diff options
Diffstat (limited to 'include/attach.php')
| -rw-r--r-- | include/attach.php | 367 |
1 files changed, 289 insertions, 78 deletions
diff --git a/include/attach.php b/include/attach.php index 0c748cba6..a3ee3f0ef 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1,7 +1,8 @@ -<?php /** @file */ +<?php -/* - * File/attach API with the potential for revision control. +/** @file + * + * @brief File/attach API with the potential for revision control. * * TODO: a filesystem storage abstraction which maintains security (and 'data' contains a system filename * which is inaccessible from the web). This could get around PHP storage limits and store videos and larger @@ -12,6 +13,15 @@ require_once('include/permissions.php'); require_once('include/security.php'); +/** + * @brief Guess the mimetype from file ending. + * + * This function takes a file name and guess the mimetype from the + * filename extension. + * + * @param $filename a string filename + * @return string The mimetype according to a file ending. + */ function z_mime_content_type($filename) { $mime_types = array( @@ -26,6 +36,7 @@ function z_mime_content_type($filename) { 'xml' => 'application/xml', 'swf' => 'application/x-shockwave-flash', 'flv' => 'video/x-flv', + 'epub' => 'application/epub+zip', // images 'png' => 'image/png', @@ -80,20 +91,26 @@ function z_mime_content_type($filename) { return $mime_types[$ext]; } } -// can't use this because we're just passing a name, e.g. not a file that can be opened -// elseif (function_exists('finfo_open')) { -// $finfo = @finfo_open(FILEINFO_MIME); -// $mimetype = @finfo_file($finfo, $filename); -// @finfo_close($finfo); -// return $mimetype; -// } - else { - return 'application/octet-stream'; - } -} + return 'application/octet-stream'; + +} +/** + * @brief Count files/attachments. + * + * + * @param $channel_id + * @param $observer + * @param $hash (optional) + * @param $filename (optional) + * @param $filetype (optional) + * @return array + * $ret['success'] boolean + * $ret['results'] amount of found results, or false + * $ret['message'] string with error messages if any + */ function attach_count_files($channel_id, $observer, $hash = '', $filename = '', $filetype = '') { $ret = array('success' => false); @@ -125,6 +142,22 @@ function attach_count_files($channel_id, $observer, $hash = '', $filename = '', } +/** + * @brief Returns a list of files/attachments. + * + * @param $channel_id + * @param $observer + * @param $hash (optional) + * @param $filename (optional) + * @param $filetype (optional) + * @param $orderby + * @param $start + * @param $entries + * @return array + * $ret['success'] boolean + * $ret['results'] array with results, or false + * $ret['message'] string with error messages if any + */ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $filetype = '', $orderby = 'created desc', $start = 0, $entries = 0) { $ret = array('success' => false); @@ -161,10 +194,17 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $ } -// Find an attachment by hash and revision. Returns the entire attach structure including data. -// This could exhaust memory so most useful only when immediately sending the data. - -function attach_by_hash($hash,$rev = 0) { +/** + * @brief Find an attachment by hash and revision. + * + * Returns the entire attach structure including data. + * + * This could exhaust memory so most useful only when immediately sending the data. + * + * @param $hash + * @param $rev + */ +function attach_by_hash($hash, $rev = 0) { $ret = array('success' => false); @@ -185,7 +225,7 @@ function attach_by_hash($hash,$rev = 0) { return $ret; } - if(! perm_is_allowed($r[0]['uid'],get_observer_hash(),'view_storage')) { + if(! perm_is_allowed($r[0]['uid'], get_observer_hash(), 'view_storage')) { $ret['message'] = t('Permission denied.'); return $ret; } @@ -193,15 +233,14 @@ function attach_by_hash($hash,$rev = 0) { $sql_extra = permissions_sql($r[0]['uid']); // Now we'll see if we can access the attachment -dbg(1); $r = q("SELECT * FROM attach WHERE hash = '%s' and uid = %d $sql_extra LIMIT 1", dbesc($hash), intval($r[0]['uid']) ); -dbg(0); + if(! $r) { - $ret['message'] = t('Permission denied.'); + $ret['message'] = t('Permission denied.'); return $ret; } @@ -211,9 +250,16 @@ dbg(0); } - - -function attach_by_hash_nodata($hash,$rev = 0) { +/** + * @brief Find an attachment by hash and revision. + * + * Returns the entire attach structure excluding data. + * + * @see attach_by_hash() + * @param $hash + * @param $ref + */ +function attach_by_hash_nodata($hash, $rev = 0) { $ret = array('success' => false); @@ -242,13 +288,13 @@ function attach_by_hash_nodata($hash,$rev = 0) { // Now we'll see if we can access the attachment - $r = q("select id, aid, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' $sql_extra limit 1", + $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' $sql_extra limit 1", intval($r[0]['uid']), dbesc($hash) ); if(! $r) { - $ret['message'] = t('Permission denied.'); + $ret['message'] = t('Permission denied.'); return $ret; } @@ -258,17 +304,21 @@ function attach_by_hash_nodata($hash,$rev = 0) { } - - - -function attach_store($channel,$observer_hash,$options = '',$arr = null) { - +/** + * @brief + * + * @param $channel channel array of owner + * @param $observer_hash hash of current observer + * @param $options (optional) + * @param $arr (optional) + */ +function attach_store($channel, $observer_hash, $options = '', $arr = null) { $ret = array('success' => false); $channel_id = $channel['channel_id']; $sql_options = ''; - if(! perm_is_allowed($channel_id,get_observer_hash(),'write_storage')) { + if(! perm_is_allowed($channel_id,get_observer_hash(), 'write_storage')) { $ret['message'] = t('Permission denied.'); return $ret; } @@ -312,7 +362,7 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) { if($options === 'update' && $arr && array_key_exists('revision',$arr)) $sql_options = " and revision = " . intval($arr['revision']) . " "; - $x =q("select id, aid, uid, filename, filetype, filesize, hash, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d $sql_options limit 1", + $x = q("select id, aid, uid, filename, filetype, filesize, hash, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d $sql_options limit 1", dbesc($arr['hash']), intval($channel_id) ); @@ -333,13 +383,14 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) { return $ret; } - $limit = service_class_fetch($channel_id,'attach_upload_limit'); + $limit = service_class_fetch($channel_id, 'attach_upload_limit'); + if($limit !== false) { - $r = q("select sum(filesize) as total from attach where uid = %d ", - intval($channel_id) + $r = q("select sum(filesize) as total from attach where aid = %d ", + intval($channel['channel_account_id']) ); if(($r) && (($r[0]['total'] + $filesize) > ($limit - $existing_size))) { - $ret['message'] = upgrade_message(true).sprintf(t("You have reached your limit of %1$.0f Mbytes attachment storage."),$limit / 1024000); + $ret['message'] = upgrade_message(true) . sprintf(t("You have reached your limit of %1$.0f Mbytes attachment storage."), $limit / 1024000); @unlink($src); return $ret; } @@ -363,11 +414,12 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) { ); } elseif($options === 'revise') { - $r = q("insert into attach ( aid, uid, hash, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) - VALUES ( %d, %d, '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", + $r = q("insert into attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) + VALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($x[0]['aid']), intval($channel_id), dbesc($x[0]['hash']), + dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), intval($filesize), @@ -381,7 +433,6 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) { dbesc($x[0]['deny_gid']) ); } - elseif($options === 'update') { $r = q("update attach set filename = '%s', filetype = '%s', edited = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d limit 1", @@ -396,13 +447,13 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) { intval($x[0]['uid']) ); } - else { - $r = q("INSERT INTO attach ( aid, uid, hash, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid ) - VALUES ( %d, %d, '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", + $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid ) + VALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel_id), dbesc($hash), + dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), intval($filesize), @@ -427,7 +478,7 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) { // Caution: This re-uses $sql_options set further above - $r = q("select id, aid, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' $sql_options limit 1", + $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' $sql_options limit 1", intval($channel_id), dbesc($hash) ); @@ -442,12 +493,11 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) { return $ret; } - /** * Read a virtual directory and return contents, checking permissions of all parent components. * @function z_readdir * @param integer $channel_id - * @param string $observer_hash + * @param string $observer_hash hash of current observer * @param string $pathname * @param string $parent_hash (optional) * @@ -456,18 +506,16 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) { * $ret['message'] = error message if success is false * $ret['data'] = array of attach DB entries without data component */ - -function z_readdir($channel_id,$observer_hash,$pathname, $parent_hash = '') { +function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') { $ret = array('success' => false); - if(! perm_is_allowed($r[0]['uid'],get_observer_hash(),'view_storage')) { + if(! perm_is_allowed($r[0]['uid'], get_observer_hash(), 'view_storage')) { $ret['message'] = t('Permission denied.'); return $ret; } - - if(strpos($pathname,'/')) { - $paths = explode('/',$pathname); + if(strpos($pathname, '/')) { + $paths = explode('/', $pathname); if(count($paths) > 1) { $curpath = array_shift($paths); @@ -481,13 +529,13 @@ function z_readdir($channel_id,$observer_hash,$pathname, $parent_hash = '') { return $ret; } - return z_readdir($channel_id,$observer_hash,implode('/',$paths),$r[0]['hash']); + return z_readdir($channel_id, $observer_hash, implode('/', $paths), $r[0]['hash']); } } else $paths = array($pathname); - $r = q("select id, aid, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and folder = '%s' and filename = '%s' and (flags & %d ) " . permissions_sql($channel_id), + $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and folder = '%s' and filename = '%s' and (flags & %d ) " . permissions_sql($channel_id), intval($channel_id), dbesc($parent_hash), dbesc($paths[0]), @@ -502,20 +550,17 @@ function z_readdir($channel_id,$observer_hash,$pathname, $parent_hash = '') { return $ret; } - /** * @function attach_mkdir($channel,$observer_hash,$arr); * - * Create directory + * @brief Create directory. * * @param $channel channel array of owner * @param $observer_hash hash of current observer * @param $arr parameter array to fulfil request - * * Required: * $arr['filename'] * $arr['folder'] // hash of parent directory, empty string for root directory - * * Optional: * $arr['hash'] // precumputed hash for this node * $arr['allow_cid'] @@ -523,19 +568,20 @@ function z_readdir($channel_id,$observer_hash,$pathname, $parent_hash = '') { * $arr['deny_cid'] * $arr['deny_gid'] */ - -function attach_mkdir($channel,$observer_hash,$arr = null) { +function attach_mkdir($channel, $observer_hash, $arr = null) { $ret = array('success' => false); $channel_id = $channel['channel_id']; $sql_options = ''; $basepath = 'store/' . $channel['channel_address']; - if(! is_dir($basepath)) - @mkdir($basepath,STORAGE_DEFAULT_PERMISSIONS,true); + logger('attach_mkdir: basepath: ' . $basepath); + + if(! is_dir($basepath)) + mkdir($basepath,STORAGE_DEFAULT_PERMISSIONS, true); - if(! perm_is_allowed($channel_id, get_observer_hash(),'write_storage')) { + if(! perm_is_allowed($channel_id, $observer_hash, 'write_storage')) { $ret['message'] = t('Permission denied.'); return $ret; } @@ -545,10 +591,8 @@ function attach_mkdir($channel,$observer_hash,$arr = null) { return $ret; } - $arr['hash'] = (($arr['hash']) ? $arr['hash'] : random_string()); - // Check for duplicate name. // Check both the filename and the hash as we will be making use of both. @@ -571,7 +615,7 @@ function attach_mkdir($channel,$observer_hash,$arr = null) { $lpath = ''; $lfile = $arr['folder']; - $sql_options = permissions_sql($channel); + $sql_options = permissions_sql($channel['channel_id']); do { $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d ) @@ -580,7 +624,9 @@ function attach_mkdir($channel,$observer_hash,$arr = null) { dbesc($lfile), intval(ATTACH_FLAG_DIR) ); + if(! $r) { + logger('attach_mkdir: hash ' . $lfile . ' not found in ' . $lpath); $ret['message'] = t('Path not found.'); return $ret; } @@ -589,7 +635,6 @@ function attach_mkdir($channel,$observer_hash,$arr = null) { $lfile = $r[0]['folder']; } while ( ($r[0]['folder']) && ($r[0]['flags'] & ATTACH_FLAG_DIR)) ; $path = $basepath . '/' . $lpath; - } else $path = $basepath . '/'; @@ -598,28 +643,29 @@ function attach_mkdir($channel,$observer_hash,$arr = null) { $created = datetime_convert(); - $r = q("INSERT INTO attach ( aid, uid, hash, filename, filetype, filesize, revision, folder, flags, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) - VALUES ( %d, %d, '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", + $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) + VALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel_id), dbesc($arr['hash']), + dbesc(get_observer_hash()), dbesc($arr['filename']), dbesc('multipart/mixed'), intval(0), intval(0), dbesc($arr['folder']), - intval(ATTACH_FLAG_DIR), - dbesc(''), + intval(ATTACH_FLAG_DIR|ATTACH_FLAG_OS), + dbesc($path), dbesc($created), dbesc($created), - dbesc(($arr && array_key_exists('allow_cid',$arr)) ? $arr['allow_cid'] : ''), - dbesc(($arr && array_key_exists('allow_gid',$arr)) ? $arr['allow_gid'] : ''), - dbesc(($arr && array_key_exists('deny_cid',$arr)) ? $arr['deny_cid'] : ''), - dbesc(($arr && array_key_exists('deny_gid',$arr)) ? $arr['deny_gid'] : '') + dbesc(($arr && array_key_exists('allow_cid',$arr)) ? $arr['allow_cid'] : $channel['channel_allow_cid']), + dbesc(($arr && array_key_exists('allow_gid',$arr)) ? $arr['allow_gid'] : $channel['channel_allow_gid']), + dbesc(($arr && array_key_exists('deny_cid',$arr)) ? $arr['deny_cid'] : $channel['channel_deny_cid']), + dbesc(($arr && array_key_exists('deny_gid',$arr)) ? $arr['deny_gid'] : $channel['channel_deny_gid']) ); if($r) { - if(mkdir($path,STORAGE_DEFAULT_PERMISSIONS)) { + if(mkdir($path,STORAGE_DEFAULT_PERMISSIONS, true)) { $ret['success'] = true; $ret['data'] = $arr; } @@ -633,4 +679,169 @@ function attach_mkdir($channel,$observer_hash,$arr = null) { return $ret; -}
\ No newline at end of file +} + +/** + * @brief Changes permissions of a file. + * + * @param $channel_id + * @param $resource + * @param $allow_cid + * @param $allow_gid + * @param $deny_cid + * @param $deny_gid + * @param $recurse + */ +function attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $recurse = false) { + + $r = q("select hash, flags from attach where hash = '%s' and uid = %d limit 1", + dbesc($resource), + intval($channel_id) + ); + + if(! $r) + return; + + if($r[0]['flags'] & ATTACH_FLAG_DIR) { + if($recurse) { + $r = q("select hash, flags from attach where folder = '%s' and uid = %d", + dbesc($resource), + intval($channel_id) + ); + if($r) { + foreach($r as $rr) { + attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $recurse); + } + } + } + } + + $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d limit 1", + dbesc($allow_cid), + dbesc($allow_gid), + dbesc($deny_cid), + dbesc($deny_gid), + dbesc($resource), + intval($channel_id) + ); + + return; +} + +/** + * @brief Delete a file. + * + * @param $channel_id + * @param $resource + */ +function attach_delete($channel_id, $resource) { + + + $c = q("select channel_address from channel where channel_id = %d limit 1", + intval($channel_id) + ); + + $channel_address = (($c) ? $c[0]['channel_address'] : 'notfound'); + + $r = q("select hash, flags from attach where hash = '%s' and uid = %d limit 1", + dbesc($resource), + intval($channel_id) + ); + + + if(! $r) + return; + + if($r[0]['flags'] & ATTACH_FLAG_DIR) { + $x = q("select hash, flags from attach where folder = '%s' and uid = %d", + dbesc($resource), + intval($channel_id) + ); + if($x) { + foreach($x as $xx) { + attach_delete($channel_id, $xx['hash']); + } + } + } + if($r[0]['flags'] & ATTACH_FLAG_OS) { + $y = q("select data from attach where hash = '%s' and uid = %d limit 1", + dbesc($resource), + intval($channel_id) + ); + + if($y) { + $f = 'store/' . $channel_address . '/' . $y[0]['data']; + if(is_dir($f)) + @rmdir($f); + elseif(file_exists($f)) + unlink($f); + } + } + + $z = q("delete from attach where hash = '%s' and uid = %d limit 1", + dbesc($resource), + intval($channel_id) + ); + + return; +} + +/** + * @brief Returns path to file in cloud/. + * + * @param $arr + * @return string with the path the file to cloud/ + */ +function get_cloudpath($arr) { + + $basepath = 'cloud/'; + if($arr['uid']) { + $r = q("select channel_address from channel where channel_id = %d limit 1", + intval($arr['uid']) + ); + if($r) + $basepath .= $r[0]['channel_address'] . '/'; + } + + $path = $basepath; + + if($arr['folder']) { + + $lpath = ''; + $lfile = $arr['folder']; + + do { + $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d ) + limit 1", + intval($arr['uid']), + dbesc($lfile), + intval(ATTACH_FLAG_DIR) + ); + + if(! $r) + break; + + if($lfile) + $lpath = $r[0]['filename'] . '/' . $lpath; + $lfile = $r[0]['folder']; + + } while ( ($r[0]['folder']) && ($r[0]['flags'] & ATTACH_FLAG_DIR)) ; + + $path .= $lpath; + } + + $path .= $arr['filename']; + return $path; +} + +/** + * + * @param $in + * @param $out + */ +function pipe_streams($in, $out) { + $size = 0; + while (!feof($in)) + $size += fwrite($out, fread($in,8192)); + return $size; +} |