You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
157 lines
4.9 KiB
157 lines
4.9 KiB
<?php
|
|
|
|
/*===============================================*\
|
|
|| ############################################# ||
|
|
|| # JAKWEB.CH / Version 1.2 # ||
|
|
|| # ----------------------------------------- # ||
|
|
|| # Copyright 2021 JAKWEB All Rights Reserved # ||
|
|
|| ############################################# ||
|
|
\*===============================================*/
|
|
|
|
if (!file_exists('../config.php')) die('[uploader.php] config.php not found');
|
|
require_once '../config.php';
|
|
|
|
if(!JAK_USERISLOGGED) die("Nothing to see here");
|
|
|
|
if (!$jakosub['files']) die("Nothing to see here");
|
|
|
|
// Import the language file
|
|
if ($BT_LANGUAGE && file_exists(APP_PATH.'lang/'.strtolower($BT_LANGUAGE).'.php')) {
|
|
include_once(APP_PATH.'lang/'.strtolower($BT_LANGUAGE).'.php');
|
|
} else {
|
|
include_once(APP_PATH.'lang/'.JAK_LANG.'.php');
|
|
}
|
|
|
|
if (JAK_CLIENTID == $_REQUEST['userIDC'] || JAK_USERID == $_REQUEST['userIDU']) {
|
|
|
|
// The new file upload stuff
|
|
if (!empty($_FILES['uploadpp']['name']) && is_numeric($_REQUEST["ticketId"])) {
|
|
|
|
// Ticket ID
|
|
$ticketid = $_REQUEST['ticketId'];
|
|
|
|
$filename = strtolower($_FILES['uploadpp']['name']); // original filename
|
|
$ls_xtension = pathinfo($filename);
|
|
|
|
// Check if the extension is valid
|
|
$allowedf = explode(',', JAK_ALLOWED_FILES);
|
|
if (in_array(".".$ls_xtension['extension'], $allowedf)) {
|
|
|
|
// if mime type is valid
|
|
$mime_type = jak_mime_content_type($_FILES['uploadpp']['name'], $ls_xtension['extension']);
|
|
if ($mime_type) {
|
|
|
|
// Get the maximum upload or set to 2
|
|
$postmax = (ini_get('post_max_size') ? filter_var(ini_get('post_max_size'), FILTER_SANITIZE_NUMBER_INT) : "2");
|
|
|
|
if ($_FILES['uploadpp']['size'] <= ($postmax * 1000000)) {
|
|
|
|
// first get the target path
|
|
$targetPathd = CLIENT_UPLOAD_DIR.'/'.$opcacheid.'/support/'.$ticketid.'/';
|
|
$targetPath = str_replace("//", "/", $targetPathd);
|
|
|
|
// Create the target path
|
|
if (!is_dir($targetPath)) mkdir($targetPath, 0755, true);
|
|
|
|
$tempFile = $_FILES['uploadpp']['tmp_name'];
|
|
$name_space = explode(".", $_FILES["uploadpp"]["name"]);
|
|
// Keep the file name but sanitized
|
|
$fileName = mb_ereg_replace("([^\w\s\d\-_~,;\[\]\(\).])", '', $name_space[0]);
|
|
$fileName = mb_ereg_replace("([\.]{2,})", '', $fileName);
|
|
$fileName = preg_replace('/\s+/', '_', $fileName);
|
|
$ufile = 'u_'.str_replace('.', '_', microtime(true)).'_'.$fileName. '.' . end($name_space);
|
|
|
|
// The path to upload
|
|
$targetFile = str_replace('//', '/', $targetPath).$ufile;
|
|
// The path to show
|
|
$targetShow = jak_encrypt_decrypt(str_replace('//', '/', '/'.$opcacheid.'/support/'.$ticketid.'/').$ufile.':#:'.$ufile.':#:'.$mime_type);
|
|
|
|
// Check if the file is an image
|
|
if(@is_array(getimagesize($tempFile))){
|
|
$isimage = 1;
|
|
} else {
|
|
$isimage = 0;
|
|
}
|
|
|
|
// Move file
|
|
$upfilesize = 0;
|
|
if (move_uploaded_file($tempFile, $targetFile)) {
|
|
|
|
// Update counter on ticket
|
|
if (file_exists($targetFile)) {
|
|
|
|
$jakdb->update("support_tickets", ["attachments[+]" => 1], ["id" => $ticketid]);
|
|
|
|
// Now we update the answer table so we can have it in the conversation.
|
|
$clientid = 0;
|
|
if (isset($_REQUEST['userIDC']) && is_numeric($_REQUEST['userIDC'])) $clientid = $_REQUEST['userIDC'];
|
|
$jakdb->insert("ticket_answers", ["ticketid" => $ticketid,
|
|
"clientid" => $clientid,
|
|
"content" => $ufile,
|
|
"file" => 1,
|
|
"lastedit" => $jakdb->raw("NOW()"),
|
|
"sent" => $jakdb->raw("NOW()")]);
|
|
|
|
// Get the file size
|
|
$upfilesize = sprintf($jkl['hd140'], human_filesize($targetFile));
|
|
|
|
// success
|
|
$msg = '{"status":"'.$jkl['s'].'", "filepath": "'.$targetShow.'", "filename": "'.$ufile.'", "isimage": '.$isimage.', "filesize": "'.$upfilesize.'"}'; // return json
|
|
|
|
}
|
|
}
|
|
|
|
} else {
|
|
$msg = $jkl['hd88'];
|
|
}
|
|
|
|
} else {
|
|
$msg = $jkl['hd89'];
|
|
}
|
|
|
|
} else {
|
|
$msg = $jkl['hd89'];
|
|
}
|
|
|
|
switch ($_FILES['uploadpp']['error'])
|
|
{
|
|
case 0:
|
|
//$msg = "No Error"; // comment this out if you don't want a message to appear on success.
|
|
break;
|
|
case 1:
|
|
$msg = "The file is bigger than this PHP installation allows";
|
|
break;
|
|
case 2:
|
|
$msg = "The file is bigger than this form allows";
|
|
break;
|
|
case 3:
|
|
$msg = "Only part of the file was uploaded";
|
|
break;
|
|
case 4:
|
|
$msg = "No file was uploaded";
|
|
break;
|
|
case 6:
|
|
$msg = "Missing a temporary folder";
|
|
break;
|
|
case 7:
|
|
$msg = "Failed to write file to disk";
|
|
break;
|
|
case 8:
|
|
$msg = "File upload stopped by extension";
|
|
break;
|
|
default:
|
|
$msg = "unknown error ".$_FILES['uploadpp']['error'];
|
|
break;
|
|
}
|
|
|
|
if (isset($msg) && !empty($msg)) {
|
|
$stringData = $msg;
|
|
}
|
|
} else {
|
|
$stringData = "error";
|
|
}
|
|
} else {
|
|
$stringData = "error";
|
|
}
|
|
echo $stringData;
|
|
?>
|
|
|