upload.php - shop.balmet.com - Unnamed repository; edit this file 'description' to name the repository.

upload.php (12957B)
      1 <?php
      2 class ControllerToolUpload extends Controller {
      3 	private $error = array();
      4 
      5 	public function index() {
      6 		$this->load->language('tool/upload');
      7 
      8 		$this->document->setTitle($this->language->get('heading_title'));
      9 
     10 		$this->load->model('tool/upload');
     11 
     12 		$this->getList();
     13 	}
     14 
     15 	public function delete() {
     16 		$this->load->language('tool/upload');
     17 
     18 		$this->document->setTitle($this->language->get('heading_title'));
     19 
     20 		$this->load->model('tool/upload');
     21 
     22 		if (isset($this->request->post['selected']) && $this->validateDelete()) {
     23 			foreach ($this->request->post['selected'] as $upload_id) {
     24 				// Remove file before deleting DB record.
     25 				$upload_info = $this->model_tool_upload->getUpload($upload_id);
     26 
     27 				if ($upload_info && is_file(DIR_UPLOAD . $upload_info['filename'])) {
     28 					unlink(DIR_UPLOAD . $upload_info['filename']);
     29 				}
     30 
     31 				$this->model_tool_upload->deleteUpload($upload_id);
     32 			}
     33 
     34 			$this->session->data['success'] = $this->language->get('text_success');
     35 
     36 			$url = '';
     37 
     38 			if (isset($this->request->get['filter_name'])) {
     39 				$url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
     40 			}
     41 
     42 			if (isset($this->request->get['filter_date_added'])) {
     43 				$url .= '&filter_date_added=' . $this->request->get['filter_date_added'];
     44 			}
     45 
     46 			if (isset($this->request->get['sort'])) {
     47 				$url .= '&sort=' . $this->request->get['sort'];
     48 			}
     49 
     50 			if (isset($this->request->get['order'])) {
     51 				$url .= '&order=' . $this->request->get['order'];
     52 			}
     53 
     54 			if (isset($this->request->get['page'])) {
     55 				$url .= '&page=' . $this->request->get['page'];
     56 			}
     57 
     58 			$this->response->redirect($this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url, true));
     59 		}
     60 
     61 		$this->getList();
     62 	}
     63 
     64 	protected function getList() {
     65 		if (isset($this->request->get['filter_name'])) {
     66 			$filter_name = $this->request->get['filter_name'];
     67 		} else {
     68 			$filter_name = '';
     69 		}
     70 
     71 		if (isset($this->request->get['filter_date_added'])) {
     72 			$filter_date_added = $this->request->get['filter_date_added'];
     73 		} else {
     74 			$filter_date_added = '';
     75 		}
     76 
     77 		if (isset($this->request->get['sort'])) {
     78 			$sort = $this->request->get['sort'];
     79 		} else {
     80 			$sort = 'date_added';
     81 		}
     82 
     83 		if (isset($this->request->get['order'])) {
     84 			$order = $this->request->get['order'];
     85 		} else {
     86 			$order = 'DESC';
     87 		}
     88 
     89 		if (isset($this->request->get['page'])) {
     90 			$page = $this->request->get['page'];
     91 		} else {
     92 			$page = 1;
     93 		}
     94 
     95 		$url = '';
     96 
     97 		if (isset($this->request->get['filter_name'])) {
     98 			$url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
     99 		}
    100 
    101 		if (isset($this->request->get['filter_date_added'])) {
    102 			$url .= '&filter_date_added=' . $this->request->get['filter_date_added'];
    103 		}
    104 
    105 		if (isset($this->request->get['sort'])) {
    106 			$url .= '&sort=' . $this->request->get['sort'];
    107 		}
    108 
    109 		if (isset($this->request->get['order'])) {
    110 			$url .= '&order=' . $this->request->get['order'];
    111 		}
    112 
    113 		if (isset($this->request->get['page'])) {
    114 			$url .= '&page=' . $this->request->get['page'];
    115 		}
    116 
    117 		$data['breadcrumbs'] = array();
    118 
    119 		$data['breadcrumbs'][] = array(
    120 			'text' => $this->language->get('text_home'),
    121 			'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true)
    122 		);
    123 
    124 		$data['breadcrumbs'][] = array(
    125 			'text' => $this->language->get('heading_title'),
    126 			'href' => $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url, true)
    127 		);
    128 
    129 		$data['delete'] = $this->url->link('tool/upload/delete', 'user_token=' . $this->session->data['user_token'] . $url, true);
    130 
    131 		$data['uploads'] = array();
    132 
    133 		$filter_data = array(
    134 			'filter_name'	    => $filter_name,
    135 			'filter_date_added'	=> $filter_date_added,
    136 			'sort'              => $sort,
    137 			'order'             => $order,
    138 			'start'             => ($page - 1) * $this->config->get('config_limit_admin'),
    139 			'limit'             => $this->config->get('config_limit_admin')
    140 		);
    141 
    142 		$upload_total = $this->model_tool_upload->getTotalUploads($filter_data);
    143 
    144 		$results = $this->model_tool_upload->getUploads($filter_data);
    145 
    146 		foreach ($results as $result) {
    147 			$data['uploads'][] = array(
    148 				'upload_id'  => $result['upload_id'],
    149 				'name'       => $result['name'],
    150 				'filename'   => $result['filename'],
    151 				'date_added' => date($this->language->get('date_format_short'), strtotime($result['date_added'])),
    152 				'download'   => $this->url->link('tool/upload/download', 'user_token=' . $this->session->data['user_token'] . '&code=' . $result['code'] . $url, true)
    153 			);
    154 		}
    155 
    156 		$data['user_token'] = $this->session->data['user_token'];
    157 
    158 		if (isset($this->error['warning'])) {
    159 			$data['error_warning'] = $this->error['warning'];
    160 		} else {
    161 			$data['error_warning'] = '';
    162 		}
    163 
    164 		if (isset($this->session->data['success'])) {
    165 			$data['success'] = $this->session->data['success'];
    166 
    167 			unset($this->session->data['success']);
    168 		} else {
    169 			$data['success'] = '';
    170 		}
    171 
    172 		if (isset($this->request->post['selected'])) {
    173 			$data['selected'] = (array)$this->request->post['selected'];
    174 		} else {
    175 			$data['selected'] = array();
    176 		}
    177 
    178 		$url = '';
    179 
    180 		if (isset($this->request->get['filter_name'])) {
    181 			$url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
    182 		}
    183 
    184 		if (isset($this->request->get['filter_date_added'])) {
    185 			$url .= '&filter_date_added=' . $this->request->get['filter_date_added'];
    186 		}
    187 
    188 		if ($order == 'ASC') {
    189 			$url .= '&order=DESC';
    190 		} else {
    191 			$url .= '&order=ASC';
    192 		}
    193 
    194 		if (isset($this->request->get['page'])) {
    195 			$url .= '&page=' . $this->request->get['page'];
    196 		}
    197 
    198 		$data['sort_name'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=name' . $url, true);
    199 		$data['sort_filename'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=filename' . $url, true);
    200 		$data['sort_date_added'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=date_added' . $url, true);
    201 
    202 		$url = '';
    203 
    204 		if (isset($this->request->get['filter_name'])) {
    205 			$url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
    206 		}
    207 
    208 		if (isset($this->request->get['filter_date_added'])) {
    209 			$url .= '&filter_date_added=' . $this->request->get['filter_date_added'];
    210 		}
    211 
    212 		if (isset($this->request->get['sort'])) {
    213 			$url .= '&sort=' . $this->request->get['sort'];
    214 		}
    215 
    216 		if (isset($this->request->get['order'])) {
    217 			$url .= '&order=' . $this->request->get['order'];
    218 		}
    219 
    220 		$pagination = new Pagination();
    221 		$pagination->total = $upload_total;
    222 		$pagination->page = $page;
    223 		$pagination->limit = $this->config->get('config_limit_admin');
    224 		$pagination->url = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url . '&page={page}', true);
    225 
    226 		$data['pagination'] = $pagination->render();
    227 
    228 		$data['results'] = sprintf($this->language->get('text_pagination'), ($upload_total) ? (($page - 1) * $this->config->get('config_limit_admin')) + 1 : 0, ((($page - 1) * $this->config->get('config_limit_admin')) > ($upload_total - $this->config->get('config_limit_admin'))) ? $upload_total : ((($page - 1) * $this->config->get('config_limit_admin')) + $this->config->get('config_limit_admin')), $upload_total, ceil($upload_total / $this->config->get('config_limit_admin')));
    229 
    230 		$data['filter_name'] = $filter_name;
    231 		$data['filter_date_added'] = $filter_date_added;
    232 
    233 		$data['sort'] = $sort;
    234 		$data['order'] = $order;
    235 
    236 		$data['header'] = $this->load->controller('common/header');
    237 		$data['column_left'] = $this->load->controller('common/column_left');
    238 		$data['footer'] = $this->load->controller('common/footer');
    239 
    240 		$this->response->setOutput($this->load->view('tool/upload', $data));
    241 	}
    242 
    243 	protected function validateDelete() {
    244 		if (!$this->user->hasPermission('modify', 'tool/upload')) {
    245 			$this->error['warning'] = $this->language->get('error_permission');
    246 		}
    247 
    248 		return !$this->error;
    249 	}
    250 
    251 	public function download() {
    252 		$this->load->model('tool/upload');
    253 
    254 		if (isset($this->request->get['code'])) {
    255 			$code = $this->request->get['code'];
    256 		} else {
    257 			$code = 0;
    258 		}
    259 
    260 		$upload_info = $this->model_tool_upload->getUploadByCode($code);
    261 
    262 		if ($upload_info) {
    263 			$file = DIR_UPLOAD . $upload_info['filename'];
    264 			$mask = basename($upload_info['name']);
    265 
    266 			if (!headers_sent()) {
    267 				if (is_file($file)) {
    268 					header('Content-Type: application/octet-stream');
    269 					header('Content-Description: File Transfer');
    270 					header('Content-Disposition: attachment; filename="' . ($mask ? $mask : basename($file)) . '"');
    271 					header('Content-Transfer-Encoding: binary');
    272 					header('Expires: 0');
    273 					header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    274 					header('Pragma: public');
    275 					header('Content-Length: ' . filesize($file));
    276 
    277 					readfile($file, 'rb');
    278 					exit;
    279 				} else {
    280 					exit('Error: Could not find file ' . $file . '!');
    281 				}
    282 			} else {
    283 				exit('Error: Headers already sent out!');
    284 			}
    285 		} else {
    286 			$this->load->language('error/not_found');
    287 
    288 			$this->document->setTitle($this->language->get('heading_title'));
    289 
    290 			$data['breadcrumbs'] = array();
    291 
    292 			$data['breadcrumbs'][] = array(
    293 				'text' => $this->language->get('text_home'),
    294 				'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true)
    295 			);
    296 
    297 			$data['breadcrumbs'][] = array(
    298 				'text' => $this->language->get('heading_title'),
    299 				'href' => $this->url->link('error/not_found', 'user_token=' . $this->session->data['user_token'], true)
    300 			);
    301 
    302 			$data['header'] = $this->load->controller('common/header');
    303 			$data['column_left'] = $this->load->controller('common/column_left');
    304 			$data['footer'] = $this->load->controller('common/footer');
    305 
    306 			$this->response->setOutput($this->load->view('error/not_found', $data));
    307 		}
    308 	}
    309 
    310 	public function upload() {
    311 		$this->load->language('sale/order');
    312 
    313 		$json = array();
    314 
    315 		// Check user has permission
    316 		if (!$this->user->hasPermission('modify', 'tool/upload')) {
    317 			$json['error'] = $this->language->get('error_permission');
    318 		}
    319 
    320 		if (!$json) {
    321 			if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) {
    322 				// Sanitize the filename
    323 				$filename = html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8');
    324 
    325 				if ((utf8_strlen($filename) < 3) || (utf8_strlen($filename) > 128)) {
    326 					$json['error'] = $this->language->get('error_filename');
    327 				}
    328 
    329 				// Allowed file extension types
    330 				$allowed = array();
    331 
    332 				$extension_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_ext_allowed'));
    333 
    334 				$filetypes = explode("\n", $extension_allowed);
    335 
    336 				foreach ($filetypes as $filetype) {
    337 					$allowed[] = trim($filetype);
    338 				}
    339 
    340 				if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) {
    341 					$json['error'] = $this->language->get('error_filetype');
    342 				}
    343 
    344 				// Allowed file mime types
    345 				$allowed = array();
    346 
    347 				$mime_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_mime_allowed'));
    348 
    349 				$filetypes = explode("\n", $mime_allowed);
    350 
    351 				foreach ($filetypes as $filetype) {
    352 					$allowed[] = trim($filetype);
    353 				}
    354 
    355 				if (!in_array($this->request->files['file']['type'], $allowed)) {
    356 					$json['error'] = $this->language->get('error_filetype');
    357 				}
    358 
    359 				// Check to see if any PHP files are trying to be uploaded
    360 				$content = file_get_contents($this->request->files['file']['tmp_name']);
    361 
    362 				if (preg_match('/\<\?php/i', $content)) {
    363 					$json['error'] = $this->language->get('error_filetype');
    364 				}
    365 
    366 				// Return any upload error
    367 				if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) {
    368 					$json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']);
    369 				}
    370 			} else {
    371 				$json['error'] = $this->language->get('error_upload');
    372 			}
    373 		}
    374 
    375 		if (!$json) {
    376 			$file = $filename . '.' . token(32);
    377 
    378 			move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file);
    379 
    380 			// Hide the uploaded file name so people can not link to it directly.
    381 			$this->load->model('tool/upload');
    382 
    383 			$json['code'] = $this->model_tool_upload->addUpload($filename, $file);
    384 
    385 			$json['success'] = $this->language->get('text_upload');
    386 		}
    387 
    388 		$this->response->addHeader('Content-Type: application/json');
    389 		$this->response->setOutput(json_encode($json));
    390 	}
    391 }
	shop.balmet.com Unnamed repository; edit this file 'description' to name the repository.
	Log \| Files \| Refs \| README