Viên ngọc phương Đông

ruạṛ

<?PHP
/**
 * file object
 * @since KPMG
 */
class file {
	/**
	 * define variables matched to to database fields
	 * may not have identical names, see $this->load_from_data for conversions
	 */
	var $file_id
		, $name
		, $path
		, $title
		, $description
		, $size
		, $type
		, $active
		, $uploaded
		, $updated
		, $downloads
		;
	
	/**
	 * object construction function
	 * @param int $id unique database record id
	 */
	function __construct($id=0)
	{
		/*
		 * set minimum visibility
		 */
		$this->file_id = 0;
		$this->active = 0;
		
		/**
		 * if no id supplied simply prepare product to be populated from dataset
		 */
		if(!$id)
		{
			return;
		}
		
		/**
		 * else get data 
		 * assumes database connection already established at global level
		 * @var object $file mysql dataset
		 */
		$query = "select * from files where file_id = '$id'";
		$result = mysql_query($query);
		
		if($result && mysql_num_rows($result)==1)
		{
			$this->load_from_data(mysql_fetch_assoc($result));
			mysql_free_result($result); // clean up
		}
		
		return;
	}
	
	/**
	 * populate object - can be done on init or manually
	 * @param array $d data;
	 */
	function load_from_data($d)
	{
		if(!empty($d))
		{
			$this->file_id = $d['file_id'];
			$this->name = $d['file_name'];
			$this->path = $d['file_path'];
			$this->title = $d['file_title'];
			$this->description = $d['file_description'];
			$this->size = $d['file_size'];
			$this->mime = $d['mime_type'];
			$this->active = $d['active'];
			$this->uploaded = $d['date_uploaded'];
			$this->updated = $d['date_updated'];
			$this->downloads = $d['count_downloads'];
		}
		
		return;
	}
	
	/**
	 * New file record
	 * @var string $upload form field name
	 * @return bool
	 */
	function create($upload)
	{
		global $message;
		
		$this->title = clean_plain_data($_POST[$upload.'_title']);
		if($this->title == '')
		{
			$this->title = $this->name;
		}
		$this->description = clean_plain_data($_POST[$upload.'_description']);
		
		if($this->upload($upload)) //upload file
		{	
			/**
			 * create database record
			 * @var int $date_uploaded timestamp
			 * @var string $query insert query
			 */
			$this->uploaded = $this->updated = time();
			
			$query = "insert into files (
							file_name
							, file_path
							, file_title
							, file_description
							, file_size
							, mime_type
							, active
							, date_uploaded
							, date_updated
						) values (
							'$this->name'
							, '$this->path'
							, '$this->title'
							, '$this->description'
							, '$this->size'
							, '$this->mime'
							, '$this->active'
							, '$this->uploaded'
							, '$this->uploaded'
						)";
						
			if(!mysql_query($query))
			{
				$message .= mysql_error().' ';
				unlink(DOC_ROOT.$this->path);
				return false;
			}
			
			$this->file_id = mysql_insert_id();
			$message .= "File record created. ";
			return true;
		} 
	}
	
	/**
	 * upload a file
	 * @param string $upload form field prefix
	 * return bool 
	 */
	function upload($upload)
	{
		global $message;
		$m = ''; //internal message 
		/*
		 * do we have a file?
		 */
		//print_r($_FILES); exit;
		if ($_FILES[$upload]) 
		{
			/*
			 * check for upload errors
			 */
			if (($_FILES[$upload]['error'] > 0 ))
			{
				
				switch ($_FILES[$upload]['error'])
				{
					case 1: $m .= 'File exceeded maximum allowed filesize. '; break;
					case 2: $m .= 'File exceeded maximum allowed filesize. '; break;
					case 3: $m .= 'File was only partially uploaded. Please try again. '; break;
					case 4: $m .= 'No file selected. '; break;
				}
				if ($m != '')
				{
					$message .= $m;
					return false;
				}
			}
			elseif(is_uploaded_file($_FILES[$upload]['tmp_name']))
			{
				/**
				 * check for valid file type
				 * comparing mime type is a bit of an experiment at this point (failed to date)
				 * $_FILES['userfile']['type'] 
				 * 	- may not be provided and in any case
				 *	- can be faked
				 * so we don't use this (although it probably would be more secure than just checking suffix) 
				 */
				$mime = mime_content_type($_FILES[$upload]['tmp_name']); 
				$filename = file_name($_FILES[$upload]['name']);
				$suffix = ltrim(strrchr($filename,'.'),'.'); 
				global $FILE_TYPES;
				if(!in_array($suffix,array_keys($FILE_TYPES)))
				//if(!in_array($suffix,array_keys($FILE_TYPES)) || $FILE_TYPES[$suffix] != $mime )
				{
					$message .= $filename.'|'.$suffix.'|'.$mime.'Invalid file type. ';
					return false;
				}
				
				
				$filepath = DOC_ROOT.FILE_DIR.$filename;
				if(file_exists($filepath))
				{
					if($this->file_id && $filepath == DOC_ROOT.$this->path)
					{
						//overwrite
					}
					else
					{
						$message .= "File $filename already exists as ".select_one('files','file_title','file_path',FILE_DIR.$filename).' ';
						return false;
					}
				}
				
				$unlink = false;
				if($this->file_id && $this->name != $filename)
				{
					$unlink = DOC_ROOT.$this->path;
				}
				
				$size = $_FILES[$upload]['size']; //store this - can't actually change it in the object until we know the move was successful 
				//$message .= $filepath.' '.$thumbpath; //debugging

/*
				 * copy in file
				 */
				if (!move_uploaded_file($_FILES[$upload]['tmp_name'], $filepath))
				{
					$message .= "There was a problem relocating the $upload file. Please try again. ";
					return false;
				}
				//else
				
				chmod($filepath, FILE_PERMS);
				if($unlink)
				{
					unlink($unlink);
				}
				
				$this->name = $filename;
				$this->mime = $mime;
				$this->path = FILE_DIR.$filename;
				$this->size = $size;
				
				$message .= $filename." file successfully uploaded. ";
				return true;
			}
			else
			{
				$message .= "No file selected for $upload. ";
				return false;
			}
		}
		else
		{
			$message .= "No file selected for $upload. ";
			return false;
		}
	}
	/**
	 * update file record in the database
	 * @param string $upload form field prefix
	 * return bool 
	 */
	function update($upload='')
	{
		global $message;
		
		if(!$this->file_id)
		{
			$message .= 'Invalid file! ';
			return false;
		}
		//else
		
		if($_FILES[$upload] && is_uploaded_file($_FILES[$upload]['tmp_name']))
		{
			if(!$this->upload($upload))
			{
				return false;
			}
		}
		
		$this->title = clean_plain_data($_POST[$upload.'_title']);
		if($this->title == '')
		{
			$this->title = $this->filename;
		}
		
		$this->description = clean_plain_data($_POST[$upload.'_description']);
		
		/**
		 * @var string $query update query
		 */
		$query = "update files set
					file_name = '$this->name'
					, file_path = '$this->path'
					, file_title = '$this->title'
					, file_description = '$this->description'
					, file_size = '$this->size'
					, mime_type = '$this->mime'
					, active = '$this->active'
					, date_updated = '$this->updated'
					where file_id = '$this->file_id'
					";
					
		$update = mysql_query($query);			
		if(!$update)
		{
			$message .= mysql_error().' ';
			return false;
		}
		
		$message .= 'Record successfully updated ';
		return true;
					
	}
	
	/**
	 * replace file
	 * @param string $upload form field prefix
	 * @param bool $form get data from form for passing to update();
	 * return bool 
	 */
	function replace($upload,$form=true)
	{
		if(!$this->file_id)
		{
			$message .= 'Invalid file! ';
			return false;
		}
		
		if($this->upload($upload))
		{
			return $this->update($form,$upload);
		}
		//else
		return false;
	}
	
	/**
	 * remove file and record from the database
	 * return bool
	 */
	function delete()
	{
		global $message;
		
		if(!$this->file_id)
		{
			$message .= 'Invalid file! ';
			return false;
		}
		
		/**
		 * @var string $query delete query
		 */
		$query = "delete from files where file_id = '".$this->file_id ."'";
		$result = mysql_query($query);
		if(!$result || mysql_affected_rows() != 1)
		{
			$message .= 'There was an error '.mysql_error().' Affected rows: '.mysql_affected_rows();
			return false;
		}
		//else
		/**
		 * remove file
		 */
		if($this->exists())
		{
			unlink(DOC_ROOT.$this->path);
		}
		
		$message .= 'File successfully removed';
		return true;
	}
	
	/**
	 * check that the file actually exists on the server
	 * @return bool 
	 */
	function exists(){
		return (is_file(DOC_ROOT.$this->path));
	}
	
	/**
	 * send as a download 
	 * 	- note MODULE_FILES_REQUIRE_LOGIN checked in process script before calling this method 
	 * @param bool $admin (flag for permissions and counter)
	 * @return bool
	 */
	function download($admin=false)
	{
		global $message;
		if(!$this->file_id || !($this->active || $admin) || !$this->exists())
		{
			$message .= 'File not found. ';
			return false;
		}
		
		// required for IE, otherwise Content-disposition is ignored
		if(ini_get('zlib.output_compression'))
		 ini_set('zlib.output_compression', 'Off');

header('Pragma: public'); // required
		header('Expires: 0');
		header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
		header('Cache-Control: private',false); // required for certain browsers 
		header('Content-Type: '.$this->mime);
		header('Content-Disposition: attachment; filename="'.$this->name.'";' );
		header("Content-Transfer-Encoding: binary");
		header("Content-Length: ".$this->size);
		readfile(DOC_ROOT.$this->path);
		
		if(!$admin)
		{
			mysql_query("update files set count_downloads = count_downloads+1 where file_id = '$this->file_id'");
		}
		
		return true;
	}
}
?>