Skip to content

Commit

Permalink
[GSOC-FUQT]Advanced File Uploader: fixed some issues with validation …
Browse files Browse the repository at this point in the history 
…and preview.

git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey_dev@8938 b72ed6b6-b9f8-46b5-92b4-906544132732
  • Loading branch information
Amit Shanker committed Jul 14, 2010
1 parent 6588b8e commit b1c60a1
Show file tree
Hide file tree
Showing 4 changed files with 142 additions and 69 deletions.
68 changes: 42 additions & 26 deletions index.php
View file
Expand Up @@ -1634,47 +1634,63 @@ function checkUploadedFileValidity()
$result = db_execute_assoc($query);
while ($row = $result->FetchRow())
$validation[$row['attribute']] = $row['value'];
//echo "Validation:";printarray($validation);

$filecount = 0;
for ($i = 1; $i <= $validation['max_num_of_files']; $i++)
{
if (!isset($_FILES[$field."_file_".$i]) || $_FILES[$field."_file_".$i]['name'] == '')
continue;

$filecount++;

$file = $_FILES[$field."_file_".$i];
$json = $_POST[$field];
// if name is blank, its basic, hence check
// else, its ajax, don't check, bypass it.

// File size validation
if ($file['size'] > $validation['max_filesize'])
$phparray = json_decode($json);
if ($phparray[0]->size != "")
{ // ajax
$filecount = count($phparray);
}
else
{ // basic
for ($i = 1; $i <= $validation['max_num_of_files']; $i++)
{
$filenotvalidated = array();
$filenotvalidated[$field."_file_".$i] = "Sorry, the uploaded file is larger than the allowed filesize of ".$validation['max_filesize']."<br />Please upload a smaller file.";
$append = true;
}
if (!isset($_FILES[$field."_file_".$i]) || $_FILES[$field."_file_".$i]['name'] == '')
continue;

// File extension validation
$pathinfo = pathinfo(basename($file['name']));
$ext = $pathinfo['extension'];
$filecount++;

$validExtensions = explode(", ", $validation['allowed_filetypes']);
if (!(in_array($ext, $validExtensions)))
{
if (isset($append) && $append)
$file = $_FILES[$field."_file_".$i];

// File size validation
if ($file['size'] > $validation['max_filesize'] * 1000)
{
$filenotvalidated[$field."_file_".$i] .= "Sorry, only ".$validation['allowed_filetypes']." extensions are allowed !";
unset($append);
$filenotvalidated = array();
$filenotvalidated[$field."_file_".$i] = "Sorry, the uploaded file (".$file['size'].") is larger than the allowed filesize of ".$validation['max_filesize']." KB.";
$append = true;
}
else

// File extension validation
$pathinfo = pathinfo(basename($file['name']));
$ext = $pathinfo['extension'];

$validExtensions = explode(",", $validation['allowed_filetypes']);
if (!(in_array($ext, $validExtensions)))
{
$filenotvalidated = array();
$filenotvalidated[$field."_file_".$i] = "Sorry, only ".$validation['allowed_filetypes']." extensions are allowed !";
if (isset($append) && $append)
{
$filenotvalidated[$field."_file_".$i] .= "Sorry, only ".$validation['allowed_filetypes']." extensions are allowed ! ";
unset($append);
}
else
{
$filenotvalidated = array();
$filenotvalidated[$field."_file_".$i] = "Sorry, only ".$validation['allowed_filetypes']." extensions are allowed ! ";
}
}
}
}

if ($filecount < $validation['min_num_of_files'])
{
$filenotvalidated = array();
$filenotvalidated[$field] = "The minimum number of files have not been uploaded";
}
}
}
}
Expand Down
36 changes: 30 additions & 6 deletions qanda.php
View file
Expand Up @@ -3503,7 +3503,7 @@ function do_multiplechoice_withcomments($ia)
// ---------------------------------------------------------------
function do_file_upload($ia)
{
global $clang, $js_header_includes;
global $clang, $js_header_includes, $thissurvey;

if ($ia[8] == 'Y')
$checkconditionFunction = "checkconditions";
Expand Down Expand Up @@ -3540,8 +3540,9 @@ function do_file_upload($ia)
//TODO: use the global settings for allowed file types
}

//TODO: use a javascript to ensure that the size of file
// is not more than $max_filesize
/* TODO:
* 1. On returning to the survey page after error, the title/comments input contain "[{"
*/

$basic = '<br /><br /><table border="0" cellpadding="10" cellspacing="10" align="center">'
.'<tr>'
Expand Down Expand Up @@ -3577,6 +3578,7 @@ function do_file_upload($ia)
}

$basic .= '</tbody></table>';
$basic .= '<br /><br /><a href="#" onclick="hideBasic()">Hide Simple Uploader</a>';

$answer = "<script type='text/javascript'>
Expand Down Expand Up @@ -3610,27 +3612,49 @@ function do_file_upload($ia)
});
function copyJSON(jsonstring, filecount) {
var display = '<table style=\"padding: 10px 10px 5px 5px\" >';
var jsonobj = eval('(' + jsonstring + ')');
var i;
$('#".$ia[1]."').val(jsonstring);
$('#".$ia[1]."_filecount').val(filecount);
for (i = 0; i < filecount; i++)
{
display += '<tr><td align=\"center\"><img src=\"upload/tmp/'+jsonobj[i].name+'\" height=100px align=\"center\"/></td><td align=\"center\">'+jsonobj[i].title+'</td><td align=\"center\">'+jsonobj[i].comment+'</td><td align=\"center\">'+jsonobj[i].name+'</td></tr><tr><td>&nbsp;</td></tr>';
}
display += '</table>';
$('#uploadedfiles').html(display);
$('.externalSite').dialog('close');
};
function displayUploadedFiles(jsonstring, filecount) {
};
function showBasic() {
$('#basic').show();
};
function hideBasic() {
$('#basic').hide();
};
</script>";

$currentdir = getcwd();
$pos = stripos($currentdir, "admin");

if ($pos)
$answer .= "<a id='upload' href='../uploader.php?minfiles=".$minfiles."&maxfiles=".$maxfiles."&ia=".$ia[1]."&maxfilesize=".$maxfilesize."&allowed_filetypes=".$allowed_filetypes."'&preview=1 >Upload files</a><br /><br /><br />";
$answer .= "<h2><a id='upload' href='../uploader.php?minfiles=".$minfiles."&maxfiles=".$maxfiles."&ia=".$ia[1]."&maxfilesize=".$maxfilesize."&allowed_filetypes=".$allowed_filetypes."&preview=1' >Upload files</a></h2><br /><br />";
else if ($thissurvey['active'] != "Y")
$answer .= "<h2><a id='upload' href='uploader.php?minfiles=".$minfiles."&maxfiles=".$maxfiles."&ia=".$ia[1]."&maxfilesize=".$maxfilesize."&allowed_filetypes=".$allowed_filetypes."&preview=1' >Upload files</a></h2><br /><br />";
else
$answer .= "<h2><a id='upload' href='uploader.php?minfiles=".$minfiles."&maxfiles=".$maxfiles."&ia=".$ia[1]."&maxfilesize=".$maxfilesize."&allowed_filetypes=".$allowed_filetypes."'&preview=0 >Upload files</a></h2><br /><br /><br />";
$answer .= "<h2><a id='upload' href='uploader.php?minfiles=".$minfiles."&maxfiles=".$maxfiles."&ia=".$ia[1]."&maxfilesize=".$maxfilesize."&allowed_filetypes=".$allowed_filetypes."&preview=0' >Upload files</a></h2><br /><br />";

$answer .= "<input type='text' id='".$ia[1]."' name='".$ia[1]."' value='".$_SESSION[$ia[1]]."' />";
$answer .= "<input type='text' id='".$ia[1]."_filecount' name='".$ia[1]."_filecount' value='0' />";
$answer .= "<div id='uploadedfiles'></div>";

$answer .= '<br />Trouble uploading files? Try the <a href="#" onclick="showBasic()">Simple Uploader</a><div id="basic">'.$basic.'</div>';

Expand All @@ -3649,7 +3673,7 @@ function showBasic() {
jsonstring += ", ";
if ($("#answer'.$ia[1].'_"+i).val() != "")
jsonstring += "{\"title\":\""+$("#'.$ia[1].'_title_"+i).val()+"\",\"comment\":\""+$("#'.$ia[1].'_comment_"+i).val()+"\"}";
jsonstring += "{\"title\":\""+$("#'.$ia[1].'_title_"+i).val()+"\",\"comment\":\""+$("#'.$ia[1].'_comment_"+i).val()+"\",\"size\":\"\",\"name\":\"\",\"ext\":\"\"}";
}
jsonstring += "]";
Expand Down
72 changes: 45 additions & 27 deletions save.php
View file
Expand Up @@ -462,41 +462,60 @@ function createinsertquery()
// therefore if no date was chosen in a date question the insert value has to be NULL
$values[]='NULL';
}
/*
else if ($fieldexists['type']=='|')

else if ($fieldexists['type']=='|' && strpos($fieldexists['fieldname'], "_filecount") === false)
{
$i = substr(strrchr($value, "_"), 1);
$fieldname = $fieldexists['fieldname'];
$target = "upload/files/";

$json = $_SESSION[$value];
$phparray = json_decode($json);
$count = 0;

if ($_FILES['the_file_'.$i]['tmp_name'] != '')
$query = "SELECT attribute, value FROM ".db_table_name("question_attributes")." WHERE qid = ".$fieldexists['qid'];
$result = db_execute_assoc($query) or safe_die("Failed to fetch question attributes");
while ($row = $result->FetchRow())
$validation[$row['attribute']] = $row['value'];

$validExtensions = explode(",", $validation['allowed_filetypes']);

for ($i = 1; $i <= $validation['max_num_of_files']; $i++)
{
if (!isset($values)) // if this is the first file to be uploaded
$values[0] = '\'{[';
else if ((strrpos($values[0], ",") == strlen($values[0]) - 1) || (strpos($values[0], "]") == strlen($values[0]) - 1)) // last char is a comma or sq brkt
; // do nothing
else // remove the braces '}' and add a ',['
$values[0] = substr($values[0], 0, strlen($values[0]) - 1).',[';
if (strpos($value, "title") != false)
$values[0] .= '"title": "'.$_SESSION[$value].'",';
else if (strpos($value, "comment") != false)
if (($_FILES[$fieldname."_file_".$i]['size'] != 0))
{
$values[0] .= '"comment": "'.$_SESSION[$value].'",';
$random_file_name = randomkey(20);
//TODO: remove the hardcoded path
$uploads_dir = "/opt/lampp/htdocs/gsocls/upload/files";
$the_full_file_path = $uploads_dir."/".$random_file_name;//.strrchr($_FILES['the_file_'.$i]['tmp_name'], ".");
$basic = true;
$pathinfo = pathinfo($_FILES[$fieldname."_file_".$i]['name']);

if (!in_array($pathinfo['extension'], $validExtensions))
continue;

$phparray[$count]->name = $_FILES[$fieldname."_file_".$i]['name'];
$phparray[$count]->size = $_FILES[$fieldname."_file_".$i]['size'];
$phparray[$count]->ext = $pathinfo['extension'];

if (!@move_uploaded_file($_FILES[$fieldname."_file_".$i]['tmp_name'], $target.$_FILES[$fieldname."_file_".$i]['name']))
echo "error uploading";
else
$count++;
}
}

if (!@move_uploaded_file($_FILES['the_file_'.$i]['tmp_name'], $the_full_file_path))
echo "error uploading";
if (!isset($basic) || !$basic)
{ // ajax, move files from temp to files directory
$tmp = "upload/tmp/";
$target = "upload/files/";

for ($i = 0; $i < count($phparray); $i++)
{
if (!copy($tmp.$phparray[$i]->name, $target.$phparray[$i]->name)){
echo "Error Moving file to its destination";die();}
else
$values[0] .= '"filename": "'.$random_file_name.'"]}\'';
unlink($tmp.$phparray[$i]->name);
}
}
$values[] = $connect->qstr(json_encode($phparray), get_magic_quotes_gpc());
}
*/

else
{
if ($fieldexists['type']=='N') //sanitize numerical fields
Expand All @@ -512,7 +531,6 @@ function createinsertquery()
}
$values[]=$connect->qstr($_SESSION[$value],get_magic_quotes_gpc());
}

}
}

Expand Down
35 changes: 25 additions & 10 deletions upload.php
View file
Expand Up @@ -33,26 +33,41 @@

echo json_encode($return);
}
// if everything went fine and the file was uploaded successfuly,
// send the file related info back to the client
else if (move_uploaded_file($_FILES['uploadfile']['tmp_name'], $file)) {
$size = filesize($file);

// If this is just a preview, don't save the file
if ($preview)
{
$return = array(
"success" => true,
"size" => $size,
"name" => basename($file),
"ext" => $ext,
"msg" => "The file has been successfuly uploaded"
"msg" => "The file has been successfuly uploaded. The file has not been saved into the filesystem since this is just a preview."
);
if ($preview == 0)
echo json_encode($return);
}
// if there was some error, report error message
else {
$return = array(
else
{ // if everything went fine and the file was uploaded successfuly,
// send the file related info back to the client
if (move_uploaded_file($_FILES['uploadfile']['tmp_name'], $file))
{
$return = array(
"success" => true,
"size" => $size,
"name" => basename($file),
"ext" => $ext,
"msg" => "The file has been successfuly uploaded"
);
echo json_encode($return);
}
// if there was some error, report error message
else
{
$return = array(
"success" => false,
"msg" => "Unknown error"
);
echo json_encode($return);
echo json_encode($return);
}
}
?>

0 comments on commit b1c60a1

Please sign in to comment.