16/02/2008, 23:47
|
 | | | Fecha de Ingreso: junio-2006
Mensajes: 550
Antigüedad: 17 años, 10 meses Puntos: 7 | |
| Re: Subir Imagen
Continuación class.upload.php
Código:
if (empty($server_path) || is_null($server_path)) {
$this->log .= '<b>process file and return the content</b><br />';
$return_mode = true;
} else {
if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
if (substr($server_path, -1, 1) != '\\') $server_path = $server_path . '\\';
} else {
if (substr($server_path, -1, 1) != '/') $server_path = $server_path . '/';
}
$this->log .= '<b>process file to ' . $server_path . '</b><br />';
}
// checks file size and mine type
if ($this->uploaded) {
if ($this->file_src_size > $this->file_max_size ) {
$this->processed = false;
$this->error = $this->translate('file_too_big');
} else {
$this->log .= '- file size OK<br />';
}
// turn dangerous scripts into text files
if ($this->no_script) {
if (((substr($this->file_src_mime, 0, 5) == 'text/' || strpos($this->file_src_mime, 'javascript') !== false) && (substr($this->file_src_name, -4) != '.txt'))
|| preg_match('/\.(php|pl|py|cgi|asp)$/i', $this->file_src_name) || empty($this->file_src_name_ext)) {
$this->file_src_mime = 'text/plain';
$this->log .= '- script ' . $this->file_src_name . ' renamed as ' . $this->file_src_name . '.txt!<br />';
$this->file_src_name_ext .= (empty($this->file_src_name_ext) ? 'txt' : '.txt');
}
}
// checks MIME type with mime_magic
if ($this->mime_magic_check && function_exists('mime_content_type')) {
$detected_mime = mime_content_type($this->file_src_pathname);
if ($this->file_src_mime != $detected_mime) {
$this->log .= '- MIME type detected as ' . $detected_mime . ' but given as ' . $this->file_src_mime . '!<br />';
$this->file_src_mime = $detected_mime;
}
}
if ($this->mime_check && empty($this->file_src_mime)) {
$this->processed = false;
$this->error = $this->translate('no_mime');
} else if ($this->mime_check && !empty($this->file_src_mime) && strpos($this->file_src_mime, '/') !== false) {
list($m1, $m2) = explode('/', $this->file_src_mime);
$allowed = false;
// check wether the mime type is allowed
foreach($this->allowed as $k => $v) {
list($v1, $v2) = explode('/', $v);
if (($v1 == '*' && $v2 == '*') || ($v1 == $m1 && ($v2 == $m2 || $v2 == '*'))) {
$allowed = true;
break;
}
}
// check wether the mime type is forbidden
foreach($this->forbidden as $k => $v) {
list($v1, $v2) = explode('/', $v);
if (($v1 == '*' && $v2 == '*') || ($v1 == $m1 && ($v2 == $m2 || $v2 == '*'))) {
$allowed = false;
break;
}
}
if (!$allowed) {
$this->processed = false;
$this->error = $this->translate('incorrect_file');
} else {
$this->log .= '- file mime OK : ' . $this->file_src_mime . '<br />';
}
} else {
$this->log .= '- file mime OK : ' . $this->file_src_mime . '<br />';
}
// if the file is an image, we can check on its dimensions
// these checks are not available if open_basedir restrictions are in place
if ($this->file_is_image) {
if (is_numeric($this->image_src_x) && is_numeric($this->image_src_y)) {
$ratio = $this->image_src_x / $this->image_src_y;
if (!is_null($this->image_max_width) && $this->image_src_x > $this->image_max_width) {
$this->processed = false;
$this->error = $this->translate('image_too_wide');
}
if (!is_null($this->image_min_width) && $this->image_src_x < $this->image_min_width) {
$this->processed = false;
$this->error = $this->translate('image_too_narrow');
}
if (!is_null($this->image_max_height) && $this->image_src_y > $this->image_max_height) {
$this->processed = false;
$this->error = $this->translate('image_too_high');
}
if (!is_null($this->image_min_height) && $this->image_src_y < $this->image_min_height) {
$this->processed = false;
$this->error = $this->translate('image_too_short');
}
if (!is_null($this->image_max_ratio) && $ratio > $this->image_max_ratio) {
$this->processed = false;
$this->error = $this->translate('ratio_too_high');
}
if (!is_null($this->image_min_ratio) && $ratio < $this->image_min_ratio) {
$this->processed = false;
$this->error = $this->translate('ratio_too_low');
}
if (!is_null($this->image_max_pixels) && $this->image_src_pixels > $this->image_max_pixels) {
$this->processed = false;
$this->error = $this->translate('too_many_pixels');
}
if (!is_null($this->image_min_pixels) && $this->image_src_pixels < $this->image_min_pixels) {
$this->processed = false;
$this->error = $this->translate('not_enough_pixels');
}
} else {
$this->log .= '- no image properties available, can\'t enforce dimension checks : ' . $this->file_src_mime . '<br />';
}
}
} else {
$this->error = $this->translate('file_not_uploaded');
$this->processed = false;
}
if ($this->processed) {
$this->file_dst_path = $server_path;
// repopulate dst variables from src
$this->file_dst_name = $this->file_src_name;
$this->file_dst_name_body = $this->file_src_name_body;
$this->file_dst_name_ext = $this->file_src_name_ext;
if ($this->image_convert != '') { // if we convert as an image
$this->file_dst_name_ext = $this->image_convert;
$this->log .= '- new file name ext : ' . $this->image_convert . '<br />';
}
if ($this->file_new_name_body != '') { // rename file body
$this->file_dst_name_body = $this->file_new_name_body;
$this->log .= '- new file name body : ' . $this->file_new_name_body . '<br />';
}
if ($this->file_new_name_ext != '') { // rename file ext
$this->file_dst_name_ext = $this->file_new_name_ext;
$this->log .= '- new file name ext : ' . $this->file_new_name_ext . '<br />';
}
if ($this->file_name_body_add != '') { // append a bit to the name
$this->file_dst_name_body = $this->file_dst_name_body . $this->file_name_body_add;
$this->log .= '- file name body add : ' . $this->file_name_body_add . '<br />';
}
if ($this->file_safe_name) { // formats the name
$this->file_dst_name_body = str_replace(array(' ', '-'), array('_','_'), $this->file_dst_name_body) ;
$this->file_dst_name_body = ereg_replace('[^A-Za-z0-9_]', '', $this->file_dst_name_body) ;
$this->log .= '- file name safe format<br />';
}
$this->log .= '- destination variables<br />';
if (empty($this->file_dst_path) || is_null($this->file_dst_path)) {
$this->log .= ' file_dst_path : n/a<br />';
} else {
$this->log .= ' file_dst_path : ' . $this->file_dst_path . '<br />';
}
$this->log .= ' file_dst_name_body : ' . $this->file_dst_name_body . '<br />';
$this->log .= ' file_dst_name_ext : ' . $this->file_dst_name_ext . '<br />';
|