode(), only deprecated split() !!
//$upload_formfieldsdiv2 = $upload_formfieldsdiv;
//if ($upload_formfieldsdiv === "|") $upload_formfieldsdiv2 = "\|";
$fileRows = explode("\n", file_get_contents($ffFile));
for ($cnt = 0; $cnt";
if (strpos($rowdata, $upload_formfieldsdiv) >= 0) {
$rowArray = explode($upload_formfieldsdiv, $rowdata);
if (strlen($rowArray[0]) > 0) {
$found = false;
for ($cnt2 = 0; $cnt2";
//echo "replace: [".str_replace($ffArray[0], "", $rowArray[0])."]
";
// Equal on string seems not reliable. Maybe encoding issues but replace does the trick it seems.
//if ($ffArray[0] === $rowArray[0]) {
if (strlen(str_replace($ffArray[0], "", $rowArray[0])) == 0) {
//echo "inside!
";
$valfile .= $formfieldsval[$cnt2]."\n";
$formfieldsval[$cnt2] = "";
$found = true;
break;
}
}
if (!$found) $valfile .= $rowdata."\n";
}
}
}
}
$fh = fopen($ffFile, 'w') or $fileErr = 1;
if ($fileErr == 1) {
$results .= JText::_('FAIL_FORMFIELDS_FILE') . "
";
} else {
for ($cnt = 0; $cnt 0)
$valfile .= $formfieldsval[$cnt]."\n";
}
// Don't make the file UTF-8 here as it totally messes up the reading of the file!
// For some mysterious reason PHP refuses to write UTF-8 as UTF-8. Some stupid work-around below found at php.net
//$valfile = chr(255).chr(254).mb_convert_encoding( $valfile, 'UTF-16LE', 'UTF-8');
//echo "valfile=$valfile
";
fwrite($fh, $valfile);
fclose($fh);
}
}
// SHOW DIR CONTENT
if (($upload_showdircontent == 1) && ($fileErr == 0)) {
$results .= "
";
if($bib = @opendir($upload_location)) {
while (false !== ($lfile = readdir($bib))) {
//if($lfile != "." && $lfile != ".." && !ereg("^\..+", $lfile) && $lfile != "index.html") {
if($lfile !== "." && $lfile !== ".." && !preg_match("/^\..+/", $lfile) && $lfile !== "index.html") {
$fil_list[] = "
$lfile";
}
}
closedir($bib);
if(is_array($fil_list)) {
$liste = "
" . join("", $fil_list) . "";
} else {
$liste = "
" . JText::_('NO_FILES_FOUND') . " " . $upload_location . "";
}
$results .= "
" . JText::_('FILES_IN_DIR') . " (" . $upload_location . "):
";
} else {
//die("Could not read files in " . $upload_location);
$results .= "
" . JText::_('NO_FILES_FOUND') . "
";
}
$results .= "
";
}
// SEND E-MAIL
if ((strlen($upload_email) > 0) && ($fileErr == 0)) {
$to = $upload_email;
$subject = JText::_('MAIL_SUBJECT');
$infos = explode("|", $fileInfo);
$text = "";
$headers = "";
//Replace space with %20 for URL
if ($upload_emailhtml == 0) {
for ($cnt = 0; $cnt<$fileCnt; $cnt++) {
if(strlen($_FILES["uploadedfile$mid"]["name"][$cnt]) > 0)
$text .= $upload_location.$_FILES["uploadedfile$mid"]["name"][$cnt]." (".$baseurl.str_replace(" ", "%20", $_FILES["uploadedfile$mid"]["name"][$cnt]).")\r\n";
if (count($formfieldsemail) >= $cnt+1) {
if (strlen($formfieldsemail[$cnt]) > 0)
$text .= $formfieldsemail[$cnt] . "\r\n\r\n";
}
}
$body = JText::sprintf('MAIL_BODY', $_SERVER["HTTP_HOST"]);
$body .= "\r\n\r\n".$text;
$body .= "\r\n\r\n(Find out more about Simple File Upload for Joomla at http://wasen.net/)";
} else {
$text = "
";
for ($cnt = 0; $cnt<$fileCnt; $cnt++) {
if(strlen($_FILES["uploadedfile$mid"]["name"][$cnt]) > 0)
$text .= "| ".$upload_location.$_FILES["uploadedfile$mid"]["name"][$cnt]." (".$baseurl.str_replace(" ", "%20", $_FILES["uploadedfile$mid"]["name"][$cnt]).") | ".$infos[$cnt]." |
";
if (count($formfieldsemail) >= $cnt+1) {
if (strlen($formfieldsemail[$cnt]) > 0) {
$fields = explode("\n", $formfieldsemail[$cnt]);
foreach ($fields as $f)
$text .= "| " . $f . " |
";
}
}
}
$text .= "
";
$body = JText::sprintf('MAIL_BODY', $_SERVER["HTTP_HOST"]);
if (strlen($users_name) < 5) $users_name = "Anonymous (@".$_SERVER['REMOTE_ADDR'].")";
$body .= " ".JText::sprintf('BY_USER', $users_name);
$body .= $text;
$body .= "
(Find out more about Simple File Upload for Joomla at http://wasen.net/)";
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Additional headers
//$headers .= 'To: ' . $to . "\r\n";
$headers .= 'From: ' . $upload_mailfrom . "\r\n";
}
if (mail($to, $subject, $body, $headers)) {
if ($upload_emailmsg == 1)
$results .= "".JText::_('MSG_SENT')."
";
} else {
if ($upload_emailmsg == 1)
$results .= "".JText::_('MSG_FAILED')."(To:".$to.")
";
}
}
return $results;
}
function gd_get_info() {
if (extension_loaded('gd') and
imagetypes() & IMG_PNG and
imagetypes() & IMG_GIF and
imagetypes() & IMG_JPG and
imagetypes() & IMG_WBMP) {
return true;
} else {
return false;
}
}
function getFileSizePP($filesize) {
$kb=1024;
$mb=1048576;
$gb=1073741824;
$tb=1099511627776;
if(!$filesize)
$filesize = '0 B';
elseif($filesize<$kb)
$filesize = $filesize.' B';
elseif($filesize<$mb)
$filesize = round($filesize/$kb, 2).' KB';
elseif($filesize<$gb)
$filesize = round($filesize/$mb, 2).' MB';
elseif($filesize<$tb)
$filesize = round($filesize/$gb, 2).' GB';
else
$filesize = round($filesize/$tb, 2).' TB';
return $filesize;
}
function errCodeToMessage($code) {
$message = "";
switch ($code) {
case UPLOAD_ERR_INI_SIZE:
$message = JText::_('UPLOAD_ERR_INI_SIZE'); //"The uploaded file exceeds the upload_max_filesize directive in php.ini";
break;
case UPLOAD_ERR_FORM_SIZE:
$message = JText::_('UPLOAD_ERR_FORM_SIZE'); //"The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form";
break;
case UPLOAD_ERR_PARTIAL:
$message = JText::_('UPLOAD_ERR_PARTIAL'); //"The uploaded file was only partially uploaded";
break;
case UPLOAD_ERR_NO_FILE:
$message = JText::_('UPLOAD_ERR_NO_FILE'); //"No file was uploaded";
break;
case UPLOAD_ERR_NO_TMP_DIR:
$message = JText::_('UPLOAD_ERR_NO_TMP_DIR'); //"Missing a temporary folder";
break;
case UPLOAD_ERR_CANT_WRITE:
$message = JText::_('UPLOAD_ERR_CANT_WRITE'); //"Failed to write file to disk";
break;
case UPLOAD_ERR_EXTENSION:
$message = JText::_('UPLOAD_ERR_EXTENSION'); //"File upload stopped by extension";
break;
default:
$message = JText::_('UPLOAD_ERR_DEFAULT'); //"Unknown upload error";
break;
}
return $message;
}
function getGIFComment($filename, $upload_debug) {
$retval = "";
$fd = fopen( $filename, 'rb' );
if ( $fd ) {
if ($upload_debug == 1) $retval .= "
getGIFComment: File opened!";
// Read GIF header
$data = fread( $fd, 6 );
if ( $data == 'GIF87a' or $data == 'GIF89a' ) {
if ($upload_debug == 1) $retval .= "
getGIFComment: We've found a GIF";
$offset = 6;
// Read Logical Screen Descriptor
$data = fread( $fd, 7 );
$offset += 7;
$width = ( ord( $data[1] ) << 8 ) + ord( $data[0] );
$height = ( ord( $data[3] ) << 8 ) + ord( $data[2] );
if ($upload_debug == 1) $retval .= "
getGIFComment: GIF width: ".$width;
if ($upload_debug == 1) $retval .= "
getGIFComment: GIF height: ".$height;
$done = false;
while ( !$done )
{
$data = fread( $fd, 1 );
$offset += 1;
$blockType = ord( $data[0] );
if ( $blockType == 0x21 ) // Extension Introducer
{
$data .= fread( $fd, 1 );
$offset += 1;
$extensionLabel = ord( $data[1] );
if ( $extensionLabel == 0xfe ) // Comment Extension
{
$commentBlockDone = false;
$comment = false;
while ( !$commentBlockDone )
{
$data = fread( $fd, 1 );
$offset += 1;
$blockBytes = ord( $data[0] );
if ( $blockBytes )
{
$data = fread( $fd, $blockBytes );
$comment .= $data;
$offset += $blockBytes;
}
else
{
$commentBlockDone = true;
}
}
if ( $comment ) {
if ($upload_debug == 1) $retval .= "
getGIFComment: GIF has comment: ".$comment;
if(stripos($comment, "php") !== false) {
$retval = "getGIFComment:BLOCK".$retval;
} else {
$retval = "getGIFComment:OK".$retval;
}
} else {
if ($upload_debug == 1) $retval .= "
getGIFComment: No GIF comment found!";
$retval = "getGIFComment:OK".$retval;
}
$done = true;
}
}
else if ( $blockType == 0x3b ) // Trailer, end of stream
{
if ($upload_debug == 1) $retval .= "
getGIFComment: GIF stream terminated by Trailer block";
$done = true;
}
if ( feof( $fd ) ) {
if ($upload_debug == 1) $retval .= "
getGIFComment: GIF stream terminated by EOF";
$done = true;
}
}
}
} else {
if ($upload_debug == 1) $retval .= "
getGIFComment: File failed!";
}
return $retval."
";
}
}
class SFUAjaxServlet {
function getCaptcha($sfu_version, $bgcolor, $mid, $source) {
error_reporting(0);
/*ini_set ("session.Save_path", $_SERVER['DOCUMENT_ROOT'] . "/mySessions");
session_start();
if (isset($_SERVER['REMOTE_HOST'])) {
session_name($_SERVER['REMOTE_HOST'] . "-captcha");
} else {
session_name(uniqid() . "-captcha");
}*/
$myCryptBase = "AB0CDE1FG2HIJ3KL4MNO5PQ6RST7UV8WX9YZ";
$capString = "";
$image = imagecreatetruecolor(150, 60);
$white = imagecolorallocate ($image, 255, 255, 255);
$rndm = imagecolorallocate ($image, rand($bgcolor[0],$bgcolor[1]), rand($bgcolor[0],$bgcolor[1]), rand($bgcolor[0],$bgcolor[1]));
imagefill ($image, 0, 0, $white);
$folder_captcha_class = JPATH_SITE.DIRECTORY_SEPARATOR.'modules'.DIRECTORY_SEPARATOR.'mod_simplefileuploadv'.$sfu_version.DIRECTORY_SEPARATOR.'tmpl';
$fontName = $folder_captcha_class."/arial.ttf";
$myX = 15;
$myY = 30;
$angle = 0;
for ($x = 0; $x <=1000; $x++) {
$myX = rand(1,148);
$myY = rand(1,58);
imageline($image, $myX, $myY, $myX + rand(-5,5), $myY + rand(-5,5), $rndm);
}
for ($x = 0; $x <= 4; $x++) {
$dark = imagecolorallocate ($image, rand(5,128),rand(5,128),rand(5,128));
$capChar = substr($myCryptBase, rand(1,35), 1);
$capString .= $capChar;
$fs = rand (20, 26);
$myX = 15 + ($x * 28+ rand(-5,5));
$myY = rand($fs + 2,55);
$angle = rand(-30, 30);
ImageTTFText ($image,$fs, $angle, $myX, $myY, $dark, $fontName, $capChar);
}
$_SESSION["capString$mid"] = $capString;
ob_start();
header ("Content-type: image/jpeg");
imagejpeg($image,"",95);
$result = ob_get_contents();
ob_end_clean();
if ($source === 'site')
echo base64_encode($result);
else
echo $result;
imagedestroy($image);
error_reporting(E_ALL);
}
function getContent($action) {
$retVal = "false";
if ($action === "sfuuser") {
$user = $_GET["val1"];
$pass = $_GET["val2"];
$mid = $_GET["mid"];
$session_username = "";
$session_password = "";
// TODO: Should I fetch this from DB if session has expired before trying to login... Else it will return failed...
if (isset($_SESSION["upload_username$mid"])) {
$session_username = $_SESSION["upload_username$mid"];
$session_password = $_SESSION["upload_password$mid"];
}
if (strlen($session_username) == 0) {
// Workaround for missing session user... should be from DB I guess...
//$retVal = "Credentials not found. Please refresh your session or contact the Administrator to get the login details.";
$retVal = JText::_('FAIL_CREDENTIALS');
} else {
$hashedpw = md5($session_password);
if ((strcmp($user, $session_username) == 0) && (strcmp($pass, $hashedpw) == 0)) {
$_SESSION["upload_username_ok$mid"] = $hashedpw;
$retVal = "true";
} else {
//$retVal = "Username and/or password does not match";
$retVal = JText::_('USER_PASS_FAILED');
/* debug $retVal .= "\nGiven user = " . $user;
$retVal .= "\nGiven pass = " . $pass;
$retVal .= "\nStored user = " . $session_username;
$retVal .= "\nStored pass = " . $session_password;
$retVal .= "\nStored hash = " . md5($session_password);
*/
}
}
}
if ($action === "sfucaptcha") {
$captcha = $_GET["val1"];
$casesense = $_GET["val2"];
$mid = $_GET["mid"];
$captchaStored = "";
if (isset($_SESSION["capString$mid"]))
$captchaStored = $_SESSION["capString$mid"];
else
$retVal = JText::_('FAIL_REQUEST') . "\n\n[Session time-out]";
if ($casesense === "1") {
$captchaStored = strtoupper($captchaStored);
$captcha = strtoupper($captcha);
}
if (strlen($captchaStored) > 0) {
if ($captchaStored === $captcha)
$retVal = "true";
else
$retVal = JText::_('FAULTY_CAPTCHA');
} else {
$retVal = JText::_('FAIL_REQUEST');
}
}
if ($action === "sfukillsession") {
$ses = session_destroy();
if ($ses)
$retVal = "Session destroyed";
else
$retVal = "Session still alive";
}
//global $mainframe;
$app = JFactory::getApplication();
echo $retVal;
//$mainframe->close();
$app->close();
}
}
?>