| Server IP : 54.36.91.62 / Your IP : 216.73.216.86 Web Server : Apache System : Linux webm013.cluster127.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64 User : coopiak ( 151928) PHP Version : 8.3.23 Disable Function : _dyuweyrj4,_dyuweyrj4r,dl MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/coopiak/amisdesseniors-fr/administrator/components/com_jlexreview/models/ |
Upload File : |
<?php
/**
* @package JLex Review
* @version 4.2.3
* @copyright Copyright (c) 2013-2018 JLexArt. All rights reserved
* @license GNU General Public License version 2 or later;
* @author www.jlexart.com
*/
defined('_JEXEC') or die;
// using to create thumb image
require_once dirname(__FILE__)."/../libs/class.image.php";
jimport("joomla.filesystem.file");
class JLexReviewModelMedia extends JModelLegacy
{
public $id = 0;
public function _isOwn()
{
if($this->id<1)
{
$this->setError(JText::_("JR_FILE_NOT_FOUND"));
return false;
}
$session = JFactory::getSession();
$user = JFactory::getUser();
$permission = $session->get('item_' . $this->id, false, 'jreview_media');
if($permission==true) return true;
$whereClauses = array();
if($user->guest)
{
$this->setError(JText::_("JR_PERMISSION_DENIED"));
return false;
}
$query = $this->_db->getQuery(true);
$query->select("id")
->from("#__jlexreview_attachment")
->where([
"id=".$this->id,
"created_by=".$user->id
]);
$return = $this->_db->setQuery($query)->loadResult();
return $return>0?true:false;
}
public function upload()
{
$app = JFactory:: getApplication();
$session = JFactory::getSession();
$user = JFactory::getUser();
$time = JFactory::getDate()->toSql();
$data = array (
"created_by" => $user->id,
"created" => $time
);
$config = JLexReviewHelperAdmin::getConfig();
if($app->isClient("site") && $config->get("u_upload_file",false)==false)
{
$this->setError(JText::_("JR_THE_FEATURE_DISABLED"));
return false;
}
$fileAllows = $config->get("file_ext", "jpg,jpeg,png,gif,zip,rar");
$fileAllows = explode("," , $fileAllows);
$file = array_key_exists('file', $_FILES) ? $_FILES['file'] : null;
if($file==null || $file['size']==0 || $file['error']!=0)
{
$this->setError(JText::_("JR_SELECT_FILE_TO_UPLOAD"));
return false;
}
$max_file_size = $config->get("file_size_upload",4);
if($file['size']>$max_file_size*1024*1024)
{
$this->setError(JText::_("JR_MAX_FILE_SIZE_UPLOAD") . ": {$max_file_size}Mb.");
return false;
}
$type = strtolower(JFile::getExt($file['name']));
if(!in_array($type, $fileAllows))
{
$this->setError(JText::_("JR_FILE_TYPE_NOT_SUPPORTED"));
return false;
}
// assign some parameters
$data['name'] = $file['name'];
$data['file_size'] = $file['size'];
$data['file_ext'] = $type;
$filename_new = substr(md5($file['name'] . $time . $user->id), 0, 16) . '.' . $type;
$data['file_name'] = $filename_new;
switch ($type)
{
case 'png':
case 'jpg':
case 'jpeg':
case 'gif':
$data['file_type'] = 'image';
if(!@is_array(getimagesize($file['tmp_name'])))
{
$this->setError("File not image");
return false;
}
// upload tmp file
$data['path'] = 'media/jlexreview/images/'.$filename_new;
$dest = JPATH_ROOT.'/'.$data['path'];
if(!JFile::upload($file['tmp_name'], $dest))
{
$this->setError(JText::_("JR_COULD_NOT_UPLOAD_FILE"));
return false;
}
// create thumbnail image
$resizeObj = new abeautifulsite\SimpleImage($dest);
try {
$thumb = JPATH_ROOT . '/media/jlexreview/thumb/' . $filename_new;
$resizeObj->thumbnail(160, 160)
->save($thumb);
} catch (Exception $e) {
$this->setError($e->getMessage());
return false;
}
break;
case 'zip':
case 'rar':
$data['file_type'] = 'compression';
try {
$bytes = file_get_contents($file['tmp_name'], FALSE, NULL, 0, 7);
if ($type == 'rar' && bin2hex($bytes) != '526172211a0700') {
throw new Exception ( JText::_("JR_RAR_FILE_TYPE_INCORRECT") );
}
if ($type == 'zip' && substr($bytes, 0, 2) != 'PK') {
throw new Exception ( JText::_("JR_ZIP_FILE_TYPE_INCORRECT") );
}
} catch (Exception $e) {
$this->setError ($e->getMessage());
return false;
}
// upload file
$data['path'] = 'media/jlexreview/compression/' . $filename_new;
$dest = JPATH_ROOT . '/' . $data['path'];
if(!JFile::upload($file['tmp_name'], $dest, false, true))
{
$this->setError(JText::_("JR_COULD_NOT_UPLOAD_FILE"));
return false;
}
break;
default:
// other file
$data['file_type'] = 'unknown';
// upload file
$data ['path'] = 'media/jlexreview/other/' . $filename_new;
$dest = JPATH_ROOT . '/' . $data['path'];
if(!JFile::upload($file['tmp_name'], $dest, false, true))
{
$this->setError(JText::_("JR_COULD_NOT_UPLOAD_FILE"));
return false;
}
break;
}
// import to database
$row = $this->getTable('attachment', 'TableJR');
$row->bind($data);
if(!$row->store())
{
$this->setError(JText::_("JR_COULD_NOT_UPLOAD_FILE"));
return false;
}
// assign permission for item
$session->set('item_' . $row->id, true, 'jreview_media');
return $row->id;
}
public function getItem()
{
if($this->id<1)
{
$this->setError(JText::_("JR_FILE_NOT_FOUND"));
return false;
}
$config = JLexReviewHelperAdmin::getConfig();
$permission = false;
if($this->_isOwn() || $config->get("u_edit_any_review",false)==true )
{
$permission = true;
}
if(!$permission)
{
$this->setError (JText::_("JR_PERMISSION_DENIED"));
return false;
}
$query = $this->_db->getQuery(true);
$query->select("name, description")
->from("#__jlexreview_attachment")
->where("id=" . $this->id);
$media = $this->_db->setQuery($query)->loadObject();
if(!$media)
{
$this->setError(JText::_("JR_FILE_NOT_FOUND"));
return false;
}
return $media;
}
public function update()
{
$app = JFactory::getApplication();
$session = JFactory::getSession();
$this->id = $app->getInput()->getInt('id', 0);
$config = JLexReviewHelperAdmin::getConfig();
$permission = false;
if($this->_isOwn() || $config->get("u_edit_any_review",false)==true )
{
$permission = true;
}
if(!$permission || $config->get("file_extra_tag",1)==0)
{
$this->setError (JText::_("JR_PERMISSION_DENIED"));
return false;
}
$row = $this->getTable('attachment', 'TableJR');
$row->load($this->id);
if(!$row->id)
{
$this->setError(JText::_("JR_FILE_NOT_FOUND"));
return false;
}
$description = array_key_exists('description', $_REQUEST) ? $_REQUEST['description'] : '';
$name = $app->getInput()->getString('name', '');
if(preg_match("/^\s*$/", $name))
{
$this->setError(JText::_("JR_NAME_FIELD_NOT_EMPTY"));
return false;
}
$data = array('name' => $name);
if($config->get("file_extra_tag", 1)==1)
{
$data["description"] = htmlspecialchars($description);
}
$row->bind($data);
if(!$row->store())
{
$this->setError("Error. Try again");
return false;
}
return true;
}
public function download()
{
$app = JFactory::getApplication();
$user = JFactory::getUser();
$config = JLexReviewHelperAdmin::getConfig();
if($config->get("u_download_file",false)==false && $this->_isOwn()==false)
{
$this->setError(JText::_("JR_PERMISSION_DENIED"));
return false;
}
// downloader ready
$query = $this->_db->getQuery(true);
$query->select('*')
->from('#__jlexreview_attachment')
->where('id='.$this->id);
$media = $this->_db->setQuery($query)->loadObject();
if(!$media)
{
$this->setError(JText::_("JR_FILE_NOT_FOUND"));
return false;
}
// exec file
$name = $media->name . '.' . $media->file_ext;
$path = JPATH_ROOT . '/' . $media->path;
if(!is_file($path))
{
$this->setError(JText::_("JR_FILE_NOT_FOUND"));
return false;
}
if(ini_get('zlib.output_compression'))
{
ini_set('zlib.output_compression', 'Off');
}
switch ( $extension ) {
case "pdf":
$type = "application/pdf";
break;
case "exe":
$type = "application/octet-stream";
break;
case "zip":
$type = "application/zip";
break;
case "doc":
$type = "application/msword";
break;
case "xls":
$type = "application/vnd.ms-excel";
break;
case "ppt":
$type = "application/vnd.ms-powerpoint";
break;
case "gif":
$type = "image/gif";
break;
case "png":
$type = "image/png";
break;
case "jpeg":
case "jpg":
$type = "image/jpg";
break;
default:
$type = "application/force-download";
}
header("Pragma: public"); // required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private", false);
header("Content-Type: $type");
header("Content-Disposition: attachment; filename=\"".$name."\";");
header("Content-Transfer-Encoding: binary");
$handle = fopen($path, "rb");
echo fread($handle, filesize($path));
$app->close ();
}
public function remove($id=0)
{
$app = JFactory::getApplication();
$session = JFactory::getSession();
if(!$id) $id = $app->getInput()->getInt('id', 0);
$this->id = $id;
$config = JLexReviewHelperAdmin::getConfig();
$permission = false;
if($this->_isOwn() || $config->get("u_edit_any_review",false)==true)
$permission = true;
if(!$permission)
{
$this->setError(jtext::_("JR_PERMISSION_DENIED"));
return false;
}
$row = $this->getTable('attachment', 'TableJR');
$row->load($id);
if($row->id<1)
{
$this->setError(jtext::_("JR_FILE_NOT_FOUND"));
return false;
}
$row->delete();
$session->clear('item_' . $id, 'jreview_media');
// remove file
JFile::delete(JPATH_ROOT . "/" . $row->path);
JFile::delete(JPATH_ROOT . "/media/jlexreview/thumb/" . $row->file_name);
return true;
}
protected $count_tmp_file = 0;
public function clean()
{
set_time_limit(0);
// delete all attachments that haven't used.
$query = $this->_db->getQuery(true);
$query->select('SQL_CALC_FOUND_ROWS id')
->from('#__jlexreview_attachment')
->where('review_id=0')
->order('id ASC');
$rows = $this->_db->setQuery($query, 0, 30)->loadObjectList();
$total = (int) $this->_db->setQuery("SELECT FOUND_ROWS()")->loadResult();
if($total<1 || !$rows)
return $this->count_tmp_file;
$this->count_tmp_file+=$total;
foreach($rows as $row)
{
$this->remove($row->id);
}
return $this->clean();
}
}