source: branches/MootoolsFileManager-Update/plugins/MootoolsFileManager/mootools-filemanager/Demos/selectImage.php @ 1300

Last change on this file since 1300 was 1300, checked in by gogo, 8 years ago

Update the MootoolsFileManager? to the latest cpojer with some modifications.
Add a demo for the MFM examples/mootools-file-manager.php
Change the default config for ImageManager? and ExtendedFileManager? for added security.

File size: 8.7 KB
Line 
1<?php
2die(json_encode(array('status'=> 0, 'error' => "\nSecurity precaution... to enable the demo, edit\nDemos/".basename(__FILE__)."\nand comment out line 2.")));
3error_reporting(E_ALL | E_STRICT);
4
5require_once('../Assets/Connector/FileManager.php');
6
7
8define('DEVELOPMENT', 0);   // set to 01 / 1 to enable logging of each incoming event request.
9
10
11// dumper useful in development
12function FM_vardumper($mgr = null, $action = null, $info = null, $filenamebase = null)
13{
14        if (DEVELOPMENT)
15        {
16                if (!is_string($filenamebase))
17                {
18                        $filenamebase = basename(__FILE__);
19                }
20
21                if ($mgr)
22                        $settings = $mgr->getSettings();
23                else
24                        $settings = null;
25
26                //$mimetdefs = $mgr->getMimeTypeDefinitions();
27
28                // log request data:
29                ob_start();
30                        echo "FileManager::action:\n";
31                        var_dump($action);
32                        echo "\n\nFileManager::info:\n";
33                        var_dump($info);
34                        echo "\n\nFileManager::settings:\n";
35                        var_dump($settings);
36
37                        if (0) // set to 'if (01)' if you want this bit dumped as well; fastest back-n-forth edit that way :-)
38                        {
39                                echo "\n\n_SERVER:\n";
40                                var_dump($_SERVER);
41                        }
42                        if (0)
43                        {
44                                echo "\n\n_ENV:\n";
45                                if (isset($_ENV)) var_dump($_ENV); else echo "(null)\n";
46                        }
47                        if (01)
48                        {
49                                echo "\n\n_GET:\n";
50                                if (isset($_GET)) var_dump($_GET); else echo "(null)\n";
51                        }
52                        if (01)
53                        {
54                                echo "\n\n_POST:\n";
55                                if (isset($_POST)) var_dump($_POST); else echo "(null)\n";
56                        }
57                        if (01)
58                        {
59                                echo "\n\n_REQUEST:\n";
60                                if (isset($_REQUEST)) var_dump($_REQUEST); else echo "(null)\n";
61                        }
62                        if (01)
63                        {
64                                echo "\n\n_FILES:\n";
65                                if (isset($_FILES)) var_dump($_FILES); else echo "(null)\n";
66                        }
67                        if (0)
68                        {
69                                echo "\n\n_COOKIES:\n";
70                                if (isset($_COOKIES)) var_dump($_COOKIES); else echo "(null)\n";
71                        }
72                        if (0)
73                        {
74                                echo "\n\n_SESSION:\n";
75                                if (isset($_SESSION)) var_dump($_SESSION); else echo "(null)\n";
76                        }
77                $dump = ob_get_clean();
78                static $count;
79                if (!$count) $count = 1; else $count++;
80                $dst = ((!empty($filenamebase) ? $filenamebase . '.' : '') . date('Ymd-His') . '.' . fmod(microtime(true), 1) . '-' . $action . '-' . $count . '.log');
81                $dst = preg_replace('/[^A-Za-z0-9-_.]+/', '_', $dst);    // make suitable for filesystem
82                @file_put_contents($dst, html_entity_decode(strip_tags($dump), ENT_NOQUOTES, 'UTF-8'));
83        }
84}
85
86
87
88
89/*
90 * FileManager event callback: Please add your own authentication / authorization here.
91 *
92 * Note that this function serves as a custom callback for all FileManager
93 * authentication/authorization requests, but you may of course provide
94 * different functions for each of the FM callbacks.
95 *
96 * Return TRUE when the session/client is authorizaed to execute the action, FALSE
97 * otherwise.
98 *
99 * TODO: allow customer code in here to edit the $fileinfo items and have those edits picked up by FM.
100 *       E.g. changing the filename on write/move, fixing filename extensions based on file content sniffed mimetype, etc.
101 */
102function FM_IsAuthorized($mgr, $action, &$info)
103{
104        //$settings = $mgr->getSettings();
105        //$mimetdefs = $mgr->getMimeTypeDefinitions();
106
107        // log request data:
108        FM_vardumper($mgr, $action, $info);
109
110
111        /*
112         * authenticate / authorize:
113         * this sample is a bogus authorization, but you can perform simple to highly
114         * sophisticated authentications / authorizations here, e.g. even ones which also check permissions
115         * related to what is being uploaded right now (different permissions required for file mimetypes,
116         * e.g. images: any authorized user; while other file types which are more susceptible to carrying
117         * illicit payloads requiring at least 'power/trusted user' permissions, ...)
118         */
119
120        switch ($action)
121        {
122        case 'upload':
123                /*
124                 *   $fileinfo = array(
125                 *     'dir' => (string) directory where the uploaded file will be stored (filesystem absolute)
126                 *     'name' => (string) the filename of the uploaded file (already cleaned and resequenced, without the file name extension
127                 *     'extension' => (string) the file name extension (already cleaned as well, including 'safe' mode processing, i.e. any uploaded binary executable will have been assigned the extension '.txt' already)
128                 *     'size' => (integer) number of bytes of the uploaded file
129                 *     'maxsize' => (integer) the configured maximum number of bytes for any single upload
130                 *     'mimes' => NULL or an array of mime types which are permitted to be uploaded. This is a reference to the array produced by $mgr->getAllowedMimeTypes().
131                 *     'ext2mime_map' => an array of (key, value) pairs which can be used to map a file name extension (key) to a mime type (value). This is a reference to the array produced by $mgr->getAllowedMimeTypes().
132                 *     'chmod' => (integer) UNIX access rights (default: 0666) for the directory-to-be-created (RW for user,group,world). Note that the eXecutable bits have already been stripped before the callback was invoked.
133                 *   );
134                 *
135                 * Note that this request originates from a Macromedia Flash client: hence you'll need to use the
136                 * $_GET['session'] value to manually set the PHP session_id() before you start your your session
137                 * again. (Of course, this assumes you've set up the client side FileManager JS object to pass the
138                 * session_id() in this 'session' request parameter.
139                 *
140                 * In examples provided with mootools_filemanager itself, the value is set to 'MySessionId'.
141                 */
142                if(!empty($_GET['session'])) return true;
143
144                return false;
145
146        case 'download':
147                /*
148                 *     $fileinfo = array(
149                 *         'file' => (string) full path of the file (filesystem absolute)
150                 *     );
151                 */
152                return true;
153
154        case 'create': // create directory
155                /*
156                 *     $fileinfo = array(
157                 *         'dir' => (string) parent directory: directory where the directory-to-be-created will exist (filesystem absolute)
158                 *         'file' => (string) full path of the directory-to-be-created itself (filesystem absolute)
159                 *         'chmod' => (integer) UNIX access rights (default: 0777) for the directory-to-be-created (RWX for user,group,world)
160                 *     );
161                 */
162                return true;
163
164        case 'destroy':
165                /*
166                 *     $fileinfo = array(
167                 *         'dir' => (string) directory where the file / directory-to-be-deleted exists (filesystem absolute)
168                 *         'file' => (string) the filename (with extension) of the file / directory to be deleted
169                 *     );
170                 */
171                return true;
172
173        case 'move':  // move or copy!
174                /*
175                 *     $fileinfo = array(
176                 *         'dir' => (string) directory where the file / directory-to-be-moved/copied exists (filesystem absolute)
177                 *         'file' => (string) the filename (with extension) of the file / directory to be moved/copied
178                 *         'newdir' => NULL or (string) target directory: full path of directory where the file/directory will be moved/copied to. (filesystem absolute)
179                 *         'newname' => NULL or (string) target path: full path of file/directory. This is the file location the file/.directory should be renamed/moved to. (filesystem absolute)
180                 *         'rename' => (boolean) TRUE when a file/directory RENAME operation is requested (name change, staying within the same parent directory). FALSE otherwise.
181                 *         'is_dir' => (boolean) TRUE when the subject is a directory itself, FALSE when it is a regular file.
182                 *         'function' => (string) PHP call which will perform the operation. ('rename' or 'copy')
183                 *     );
184                 *
185                 * on RENAME these path elements will be set: 'dir', 'file'            'newname'; 'rename' = TRUE, 'function' = 'rename'
186                 * on MOVE   these path elements will be set: 'dir', 'file', 'newdir', 'newname'; 'rename' = TRUE, 'function' = 'rename'
187                 * on COPY   these path elements will be set: 'dir', 'file'  'newdir', 'newname'; 'rename' = TRUE, 'function' = 'copy'
188                 */
189                return true;
190
191        default:
192                // unknown operation. Internal server error.
193                return false;
194        }
195}
196
197
198if (01) // debugging
199{
200        // fake a POST submit through a GET request so we can easily diag/debug event requests:
201        if (!isset($_POST)) $_POST = array();
202        foreach($_GET as $k => $v)
203        {
204                $_POST[$k] = $v;
205        }
206}
207
208
209$browser = new FileManager(array(
210        'directory' => 'Files/',                   // relative paths: are relative to the URI request script path, i.e. dirname(__FILE__)
211        'thumbnailPath' => 'Files/Thumbnails/',
212        'assetBasePath' => '../Assets',
213        'chmod' => 0777,
214        //'maxUploadSize' => 1024 * 1024 * 5,
215        //'upload' => false,
216        //'destroy' => false,
217        //'create' => false,
218        //'move' => false,
219        //'download' => false,
220        'filter' => 'image/',
221        //'allowExtChange' => true,
222        'UploadIsAuthorized_cb' => 'FM_IsAuthorized',
223        'DownloadIsAuthorized_cb' => 'FM_IsAuthorized',
224        'CreateIsAuthorized_cb' => 'FM_IsAuthorized',
225        'DestroyIsAuthorized_cb' => 'FM_IsAuthorized',
226        'MoveIsAuthorized_cb' => 'FM_IsAuthorized'
227));
228
229
230
231
232// log request data:
233FM_vardumper($browser, 'init' . (!empty($_GET['event']) ? '-' . $_GET['event'] : null));
234
235
236
237
238$browser->fireEvent(!empty($_GET['event']) ? $_GET['event'] : null);
239
Note: See TracBrowser for help on using the repository browser.