|
1
|
|
|
<?php |
|
|
|
|
|
|
2
|
|
|
|
|
3
|
|
|
use Xmf\Jwt\TokenReader; |
|
4
|
|
|
|
|
5
|
|
|
/** |
|
6
|
|
|
* PHP Server-Side Example for Fine Uploader (traditional endpoint handler). |
|
7
|
|
|
* Maintained by Widen Enterprises. |
|
8
|
|
|
* |
|
9
|
|
|
* This example: |
|
10
|
|
|
* - handles chunked and non-chunked requests |
|
11
|
|
|
* - supports the concurrent chunking feature |
|
12
|
|
|
* - assumes all upload requests are multipart encoded |
|
13
|
|
|
* - supports the delete file feature |
|
14
|
|
|
* |
|
15
|
|
|
* Follow these steps to get up and running with Fine Uploader in a PHP environment: |
|
16
|
|
|
* |
|
17
|
|
|
* 1. Setup your client-side code, as documented on http://docs.fineuploader.com. |
|
18
|
|
|
* |
|
19
|
|
|
* 2. Copy this file and handler.php to your server. |
|
20
|
|
|
* |
|
21
|
|
|
* 3. Ensure your php.ini file contains appropriate values for |
|
22
|
|
|
* max_input_time, upload_max_filesize and post_max_size. |
|
23
|
|
|
* |
|
24
|
|
|
* 4. Ensure your "chunks" and "files" folders exist and are writable. |
|
25
|
|
|
* "chunks" is only needed if you have enabled the chunking feature client-side. |
|
26
|
|
|
* |
|
27
|
|
|
* 5. If you have chunking enabled in Fine Uploader, you MUST set a value for the `chunking.success.endpoint` option. |
|
28
|
|
|
* This will be called by Fine Uploader when all chunks for a file have been successfully uploaded, triggering the |
|
29
|
|
|
* PHP server to combine all parts into one file. This is particularly useful for the concurrent chunking feature, |
|
30
|
|
|
* but is now required in all cases if you are making use of this PHP example. |
|
31
|
|
|
* |
|
32
|
|
|
* |
|
33
|
|
|
* @license MIT License (MIT) |
|
34
|
|
|
* @copyright Copyright (c) 2015-present, Widen Enterprises, Inc. |
|
35
|
|
|
* @link https://github.com/FineUploader/php-traditional-server |
|
36
|
|
|
* |
|
37
|
|
|
* The MIT License (MIT) |
|
38
|
|
|
* |
|
39
|
|
|
* Copyright (c) 2015-present, Widen Enterprises, Inc. |
|
40
|
|
|
* |
|
41
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy |
|
42
|
|
|
* of this software and associated documentation files (the "Software"), to deal |
|
43
|
|
|
* in the Software without restriction, including without limitation the rights |
|
44
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
45
|
|
|
* copies of the Software, and to permit persons to whom the Software is |
|
46
|
|
|
* furnished to do so, subject to the following conditions: |
|
47
|
|
|
* |
|
48
|
|
|
* The above copyright notice and this permission notice shall be included in all |
|
49
|
|
|
* copies or substantial portions of the Software. |
|
50
|
|
|
* |
|
51
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
52
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
53
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
54
|
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
55
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
56
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
57
|
|
|
* SOFTWARE. |
|
58
|
|
|
*/ |
|
59
|
|
|
|
|
60
|
|
|
include __DIR__ . '/mainfile.php'; |
|
61
|
|
|
$xoopsLogger->activated = false; |
|
62
|
|
|
|
|
63
|
|
|
/** |
|
64
|
|
|
* Get our expected claims from the JSON Web Token. |
|
65
|
|
|
* |
|
66
|
|
|
* This is the list of claims which should be included: |
|
67
|
|
|
* |
|
68
|
|
|
* aud audience (asserted as our php script name) |
|
69
|
|
|
* cat category id the user has chosen and is authorized for |
|
70
|
|
|
* uid user id (asserted as the session specified user) |
|
71
|
|
|
* handler handler class |
|
72
|
|
|
* moddir module directory for handler |
|
73
|
|
|
* |
|
74
|
|
|
* We will assert that aud and uid agree with our expectations (for security) |
|
75
|
|
|
*/ |
|
76
|
|
|
$assert = array( |
|
77
|
|
|
'aud' => basename(__FILE__), |
|
78
|
|
|
'uid' => $xoopsUser instanceof \XoopsUser ? $xoopsUser->id() : 0, |
|
79
|
|
|
); |
|
80
|
|
|
$claims = TokenReader::fromHeader('fineuploader', $assert); |
|
81
|
|
|
|
|
82
|
|
|
if ($claims === false) { |
|
83
|
|
|
echo json_encode(array('error' => "Invalid request token")); |
|
84
|
|
|
exit; |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
// Include the base upload handler class |
|
88
|
|
|
XoopsLoad::load('fineuploadhandler', 'system'); |
|
89
|
|
|
|
|
90
|
|
|
$handler = (property_exists($claims, 'handler')) ? $claims->handler : 'fineuploadhandler'; |
|
91
|
|
|
$moddir = (property_exists($claims, 'moddir')) ? $claims->moddir : 'system'; |
|
92
|
|
|
|
|
93
|
|
|
XoopsLoad::load($handler, $moddir); |
|
94
|
|
|
|
|
95
|
|
|
$className = $moddir . $handler; |
|
96
|
|
|
/* $uploader XoopsFineUploadHandler */ |
|
97
|
|
|
$uploader = new $className($claims); |
|
98
|
|
|
|
|
99
|
|
|
// Specify the list of valid extensions, ex. array("jpeg", "xml", "bmp") |
|
100
|
|
|
$uploader->allowedExtensions = array(); // all files types allowed by default |
|
101
|
|
|
|
|
102
|
|
|
// Specify max file size in bytes. |
|
103
|
|
|
$uploader->sizeLimit = null; |
|
104
|
|
|
|
|
105
|
|
|
// Specify the input name set in the javascript. |
|
106
|
|
|
$uploader->inputName = "qqfile"; // matches Fine Uploader's default inputName value by default |
|
107
|
|
|
|
|
108
|
|
|
// If you want to use the chunking/resume feature, specify the folder to temporarily save parts. |
|
109
|
|
|
$uploader->chunksFolder = "chunks"; |
|
110
|
|
|
|
|
111
|
|
|
$method = get_request_method(); |
|
112
|
|
|
|
|
113
|
|
|
if ($method == "POST") { |
|
114
|
|
|
header("Content-Type: text/plain"); |
|
115
|
|
|
|
|
116
|
|
|
// Assumes you have a chunking.success.endpoint set to point here with a query parameter of "done". |
|
117
|
|
|
// For example: /myserver/handlers/endpoint.php?done |
|
118
|
|
|
if (isset($_GET["done"])) { |
|
119
|
|
|
$result = $uploader->combineChunks(XOOPS_ROOT_PATH . "/uploads/images"); |
|
120
|
|
|
} else { // Handle upload requests |
|
121
|
|
|
// Call handleUpload() with the name of the folder, relative to PHP's getcwd() |
|
122
|
|
|
$result = $uploader->handleUpload(XOOPS_ROOT_PATH . "/uploads/images"); |
|
123
|
|
|
|
|
124
|
|
|
// To return a name used for uploaded file you can use the following line. |
|
125
|
|
|
$result["uploadName"] = $uploader->getUploadName(); |
|
126
|
|
|
} |
|
127
|
|
|
|
|
128
|
|
|
echo json_encode($result); |
|
129
|
|
|
} elseif ($method == "DELETE") { // for delete file requests |
|
130
|
|
|
$result = $uploader->handleDelete("files"); |
|
131
|
|
|
echo json_encode($result); |
|
132
|
|
|
} else { |
|
133
|
|
|
header("HTTP/1.0 405 Method Not Allowed"); |
|
134
|
|
|
} |
|
135
|
|
|
|
|
136
|
|
|
/** |
|
137
|
|
|
* This will retrieve the "intended" request method. Normally, this is the |
|
138
|
|
|
* actual method of the request. Sometimes, though, the intended request method |
|
139
|
|
|
* must be hidden in the parameters of the request. For example, when attempting to |
|
140
|
|
|
* delete a file using a POST request. In that case, "DELETE" will be sent along with |
|
141
|
|
|
* the request in a "_method" parameter. |
|
142
|
|
|
* |
|
143
|
|
|
* @return string |
|
144
|
|
|
*/ |
|
145
|
|
|
function get_request_method() |
|
146
|
|
|
{ |
|
147
|
|
|
//skipping this as we are not using deletes and this is not PHP 7 compatible |
|
148
|
|
|
/* |
|
149
|
|
|
global $HTTP_RAW_POST_DATA; |
|
150
|
|
|
|
|
151
|
|
|
if(isset($HTTP_RAW_POST_DATA)) { |
|
152
|
|
|
parse_str($HTTP_RAW_POST_DATA, $_POST); |
|
153
|
|
|
} |
|
154
|
|
|
*/ |
|
155
|
|
|
|
|
156
|
|
|
if (isset($_POST["_method"]) && $_POST["_method"] != null) { |
|
157
|
|
|
return $_POST["_method"]; |
|
158
|
|
|
} |
|
159
|
|
|
return $_SERVER["REQUEST_METHOD"]; |
|
160
|
|
|
} |
|
161
|
|
|
|
XOOPS /
XoopsCore25
The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file.
The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place.
To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1.