upload.php 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126
  1. <?php
  2. /**
  3. * upload.php
  4. *
  5. * Copyright 2013, Moxiecode Systems AB
  6. * Released under GPL License.
  7. *
  8. * License: http://www.plupload.com/license
  9. * Contributing: http://www.plupload.com/contributing
  10. */
  11. #!! IMPORTANT:
  12. #!! this file is just an example, it doesn't incorporate any security checks and
  13. #!! is not recommended to be used in production environment as it is. Be sure to
  14. #!! revise it and customize to your needs.
  15. // Make sure file is not cached (as it happens for example on iOS devices)
  16. header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
  17. header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
  18. header("Cache-Control: no-store, no-cache, must-revalidate");
  19. header("Cache-Control: post-check=0, pre-check=0", false);
  20. header("Pragma: no-cache");
  21. /*
  22. // Support CORS
  23. header("Access-Control-Allow-Origin: *");
  24. // other CORS headers if any...
  25. if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
  26. exit; // finish preflight CORS requests here
  27. }
  28. */
  29. // 5 minutes execution time
  30. @set_time_limit(5 * 60);
  31. // Uncomment this one to fake upload time
  32. // usleep(5000);
  33. // Settings
  34. $targetDir = ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload";
  35. //$targetDir = 'uploads';
  36. $cleanupTargetDir = true; // Remove old files
  37. $maxFileAge = 5 * 3600; // Temp file age in seconds
  38. // Create target dir
  39. if (!file_exists($targetDir)) {
  40. @mkdir($targetDir);
  41. }
  42. // Get a file name
  43. if (isset($_REQUEST["name"])) {
  44. $fileName = $_REQUEST["name"];
  45. } elseif (!empty($_FILES)) {
  46. $fileName = $_FILES["file"]["name"];
  47. } else {
  48. $fileName = uniqid("file_");
  49. }
  50. $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
  51. // Chunking might be enabled
  52. $chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0;
  53. $chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0;
  54. // Remove old temp files
  55. if ($cleanupTargetDir) {
  56. if (!is_dir($targetDir) || !$dir = opendir($targetDir)) {
  57. die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}');
  58. }
  59. while (($file = readdir($dir)) !== false) {
  60. $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
  61. // If temp file is current file proceed to the next
  62. if ($tmpfilePath == "{$filePath}.part") {
  63. continue;
  64. }
  65. // Remove temp file if it is older than the max age and is not the current file
  66. if (preg_match('/\.part$/', $file) && (filemtime($tmpfilePath) < time() - $maxFileAge)) {
  67. @unlink($tmpfilePath);
  68. }
  69. }
  70. closedir($dir);
  71. }
  72. // Open temp file
  73. if (!$out = @fopen("{$filePath}.part", $chunks ? "ab" : "wb")) {
  74. die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
  75. }
  76. if (!empty($_FILES)) {
  77. if ($_FILES["file"]["error"] || !is_uploaded_file($_FILES["file"]["tmp_name"])) {
  78. die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
  79. }
  80. // Read binary input stream and append it to temp file
  81. if (!$in = @fopen($_FILES["file"]["tmp_name"], "rb")) {
  82. die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
  83. }
  84. } else {
  85. if (!$in = @fopen("php://input", "rb")) {
  86. die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
  87. }
  88. }
  89. while ($buff = fread($in, 4096)) {
  90. fwrite($out, $buff);
  91. }
  92. @fclose($out);
  93. @fclose($in);
  94. // Check if file has been uploaded
  95. if (!$chunks || $chunk == $chunks - 1) {
  96. // Strip the temp .part suffix off
  97. rename("{$filePath}.part", $filePath);
  98. }
  99. // Return Success JSON-RPC response
  100. die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');