aboutsummaryrefslogtreecommitdiffstats
path: root/public/admin/controller/tool/upload.php
diff options
context:
space:
mode:
Diffstat (limited to 'public/admin/controller/tool/upload.php')
-rw-r--r--public/admin/controller/tool/upload.php391
1 files changed, 391 insertions, 0 deletions
diff --git a/public/admin/controller/tool/upload.php b/public/admin/controller/tool/upload.php
new file mode 100644
index 0000000..9d5219d
--- /dev/null
+++ b/public/admin/controller/tool/upload.php
@@ -0,0 +1,391 @@
+<?php
+class ControllerToolUpload extends Controller {
+ private $error = array();
+
+ public function index() {
+ $this->load->language('tool/upload');
+
+ $this->document->setTitle($this->language->get('heading_title'));
+
+ $this->load->model('tool/upload');
+
+ $this->getList();
+ }
+
+ public function delete() {
+ $this->load->language('tool/upload');
+
+ $this->document->setTitle($this->language->get('heading_title'));
+
+ $this->load->model('tool/upload');
+
+ if (isset($this->request->post['selected']) && $this->validateDelete()) {
+ foreach ($this->request->post['selected'] as $upload_id) {
+ // Remove file before deleting DB record.
+ $upload_info = $this->model_tool_upload->getUpload($upload_id);
+
+ if ($upload_info && is_file(DIR_UPLOAD . $upload_info['filename'])) {
+ unlink(DIR_UPLOAD . $upload_info['filename']);
+ }
+
+ $this->model_tool_upload->deleteUpload($upload_id);
+ }
+
+ $this->session->data['success'] = $this->language->get('text_success');
+
+ $url = '';
+
+ if (isset($this->request->get['filter_name'])) {
+ $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
+ }
+
+ if (isset($this->request->get['filter_date_added'])) {
+ $url .= '&filter_date_added=' . $this->request->get['filter_date_added'];
+ }
+
+ if (isset($this->request->get['sort'])) {
+ $url .= '&sort=' . $this->request->get['sort'];
+ }
+
+ if (isset($this->request->get['order'])) {
+ $url .= '&order=' . $this->request->get['order'];
+ }
+
+ if (isset($this->request->get['page'])) {
+ $url .= '&page=' . $this->request->get['page'];
+ }
+
+ $this->response->redirect($this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url, true));
+ }
+
+ $this->getList();
+ }
+
+ protected function getList() {
+ if (isset($this->request->get['filter_name'])) {
+ $filter_name = $this->request->get['filter_name'];
+ } else {
+ $filter_name = '';
+ }
+
+ if (isset($this->request->get['filter_date_added'])) {
+ $filter_date_added = $this->request->get['filter_date_added'];
+ } else {
+ $filter_date_added = '';
+ }
+
+ if (isset($this->request->get['sort'])) {
+ $sort = $this->request->get['sort'];
+ } else {
+ $sort = 'date_added';
+ }
+
+ if (isset($this->request->get['order'])) {
+ $order = $this->request->get['order'];
+ } else {
+ $order = 'DESC';
+ }
+
+ if (isset($this->request->get['page'])) {
+ $page = $this->request->get['page'];
+ } else {
+ $page = 1;
+ }
+
+ $url = '';
+
+ if (isset($this->request->get['filter_name'])) {
+ $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
+ }
+
+ if (isset($this->request->get['filter_date_added'])) {
+ $url .= '&filter_date_added=' . $this->request->get['filter_date_added'];
+ }
+
+ if (isset($this->request->get['sort'])) {
+ $url .= '&sort=' . $this->request->get['sort'];
+ }
+
+ if (isset($this->request->get['order'])) {
+ $url .= '&order=' . $this->request->get['order'];
+ }
+
+ if (isset($this->request->get['page'])) {
+ $url .= '&page=' . $this->request->get['page'];
+ }
+
+ $data['breadcrumbs'] = array();
+
+ $data['breadcrumbs'][] = array(
+ 'text' => $this->language->get('text_home'),
+ 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true)
+ );
+
+ $data['breadcrumbs'][] = array(
+ 'text' => $this->language->get('heading_title'),
+ 'href' => $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url, true)
+ );
+
+ $data['delete'] = $this->url->link('tool/upload/delete', 'user_token=' . $this->session->data['user_token'] . $url, true);
+
+ $data['uploads'] = array();
+
+ $filter_data = array(
+ 'filter_name' => $filter_name,
+ 'filter_date_added' => $filter_date_added,
+ 'sort' => $sort,
+ 'order' => $order,
+ 'start' => ($page - 1) * $this->config->get('config_limit_admin'),
+ 'limit' => $this->config->get('config_limit_admin')
+ );
+
+ $upload_total = $this->model_tool_upload->getTotalUploads($filter_data);
+
+ $results = $this->model_tool_upload->getUploads($filter_data);
+
+ foreach ($results as $result) {
+ $data['uploads'][] = array(
+ 'upload_id' => $result['upload_id'],
+ 'name' => $result['name'],
+ 'filename' => $result['filename'],
+ 'date_added' => date($this->language->get('date_format_short'), strtotime($result['date_added'])),
+ 'download' => $this->url->link('tool/upload/download', 'user_token=' . $this->session->data['user_token'] . '&code=' . $result['code'] . $url, true)
+ );
+ }
+
+ $data['user_token'] = $this->session->data['user_token'];
+
+ if (isset($this->error['warning'])) {
+ $data['error_warning'] = $this->error['warning'];
+ } else {
+ $data['error_warning'] = '';
+ }
+
+ if (isset($this->session->data['success'])) {
+ $data['success'] = $this->session->data['success'];
+
+ unset($this->session->data['success']);
+ } else {
+ $data['success'] = '';
+ }
+
+ if (isset($this->request->post['selected'])) {
+ $data['selected'] = (array)$this->request->post['selected'];
+ } else {
+ $data['selected'] = array();
+ }
+
+ $url = '';
+
+ if (isset($this->request->get['filter_name'])) {
+ $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
+ }
+
+ if (isset($this->request->get['filter_date_added'])) {
+ $url .= '&filter_date_added=' . $this->request->get['filter_date_added'];
+ }
+
+ if ($order == 'ASC') {
+ $url .= '&order=DESC';
+ } else {
+ $url .= '&order=ASC';
+ }
+
+ if (isset($this->request->get['page'])) {
+ $url .= '&page=' . $this->request->get['page'];
+ }
+
+ $data['sort_name'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=name' . $url, true);
+ $data['sort_filename'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=filename' . $url, true);
+ $data['sort_date_added'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=date_added' . $url, true);
+
+ $url = '';
+
+ if (isset($this->request->get['filter_name'])) {
+ $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8'));
+ }
+
+ if (isset($this->request->get['filter_date_added'])) {
+ $url .= '&filter_date_added=' . $this->request->get['filter_date_added'];
+ }
+
+ if (isset($this->request->get['sort'])) {
+ $url .= '&sort=' . $this->request->get['sort'];
+ }
+
+ if (isset($this->request->get['order'])) {
+ $url .= '&order=' . $this->request->get['order'];
+ }
+
+ $pagination = new Pagination();
+ $pagination->total = $upload_total;
+ $pagination->page = $page;
+ $pagination->limit = $this->config->get('config_limit_admin');
+ $pagination->url = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url . '&page={page}', true);
+
+ $data['pagination'] = $pagination->render();
+
+ $data['results'] = sprintf($this->language->get('text_pagination'), ($upload_total) ? (($page - 1) * $this->config->get('config_limit_admin')) + 1 : 0, ((($page - 1) * $this->config->get('config_limit_admin')) > ($upload_total - $this->config->get('config_limit_admin'))) ? $upload_total : ((($page - 1) * $this->config->get('config_limit_admin')) + $this->config->get('config_limit_admin')), $upload_total, ceil($upload_total / $this->config->get('config_limit_admin')));
+
+ $data['filter_name'] = $filter_name;
+ $data['filter_date_added'] = $filter_date_added;
+
+ $data['sort'] = $sort;
+ $data['order'] = $order;
+
+ $data['header'] = $this->load->controller('common/header');
+ $data['column_left'] = $this->load->controller('common/column_left');
+ $data['footer'] = $this->load->controller('common/footer');
+
+ $this->response->setOutput($this->load->view('tool/upload', $data));
+ }
+
+ protected function validateDelete() {
+ if (!$this->user->hasPermission('modify', 'tool/upload')) {
+ $this->error['warning'] = $this->language->get('error_permission');
+ }
+
+ return !$this->error;
+ }
+
+ public function download() {
+ $this->load->model('tool/upload');
+
+ if (isset($this->request->get['code'])) {
+ $code = $this->request->get['code'];
+ } else {
+ $code = 0;
+ }
+
+ $upload_info = $this->model_tool_upload->getUploadByCode($code);
+
+ if ($upload_info) {
+ $file = DIR_UPLOAD . $upload_info['filename'];
+ $mask = basename($upload_info['name']);
+
+ if (!headers_sent()) {
+ if (is_file($file)) {
+ header('Content-Type: application/octet-stream');
+ header('Content-Description: File Transfer');
+ header('Content-Disposition: attachment; filename="' . ($mask ? $mask : basename($file)) . '"');
+ header('Content-Transfer-Encoding: binary');
+ header('Expires: 0');
+ header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+ header('Pragma: public');
+ header('Content-Length: ' . filesize($file));
+
+ readfile($file, 'rb');
+ exit;
+ } else {
+ exit('Error: Could not find file ' . $file . '!');
+ }
+ } else {
+ exit('Error: Headers already sent out!');
+ }
+ } else {
+ $this->load->language('error/not_found');
+
+ $this->document->setTitle($this->language->get('heading_title'));
+
+ $data['breadcrumbs'] = array();
+
+ $data['breadcrumbs'][] = array(
+ 'text' => $this->language->get('text_home'),
+ 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true)
+ );
+
+ $data['breadcrumbs'][] = array(
+ 'text' => $this->language->get('heading_title'),
+ 'href' => $this->url->link('error/not_found', 'user_token=' . $this->session->data['user_token'], true)
+ );
+
+ $data['header'] = $this->load->controller('common/header');
+ $data['column_left'] = $this->load->controller('common/column_left');
+ $data['footer'] = $this->load->controller('common/footer');
+
+ $this->response->setOutput($this->load->view('error/not_found', $data));
+ }
+ }
+
+ public function upload() {
+ $this->load->language('sale/order');
+
+ $json = array();
+
+ // Check user has permission
+ if (!$this->user->hasPermission('modify', 'tool/upload')) {
+ $json['error'] = $this->language->get('error_permission');
+ }
+
+ if (!$json) {
+ if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) {
+ // Sanitize the filename
+ $filename = html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8');
+
+ if ((utf8_strlen($filename) < 3) || (utf8_strlen($filename) > 128)) {
+ $json['error'] = $this->language->get('error_filename');
+ }
+
+ // Allowed file extension types
+ $allowed = array();
+
+ $extension_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_ext_allowed'));
+
+ $filetypes = explode("\n", $extension_allowed);
+
+ foreach ($filetypes as $filetype) {
+ $allowed[] = trim($filetype);
+ }
+
+ if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) {
+ $json['error'] = $this->language->get('error_filetype');
+ }
+
+ // Allowed file mime types
+ $allowed = array();
+
+ $mime_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_mime_allowed'));
+
+ $filetypes = explode("\n", $mime_allowed);
+
+ foreach ($filetypes as $filetype) {
+ $allowed[] = trim($filetype);
+ }
+
+ if (!in_array($this->request->files['file']['type'], $allowed)) {
+ $json['error'] = $this->language->get('error_filetype');
+ }
+
+ // Check to see if any PHP files are trying to be uploaded
+ $content = file_get_contents($this->request->files['file']['tmp_name']);
+
+ if (preg_match('/\<\?php/i', $content)) {
+ $json['error'] = $this->language->get('error_filetype');
+ }
+
+ // Return any upload error
+ if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) {
+ $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']);
+ }
+ } else {
+ $json['error'] = $this->language->get('error_upload');
+ }
+ }
+
+ if (!$json) {
+ $file = $filename . '.' . token(32);
+
+ move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file);
+
+ // Hide the uploaded file name so people can not link to it directly.
+ $this->load->model('tool/upload');
+
+ $json['code'] = $this->model_tool_upload->addUpload($filename, $file);
+
+ $json['success'] = $this->language->get('text_upload');
+ }
+
+ $this->response->addHeader('Content-Type: application/json');
+ $this->response->setOutput(json_encode($json));
+ }
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-13 13:47:55 +0000