| 4 | 0.0269 | 892576 | eval( '
if(!defined('NV3_GUARD')) die('n.access'); final class nxoaExtension_MediaUploads { protected $fileTypes = array( 'audio'=>array('dir'=>'audio','suffixes'=>array('mp3','ogg','wma','wav')), 'image'=>array('dir'=>'images','suffixes'=>array('png','gif','jpg','jpeg')), 'movie'=>array('dir'=>'movies','suffixes'=>array('avi','wmv','mpg','mpeg','mov','mp4','flv','rm')), 'pdf'=>array('dir'=>'pdf','suffixes'=>array('pdf')), 'document'=>array('dir'=>'docs','suffixes'=>array('doc','docx','odt','ott','sxw','stw','sdw','rtf','txt')), 'calc'=>array('dir'=>'calc_docs','suffixes'=>array('ods','ots','sxc','stc','xls','xlt','sdc','csv')), 'other'=>array('dir'=>'other','suffixes'=>array('*')) ); private function triggerEvent($event,$affectedParam){ $pre = 'mediaUploads.'; $eventName = $pre.$event; return nxOpenAPIStatic::filterApply($eventName, $affectedParam); } private function getSpacesDir(){ $admPathAbs = nxOpenAPIStatic::adminPathAbs(); return $admPathAbs.'/../'.NXGeneralConfig::SpacesDirName; } public function genRandFileName(){ $r = microtime()*microtime(); $r2 = time(); $r3 = rand(1, 9999); $str = md5($r).$r3.'-'.substr(md5($r2),4,3); $strLen = strlen($str); return substr($str,25,$strLen-25); } private function get_finf_byFileName($file_name){ try{ if(!is_string($file_name) || empty($file_name)){ throw new Exception('Invalid name-Parameter'); }else{ $split = explode('.',$file_name); $split_nums = count($split); if($split_nums<2){ throw new Exception('Invalid filename (no suffix given)'); }else{ $virtFileSuffix = strtolower($split[$split_nums-1]); $suffixFound = false; $subDir = null; $type_of_fcat = null; foreach($this->fileTypes as $typeCatName=>$catInfArr){ foreach($catInfArr['suffixes'] as $f_suffix){ if($f_suffix==$virtFileSuffix){ $suffixFound = true; $subDir = $catInfArr['dir']; $type_of_fcat = $typeCatName; break; } } if($suffixFound){ break; } } if($suffixFound){ return array('typeof'=>$type_of_fcat,'suffix'=>$virtFileSuffix,'subDir'=>$subDir); }else{ return array('typeof'=>'other','suffix'=>$virtFileSuffix,'subDir'=>$this->fileTypes['other']['dir']); } } } }catch(Exception $e){ return false; } } private function get_ftype_byFile($file_name,$absolutePath){ $finf = $this->get_finf_byFileName($file_name); try{ if(empty($absolutePath)){ throw new Exception('An absolute path is required to check file'); }else if(!file_exists($absolutePath)){ throw new Exception('Given file does not exist'); }else if(is_dir($absolutePath)){ throw new Exception('This is a directory, are you crazy?'); }else{ if($finf===false){ throw new Exception('Trying to get file-type has failed'); }else if(is_array($finf)){ if($finf['typeof']=='image'){ $isRealImage = false; if(function_exists('exif_imagetype')){ $findType = exif_imagetype($absolutePath); if(!empty($findType)){ $isRealImage = true; } }else{ $findType = @getimagesize($absolutePath); if(is_array($findType) && !empty($findType[2])){ $isRealImage = true; } } if($isRealImage===true){ return $finf; }else{ throw new Exception('File Invalid: Given file does not match with its suffix / extension'); } }else{ return $finf; } }else{ throw new Exception('Unknown Error!'); } } }catch(Exception $e){ return false; } } public function upload($file_array,$catID=null,$imageOnly=false,$updateByFileID=null,$afterUpdtDelF=null,$afterUpdtDelT=null){ $mainUploadDir = $this->getSpacesDir().'/'; try{ if(!is_uploaded_file($file_array['tmp_name'])){ throw new Exception('invalid-uploadfile'); }else{ $get_type = $this->get_ftype_byFile($file_array['name'],$file_array['tmp_name']); if($get_type===false){ throw new Exception('invalid-type'); }else{ if($imageOnly){ if($get_type['typeof']!='image'){ throw new Exception('none-image-file'); } } $relFileName = $this->triggerEvent('onBeforeFileSave', $file_array['name']); $relFileName = str_replace(array(' ','ä','ö','ü','Ä','Ö','Ü'), array('_','ae','oe','ue','Ae','Oe','Ue'), $relFileName); $fullFilePath = $mainUploadDir.$get_type['subDir'].'/'.$relFileName; while(file_exists($fullFilePath)){ $relFileName = $this->genRandFileName().'_'.$relFileName; $fullFilePath = $mainUploadDir.$get_type['subDir'].'/'.$relFileName; } if(!@move_uploaded_file($file_array['tmp_name'], $fullFilePath)){ throw new Exception('move-file-failed'); }else{ $linkToCat = null; if(isset($catID) && is_numeric($catID)){ $searchCat = new Senso_SQLSelect('SELECT forFiles FROM '.MySQLConnection_Data::TABLE_PREFIX.'media_categories
WHERE catID="'.$catID.'" LIMIT 1'); if($searchCat->rows < 1){ @unlink($fullFilePath); throw new Exception('category-search-failed'); }else{ $searchCat = $searchCat->get_single_object(); $linkToCat = $catID; } } $thumb_file; if($get_type['typeof']=='image'){ $thumbFileName = 'thumb_'.$relFileName; $thumbDirPath = $mainUploadDir.'_thumbs/'; $fullThumbPath = $thumbDirPath.$thumbFileName; if(file_exists($fullThumbPath)){ $thumbFileName = 'thumb_'.$this->genRandFileName().'.'.$get_type['suffix']; $fullThumbPath = $thumbDirPath.$thumbFileName; } $newThumb = exoThumbnail::thumbnail($fullFilePath, $thumbDirPath, $thumbFileName, $get_type['suffix'], 120, 120); if($newThumb===false){ @unlink($fullFilePath); throw new Exception('thumb-creation-failed'); }else{ $thumb_file = $newThumb; } }else{ $thumb_file = null; } if($get_type['suffix']=='jpeg'){ $get_type['suffix']='jpg'; } if($thumb_file==null){ $thumb_file = 'NULL'; }else{ $thumb_file = '"'.mysql_escape_string($thumb_file).'"'; } if(empty($linkToCat)){ $linkToCat = 'NULL'; }else{ $linkToCat = '"'.$linkToCat.'"'; } if(!empty($updateByFileID)){ $updateSQL = 'UPDATE '.MySQLConnection_Data::TABLE_PREFIX.'media_uploads
SET catID='.$linkToCat.',file="'.$relFileName.'",thumb_file='.$thumb_file.',
subDir="'.mysql_escape_string($get_type['subDir']).'", file_type="'.mysql_escape_string($get_type['suffix']).'",
file_type_category="'.$get_type['typeof'].'"
WHERE (uploadID="'.(int)$updateByFileID.'")
LIMIT 1'; if(@mysql_query($updateSQL)){ if(mysql_affected_rows()===1){ if(!empty($afterUpdtDelF)){ @unlink(@$afterUpdtDelF); } if(!empty($afterUpdtDelT)){ @unlink(@$afterUpdtDelT); } return $updateByFileID; }else{ @unlink($fullFilePath); @unlink($fullThumbPath); throw new Exception('File could not be updated'); } }else{ @unlink($fullFilePath); @unlink($fullThumbPath); throw new Exception('hard-db-error'); } }else{ $insertSQL = 'INSERT INTO '.MySQLConnection_Data::TABLE_PREFIX.'media_uploads
(catID,file,thumb_file,subDir,file_type,file_type_category)
VALUES (
'.$linkToCat.',"'.$relFileName.'",'.$thumb_file.',
"'.mysql_escape_string($get_type['subDir']).'",
"'.mysql_escape_string($get_type['suffix']).'",
"'.mysql_escape_string($get_type['typeof']).'"
)'; if(@mysql_query($insertSQL)){ return mysql_insert_id(); }else{ @unlink($fullFilePath); throw new Exception('sql-query-failed'); } } } } } }catch(Exception $e){ return $e->getMessage(); } } public function upload_replace($file_array,$oldFileID){ try{ if(!is_numeric($oldFileID)){ throw new Exception('invalid-ofile-id'); }else{ $oldFileId = (int)$oldFileId; $findOldFile = new Senso_SQLSelect('SELECT uploadID,subDir,file_type,file,thumb_file,catID FROM '.MySQLConnection_Data::TABLE_PREFIX.'media_uploads
WHERE uploadID="'.$oldFileID.'" LIMIT 1'); if($findOldFile->rows === 1){ $findOldFile = $findOldFile->get_single_object(); $spacesDir = $this->getSpacesDir(); $updateByFileID = $findOldFile->uploadID; $afterUpdtDelF = $spacesDir.'/'.$findOldFile->subDir.'/'.$findOldFile->file; $afterUpdtDelT = $spacesDir.'/_thumbs/'.$findOldFile->thumb_file; $finfByFName = $this->get_finf_byFileName($findOldFile->file); $imageOnly = false; if($finfByFName['typeof']=='image'){ $imageOnly = true; } return $this->upload($file_array,$findOldFile->catID,$imageOnly,$updateByFileID,$afterUpdtDelF,$afterUpdtDelT); }else{ throw new Exception('db-error'); } } }catch(Exception $e){ return $e->getMessage(); } } public function deleteFile($fileID){ try{ $fileID = (int)$fileID; $getFiles = new Senso_SQLSelect('SELECT subDir,file, thumb_file FROM '.MySQLConnection_Data::TABLE_PREFIX.'media_uploads WHERE uploadID="'.$fileID.'" LIMIT 1'); if($getFiles->rows > 0){ $getFiles = $getFiles->get_single_object(); $delSQL = 'DELETE FROM '.MySQLConnection_Data::TABLE_PREFIX.'media_uploads WHERE uploadID="'.$fileID.'" LIMIT 1'; if(@mysql_query($delSQL)){ if(mysql_affected_rows()===1){ @unlink($this->getSpacesDir().'/'.$getFiles->subDir.'/'.$getFiles->file); if(!empty($getFiles->thumb_file)){ @unlink($this->getSpacesDir().'/_thumbs/'.$getFiles->thumb_file); } return true; }else{ throw new Exception('Nothing was deleted'); } }else{ throw new Exception('Database says: '.mysql_error()); } }else{ throw new Exception('file not found'); } }catch(Exception $e){ return false; } } public function changeFileParameters($fileID,$assocParamArray){ $fileID = (int)$fileID; $updateSQL = 'UPDATE '.MySQLConnection_Data::TABLE_PREFIX.'media_uploads
SET '; foreach($assocParamArray as $key=>$val){ if(empty($val)){ $assocParamArray[$key] = 'NULL'; }else{ $assocParamArray[$key] = '"'.mysql_escape_string($val).'"'; } } if(isset($assocParamArray['catID'])){ $updateSQL .= 'catID='.$assocParamArray['catID'].','; } if(isset($assocParamArray['subDir'])){ $updateSQL .= 'subDir='.$assocParamArray['subDir'].','; } if(isset($assocParamArray['file_type'])){ $updateSQL .= 'file_type='.$assocParamArray['file_type'].','; } if(isset($assocParamArray['name'])){ $updateSQL .= 'name='.$assocParamArray['name'].','; } if(isset($assocParamArray['description'])){ $updateSQL .= 'description='.$assocParamArray['description'].','; } if(isset($assocParamArray['target'])){ $updateSQL .= 'target='.$assocParamArray['target'].','; } if(isset($assocParamArray['extra_param1'])){ $updateSQL .= 'extra_param1='.$assocParamArray['extra_param1'].','; } if(isset($assocParamArray['extra_param2'])){ $updateSQL .= 'extra_param2='.$assocParamArray['extra_param2'].','; } $len = strlen($updateSQL); $updateSQL = substr($updateSQL, 0, $len-1); $updateSQL .= ' WHERE uploadID="'.$fileID.'" LIMIT 1'; if(!@mysql_query($updateSQL)){ return false; }else{ return true; } } public function getFileParameters($fileID,$escape_html=false){ try{ if(!is_numeric($fileID)){ throw new Exception('Invalid uploadID/fileID'); }else{ $fileID = (int)$fileID; $getObject = new Senso_SQLSelect('SELECT uploadID,catID,file,thumb_file,subDir,file_type,name,description,target,order_param,extra_param1,extra_param2,extra_param3
FROM '.MySQLConnection_Data::TABLE_PREFIX.'media_uploads
WHERE (uploadID='.$fileID.') LIMIT 1'); if($getObject->rows === 1){ $getObject = $getObject->get_single_object(); if($escape_html===true){ $getObject->target = htmlspecialchars($getObject->target); $getObject->name = htmlspecialchars($getObject->name); $getObject->description = htmlspecialchars($getObject->description); } return $getObject; }else{ throw new Exception('Selection failed, returned empty object'); } } }catch(Exception $e){ return false; } } public function getUploadsList($catID=null,$limit=null,$offset=null){ try{ $limitCommands = ''; if(!empty($limit) || $limit === 0){ if(!is_numeric($limit)){ throw new Exception('Invalid limit-Parameter'); }else{ $limitCommands = ' LIMIT '.$limit; if(isset($offset) && (!empty($offset) || $offset===0)){ if(!is_numeric($offset)){ throw new Exception('Invalid offset-Parameter'); }else{ $limitCommands = $offset.','.$limit; } } } } $uploadList = array(); $selectUploads; if(is_numeric($catID)){ $selectUploads = new Senso_SQLSelect('SELECT uploadID,file,thumb_file,file_type,
subDir,name,description,target,extra_param1,extra_param2
FROM '.MySQLConnection_Data::TABLE_PREFIX.'media_uploads
WHERE catID="'.$catID.'" ORDER BY order_param DESC '.$limitCommands); }else{ $selectUploads = new Senso_SQLSelect('SELECT uploadID,file,thumb_file,file_type,
subDir,name,description,target,extra_param1,extra_param2
FROM '.MySQLConnection_Data::TABLE_PREFIX.'media_uploads ORDER BY order_param DESC '.$limitCommands); } if($selectUploads->rows >= 0){ if($selectUploads->rows==0){ return $uploadList; }else{ while($uploadObj=$selectUploads->get_single_object()){ $uploadList[] = $uploadObj; } return $uploadList; } }else{ throw new Exception(mysql_error()); } }catch(Exception $e){ return false; } } public function createCategory($name,$forFiles='other'){ if($forFiles!='images'){ $forFiles='other'; } try{ if(empty($name) || !is_string($name)){ throw new Exception('Invalid name parameter'); }else{ $tryCreate = 'INSERT INTO '.MySQLConnection_Data::TABLE_PREFIX.'media_categories (catName,forFiles)
VALUES ("'.mysql_escape_string($name).'","'.$forFiles.'")'; if(!@mysql_query($tryCreate)){ throw new Exception('SQL-Insert failed'); }else{ return mysql_insert_id(); } } }catch(Exception $e){ return false; } } public function getCategoryList_byType($type,$sortType){ $possibleTypes = array('images','other'); $retArray = array(); if(isset($sortType) && !empty($sortType)){ $sortType = strtoupper($sortType); if($sortType!='ASC' && $sortType!='DESC'){ $sortType = 'DESC'; } }else{ $sortType = 'DESC'; } try{ if(!in_array($type,$possibleTypes)){ throw new Exception('Invalid forFiles-type'); }else{ $search = new Senso_SQLSelect('SELECT catID, catName, forFiles
FROM '.MySQLConnection_Data::TABLE_PREFIX.'media_categories
WHERE forFiles="'.$type.'" ORDER BY catID '.$sortType); if($search->rows >= 0){ if($search->rows==0){ return $retArray; }else{ while($catg = $search->get_single_object()){ $retArray[] = array('id'=>$catg->catID,'name'=>$catg->catName,'forFiles'=>$catg->forFiles); } return $retArray; } }else{ return false; } } }catch(Exception $e){ return false; } } public function categoryExists($catID){ if(!is_numeric($catID)){ return false; }else{ $catID = (int)$catID; $search = new Senso_SQLSelect('SELECT catName FROM '.MySQLConnection_Data::TABLE_PREFIX.'media_categories
WHERE (catID="'.$catID.'") LIMIT 1'); if($search->rows === 1){ return true; }else{ return false; } } } public function getCategoryName($catID){ if(!is_numeric($catID)){ return false; }else{ $catID = (int)$catID; $search = new Senso_SQLSelect('SELECT catName FROM '.MySQLConnection_Data::TABLE_PREFIX.'media_categories
WHERE (catID="'.$catID.'") LIMIT 1'); if($search->rows===1){ $search = $search->get_single_object(); return $search->catName; }else{ return false; } } } public function deleteCategory($catID){ if($this->deleteFilesFromCategory($catID)===true){ $delSQL = 'DELETE FROM '.MySQLConnection_Data::TABLE_PREFIX.'media_categories
WHERE catID="'.(int)$catID.'" LIMIT 1'; if(!@mysql_query($delSQL)){ return false; }else{ if(mysql_affected_rows()>0){ return true; }else{ return false; } } }else{ return false; } } private function deleteFilesFromCategory($catID){ $catID=(int)$catID; $getMediaUploads = new Senso_SQLSelect('SELECT uploadID,file,thumb_file,subDir FROM
'.MySQLConnection_Data::TABLE_PREFIX.'media_uploads
WHERE catID="'.$catID.'"'); if($getMediaUploads->rows > 0){ $spacesDir = $this->getSpacesDir(); while($fileO = $getMediaUploads->get_single_object()){ unlink($spacesDir.'/'.$fileO->subDir.'/'.$fileO->file); if(!empty($fileO->thumb_file)){ unlink($spacesDir.'/_thumbs/'.$fileO->thumb_file); } mysql_query('DELETE FROM '.MySQLConnection_Data::TABLE_PREFIX.'media_uploads
WHERE uploadID="'.$fileO->uploadID.'" LIMIT 1'); } return true; }else if($getMediaUploads->rows === 0){ return true; }else{ return false; } } } ' ) | .../init.php(3) : eval()'d code:2 |