PCNet 2006 April

home *** CD-ROM | disk | FTP | other *** search

/ PCNet 2006 April / PCnet 2006-06.4.iso / shareware / nmsetup.exe / WebServer / web / upload.php < prev next >

Wrap

PHP Script | 2006-05-01 | 13.0 KB | 343 lines

<?php //////////////////////////////////////////////////////////////////////////////// //  //////////////////////////////////////////////////////////////////////////////// // // Build: 3.0.6121.0 (Stable) // $Revision: #3 $ // ini_set ( "zlib.output_compression", "Off" ); ini_set ( "max_execution_time", "0" ); $sNavLocation = "upload"; require "_session_common.php"; require "_folderutils.php"; /////////////////////////////////////////////////// // Init some variables /////////////////////////////////////////////////// $errorOccurred = 0; $errorText = ""; $sShare = ""; $sPath = ""; $bMaxSizeError = false; /////////////////////////////////////////////////// // We return to this page with this get value after // unsetting the folder session cache since unsetting // causes a browser refresh in Mac OSX IE // We check for the QS value and do nothing but show // UI for this edge case since the upload succeeded to // get to that point in the first place. /////////////////////////////////////////////////// if ($_GET['task'] != "done") { if (trim($_POST['SHARE']) == "") { $errorOccurred = 200; log_activity("QS check", "failure", return_error_text(200, "", $arErrors)); } else { $sShare = $_POST['SHARE']; log_activity("upload share", "info", $sShare); } if (trim($_POST['PATH']) == "") { $errorOccurred = 201; log_activity("QS check", "failure", return_error_text(201, "", $arErrors)); } else { $sPath = urlDecodeString($_POST['PATH']); log_activity("upload path", "info", $sPath); } if (isset($_GET['errorcode'])) { $errorOccurred = $_GET['errorcode']; } else { /////////////////////////////////////////////////// // check to ensure upload is enabled. /////////////////////////////////////////////////// try { $bUploadEnabled = $nmRaManager->UploadsEnabled; if (!$bUploadEnabled) { log_activity("upload", "error", return_error_text(327, "", $arErrors)); goto('/upload.php?errorcode=327&share=' . $sShare . '&path=' . urlEncodeString($sPath)); exit(); } } catch (exception $ex) { log_activity("Attempting nmRaManager->UploadsEnabled", "exception", $ex->getMessage()); goto('/upload.php?errorcode=307'); exit(); } } if ((!isValidString($_FILES['userfile']['size']) && !isValidString($_FILES['userfile']['error']) && !isValidString($_FILES['userfile']['tmp_name'])) || $_FILES['userfile']['size'] > $iMaxFileSize ) { // this is not the preferred way to check upload size limit, but we are not in all cases getting all the post // data back when we have someone attmept to upload a file over the limit. We ARE getting back null values for // all these fields, so we key off of this. $bMaxSizeError = true; } // if the above stops being true, we can fall back on a more preferred method of bailing due to files over the max size if ($bMaxSizeError) { $errorOccurred = 322; log_activity("file upload size check", "failure", return_error_text(322, "", $arErrors)); } if ($errorOccurred == 0) { /////////////////////////////////////////////////// // Need to validate that the share and the path // represent valid shares and paths (someone // could have changed them in the post field). /////////////////////////////////////////////////// try { $nmSharedPlace = $nmNetworkLib->OpenShare($sShare); if (strncmp($nmSharedPlace->Unc, $sPath, strlen($nmSharedPlace->Unc)) != 0) { $errorOccurred = 301; } } catch(com_exception $ex) { $errorOccurred = 103; log_activity("Attempting nmNetworkLib->OpenShare($sShare)", "exception", $ex->getMessage()); } /////////////////////////////////////////////////// // Check for php error codes /////////////////////////////////////////////////// if ($_FILES['userfile']['error'] != UPLOAD_ERR_OK) { $errorOccurred = 320; $errorcode = $_FILES['userfile']['error']; if ($errorcode == UPLOAD_ERR_NO_FILE) { $errorOccurred = 321; } else if (($errorcode == UPLOAD_ERR_INI_SIZE) || ($errorcode == UPLOAD_ERR_FORM_SIZE)) { $errorOccurred = 322; } else if ($errorcode == UPLOAD_ERR_PARTIAL) { $errorOccurred = 323; } else { $errorOccurred = 326; } } } if ($errorOccurred == 0) { $uploaddir = get_cfg_var('upload_tmp_dir'); $uploadfile = $uploaddir . stripslashes($_FILES['userfile']['name']); /////////////////////////////////////////////////// // What is the new file name? /////////////////////////////////////////////////// $newfilename = $sPath . "\\" . stripslashes($_FILES['userfile']['name']); /////////////////////////////////////////////////// // and the file extension of the file? /////////////////////////////////////////////////// $sFileExtension = strrchr($newfilename, "."); /////////////////////////////////////////////////// // is the extension of a disallowed type? /////////////////////////////////////////////////// if (strpos($sincDisallowedExtensions, strtolower($sFileExtension)) === false) { // good to go } else { $errorOccurred = 324; } if (!$bReplaceOriginalFileOnUpload) { /////////////////////////////////////////////////// // Does the newfilename exist? If so, we start to // increment through until we find out a filename // of the format \\machine\path\filename (x).ext // that does not exist and use that to save /////////////////////////////////////////////////// if (file_exists($newfilename)) { $sFilename = substr($newfilename, 0, (strlen($newfilename)-strlen($sFileExtension))); $iFileNumber = 1; $bCheckFileVersions = true; do { if (!file_exists($sFilename." (".$iFileNumber.")".$sFileExtension)) { $newfilename = $sFilename." (".$iFileNumber.")".$sFileExtension; $bCheckFileVersions = false; } $iFileNumber++; } while ($bCheckFileVersions == true); } } } if ($errorOccurred == 0) { // is there enough drive space for the file? $sFreeDriveSpace = disk_free_space($sPath); if (isValidString($sFreeDriveSpace) && !$bMaxSizeError) { if ($_FILES['userfile']['size'] > $sFreeDriveSpace) { $errorOccurred = 329; log_activity("drive space check", "failure", return_error_text(329, "", $arErrors)); } } } if ($errorOccurred == 0) { if (move_uploaded_file($_FILES['userfile']['tmp_name'],$newfilename) === FALSE) { $errorOccurred = 325; log_activity("upload", "failure", return_error_text(325, "", $arErrors)); } else { /////////////////////////////////////////////////// // we're getting a new file into the shared folder, // let's blow away the session vars so the cache // won't preclude showing it. /////////////////////////////////////////////////// unset($_SESSION['currentFolder']); unset($_SESSION['currentFolderInfo']); unset($_SESSION['currentFolderFiles']); log_activity("upload", "success", $newfilename); goto('/upload.php?task=done&newfilename=' . urlEncodeString($newfilename)); session_write_close(); exit(); } } else { log_activity("upload", "failure", return_error_text($errorOccurred, "", $arErrors)); } } else { /////////////////////////////////////////////////// // grab the filename from the QS here due to refresh /////////////////////////////////////////////////// $newfilename = urlDecodeString($_GET['newfilename']); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <head> <script type="text/javascript"> function close_window() { self.close(); } function reloadParent() { if (window.opener && !window.opener.closed) { if (window.opener.childOpen != undefined) { window.opener.location.reload(); } } } </script> <title><?php echo htmlspecialchars(returnPageTitle($sIntroHeadline, $sProductNameInformal, $nmSharedPlace, $sPath, $fileName)); ?></title> <?php require "_styles_import.php"; ?> </head> <body onload="reloadParent();" style="clip: rect(0px, 0px, 0px, 0px); overflow:hidden;" class="UploadBody">  <table width="100%" border="0"> <tr> <td valign="top"> <div class="BlankBgRuler"> </div>  <?php if ($errorOccurred != 0) { // we have an error, so let's just ditch the filename so it won't get displayed $newfilename = ""; if ($errorOccurred != 326) { $errormessage = return_error_text($errorOccurred, "", $arErrors); } else { $errormessage = return_error_text(326, "", $arErrors) . $_FILES['userfile']['error']; } ?> <div class="UploadTable"> <div class="LoginErrorContain"> <div class="ErrorImage"> <div class="ErrorText"> An error occurred </div> <div class="ErrorExplain"> <?php echo $errormessage; ?> <br/> (Error Code: <?php echo $errorOccurred; ?>) </div> </div>  </div>  <a href="javascript:close_window();" class="UploadCloseButton Button" tabindex="1" href="#" onmouseover="this.className='UploadCloseButton ButtonOver'" onmouseout="this.className='UploadCloseButton Button'">Close</a> </div> <?php } else { ?> <div class="UploadSetupTable" id="UploadStep2"> <div class="UploadStatusHeader">Your File Upload is Complete</div> <br/> <?php if (isValidString($newfilename)) { ?> <div class="UploadedFileName"> <div class="UploadGrfxYes"><?php echo(truncate_string(htmlentities(basename($newfilename)), $iUploadedFileNameTruncateLength, "...", "right", true));?></div> </div> <?php } ?> <br/> <br/> <div class="UploadCloseButton Button" tabindex="1" href="#" onmouseover="this.className='UploadCloseButton ButtonOver'" onmouseout="this.className='UploadCloseButton Button'" onclick="close_window()"><a href="javascript:close_window();">Close</a></div> </div> <?php } ?>  <br/> </td> <td> </td> </tr> </table> </body> </html>