1 | <?php |
||
2 | |||
3 | use Xmf\Jwt\TokenReader; |
||
4 | |||
5 | /** |
||
6 | * PHP Server-Side Example for Fine Uploader (traditional endpoint handler). |
||
7 | * Maintained by Widen Enterprises. |
||
8 | * |
||
9 | * This example: |
||
10 | * - handles chunked and non-chunked requests |
||
11 | * - supports the concurrent chunking feature |
||
12 | * - assumes all upload requests are multipart encoded |
||
13 | * - supports the delete file feature |
||
14 | * |
||
15 | * Follow these steps to get up and running with Fine Uploader in a PHP environment: |
||
16 | * |
||
17 | * 1. Set up your client-side code, as documented on http://docs.fineuploader.com. |
||
18 | * |
||
19 | * 2. Copy this file and handler.php to your server. |
||
20 | * |
||
21 | * 3. Ensure your php.ini file contains appropriate values for |
||
22 | * max_input_time, upload_max_filesize and post_max_size. |
||
23 | * |
||
24 | * 4. Ensure your "chunks" and "files" folders exist and are writable. |
||
25 | * "chunks" is only needed if you have enabled the chunking feature client-side. |
||
26 | * |
||
27 | * 5. If you have chunking enabled in Fine Uploader, you MUST set a value for the `chunking.success.endpoint` option. |
||
28 | * This will be called by Fine Uploader when all chunks for a file have been successfully uploaded, triggering the |
||
29 | * PHP server to combine all parts into one file. This is particularly useful for the concurrent chunking feature, |
||
30 | * but is now required in all cases if you are making use of this PHP example. |
||
31 | * |
||
32 | * |
||
33 | * @license MIT License (MIT) |
||
34 | * @copyright Copyright (c) 2015-present, Widen Enterprises, Inc. |
||
35 | * @link https://github.com/FineUploader/php-traditional-server |
||
36 | * |
||
37 | * The MIT License (MIT) |
||
38 | * |
||
39 | * Copyright (c) 2015-present, Widen Enterprises, Inc. |
||
40 | * |
||
41 | * Permission is hereby granted, free of charge, to any person obtaining a copy |
||
42 | * of this software and associated documentation files (the "Software"), to deal |
||
43 | * in the Software without restriction, including without limitation the rights |
||
44 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
||
45 | * copies of the Software, and to permit persons to whom the Software is |
||
46 | * furnished to do so, subject to the following conditions: |
||
47 | * |
||
48 | * The above copyright notice and this permission notice shall be included in all |
||
49 | * copies or substantial portions of the Software. |
||
50 | * |
||
51 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
||
52 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
||
53 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
||
54 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
||
55 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
||
56 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
||
57 | * SOFTWARE. |
||
58 | */ |
||
59 | |||
60 | if (isset($_POST['Authorization'])) { |
||
61 | define('PROTECTOR_SKIP_DOS_CHECK', 1); |
||
62 | } |
||
63 | include __DIR__ . '/mainfile.php'; |
||
64 | $xoopsLogger->activated = false; |
||
65 | |||
66 | /** |
||
67 | * Get our expected claims from the JSON Web Token. |
||
68 | * |
||
69 | * This is the list of claims which should be included: |
||
70 | * |
||
71 | * aud audience (asserted as our php script name) |
||
72 | * cat category id the user has chosen and is authorized for |
||
73 | * uid user id (asserted as the session specified user) |
||
74 | * handler handler class |
||
75 | * moddir module directory for handler |
||
76 | * |
||
77 | * We will assert that aud and uid agree with our expectations (for security) |
||
78 | */ |
||
79 | $assert = array( |
||
80 | 'aud' => basename(__FILE__), |
||
81 | 'uid' => $xoopsUser instanceof \XoopsUser ? $xoopsUser->id() : 0, |
||
82 | ); |
||
83 | $claims = TokenReader::fromRequest('fineuploader', 'Authorization', $assert); |
||
84 | |||
85 | if ($claims === false) { |
||
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
86 | echo json_encode(array('error' => "Invalid request token")); |
||
87 | exit; |
||
88 | } |
||
89 | |||
90 | // Include the base upload handler class |
||
91 | XoopsLoad::load('fineuploadhandler', 'system'); |
||
92 | |||
93 | $handler = (property_exists($claims, 'handler')) ? $claims->handler : ''; |
||
94 | $moddir = (property_exists($claims, 'moddir')) ? $claims->moddir : ''; |
||
95 | |||
96 | if ($handler === '' || $moddir === '') { |
||
97 | header("HTTP/1.0 400 Bad Request"); |
||
98 | exit; |
||
99 | } |
||
100 | |||
101 | /** |
||
102 | * The handler claim can be specified as either: |
||
103 | * - a fully qualified and autoloading namespaced name, |
||
104 | * - a legacy handler name |
||
105 | */ |
||
106 | $className = $handler; |
||
107 | if (false === strpos($handler, '\\')) { |
||
108 | XoopsLoad::load($handler, $moddir); |
||
109 | $className = $moddir . $handler; |
||
110 | } |
||
111 | /** @var SystemFineUploadHandler $uploader */ |
||
112 | $uploader = new $className($claims); |
||
113 | |||
114 | $method = get_request_method(); |
||
115 | |||
116 | if ($method === "POST") { |
||
117 | header("Content-Type: text/plain"); |
||
118 | |||
119 | // Assumes you have a chunking.success.endpoint set to point here with a query parameter of "done". |
||
120 | // For example: /myserver/handlers/endpoint.php?done |
||
121 | if (isset($_GET["done"])) { |
||
122 | $result = $uploader->combineChunks(XOOPS_ROOT_PATH . "/uploads"); |
||
123 | } else { // Handle upload requests |
||
124 | // Call handleUpload() with the name of the folder, relative to PHP's getcwd() |
||
125 | $result = $uploader->handleUpload(XOOPS_ROOT_PATH . "/uploads"); |
||
126 | |||
127 | // To return a name used for uploaded file you can use the following line. |
||
128 | $result["uploadName"] = $uploader->getUploadName(); |
||
129 | } |
||
130 | |||
131 | //==================== |
||
132 | $xoopsLogger->activated = false; |
||
133 | //================== |
||
134 | |||
135 | echo json_encode($result); |
||
136 | } elseif ($method == "DELETE") { // for delete file requests |
||
137 | $result = $uploader->handleDelete("files"); |
||
138 | echo json_encode($result); |
||
139 | } else { |
||
140 | header("HTTP/1.0 405 Method Not Allowed"); |
||
141 | } |
||
142 | |||
143 | /** |
||
144 | * This will retrieve the "intended" request method. Normally, this is the |
||
145 | * actual method of the request. Sometimes, though, the intended request method |
||
146 | * must be hidden in the parameters of the request. For example, when attempting to |
||
147 | * delete a file using a POST request. In that case, "DELETE" will be sent along with |
||
148 | * the request in a "_method" parameter. |
||
149 | * |
||
150 | * @return string |
||
151 | */ |
||
152 | function get_request_method() |
||
153 | { |
||
154 | if (isset($_POST["_method"]) && $_POST["_method"] != null) { |
||
155 | return $_POST["_method"]; |
||
156 | } |
||
157 | return $_SERVER["REQUEST_METHOD"]; |
||
158 | } |
||
159 |