File: //home/retile.ru/public_html/admin/controller/common/attachmanager.php
<?php
/*
* IT IS NOT FREE, YOU SHOULD BUY / REFISTER A LICENSE AT HTTPS://MMOSolution.COM
* CONTACT: toan@MMOSOLUTION.COM
* AUTHOR: MMOSOLUTION TEAM AT VIETNAM
* All code within this file is copyright MMOSOLUTION.COM TEAM | FOUNDED @2012
* You can not copy or reuse code within this file without written permission.
*/
class ControllerCommonAttachManager extends Controller {
private $images_type = array('jpg', 'jpeg', 'gif', 'png');
protected $dir_image;
function __construct($registry) {
//global $registry;
parent::__construct($registry);
$this->dir_image = DIR_IMAGE . 'attach_data';
}
public function index() {
$this->load->language('common/attachmanager');
$info_setting = $this->config->get('attachmanager');
$filetype = $info_setting['filetype'];
$allowfiletype = explode(',', $info_setting['filetype']);
if (isset($this->request->get['filter_name'])) {
$filter_name = rtrim(str_replace(array('../', '..\\', '..', '*'), '', $this->request->get['filter_name']), '/');
} else {
$filter_name = null;
}
// Make sure we have the correct directory
if (isset($this->request->get['directory'])) {
$directory = rtrim($this->dir_image . str_replace(array('../', '..\\', '..'), '', $this->request->get['directory']), '/');
} else {
$directory = $this->dir_image;
}
$url = '&user_token=' . $this->session->data['user_token'];
if ($this->request->get['target']) {
$url .= '&target=' . $this->request->get['target'];
}
if ($this->request->get['thumb']) {
$url .= '&thumb=' . $this->request->get['thumb'];
}
$data['breadcrumbs'] = array();
$data['breadcrumbs'][] = array(
'text' => $this->language->get('text_root'),
'href' => $this->url->link('common/attachmanager' . $url, '', 'SSL')
);
if (isset($this->request->get['limit'])) {
$this->session->data['filter_show_limit'] = (int) $this->request->get['limit'];
}
if (isset($this->session->data['filter_show_limit'])) {
$data['filter_show_limit'] = $this->session->data['filter_show_limit'];
} else {
$data['filter_show_limit'] = $this->config->get('config_limit_admin');
}
$limits = array($this->config->get('config_limit_admin'), 5, 15, 25, 50, 75, 100);
$data['limits'] = array_unique($limits);
asort($data['limits']);
$foldersbreadcrumbs = str_replace($this->dir_image, '', $directory);
// var_dump($this->dir_imag);
if ($foldersbreadcrumbs != '') {
$folders = explode('/', $foldersbreadcrumbs);
$endfolder = end($folders);
$url_bread = '';
foreach ($folders as $folder) {
if ($folder != '') {
$url_bread .= '/' . $folder;
$data['breadcrumbs'][] = array(
'text' => html_entity_decode($folder, ENT_QUOTES, 'UTF-8'),
'href' => $this->url->link('common/attachmanager', '&directory=' . urlencode($url_bread) . $url, 'SSL')
);
}
}
}
if (isset($this->request->get['page'])) {
$page = $this->request->get['page'];
} else {
$page = 1;
}
$data['objects'] = array();
$this->load->model('tool/image');
// Get directories
$directories = glob($directory . '/' . $filter_name . '*', GLOB_ONLYDIR);
if (!$directories) {
$directories = array();
}
$filess = glob($directory . '/' . $filter_name . '*', GLOB_BRACE);
$files = array();
foreach ($filess as $key => $value) {
if (in_array(utf8_strtolower(utf8_substr(strrchr($value, '.'), 1)), $allowfiletype)) {
array_push($files, $value);
}
}
// Merge directories and files
$objects = array_merge($directories, $files);
//var_dump($objects);
// Get total number of files and directories
$object_total = count($objects);
// Split the array based on current page number and max number of items per page of 10
$objects = array_splice($objects, ($page - 1) * $data['filter_show_limit'], $data['filter_show_limit']);
foreach ($objects as $object) {
$name = str_split(basename($object), 14);
if (is_dir($object)) {
$url = '';
if (isset($this->request->get['target'])) {
$url .= '&target=' . $this->request->get['target'];
}
if (isset($this->request->get['thumb'])) {
$url .= '&thumb=' . $this->request->get['thumb'];
}
$files = glob($object . "/*");
$data['objects'][] = array(
'thumb' => '',
'total_files' => count($files),
'name' => implode(' ', $name),
'type' => 'directory',
'path' => utf8_substr($object, utf8_strlen(DIR_IMAGE)),
'href' => $this->url->link('common/attachmanager', 'user_token=' . $this->session->data['user_token'] . '&directory=' . urlencode(utf8_substr($object, utf8_strlen($this->dir_image))) . $url, 'SSL')
);
} elseif (is_file($object)) {
if ($this->request->server['HTTPS']) {
$server = HTTPS_CATALOG;
} else {
$server = HTTP_CATALOG;
}
$size = filesize($object);
$i = 0;
$suffix = array('B', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB');
while (($size / 1024) > 1) {
$size = $size / 1024;
$i++;
}
// var_dump(utf8_strtolower(utf8_substr(strrchr($object, '.'), 1)));
$exten = utf8_strtolower(utf8_substr(strrchr($object, '.'), 1));
$mask = utf8_strtolower(utf8_substr(strrchr($object, '.'), 0));
if (in_array(utf8_strtolower(utf8_substr(strrchr($object, '.'), 1)), $this->images_type)) {
$thumb = $this->model_tool_image->resize(utf8_substr($object, utf8_strlen(DIR_IMAGE)), 100, 100);
} else {
$thumb = $this->model_tool_image->resize('attached_icon/' . $exten . '.png', 100, 100);
}
if (!$thumb) {
$thumb = $this->model_tool_image->resize('attached_icon/default.png', 100, 100);
}
//$dotfile = end($name);
$exten = strtolower(substr($object, strrpos($object, '.') + 1));
$nameddd = str_split(basename(str_replace('.' . $exten, '', basename($object))), 14);
$data['objects'][] = array(
'thumb' => $thumb,
'name' => implode(' ', $nameddd) . '.' . $exten,
'exten' => $exten,
'type' => 'file',
'pre_view' => DIR_IMAGE . $object,
'size' => round(utf8_substr($size, 0, strpos($size, '.') + 4), 2) . $suffix[$i],
'path' => utf8_substr($object, utf8_strlen(DIR_IMAGE)),
'href' => $server . 'image/' . utf8_substr($object, utf8_strlen(DIR_IMAGE))
);
}
}
$data['heading_title'] = $this->language->get('heading_title');
$data['text_no_results'] = $this->language->get('text_no_results');
$data['text_confirm'] = $this->language->get('text_confirm');
$data['text_mmosrefesh'] = $this->language->get('text_mmosrefesh');
$data['entry_search'] = $this->language->get('entry_search');
$data['entry_folder'] = $this->language->get('entry_folder');
$data['button_parent'] = $this->language->get('button_parent');
$data['button_refresh'] = $this->language->get('button_refresh');
$data['button_upload'] = $this->language->get('button_upload');
$data['button_folder'] = $this->language->get('button_folder');
$data['button_delete'] = $this->language->get('button_delete');
$data['button_search'] = $this->language->get('button_search');
$data['button_remove'] = $this->language->get('button_remove');
$data['user_token'] = $this->session->data['user_token'];
if (isset($this->request->get['directory'])) {
$data['directory'] = urlencode($this->request->get['directory']);
} else {
$data['directory'] = '';
}
if (isset($this->request->get['filter_name'])) {
$data['filter_name'] = $this->request->get['filter_name'];
} else {
$data['filter_name'] = '';
}
// Return the target ID for the file manager to set the value
if (isset($this->request->get['target'])) {
$data['target'] = $this->request->get['target'];
} else {
$data['target'] = '';
}
// Return the thumbnail for the file manager to show a thumbnail
if (isset($this->request->get['thumb'])) {
$data['thumb'] = $this->request->get['thumb'];
} else {
$data['thumb'] = '';
}
// Parent
$url = '';
if (isset($this->request->get['directory'])) {
$pos = strrpos($this->request->get['directory'], '/');
if ($pos) {
$url .= '&directory=' . urlencode(substr($this->request->get['directory'], 0, $pos));
}
}
if (isset($this->request->get['target'])) {
$url .= '&target=' . $this->request->get['target'];
}
if (isset($this->request->get['thumb'])) {
$url .= '&thumb=' . $this->request->get['thumb'];
}
$data['parent'] = $this->url->link('common/attachmanager', 'user_token=' . $this->session->data['user_token'] . $url, 'SSL');
// Refresh
$url = '';
if (isset($this->request->get['directory'])) {
$url .= '&directory=' . urlencode($this->request->get['directory']);
}
if (isset($this->request->get['target'])) {
$url .= '&target=' . $this->request->get['target'];
}
if (isset($this->request->get['thumb'])) {
$url .= '&thumb=' . $this->request->get['thumb'];
}
$data['refresh'] = $this->url->link('common/attachmanager', 'user_token=' . $this->session->data['user_token'] . $url, 'SSL');
$url = '';
if (isset($this->request->get['directory'])) {
$url .= '&directory=' . urlencode(html_entity_decode($this->request->get['directory'], ENT_QUOTES, 'UTF-8'));
}
if (isset($this->request->get['filter_name'])) {
$url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
}
if (isset($this->request->get['target'])) {
$url .= '&target=' . $this->request->get['target'];
}
if (isset($this->request->get['thumb'])) {
$url .= '&thumb=' . $this->request->get['thumb'];
}
$pagination = new Pagination();
$pagination->total = $object_total;
$pagination->page = $page;
$pagination->limit = $data['filter_show_limit'];
$pagination->url = $this->url->link('common/attachmanager', 'user_token=' . $this->session->data['user_token'] . $url . '&page={page}', 'SSL');
$data['pagination'] = $pagination->render();
$this->response->setOutput($this->load->view('common/attachmanager', $data));
}
public function upload() {
$this->load->language('common/attachmanager');
$info_setting = $this->config->get('attachmanager');
$filetype = explode(',', $info_setting['filetype']);
$attachmanager = $info_setting['maxfilesize'];
$json = array();
// Check user has permission
if (!$this->user->hasPermission('modify', 'common/attachmanager')) {
$json['error'] = $this->language->get('error_permission');
}
// Make sure we have the correct directory
if (isset($this->request->get['directory'])) {
$directory = rtrim($this->dir_image . str_replace(array('../', '..\\', '..'), '', $this->request->get['directory']), '/');
} else {
$directory = $this->dir_image;
}
// Check its a directory
if (!is_dir($directory)) {
$json['error'] = $this->language->get('error_directory');
}
if (!$json) {
// Sanitize the filename
$filename = basename(html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8'));
if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) {
// Validate the filename length
if ((utf8_strlen($filename) < 3) || (utf8_strlen($filename) > 255)) {
$json['mmos_error'] = $filename;
$json['error'] = $this->language->get('error_filename');
} elseif (!in_array(utf8_strtolower(utf8_substr(strrchr($filename, '.'), 1)), $filetype)) {
$json['mmos_error'] = $filename;
$json['error'] = $this->language->get('error_filetype');
} elseif ($this->request->files['file']['size'] > ($attachmanager * 8 * 1024 * 1024)) {
$json['mmos_error'] = $filename;
// convert to byte
$json['error'] = $this->language->get('error_file_size');
}
// Check to see if any PHP files are trying to be uploaded
// $content = file_get_contents($this->request->files['file']['tmp_name']);
// if (preg_match('/\<\?php/i', $content)) {
// $json['error'] = $this->language->get('error_filetype');
// }
// Return any upload error
elseif ($this->request->files['file']['error'] != UPLOAD_ERR_OK) {
$json['mmos_error'] = $filename;
$json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']);
}
} else {
$json['mmos_error'] = $filename;
$json['error'] = $this->language->get('error_upload');
}
}
if (!$json) {
move_uploaded_file($this->request->files['file']['tmp_name'], $directory . '/' . $filename);
$json['mmos_success'] = $filename;
$json['success'] = $this->language->get('text_uploaded');
}
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
public function folder() {
$this->load->language('common/attachmanager');
$json = array();
// Check user has permission
if (!$this->user->hasPermission('modify', 'common/attachmanager')) {
$json['error'] = $this->language->get('error_permission');
}
// Make sure we have the correct directory
if (isset($this->request->get['directory'])) {
$directory = rtrim($this->dir_image . str_replace(array('../', '..\\', '..'), '', $this->request->get['directory']), '/');
} else {
$directory = $this->dir_image;
}
// Check its a directory
if (!is_dir($directory)) {
$json['error'] = $this->language->get('error_directory');
}
if (!$json) {
// Sanitize the folder name
$folder = str_replace(array('../', '..\\', '..'), '', basename(html_entity_decode($this->request->post['folder'], ENT_QUOTES, 'UTF-8')));
// Validate the filename length
if ((utf8_strlen($folder) < 3) || (utf8_strlen($folder) > 128)) {
$json['error'] = $this->language->get('error_folder');
}
// Check if directory already exists or not
if (is_dir($directory . '/' . $folder)) {
$json['error'] = $this->language->get('error_exists');
}
}
if (!$json) {
mkdir($directory . '/' . $folder, 0777);
$json['success'] = $this->language->get('text_directory');
}
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
public function delete() {
$this->load->language('common/attachmanager');
$json = array();
// Check user has permission
if (!$this->user->hasPermission('modify', 'common/attachmanager')) {
$json['error'] = $this->language->get('error_permission');
}
if (isset($this->request->post['path'])) {
$paths = $this->request->post['path'];
} else {
$paths = array();
}
// Loop through each path to run validations
foreach ($paths as $path) {
$path = rtrim(DIR_IMAGE . str_replace(array('../', '..\\', '..'), '', $path), '/');
// Check path exsists
if ($path == $this->dir_image) {
$json['error'] = $this->language->get('error_delete');
break;
}
}
if (!$json) {
// Loop through each path
foreach ($paths as $path) {
$path = rtrim(DIR_IMAGE . str_replace(array('../', '..\\', '..'), '', $path), '/');
// If path is just a file delete it
if (is_file($path)) {
unlink($path);
// If path is a directory beging deleting each file and sub folder
} elseif (is_dir($path)) {
$files = array();
// Make path into an array
$path = array($path . '*');
// While the path array is still populated keep looping through
while (count($path) != 0) {
$next = array_shift($path);
foreach (glob($next) as $file) {
// If directory add to path array
if (is_dir($file)) {
$path[] = $file . '/*';
}
// Add the file to the files to be deleted array
$files[] = $file;
}
}
// Reverse sort the file array
rsort($files);
foreach ($files as $file) {
// If file just delete
if (is_file($file)) {
unlink($file);
// If directory use the remove directory function
} elseif (is_dir($file)) {
rmdir($file);
}
}
}
}
$json['success'] = $this->language->get('text_delete');
}
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
}