Classes

File phpboost/member/Uploads.class.php

File phpboost/member/Uploads.class.php

  1:   2:   3:   4:   5:   6:   7:   8:   9:  10:  11:  12:  13:  14:  15:  16:  17:  18:  19:  20:  21:  22:  23:  24:  25:  26:  27:  28:  29:  30:  31:  32:  33:  34:  35:  36:  37:  38:  39:  40:  41:  42:  43:  44:  45:  46:  47:  48:  49:  50:  51:  52:  53:  54:  55:  56:  57:  58:  59:  60:  61:  62:  63:  64:  65:  66:  67:  68:  69:  70:  71:  72:  73:  74:  75:  76:  77:  78:  79:  80:  81:  82:  83:  84:  85:  86:  87:  88:  89:  90:  91:  92:  93:  94:  95:  96:  97:  98:  99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 269: 270: 271: 272: 273: 274: 275: 276: 277: 278: 279: 280: 281: 282: 283: 284: 285: 286: 287: 288: 289: 290: 291: 292: 293: 294: 295: 296: 297: 298: 299: 300: 301: 302: 303: 304: 305: 306: 307: 308: 309: 310: 311: 312: 313: 314: 315: 316: 317: 318: 319: 320: 321: 322: 323: 324: 325: 326: 327: 328: 329: 330: 331: 332: 333: 334: 335: 336: 337: 338: 339: 340: 341: 342: 343: 344: 345: 346: 347: 348: 349: 350: 351: 352: 353: 354: 355: 356: 357: 358: 359: 360: 361: 362: 363: 364: 365: 366: 367: 368: 369: 370: 371: 372: 373: 374: 375: 376: 377: 378: 379: 380: 381: 382: 383: 384: 385: 386: 387: 388: 389: 390: 391: 392: 393: 394: 395: 396: 397: 398: 399: 400: 401: 402: 403: 404: 405: 406: 407: 408: 409: 410: 411: 412: 413: 414: 415: 416: 417: 418: 419: 420: 421: 422: 423: 424: 
<?php
/**
 * @package     PHPBoost
 * @subpackage  Member
 * @copyright   &copy; 2005-2019 PHPBoost
 * @license     https://www.gnu.org/licenses/gpl-3.0.html GNU/GPL-3.0
 * @author      Regis VIARRE <crowkait@phpboost.com>
 * @version     PHPBoost 5.2 - last update: 2018 05 05
 * @since       PHPBoost 1.6 - 2007 04 18
 * @contributor Julien BRISWALTER <j1.seth@phpboost.com>
 * @contributor Arnaud GENET <elenwii@phpboost.com>
 * @contributor mipel <mipel@phpboost.com>
*/

class Uploads
{
    const EMPTY_FOLDER = true;
    const ADMIN_NO_CHECK = true;

    private static $db_querier;

    public static function __static()
    {
        self::$db_querier = PersistenceContext::get_querier();
    }

    //Ajout d'un dossier virtuel
    public static function Add_folder($id_parent, $user_id, $name)
    {
        $check_folder = self::$db_querier->count(DB_TABLE_UPLOAD_CAT, 'WHERE name = :name AND id_parent = :id_parent AND user_id = :user_id', array('name' => $name, 'id_parent' => $id_parent, 'user_id' => $user_id));
        if (!empty($check_folder) || preg_match('`/|\.|\\\|"|<|>|\||\?`u', stripslashes($name)))
            return 0;

        $result = self::$db_querier->insert(DB_TABLE_UPLOAD_CAT, array('id_parent' => $id_parent, 'user_id' => $user_id, 'name' => $name));

        return $result->get_last_inserted_id();
    }

    //Suppression recursive des dossiers et fichiers du membre.
    public static function Empty_folder_member($user_id)
    {
        //Suppression des fichiers.
        $result = self::$db_querier->select("SELECT path
        FROM " . DB_TABLE_UPLOAD . "
        WHERE user_id = :user_id", array(
            'user_id' => $user_id
        ));
        while($row = $result->fetch())
        {
            $file = new File(PATH_TO_ROOT . '/upload/' . $row['path']);
            $file->delete();
        }
        $result->dispose();

        //Suppression des entrées dans la base de données
        self::$db_querier->delete(DB_TABLE_UPLOAD_CAT, 'WHERE user_id = :user_id', array('user_id' => $user_id));
        self::$db_querier->delete(DB_TABLE_UPLOAD, 'WHERE user_id = :user_id', array('user_id' => $user_id));
    }

    //Suppression recursive du dossier et de son contenu.
    public static function Del_folder($id_folder)
    {
        //Suppression des fichiers.
        $result = self::$db_querier->select("SELECT path
        FROM " . DB_TABLE_UPLOAD . "
        WHERE idcat = :idcat", array(
            'idcat' => $id_folder
        ));
        while ($row = $result->fetch())
        {
            $file = new File(PATH_TO_ROOT . '/upload/' . $row['path']);
            $file->delete();
        }
        $result->dispose();

        //Suppression des entrées dans la base de données
        self::$db_querier->delete(DB_TABLE_UPLOAD_CAT, 'WHERE id = :id', array('id' => $id_folder));

        self::$db_querier->delete(DB_TABLE_UPLOAD, 'WHERE idcat = :idcat', array('idcat' => $id_folder));

        $result = self::$db_querier->select("SELECT id
        FROM " . DB_TABLE_UPLOAD_CAT . "
        WHERE id_parent = :id", array(
            'id' => $id_folder
        ));
        while ($row = $result->fetch())
        {
            if (!empty($row['id']))
                self::Del_folder($row['id']);
        }
        $result->dispose();
    }

    //Suppression d'un fichier
    public static function Del_file($id_file, $user_id, $admin = false)
    {
        if ($admin) //Administration, on ne vérifie pas l'appartenance.
        {
            $name = self::$db_querier->get_column_value(DB_TABLE_UPLOAD, 'path', 'WHERE id = :id', array('id' => $id_file));
            self::$db_querier->delete(DB_TABLE_UPLOAD, 'WHERE id = :id', array('id' => $id_file));

            $file = new File(PATH_TO_ROOT . '/upload/' . $name);
            $file->delete();

            return '';
        }
        else
        {
            $check_id_auth = self::$db_querier->get_column_value(DB_TABLE_UPLOAD, 'user_id', 'WHERE id = :id', array('id' => $id_file));
            //Suppression d'un fichier.
            if ($check_id_auth == $user_id)
            {
                $name = self::$db_querier->get_column_value(DB_TABLE_UPLOAD, 'path', 'WHERE id = :id', array('id' => $id_file));
                self::$db_querier->delete(DB_TABLE_UPLOAD, 'WHERE id = :id', array('id' => $id_file));

                $file = new File(PATH_TO_ROOT . '/upload/' . $name);
                $file->delete();

                return '';
            }
            return 'e_auth';
        }
    }

    //Renomme un dossier virtuel
    public static function Rename_folder($id_folder, $name, $previous_name, $user_id, $admin = false)
    {
        $info_folder = array(
            'id_parent' => '',
            'user_id' => ''
        );
        try {
            $info_folder = self::$db_querier->select_single_row(PREFIX . "upload_cat", array("id_parent", "user_id"), 'WHERE id=:id', array('id' => $id_folder));
        } catch (RowNotFoundException $e) {}

        //Vérification de l'unicité du nom du dossier.
        $check_folder = self::$db_querier->count(DB_TABLE_UPLOAD_CAT, 'WHERE id_parent = :id_parent AND name = :name AND id <> :id AND user_id = :user_id', array('id_parent' => $info_folder['id_parent'], 'name' => $name, 'id' => $id_folder, 'user_id' => $user_id));
        if ($check_folder > 0 || preg_match('`/|\.|\\\|"|<|>|\||\?`u', stripslashes($name)))
            return '';

        if ($admin) //Administration, on ne vérifie pas l'appartenance.
        {
            self::$db_querier->update(DB_TABLE_UPLOAD_CAT, array('name' => $name), 'WHERE id = :id', array('id' => $id_folder));
            return stripslashes((TextHelper::strlen(TextHelper::html_entity_decode($name)) > 22) ? TextHelper::htmlspecialchars(TextHelper::substr(TextHelper::html_entity_decode($name), 0, 22)) . '...' : $name);
        }
        else
        {
            if ($user_id == $info_folder['user_id'])
            {
                self::$db_querier->update(DB_TABLE_UPLOAD_CAT, array('name' => $name), 'WHERE id = :id', array('id' => $id_folder));
                return stripslashes((TextHelper::strlen(TextHelper::html_entity_decode($name)) > 22) ? TextHelper::htmlspecialchars(TextHelper::substr(TextHelper::html_entity_decode($name), 0, 22)) . '...' : $name);
            }
        }
        return stripslashes((TextHelper::strlen(TextHelper::html_entity_decode($previous_name)) > 22) ? TextHelper::htmlspecialchars(TextHelper::substr(TextHelper::html_entity_decode($previous_name), 0, 22)) . '...' : $previous_name);
    }

    //Renomme un fichier virtuel
    public static function Rename_file($id_file, $name, $previous_name, $user_id, $admin = false)
    {
        $info_cat = array(
            'idcat' => '',
            'user_id' => ''
        );
        try {
            $info_cat = self::$db_querier->select_single_row(PREFIX . "upload", array("idcat", "user_id"), 'WHERE id=:id', array('id' => $id_file));
        } catch (RowNotFoundException $e) {}

        //Vérification de l'unicité du nom du fichier.
        $check_file = self::$db_querier->count(DB_TABLE_UPLOAD, 'WHERE idcat = :idcat AND name = :name AND id <> :id AND user_id = :user_id', array('idcat' => $info_cat['idcat'], 'name' => $name, 'id' => $id_file, 'user_id' => $user_id));
        if ($check_file > 0 || preg_match('`/|\\\|"|<|>|\||\?`u', stripslashes($name)))
            return '/';

        if ($admin) //Administration, on ne vérifie pas l'appartenance.
        {
            self::$db_querier->update(DB_TABLE_UPLOAD, array('name' => $name), 'WHERE id = :id', array('id' => $id_file));
            return stripslashes((TextHelper::strlen(TextHelper::html_entity_decode($name)) > 22) ? TextHelper::htmlspecialchars(TextHelper::substr(TextHelper::html_entity_decode($name), 0, 22)) . '...' : $name);
        }
        else
        {
            if ($user_id == $info_cat['user_id'])
            {
                self::$db_querier->update(DB_TABLE_UPLOAD, array('name' => $name), 'WHERE id = :id', array('id' => $id_file));
                return stripslashes((TextHelper::strlen(TextHelper::html_entity_decode($name)) > 22) ? TextHelper::htmlspecialchars(TextHelper::substr(TextHelper::html_entity_decode($name), 0, 22)) . '...' : $name);
            }
        }
        return stripslashes((TextHelper::strlen(TextHelper::html_entity_decode($previous_name)) > 22) ? TextHelper::htmlspecialchars(TextHelper::substr(TextHelper::html_entity_decode($previous_name), 0, 22)) . '...' : $previous_name);
    }

    //Déplacement dun dossier.
    public static function Move_folder($move, $to, $user_id, $admin = false)
    {
        if ($admin) //Administration, on ne vérifie pas l'appartenance.
        {
            //Changement de propriètaire du fichier.
            $change_user_id = self::$db_querier->get_column_value(DB_TABLE_UPLOAD_CAT, 'user_id', 'WHERE id = :id', array('id' => $to));
            if (empty($change_user_id))
                $change_user_id = -1;
            if ($to != $move)
                self::$db_querier->update(DB_TABLE_UPLOAD_CAT, array('id_parent' => $to, 'user_id' => $change_user_id), 'WHERE id = :id', array('id' => $move));
            return '';
        }
        else
        {
            if ($to == 0) //Déplacement dossier racine du membre.
            {
                $get_mbr_folder = self::$db_querier->get_column_value(DB_TABLE_UPLOAD_CAT, 'id', 'WHERE user_id = :user_id', array('user_id' => $user_id));
                self::$db_querier->update(DB_TABLE_UPLOAD_CAT, array('id_parent' => $get_mbr_folder), 'WHERE id = :id AND user_id = :user_id', array('id' => $move, 'user_id' => $user_id));
                return '';
            }

            //Vérification de l'appartenance du dossier de destination.
            $check_user_id_move = self::$db_querier->get_column_value(DB_TABLE_UPLOAD_CAT, 'user_id', 'WHERE id = :id', array('id' => $move));
            $check_user_id_to = self::$db_querier->get_column_value(DB_TABLE_UPLOAD_CAT, 'user_id', 'WHERE id = :id', array('id' => $to));
            if ($user_id == $check_user_id_move && $user_id == $check_user_id_to)
            {
                self::$db_querier->update(DB_TABLE_UPLOAD_CAT, array('id_parent' => $to), 'WHERE id = :id AND user_id = :user_id', array('id' => $move, 'user_id' => $user_id));
                return '';
            }
            else
                return 'e_auth';
        }
    }

    //Déplacement dun fichier.
    public static function Move_file($move, $to, $user_id, $admin = false)
    {
        if ($admin) //Administration, on ne vérifie pas l'appartenance.
        {
            //Changement de propriètaire du fichier.
            $change_user_id = self::$db_querier->get_column_value(DB_TABLE_UPLOAD_CAT, 'user_id', 'WHERE id = :id', array('id' => $to));
            if (empty($change_user_id))
                $change_user_id = -1;
            self::$db_querier->update(DB_TABLE_UPLOAD, array('idcat' => $to, 'user_id' => $change_user_id), 'WHERE id = :id', array('id' => $move));
            return '';
        }
        else
        {
            if ($to == 0) //Déplacement dossier racine du membre.
            {
                $get_mbr_folder = self::$db_querier->get_column_value(DB_TABLE_UPLOAD_CAT, 'id', 'WHERE user_id = :user_id AND id_parent = 0', array('user_id' => $user_id));
                self::$db_querier->update(DB_TABLE_UPLOAD, array('idcat' => $get_mbr_folder), 'WHERE id = :id AND user_id = :user_id', array('id' => $move, 'user_id' => $user_id));
                return '';
            }

            //Vérification de l'appartenance du dossier de destination.
            $check_user_id_move = self::$db_querier->get_column_value(DB_TABLE_UPLOAD, 'user_id', 'WHERE id = :id', array('id' => $move));
            $check_user_id_to = self::$db_querier->get_column_value(DB_TABLE_UPLOAD_CAT, 'user_id', 'WHERE id = :id', array('id' => $to));
            if ($user_id == $check_user_id_move && $user_id == $check_user_id_to)
            {
                self::$db_querier->update(DB_TABLE_UPLOAD, array('idcat' => $to), 'WHERE id = :id AND user_id = :user_id', array('id' => $move, 'user_id' => $user_id));
                return '';
            }
            else
                return 'e_auth';
        }
    }

    //Fonction qui détermine toutes les sous-catégories d'une catégorie (récursive)
    public static function Find_subfolder($array_folders, $id_cat, &$array_child_folder)
    {
        //On parcourt les catégories et on déterminer les catégories filles
        foreach ($array_folders as $key => $value)
        {
            if ($value == $id_cat)
            {
                $array_child_folder[] = $key;
                //On rappelle la fonction pour la catégorie fille
                self::Find_subfolder($array_folders, $key, $array_child_folder);
            }
        }
    }

    //Récupération du répertoire courant (administration).
    public static function get_admin_url($id_folder, $pwd, $member_link = '')
    {
        $parent_folder = array(
            'id_parent' => '',
            'name' => '',
            'user_id' => ''
        );
        try {
            $parent_folder = self::$db_querier->select_single_row(PREFIX . "upload_cat", array("id_parent", "name", "user_id"), 'WHERE id=:id', array('id' => $id_folder));
        } catch (RowNotFoundException $e) {}

        if (!empty($parent_folder['id_parent']))
        {
            $pwd .= self::get_admin_url($parent_folder['id_parent'], $pwd, $member_link);
            return $pwd . '/<a href="admin_files.php?f=' . $id_folder . '">' . $parent_folder['name'] . '</a>';
        }
        else
            return ($parent_folder['user_id'] == '-1') ? $pwd . '/<a href="admin_files.php?f=' . $id_folder . '">' . $parent_folder['name'] . '</a>' : $pwd . '/' . $member_link . '<a href="admin_files.php?f=' . $id_folder . '">' . $parent_folder['name'] . '</a>';
    }

    //Récupération du répertoire courant.
    public static function get_url($id_folder, $pwd, $popup)
    {
        $parent_folder = array(
            'id_parent' => '',
            'name' => ''
        );
        try {
            $parent_folder = self::$db_querier->select_single_row(PREFIX . "upload_cat", array("id_parent", "name", "user_id"), 'WHERE id=:id', array('id' => $id_folder));
        } catch (RowNotFoundException $e) {}

        if (!empty($parent_folder['id_parent']))
        {
            $pwd .= self::get_url($parent_folder['id_parent'], $pwd, $popup);
            return $pwd . '/<a href="' . url('upload.php?f=' . $id_folder . $popup) . '">' . $parent_folder['name'] . '</a>';
        }
        else
            return $pwd . '/<a href="' . url('upload.php?f=' . $id_folder . $popup) . '">' . $parent_folder['name'] . '</a>';
    }

    //Récupération de la taille totale utilisée par un membre.
    public static function Member_memory_used($user_id)
    {
        return self::$db_querier->get_column_value(DB_TABLE_UPLOAD, 'SUM(size)', 'WHERE user_id = :user_id', array('user_id' => $user_id));
    }

    //Conversion mimetype -> image.
    public static function get_img_mimetype($type)
    {
        $filetype = sprintf(LangLoader::get_message('file_type', 'main'), TextHelper::strtoupper($type));
        switch ($type)
        {
            //Images
            case 'jpg':
            case 'jpeg':
            case 'png':
            case 'gif':
            case 'bmp':
            case 'svg':
            case 'nef':
            case 'raw':
            case 'ico':
            case 'tif':
            $img = 'fa-upload-picture fa-2x';
            $filetype = sprintf(LangLoader::get_message('image_type', 'main'), TextHelper::strtoupper($type));
            break;
            //Archives
            case 'rar':
            case 'gz':
            case 'zip':
            case '7z':
            $img = 'fa-upload-zip fa-2x';
            $filetype = sprintf(LangLoader::get_message('zip_type', 'main'), TextHelper::strtoupper($type));
            break;
            //Pdf
            case 'pdf':
            $img = 'fa-upload-pdf fa-2x';
            $filetype = LangLoader::get_message('adobe_pdf', 'main');
            break;
            //Son
            case 'wav':
            case 'midi':
            case 'ogg':
            case 'mp3':
            $img = 'fa-upload-audio fa-2x';
            $filetype = sprintf(LangLoader::get_message('audio_type', 'main'), TextHelper::strtoupper($type));
            break;
            //Sripts
            case 'html':
            case 'tpl':
            $img = 'fa-upload-html fa-2x';
            break;
            case 'css':
            $img = 'fa-upload-css fa-2x';
            break;
            case 'js':
            case 'php':
            case 'swf':
            $img = 'fa-upload-script fa-2x';
            break;
            //Vidéos
            case 'wmv':
            case 'avi':
            case 'mp4':
            case 'mkv':
            case 'mpg':
            case 'flv':
            case 'mpeg':
            case 'mov':
            $img = 'fa-upload-video fa-2x';
            break;
            //Executables
            case 'exe':
            $img = 'fa-upload-exec fa-2x';
            break;
            //Text
            case 'txt':
            case 'csv':
            $img = 'fa-upload-text fa-2x';
            break;
            //Office
            case 'xls':
            case 'xlsx':
            case 'xlsm':
            case 'gsheet':
            case 'ods':
            $img = 'fa-upload-sheet fa-2x';
            break;
            case 'doc':
            case 'docx':
            case 'gdoc':
            case 'odt':
            $img = 'fa-upload-doc fa-2x';
            break;
            case 'ppt':
            case 'pptx':
            case 'gslides':
            case 'odp':
            $img = 'fa-upload-slide fa-2x';
            break;
            //Default
            default:
            $img = 'fa fa-upload-other fa-2x';
            $filetype = sprintf(LangLoader::get_message('document_type', 'main'), TextHelper::strtoupper($type));
        }

        return array('img' => $img, 'filetype' => $filetype);
    }
}
?>