github
/
chevereto-free
mirror of https://github.com/rodber/chevereto-free
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

tss

pull/58/head
Rodolfo Berrios 2019-09-30 15:26:56 -03:00
parent cb83b2b98c
commit ec8469333e
2 changed files with 911 additions and 862 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
app/lib/classes/class.upload.php
View File

@ -16,9 +16,12 @@
--------------------------------------------------------------------- */
namespace CHV;
use G, Exception;
class Upload {
use G;
use Exception;
class Upload
{
// filename => name.ext
// file => /full/path/to/name.ext
// name => name
@ -27,47 +30,55 @@ class Upload {
public $uploaded;
// Sets the type of resource being uploaded
public function setType($type) {
public function setType($type)
{
$this->type = $type;
}
// Set source
public function setSource($source) {
public function setSource($source)
{
$this->source = $source;
$this->type = G\is_url($this->source) ? 'url' : 'file';
}
// Set destination
public function setDestination($destination) {
public function setDestination($destination)
{
$this->destination = G\forward_slash($destination);
}
// Set storage
public function setStorageId($storage_id) {
$this->storage_id = is_numeric($storage_id) ? $storage_id : NULL;
public function setStorageId($storage_id)
{
$this->storage_id = is_numeric($storage_id) ? $storage_id : null;
}
// Set file basename
public function setFilename($name) {
public function setFilename($name)
{
$this->name = $name;
}
// Set options
public function setOptions($options) {
public function setOptions($options)
{
$this->options = $options;
}
// Set individual option
public function setOption($key, $value) {
public function setOption($key, $value)
{
$this->options[$key] = $value;
}
// Default options
public static function getDefaultOptions() {
public static function getDefaultOptions()
{
return array(
'max_size' => G\get_bytes('2 MB'), // it should be 'max_filesize'
'filenaming' => 'original',
'exif' => TRUE,
'exif' => true,
'allowed_formats' => self::getAvailableImageFormats(), // array
);
}
@ -76,7 +87,8 @@ class Upload {
* Do the thing
* @Exeption 4xx
*/
public function exec() {
public function exec()
{
// Merge options
$this->options = array_merge(self::getDefaultOptions(), (array) $this->options);
@ -92,7 +104,7 @@ class Upload {
}
// Save the source name
$this->source_name = G\get_filename_without_extension($this->type == "url" ? $this->source : $this->source["name"]);
$this->source_name = G\get_filename_without_extension($this->type == "url" ? $this->getNameFromURL($this->source) : $this->source["name"]);
// Set file extension
$this->extension = $this->source_image_fileinfo["extension"];
@ -115,7 +127,7 @@ class Upload {
// Workaround for JPEG Exif data
if ($this->extension == 'jpg' and array_key_exists('exif', $this->options)) {
$this->source_image_exif = NULL;
$this->source_image_exif = null;
if ($this->options['exif']) {
// Fetch JPEG Exif data (when available)
if (function_exists('exif_read_data')) {
@ -175,17 +187,28 @@ class Upload {
'name' => G\get_filename_without_extension($this->uploaded_file),
'fileinfo' => G\get_image_fileinfo($this->uploaded_file)
);
}
// Get available (supported) extensions
public static function getAvailableImageFormats() {
public static function getAvailableImageFormats()
{
$formats = Settings::get('upload_available_image_formats');
return explode(',', $formats);
}
//remove query string from url to get correct image name
protected function getNameFromURL()
{
if (strpos($this->source, '?')) {
return substr($this->source, 0, strpos($this->source, '?'));
} else {
return $this->source;
}
}
// Failover since v3.8.12
public static function getEnabledImageFormats() {
public static function getEnabledImageFormats()
{
return Image::getEnabledImageFormats();
}
@ -194,8 +217,8 @@ class Upload {
* This checks for valid input source data
* @Exception 1XX
*/
protected function validateInput() {
protected function validateInput()
{
$check_missing = ["type", "source", "destination"];
missing_values_to_exception($this, "CHV\UploadException", $check_missing, 100);
@ -235,7 +258,6 @@ class Upload {
if (!$make_destination) {
throw new UploadException('$destination '.$this->destination.' is not a dir', 130);
}
}
// Can read $destination dir?
@ -250,14 +272,14 @@ class Upload {
// Fix $destination trailing
$this->destination = G\add_ending_slash($this->destination);
}
/**
* Fetch the $source file
* @Exception 2XX
*/
protected function fetchSource() {
protected function fetchSource()
{
// Set the downstream file
$this->downstream = @tempnam(sys_get_temp_dir(), 'chvtemp');
@ -270,9 +292,7 @@ class Upload {
}
if ($this->type == 'file') {
if ($this->source['error'] !== UPLOAD_ERR_OK) {
switch ($this->source['error']) {
case UPLOAD_ERR_INI_SIZE: // 1
throw new UploadException('File too big', 201);
@ -296,13 +316,11 @@ class Upload {
throw new UploadException('The upload was stopped', 201);
break;
}
}
if (!@rename($this->source['tmp_name'], $this->downstream)) {
throw new UploadException("Can't move temp file to the target upload dir", 203);
}
} elseif ($this->type == "url") {
try {
G\fetch_url($this->source, $this->downstream);
@ -312,11 +330,13 @@ class Upload {
}
$this->source_filename = basename($this->type == "file" ? $this->source["name"] : $this->source);
}
protected function fixImageOrientation($image_filename, $exif) {
if($exif['Orientation'] == 1) return;
protected function fixImageOrientation($image_filename, $exif)
{
if ($exif['Orientation'] == 1) {
return;
}
switch ($this->extension) {
case 'jpg':
$image = imagecreatefromjpeg($image_filename);
@ -341,7 +361,8 @@ class Upload {
* This checks for valid input source data
* @Exception 3XX
*/
protected function validateSourceFile() {
protected function validateSourceFile()
{
// Nothing to do here
if (!file_exists($this->downstream)) {
@ -389,16 +410,15 @@ class Upload {
$this->downstream = $this->ImageConvert->out;
$this->source_image_fileinfo = G\get_image_fileinfo($this->downstream);
}
}
// Handle flood uploads
protected static function handleFlood() {
protected static function handleFlood()
{
$logged_user = Login::getUser();
if (!getSetting('flood_uploads_protection') || $logged_user['is_admin']) {
return FALSE;
return false;
}
$flood_limit = [];
@ -415,15 +435,17 @@ class Upload {
COUNT(IF(image_date_gmt >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL 1 DAY), 1, NULL)) AS day,
COUNT(IF(image_date_gmt >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL 1 WEEK), 1, NULL)) AS week,
COUNT(IF(image_date_gmt >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL 1 MONTH), 1, NULL)) AS month
FROM ".DB::getTable('images')." WHERE image_uploader_ip='".G\get_client_ip()."' AND image_date_gmt >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL 1 MONTH)");
} catch(Exception $e) {} // Silence
FROM ".DB::getTable('images')." WHERE image_uploader_ip='".G\get_client_ip()."' AND image_date_gmt >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL 1 MONTH)"
);
} catch (Exception $e) {
} // Silence
$is_flood = FALSE;
$is_flood = false;
$flood_by = '';
foreach (['minute', 'hour', 'day', 'week', 'month'] as $v) {
if ($flood_limit[$v] > 0 and $flood_db[$v] >= $flood_limit[$v]) {
$flood_by = $v;
$is_flood = TRUE;
$is_flood = true;
break;
}
}
@ -443,22 +465,27 @@ class Upload {
$message .= 'Month: '.$flood_db['week']."<br>";
system_notification_email(['subject' => 'Flood report IP '. G\get_client_ip(), 'message' => $message]);
$_SESSION['flood_uploads_notify'][$flood_by] = true;
} catch(Exception $e) {} // Silence
} catch (Exception $e) {
} // Silence
}
return ['flood' => TRUE, 'limit' => $flood_limit[$flood_by], 'count' => $flood_db[$flood_by], 'by' => $flood_by];
return ['flood' => true, 'limit' => $flood_limit[$flood_by], 'count' => $flood_db[$flood_by], 'by' => $flood_by];
}
return FALSE;
return false;
}
protected function isValidImageMime($mime) {
protected function isValidImageMime($mime)
{
return preg_match("@image/(gif|pjpeg|jpeg|png|x-png|bmp|x-ms-bmp|x-windows-bmp)$@", $mime);
}
protected function isValidNamingOption($string) {
protected function isValidNamingOption($string)
{
return in_array($string, array("mixed", "random", "original"));
}
}
class UploadException extends Exception {}
class UploadException extends Exception
{
}

132
lib/G/classes/class.db.php
View File

@ -20,10 +20,13 @@
*/
namespace G;
use PDO, PDOException, Exception;
class DB {
use PDO;
use PDOException;
use Exception;
class DB
{
private static $instance;
private $host = G_APP_DB_HOST;
@ -34,19 +37,19 @@ class DB {
private $driver = G_APP_DB_DRIVER;
private $pdo_attrs = G_APP_DB_PDO_ATTRS;
static $dbh;
public static $dbh;
public $query;
/**
* Connect to the DB server
* Throws an Exception on error (tay weando? en serio?)
*/
public function __construct($conn=[]) {
public function __construct($conn=[])
{
try {
// PDO already connected
if (empty($conn) and isset(self::$dbh) and get_class(self::$dbh) == 'PDO') {
return TRUE;
return true;
}
if (!empty($conn)) {
@ -92,19 +95,18 @@ class DB {
}
self::$instance = $this;
} catch (Exception $e) {
self::$dbh = NULL;
self::$dbh = null;
throw new DBException($e->getMessage(), 400);
}
}
/**
* Singleton instance handler
* Used for the static methods of this class
*/
public static function getInstance() {
public static function getInstance()
{
if (is_null(self::$instance)) {
self::$instance = new self;
}
@ -115,7 +117,8 @@ class DB {
* Populates the class DB own PDO attributes array with an entire array
* Attribute list here: http://php.net/manual/en/pdo.setattribute.php
*/
public function setPDOAttrs($attributes) {
public function setPDOAttrs($attributes)
{
$this->pdo_attrs = $attributes;
}
@ -123,11 +126,13 @@ class DB {
* Populates the class DB own PDO attributes array with a single key
* Attributes list here: http://php.net/manual/en/pdo.setattribute.php
*/
public function setPDOAttr($key, $value) {
public function setPDOAttr($key, $value)
{
$this->pdo_attrs[$key] = $value;
}
public function getAttr($attr) {
public function getAttr($attr)
{
return self::$dbh->getAttribute($attr);
}
@ -135,11 +140,13 @@ class DB {
* Prepares an SQL statement to be executed by the PDOStatement::execute() method
* http://php.net/manual/en/pdo.prepare.php
*/
public function query($query) {
public function query($query)
{
$this->query = self::$dbh->prepare($query);
}
public function errorInfo() {
public function errorInfo()
{
return self::$dbh->errorInfo();
}
@ -147,7 +154,8 @@ class DB {
* Binds a value to a corresponding named or question mark placeholder in the SQL statement that was used to prepare the statement
* http://php.net/manual/en/pdostatement.bindvalue.php
*/
public function bind($param, $value, $type = null) {
public function bind($param, $value, $type = null)
{
if (is_null($type)) {
switch (true) {
case is_int($value):
@ -167,19 +175,23 @@ class DB {
$this->query->bindValue($param, $value, $type);
}
public function exec() {
public function exec()
{
return $this->query->execute();
}
public function fetchColumn() {
public function fetchColumn()
{
return $this->query->fetchColumn();
}
public function closeCursor() {
public function closeCursor()
{
return $this->query->closeCursor();
}
public function fetchAll($mode=PDO::FETCH_ASSOC) {
public function fetchAll($mode=PDO::FETCH_ASSOC)
{
$this->exec();
return $this->query->fetchAll(is_int($mode) ? $mode : PDO::FETCH_ASSOC);
}
@ -188,7 +200,8 @@ class DB {
* Execute and returns the single result from the prepared statement
* http://php.net/manual/en/pdostatement.fetch.php
*/
public function fetchSingle($mode=PDO::FETCH_ASSOC) {
public function fetchSingle($mode=PDO::FETCH_ASSOC)
{
$this->exec();
return $this->query->fetch(is_int($mode) ? $mode : PDO::FETCH_ASSOC);
}
@ -196,11 +209,12 @@ class DB {
/**
* Query and exec, return number of affected rows or FALSE
*/
public static function queryExec($query) {
public static function queryExec($query)
{
try {
$db = self::getInstance();
$db->query($query);
return $db->exec() ? $db->rowCount() : FALSE;
return $db->exec() ? $db->rowCount() : false;
} catch (Exception $e) {
throw new DBException($e->getMessage(), 400);
}
@ -209,7 +223,8 @@ class DB {
/**
* Query and fetch single record
*/
public static function queryFetchSingle($query, $fetch_style=NULL) {
public static function queryFetchSingle($query, $fetch_style=null)
{
try {
return self::queryFetch($query, 1, $fetch_style);
} catch (Exception $e) {
@ -220,9 +235,10 @@ class DB {
/**
* Query and fetch all records
*/
public static function queryFetchAll($query, $fetch_style=NULL) {
public static function queryFetchAll($query, $fetch_style=null)
{
try {
return self::queryFetch($query, NULL, $fetch_style);
return self::queryFetch($query, null, $fetch_style);
} catch (Exception $e) {
throw new DBException($e->getMessage(), 400);
}
@ -231,7 +247,8 @@ class DB {
/**
* Query fetch (core version)
*/
public static function queryFetch($query, $limit=1, $fetch_style=NULL) {
public static function queryFetch($query, $limit=1, $fetch_style=null)
{
try {
$db = self::getInstance();
$db->query($query);
@ -245,7 +262,8 @@ class DB {
* Returns the number of rows affected by the last DELETE, INSERT, or UPDATE statement executed
* http://php.net/manual/en/pdostatement.rowcount.php
*/
public function rowCount() {
public function rowCount()
{
return $this->query->rowCount();
}
@ -253,7 +271,8 @@ class DB {
* Returns the ID of the last inserted row, or the last value from a sequence object, depending on the underlying driver
* http://php.net/manual/en/pdo.lastinsertid.php
*/
public function lastInsertId() {
public function lastInsertId()
{
return self::$dbh->lastInsertId();
}
@ -261,7 +280,8 @@ class DB {
* Turns off autocommit mode
* http://php.net/manual/en/pdo.begintransaction.php
*/
public function beginTransaction(){
public function beginTransaction()
{
return self::$dbh->beginTransaction();
}
@ -269,7 +289,8 @@ class DB {
* Commits a transaction, returning the database connection to autocommit mode until the next call to PDO::beginTransaction() starts a new transaction
* http://php.net/manual/en/pdo.commit.php
*/
public function endTransaction(){
public function endTransaction()
{
return self::$dbh->commit();
}
@ -277,7 +298,8 @@ class DB {
* Rolls back the current transaction, as initiated by PDO::beginTransaction()
* http://php.net/manual/en/pdo.rollback.php
*/
public function cancelTransaction(){
public function cancelTransaction()
{
return self::$dbh->rollBack();
}
@ -285,7 +307,8 @@ class DB {
* Dumps the informations contained by a prepared statement directly on the output
* http://php.net/manual/en/pdostatement.debugdumpparams.php
*/
public function debugDumpParams(){
public function debugDumpParams()
{
return $this->query->debugDumpParams();
}
@ -294,15 +317,16 @@ class DB {
/**
* Get the table with its prefix
*/
public static function getTable($table) {
public static function getTable($table)
{
return get_app_setting('db_table_prefix') . $table;
}
/**
* Get values from DB
*/
public static function get($table, $values, $clause='AND', $sort=[], $limit=NULL, $fetch_style=NULL) {
public static function get($table, $values, $clause='AND', $sort=[], $limit=null, $fetch_style=null)
{
if (!is_array($values) and $values !== 'all') {
throw new DBException('Expecting array values, '.gettype($values).' given in ' . __METHOD__, 100);
}
@ -318,7 +342,7 @@ class DB {
$query = 'SELECT * FROM '.$table;
if($join) {
if (isset($join) && $join) {
$query .= ' ' . $join . ' ';
}
@ -367,8 +391,8 @@ class DB {
* Update target table row(s)
* Returns the number of affected rows or false
*/
public static function update($table, $values, $wheres, $clause='AND') {
public static function update($table, $values, $wheres, $clause='AND')
{
if (!is_array($values)) {
throw new DBException('Expecting array values, '.gettype($values).' given in '. __METHOD__, 100);
}
@ -406,18 +430,17 @@ class DB {
$db->bind(':where_'.$k, $v);
}
return $db->exec() ? $db->rowCount() : FALSE;
return $db->exec() ? $db->rowCount() : false;
} catch (Exception $e) {
throw new DBException($e->getMessage(), 400);
}
}
/**
* Insert single row to the table
*/
public static function insert($table, $values) {
public static function insert($table, $values)
{
if (!is_array($values)) {
throw new DBException('Expecting array values, '.gettype($values).' given in '. __METHOD__, 100);
}
@ -439,11 +462,10 @@ class DB {
foreach ($values as $k => $v) {
$db->bind(':'.$k, $v);
}
return $db->exec() ? $db->lastInsertId() : FALSE;
return $db->exec() ? $db->lastInsertId() : false;
} catch (Exception $e) {
throw new DBException($e->getMessage(), 400);
}
}
/**
@ -451,8 +473,8 @@ class DB {
* Returns the number of affected rows or false
* Note: Minimum value to be set is zero, no negative values here
*/
public static function increment($table, $values, $wheres, $clause='AND') {
public static function increment($table, $values, $wheres, $clause='AND')
{
foreach (['values', 'wheres'] as $k) {
if (!is_array(${$k})) {
throw new DBException('Expecting array values, '.gettype(${$k}).' given in '. __METHOD__, 100);
@ -492,15 +514,14 @@ class DB {
} catch (Exception $e) {
throw new DBException($e->getMessage(), 400);
}
}
/**
* Delete row(s) from table
* Returns the number of affected rows or false
*/
public static function delete($table, $values, $clause='AND') {
public static function delete($table, $values, $clause='AND')
{
if (!is_array($values)) {
throw new DBException('Expecting array values, '.gettype($values).' given in '. __METHOD__, 100);
}
@ -522,17 +543,17 @@ class DB {
foreach ($values as $k => $v) {
$db->bind(':'.$k, $v);
}
return $db->exec() ? $db->rowCount() : FALSE;
return $db->exec() ? $db->rowCount() : false;
} catch (Exception $e) {
throw new DBException($e->getMessage(), 400);
}
}
/**
* Validate clause
*/
private static function validateClause($clause, $method=NULL) {
private static function validateClause($clause, $method=null)
{
if (!is_null($clause)) {
$clause = strtoupper($clause);
if (!in_array($clause, ['AND', 'OR'])) {
@ -540,8 +561,9 @@ class DB {
}
}
}
}
// DB class own Exception
class DBException extends Exception {}
class DBException extends Exception
{
}