From 5dd469aaa1ccde413f986cee70d4dace85000e72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Laumaill=C3=A9?= Date: Mon, 4 Jul 2016 22:43:45 +0200 Subject: [PATCH] 2.1.26 Introduced special token when file attachment to Items. --- items.load.php | 12 ++++-- items.php | 2 + sources/upload/upload.attachments.php | 60 ++++++++++++++++++++------- 3 files changed, 55 insertions(+), 19 deletions(-) diff --git a/items.load.php b/items.load.php index 3a1b1b24e..f4e84ef40 100644 --- a/items.load.php +++ b/items.load.php @@ -727,6 +727,7 @@ function(data) { ); } else { $('#new_show_error').html("").show(); + $("#div_formulaire_saisi ~ .ui-dialog-buttonpane").find("button:contains('')").prop("disabled", false); $("#div_formulaire_saisi_info").hide().html(""); } } @@ -1012,6 +1013,7 @@ function(data) { } else { $('#edit_show_error').html("").show(); + $("#div_formulaire_edition_item ~ .ui-dialog-buttonpane").find("button:contains('')").prop("disabled", false); $("#div_formulaire_edition_item_info").hide().html(""); } } @@ -2925,7 +2927,8 @@ function(data) { itemId : $("#random_id").val(), type_upload : "item_attachments", edit_item : false, - user_token: $("#item_user_token").val() + user_token: $("#item_user_token").val(), + files_number: $("#files_number").val() }); }, UploadComplete: function(up, files) { @@ -2980,6 +2983,7 @@ function(data) {console.log(data[0].token); '
[-] ' + file.name + ' (' + plupload.formatSize(file.size) + ') ' + '
'); + $("#files_number").val(parseInt($("#files_number").val())+1); }); up.refresh(); // Reposition Flash/Silverlight }); @@ -3025,7 +3029,8 @@ function(data) {console.log(data[0].token); itemId : $('#selected_items').val(), type_upload : "item_attachments", edit_item : true, - user_token: $("#item_user_token").val() + user_token: $("#item_user_token").val(), + files_number: $("#edit_files_number").val() }); }, UploadComplete: function(up, files) { @@ -3063,7 +3068,7 @@ function(data) {console.log(data[0].token); numeric: true, ambiguous: true, reason: "item_attachments", - duration: 10 + duration: 30 }, function(data) { $("#item_user_token").val(data[0].token); @@ -3081,6 +3086,7 @@ function(data) { '
[-] ' + file.name + ' (' + plupload.formatSize(file.size) + ') ' + '
'); + $("#edit_files_number").val(parseInt($("#edit_files_number").val())+1); }); up.refresh(); // Reposition Flash/Silverlight }); diff --git a/items.php b/items.php index c9dfc341a..6c77b220d 100644 --- a/items.php +++ b/items.php @@ -518,6 +518,7 @@ '.$LANG['select'].' '.$LANG['start_upload'].' + '; // Tabs N°4 @@ -710,6 +711,7 @@ '.$LANG['select'].' '.$LANG['start_upload'].' + '; // Tabs EDIT N°4 -> Categories diff --git a/sources/upload/upload.attachments.php b/sources/upload/upload.attachments.php index 64df42859..33eff031c 100644 --- a/sources/upload/upload.attachments.php +++ b/sources/upload/upload.attachments.php @@ -39,12 +39,50 @@ handleError('No Session was found.', 110); } -/* // token check if (!isset($_POST['user_token'])) { handleError('No user token found.', 110); exit(); } else { + //Connect to mysql server + require_once $_SESSION['settings']['cpassman_dir'].'/includes/config/settings.php'; + require_once $_SESSION['settings']['cpassman_dir'].'/includes/libraries/Database/Meekrodb/db.class.php'; + DB::$host = $server; + DB::$user = $user; + DB::$password = $pass; + DB::$dbName = $database; + DB::$port = $port; + DB::$encoding = $encoding; + DB::$error_handler = 'db_error_handler'; + $link = mysqli_connect($server, $user, $pass, $database, $port); + $link->set_charset($encoding); + + // delete expired tokens + DB::delete(prefix_table("tokens"), "end_timestamp < %i", time()); + + // create a session if several files to upload + if (!isset($_SESSION[$_POST['user_token']]) || empty($_SESSION[$_POST['user_token']]) || $_SESSION[$_POST['user_token']] === 0) { + $_SESSION[$_POST['user_token']] = $_POST['files_number']; + } else if ($_SESSION[$_POST['user_token']] > 0) { + // increase end_timestamp for token + DB::update( + prefix_table('tokens'), + array( + 'end_timestamp' => time() + 30 + ), + "user_id = %i AND token = %s", + $_SESSION['user_id'], + $_POST['user_token'] + ); + // decrease counter of files to upload + $_SESSION[$_POST['user_token']]--; + } else { + // no more files to upload, kill session + unset($_SESSION[$_POST['user_token']]); + handleError('No user token found.', 110); + exit(); + } + // check if token is expired $data = DB::queryFirstRow( "SELECT end_timestamp FROM ".prefix_table("tokens")." WHERE user_id = %i AND token = %s", @@ -52,17 +90,20 @@ $_POST['user_token'] ); // clear user token - DB::delete(prefix_table("tokens"), "user_id = %i AND token = %s", $_SESSION['user_id'], $_POST['user_token']); + if ($_SESSION[$_POST['user_token']] === 0) { + DB::delete(prefix_table("tokens"), "user_id = %i AND token = %s", $_SESSION['user_id'], $_POST['user_token']); + unset($_SESSION[$_POST['user_token']]); + } if (time() <= $data['end_timestamp']) { // it is ok } else { // too old + unset($_SESSION[$_POST['user_token']]); handleError('User token expired.', 110); exit(); } } -*/ // HTTP headers for no cache etc header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); @@ -278,19 +319,6 @@ $fileRandomId = md5($fileName.time()); rename($filePath, $targetDir . DIRECTORY_SEPARATOR . $fileRandomId); -//Connect to mysql server -require_once '../../includes/config/settings.php'; -require_once $_SESSION['settings']['cpassman_dir'].'/includes/libraries/Database/Meekrodb/db.class.php'; -DB::$host = $server; -DB::$user = $user; -DB::$password = $pass; -DB::$dbName = $database; -DB::$port = $port; -DB::$encoding = $encoding; -DB::$error_handler = 'db_error_handler'; -$link = mysqli_connect($server, $user, $pass, $database, $port); -$link->set_charset($encoding); - //Get data from DB /*$data = DB::queryfirstrow( "SELECT valeur FROM ".$pre."misc