From 8ad6e8f9223bd3ee214478b3e1247f9c7d8e91ec Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 27 Mar 2016 22:32:25 -0400 Subject: Add form field type 'file' Add the Form::field_file() function to allow form handlers to specify they expect to receive file from the end-user. This adds data about the file field to the form, but does not yet handle it in the populate function --- app/class/form.class.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'app') diff --git a/app/class/form.class.php b/app/class/form.class.php index 9f103ba..e748afc 100644 --- a/app/class/form.class.php +++ b/app/class/form.class.php @@ -13,6 +13,7 @@ class Form $this->textFields = array(); $this->numbFields = array(); $this->enumFields = array(); + $this->fileFields = array(); $this->errorlist = array(); } @@ -85,6 +86,22 @@ class Form $this->field_enum($name, array("1", "0"), "0"); } + /* + * Add new file field to the form + */ + function field_file($name, $maxsize, $allowed_mime = null, $req = false) + { + if ($req !== true) + $req = false; + + $this->fileFields[] = array( + 'name' => $name, + 'maxsize' => $maxsize, + 'mime' => $allowed_mime, + 'req' => $req + ); + } + /* * Populate the form with input data from web page */ -- cgit v1.2.3 From 1f8b53e426b8c0a1546e9d5c21573be9003cb556 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 27 Mar 2016 23:59:08 -0400 Subject: Update function Form::populate() to initialize fields added with Form::field_file() Set $form->[name] for each file field type setup on the form. --- app/class/form.class.php | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) (limited to 'app') diff --git a/app/class/form.class.php b/app/class/form.class.php index e748afc..529c480 100644 --- a/app/class/form.class.php +++ b/app/class/form.class.php @@ -105,7 +105,7 @@ class Form /* * Populate the form with input data from web page */ - function populate($input) + function populate($input, $files = null) { /* detect duplicate names */ $names = array(); @@ -115,6 +115,8 @@ class Form $names[] = $fld['name']; foreach ($this->enumFields as $fld) $names[] = $fld['name']; + foreach ($this->fileFields as $fld) + $names[] = $fld['name']; if (count(array_unique($names)) != count($names)) { @@ -195,6 +197,38 @@ class Form $this->logError($fld['name'] . " is required"); } + /* init file fields */ + foreach ($this->fileFields as $fld) + { + if (!is_null($files) && isset($files[$fld['name']])) + { + $file = $files[$fld['name']]; + + if ($file['error'] > 0) + { + $this->logError("An unknown error occurred"); + continue; + } + + if ($file['size'] > $fld['maxsize']) + { + $this->logError("File must be no larger than " . $fld['maxsize'] . " bytes"); + continue; + } + + if (is_array($fld['mime']) && array_search($file['type'], $fld['mime']) === false) + { + $this->logError("File type is not supported"); + continue; + } + + $this->$fld['name'] = $file; + } + + else if ($fld['req']) + $this->logError($fld['name'] . " is required"); + } + /* return */ return count($this->errorlist) == 0; } -- cgit v1.2.3 From 3d493fc75dc6e3593001c2d9dfef26f4c1d79c2c Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 29 Mar 2016 19:59:36 -0400 Subject: Add function Form::saveUploadedFile() Added function to form class to move tmp uploaded files to permanent storage --- app/class/form.class.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'app') diff --git a/app/class/form.class.php b/app/class/form.class.php index 529c480..3f28a36 100644 --- a/app/class/form.class.php +++ b/app/class/form.class.php @@ -232,6 +232,14 @@ class Form /* return */ return count($this->errorlist) == 0; } + + /* + * Save file uploaded through web form + */ + function saveUploadedFile($file, $filename) + { + return move_uploaded_file($file['tmp_name'], $filename); + } } ?> -- cgit v1.2.3 From ffe9b42c0094be391522ae40af6b34428afd0b8d Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 29 Mar 2016 23:04:41 -0400 Subject: Create directory for user heads (user images) Fix git control files to hold open assets/img/heads directory --- app/assets/img/.gitkeep | 0 app/assets/img/heads/.gitkeep | 0 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 app/assets/img/.gitkeep create mode 100644 app/assets/img/heads/.gitkeep (limited to 'app') diff --git a/app/assets/img/.gitkeep b/app/assets/img/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/app/assets/img/heads/.gitkeep b/app/assets/img/heads/.gitkeep new file mode 100644 index 0000000..e69de29 -- cgit v1.2.3 From 0cb67e77888e715173649ee275ae2b8c43bdf4dd Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 29 Mar 2016 23:08:50 -0400 Subject: Add start of file.php script This script is a proxy for downloading file from the public web file tree which Scrott want to enforce access-control over. --- app/file.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 app/file.php (limited to 'app') diff --git a/app/file.php b/app/file.php new file mode 100644 index 0000000..445bd6b --- /dev/null +++ b/app/file.php @@ -0,0 +1,20 @@ +handle($_REQUEST['d'], $_REQUEST['f']); + +?> -- cgit v1.2.3 From b701b45ae6e293c4d1bb89f068bf20b00a9ac53b Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 31 Mar 2016 21:15:17 -0400 Subject: Add handle() function to file.php Grab the request and decide how to process it based on the directory the resource resides in --- app/file.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'app') diff --git a/app/file.php b/app/file.php index 445bd6b..17044f3 100644 --- a/app/file.php +++ b/app/file.php @@ -12,6 +12,19 @@ require_once "class/framework.class.php"; */ class Resource extends Framework { + /* + * Get request and figure out what type it is + */ + function handle($dir, $file) + { + if (basename($file) != $file || $file == "") + return; + + switch ($dir) + { + case "img/heads": $this->heads($file); break; + } + } } $res = new Resource(); -- cgit v1.2.3 From 8ffc128d193929d9197af705974862b92a85a0fb Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 31 Mar 2016 21:26:52 -0400 Subject: Add heads() function to file.php This function asserts that the requester is logged in and that the file exists before either fpassthru()-ing the contents or returning early. --- app/file.php | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'app') diff --git a/app/file.php b/app/file.php index 17044f3..3c34a89 100644 --- a/app/file.php +++ b/app/file.php @@ -25,6 +25,30 @@ class Resource extends Framework case "img/heads": $this->heads($file); break; } } + + /* + * Request a user head (user image) + * Requester must be currently logged in + */ + function heads($file) + { + if (!$this->getCurrentUser()) + return; + + if (!file_exists("assets/img/heads/" . $file)) + $file = "null.jpg"; + + $file = "assets/img/heads/" . $file; + $f = fopen($file, "rb"); + + if (!$f) + return; + + header("Content-type: " . mime_content_type($file)); + header("Content-length: " . filesize($file)); + fpassthru($f); + fclose($f); + } } $res = new Resource(); -- cgit v1.2.3