source: branches/MootoolsFileManager-Update/plugins/MootoolsFileManager/mootools-filemanager/Demos/manager.php @ 1300

Last change on this file since 1300 was 1300, checked in by gogo, 9 years ago

Update the MootoolsFileManager? to the latest cpojer with some modifications.
Add a demo for the MFM examples/mootools-file-manager.php
Change the default config for ImageManager? and ExtendedFileManager? for added security.

File size: 9.6 KB
Line 
1<?php
2die(json_encode(array('status'=> 0, 'error' => "\nSecurity precaution... to enable the demo, edit\nDemos/".basename(__FILE__)."\nand comment out line 2.")));
3
4error_reporting(E_ALL | E_STRICT);
5
6require_once('../Assets/Connector/FileManager.php');
7
8
9define('DEVELOPMENT', 01);   // set to 01 / 1 to enable logging of each incoming event request.
10
11
12// dumper useful in development
13function FM_vardumper($mgr = null, $action = null, $info = null, $filenamebase = null)
14{
15        if (DEVELOPMENT)
16        {
17                if (!is_string($filenamebase))
18                {
19                        $filenamebase = basename(__FILE__);
20                }
21
22                if ($mgr)
23                        $settings = $mgr->getSettings();
24                else
25                        $settings = null;
26
27                //$mimetdefs = $mgr->getMimeTypeDefinitions();
28
29                // log request data:
30                ob_start();
31                        echo "FileManager::action:\n";
32                        var_dump($action);
33                        echo "\n\nFileManager::info:\n";
34                        var_dump($info);
35                        echo "\n\nFileManager::settings:\n";
36                        var_dump($settings);
37
38                        if (0) // set to 'if (01)' if you want this bit dumped as well; fastest back-n-forth edit that way :-)
39                        {
40                                echo "\n\n_SERVER:\n";
41                                var_dump($_SERVER);
42                        }
43                        if (0)
44                        {
45                                echo "\n\n_ENV:\n";
46                                if (isset($_ENV)) var_dump($_ENV); else echo "(null)\n";
47                        }
48                        if (01)
49                        {
50                                echo "\n\n_GET:\n";
51                                if (isset($_GET)) var_dump($_GET); else echo "(null)\n";
52                        }
53                        if (01)
54                        {
55                                echo "\n\n_POST:\n";
56                                if (isset($_POST)) var_dump($_POST); else echo "(null)\n";
57                        }
58                        if (01)
59                        {
60                                echo "\n\n_REQUEST:\n";
61                                if (isset($_REQUEST)) var_dump($_REQUEST); else echo "(null)\n";
62                        }
63                        if (01)
64                        {
65                                echo "\n\n_FILES:\n";
66                                if (isset($_FILES)) var_dump($_FILES); else echo "(null)\n";
67                        }
68                        if (0)
69                        {
70                                echo "\n\n_COOKIES:\n";
71                                if (isset($_COOKIES)) var_dump($_COOKIES); else echo "(null)\n";
72                        }
73                        if (0)
74                        {
75                                echo "\n\n_SESSION:\n";
76                                if (isset($_SESSION)) var_dump($_SESSION); else echo "(null)\n";
77                        }
78                $dump = ob_get_clean();
79                static $count;
80                if (!$count) $count = 1; else $count++;
81                $dst = ((!empty($filenamebase) ? $filenamebase . '.' : '') . date('Ymd-His') . '.' . fmod(microtime(true), 1) . '-' . $action . '-' . $count . '.log');
82                $dst = preg_replace('/[^A-Za-z0-9-_.]+/', '_', $dst);    // make suitable for filesystem
83                @file_put_contents($dst, html_entity_decode(strip_tags($dump), ENT_NOQUOTES, 'UTF-8'));
84        }
85}
86
87
88
89
90/*
91 * FileManager event callback: Please add your own authentication / authorization here.
92 *
93 * Note that this function serves as a custom callback for all FileManager
94 * authentication/authorization requests, but you may of course provide
95 * different functions for each of the FM callbacks.
96 *
97 * Return TRUE when the session/client is authorizaed to execute the action, FALSE
98 * otherwise.
99 *
100 * TODO: allow customer code in here to edit the $fileinfo items and have those edits picked up by FM.
101 *       E.g. changing the filename on write/move, fixing filename extensions based on file content sniffed mimetype, etc.
102 */
103function FM_IsAuthorized($mgr, $action, &$info)
104{
105        //$settings = $mgr->getSettings();
106        //$mimetdefs = $mgr->getMimeTypeDefinitions();
107
108        // log request data:
109        FM_vardumper($mgr, $action, $info);
110
111
112        /*
113         * authenticate / authorize:
114         * this sample is a bogus authorization, but you can perform simple to highly
115         * sophisticated authentications / authorizations here, e.g. even ones which also check permissions
116         * related to what is being uploaded right now (different permissions required for file mimetypes,
117         * e.g. images: any authorized user; while other file types which are more susceptible to carrying
118         * illicit payloads requiring at least 'power/trusted user' permissions, ...)
119         */
120
121        switch ($action)
122        {
123        case 'upload':
124                /*
125                 *   $fileinfo = array(
126                 *     'dir' => (string) directory where the uploaded file will be stored (filesystem absolute)
127                 *     'name' => (string) the filename of the uploaded file (already cleaned and resequenced, without the file name extension
128                 *     'extension' => (string) the file name extension (already cleaned as well, including 'safe' mode processing, i.e. any uploaded binary executable will have been assigned the extension '.txt' already)
129                 *     'size' => (integer) number of bytes of the uploaded file
130                 *     'maxsize' => (integer) the configured maximum number of bytes for any single upload
131                 *     'mimes' => NULL or an array of mime types which are permitted to be uploaded. This is a reference to the array produced by $mgr->getAllowedMimeTypes().
132                 *     'ext2mime_map' => an array of (key, value) pairs which can be used to map a file name extension (key) to a mime type (value). This is a reference to the array produced by $mgr->getAllowedMimeTypes().
133                 *     'chmod' => (integer) UNIX access rights (default: 0666) for the directory-to-be-created (RW for user,group,world). Note that the eXecutable bits have already been stripped before the callback was invoked.
134                 *   );
135                 *
136                 * Note that this request originates from a Macromedia Flash client: hence you'll need to use the
137                 * $_GET['session'] value to manually set the PHP session_id() before you start your your session
138                 * again. (Of course, this assumes you've set up the client side FileManager JS object to pass the
139                 * session_id() in this 'session' request parameter.
140                 *
141                 * In examples provided with mootools_filemanager itself, the value is set to 'MySessionId'.
142                 */
143                if(!empty($_GET['session'])) return true;
144
145                return false;
146
147        case 'download':
148                /*
149                 *     $fileinfo = array(
150                 *         'file' => (string) full path of the file (filesystem absolute)
151                 *     );
152                 */
153                return true;
154
155        case 'create': // create directory
156                /*
157                 *     $fileinfo = array(
158                 *         'dir' => (string) parent directory: directory where the directory-to-be-created will exist (filesystem absolute)
159                 *         'file' => (string) full path of the directory-to-be-created itself (filesystem absolute)
160                 *         'chmod' => (integer) UNIX access rights (default: 0777) for the directory-to-be-created (RWX for user,group,world)
161                 *     );
162                 */
163                return true;
164
165        case 'destroy':
166                /*
167                 *     $fileinfo = array(
168                 *         'dir' => (string) directory where the file / directory-to-be-deleted exists (filesystem absolute)
169                 *         'file' => (string) the filename (with extension) of the file / directory to be deleted
170                 *     );
171                 */
172                return true;
173
174        case 'move':  // move or copy!
175                /*
176                 *     $fileinfo = array(
177                 *         'dir' => (string) directory where the file / directory-to-be-moved/copied exists (filesystem absolute)
178                 *         'file' => (string) the filename (with extension) of the file / directory to be moved/copied
179                 *         'newdir' => NULL or (string) target directory: full path of directory where the file/directory will be moved/copied to. (filesystem absolute)
180                 *         'newname' => NULL or (string) target path: full path of file/directory. This is the file location the file/.directory should be renamed/moved to. (filesystem absolute)
181                 *         'rename' => (boolean) TRUE when a file/directory RENAME operation is requested (name change, staying within the same parent directory). FALSE otherwise.
182                 *         'is_dir' => (boolean) TRUE when the subject is a directory itself, FALSE when it is a regular file.
183                 *         'function' => (string) PHP call which will perform the operation. ('rename' or 'copy')
184                 *     );
185                 *
186                 * on RENAME these path elements will be set: 'dir', 'file'            'newname'; 'rename' = TRUE, 'function' = 'rename'
187                 * on MOVE   these path elements will be set: 'dir', 'file', 'newdir', 'newname'; 'rename' = TRUE, 'function' = 'rename'
188                 * on COPY   these path elements will be set: 'dir', 'file'  'newdir', 'newname'; 'rename' = TRUE, 'function' = 'copy'
189                 */
190                return true;
191
192        default:
193                // unknown operation. Internal server error.
194                return false;
195        }
196}
197
198
199if (01) // debugging
200{
201        if (0)
202        {
203                echo "<pre>\n";
204                echo "pagetitle test = \n";
205                $test = array(
206                        '~!@#$%^&*()_+',
207                        '`1234567890-=',
208                        'QWERTYUIOP{}',
209                        'qwertyuiop[]',
210                        'ASDFGHJKL:"',
211                        'asdfghjkl;\'',
212                        'ZXCVBNM<>?  ',
213                        'zxcvbnm,./  '
214                        );
215                foreach ($test as $t)
216                {
217                        //$r = FileManagerUtility::pagetitle($t);
218                        $r = preg_replace('/([^A-Za-z0-9. \[\]\(\)~&!@#_-])/', '_', $t);
219
220                        echo "\nORIG: [" . htmlentities($t) . "]\nRES:  [" . htmlentities($r) . "]\n";
221                }
222                $test = array(
223                        '.ignore',
224                        '___ignore',
225                        '_._.ignore',
226                        '._._ignore',
227                        'X.ignore',
228                        'X___ignore',
229                        'X_._.ignore',
230                        'X._._ignore',
231                        '__X_ignore',
232                        '_._X.ignore',
233                        '._.X_ignore'
234                        );
235                foreach ($test as $t)
236                {
237                        $r = trim($t, '_.');
238
239                        echo "\nORIG: [" . htmlentities($t) . "]\nRES:  [" . htmlentities($r) . "]\n";
240                }
241        }
242
243        // fake a POST submit through a GET request so we can easily diag/debug event requests:
244        if (!isset($_POST)) $_POST = array();
245        foreach($_GET as $k => $v)
246        {
247                $_POST[$k] = $v;
248        }
249}
250
251
252$browser = new FileManager(array(
253        'directory' => 'Files/',                   // relative paths: are relative to the URI request script path, i.e. dirname(__FILE__)
254        'thumbnailPath' => 'Files/Thumbnails/',
255        'assetBasePath' => '../Assets',
256        'chmod' => 0777,
257        //'maxUploadSize' => 1024 * 1024 * 5,
258        //'upload' => false,
259        //'destroy' => false,
260        //'create' => false,
261        //'move' => false,
262        //'download' => false,
263        //'filter' => 'image/',
264        'allowExtChange' => true,                  // allow file name extensions to be changed; the default however is: NO (FALSE)
265        'UploadIsAuthorized_cb' => 'FM_IsAuthorized',
266        'DownloadIsAuthorized_cb' => 'FM_IsAuthorized',
267        'CreateIsAuthorized_cb' => 'FM_IsAuthorized',
268        'DestroyIsAuthorized_cb' => 'FM_IsAuthorized',
269        'MoveIsAuthorized_cb' => 'FM_IsAuthorized'
270));
271
272
273
274
275// log request data:
276FM_vardumper($browser, 'init' . (!empty($_GET['event']) ? '-' . $_GET['event'] : null));
277
278
279
280
281$browser->fireEvent(!empty($_GET['event']) ? $_GET['event'] : null);
282
Note: See TracBrowser for help on using the repository browser.