SmallworldUploadHandler::__construct()   A
last analyzed

Complexity

Conditions 1
Paths 1

Size

Total Lines 10

Duplication

Lines 10
Ratio 100 %

Importance

Changes 0
Metric Value
cc 1
nc 1
nop 1
dl 10
loc 10
rs 9.9332
c 0
b 0
f 0
1
<?php
2
/**
3
 * You may not change or alter any portion of this comment or credits
4
 * of supporting developers from this source code or any supporting source code
5
 * which is considered copyrighted (c) material of the original comment or credit authors.
6
 *
7
 * This program is distributed in the hope that it will be useful,
8
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10
 */
11
12
/**
13
 * SmallWorld
14
 *
15
 * @copyright    The XOOPS Project (https://xoops.org)
16
 * @copyright    2011 Culex
17
 * @license      GNU GPL (http://www.gnu.org/licenses/gpl-2.0.html/)
18
 * @package      SmallWorld
19
 * @since        1.0
20
 * @author       Michael Albertsen (http://culex.dk) <[email protected]>
21
 */
22
class SmallworldUploadHandler
23
{
24
    private $upload_dir;
25
    private $upload_url;
26
    private $thumbnails_dir;
27
    private $thumbnails_url;
28
    private $thumbnail_max_width;
29
    private $thumbnail_max_height;
30
    private $field_name;
31
32
    /**
33
     * SmallworldUploadHandler constructor.
34
     * @param $options
35
     */
36 View Code Duplication
    public function __construct($options)
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
37
    {
38
        $this->upload_dir           = $options['upload_dir'];
39
        $this->upload_url           = $options['upload_url'];
40
        $this->thumbnails_dir       = $options['thumbnails_dir'];
41
        $this->thumbnails_url       = $options['thumbnails_url'];
42
        $this->thumbnail_max_width  = $options['thumbnail_max_width'];
43
        $this->thumbnail_max_height = $options['thumbnail_max_height'];
44
        $this->field_name           = $options['field_name'];
45
    }
46
47
    /**
48
     * @param $file_name
49
     * @return null|\stdClass
50
     */
51 View Code Duplication
    private function get_file_object($file_name)
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
52
    {
53
        $file_path = $this->upload_dir . $file_name;
54
        if (is_file($file_path) && '.' !== $file_name[0] && 'index.html' !== $file_name && 'Thumbs.db' !== $file_name) {
55
            $file            = new stdClass();
56
            $file->name      = $file_name;
57
            $file->size      = filesize($file_path);
58
            $file->url       = $this->upload_url . rawurlencode($file->name);
59
            $file->thumbnail = is_file($this->thumbnails_dir . $file_name) ? $this->thumbnails_url . rawurlencode($file->name) : null;
60
            return $file;
61
        }
62
        return null;
63
    }
64
65
    /**
66
     * @param $file_name
67
     * @return bool
68
     */
69 View Code Duplication
    private function create_thumbnail($file_name)
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
70
    {
71
        $file_path      = $this->upload_dir . $file_name;
72
        $thumbnail_path = $this->thumbnails_dir . $file_name;
73
        list($img_width, $img_height) = @getimagesize($file_path);
74
        if (!$img_width || !$img_height) {
75
            return false;
76
        }
77
        $scale = min($this->thumbnail_max_width / $img_width, $this->thumbnail_max_height / $img_height);
78
        if ($scale > 1) {
79
            $scale = 1;
80
        }
81
        $thumbnail_width  = $img_width * $scale;
82
        $thumbnail_height = $img_height * $scale;
83
        $thumbnail_img    = @imagecreatetruecolor($thumbnail_width, $thumbnail_height);
84
        switch (strtolower(substr(strrchr($file_name, '.'), 1))) {
85
            case 'jpg':
86
            case 'jpeg':
87
                $src_img         = @imagecreatefromjpeg($file_path);
88
                $write_thumbnail = 'imagejpeg';
89
                break;
90
            case 'gif':
91
                $src_img         = @imagecreatefromgif($file_path);
92
                $write_thumbnail = 'imagegif';
93
                break;
94
            case 'png':
95
                $src_img         = @imagecreatefrompng($file_path);
96
                $write_thumbnail = 'imagepng';
97
                break;
98
            default:
99
                $src_img = $write_thumbnail = null;
100
        }
101
        $success = $src_img && @imagecopyresampled($thumbnail_img, $src_img, 0, 0, 0, 0, $thumbnail_width, $thumbnail_height, $img_width, $img_height)
102
                   && $write_thumbnail($thumbnail_img, $thumbnail_path);
103
        // Free up memory (imagedestroy does not delete files):
104
        @imagedestroy($src_img);
0 ignored issues
show
Security Best Practice introduced by
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

If you suppress an error, we recommend checking for the error condition explicitly:

// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
105
        @imagedestroy($thumbnail_img);
0 ignored issues
show
Security Best Practice introduced by
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

If you suppress an error, we recommend checking for the error condition explicitly:

// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
106
        return $success;
107
    }
108
109
    //function to return file extension from a path or file name
110
111
    /**
112
     * @param $path
113
     * @return mixed
114
     */
115
    public function getFileExtension($path)
116
    {
117
        $parts = pathinfo($path);
118
        return $parts['extension'];
119
    }
120
121
    /**
122
     * @param $uploaded_file
123
     * @param $name
124
     * @param $size
125
     * @param $type
126
     * @param $error
127
     * @return \stdClass
128
     */
129
    private function handle_file_upload($uploaded_file, $name, $size, $type, $error)
130
    {
131
        global $xoopsUser;
132
        $file   = new stdClass();
133
        $db     = new SmallWorldDB;
134
        $userid = $xoopsUser->getVar('uid');
135
136
        // Generate new name for file
137
        //$file->name = basename(stripslashes($name));
138
        $file->name = time() . rand(0, 99999) . '.' . $this->getFileExtension($name);
139
        $file->size = (int)$size;
140
        $file->type = $type;
141
        $img        = XOOPS_URL . '/uploads/albums_smallworld/' . $userid . '/' . $file->name;
142
143
        // Save to database for later use
144
        $db->saveImage("'', '" . $userid . "', '" . $file->name . "', '" . addslashes($img) . "', '" . time() . "', ''");
145
146 View Code Duplication
        if (!$error && $file->name) {
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
147
            if ('.' === $file->name[0]) {
148
                $file->name = substr($file->name, 1);
149
            }
150
            $file_path   = $this->upload_dir . $file->name;
151
            $append_file = is_file($file_path) && $file->size > filesize($file_path);
152
            clearstatcache();
153
            if ($uploaded_file && is_uploaded_file($uploaded_file)) {
154
                // multipart/formdata uploads (POST method uploads)
155
                if ($append_file) {
156
                    file_put_contents($file_path, fopen($uploaded_file, 'r'), FILE_APPEND);
157
                } else {
158
                    move_uploaded_file($uploaded_file, $file_path);
159
                }
160
            } else {
161
                // Non-multipart uploads (PUT method support)
162
                file_put_contents($file_path, fopen('php://input', 'r'), $append_file ? FILE_APPEND : 0);
163
            }
164
            $file_size = filesize($file_path);
165
            if ($file_size === $file->size) {
166
                $file->url       = $this->upload_url . rawurlencode($file->name);
167
                $file->thumbnail = $this->create_thumbnail($file->name) ? $this->thumbnails_url . rawurlencode($file->name) : null;
168
            }
169
            $file->size = $file_size;
170
        } else {
171
            $file->error = $error;
172
        }
173
        return $file;
174
    }
175
176 View Code Duplication
    public function get()
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
177
    {
178
        $file_name = isset($_REQUEST['file']) ? basename(stripslashes($_REQUEST['file'])) : null;
179
        if ($file_name) {
0 ignored issues
show
Bug Best Practice introduced by
The expression $file_name of type string|null is loosely compared to true; this is ambiguous if the string can be empty. You might want to explicitly use !== null instead.

In PHP, under loose comparison (like ==, or !=, or switch conditions), values of different types might be equal.

For string values, the empty string '' is a special case, in particular the following results might be unexpected:

''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
Loading history...
180
            $info = $this->get_file_object($file_name);
181
        } else {
182
            $info = array_values(array_filter(array_map([$this, 'get_file_object'], scandir($this->upload_dir, SCANDIR_SORT_NONE))));
183
        }
184
        header('Cache-Control: no-cache, must-revalidate');
185
        header('Content-type: application/json');
186
        echo json_encode($info);
187
    }
188
189 View Code Duplication
    public function post()
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
190
    {
191
        $upload = isset($_FILES[$this->field_name]) ? $_FILES[$this->field_name] : [
192
            'tmp_name' => null,
193
            'name'     => null,
194
            'size'     => null,
195
            'type'     => null,
196
            'error'    => null
197
        ];
198
        if (is_array($upload['tmp_name']) && count($upload['tmp_name']) > 1) {
199
            $info = [];
200
            foreach ($upload['tmp_name'] as $index => $value) {
201
                $info[] = $this->handle_file_upload($upload['tmp_name'][$index], $upload['name'][$index], $upload['size'][$index], $upload['type'][$index], $upload['error'][$index]);
202
            }
203
        } else {
204
            if (is_array($upload['tmp_name'])) {
205
                $upload = [
206
                    'tmp_name' => $upload['tmp_name'][0],
207
                    'name'     => $upload['name'][0],
208
                    'size'     => $upload['size'][0],
209
                    'type'     => $upload['type'][0],
210
                    'error'    => $upload['error'][0]
211
                ];
212
            }
213
            $info = $this->handle_file_upload(
214
                $upload['tmp_name'],
215
                isset($_SERVER['HTTP_X_FILE_NAME']) ? $_SERVER['HTTP_X_FILE_NAME'] : $upload['name'],
216
                isset($_SERVER['HTTP_X_FILE_SIZE']) ? $_SERVER['HTTP_X_FILE_SIZE'] : $upload['size'],
217
                                              isset($_SERVER['HTTP_X_FILE_TYPE']) ? $_SERVER['HTTP_X_FILE_TYPE'] : $upload['type'],
218
                $upload['error']
219
            );
220
        }
221
        if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && 'XMLHttpRequest' === $_SERVER['HTTP_X_REQUESTED_WITH']) {
222
            header('Content-type: application/json');
223
        } else {
224
            header('Content-type: text/plain');
225
        }
226
        echo json_encode($info);
227
    }
228
229
    public function delete()
230
    {
231
        global $xoopsUser;
232
        $userid    = $xoopsUser->getVar('uid');
233
        $db        = new SmallWorldDB;
234
        $file_name = isset($_REQUEST['file']) ? basename(stripslashes($_REQUEST['file'])) : null;
235
        $file_path = $this->upload_dir . $file_name;
236
        $img       = XOOPS_URL . '/uploads/albums_smallworld/' . $userid . '/' . $file->name;
0 ignored issues
show
Bug introduced by
The variable $file does not exist. Did you forget to declare it?

This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.

Loading history...
Unused Code introduced by
$img is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
237
238
        // Delete file based on user and filename
239
        $db->DeleteImage($userid, $file_name);
240
        $db->DeleteImage($userid, 'Thumbs.db');
241
        $thumbnail_path = $this->thumbnails_dir . $file_name;
242
        $success        = is_file($file_path) && '.' !== $file_name[0] && unlink($file_path);
243
        if ($success && is_file($thumbnail_path)) {
244
            unlink($thumbnail_path);
245
        }
246
        header('Content-type: application/json');
247
        echo json_encode($success);
248
    }
249
}
250