jappixmini/jappix/php/file-share.php

   1 <?php
   2
   3 /*
   4
   5 Jappix - An open social platform
   6 This is the Jappix microblog file attaching script
   7
   8 -------------------------------------------------
   9
  10 License: AGPL
  11 Author: Vanaryon
  12 Last revision: 14/01/12
  13
  14 */
  15
  16 // PHP base
  17 define('JAPPIX_BASE', '..');
  18
  19 // Get the needed files
  20 require_once('./functions.php');
  21 require_once('./read-main.php');
  22 require_once('./read-hosts.php');
  23
  24 // Optimize the page rendering
  25 hideErrors();
  26 compressThis();
  27
  28 // Not allowed for a special node
  29 if(isStatic() || isUpload())
  30         exit;
  31
  32 // Set a special XML header
  33 header('Content-Type: text/xml; charset=utf-8');
  34
  35 // Everything is okay
  36 if((isset($_FILES['file']) && !empty($_FILES['file'])) && (isset($_POST['user']) && !empty($_POST['user'])) && (isset($_POST['location']) && !empty($_POST['location']))) {
  37         // Get the user name
  38         $user = $_POST['user'];
  39
  40         // Get the file name
  41         $tmp_filename = $_FILES['file']['tmp_name'];
  42         $filename = $_FILES['file']['name'];
  43
  44         // Get the location
  45         if(HOST_UPLOAD)
  46                 $location = HOST_UPLOAD;
  47         else
  48                 $location = $_POST['location'];
  49
  50         // Get the file new name
  51         $ext = getFileExt($filename);
  52         $new_name = preg_replace('/(^)(.+)(\.)(.+)($)/i', '$2', $filename);
  53
  54         // Define some vars
  55         $content_dir = JAPPIX_BASE.'/store/share/'.$user;
  56         $security_file = $content_dir.'/index.html';
  57         $name = sha1(time().$filename);
  58         $path = $content_dir.'/'.$name.'.'.$ext;
  59         $thumb_xml = '';
  60
  61         // Forbidden file?
  62         if(!isSafe($filename) || !isSafe($name.'.'.$ext)) {
  63                 exit(
  64 '<jappix xmlns=\'jappix:file:post\'>
  65         <error>forbidden-type</error>
  66 </jappix>'
  67                 );
  68         }
  69
  70         // Create the user directory
  71         if(!is_dir($content_dir)) {
  72                 mkdir($content_dir, 0777, true);
  73                 chmod($content_dir, 0777);
  74         }
  75
  76         // Create (or re-create) the security file
  77         if(!file_exists($security_file))
  78                 file_put_contents($security_file, securityHTML());
  79
  80         // File upload error?
  81         if(!is_uploaded_file($tmp_filename) || !move_uploaded_file($tmp_filename, $path)) {
  82                 exit(
  83 '<jappix xmlns=\'jappix:file:post\'>
  84         <error>move-error</error>
  85 </jappix>'
  86                 );
  87         }
  88
  89         // Resize and compress if this is a JPEG file
  90         if(preg_match('/^(jpg|jpeg|png|gif)$/i', $ext)) {
  91                 // Resize the image
  92                 resizeImage($path, $ext, 1024, 1024);
  93
  94                 // Copy the image
  95                 $thumb = $content_dir.'/'.$name.'_thumb.'.$ext;
  96                 copy($path, $thumb);
  97
  98                 // Create the thumbnail
  99                 if(resizeImage($thumb, $ext, 140, 105))
 100                         $thumb_xml = '<thumb>'.htmlspecialchars($location.'store/share/'.$user.'/'.$name.'_thumb.'.$ext).'</thumb>';
 101         }
 102
 103         // Return the path to the file
 104         exit(
 105 '<jappix xmlns=\'jappix:file:post\'>
 106         <href>'.htmlspecialchars($location.'store/share/'.$user.'/'.$name.'.'.$ext).'</href>
 107         <title>'.htmlspecialchars($new_name).'</title>
 108         <type>'.htmlspecialchars(getFileMIME($path)).'</type>
 109         <length>'.htmlspecialchars(filesize($path)).'</length>
 110         '.$thumb_xml.'
 111 </jappix>'
 112         );
 113 }
 114
 115 // Bad request error!
 116 exit(
 117 '<jappix xmlns=\'jappix:file:post\'>
 118         <error>bad-request</error>
 119 </jappix>'
 120 );
 121
 122 ?>