00001 <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027 class CI_Upload {
00028
00029 var $max_size = 0;
00030 var $max_width = 0;
00031 var $max_height = 0;
00032 var $max_filename = 0;
00033 var $allowed_types = "";
00034 var $file_temp = "";
00035 var $file_name = "";
00036 var $orig_name = "";
00037 var $file_type = "";
00038 var $file_size = "";
00039 var $file_ext = "";
00040 var $upload_path = "";
00041 var $overwrite = FALSE;
00042 var $encrypt_name = FALSE;
00043 var $is_image = FALSE;
00044 var $image_width = '';
00045 var $image_height = '';
00046 var $image_type = '';
00047 var $image_size_str = '';
00048 var $error_msg = array();
00049 var $mimes = array();
00050 var $remove_spaces = TRUE;
00051 var $xss_clean = FALSE;
00052 var $temp_prefix = "temp_file_";
00053
00054
00055
00056
00057
00058
00059 function CI_Upload($props = array())
00060 {
00061 if (count($props) > 0)
00062 {
00063 $this->initialize($props);
00064 }
00065
00066 log_message('debug', "Upload Class Initialized");
00067 }
00068
00069
00070
00071
00072
00073
00074
00075
00076
00077
00078 function initialize($config = array())
00079 {
00080 $defaults = array(
00081 'max_size' => 0,
00082 'max_width' => 0,
00083 'max_height' => 0,
00084 'max_filename' => 0,
00085 'allowed_types' => "",
00086 'file_temp' => "",
00087 'file_name' => "",
00088 'orig_name' => "",
00089 'file_type' => "",
00090 'file_size' => "",
00091 'file_ext' => "",
00092 'upload_path' => "",
00093 'overwrite' => FALSE,
00094 'encrypt_name' => FALSE,
00095 'is_image' => FALSE,
00096 'image_width' => '',
00097 'image_height' => '',
00098 'image_type' => '',
00099 'image_size_str' => '',
00100 'error_msg' => array(),
00101 'mimes' => array(),
00102 'remove_spaces' => TRUE,
00103 'xss_clean' => FALSE,
00104 'temp_prefix' => "temp_file_"
00105 );
00106
00107
00108 foreach ($defaults as $key => $val)
00109 {
00110 if (isset($config[$key]))
00111 {
00112 $method = 'set_'.$key;
00113 if (method_exists($this, $method))
00114 {
00115 $this->$method($config[$key]);
00116 }
00117 else
00118 {
00119 $this->$key = $config[$key];
00120 }
00121 }
00122 else
00123 {
00124 $this->$key = $val;
00125 }
00126 }
00127 }
00128
00129
00130
00131
00132
00133
00134
00135
00136
00137 function do_upload($field = 'userfile')
00138 {
00139
00140 if ( ! isset($_FILES[$field]))
00141 {
00142 $this->set_error('upload_no_file_selected');
00143 return FALSE;
00144 }
00145
00146
00147 if ( ! $this->validate_upload_path())
00148 {
00149
00150 return FALSE;
00151 }
00152
00153
00154 if ( ! is_uploaded_file($_FILES[$field]['tmp_name']))
00155 {
00156 $error = ( ! isset($_FILES[$field]['error'])) ? 4 : $_FILES[$field]['error'];
00157
00158 switch($error)
00159 {
00160 case 1:
00161 $this->set_error('upload_file_exceeds_limit');
00162 break;
00163 case 2:
00164 $this->set_error('upload_file_exceeds_form_limit');
00165 break;
00166 case 3:
00167 $this->set_error('upload_file_partial');
00168 break;
00169 case 4:
00170 $this->set_error('upload_no_file_selected');
00171 break;
00172 case 6:
00173 $this->set_error('upload_no_temp_directory');
00174 break;
00175 case 7:
00176 $this->set_error('upload_unable_to_write_file');
00177 break;
00178 case 8:
00179 $this->set_error('upload_stopped_by_extension');
00180 break;
00181 default : $this->set_error('upload_no_file_selected');
00182 break;
00183 }
00184
00185 return FALSE;
00186 }
00187
00188
00189 $this->file_temp = $_FILES[$field]['tmp_name'];
00190 $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
00191 $this->file_size = $_FILES[$field]['size'];
00192 $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
00193 $this->file_type = strtolower($this->file_type);
00194 $this->file_ext = $this->get_extension($_FILES[$field]['name']);
00195
00196
00197 if ($this->file_size > 0)
00198 {
00199 $this->file_size = round($this->file_size/1024, 2);
00200 }
00201
00202
00203 if ( ! $this->is_allowed_filetype())
00204 {
00205 $this->set_error('upload_invalid_filetype');
00206 return FALSE;
00207 }
00208
00209
00210 if ( ! $this->is_allowed_filesize())
00211 {
00212 $this->set_error('upload_invalid_filesize');
00213 return FALSE;
00214 }
00215
00216
00217
00218 if ( ! $this->is_allowed_dimensions())
00219 {
00220 $this->set_error('upload_invalid_dimensions');
00221 return FALSE;
00222 }
00223
00224
00225 $this->file_name = $this->clean_file_name($this->file_name);
00226
00227
00228 if ($this->max_filename > 0)
00229 {
00230 $this->file_name = $this->limit_filename_length($this->file_name, $this->max_filename);
00231 }
00232
00233
00234 if ($this->remove_spaces == TRUE)
00235 {
00236 $this->file_name = preg_replace("/\s+/", "_", $this->file_name);
00237 }
00238
00239
00240
00241
00242
00243
00244
00245 $this->orig_name = $this->file_name;
00246
00247 if ($this->overwrite == FALSE)
00248 {
00249 $this->file_name = $this->set_filename($this->upload_path, $this->file_name);
00250
00251 if ($this->file_name === FALSE)
00252 {
00253 return FALSE;
00254 }
00255 }
00256
00257
00258
00259
00260
00261
00262
00263
00264 if ( ! @copy($this->file_temp, $this->upload_path.$this->file_name))
00265 {
00266 if ( ! @move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name))
00267 {
00268 $this->set_error('upload_destination_error');
00269 return FALSE;
00270 }
00271 }
00272
00273
00274
00275
00276
00277
00278
00279 if ($this->xss_clean == TRUE)
00280 {
00281 $this->do_xss_clean();
00282 }
00283
00284
00285
00286
00287
00288
00289
00290 $this->set_image_properties($this->upload_path.$this->file_name);
00291
00292 return TRUE;
00293 }
00294
00295
00296
00297
00298
00299
00300
00301
00302
00303
00304
00305
00306 function data()
00307 {
00308 return array (
00309 'file_name' => $this->file_name,
00310 'file_type' => $this->file_type,
00311 'file_path' => $this->upload_path,
00312 'full_path' => $this->upload_path.$this->file_name,
00313 'raw_name' => str_replace($this->file_ext, '', $this->file_name),
00314 'orig_name' => $this->orig_name,
00315 'file_ext' => $this->file_ext,
00316 'file_size' => $this->file_size,
00317 'is_image' => $this->is_image(),
00318 'image_width' => $this->image_width,
00319 'image_height' => $this->image_height,
00320 'image_type' => $this->image_type,
00321 'image_size_str' => $this->image_size_str,
00322 );
00323 }
00324
00325
00326
00327
00328
00329
00330
00331
00332
00333
00334 function set_upload_path($path)
00335 {
00336
00337 $this->upload_path = rtrim($path, '/').'/';
00338 }
00339
00340
00341
00342
00343
00344
00345
00346
00347
00348
00349
00350
00351
00352
00353
00354 function set_filename($path, $filename)
00355 {
00356 if ($this->encrypt_name == TRUE)
00357 {
00358 mt_srand();
00359 $filename = md5(uniqid(mt_rand())).$this->file_ext;
00360 }
00361
00362 if ( ! file_exists($path.$filename))
00363 {
00364 return $filename;
00365 }
00366
00367 $filename = str_replace($this->file_ext, '', $filename);
00368
00369 $new_filename = '';
00370 for ($i = 1; $i < 100; $i++)
00371 {
00372 if ( ! file_exists($path.$filename.$i.$this->file_ext))
00373 {
00374 $new_filename = $filename.$i.$this->file_ext;
00375 break;
00376 }
00377 }
00378
00379 if ($new_filename == '')
00380 {
00381 $this->set_error('upload_bad_filename');
00382 return FALSE;
00383 }
00384 else
00385 {
00386 return $new_filename;
00387 }
00388 }
00389
00390
00391
00392
00393
00394
00395
00396
00397
00398
00399 function set_max_filesize($n)
00400 {
00401 $this->max_size = ((int) $n < 0) ? 0: (int) $n;
00402 }
00403
00404
00405
00406
00407
00408
00409
00410
00411
00412
00413 function set_max_filename($n)
00414 {
00415 $this->max_filename = ((int) $n < 0) ? 0: (int) $n;
00416 }
00417
00418
00419
00420
00421
00422
00423
00424
00425
00426
00427 function set_max_width($n)
00428 {
00429 $this->max_width = ((int) $n < 0) ? 0: (int) $n;
00430 }
00431
00432
00433
00434
00435
00436
00437
00438
00439
00440
00441 function set_max_height($n)
00442 {
00443 $this->max_height = ((int) $n < 0) ? 0: (int) $n;
00444 }
00445
00446
00447
00448
00449
00450
00451
00452
00453
00454
00455 function set_allowed_types($types)
00456 {
00457 $this->allowed_types = explode('|', $types);
00458 }
00459
00460
00461
00462
00463
00464
00465
00466
00467
00468
00469
00470
00471 function set_image_properties($path = '')
00472 {
00473 if ( ! $this->is_image())
00474 {
00475 return;
00476 }
00477
00478 if (function_exists('getimagesize'))
00479 {
00480 if (FALSE !== ($D = @getimagesize($path)))
00481 {
00482 $types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png');
00483
00484 $this->image_width = $D['0'];
00485 $this->image_height = $D['1'];
00486 $this->image_type = ( ! isset($types[$D['2']])) ? 'unknown' : $types[$D['2']];
00487 $this->image_size_str = $D['3'];
00488 }
00489 }
00490 }
00491
00492
00493
00494
00495
00496
00497
00498
00499
00500
00501
00502
00503
00504 function set_xss_clean($flag = FALSE)
00505 {
00506 $this->xss_clean = ($flag == TRUE) ? TRUE : FALSE;
00507 }
00508
00509
00510
00511
00512
00513
00514
00515
00516
00517 function is_image()
00518 {
00519
00520
00521
00522 $png_mimes = array('image/x-png');
00523 $jpeg_mimes = array('image/jpg', 'image/jpe', 'image/jpeg', 'image/pjpeg');
00524
00525 if (in_array($this->file_type, $png_mimes))
00526 {
00527 $this->file_type = 'image/png';
00528 }
00529
00530 if (in_array($this->file_type, $jpeg_mimes))
00531 {
00532 $this->file_type = 'image/jpeg';
00533 }
00534
00535 $img_mimes = array(
00536 'image/gif',
00537 'image/jpeg',
00538 'image/png',
00539 );
00540
00541 return (in_array($this->file_type, $img_mimes, TRUE)) ? TRUE : FALSE;
00542 }
00543
00544
00545
00546
00547
00548
00549
00550
00551
00552 function is_allowed_filetype()
00553 {
00554 if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types))
00555 {
00556 $this->set_error('upload_no_file_types');
00557 return FALSE;
00558 }
00559
00560 foreach ($this->allowed_types as $val)
00561 {
00562 $mime = $this->mimes_types(strtolower($val));
00563
00564 if (is_array($mime))
00565 {
00566 if (in_array($this->file_type, $mime, TRUE))
00567 {
00568 return TRUE;
00569 }
00570 }
00571 else
00572 {
00573 if ($mime == $this->file_type)
00574 {
00575 return TRUE;
00576 }
00577 }
00578 }
00579
00580 return FALSE;
00581 }
00582
00583
00584
00585
00586
00587
00588
00589
00590
00591 function is_allowed_filesize()
00592 {
00593 if ($this->max_size != 0 AND $this->file_size > $this->max_size)
00594 {
00595 return FALSE;
00596 }
00597 else
00598 {
00599 return TRUE;
00600 }
00601 }
00602
00603
00604
00605
00606
00607
00608
00609
00610
00611 function is_allowed_dimensions()
00612 {
00613 if ( ! $this->is_image())
00614 {
00615 return TRUE;
00616 }
00617
00618 if (function_exists('getimagesize'))
00619 {
00620 $D = @getimagesize($this->file_temp);
00621
00622 if ($this->max_width > 0 AND $D['0'] > $this->max_width)
00623 {
00624 return FALSE;
00625 }
00626
00627 if ($this->max_height > 0 AND $D['1'] > $this->max_height)
00628 {
00629 return FALSE;
00630 }
00631
00632 return TRUE;
00633 }
00634
00635 return TRUE;
00636 }
00637
00638
00639
00640
00641
00642
00643
00644
00645
00646
00647
00648
00649 function validate_upload_path()
00650 {
00651 if ($this->upload_path == '')
00652 {
00653 $this->set_error('upload_no_filepath');
00654 return FALSE;
00655 }
00656
00657 if (function_exists('realpath') AND @realpath($this->upload_path) !== FALSE)
00658 {
00659 $this->upload_path = str_replace("\\", "/", realpath($this->upload_path));
00660 }
00661
00662 if ( ! @is_dir($this->upload_path))
00663 {
00664 $this->set_error('upload_no_filepath');
00665 return FALSE;
00666 }
00667
00668 if ( ! is_really_writable($this->upload_path))
00669 {
00670 $this->set_error('upload_not_writable');
00671 return FALSE;
00672 }
00673
00674 $this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path);
00675 return TRUE;
00676 }
00677
00678
00679
00680
00681
00682
00683
00684
00685
00686
00687 function get_extension($filename)
00688 {
00689 $x = explode('.', $filename);
00690 return '.'.end($x);
00691 }
00692
00693
00694
00695
00696
00697
00698
00699
00700
00701
00702 function clean_file_name($filename)
00703 {
00704 $bad = array(
00705 "<!--",
00706 "-->",
00707 "'",
00708 "<",
00709 ">",
00710 '"',
00711 '&',
00712 '$',
00713 '=',
00714 ';',
00715 '?',
00716 '/',
00717 "%20",
00718 "%22",
00719 "%3c",
00720 "%253c",
00721 "%3e",
00722 "%0e",
00723 "%28",
00724 "%29",
00725 "%2528",
00726 "%26",
00727 "%24",
00728 "%3f",
00729 "%3b",
00730 "%3d"
00731 );
00732
00733 $filename = str_replace($bad, '', $filename);
00734
00735 return stripslashes($filename);
00736 }
00737
00738
00739
00740
00741
00742
00743
00744
00745
00746
00747 function limit_filename_length($filename, $length)
00748 {
00749 if (strlen($filename) < $length)
00750 {
00751 return $filename;
00752 }
00753
00754 $ext = '';
00755 if (strpos($filename, '.') !== FALSE)
00756 {
00757 $parts = explode('.', $filename);
00758 $ext = '.'.array_pop($parts);
00759 $filename = implode('.', $parts);
00760 }
00761
00762 return substr($filename, 0, ($length - strlen($ext))).$ext;
00763 }
00764
00765
00766
00767
00768
00769
00770
00771
00772
00773
00774
00775
00776
00777 function do_xss_clean()
00778 {
00779 $file = $this->upload_path.$this->file_name;
00780
00781 if (filesize($file) == 0)
00782 {
00783 return FALSE;
00784 }
00785
00786 if (($data = @file_get_contents($file)) === FALSE)
00787 {
00788 return FALSE;
00789 }
00790
00791 if ( ! $fp = @fopen($file, FOPEN_READ_WRITE))
00792 {
00793 return FALSE;
00794 }
00795
00796 $CI =& get_instance();
00797 $data = $CI->input->xss_clean($data);
00798
00799 flock($fp, LOCK_EX);
00800 fwrite($fp, $data);
00801 flock($fp, LOCK_UN);
00802 fclose($fp);
00803 }
00804
00805
00806
00807
00808
00809
00810
00811
00812
00813
00814 function set_error($msg)
00815 {
00816 $CI =& get_instance();
00817 $CI->lang->load('upload');
00818
00819 if (is_array($msg))
00820 {
00821 foreach ($msg as $val)
00822 {
00823 $msg = ($CI->lang->line($val) == FALSE) ? $val : $CI->lang->line($val);
00824 $this->error_msg[] = $msg;
00825 log_message('error', $msg);
00826 }
00827 }
00828 else
00829 {
00830 $msg = ($CI->lang->line($msg) == FALSE) ? $msg : $CI->lang->line($msg);
00831 $this->error_msg[] = $msg;
00832 log_message('error', $msg);
00833 }
00834 }
00835
00836
00837
00838
00839
00840
00841
00842
00843
00844
00845
00846 function display_errors($open = '<p>', $close = '</p>')
00847 {
00848 $str = '';
00849 foreach ($this->error_msg as $val)
00850 {
00851 $str .= $open.$val.$close;
00852 }
00853
00854 return $str;
00855 }
00856
00857
00858
00859
00860
00861
00862
00863
00864
00865
00866
00867
00868
00869 function mimes_types($mime)
00870 {
00871 global $mimes;
00872
00873 if (count($this->mimes) == 0)
00874 {
00875 if (@require_once(APPPATH.'config/mimes'.EXT))
00876 {
00877 $this->mimes = $mimes;
00878 unset($mimes);
00879 }
00880 }
00881
00882 return ( ! isset($this->mimes[$mime])) ? FALSE : $this->mimes[$mime];
00883 }
00884
00885
00886
00887
00888
00889
00890
00891
00892
00893
00894
00895
00896
00897 function _prep_filename($filename)
00898 {
00899 if (strpos($filename, '.') === FALSE)
00900 {
00901 return $filename;
00902 }
00903
00904 $parts = explode('.', $filename);
00905 $ext = array_pop($parts);
00906 $filename = array_shift($parts);
00907
00908 foreach ($parts as $part)
00909 {
00910 if ($this->mimes_types(strtolower($part)) === FALSE)
00911 {
00912 $filename .= '.'.$part.'_';
00913 }
00914 else
00915 {
00916 $filename .= '.'.$part;
00917 }
00918 }
00919
00920 $filename .= '.'.$ext;
00921
00922 return $filename;
00923 }
00924
00925
00926
00927 }
00928
00929
00930
00931