wnross
/
clouddesk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Jakweb.ch stuff
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
24 MiB
 
 
 
 
Tag: Branch: Tree: main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
clouddesk/rest/fileupload.php

102 lines
4.1 KiB
Raw Permalink Blame History

<?php
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Sat, 6 May 1998 03:10:00 GMT");
/*===============================================*\
|| ############################################# ||
|| # JAKWEB.CH / Version 1.1.2 # ||
|| # ----------------------------------------- # ||
|| # Copyright 2020 JAKWEB All Rights Reserved # ||
|| ############################################# ||
\*===============================================*/
if (!file_exists('config.php')) die('rest_api config.php not exist');
require_once 'config.php';
$userid = $loginhash = $chatid = "";
if (isset($_REQUEST['userid']) && !empty($_REQUEST['userid']) && is_numeric($_REQUEST['userid'])) $userid = $_REQUEST['userid'];
if (isset($_REQUEST['loginhash']) && !empty($_REQUEST['loginhash'])) $loginhash = $_REQUEST['loginhash'];
if (isset($_REQUEST['chatid']) && !empty($_REQUEST['chatid'])) $chatid = $_REQUEST['chatid'];
if (!empty($userid) && !empty($loginhash) && !empty($chatid) && is_numeric($chatid)) {
// Let's check if we are logged in
$usr = $jakuserlogin->jakCheckrestlogged($userid, $loginhash);
if ($usr) {
if (empty($_FILES['fileupload']['name'])) die(json_encode(array('status' => false, 'errorcode' => 2)));
// Select the user fields
$jakuser = new JAK_user($usr);
// Cache stuff
if (file_exists(APP_PATH.JAK_CACHE_DIRECTORY.'/opcache'.$jakuser->getVar("id").'.php')) include_once APP_PATH.JAK_CACHE_DIRECTORY.'/opcache'.$jakuser->getVar("id").'.php';
// timezone from server
date_default_timezone_set(JAK_TIMEZONESERVER);
$jakdb->query('SET time_zone = "'.date("P").'"');
// User has no permission to upload files, abort
if (!$jakuser->getVar("files")) die(json_encode(array('status' => false, 'errorcode' => 8)));
if (!empty($_FILES['fileupload']['name'])) {
$filename = $_FILES['fileupload']['name']; // original filename
$jak_xtension = pathinfo($_FILES['fileupload']['name']);
// Check if the extension is valid
$allowedf = explode(',', JAK_ALLOWEDO_FILES);
if (in_array(".".$jak_xtension['extension'], $allowedf)) {
// Get the maximum upload or set to 2
$postmax = (ini_get('post_max_size') ? filter_var(ini_get('post_max_size'), FILTER_SANITIZE_NUMBER_INT) : "2");
if ($_FILES['fileupload']['size'] <= ($postmax * 1000000)) {
// first get the target path
$targetPathd = '../'.JAK_FILES_DIRECTORY.'/operator/';
$targetPath = str_replace("//", "/", $targetPathd);
$tempFile = $_FILES['fileupload']['tmp_name'];
$name_space = explode(".", $_FILES["fileupload"]["name"]);
// Keep the file name but sanitized
$fileName = mb_ereg_replace("([^\w\s\d\-_~,;\[\]\(\).])", '', $name_space[0]);
$fileName = mb_ereg_replace("([\.]{2,})", '', $fileName);
$ufile = 'app_'.str_replace('.', '_', microtime(true)).'_'.$fileName. '.' . end($name_space);
$targetFile = str_replace('//','/',$targetPath).$ufile;
$origPath = '/operator/';
$message = $origPath.$ufile;
// Move file
move_uploaded_file($tempFile, $targetFile);
$jakdb->insert("transcript", [
"name" => $jakuser->getVar("name"),
"message" => $message,
"user" => $userid.'::'.$jakuser->getVar("username"),
"operatorid" => $userid,
"convid" => $chatid,
"class" => "download",
"time" => $jakdb->raw("NOW()")]);
$jakdb->update("checkstatus", ["newc" => 1, "typeo" => 0], ["convid" => $chatid]);
die(json_encode(array('status' => true)));
} else {
die(json_encode(array('status' => false, 'errorcode' => 3)));
}
} else {
die(json_encode(array('status' => false, 'errorcode' => 2)));
}
}
} else {
die(json_encode(array('status' => false, 'errorcode' => 1)));
}
}
die(json_encode(array('status' => false, 'errorcode' => 7)));
?>