diff options
Diffstat (limited to 'public/admin/controller/tool')
| -rw-r--r-- | public/admin/controller/tool/backup.php | 160 | ||||
| -rw-r--r-- | public/admin/controller/tool/log.php | 121 | ||||
| -rw-r--r-- | public/admin/controller/tool/upload.php | 391 |
3 files changed, 672 insertions, 0 deletions
diff --git a/public/admin/controller/tool/backup.php b/public/admin/controller/tool/backup.php new file mode 100644 index 0000000..d8354b8 --- /dev/null +++ b/public/admin/controller/tool/backup.php @@ -0,0 +1,160 @@ +<?php +class ControllerToolBackup extends Controller { + public function index() { + $this->load->language('tool/backup'); + + $this->document->setTitle($this->language->get('heading_title')); + + if (isset($this->session->data['error'])) { + $data['error_warning'] = $this->session->data['error']; + + unset($this->session->data['error']); + } else { + $data['error_warning'] = ''; + } + + $data['breadcrumbs'] = array(); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('text_home'), + 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true) + ); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('heading_title'), + 'href' => $this->url->link('tool/backup', 'user_token=' . $this->session->data['user_token'], true) + ); + + $data['user_token'] = $this->session->data['user_token']; + + $data['export'] = $this->url->link('tool/backup/export', 'user_token=' . $this->session->data['user_token'], true); + + $this->load->model('tool/backup'); + + $data['tables'] = $this->model_tool_backup->getTables(); + + $data['header'] = $this->load->controller('common/header'); + $data['column_left'] = $this->load->controller('common/column_left'); + $data['footer'] = $this->load->controller('common/footer'); + + $this->response->setOutput($this->load->view('tool/backup', $data)); + } + + public function import() { + $this->load->language('tool/backup'); + + $json = array(); + + if (!$this->user->hasPermission('modify', 'tool/backup')) { + $json['error'] = $this->language->get('error_permission'); + } + + if (isset($this->request->files['import']['tmp_name']) && is_uploaded_file($this->request->files['import']['tmp_name'])) { + $filename = tempnam(DIR_UPLOAD, 'bac'); + + move_uploaded_file($this->request->files['import']['tmp_name'], $filename); + } elseif (isset($this->request->get['import'])) { + $filename = html_entity_decode($this->request->get['import'], ENT_QUOTES, 'UTF-8'); + } else { + $filename = ''; + } + + if (!is_file($filename)) { + $json['error'] = $this->language->get('error_file'); + } + + if (isset($this->request->get['position'])) { + $position = $this->request->get['position']; + } else { + $position = 0; + } + + if (!$json) { + // We set $i so we can batch execute the queries rather than do them all at once. + $i = 0; + $start = false; + + $handle = fopen($filename, 'r'); + + fseek($handle, $position, SEEK_SET); + + while (!feof($handle) && ($i < 100)) { + $position = ftell($handle); + + $line = fgets($handle, 1000000); + + if (substr($line, 0, 14) == 'TRUNCATE TABLE' || substr($line, 0, 11) == 'INSERT INTO') { + $sql = ''; + + $start = true; + } + + if ($i > 0 && (substr($line, 0, 24) == 'TRUNCATE TABLE `oc_user`' || substr($line, 0, 30) == 'TRUNCATE TABLE `oc_user_group`')) { + fseek($handle, $position, SEEK_SET); + + break; + } + + if ($start) { + $sql .= $line; + } + + if ($start && substr($line, -2) == ";\n") { + $this->db->query(substr($sql, 0, strlen($sql) -2)); + + $start = false; + } + + $i++; + } + + $position = ftell($handle); + + $size = filesize($filename); + + $json['total'] = round(($position / $size) * 100); + + if ($position && !feof($handle)) { + $json['next'] = str_replace('&', '&', $this->url->link('tool/backup/import', 'user_token=' . $this->session->data['user_token'] . '&import=' . $filename . '&position=' . $position, true)); + + fclose($handle); + } else { + fclose($handle); + + unlink($filename); + + $json['success'] = $this->language->get('text_success'); + + $this->cache->delete('*'); + } + } + + $this->response->addHeader('Content-Type: application/json'); + $this->response->setOutput(json_encode($json)); + } + + public function export() { + $this->load->language('tool/backup'); + + if (!isset($this->request->post['backup'])) { + $this->session->data['error'] = $this->language->get('error_export'); + + $this->response->redirect($this->url->link('tool/backup', 'user_token=' . $this->session->data['user_token'], true)); + } elseif (!$this->user->hasPermission('modify', 'tool/backup')) { + $this->session->data['error'] = $this->language->get('error_permission'); + + $this->response->redirect($this->url->link('tool/backup', 'user_token=' . $this->session->data['user_token'], true)); + } else { + $this->response->addheader('Pragma: public'); + $this->response->addheader('Expires: 0'); + $this->response->addheader('Content-Description: File Transfer'); + $this->response->addheader('Content-Type: application/octet-stream'); + $this->response->addheader('Content-Disposition: attachment; filename="' . DB_DATABASE . '_' . date('Y-m-d_H-i-s', time()) . '_backup.sql"'); + $this->response->addheader('Content-Transfer-Encoding: binary'); + + $this->load->model('tool/backup'); + + $this->response->setOutput($this->model_tool_backup->backup($this->request->post['backup'])); + } + } +} diff --git a/public/admin/controller/tool/log.php b/public/admin/controller/tool/log.php new file mode 100644 index 0000000..389b95a --- /dev/null +++ b/public/admin/controller/tool/log.php @@ -0,0 +1,121 @@ +<?php +class ControllerToolLog extends Controller { + private $error = array(); + + public function index() { + $this->load->language('tool/log'); + + $this->document->setTitle($this->language->get('heading_title')); + + if (isset($this->session->data['error'])) { + $data['error_warning'] = $this->session->data['error']; + + unset($this->session->data['error']); + } elseif (isset($this->error['warning'])) { + $data['error_warning'] = $this->error['warning']; + } else { + $data['error_warning'] = ''; + } + + if (isset($this->session->data['success'])) { + $data['success'] = $this->session->data['success']; + + unset($this->session->data['success']); + } else { + $data['success'] = ''; + } + + $data['breadcrumbs'] = array(); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('text_home'), + 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true) + ); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('heading_title'), + 'href' => $this->url->link('tool/log', 'user_token=' . $this->session->data['user_token'], true) + ); + + $data['download'] = $this->url->link('tool/log/download', 'user_token=' . $this->session->data['user_token'], true); + $data['clear'] = $this->url->link('tool/log/clear', 'user_token=' . $this->session->data['user_token'], true); + + $data['log'] = ''; + + $file = DIR_LOGS . $this->config->get('config_error_filename'); + + if (file_exists($file)) { + $size = filesize($file); + + if ($size >= 5242880) { + $suffix = array( + 'B', + 'KB', + 'MB', + 'GB', + 'TB', + 'PB', + 'EB', + 'ZB', + 'YB' + ); + + $i = 0; + + while (($size / 1024) > 1) { + $size = $size / 1024; + $i++; + } + + $data['error_warning'] = sprintf($this->language->get('error_warning'), basename($file), round(substr($size, 0, strpos($size, '.') + 4), 2) . $suffix[$i]); + } else { + $data['log'] = file_get_contents($file, FILE_USE_INCLUDE_PATH, null); + } + } + + $data['header'] = $this->load->controller('common/header'); + $data['column_left'] = $this->load->controller('common/column_left'); + $data['footer'] = $this->load->controller('common/footer'); + + $this->response->setOutput($this->load->view('tool/log', $data)); + } + + public function download() { + $this->load->language('tool/log'); + + $file = DIR_LOGS . $this->config->get('config_error_filename'); + + if (file_exists($file) && filesize($file) > 0) { + $this->response->addheader('Pragma: public'); + $this->response->addheader('Expires: 0'); + $this->response->addheader('Content-Description: File Transfer'); + $this->response->addheader('Content-Type: application/octet-stream'); + $this->response->addheader('Content-Disposition: attachment; filename="' . $this->config->get('config_name') . '_' . date('Y-m-d_H-i-s', time()) . '_error.log"'); + $this->response->addheader('Content-Transfer-Encoding: binary'); + + $this->response->setOutput(file_get_contents($file, FILE_USE_INCLUDE_PATH, null)); + } else { + $this->session->data['error'] = sprintf($this->language->get('error_warning'), basename($file), '0B'); + + $this->response->redirect($this->url->link('tool/log', 'user_token=' . $this->session->data['user_token'], true)); + } + } + + public function clear() { + $this->load->language('tool/log'); + + if (!$this->user->hasPermission('modify', 'tool/log')) { + $this->session->data['error'] = $this->language->get('error_permission'); + } else { + $file = DIR_LOGS . $this->config->get('config_error_filename'); + + $handle = fopen($file, 'w+'); + + fclose($handle); + + $this->session->data['success'] = $this->language->get('text_success'); + } + + $this->response->redirect($this->url->link('tool/log', 'user_token=' . $this->session->data['user_token'], true)); + } +}
\ No newline at end of file diff --git a/public/admin/controller/tool/upload.php b/public/admin/controller/tool/upload.php new file mode 100644 index 0000000..9d5219d --- /dev/null +++ b/public/admin/controller/tool/upload.php @@ -0,0 +1,391 @@ +<?php +class ControllerToolUpload extends Controller { + private $error = array(); + + public function index() { + $this->load->language('tool/upload'); + + $this->document->setTitle($this->language->get('heading_title')); + + $this->load->model('tool/upload'); + + $this->getList(); + } + + public function delete() { + $this->load->language('tool/upload'); + + $this->document->setTitle($this->language->get('heading_title')); + + $this->load->model('tool/upload'); + + if (isset($this->request->post['selected']) && $this->validateDelete()) { + foreach ($this->request->post['selected'] as $upload_id) { + // Remove file before deleting DB record. + $upload_info = $this->model_tool_upload->getUpload($upload_id); + + if ($upload_info && is_file(DIR_UPLOAD . $upload_info['filename'])) { + unlink(DIR_UPLOAD . $upload_info['filename']); + } + + $this->model_tool_upload->deleteUpload($upload_id); + } + + $this->session->data['success'] = $this->language->get('text_success'); + + $url = ''; + + if (isset($this->request->get['filter_name'])) { + $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); + } + + if (isset($this->request->get['filter_date_added'])) { + $url .= '&filter_date_added=' . $this->request->get['filter_date_added']; + } + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $this->response->redirect($this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url, true)); + } + + $this->getList(); + } + + protected function getList() { + if (isset($this->request->get['filter_name'])) { + $filter_name = $this->request->get['filter_name']; + } else { + $filter_name = ''; + } + + if (isset($this->request->get['filter_date_added'])) { + $filter_date_added = $this->request->get['filter_date_added']; + } else { + $filter_date_added = ''; + } + + if (isset($this->request->get['sort'])) { + $sort = $this->request->get['sort']; + } else { + $sort = 'date_added'; + } + + if (isset($this->request->get['order'])) { + $order = $this->request->get['order']; + } else { + $order = 'DESC'; + } + + if (isset($this->request->get['page'])) { + $page = $this->request->get['page']; + } else { + $page = 1; + } + + $url = ''; + + if (isset($this->request->get['filter_name'])) { + $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); + } + + if (isset($this->request->get['filter_date_added'])) { + $url .= '&filter_date_added=' . $this->request->get['filter_date_added']; + } + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $data['breadcrumbs'] = array(); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('text_home'), + 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true) + ); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('heading_title'), + 'href' => $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url, true) + ); + + $data['delete'] = $this->url->link('tool/upload/delete', 'user_token=' . $this->session->data['user_token'] . $url, true); + + $data['uploads'] = array(); + + $filter_data = array( + 'filter_name' => $filter_name, + 'filter_date_added' => $filter_date_added, + 'sort' => $sort, + 'order' => $order, + 'start' => ($page - 1) * $this->config->get('config_limit_admin'), + 'limit' => $this->config->get('config_limit_admin') + ); + + $upload_total = $this->model_tool_upload->getTotalUploads($filter_data); + + $results = $this->model_tool_upload->getUploads($filter_data); + + foreach ($results as $result) { + $data['uploads'][] = array( + 'upload_id' => $result['upload_id'], + 'name' => $result['name'], + 'filename' => $result['filename'], + 'date_added' => date($this->language->get('date_format_short'), strtotime($result['date_added'])), + 'download' => $this->url->link('tool/upload/download', 'user_token=' . $this->session->data['user_token'] . '&code=' . $result['code'] . $url, true) + ); + } + + $data['user_token'] = $this->session->data['user_token']; + + if (isset($this->error['warning'])) { + $data['error_warning'] = $this->error['warning']; + } else { + $data['error_warning'] = ''; + } + + if (isset($this->session->data['success'])) { + $data['success'] = $this->session->data['success']; + + unset($this->session->data['success']); + } else { + $data['success'] = ''; + } + + if (isset($this->request->post['selected'])) { + $data['selected'] = (array)$this->request->post['selected']; + } else { + $data['selected'] = array(); + } + + $url = ''; + + if (isset($this->request->get['filter_name'])) { + $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); + } + + if (isset($this->request->get['filter_date_added'])) { + $url .= '&filter_date_added=' . $this->request->get['filter_date_added']; + } + + if ($order == 'ASC') { + $url .= '&order=DESC'; + } else { + $url .= '&order=ASC'; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $data['sort_name'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=name' . $url, true); + $data['sort_filename'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=filename' . $url, true); + $data['sort_date_added'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=date_added' . $url, true); + + $url = ''; + + if (isset($this->request->get['filter_name'])) { + $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); + } + + if (isset($this->request->get['filter_date_added'])) { + $url .= '&filter_date_added=' . $this->request->get['filter_date_added']; + } + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + $pagination = new Pagination(); + $pagination->total = $upload_total; + $pagination->page = $page; + $pagination->limit = $this->config->get('config_limit_admin'); + $pagination->url = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url . '&page={page}', true); + + $data['pagination'] = $pagination->render(); + + $data['results'] = sprintf($this->language->get('text_pagination'), ($upload_total) ? (($page - 1) * $this->config->get('config_limit_admin')) + 1 : 0, ((($page - 1) * $this->config->get('config_limit_admin')) > ($upload_total - $this->config->get('config_limit_admin'))) ? $upload_total : ((($page - 1) * $this->config->get('config_limit_admin')) + $this->config->get('config_limit_admin')), $upload_total, ceil($upload_total / $this->config->get('config_limit_admin'))); + + $data['filter_name'] = $filter_name; + $data['filter_date_added'] = $filter_date_added; + + $data['sort'] = $sort; + $data['order'] = $order; + + $data['header'] = $this->load->controller('common/header'); + $data['column_left'] = $this->load->controller('common/column_left'); + $data['footer'] = $this->load->controller('common/footer'); + + $this->response->setOutput($this->load->view('tool/upload', $data)); + } + + protected function validateDelete() { + if (!$this->user->hasPermission('modify', 'tool/upload')) { + $this->error['warning'] = $this->language->get('error_permission'); + } + + return !$this->error; + } + + public function download() { + $this->load->model('tool/upload'); + + if (isset($this->request->get['code'])) { + $code = $this->request->get['code']; + } else { + $code = 0; + } + + $upload_info = $this->model_tool_upload->getUploadByCode($code); + + if ($upload_info) { + $file = DIR_UPLOAD . $upload_info['filename']; + $mask = basename($upload_info['name']); + + if (!headers_sent()) { + if (is_file($file)) { + header('Content-Type: application/octet-stream'); + header('Content-Description: File Transfer'); + header('Content-Disposition: attachment; filename="' . ($mask ? $mask : basename($file)) . '"'); + header('Content-Transfer-Encoding: binary'); + header('Expires: 0'); + header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); + header('Pragma: public'); + header('Content-Length: ' . filesize($file)); + + readfile($file, 'rb'); + exit; + } else { + exit('Error: Could not find file ' . $file . '!'); + } + } else { + exit('Error: Headers already sent out!'); + } + } else { + $this->load->language('error/not_found'); + + $this->document->setTitle($this->language->get('heading_title')); + + $data['breadcrumbs'] = array(); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('text_home'), + 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true) + ); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('heading_title'), + 'href' => $this->url->link('error/not_found', 'user_token=' . $this->session->data['user_token'], true) + ); + + $data['header'] = $this->load->controller('common/header'); + $data['column_left'] = $this->load->controller('common/column_left'); + $data['footer'] = $this->load->controller('common/footer'); + + $this->response->setOutput($this->load->view('error/not_found', $data)); + } + } + + public function upload() { + $this->load->language('sale/order'); + + $json = array(); + + // Check user has permission + if (!$this->user->hasPermission('modify', 'tool/upload')) { + $json['error'] = $this->language->get('error_permission'); + } + + if (!$json) { + if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) { + // Sanitize the filename + $filename = html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8'); + + if ((utf8_strlen($filename) < 3) || (utf8_strlen($filename) > 128)) { + $json['error'] = $this->language->get('error_filename'); + } + + // Allowed file extension types + $allowed = array(); + + $extension_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_ext_allowed')); + + $filetypes = explode("\n", $extension_allowed); + + foreach ($filetypes as $filetype) { + $allowed[] = trim($filetype); + } + + if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) { + $json['error'] = $this->language->get('error_filetype'); + } + + // Allowed file mime types + $allowed = array(); + + $mime_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_mime_allowed')); + + $filetypes = explode("\n", $mime_allowed); + + foreach ($filetypes as $filetype) { + $allowed[] = trim($filetype); + } + + if (!in_array($this->request->files['file']['type'], $allowed)) { + $json['error'] = $this->language->get('error_filetype'); + } + + // Check to see if any PHP files are trying to be uploaded + $content = file_get_contents($this->request->files['file']['tmp_name']); + + if (preg_match('/\<\?php/i', $content)) { + $json['error'] = $this->language->get('error_filetype'); + } + + // Return any upload error + if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) { + $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']); + } + } else { + $json['error'] = $this->language->get('error_upload'); + } + } + + if (!$json) { + $file = $filename . '.' . token(32); + + move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file); + + // Hide the uploaded file name so people can not link to it directly. + $this->load->model('tool/upload'); + + $json['code'] = $this->model_tool_upload->addUpload($filename, $file); + + $json['success'] = $this->language->get('text_upload'); + } + + $this->response->addHeader('Content-Type: application/json'); + $this->response->setOutput(json_encode($json)); + } +}
\ No newline at end of file |