path: root/Zotlabs/Module/Attach.php



<?php
namespace Zotlabs\Module;

use ZipArchive;
use Zotlabs\Web\Controller;
use Zotlabs\Lib\Verify;

require_once('include/security.php');
require_once('include/attach.php');

class Attach extends Controller {

	function post() {

		$attach_ids = ((x($_REQUEST, 'attach_ids')) ? $_REQUEST['attach_ids'] : []);
		$attach_path = ((x($_REQUEST, 'attach_path')) ? $_REQUEST['attach_path'] : '');
		$download_token = ((x($_REQUEST, 'download_token')) ? $_REQUEST['download_token'] : '');

		$channel_id = ((x($_REQUEST, 'channel_id')) ? intval($_REQUEST['channel_id']) : 0);
		$channel = channelx_by_n($channel_id);

		if (! $channel) {
			notice(t('Channel not found.') . EOL);
			return;
		}

		$strip_str = '/cloud/' . $channel['channel_address'] . '/';
		$count   = strlen($strip_str);
		$attach_path = substr($attach_path, $count);

		if ($attach_ids) {

			$zip_dir = 'store/[data]/' . $channel['channel_address'] . '/tmp';
			if (! is_dir($zip_dir))
				mkdir($zip_dir, STORAGE_DEFAULT_PERMISSIONS, true);

			$token = random_string(32);

			$zip_file = 'download_' . $token . '.zip';
			$zip_path = $zip_dir . '/' . $zip_file;

			$zip = new ZipArchive();

			if ($zip->open($zip_path, ZipArchive::CREATE) === true) {

				$zip_filename = self::zip_archive_handler($zip, $attach_ids, $attach_path);

				$zip->close();

				$meta = [
					'zip_filename' => $zip_filename,
					'zip_path' => $zip_path
				];

				Verify::create('zip_token', 0, $token, json_encode($meta));
				Verify::create('download_token', 0, $download_token, $token);


				json_return_and_die([
					'success' => true,
					'token' => $token
				]);

			}
		}
	}

	function get() {

		if(argc() < 2) {
			notice( t('Item not available.') . EOL);
			return;
		}

		$token = ((x($_REQUEST, 'token')) ? $_REQUEST['token'] : '');
		$download_token = ((x($_REQUEST, 'download_token')) ? $_REQUEST['download_token'] : '');

		if(argv(1) === 'check') {
			$meta = Verify::get_meta('download_token', 0, $download_token);

			if(! $meta)
				killme();

			json_return_and_die([
				'success' => true,
				'token' => $meta
			]);
		}

		if(argv(1) === 'download') {
			$meta = Verify::get_meta('zip_token', 0, $token);

			if(! $meta)
				killme();

			$meta = json_decode($meta, true);

			// make sure we remove the download_token in case we have not checked yet
			Verify::get_meta('download_token', 0, $download_token);

			header('Content-Type: application/zip');
			header('Content-Disposition: attachment; filename="'. $meta['zip_filename'] . '"');
			header('Content-Length: ' . filesize($meta['zip_path']));

			$istream = fopen($meta['zip_path'], 'rb');
			$ostream = fopen('php://output', 'wb');
			if($istream && $ostream) {
				pipe_streams($istream, $ostream);
				fclose($istream);
				fclose($ostream);
			}

			unlink($meta['zip_path']);
			killme();
		}

		$r = attach_by_hash(argv(1),get_observer_hash(),((argc() > 2) ? intval(argv(2)) : 0));

		if(! $r['success']) {
			notice( $r['message'] . EOL);
			return;
		}

		$c = q("select channel_address from channel where channel_id = %d limit 1",
			intval($r['data']['uid'])
		);

		if(! $c)
			return;

		$unsafe_types = array('text/html','text/css','application/javascript');

		if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) {
				header('Content-Type: text/plain');
		}
		else {
			header('Content-Type: ' . $r['data']['filetype']);
		}

		header('Content-Disposition: attachment; filename="' . $r['data']['filename'] . '"');
		if(intval($r['data']['os_storage'])) {
			$fname = $r['data']['content'];
			if(strpos($fname,'store') !== false)
				$istream = fopen($fname,'rb');
			else
				$istream = fopen('store/' . $c[0]['channel_address'] . '/' . $fname,'rb');
			$ostream = fopen('php://output','wb');
			if($istream && $ostream) {
				pipe_streams($istream, $ostream);
				fclose($istream);
				fclose($ostream);
			}
		}
		else
			echo $r['data']['content'];
		killme();

	}

	public function zip_archive_handler($zip, $attach_ids, $attach_path, $pass = 1) {

		$observer_hash = get_observer_hash();
		$single = ((count($attach_ids) == 1) ? true : false);
		$download_name = 'download.zip';

		foreach($attach_ids as $attach_id) {

			$r = attach_by_id($attach_id, $observer_hash);

			if (! $r['success']) {
				continue;
			}

			if ($r['data']['is_dir'] && $single && $pass === 1)
				$download_name = $r['data']['filename'] . '.zip';

			$zip_path = $r['data']['display_path'];

			if ($attach_path) {
				$strip_str = $attach_path . '/';
				$count   = strlen($strip_str);
				$zip_path = substr($r['data']['display_path'], $count);
			}

			if ($r['data']['is_dir']) {
				$zip->addEmptyDir($zip_path);

				$d = q("SELECT id FROM attach WHERE folder = '%s'",
					dbesc($r['data']['hash'])
				);

				$attach_ids = ids_to_array($d);
				self::zip_archive_handler($zip, $attach_ids, $attach_path, $pass++);
			}
			else {
				$file_path = $r['data']['content'];
				$zip->addFile($file_path, $zip_path);
			}

		}

		return $download_name;
	}

}
<?php
namespace Zotlabs\Module;

use ZipArchive;
use Zotlabs\Web\Controller;
use Zotlabs\Lib\Verify;

require_once('include/security.php');
require_once('include/attach.php');

class Attach extends Controller {

	function post() {

		$attach_ids = ((x($_REQUEST, 'attach_ids')) ? $_REQUEST['attach_ids'] : []);
		$attach_path = ((x($_REQUEST, 'attach_path')) ? $_REQUEST['attach_path'] : '');
		$download_token = ((x($_REQUEST, 'download_token')) ? $_REQUEST['download_token'] : '');

		$channel_id = ((x($_REQUEST, 'channel_id')) ? intval($_REQUEST['channel_id']) : 0);
		$channel = channelx_by_n($channel_id);

		if (! $channel) {
			notice(t('Channel not found.') . EOL);
			return;
		}

		$strip_str = '/cloud/' . $channel['channel_address'] . '/';
		$count   = strlen($strip_str);
		$attach_path = substr($attach_path, $count);

		if ($attach_ids) {

			$zip_dir = 'store/[data]/' . $channel['channel_address'] . '/tmp';
			if (! is_dir($zip_dir))
				mkdir($zip_dir, STORAGE_DEFAULT_PERMISSIONS, true);

			$token = random_string(32);

			$zip_file = 'download_' . $token . '.zip';
			$zip_path = $zip_dir . '/' . $zip_file;

			$zip = new ZipArchive();

			if ($zip->open($zip_path, ZipArchive::CREATE) === true) {

				$zip_filename = self::zip_archive_handler($zip, $attach_ids, $attach_path);

				$zip->close();

				$meta = [
					'zip_filename' => $zip_filename,
					'zip_path' => $zip_path
				];

				Verify::create('zip_token', 0, $token, json_encode($meta));
				Verify::create('download_token', 0, $download_token, $token);


				json_return_and_die([
					'success' => true,
					'token' => $token
				]);

			}
		}
	}

	function get() {

		if(argc() < 2) {
			notice( t('Item not available.') . EOL);
			return;
		}

		$token = ((x($_REQUEST, 'token')) ? $_REQUEST['token'] : '');
		$download_token = ((x($_REQUEST, 'download_token')) ? $_REQUEST['download_token'] : '');

		if(argv(1) === 'check') {
			$meta = Verify::get_meta('download_token', 0, $download_token);

			if(! $meta)
				killme();

			json_return_and_die([
				'success' => true,
				'token' => $meta
			]);
		}

		if(argv(1) === 'download') {
			$meta = Verify::get_meta('zip_token', 0, $token);

			if(! $meta)
				killme();

			$meta = json_decode($meta, true);

			// make sure we remove the download_token in case we have not checked yet
			Verify::get_meta('download_token', 0, $download_token);

			header('Content-Type: application/zip');
			header('Content-Disposition: attachment; filename="'. $meta['zip_filename'] . '"');
			header('Content-Length: ' . filesize($meta['zip_path']));

			$istream = fopen($meta['zip_path'], 'rb');
			$ostream = fopen('php://output', 'wb');
			if($istream && $ostream) {
				pipe_streams($istream, $ostream);
				fclose($istream);
				fclose($ostream);
			}

			unlink($meta['zip_path']);
			killme();
		}

		$r = attach_by_hash(argv(1),get_observer_hash(),((argc() > 2) ? intval(argv(2)) : 0));

		if(! $r['success']) {
			notice( $r['message'] . EOL);
			return;
		}

		$c = q("select channel_address from channel where channel_id = %d limit 1",
			intval($r['data']['uid'])
		);

		if(! $c)
			return;

		$unsafe_types = array('text/html','text/css','application/javascript');

		if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) {
				header('Content-Type: text/plain');
		}
		else {
			header('Content-Type: ' . $r['data']['filetype']);
		}

		header('Content-Disposition: attachment; filename="' . $r['data']['filename'] . '"');
		if(intval($r['data']['os_storage'])) {
			$fname = $r['data']['content'];
			if(strpos($fname,'store') !== false)
				$istream = fopen($fname,'rb');
			else
				$istream = fopen('store/' . $c[0]['channel_address'] . '/' . $fname,'rb');
			$ostream = fopen('php://output','wb');
			if($istream && $ostream) {
				pipe_streams($istream, $ostream);
				fclose($istream);
				fclose($ostream);
			}
		}
		else
			echo $r['data']['content'];
		killme();

	}

	public function zip_archive_handler($zip, $attach_ids, $attach_path, $pass = 1) {

		$observer_hash = get_observer_hash();
		$single = ((count($attach_ids) == 1) ? true : false);
		$download_name = 'download.zip';

		foreach($attach_ids as $attach_id) {

			$r = attach_by_id($attach_id, $observer_hash);

			if (! $r['success']) {
				continue;
			}

			if ($r['data']['is_dir'] && $single && $pass === 1)
				$download_name = $r['data']['filename'] . '.zip';

			$zip_path = $r['data']['display_path'];

			if ($attach_path) {
				$strip_str = $attach_path . '/';
				$count   = strlen($strip_str);
				$zip_path = substr($r['data']['display_path'], $count);
			}

			if ($r['data']['is_dir']) {
				$zip->addEmptyDir($zip_path);

				$d = q("SELECT id FROM attach WHERE folder = '%s'",
					dbesc($r['data']['hash'])
				);

				$attach_ids = ids_to_array($d);
				self::zip_archive_handler($zip, $attach_ids, $attach_path, $pass++);
			}
			else {
				$file_path = $r['data']['content'];
				$zip->addFile($file_path, $zip_path);
			}

		}

		return $download_name;
	}

}