607 regels
17 KiB
PHP

2016-08-01 14:20:20 +02:00
<?php
/*
2023-04-10 22:47:06 +02:00
RoxyFileman - web based file manager. Ready to use with CKEditor, TinyMCE.
2016-08-01 14:20:20 +02:00
Can be easily integrated with any other WYSIWYG editor or CMS.
Copyright (C) 2013, RoxyFileman.com - Lyubomir Arsov. All rights reserved.
For licensing, see LICENSE.txt or http://RoxyFileman.com/license
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Contact: Lyubomir Arsov, liubo (at) web-lobby.com
*/
2023-04-10 22:25:46 +02:00
include_once 'security.inc.php';
function t(string $key): string
{
global $LANG;
if (empty($LANG)) {
$file = 'en.json';
$langPath = '../lang/';
if (defined('LANG')) {
if (LANG == 'auto') {
$lang = strtolower(substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2));
2023-04-10 22:47:06 +02:00
if (is_file($langPath . $lang . '.json')) {
2023-04-10 22:25:46 +02:00
$file = $lang . '.json';
2023-04-10 22:47:06 +02:00
}
2023-04-10 22:25:46 +02:00
} elseif (is_file($langPath . LANG . '.json')) {
$file = LANG . '.json';
}
}
$file = $langPath . $file;
$LANG = json_decode((string) file_get_contents($file), true);
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
if (!$LANG[$key]) {
$LANG[$key] = $key;
}
return $LANG[$key];
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
function checkPath(string $path): bool
{
return mb_strpos($path . '/', getFilesPath()) === 0;
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
function verifyAction(string $action): void
{
if (!defined($action) || !constant($action)) {
exit;
}
2016-08-01 14:20:20 +02:00
$confUrl = constant($action);
2023-04-10 22:25:46 +02:00
if (!is_string($confUrl)) {
die('Error parsing configuration');
}
2016-08-01 14:20:20 +02:00
$qStr = mb_strpos($confUrl, '?');
2023-04-10 22:25:46 +02:00
if ($qStr !== false) {
$confUrl = mb_substr($confUrl, 0, $qStr);
}
$confUrl = BASE_PATH . '/' . $confUrl;
2016-08-01 14:20:20 +02:00
$confUrl = RoxyFile::FixPath($confUrl);
2023-04-10 22:25:46 +02:00
$thisUrl = dirname(__FILE__) . '/' . basename($_SERVER['PHP_SELF']);
2016-08-01 14:20:20 +02:00
$thisUrl = RoxyFile::FixPath($thisUrl);
2023-04-10 22:25:46 +02:00
if ($thisUrl != $confUrl) {
echo "$confUrl $thisUrl";
exit;
2016-08-01 14:20:20 +02:00
}
}
2023-04-10 22:25:46 +02:00
function verifyPath(string $path): void
{
if (!checkPath($path)) {
echo getErrorRes("Access to $path is denied") . ' ' . $path;
exit;
}
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
function fixPath(string $path): string
{
$path = dirname($_SERVER['SCRIPT_FILENAME']) . '/../../../../../../' . $path;
2023-04-10 22:25:46 +02:00
$path = str_replace('\\', '/', $path);
$path = RoxyFile::FixPath($path);
return $path;
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
function getResultStr(string $type, string $str = ''): string
{
return '{"res":"' . addslashes($type) . '","msg":"' . addslashes($str) . '"}';
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
function getSuccessRes(string $str = ''): string
{
return getResultStr('ok', $str);
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
function getErrorRes(string $str = ''): string
{
return getResultStr('error', $str);
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
function getFilesPath(): string
{
$ret = (isset($_SESSION[SESSION_PATH_KEY]) && $_SESSION[SESSION_PATH_KEY] != '' ? $_SESSION[SESSION_PATH_KEY] : FILES_ROOT);
if (!$ret) {
$ret = RoxyFile::FixPath(BASE_PATH . '/Uploads');
$tmp = $_SERVER['DOCUMENT_ROOT'];
2023-04-10 22:47:06 +02:00
if (mb_substr($tmp, -1) == '/' || mb_substr($tmp, -1) == '\\') {
2023-04-10 22:25:46 +02:00
$tmp = mb_substr($tmp, 0, -1);
2023-04-10 22:47:06 +02:00
}
2023-04-10 22:25:46 +02:00
$ret = str_replace(RoxyFile::FixPath($tmp), '', $ret);
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
return $ret;
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
/**
* @param string $path
* @return string[]
*/
function listDirectory(string $path): array
{
$ret = @scandir($path);
if ($ret === false) {
$ret = [];
$d = opendir($path);
if ($d) {
while (($f = readdir($d)) !== false) {
$ret[] = $f;
}
closedir($d);
}
2016-08-01 14:20:20 +02:00
}
return $ret;
2023-04-10 22:25:46 +02:00
}
2016-08-01 14:20:20 +02:00
2023-04-10 22:25:46 +02:00
class RoxyFile
{
2023-04-10 22:47:06 +02:00
public static function CheckWritable(string $dir): bool
2023-04-10 22:25:46 +02:00
{
$ret = false;
if (self::CreatePath($dir)) {
$dir = self::FixPath($dir . '/');
$testFile = 'writetest.txt';
$f = @fopen($dir . $testFile, 'w', false);
if ($f) {
fclose($f);
$ret = true;
@unlink($dir . $testFile);
}
}
return $ret;
}
2016-08-01 14:20:20 +02:00
2023-04-10 22:25:46 +02:00
/**
* @param $path
* @return bool
*/
2023-04-10 22:47:06 +02:00
public static function CreatePath(string $path): bool
2023-04-10 22:25:46 +02:00
{
2023-04-10 22:47:06 +02:00
if (is_dir($path)) {
2023-04-10 22:25:46 +02:00
return true;
2023-04-10 22:47:06 +02:00
}
$prev_path = substr($path, 0, strrpos($path, '/', -2) + 1);
2023-04-10 22:25:46 +02:00
$return = self::createPath($prev_path);
return $return && is_writable($prev_path) && mkdir($path);
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
2023-04-10 22:47:06 +02:00
public static function CanUploadFile(string $filename): bool
2023-04-10 22:25:46 +02:00
{
$forbidden = array_filter((array) preg_split('/[^\d\w]+/', strtolower(FORBIDDEN_UPLOADS)));
$allowed = array_filter((array) preg_split('/[^\d\w]+/', strtolower(ALLOWED_UPLOADS)));
$ext = RoxyFile::GetExtension($filename);
if ((empty($forbidden) || !in_array($ext, $forbidden)) && (empty($allowed) || in_array($ext, $allowed))) {
return true;
}
return false;
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
2023-04-10 22:47:06 +02:00
public static function ZipAddDir(string $path, ZipArchive $zip, string $zipPath): void
2023-04-10 22:25:46 +02:00
{
$d = opendir($path);
$zipPath = str_replace('//', '/', $zipPath);
if ($zipPath && $zipPath != '/') {
$zip->addEmptyDir($zipPath);
}
if (is_resource($d)) {
while (($f = readdir($d)) !== false) {
2023-04-10 22:47:06 +02:00
if ($f == '.' || $f == '..') {
2023-04-10 22:25:46 +02:00
continue;
2023-04-10 22:47:06 +02:00
}
2023-04-10 22:25:46 +02:00
$filePath = $path . '/' . $f;
if (is_file($filePath)) {
$zip->addFile($filePath, ($zipPath ? $zipPath . '/' : '') . $f);
} elseif (is_dir($filePath)) {
self::ZipAddDir($filePath, $zip, ($zipPath ? $zipPath . '/' : '') . $f);
}
}
}
if (is_resource($d)) {
closedir($d);
}
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
2023-04-10 22:47:06 +02:00
public static function ZipDir(string $path, string $zipFile, string $zipPath = ''): void
2023-04-10 22:25:46 +02:00
{
$zip = new ZipArchive();
$zip->open($zipFile, ZIPARCHIVE::CREATE);
self::ZipAddDir($path, $zip, $zipPath);
$zip->close();
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
2023-04-10 22:47:06 +02:00
public static function IsImage(string $fileName): bool
2023-04-10 22:25:46 +02:00
{
$ext = strtolower(self::GetExtension($fileName));
$imageExtensions = ['jpg', 'jpeg', 'jpe', 'png', 'gif', 'ico', 'webp'];
return in_array($ext, $imageExtensions);
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:47:06 +02:00
public static function IsFlash(string $fileName): bool
2023-04-10 22:25:46 +02:00
{
$ext = strtolower(self::GetExtension($fileName));
$flashExtensions = ['swf', 'flv', 'swc', 'swt'];
return in_array($ext, $flashExtensions);
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
/**
* Returns human formated file size
*
* @param int $filesize
* @return string
*/
2023-04-10 22:47:06 +02:00
public static function FormatFileSize(int $filesize): string
2023-04-10 22:25:46 +02:00
{
$unit = 'B';
if ($filesize > 1024) {
$unit = 'KB';
$filesize = $filesize / 1024;
}
if ($filesize > 1024) {
$unit = 'MB';
$filesize = $filesize / 1024;
}
if ($filesize > 1024) {
$unit = 'GB';
$filesize = $filesize / 1024;
}
$ret = round($filesize, 2) . ' ' . $unit;
return $ret;
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
/**
* Returns MIME type of $filename
*
* @param string $filename
* @return string
*/
2023-04-10 22:47:06 +02:00
public static function GetMIMEType(string $filename): string
2023-04-10 22:25:46 +02:00
{
$ext = self::GetExtension($filename);
switch (strtolower($ext)) {
case 'jpg':
case 'jpeg':
return 'image/jpeg';
case 'gif':
return 'image/gif';
case 'png':
return 'image/png';
case 'bmp':
return 'image/bmp';
case 'webp':
return 'image/webp';
case 'tiff':
case 'tif':
return 'image/tiff';
case 'pdf':
return 'application/pdf';
case 'rtf':
case 'doc':
return 'application/msword';
case 'xls':
return 'application/vnd.ms-excel';
case 'zip':
return 'application/zip';
case 'swf':
return 'application/x-shockwave-flash';
default:
return 'application/octet-stream';
}
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
/**
* Replaces any character that is not letter, digit or underscore from $filename with $sep
*
* @param string $filename
* @param string $sep
* @return string
*/
2023-04-10 22:47:06 +02:00
public static function CleanupFilename(string $filename, string $sep = '_'): string
2023-04-10 22:25:46 +02:00
{
$str = '';
if (strpos($filename, '.')) {
$ext = self::GetExtension($filename);
$name = self::GetName($filename);
} else {
$ext = '';
$name = $filename;
}
if (mb_strlen($name) > 32) {
$name = mb_substr($name, 0, 32);
}
$str = str_replace('.php', '', $str);
$str = (string) mb_ereg_replace("[^\\w]", $sep, $name);
$str = (string) mb_ereg_replace("$sep+", $sep, $str) . ($ext ? '.' . $ext : '');
return $str;
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
/**
* Returns file extension without dot
*
* @param string $filename
* @return string
*/
2023-04-10 22:47:06 +02:00
public static function GetExtension(string $filename): string
2023-04-10 22:25:46 +02:00
{
$ext = '';
if (mb_strrpos($filename, '.') !== false) {
$ext = mb_substr($filename, mb_strrpos($filename, '.') + 1);
}
return strtolower($ext);
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
/**
* Returns file name without extension
*
* @param string $filename
* @return string
*/
2023-04-10 22:47:06 +02:00
public static function GetName(string $filename): string
2023-04-10 22:25:46 +02:00
{
$tmp = mb_strpos($filename, '?');
if ($tmp !== false) {
$filename = mb_substr($filename, 0, $tmp);
}
$dotPos = mb_strrpos($filename, '.');
if ($dotPos !== false) {
$name = mb_substr($filename, 0, $dotPos);
} else {
$name = $filename;
}
return $name;
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
2023-04-10 22:47:06 +02:00
public static function GetFullName(string $filename): string
2023-04-10 22:25:46 +02:00
{
$tmp = mb_strpos($filename, '?');
if ($tmp !== false) {
$filename = mb_substr($filename, 0, $tmp);
}
return basename($filename);
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:47:06 +02:00
public static function FixPath(string $path): string
2023-04-10 22:25:46 +02:00
{
$path = (string) mb_ereg_replace('[\\\/]+', '/', $path);
//$path = (string) mb_ereg_replace('\.\.\/', '', $path);
2023-04-10 22:25:46 +02:00
return $path;
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
/**
* creates unique file name using $filename( " - Copy " and number is added if file already exists) in directory $dir
*
* @param string $dir
* @param string $filename
* @return string
*/
2023-04-10 22:47:06 +02:00
public static function MakeUniqueFilename(string $dir, string $filename): string
2023-04-10 22:25:46 +02:00
{
;
$dir .= '/';
$dir = self::FixPath($dir . '/');
$ext = self::GetExtension($filename);
$name = self::GetName($filename);
$name = self::CleanupFilename($name);
$name = mb_ereg_replace(' \\- Copy \\d+$', '', $name);
if ($ext) {
$ext = '.' . $ext;
}
if (!$name) {
$name = 'file';
}
$i = 0;
do {
$temp = ($i > 0 ? $name . " - Copy $i" : $name) . $ext;
$i++;
} while (file_exists($dir . $temp));
return $temp;
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
/**
* creates unique directory name using $name( " - Copy " and number is added if directory already exists) in directory $dir
*
* @param string $dir
* @param string $name
* @return string
*/
2023-04-10 22:47:06 +02:00
public static function MakeUniqueDirname(string $dir, string $name): string
2023-04-10 22:25:46 +02:00
{
$dir = self::FixPath($dir . '/');
$name = mb_ereg_replace(' - Copy \\d+$', '', $name);
if (!$name) {
$name = 'directory';
}
$i = 0;
do {
$temp = ($i ? $name . " - Copy $i" : $name);
$i++;
} while (is_dir($dir . $temp));
return $temp;
}
}
class RoxyImage
{
public static function GetImage(string $path)
{
$ext = RoxyFile::GetExtension(basename($path));
switch ($ext) {
case 'png':
return imagecreatefrompng($path);
case 'gif':
return imagecreatefromgif($path);
default:
return imagecreatefromjpeg($path);
}
}
public static function OutputImage($img, string $type, ?string $destination = '', int $quality = 90)
{
2023-04-10 22:47:06 +02:00
if (is_string($img)) {
2023-04-10 22:25:46 +02:00
$img = self::GetImage($img);
}
2023-04-10 22:47:06 +02:00
switch (strtolower($type)) {
2023-04-10 22:25:46 +02:00
case 'png':
imagepng($img, $destination);
break;
case 'gif':
imagegif($img, $destination);
break;
default:
imagejpeg($img, $destination, $quality);
}
}
public static function SetAlpha($img, string $path)
{
$ext = RoxyFile::GetExtension(basename($path));
if ($ext == "gif" || $ext == "png") {
imagecolortransparent($img, (int) imagecolorallocatealpha($img, 0, 0, 0, 127));
imagealphablending($img, false);
imagesavealpha($img, true);
}
return $img;
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
public static function Resize(
string $source,
?string $destination,
int $width = 150,
int $height = 0,
int $quality = 90
2023-04-10 22:47:06 +02:00
): void {
2023-04-10 22:25:46 +02:00
$tmp = (array) getimagesize($source);
$w = $tmp[0];
$h = $tmp[1];
$r = $w / $h;
if ($w <= ($width + 1) && (($h <= ($height + 1)) || (!$height && !$width))) {
if ($source != $destination) {
self::OutputImage($source, RoxyFile::GetExtension(basename($source)), $destination, $quality);
}
return;
}
$newWidth = $width;
$newHeight = floor($newWidth / $r);
if (($height > 0 && $newHeight > $height) || !$width) {
$newHeight = $height;
$newWidth = intval($newHeight * $r);
}
$thumbImg = imagecreatetruecolor((int) $newWidth, (int) $newHeight);
$img = self::GetImage($source);
$thumbImg = self::SetAlpha($thumbImg, $source);
imagecopyresampled($thumbImg, $img, 0, 0, 0, 0, (int) $newWidth, (int) $newHeight, $w, $h);
self::OutputImage($thumbImg, RoxyFile::GetExtension(basename($source)), $destination, $quality);
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
public static function CropCenter(
string $source,
?string $destination,
int $width,
int $height,
int $quality = 90
2023-04-10 22:47:06 +02:00
): void {
2023-04-10 22:25:46 +02:00
$tmp = (array) getimagesize($source);
$w = $tmp[0];
$h = $tmp[1];
if (($w <= $width) && (!$height || ($h <= $height))) {
self::OutputImage(self::GetImage($source), RoxyFile::GetExtension(basename($source)), $destination, $quality);
}
$ratio = $width / $height;
$top = $left = 0;
$cropWidth = floor($h * $ratio);
$cropHeight = floor($cropWidth / $ratio);
if ($cropWidth > $w) {
$cropWidth = $w;
$cropHeight = $w / $ratio;
}
if ($cropHeight > $h) {
$cropHeight = $h;
$cropWidth = $h * $ratio;
}
if ($cropWidth < $w) {
$left = floor(($w - $cropWidth) / 2);
}
if ($cropHeight < $h) {
$top = floor(($h - $cropHeight) / 2);
}
self::Crop($source, $destination, (int) $left, (int) $top, $cropWidth, $cropHeight, $width, $height, $quality);
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
public static function Crop(
string $source,
?string $destination,
int $x,
int $y,
int $cropWidth,
int $cropHeight,
int $width,
int $height,
int $quality = 90
2023-04-10 22:47:06 +02:00
): void {
2023-04-10 22:25:46 +02:00
$thumbImg = imagecreatetruecolor($width, $height);
$img = self::GetImage($source);
$thumbImg = self::SetAlpha($thumbImg, $source);
imagecopyresampled($thumbImg, $img, 0, 0, $x, $y, $width, $height, $cropWidth, $cropHeight);
self::OutputImage($thumbImg, RoxyFile::GetExtension(basename($source)), $destination, $quality);
}
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
$tmp = json_decode((string) file_get_contents(BASE_PATH . '/conf.json'), true);
if (!$tmp || !is_array($tmp)) {
die('Error parsing configuration');
2016-08-01 14:20:20 +02:00
}
2023-04-10 22:25:46 +02:00
foreach ($tmp as $k => $v) {
define((string) $k, $v);
}
2016-08-01 14:20:20 +02:00
$FilesRoot = fixPath(getFilesPath());
2023-04-10 22:25:46 +02:00
if (!is_dir($FilesRoot)) {
@mkdir($FilesRoot, (int) octdec(DIRPERMISSIONS));
2023-04-10 22:47:06 +02:00
}