1: <?php
  2: 
  3: use Xmf\Jwt\TokenReader;
  4: 
  5: /**
  6:  * PHP Server-Side Example for Fine Uploader (traditional endpoint handler).
  7:  * Maintained by Widen Enterprises.
  8:  *
  9:  * This example:
 10:  *  - handles chunked and non-chunked requests
 11:  *  - supports the concurrent chunking feature
 12:  *  - assumes all upload requests are multipart encoded
 13:  *  - supports the delete file feature
 14:  *
 15:  * Follow these steps to get up and running with Fine Uploader in a PHP environment:
 16:  *
 17:  * 1. Setup your client-side code, as documented on http://docs.fineuploader.com.
 18:  *
 19:  * 2. Copy this file and handler.php to your server.
 20:  *
 21:  * 3. Ensure your php.ini file contains appropriate values for
 22:  *    max_input_time, upload_max_filesize and post_max_size.
 23:  *
 24:  * 4. Ensure your "chunks" and "files" folders exist and are writable.
 25:  *    "chunks" is only needed if you have enabled the chunking feature client-side.
 26:  *
 27:  * 5. If you have chunking enabled in Fine Uploader, you MUST set a value for the `chunking.success.endpoint` option.
 28:  *    This will be called by Fine Uploader when all chunks for a file have been successfully uploaded, triggering the
 29:  *    PHP server to combine all parts into one file. This is particularly useful for the concurrent chunking feature,
 30:  *    but is now required in all cases if you are making use of this PHP example.
 31:  *
 32:  *
 33:  * @license   MIT License (MIT)
 34:  * @copyright Copyright (c) 2015-present, Widen Enterprises, Inc.
 35:  * @link      https://github.com/FineUploader/php-traditional-server
 36:  *
 37:  * The MIT License (MIT)
 38:  *
 39:  * Copyright (c) 2015-present, Widen Enterprises, Inc.
 40:  *
 41:  * Permission is hereby granted, free of charge, to any person obtaining a copy
 42:  * of this software and associated documentation files (the "Software"), to deal
 43:  * in the Software without restriction, including without limitation the rights
 44:  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 45:  * copies of the Software, and to permit persons to whom the Software is
 46:  * furnished to do so, subject to the following conditions:
 47:  *
 48:  * The above copyright notice and this permission notice shall be included in all
 49:  * copies or substantial portions of the Software.
 50:  *
 51:  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 52:  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 53:  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 54:  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 55:  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 56:  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 57:  * SOFTWARE.
 58:  */
 59: 
 60: include __DIR__ . '/mainfile.php';
 61: $xoopsLogger->activated = false;
 62: 
 63: /**
 64:  * Get our expected claims from the JSON Web Token.
 65:  *
 66:  * This is the list of claims which should be included:
 67:  *
 68:  *  aud     audience (asserted as our php script name)
 69:  *  cat     category id the user has chosen and is authorized for
 70:  *  uid     user id (asserted as the session specified user)
 71:  *  handler handler class
 72:  *  moddir  module directory for handler
 73:  *
 74:  * We will assert that aud and uid agree with our expectations (for security)
 75:  */
 76: $assert = array(
 77:     'aud' => basename(__FILE__),
 78:     'uid' => $xoopsUser instanceof \XoopsUser ? $xoopsUser->id() : 0,
 79: );
 80: $claims = TokenReader::fromHeader('fineuploader', $assert);
 81: 
 82: if ($claims === false) {
 83:     echo json_encode(array('error' => "Invalid request token"));
 84:     exit;
 85: }
 86: 
 87: // Include the base upload handler class
 88: XoopsLoad::load('fineuploadhandler', 'system');
 89: 
 90: $handler = (property_exists($claims, 'handler')) ? $claims->handler : 'fineuploadhandler';
 91: $moddir  = (property_exists($claims, 'moddir'))  ? $claims->moddir  : 'system';
 92: 
 93: XoopsLoad::load($handler, $moddir);
 94: 
 95: $className = $moddir . $handler;
 96: /* $uploader XoopsFineUploadHandler */
 97: $uploader = new $className($claims);
 98: 
 99: // Specify the list of valid extensions, ex. array("jpeg", "xml", "bmp")
100: $uploader->allowedExtensions = array(); // all files types allowed by default
101: 
102: // Specify max file size in bytes.
103: $uploader->sizeLimit = null;
104: 
105: // Specify the input name set in the javascript.
106: $uploader->inputName = "qqfile"; // matches Fine Uploader's default inputName value by default
107: 
108: // If you want to use the chunking/resume feature, specify the folder to temporarily save parts.
109: $uploader->chunksFolder = "chunks";
110: 
111: $method = get_request_method();
112: 
113: if ($method == "POST") {
114:     header("Content-Type: text/plain");
115: 
116:     // Assumes you have a chunking.success.endpoint set to point here with a query parameter of "done".
117:     // For example: /myserver/handlers/endpoint.php?done
118:     if (isset($_GET["done"])) {
119:         $result = $uploader->combineChunks(XOOPS_ROOT_PATH . "/uploads");
120:     } else { // Handle upload requests
121:         // Call handleUpload() with the name of the folder, relative to PHP's getcwd()
122:         $result = $uploader->handleUpload(XOOPS_ROOT_PATH . "/uploads");
123: 
124:         // To return a name used for uploaded file you can use the following line.
125:         $result["uploadName"] = $uploader->getUploadName();
126:     }
127: 
128:     echo json_encode($result);
129: } elseif ($method == "DELETE") { // for delete file requests
130:     $result = $uploader->handleDelete("files");
131:     echo json_encode($result);
132: } else {
133:     header("HTTP/1.0 405 Method Not Allowed");
134: }
135: 
136: /**
137:  * This will retrieve the "intended" request method.  Normally, this is the
138:  * actual method of the request.  Sometimes, though, the intended request method
139:  * must be hidden in the parameters of the request.  For example, when attempting to
140:  * delete a file using a POST request. In that case, "DELETE" will be sent along with
141:  * the request in a "_method" parameter.
142:  *
143:  * @return string
144:  */
145: function get_request_method()
146: {
147:     //skipping this as we are not using deletes and this is not PHP 7 compatible
148:     /*
149:     global $HTTP_RAW_POST_DATA;
150: 
151:     if(isset($HTTP_RAW_POST_DATA)) {
152:         parse_str($HTTP_RAW_POST_DATA, $_POST);
153:     }
154:     */
155: 
156:     if (isset($_POST["_method"]) && $_POST["_method"] != null) {
157:         return $_POST["_method"];
158:     }
159:     return $_SERVER["REQUEST_METHOD"];
160: }
161: