00001 <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027 class CI_Upload {
00028
00029 var $max_size = 0;
00030 var $max_width = 0;
00031 var $max_height = 0;
00032 var $allowed_types = "";
00033 var $file_temp = "";
00034 var $file_name = "";
00035 var $orig_name = "";
00036 var $file_type = "";
00037 var $file_size = "";
00038 var $file_ext = "";
00039 var $upload_path = "";
00040 var $overwrite = FALSE;
00041 var $encrypt_name = FALSE;
00042 var $is_image = FALSE;
00043 var $image_width = '';
00044 var $image_height = '';
00045 var $image_type = '';
00046 var $image_size_str = '';
00047 var $error_msg = array();
00048 var $mimes = array();
00049 var $remove_spaces = TRUE;
00050 var $xss_clean = FALSE;
00051 var $temp_prefix = "temp_file_";
00052
00053
00054
00055
00056
00057
00058 function CI_Upload($props = array())
00059 {
00060 if (count($props) > 0)
00061 {
00062 $this->initialize($props);
00063 }
00064
00065 log_message('debug', "Upload Class Initialized");
00066 }
00067
00068
00069
00070
00071
00072
00073
00074
00075
00076
00077 function initialize($config = array())
00078 {
00079 $defaults = array(
00080 'max_size' => 0,
00081 'max_width' => 0,
00082 'max_height' => 0,
00083 'allowed_types' => "",
00084 'file_temp' => "",
00085 'file_name' => "",
00086 'orig_name' => "",
00087 'file_type' => "",
00088 'file_size' => "",
00089 'file_ext' => "",
00090 'upload_path' => "",
00091 'overwrite' => FALSE,
00092 'encrypt_name' => FALSE,
00093 'is_image' => FALSE,
00094 'image_width' => '',
00095 'image_height' => '',
00096 'image_type' => '',
00097 'image_size_str' => '',
00098 'error_msg' => array(),
00099 'mimes' => array(),
00100 'remove_spaces' => TRUE,
00101 'xss_clean' => FALSE,
00102 'temp_prefix' => "temp_file_"
00103 );
00104
00105
00106 foreach ($defaults as $key => $val)
00107 {
00108 if (isset($config[$key]))
00109 {
00110 $method = 'set_'.$key;
00111 if (method_exists($this, $method))
00112 {
00113 $this->$method($config[$key]);
00114 }
00115 else
00116 {
00117 $this->$key = $config[$key];
00118 }
00119 }
00120 else
00121 {
00122 $this->$key = $val;
00123 }
00124 }
00125 }
00126
00127
00128
00129
00130
00131
00132
00133
00134
00135 function do_upload($field = 'userfile')
00136 {
00137
00138 if ( ! isset($_FILES[$field]))
00139 {
00140 $this->set_error('upload_no_file_selected');
00141 return FALSE;
00142 }
00143
00144
00145 if ( ! $this->validate_upload_path())
00146 {
00147
00148 return FALSE;
00149 }
00150
00151
00152 if ( ! is_uploaded_file($_FILES[$field]['tmp_name']))
00153 {
00154 $error = ( ! isset($_FILES[$field]['error'])) ? 4 : $_FILES[$field]['error'];
00155
00156 switch($error)
00157 {
00158 case 1:
00159 $this->set_error('upload_file_exceeds_limit');
00160 break;
00161 case 2:
00162 $this->set_error('upload_file_exceeds_form_limit');
00163 break;
00164 case 3:
00165 $this->set_error('upload_file_partial');
00166 break;
00167 case 4:
00168 $this->set_error('upload_no_file_selected');
00169 break;
00170 case 6:
00171 $this->set_error('upload_no_temp_directory');
00172 break;
00173 case 7:
00174 $this->set_error('upload_unable_to_write_file');
00175 break;
00176 case 8:
00177 $this->set_error('upload_stopped_by_extension');
00178 break;
00179 default : $this->set_error('upload_no_file_selected');
00180 break;
00181 }
00182
00183 return FALSE;
00184 }
00185
00186
00187 $this->file_temp = $_FILES[$field]['tmp_name'];
00188 $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
00189 $this->file_size = $_FILES[$field]['size'];
00190 $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
00191 $this->file_type = strtolower($this->file_type);
00192 $this->file_ext = $this->get_extension($_FILES[$field]['name']);
00193
00194
00195 if ($this->file_size > 0)
00196 {
00197 $this->file_size = round($this->file_size/1024, 2);
00198 }
00199
00200
00201 if ( ! $this->is_allowed_filetype())
00202 {
00203 $this->set_error('upload_invalid_filetype');
00204 return FALSE;
00205 }
00206
00207
00208 if ( ! $this->is_allowed_filesize())
00209 {
00210 $this->set_error('upload_invalid_filesize');
00211 return FALSE;
00212 }
00213
00214
00215
00216 if ( ! $this->is_allowed_dimensions())
00217 {
00218 $this->set_error('upload_invalid_dimensions');
00219 return FALSE;
00220 }
00221
00222
00223 $this->file_name = $this->clean_file_name($this->file_name);
00224
00225
00226 if ($this->remove_spaces == TRUE)
00227 {
00228 $this->file_name = preg_replace("/\s+/", "_", $this->file_name);
00229 }
00230
00231
00232
00233
00234
00235
00236
00237 $this->orig_name = $this->file_name;
00238
00239 if ($this->overwrite == FALSE)
00240 {
00241 $this->file_name = $this->set_filename($this->upload_path, $this->file_name);
00242
00243 if ($this->file_name === FALSE)
00244 {
00245 return FALSE;
00246 }
00247 }
00248
00249
00250
00251
00252
00253
00254
00255
00256 if ( ! @copy($this->file_temp, $this->upload_path.$this->file_name))
00257 {
00258 if ( ! @move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name))
00259 {
00260 $this->set_error('upload_destination_error');
00261 return FALSE;
00262 }
00263 }
00264
00265
00266
00267
00268
00269
00270
00271 if ($this->xss_clean == TRUE)
00272 {
00273 $this->do_xss_clean();
00274 }
00275
00276
00277
00278
00279
00280
00281
00282 $this->set_image_properties($this->upload_path.$this->file_name);
00283
00284 return TRUE;
00285 }
00286
00287
00288
00289
00290
00291
00292
00293
00294
00295
00296
00297
00298 function data()
00299 {
00300 return array (
00301 'file_name' => $this->file_name,
00302 'file_type' => $this->file_type,
00303 'file_path' => $this->upload_path,
00304 'full_path' => $this->upload_path.$this->file_name,
00305 'raw_name' => str_replace($this->file_ext, '', $this->file_name),
00306 'orig_name' => $this->orig_name,
00307 'file_ext' => $this->file_ext,
00308 'file_size' => $this->file_size,
00309 'is_image' => $this->is_image(),
00310 'image_width' => $this->image_width,
00311 'image_height' => $this->image_height,
00312 'image_type' => $this->image_type,
00313 'image_size_str' => $this->image_size_str,
00314 );
00315 }
00316
00317
00318
00319
00320
00321
00322
00323
00324
00325
00326 function set_upload_path($path)
00327 {
00328 $this->upload_path = $path;
00329 }
00330
00331
00332
00333
00334
00335
00336
00337
00338
00339
00340
00341
00342
00343
00344
00345 function set_filename($path, $filename)
00346 {
00347 if ($this->encrypt_name == TRUE)
00348 {
00349 mt_srand();
00350 $filename = md5(uniqid(mt_rand())).$this->file_ext;
00351 }
00352
00353 if ( ! file_exists($path.$filename))
00354 {
00355 return $filename;
00356 }
00357
00358 $filename = str_replace($this->file_ext, '', $filename);
00359
00360 $new_filename = '';
00361 for ($i = 1; $i < 100; $i++)
00362 {
00363 if ( ! file_exists($path.$filename.$i.$this->file_ext))
00364 {
00365 $new_filename = $filename.$i.$this->file_ext;
00366 break;
00367 }
00368 }
00369
00370 if ($new_filename == '')
00371 {
00372 $this->set_error('upload_bad_filename');
00373 return FALSE;
00374 }
00375 else
00376 {
00377 return $new_filename;
00378 }
00379 }
00380
00381
00382
00383
00384
00385
00386
00387
00388
00389
00390 function set_max_filesize($n)
00391 {
00392 $this->max_size = ( ! eregi("^[[:digit:]]+$", $n)) ? 0 : $n;
00393 }
00394
00395
00396
00397
00398
00399
00400
00401
00402
00403
00404 function set_max_width($n)
00405 {
00406 $this->max_width = ( ! eregi("^[[:digit:]]+$", $n)) ? 0 : $n;
00407 }
00408
00409
00410
00411
00412
00413
00414
00415
00416
00417
00418 function set_max_height($n)
00419 {
00420 $this->max_height = ( ! eregi("^[[:digit:]]+$", $n)) ? 0 : $n;
00421 }
00422
00423
00424
00425
00426
00427
00428
00429
00430
00431
00432 function set_allowed_types($types)
00433 {
00434 $this->allowed_types = explode('|', $types);
00435 }
00436
00437
00438
00439
00440
00441
00442
00443
00444
00445
00446
00447
00448 function set_image_properties($path = '')
00449 {
00450 if ( ! $this->is_image())
00451 {
00452 return;
00453 }
00454
00455 if (function_exists('getimagesize'))
00456 {
00457 if (FALSE !== ($D = @getimagesize($path)))
00458 {
00459 $types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png');
00460
00461 $this->image_width = $D['0'];
00462 $this->image_height = $D['1'];
00463 $this->image_type = ( ! isset($types[$D['2']])) ? 'unknown' : $types[$D['2']];
00464 $this->image_size_str = $D['3'];
00465 }
00466 }
00467 }
00468
00469
00470
00471
00472
00473
00474
00475
00476
00477
00478
00479
00480
00481 function set_xss_clean($flag = FALSE)
00482 {
00483 $this->xss_clean = ($flag == TRUE) ? TRUE : FALSE;
00484 }
00485
00486
00487
00488
00489
00490
00491
00492
00493
00494 function is_image()
00495 {
00496
00497
00498
00499 $png_mimes = array('image/x-png');
00500 $jpeg_mimes = array('image/jpg', 'image/jpe', 'image/jpeg', 'image/pjpeg');
00501
00502 if (in_array($this->file_type, $png_mimes))
00503 {
00504 $this->file_type = 'image/png';
00505 }
00506
00507 if (in_array($this->file_type, $jpeg_mimes))
00508 {
00509 $this->file_type = 'image/jpeg';
00510 }
00511
00512 $img_mimes = array(
00513 'image/gif',
00514 'image/jpeg',
00515 'image/png',
00516 );
00517
00518 return (in_array($this->file_type, $img_mimes, TRUE)) ? TRUE : FALSE;
00519 }
00520
00521
00522
00523
00524
00525
00526
00527
00528
00529 function is_allowed_filetype()
00530 {
00531 if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types))
00532 {
00533 $this->set_error('upload_no_file_types');
00534 return FALSE;
00535 }
00536
00537 foreach ($this->allowed_types as $val)
00538 {
00539 $mime = $this->mimes_types(strtolower($val));
00540
00541 if (is_array($mime))
00542 {
00543 if (in_array($this->file_type, $mime, TRUE))
00544 {
00545 return TRUE;
00546 }
00547 }
00548 else
00549 {
00550 if ($mime == $this->file_type)
00551 {
00552 return TRUE;
00553 }
00554 }
00555 }
00556
00557 return FALSE;
00558 }
00559
00560
00561
00562
00563
00564
00565
00566
00567
00568 function is_allowed_filesize()
00569 {
00570 if ($this->max_size != 0 AND $this->file_size > $this->max_size)
00571 {
00572 return FALSE;
00573 }
00574 else
00575 {
00576 return TRUE;
00577 }
00578 }
00579
00580
00581
00582
00583
00584
00585
00586
00587
00588 function is_allowed_dimensions()
00589 {
00590 if ( ! $this->is_image())
00591 {
00592 return TRUE;
00593 }
00594
00595 if (function_exists('getimagesize'))
00596 {
00597 $D = @getimagesize($this->file_temp);
00598
00599 if ($this->max_width > 0 AND $D['0'] > $this->max_width)
00600 {
00601 return FALSE;
00602 }
00603
00604 if ($this->max_height > 0 AND $D['1'] > $this->max_height)
00605 {
00606 return FALSE;
00607 }
00608
00609 return TRUE;
00610 }
00611
00612 return TRUE;
00613 }
00614
00615
00616
00617
00618
00619
00620
00621
00622
00623
00624
00625
00626 function validate_upload_path()
00627 {
00628 if ($this->upload_path == '')
00629 {
00630 $this->set_error('upload_no_filepath');
00631 return FALSE;
00632 }
00633
00634 if (function_exists('realpath') AND @realpath($this->upload_path) !== FALSE)
00635 {
00636 $this->upload_path = str_replace("\\", "/", realpath($this->upload_path));
00637 }
00638
00639 if ( ! @is_dir($this->upload_path))
00640 {
00641 $this->set_error('upload_no_filepath');
00642 return FALSE;
00643 }
00644
00645 if ( ! is_really_writable($this->upload_path))
00646 {
00647 $this->set_error('upload_not_writable');
00648 return FALSE;
00649 }
00650
00651 $this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path);
00652 return TRUE;
00653 }
00654
00655
00656
00657
00658
00659
00660
00661
00662
00663
00664 function get_extension($filename)
00665 {
00666 $x = explode('.', $filename);
00667 return '.'.end($x);
00668 }
00669
00670
00671
00672
00673
00674
00675
00676
00677
00678
00679 function clean_file_name($filename)
00680 {
00681 $bad = array(
00682 "<!--",
00683 "-->",
00684 "'",
00685 "<",
00686 ">",
00687 '"',
00688 '&',
00689 '$',
00690 '=',
00691 ';',
00692 '?',
00693 '/',
00694 "%20",
00695 "%22",
00696 "%3c",
00697 "%253c",
00698 "%3e",
00699 "%0e",
00700 "%28",
00701 "%29",
00702 "%2528",
00703 "%26",
00704 "%24",
00705 "%3f",
00706 "%3b",
00707 "%3d"
00708 );
00709
00710 foreach ($bad as $val)
00711 {
00712 $filename = str_replace($val, '', $filename);
00713 }
00714
00715 return stripslashes($filename);
00716 }
00717
00718
00719
00720
00721
00722
00723
00724
00725
00726
00727
00728
00729
00730 function do_xss_clean()
00731 {
00732 $file = $this->upload_path.$this->file_name;
00733
00734 if (filesize($file) == 0)
00735 {
00736 return FALSE;
00737 }
00738
00739 if (($data = @file_get_contents($file)) === FALSE)
00740 {
00741 return FALSE;
00742 }
00743
00744 if ( ! $fp = @fopen($file, FOPEN_READ_WRITE))
00745 {
00746 return FALSE;
00747 }
00748
00749 $CI =& get_instance();
00750 $data = $CI->input->xss_clean($data);
00751
00752 flock($fp, LOCK_EX);
00753 fwrite($fp, $data);
00754 flock($fp, LOCK_UN);
00755 fclose($fp);
00756 }
00757
00758
00759
00760
00761
00762
00763
00764
00765
00766
00767 function set_error($msg)
00768 {
00769 $CI =& get_instance();
00770 $CI->lang->load('upload');
00771
00772 if (is_array($msg))
00773 {
00774 foreach ($msg as $val)
00775 {
00776 $msg = ($CI->lang->line($val) == FALSE) ? $val : $CI->lang->line($val);
00777 $this->error_msg[] = $msg;
00778 log_message('error', $msg);
00779 }
00780 }
00781 else
00782 {
00783 $msg = ($CI->lang->line($msg) == FALSE) ? $msg : $CI->lang->line($msg);
00784 $this->error_msg[] = $msg;
00785 log_message('error', $msg);
00786 }
00787 }
00788
00789
00790
00791
00792
00793
00794
00795
00796
00797
00798
00799 function display_errors($open = '<p>', $close = '</p>')
00800 {
00801 $str = '';
00802 foreach ($this->error_msg as $val)
00803 {
00804 $str .= $open.$val.$close;
00805 }
00806
00807 return $str;
00808 }
00809
00810
00811
00812
00813
00814
00815
00816
00817
00818
00819
00820
00821
00822 function mimes_types($mime)
00823 {
00824 global $mimes;
00825
00826 if (count($this->mimes) == 0)
00827 {
00828 if (@require_once(APPPATH.'config/mimes'.EXT))
00829 {
00830 $this->mimes = $mimes;
00831 unset($mimes);
00832 }
00833 }
00834
00835 return ( ! isset($this->mimes[$mime])) ? FALSE : $this->mimes[$mime];
00836 }
00837
00838
00839
00840
00841
00842
00843
00844
00845
00846
00847
00848 function _prep_filename($filename)
00849 {
00850 if (strpos($filename, '.') === FALSE)
00851 {
00852 return $filename;
00853 }
00854
00855 $parts = explode('.', $filename);
00856 $ext = array_pop($parts);
00857 $filename = array_shift($parts);
00858
00859 foreach ($parts as $part)
00860 {
00861 if ($this->mimes_types(strtolower($part)) === FALSE)
00862 {
00863 $filename .= '.'.$part.'_';
00864 }
00865 else
00866 {
00867 $filename .= '.'.$part;
00868 }
00869 }
00870
00871 $filename .= '.'.$ext;
00872
00873 return $filename;
00874 }
00875
00876
00877
00878 }
00879
00880
00881
00882