File odules/system/class/fineuploadhandler.php

  1: <?php
  2: 
  3: /**
  4:  * Base SystemFineUploadHandler class to work with ajaxfineupload.php endpoint
  5:  *
  6:  * Upload files as specified
  7:  *
  8:  * Do not use or reference this directly from your client-side code.
  9:  * Instead, this should be required via the endpoint.php or endpoint-cors.php
 10:  * file(s).
 11:  *
 12:  * @license   MIT License (MIT)
 13:  * @copyright Copyright (c) 2015-present, Widen Enterprises, Inc.
 14:  * @link      https://github.com/FineUploader/php-traditional-server
 15:  *
 16:  * The MIT License (MIT)
 17:  *
 18:  * Copyright (c) 2015-present, Widen Enterprises, Inc.
 19:  *
 20:  * Permission is hereby granted, free of charge, to any person obtaining a copy
 21:  * of this software and associated documentation files (the "Software"), to deal
 22:  * in the Software without restriction, including without limitation the rights
 23:  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 24:  * copies of the Software, and to permit persons to whom the Software is
 25:  * furnished to do so, subject to the following conditions:
 26:  *
 27:  * The above copyright notice and this permission notice shall be included in all
 28:  * copies or substantial portions of the Software.
 29:  *
 30:  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 31:  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 32:  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 33:  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 34:  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 35:  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 36:  * SOFTWARE.
 37:  */
 38: 
 39: class SystemFineUploadHandler
 40: {
 41: 
 42:     public $allowedExtensions = array();
 43:     public $allowedMimeTypes = array();
 44:     public $sizeLimit = null;
 45:     public $inputName = 'qqfile';
 46:     public $chunksFolder = 'chunks';
 47: 
 48:     public $chunksCleanupProbability = 0.001; // Once in 1000 requests on avg
 49:     public $chunksExpireIn = 604800; // One week
 50: 
 51:     protected $uploadName;
 52:     public $claims;
 53: 
 54:     /**
 55:      * XoopsFineUploadHandler constructor.
 56:      * @param stdClass $claims claims passed in JWT header
 57:      */
 58:     public function __construct(\stdClass $claims)
 59:     {
 60:         $this->claims = $claims;
 61:     }
 62: 
 63:     /**
 64:      * Get the original filename
 65:      */
 66:     public function getName()
 67:     {
 68:         if (isset($_REQUEST['qqfilename'])) {
 69:             return $_REQUEST['qqfilename'];
 70:         }
 71: 
 72:         if (isset($_FILES[$this->inputName])) {
 73:             return $_FILES[$this->inputName]['name'];
 74:         }
 75:     }
 76: 
 77:     /**
 78:      * Get the name of the uploaded file
 79:      * @return string
 80:      */
 81:     public function getUploadName()
 82:     {
 83:         return $this->uploadName;
 84:     }
 85: 
 86:     /**
 87:      * Combine chunks into a single file
 88:      *
 89:      * @param string      $uploadDirectory upload directory
 90:      * @param string|null $name            name
 91:      * @return array response to be json encoded and returned to client
 92:      */
 93:     public function combineChunks($uploadDirectory, $name = null)
 94:     {
 95:         $uuid = $_POST['qquuid'];
 96:         if ($name === null) {
 97:             $name = $this->getName();
 98:         }
 99:         $targetFolder = $this->chunksFolder.DIRECTORY_SEPARATOR.$uuid;
100:         $totalParts = isset($_REQUEST['qqtotalparts']) ? (int)$_REQUEST['qqtotalparts'] : 1;
101: 
102:         $targetPath = join(DIRECTORY_SEPARATOR, array($uploadDirectory, $uuid, $name));
103:         $this->uploadName = $name;
104: 
105:         if (!file_exists($targetPath)) {
106:             mkdir(dirname($targetPath), 0777, true);
107:         }
108:         $target = fopen($targetPath, 'wb');
109: 
110:         for ($i=0; $i<$totalParts; $i++) {
111:             $chunk = fopen($targetFolder.DIRECTORY_SEPARATOR.$i, "rb");
112:             stream_copy_to_stream($chunk, $target);
113:             fclose($chunk);
114:         }
115: 
116:         // Success
117:         fclose($target);
118: 
119:         for ($i=0; $i<$totalParts; $i++) {
120:             unlink($targetFolder.DIRECTORY_SEPARATOR.$i);
121:         }
122: 
123:         rmdir($targetFolder);
124: 
125:         if (!is_null($this->sizeLimit) && filesize($targetPath) > $this->sizeLimit) {
126:             unlink($targetPath);
127:             //http_response_code(413);
128:             header("HTTP/1.0 413 Request Entity Too Large");
129:             return array("success" => false, "uuid" => $uuid, "preventRetry" => true);
130:         }
131: 
132:         return array("success" => true, "uuid" => $uuid);
133:     }
134: 
135:     /**
136:      * Process the upload.
137:      * @param string $uploadDirectory Target directory.
138:      * @param string $name Overwrites the name of the file.
139:      * @return array response to be json encoded and returned to client
140:      */
141:     public function handleUpload($uploadDirectory, $name = null)
142:     {
143:         if (is_writable($this->chunksFolder) &&
144:             1 == mt_rand(1, 1/$this->chunksCleanupProbability)) {
145:             // Run garbage collection
146:             $this->cleanupChunks();
147:         }
148: 
149:         // Check that the max upload size specified in class configuration does not
150:         // exceed size allowed by server config
151:         if ($this->toBytes(ini_get('post_max_size')) < $this->sizeLimit ||
152:             $this->toBytes(ini_get('upload_max_filesize')) < $this->sizeLimit) {
153:             $neededRequestSize = max(1, $this->sizeLimit / 1024 / 1024) . 'M';
154:             return array(
155:                 'error'=>"Server error. Increase post_max_size and upload_max_filesize to ".$neededRequestSize
156:             );
157:         }
158: 
159:         if ($this->isInaccessible($uploadDirectory)) {
160:             return array('error' => "Server error. Uploads directory isn't writable");
161:         }
162: 
163:         $type = $_SERVER['CONTENT_TYPE'];
164:         if (isset($_SERVER['HTTP_CONTENT_TYPE'])) {
165:             $type = $_SERVER['HTTP_CONTENT_TYPE'];
166:         }
167: 
168:         if (!isset($type)) {
169:             return array('error' => "No files were uploaded.");
170:         } elseif (strpos(strtolower($type), 'multipart/') !== 0) {
171:             return array(
172:                 'error' => "Server error. Not a multipart request. Please set forceMultipart to default value (true)."
173:             );
174:         }
175: 
176:         // Get size and name
177:         $file = $_FILES[$this->inputName];
178:         $size = $file['size'];
179:         if (isset($_REQUEST['qqtotalfilesize'])) {
180:             $size = $_REQUEST['qqtotalfilesize'];
181:         }
182: 
183:         if ($name === null) {
184:             $name = $this->getName();
185:         }
186: 
187:         // check file error
188:         if ($file['error']) {
189:             return array('error' => 'Upload Error #'.$file['error']);
190:         }
191: 
192:         // Validate name
193:         if ($name === null || $name === '') {
194:             return array('error' => 'File name empty.');
195:         }
196: 
197:         // Validate file size
198:         if ($size == 0) {
199:             return array('error' => 'File is empty.');
200:         }
201: 
202:         if (!is_null($this->sizeLimit) && $size > $this->sizeLimit) {
203:             return array('error' => 'File is too large.', 'preventRetry' => true);
204:         }
205: 
206:         // Validate file extension
207:         $pathinfo = pathinfo($name);
208:         $ext = isset($pathinfo['extension']) ? strtolower($pathinfo['extension']) : '';
209: 
210:         if ($this->allowedExtensions
211:             && !in_array(strtolower($ext), array_map("strtolower", $this->allowedExtensions))) {
212:             $these = implode(', ', $this->allowedExtensions);
213:             return array(
214:                 'error' => 'File has an invalid extension, it should be one of '. $these . '.',
215:                 'preventRetry' => true
216:             );
217:         }
218: 
219:         $mimeType = '';
220:         if (!empty($this->allowedMimeTypes)) {
221:             $mimeType = mime_content_type($_FILES[$this->inputName]['tmp_name']);
222:             if (!in_array($mimeType, $this->allowedMimeTypes)) {
223:                 return array('error' => 'File is of an invalid type.', 'preventRetry' => true);
224:             }
225:         }
226: 
227:         // Save a chunk
228:         $totalParts = isset($_REQUEST['qqtotalparts']) ? (int)$_REQUEST['qqtotalparts'] : 1;
229: 
230:         $uuid = $_REQUEST['qquuid'];
231:         if ($totalParts > 1) {
232:             # chunked upload
233: 
234:             $chunksFolder = $this->chunksFolder;
235:             $partIndex = (int)$_REQUEST['qqpartindex'];
236: 
237:             if (!is_writable($chunksFolder) && !is_executable($uploadDirectory)) {
238:                 return array('error' => "Server error. Chunks directory isn't writable or executable.");
239:             }
240: 
241:             $targetFolder = $this->chunksFolder.DIRECTORY_SEPARATOR.$uuid;
242: 
243:             if (!file_exists($targetFolder)) {
244:                 mkdir($targetFolder, 0775, true);
245:             }
246: 
247:             $target = $targetFolder.'/'.$partIndex;
248: 
249:             $storeResult = $this->storeUploadedFile($target, $mimeType, $uuid);
250:             if (false !== $storeResult) {
251:                 return $storeResult;
252:             }
253:         } else {
254:             # non-chunked upload
255: 
256:             $target = join(DIRECTORY_SEPARATOR, array($uploadDirectory, $uuid, $name));
257: 
258:             if ($target) {
259:                 $this->uploadName = basename($target);
260: 
261:                 $storeResult = $this->storeUploadedFile($target, $mimeType, $uuid);
262:                 if (false !== $storeResult) {
263:                     return $storeResult;
264:                 }
265:             }
266: 
267:             return array('error'=> 'Could not save uploaded file.' .
268:                 'The upload was cancelled, or server error encountered');
269:         }
270:     }
271: 
272:     protected function storeUploadedFile($target, $mimeType, $uuid)
273:     {
274:         if (!is_dir(dirname($target))) {
275:             mkdir(dirname($target), 0775, true);
276:         }
277:         if (move_uploaded_file($_FILES[$this->inputName]['tmp_name'], $target)) {
278:             return array('success'=> true, "uuid" => $uuid);
279:         }
280:         return false;
281:     }
282: 
283:     /**
284:      * Process a delete.
285:      * @param string      $uploadDirectory Target directory.
286:      * @param string|null $name            Overwrites the name of the file.
287:      * @return array response to be json encoded and returned to client
288:      */
289:     public function handleDelete($uploadDirectory, $name = null)
290:     {
291:         if ($this->isInaccessible($uploadDirectory)) {
292:             return array(
293:                 'error' => "Server error. Uploads directory isn't writable"
294:                             . ((!$this->isWindows()) ? " or executable." : ".")
295:             );
296:         }
297: 
298:         $targetFolder = $uploadDirectory;
299:         $uuid = false;
300:         $method = $_SERVER["REQUEST_METHOD"];
301:         if ($method == "DELETE") {
302:             $url = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
303:             $tokens = explode('/', $url);
304:             $uuid = $tokens[sizeof($tokens)-1];
305:         } elseif ($method == "POST") {
306:             $uuid = $_REQUEST['qquuid'];
307:         } else {
308:             return array("success" => false,
309:                 "error" => "Invalid request method! ".$method
310:             );
311:         }
312: 
313:         $target = join(DIRECTORY_SEPARATOR, array($targetFolder, $uuid));
314: 
315:         if (is_dir($target)) {
316:             $this->removeDir($target);
317:             return array("success" => true, "uuid" => $uuid);
318:         } else {
319:             return array("success" => false,
320:                 "error" => "File not found! Unable to delete.".$url,
321:                 "path" => $uuid
322:             );
323:         }
324:     }
325: 
326:     /**
327:      * Returns a path to use with this upload. Check that the name does not exist,
328:      * and appends a suffix otherwise.
329:      * @param string $uploadDirectory Target directory
330:      * @param string $filename The name of the file to use.
331:      *
332:      * @return string|false path or false if path could not be determined
333:      */
334:     protected function getUniqueTargetPath($uploadDirectory, $filename)
335:     {
336:         // Allow only one process at the time to get a unique file name, otherwise
337:         // if multiple people would upload a file with the same name at the same time
338:         // only the latest would be saved.
339: 
340:         if (function_exists('sem_acquire')) {
341:             $lock = sem_get(ftok(__FILE__, 'u'));
342:             sem_acquire($lock);
343:         }
344: 
345:         $pathinfo = pathinfo($filename);
346:         $base = $pathinfo['filename'];
347:         $ext = isset($pathinfo['extension']) ? $pathinfo['extension'] : '';
348:         $ext = $ext == '' ? $ext : '.' . $ext;
349: 
350:         $unique = $base;
351:         $suffix = 0;
352: 
353:         // Get unique file name for the file, by appending random suffix.
354: 
355:         while (file_exists($uploadDirectory . DIRECTORY_SEPARATOR . $unique . $ext)) {
356:             $suffix += rand(1, 999);
357:             $unique = $base.'-'.$suffix;
358:         }
359: 
360:         $result =  $uploadDirectory . DIRECTORY_SEPARATOR . $unique . $ext;
361: 
362:         // Create an empty target file
363:         if (!touch($result)) {
364:             // Failed
365:             $result = false;
366:         }
367: 
368:         if (function_exists('sem_acquire')) {
369:             sem_release($lock);
370:         }
371: 
372:         return $result;
373:     }
374: 
375:     /**
376:      * Deletes all file parts in the chunks folder for files uploaded
377:      * more than chunksExpireIn seconds ago
378:      *
379:      * @return void
380:      */
381:     protected function cleanupChunks()
382:     {
383:         foreach (scandir($this->chunksFolder) as $item) {
384:             if ($item == "." || $item == "..") {
385:                 continue;
386:             }
387: 
388:             $path = $this->chunksFolder.DIRECTORY_SEPARATOR.$item;
389: 
390:             if (!is_dir($path)) {
391:                 continue;
392:             }
393: 
394:             if (time() - filemtime($path) > $this->chunksExpireIn) {
395:                 $this->removeDir($path);
396:             }
397:         }
398:     }
399: 
400:     /**
401:      * Removes a directory and all files contained inside
402:      * @param string $dir
403:      * @return void
404:      */
405:     protected function removeDir($dir)
406:     {
407:         foreach (scandir($dir) as $item) {
408:             if ($item == "." || $item == "..") {
409:                 continue;
410:             }
411: 
412:             if (is_dir($item)) {
413:                 $this->removeDir($item);
414:             } else {
415:                 unlink(join(DIRECTORY_SEPARATOR, array($dir, $item)));
416:             }
417:         }
418:         rmdir($dir);
419:     }
420: 
421:     /**
422:      * Converts a given size with units to bytes.
423:      * @param string $str
424:      * @return int
425:      */
426:     protected function toBytes($str)
427:     {
428:         $val = trim($str);
429:         $last = strtolower($str[strlen($str)-1]);
430:         switch ($last) {
431:             case 'g':
432:                 $val *= 1024; // fall thru
433:             case 'm':
434:                 $val *= 1024; // fall thru
435:             case 'k':
436:                 $val *= 1024; // fall thru
437:         }
438:         return $val;
439:     }
440: 
441:     /**
442:      * Determines whether a directory can be accessed.
443:      *
444:      * is_executable() is not reliable on Windows prior PHP 5.0.0
445:      *  (http://www.php.net/manual/en/function.is-executable.php)
446:      * The following tests if the current OS is Windows and if so, merely
447:      * checks if the folder is writable;
448:      * otherwise, it checks additionally for executable status (like before).
449:      *
450:      * @param string $directory The target directory to test access
451:      * @return bool true if directory is NOT accessible
452:      */
453:     protected function isInaccessible($directory)
454:     {
455:         $isWin = $this->isWindows();
456:         $folderInaccessible =
457:             ($isWin) ? !is_writable($directory) : (!is_writable($directory) && !is_executable($directory));
458:         return $folderInaccessible;
459:     }
460: 
461:     /**
462:      * Determines is the OS is Windows or not
463:      *
464:      * @return boolean
465:      */
466: 
467:     protected function isWindows()
468:     {
469:         $isWin = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN');
470:         return $isWin;
471:     }
472: }
473:
Namespaces

Classes

Interfaces

Exceptions

Functions
