registerTask( 'uploads', 'upload' );
$view = JRequest::getVar('view', 'filemanager');
$this->return_url = $view == 'filemanager' ?
'index.php?option=com_flexicontent&view=filemanager' :
$_SERVER['HTTP_REFERER'] ;
}
/**
* Upload files
*
* @since 1.0
*/
function upload()
{
// Check for request forgeries
JRequest::checkToken( 'request' ) or jexit( 'Invalid Token' );
$user = JFactory::getUser();
$app = JFactory::getApplication();
$task = JRequest::getVar('task');
// calculate access
$canupload = $user->authorise('flexicontent.uploadfiles', 'com_flexicontent');
$is_authorised = $canupload;
// check access
if ( !$is_authorised ) {
if ($task=='uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "'.JText::_( 'FLEXI_ALERTNOTAUTH' ).'"}, "id" : "id"}');
} else {
JError::raiseWarning( 403, JText::_( 'FLEXI_ALERTNOTAUTH_TASK' ) );
$this->setRedirect( $this->return_url, '');
}
return;
}
$option = JRequest::getVar( 'option');
if ($task=='uploads') {
$file = JRequest::getVar( 'file', '', 'files', 'array' );
} else {
// Default field refactorFilesArray($file);
// Get nested position, and reach the final file data array
$fname_level1 = JRequest::getCmd( 'fname_level1', null, 'post' );
$fname_level2 = JRequest::getCmd( 'fname_level2', null, 'post' );
$fname_level3 = JRequest::getCmd( 'fname_level3', null, 'post' );
if (strlen($fname_level1)) $file = $file[$fname_level1];
if (strlen($fname_level2)) $file = $file[$fname_level2];
if (strlen($fname_level3)) $file = $file[$fname_level3];
}
$format = JRequest::getVar( 'format', 'html', '', 'cmd' );
$secure = JRequest::getInt( 'secure', 1 );
$secure = $secure ? 1 : 0;
$return = JRequest::getVar( 'return-url', null, '', 'base64' );
$filetitle= JRequest::getVar( 'file-title', '' );
$filedesc = JRequest::getVar( 'file-desc', '' );
$filelang = JRequest::getVar( 'file-lang', '' );
$fieldid = JRequest::getVar( 'fieldid', 0 );
$u_item_id= JRequest::getVar( 'u_item_id', 0 );
$file_mode= JRequest::getVar( 'folder_mode', 0 ) ? 'folder_mode' : 'db_mode';
$err = null;
$model = $this->getModel('filemanager');
if ($file_mode != 'folder_mode' && $fieldid)
{
// Check if FORCED secure/media mode parameter exists and if it is forced
$field_params = $model->getFieldParams($fieldid);
$target_dir = $field_params->get('target_dir', '');
if ( strlen($target_dir) && $target_dir!=2 ) {
$secure = $target_dir ? 1 : 0; // force secure / media
} else {
// allow filter secure via form/URL variable
}
}
// *****************************************
// Check that a file was provided / uploaded
// *****************************************
if ( !isset($file['name']) )
{
if ($task=='uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "'.JText::_( 'Filename has invalid characters (or other error occured)' ).'"}, "id" : "id"}');
} else {
JError::raiseWarning(100, JText::_( 'Filename has invalid characters (or other error occured)' ));
$this->setRedirect( $_SERVER['HTTP_REFERER'], '' );
}
return;
}
// Chunking might be enabled
$chunks = JRequest::getInt('chunks');
if ($chunks)
{
$chunk = JRequest::getInt('chunk');
// Get / Create target directory
$targetDir = (ini_get("upload_tmp_dir") ? ini_get("upload_tmp_dir") : sys_get_temp_dir()) . DIRECTORY_SEPARATOR . "fc_fileselement";
if (!file_exists($targetDir)) @mkdir($targetDir);
// Create name of the unique temporary filename to use for concatenation of the chunks, or get the filename from session
$fileName = JRequest::getVar( 'filename' );
$fileName_tmp = $app->getUserState( $fileName, date('Y_m_d_').uniqid() );
$app->setUserState( $fileName, $fileName_tmp );
$filePath_tmp = $targetDir . DIRECTORY_SEPARATOR . $fileName_tmp;
// CREATE tmp file inside SERVER tmp directory, but if this FAILS, then CREATE tmp file inside the Joomla temporary folder
if (!$out = @fopen("{$filePath_tmp}", "ab"))
{
$targetDir = $app->getCfg('tmp_path') . DIRECTORY_SEPARATOR . "fc_fileselement";
if (!file_exists($targetDir)) @mkdir($targetDir);
$filePath_tmp = $targetDir . DIRECTORY_SEPARATOR . $fileName_tmp;
ini_set('track_errors', 1);
if (!$out = @fopen("{$filePath_tmp}", "ab")) {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream: '.$filePath_tmp. ' fopen failed. reason: ' .@$php_errormsg. '"}, "id" : "id"}');
}
}
if (!empty($_FILES)) {
if ($_FILES["file"]["error"] || !is_uploaded_file($_FILES["file"]["tmp_name"]))
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
if (!$in = @fopen($_FILES["file"]["tmp_name"], "rb"))
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
} else {
if (!$in = @fopen("php://input", "rb"))
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
// Read binary input stream and append it to temp file
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
@fclose($out);
@fclose($in);
// If not last chunk terminate further execution
if ($chunk < $chunks - 1) {
// Return Success JSON-RPC response
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
}
$app->setUserState( $fileName, null );
// Cleanup left-over files
if (file_exists($targetDir)) {
foreach (new DirectoryIterator($targetDir) as $fileInfo) {
if ($fileInfo->isDot()) {
continue;
}
if (time() - $fileInfo->getCTime() >= 60) {
unlink($fileInfo->getRealPath());
}
}
}
//echo "-- chunk: $chunk \n-- chunks: $chunks \n-- targetDir: $targetDir \n--filePath_tmp: $filePath_tmp \n--fileName: $fileName";
//echo "\n"; print_r($_REQUEST);
$file['name'] = $fileName;
$file['tmp_name'] = $filePath_tmp;
$file['size'] = filesize($filePath_tmp);
$file['error'] = 0;
//echo "\n"; print_r($file);
}
if ($file_mode == 'folder_mode') {
$upload_path_var = 'fc_upload_path_'.$fieldid.'_'.$u_item_id;
$path = $app->getUserState( $upload_path_var, '' ).DS;
if ($task!='uploads') $app->setUserState( $upload_path_var, ''); // Do not clear in multi-upload
} else {
$path = $secure ? COM_FLEXICONTENT_FILEPATH.DS : COM_FLEXICONTENT_MEDIAPATH.DS;
}
jimport('joomla.utilities.date');
// Set FTP credentials, if given
jimport('joomla.client.helper');
JClientHelper::setCredentialsFromRequest('ftp');
// Make the filename safe
jimport('joomla.filesystem.file');
// Sanitize filename further and make unique
$params = null;
$filename_original = strip_tags($file['name']); // Store original filename before sanitizing the filename
$upload_check = flexicontent_upload::check( $file, $err, $params );
$filename = flexicontent_upload::sanitize($path, $file['name']);
$filepath = JPath::clean($path.strtolower($filename));
// Check if uploaded file is valid
if (!$upload_check) {
if ($format == 'json') {
jimport('joomla.error.log');
$log = JLog::getInstance('com_flexicontent.error.php');
$log->addEntry(array('comment' => 'Invalid: '.$filepath.': '.$err));
header('HTTP/1.0 415 Unsupported Media Type');
if ($task=='uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Error. Unsupported Media Type!"}, "id" : "id"}');
} else {
die('Error. Unsupported Media Type!');
}
} else {
if ($task=='uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 104, "message": "'.$err.'"}, "id" : "id"}');
} else {
JError::raiseNotice(100, JText::_($err));
// REDIRECT
if ($return) {
$app->redirect(base64_decode($return)."&".(FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken())."=1");
}
}
return;
}
}
// Get the extension to record it in the DB
$ext = strtolower(flexicontent_upload::getExt($filename));
// Upload Failed
//echo "\n". $file['tmp_name'] ." => ". $filepath ."\n";
$move_success = $chunks ?
rename($file['tmp_name'], $filepath) :
JFile::upload($file['tmp_name'], $filepath, false, false,
// - Valid extensions are checked by our helper function
// - also we allow all extensions and php inside content, FLEXIcontent will never execute "include" files evening when doing "in-browser viewing"
array('null_byte'=>true, 'forbidden_extensions'=>array('_fake_ext_'), 'php_tag_in_content'=>true, 'shorttag_in_content'=>true, 'shorttag_extensions'=>array(), 'fobidden_ext_in_content'=>false, 'php_ext_content_extensions'=>array() )
);
if (!$move_success) {
if ($format == 'json') {
jimport('joomla.error.log');
$log = JLog::getInstance('com_flexicontent.error.php');
$log->addEntry(array('comment' => 'Cannot upload: '.$filepath));
header('HTTP/1.0 409 Conflict');
if ($task=='uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 105, "message": "File already exists"}, "id" : "id"}');
} else {
jexit('Error. File already exists');
}
} else {
if ($task=='uploads') {
die('{"jsonrpc" : "2.0", "error" : {"code": 106, "message": "'.JText::_( 'FLEXI_UNABLE_TO_UPLOAD_FILE' ).'"}, "id" : "id"}');
} else {
JError::raiseWarning(100, JText::_( 'FLEXI_UNABLE_TO_UPLOAD_FILE' ));
// REDIRECT
if ($return) {
$app->redirect(base64_decode($return)."&".(FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken())."=1");
}
}
return;
}
// Upload Successful
} else {
// a. Database mode
if ($file_mode == 'db_mode')
{
if ($format == 'json')
{
jimport('joomla.error.log');
$log = JLog::getInstance();
$log->addEntry(array('comment' => $filepath));
}
$db = JFactory::getDBO();
$user = JFactory::getUser();
$path = $secure ? COM_FLEXICONTENT_FILEPATH.DS : COM_FLEXICONTENT_MEDIAPATH.DS; // JPATH_ROOT . DS . . DS
$filepath = $path . $filename;
$filesize = file_exists($filepath) ? filesize($filepath) : 0;
$obj = new stdClass();
$obj->filename = $filename;
$obj->filename_original = $filename_original;
$obj->altname = $filetitle ? $filetitle : $filename_original;
$obj->url = 0;
$obj->secure = $secure;
$obj->ext = $ext;
$obj->hits = 0;
$obj->size = $filesize;
$obj->description = $filedesc;
$obj->language = $filelang ? $filelang : '*';
$obj->uploaded = JFactory::getDate( 'now' )->toSql();
$obj->uploaded_by = $user->get('id');
// Insert file record in DB
$db->insertObject('#__flexicontent_files', $obj);
// Get id of new file record
$file_id = (int)$db->insertid();
$option = JRequest::getVar('option');
$filter_item = $app->getUserStateFromRequest( $option.'.fileselement.item_id', 'item_id', '', 'int' );
if($filter_item) {
$session = JFactory::getSession();
$files = $session->get('fileselement.'.$filter_item, null);
if(!$files) {
$files = array();
}
$files[] = $db->insertid();
$session->set('fileselement.'.$filter_item, $files);
}
// b. Custom Folder mode
} else {
$file_id = 0;
}
// JSON output: Terminate printing a message
if ($format == 'json') {
if ($task=='uploads') {
// Return Success JSON-RPC response
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
} else {
jexit('FLEXI_UPLOAD_COMPLETE');
}
// Normal output: Redirect setting a message
} else {
if ($task=='uploads') {
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
} else {
$app->enqueueMessage(JText::_( 'FLEXI_UPLOAD_COMPLETE' ));
if ( !$return ) return $file_id; // No return URL, return the file ID
$this->setRedirect(base64_decode($return)."&newfileid=".$file_id."&newfilename=".base64_encode($filename)."&".(FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken())."=1" , '');
}
}
}
}
function ftpValidate()
{
// Set FTP credentials, if given
jimport('joomla.client.helper');
JClientHelper::setCredentialsFromRequest('ftp');
}
/**
* Upload a file by url
*
* @since 1.0
*/
function addurl()
{
// Check for request forgeries
JRequest::checkToken( 'request' ) or jexit( 'Invalid Token' );
$app = JFactory::getApplication();
$jinput = $app->input;
$return = $jinput->get( 'return-url', null, 'base64' );
$filename = $jinput->get( 'file-url-data', null, 'string');
$filename = flexicontent_html::dataFilter($filename, 4000, 'URL', 0); // Clean bad text/html
$altname = $jinput->get( 'file-url-title', null, 'string' );
$ext = $jinput->get( 'file-url-ext', null, 'alnum' );
$filedesc = $jinput->get( 'file-url-desc', ''); // Default filtering
$filelang = $jinput->get( 'file-url-lang', '*', 'string');
$filesize = $jinput->get( 'file-url-size', 0, 'int');
$size_unit= $jinput->get( 'size_unit', 'KBs', 'cmd');
jimport('joomla.utilities.date');
// check if the form fields are not empty
if (!$filename || !$altname)
{
JError::raiseNotice(1, JText::_( 'FLEXI_WARNFILEURLFORM' ));
if ($return) {
$app->redirect(base64_decode($return)."&".(FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken())."=1");
}
return;
}
$arr_sizes = array('KBs'=>1024, 'MBs'=>(1024*1024), 'GBs'=>(1024*1024*1024));
$size_unit = (int) @ $arr_sizes[$size_unit];
if ( $size_unit )
$filesize = ((int)$filesize) * $size_unit;
else
$filesize = 0;
// we verifiy the url prefix and add http if any
if (!preg_match("#^http|^https|^ftp#i", $filename)) { $filename = 'http://'.$filename; }
$db = JFactory::getDBO();
$user = JFactory::getUser();
$obj = new stdClass();
$obj->filename = $filename;
$obj->altname = $altname;
$obj->url = 1;
$obj->secure = 1;
$obj->ext = $ext;
$obj->description = $filedesc;
$obj->language = $filelang ? $filelang : '*';
$obj->hits = 0;
$obj->size = $filesize;
$obj->uploaded = JFactory::getDate( 'now' )->toSql();
$obj->uploaded_by = $user->get('id');
$db->insertObject('#__flexicontent_files', $obj);
$app->enqueueMessage(JText::_( 'FLEXI_FILE_ADD_SUCCESS' ));
$option = $jinput->get('option', '', 'cmd');
$filter_item = $app->getUserStateFromRequest( $option.'.fileselement.item_id', 'item_id', '', 'int' );
if($filter_item) {
$session = JFactory::getSession();
$files = $session->get('fileselement.'.$filter_item, null);
if(!$files) {
$files = array();
}
$files[] = $db->insertid();
$session->set('fileselement.'.$filter_item, $files);
}
// REDIRECT
if ($return) {
$app->redirect(base64_decode($return)."&".(FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken())."=1");
}
}
/**
* Upload a file from a server directory
*
* @since 1.0
*/
function addlocal($Fobj=null)
{
// Check for request forgeries
JRequest::checkToken( 'request' ) or jexit( 'Invalid Token' );
$app = JFactory::getApplication();
$db = JFactory::getDBO();
$user = JFactory::getUser();
$params = JComponentHelper::getParams( 'com_flexicontent' );
$is_importcsv = JRequest::getVar('task') == 'importcsv';
static $imported_files = array();
$return = $Fobj ? $Fobj->return_url : JRequest::getVar( 'return-url', null, 'post', 'base64' );
$filesdir = $Fobj ? $Fobj->file_dir_path : JRequest::getVar( 'file-dir-path', '', 'post' );
$regexp = $Fobj ? $Fobj->file_filter_re : JRequest::getVar( 'file-filter-re', '.', 'post' );
$secure = $Fobj ? $Fobj->secure : JRequest::getInt( 'secure', 1, 'post' );
$keep = $Fobj ? $Fobj->keep : JRequest::getInt( 'keep', 1, 'post' );
$secure = $secure ? 1 : 0; // A correction for future compatibility, so that secure may have more values
$destpath = $secure ? COM_FLEXICONTENT_FILEPATH.DS : COM_FLEXICONTENT_MEDIAPATH.DS;
$filedesc = JRequest::getVar( 'file-desc', '' );
$filelang = JRequest::getVar( 'file-lang', '');
// allowed extensions
$filterext = JRequest::getVar( 'file-filter-ext', '', 'post' );
$filterext = $filterext ? explode(',', $filterext) : array();
foreach($filterext as $_i => $_ext) $filterext[$_i] = strtolower($_ext);
$confext = preg_split("/[\s]*,[\s]*/", strtolower($params->get('upload_extensions', 'bmp,csv,doc,docx,gif,ico,jpg,jpeg,odg,odp,ods,odt,pdf,png,ppt,pptx,swf,txt,xcf,xls,xlsx,zip,ics')));
// (optionally) Limit COMPONENT configured extensions, to those extensions requested by the FORM/URL variable
$allowed = $filterext ? array_intersect($filterext, $confext) : $confext;
jimport('joomla.utilities.date');
jimport('joomla.filesystem.file');
jimport('joomla.filesystem.folder');
$filesdir = JPath::clean(JPATH_SITE . $filesdir . DS);
$filenames = JFolder::files($filesdir, $regexp);
// create the folder if it doesnt exists
if (!JFolder::exists($destpath)) {
if (!JFolder::create($destpath)) {
JError::raiseWarning(100, JText::_('Error. Unable to create folders'));
return;
}
}
// check if the form fields are not empty
if (!$filesdir)
{
JError::raiseNotice(1, JText::_( 'FLEXI_WARN_NO_FILE_DIR' ));
if (!$return) return; // REDIRECT only if this was requested
$app->redirect(base64_decode($return)."&".(FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken())."=1");
}
$c = 0;
$file_ids = array();
if($filenames)
{
for ($n=0; $nfilename = $filename;
$obj->altname = $filename;
$obj->url = 0;
$obj->secure = $secure;
$obj->ext = $ext;
$obj->description = $filedesc;
$obj->language = $filelang ? $filelang : '*';
$obj->hits = 0;
$obj->size = $filesize;
$obj->uploaded = JFactory::getDate( 'now' )->toSql();
$obj->uploaded_by = $user->get('id');
// Add the record to the DB
$db->insertObject('#__flexicontent_files', $obj);
$file_ids[$filename] = $db->insertid();
// Add file ID to files imported by import task
if ( $is_importcsv ) $imported_files[$source] = $file_ids[$filename];
$c++;
}
}
$app->enqueueMessage(JText::sprintf( 'FLEXI_FILES_COPIED_SUCCESS', $c ));
} else {
JError::raiseNotice(1, JText::_( 'FLEXI_WARN_NO_FILES_IN_DIR' ));
if (!$return) return; // REDIRECT only if this was requested
$app->redirect(base64_decode($return)."&".(FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken())."=1");
}
if (!$return) return $file_ids; // REDIRECT only if this was requested
$app->redirect(base64_decode($return)."&".(FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken())."=1");
}
/**
* Logic for editing a file
*
* @access public
* @return void
* @since 1.0
*/
function edit()
{
require_once (JPATH_COMPONENT_ADMINISTRATOR.DS.'models'.DS.'file.php');
$user = JFactory::getUser();
$model = $this->getModel('file');
$file = $model->getFile();
JRequest::setVar( 'view', 'file' );
JRequest::setVar( 'hidemainmenu', 1 );
// calculate access
$canedit = $user->authorise('flexicontent.publishfile', 'com_flexicontent');
$caneditown = $user->authorise('flexicontent.publishownfile', 'com_flexicontent') && $file->uploaded_by == $user->get('id');
$is_authorised = $canedit || $caneditown;
// check access
if ( !$is_authorised ) {
JError::raiseWarning( 403, JText::_( 'FLEXI_ALERTNOTAUTH_TASK' ) );
$this->setRedirect( $_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php?option=com_flexicontent&view=filemanager', '');
return;
}
// Check if record is checked out by other editor
if ( $model->isCheckedOut( $user->get('id') ) ) {
JError::raiseNotice( 500, JText::_( 'FLEXI_EDITED_BY_ANOTHER_ADMIN' ));
$this->setRedirect( $_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php?option=com_flexicontent&view=filemanager', '');
return;
}
// Checkout the record and proceed to edit form
if ( !$model->checkout() ) {
JError::raiseWarning( 500, $model->getError() );
$this->setRedirect( $_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php?option=com_flexicontent&view=filemanager', '');
return;
}
parent::display();
}
/**
* Logic to delete files
*
* @access public
* @return void
* @since 1.5
*/
function remove()
{
// Check for request forgeries
JRequest::checkToken() or jexit( 'Invalid Token' );
//require_once (JPATH_COMPONENT_ADMINISTRATOR.DS.'models'.DS.'file.php');
$user = JFactory::getUser();
$app = JFactory::getApplication();
$db = JFactory::getDBO();
$fieldid = JRequest::getVar( 'fieldid', 0);
$u_item_id = JRequest::getVar( 'u_item_id', 0);
$file_mode = JRequest::getVar( 'folder_mode', 0) ? 'folder_mode' : 'db_mode';
if ($file_mode == 'folder_mode') {
$filename = rawurldecode( JRequest::getVar('filename') );
//$filename_original = iconv(mb_detect_encoding($filename, mb_detect_order(), true), "UTF-8", $filename);
$db->setQuery("SELECT * FROM #__flexicontent_fields WHERE id='".$fieldid."'");
$field = $db->loadObject();
$field->parameters = new JRegistry($field->attribs);
$field->item_id = $u_item_id;
$result = FLEXIUtilities::call_FC_Field_Func($field->field_type, 'removeOriginalFile', array( &$field, $filename ) );
if ( !$result ) {
JError::raiseWarning(100, JText::_( 'FLEXI_UNABLE_TO_CLEANUP_ORIGINAL_FILE' ) .": ". $path);
$msg = '';
} else {
$msg = JText::_( 'FLEXI_FILES_DELETED' );
}
$vc_start = StringHelper::strrpos('?', $_SERVER['HTTP_REFERER']) ? '&' : '?';
$this->setRedirect( $_SERVER['HTTP_REFERER'].$vc_start.'delfilename='.base64_encode($filename), $msg );
return;
}
// calculate access
$candelete = $user->authorise('flexicontent.deletefile', 'com_flexicontent');
$candeleteown = $user->authorise('flexicontent.deleteownfile', 'com_flexicontent');
$is_authorised = $candelete || $candeleteown;
// check access
if ( !$is_authorised ) {
JError::raiseWarning( 403, JText::_( 'FLEXI_ALERTNOTAUTH_TASK' ) );
$this->setRedirect( $this->return_url, '');
return;
}
$cid = JRequest::getVar( 'cid', array(), $hash='default', 'array' );
JArrayHelper::toInteger($cid, array());
if (!is_array( $cid ) || count( $cid ) < 1) {
$msg = '';
JError::raiseWarning(500, JText::_( 'FLEXI_SELECT_ITEM_DELETE' ) );
}
else {
$msg = '';
$db->setQuery( 'SELECT * FROM #__flexicontent_files WHERE id IN ('.implode(',', $cid).')' );
$files = $db->loadObjectList('id');
$cid = array_keys($files);
$model = $this->getModel('filemanager');
$deletable = $model->getDeletable($cid);
if (count($cid) != count($deletable))
{
$_del = array_flip($deletable);
$inuse_files = array();
foreach ($files as $_id => $file) if ( !isset($_del[$_id]) ) $inuse_files[] = $file->filename_original ? $file->filename_original : $file->filename;
$app->enqueueMessage(JText::_( 'FLEXI_CANNOT_REMOVE_FILES_IN_USE' ) .': '. implode(', ', $inuse_files), 'warning');
$cid = $deletable;
}
$allowed_files = array();
$denied_files = array();
foreach($cid as $_id) {
if ( !isset($files[$_id]) ) continue;
$filename = $files[$_id]->filename_original ? $files[$_id]->filename_original : $files[$_id]->filename;
if ($candelete || $files[$_id]->uploaded_by == $user->get('id'))
$allowed_files[$_id] = $filename;
else
$denied_files[$_id] = $filename;
}
if ( count($denied_files) ) {
$app->enqueueMessage( ' You are not allowed to delete files: '. implode(', ', $denied_files), 'warning');
}
$allowed_cid = array_keys($allowed_files);
if (count($allowed_cid) && !$model->delete($allowed_cid)) {
$msg = JText::_( 'FLEXI_OPERATION_FAILED' ).' : '.$model->getError();
if (FLEXI_J16GE) throw new Exception($msg, 500); else JError::raiseError(500, $msg);
}
if (count($allowed_cid)) $msg .= count($allowed_cid).' '.JText::_( 'FLEXI_FILES_DELETED' );
$cache = JFactory::getCache('com_flexicontent');
$cache->clean();
}
$this->setRedirect( $this->return_url, $msg );
}
/**
* Logic for saving altered file data
*
* @access public
* @return void
* @since 1.0
*/
function save()
{
// Check for request forgeries
JRequest::checkToken() or jexit( 'Invalid Token' );
$jinput = JFactory::getApplication()->input;
require_once (JPATH_COMPONENT_ADMINISTRATOR.DS.'models'.DS.'file.php');
$user = JFactory::getUser();
$model = $this->getModel('file');
$file = $model->getFile();
$task = $jinput->get('task', '', 'cmd');
$data = $jinput->post->getArray(); // Default filtering will remove HTML
// calculate access
$canedit = $user->authorise('flexicontent.publishfile', 'com_flexicontent');
$caneditown = $user->authorise('flexicontent.publishownfile', 'com_flexicontent') && $file->uploaded_by == $user->get('id');
$is_authorised = $canedit || $caneditown;
// check access
if ( !$is_authorised ) {
JError::raiseWarning( 403, JText::_( 'FLEXI_ALERTNOTAUTH_TASK' ) );
$this->setRedirect( 'index.php?option=com_flexicontent&view=filemanager', '');
return;
}
$data['secure'] = $data['secure'] ? 1 : 0; // only allow 1 or 0
$data['url'] = $data['url'] ? 1 : 0; // only allow 1 or 0
$path = $data['secure'] ? COM_FLEXICONTENT_FILEPATH.DS : COM_FLEXICONTENT_MEDIAPATH.DS; // JPATH_ROOT . DS . . DS
$file_path = JPath::clean($path . $data['filename']);
if (!$data['url'])
{
// Get file size from filesystem (local file)
$data['size'] = file_exists($file_path) ? filesize($file_path) : 0;
}
else
{
// Get file size from submitted field (file URL)
$arr_sizes = array('KBs'=>1024, 'MBs'=>(1024*1024), 'GBs'=>(1024*1024*1024));
$size_unit = (int) @ $arr_sizes[$data['size_unit']];
if ( $size_unit )
$data['size'] = ((int)$data['size']) * $size_unit;
else
$data['size'] = 0;
// Validate file link
$data['filename_original'] = flexicontent_html::dataFilter($data['filename_original'], 4000, 'URL', 0); // Clean bad text/html
}
if ($model->store($data))
{
switch ($task)
{
case 'apply' :
$edit_task = "task=filemanager.edit";
$link = 'index.php?option=com_flexicontent&'.$edit_task.'&cid[]='.(int) $model->get('id');
break;
default :
$link = 'index.php?option=com_flexicontent&view=filemanager';
break;
}
$msg = JText::_( 'FLEXI_FILE_SAVED' );
$model->checkin();
$cache = JFactory::getCache('com_flexicontent');
$cache->clean();
}
else {
$msg = JText::_( 'FLEXI_ERROR_SAVING_FILENAME' ).' : '.$model->getError();
if (FLEXI_J16GE) throw new Exception($msg, 500); else JError::raiseError(500, $msg);
}
$this->setRedirect($link, $msg);
}
/**
* logic for cancel an action
*
* @access public
* @return void
* @since 1.0
*/
function cancel()
{
// Check for request forgeries
JRequest::checkToken() or jexit( 'Invalid Token' );
require_once (JPATH_COMPONENT_ADMINISTRATOR.DS.'models'.DS.'file.php');
$user = JFactory::getUser();
$model = $this->getModel('file');
$file = $model->getFile();
$task = JRequest::getVar('task');
$post = JRequest::get( 'post' );
// calculate access
$canedit = $user->authorise('flexicontent.publishfile', 'com_flexicontent');
$caneditown = $user->authorise('flexicontent.publishownfile', 'com_flexicontent') && $file->uploaded_by == $user->get('id');
$is_authorised = $canedit || $caneditown;
// check access
if ( !$is_authorised ) {
JError::raiseWarning( 403, JText::_( 'FLEXI_ALERTNOTAUTH_TASK' ) );
$this->setRedirect( 'index.php?option=com_flexicontent&view=filemanager', '');
return;
}
// Check In the file and redirect ...
$file = JTable::getInstance('flexicontent_files', '');
$file->bind(JRequest::get('post'));
$file->checkin();
$this->setRedirect( 'index.php?option=com_flexicontent&view=filemanager' );
}
/**
* Check in a record
*
* @since 1.5
*/
function checkin()
{
$tbl = 'flexicontent_files';
$redirect_url = $_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : $this->return_url;
flexicontent_db::checkin($tbl, $redirect_url, $this);
return;// true;
}
/**
* Logic to publish a file
*
* @access public
* @return void
* @since 1.0
*/
function publish()
{
$this->changeState(1);
}
/**
* Logic to unpublish a file
*
* @access public
* @return void
* @since 1.0
*/
function unpublish()
{
$this->changeState(0);
}
/**
* Logic to change publication state of files
*
* @access public
* @return void
* @since 1.0
*/
function changeState($state)
{
// Check for request forgeries
JRequest::checkToken() or jexit( 'Invalid Token' );
//require_once (JPATH_COMPONENT_ADMINISTRATOR.DS.'models'.DS.'file.php');
$user = JFactory::getUser();
$db = JFactory::getDBO();
$app = JFactory::getApplication();
// calculate access
$canpublish = $user->authorise('flexicontent.publishfile', 'com_flexicontent');
$canpublishown = $user->authorise('flexicontent.publishownfile', 'com_flexicontent');
$is_authorised = $canpublish || $canpublishown;
// check access
if ( !$is_authorised ) {
JError::raiseWarning( 403, JText::_( 'FLEXI_ALERTNOTAUTH_TASK' ) );
$this->setRedirect( $this->return_url, '');
return;
}
$cid = JRequest::getVar( 'cid', array(), $hash='default', 'array' );
JArrayHelper::toInteger($cid, array());
if (!is_array( $cid ) || count( $cid ) < 1) {
$msg = '';
JError::raiseWarning(500, JText::_( $state ? 'FLEXI_SELECT_ITEM_PUBLISH' : 'FLEXI_SELECT_ITEM_UNPUBLISH' ) );
} else {
$db->setQuery( 'SELECT * FROM #__flexicontent_files WHERE id IN ('.implode(',', $cid).')' );
$files = $db->loadObjectList('id');
$cid = array_keys($files);
$model = $this->getModel('filemanager');
$msg = '';
$allowed_files = array();
$denied_files = array();
foreach($cid as $_id) {
if ( !isset($files[$_id]) ) continue;
$filename = $files[$_id]->filename_original ? $files[$_id]->filename_original : $files[$_id]->filename;
if ($canpublish || $files[$_id]->uploaded_by == $user->get('id'))
$allowed_files[$_id] = $filename;
else
$denied_files[$_id] = $filename;
}
if ( count($denied_files) ) {
$app->enqueueMessage(' You are not allowed to change state of files: '. implode(', ', $denied_files), 'warning');
}
$allowed_cid = array_keys($allowed_files);
if (count($allowed_cid) && !$model->publish($allowed_cid, $state)) {
$msg = JText::_( 'FLEXI_OPERATION_FAILED' ).' : '.$model->getError();
if (FLEXI_J16GE) throw new Exception($msg, 500); else JError::raiseError(500, $msg);
}
if (count($allowed_cid)) $msg .= JText::_( $state ? 'FLEXI_PUBLISHED' : 'FLEXI_UNPUBLISHED' ) . ': '. implode(', ', $allowed_files);
$cache = JFactory::getCache('com_flexicontent');
$cache->clean();
}
$this->setRedirect( $this->return_url, $msg);
}
/**
* Logic to set the access level of the Fields
*
* @access public
* @return void
* @since 1.5
*/
function access()
{
// Check for request forgeries
JRequest::checkToken() or jexit( 'Invalid Token' );
$user = JFactory::getUser();
$model = $this->getModel('filemanager');
$task = JRequest::getVar( 'task' );
$cid = JRequest::getVar( 'cid', array(0), 'default', 'array' );
JArrayHelper::toInteger($cid, array(0));
$file_id = (int)$cid[0];
$row = JTable::getInstance('flexicontent_files', '');
$row->load($file_id);
// calculate access
$perms = FlexicontentHelperPerm::getPerm();
$is_authorised = $perms->CanFiles && ($perms->CanViewAllFiles || $user->id == $row->uploaded_by);
// check access
if ( !$is_authorised ) {
JError::raiseWarning( 403, JText::_( 'FLEXI_ALERTNOTAUTH_TASK' ) );
$this->setRedirect( $this->return_url, '');
return;
}
$accesses = JRequest::getVar( 'access', array(0), 'post', 'array' );
$access = $accesses[$file_id];
if(!$model->saveaccess( $file_id, $access )) {
$msg = JText::_( 'FLEXI_OPERATION_FAILED' );
JError::raiseWarning( 500, $model->getError() );
} else {
$msg = '';
$cache = JFactory::getCache('com_flexicontent');
$cache->clean();
}
$this->setRedirect($this->return_url, $msg);
}
/* Restructure a FILES array for easier usage */
function refactorFilesArray(&$f)
{
if ( empty($f['name']) || !is_array($f['name']) ) return $f; // nothing more to do
$level0_keys = array_keys($f);
$level1_keys = array_keys($f['name']);
// Swap indexLevel_N with indexLeveL_N+1, until there are no more inner arrays
foreach ($level0_keys as $i) // level0_keys are: name, type, tmp_name, error, size
{
foreach ($level1_keys as $k1) // level1_keys are: the indexes of ... file['name']
{
$r1[$k1][$i] = $f[$i][$k1];
if ( !is_array($r1[$k1][$i]) ) continue;
foreach(array_keys($r1[$k1][$i]) as $k2)
{
$r2[$k1][$k2][$i] = $r1[$k1][$i][$k2];
if ( !is_array($r2[$k1][$k2][$i]) ) continue;
foreach(array_keys($r2[$k1][$k2][$i]) as $k3)
{
$r3[$k1][$k2][$k3][$i] = $r2[$k1][$k2][$i][$k3];
}
}
}
}
if (isset($r3))
return $r3;
else if (isset($r2))
return $r2;
else
return $r1;
}
}