Init(); csSYNOPhotoMisc::CheckSessionTimeOut(true); if (!strcasecmp($this->method, "uploadphoto")) { $this->UploadFile(true); } if (!strcasecmp($this->method, "uploadvideo")) { $this->UploadFile(false); } } private function Init() { csSYNOPhotoMisc::PhotoSessionStart(); $_SESSION[SYNOPHOTO_ADMIN_USER]['security_identifier'] = csSYNOPhotoMisc::GetSessionIdentifier(); if (isset($_REQUEST['session'])) { csSYNOPhotoMisc::RestoreSession(); } csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true); } private function UploadFile($isPhoto) { $ret = false; /* return when lack of params */ if (!isset($_REQUEST['dest_folder_path']) || !isset($_REQUEST['duplicate']) || !isset($_REQUEST['filename']) || !isset($_REQUEST['mtime'])) { $this->SetError(PHOTOSTATION_FILE_BAD_PARAMS); goto End; } /* set required params */ $destShareName = $_REQUEST['dest_folder_path']; if ('' === $destShareName) { if (!csSYNOPhotoMisc::CheckAlbumUploadable('/')) { $this->SetError(PHOTOSTATION_FILE_ACCESS_DENY); goto End; } } elseif (!csSYNOPhotoMisc::CheckAlbumUploadable($destShareName)) { $this->SetError(PHOTOSTATION_FILE_ACCESS_DENY); goto End; } $fileName = $_REQUEST['filename']; if ($isPhoto && !csSYNOPhotoMisc::IsPhotoFile($fileName)) { $this->SetError(PHOTOSTATION_FILE_FILE_EXT_ERR); goto End; } if (!$isPhoto && !csSYNOPhotoMisc::IsVideoFile($fileName)) { $this->SetError(PHOTOSTATION_FILE_FILE_EXT_ERR); goto End; } $destDir = SYNOPHOTO_SERVICE_REAL_DIR . "/" . $destShareName; if (!csSynoPhotoMisc::CheckPathValid($destDir)) { $this->SetError(PHOTOSTATION_FILE_BAD_PARAMS); goto End; } if (!file_exists($destDir)) { $this->SetError(PHOTOSTATION_FILE_DIR_NOT_EXISTS); goto End; } $mtime = $_REQUEST['mtime']; $dup = $_REQUEST['duplicate']; $overwrite = ('ignore' === $dup) ? 0 : (('overwrite' === $dup) ? 1 : 2); // default is rename /* set all uploaded file data */ $hasFile = false; $files = array(); $allowed_upload_form_names = array('original', 'thumb_small', 'thumb_large', 'high', 'medium', 'low', 'mobile', 'iphone', 'android', 'flv'); foreach($allowed_upload_form_names as $name) { $files[$name] = null; if (isset($_FILES[$name])) { if ($_FILES[$name]['error'] > 0) { // files is not uploaded successfully by form upload $this->SetError(PHOTOSTATION_FILE_UPLOAD_ERROR); goto End; } $files[$name] = $_FILES[$name]; } $hasFile = true; } if (!$hasFile) { $this->SetError(PHOTOSTATION_FILE_NO_FILE); goto End; } $destPath = $destDir . "/" . $fileName; if (@file_exists($destPath)) { if (0 === $overwrite) { //ignore $ret = false; goto End; } else if (2 === $overwrite) { //rename $dir = pathinfo($destPath, PATHINFO_DIRNAME); $name = pathinfo($destPath, PATHINFO_FILENAME); $ext = pathinfo($destPath, PATHINFO_EXTENSION); $rename_suffix = 0; $rename_path = $destPath; while (file_exists($rename_path)) { $rename_path = "$dir/$name" . "_" . (++$rename_suffix) . ".$ext"; } $destPath = $rename_path; } } $IsOldEAFilePrefix = csSYNOPhotoMisc::IsOldEAFilePrefix(); /* set all destination file path */ $destEADir = SYNOPhotoEA::getEADirPath($destPath); $smallPath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_THUMB_M, $IsOldEAFilePrefix); $largePath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_THUMB_XL, $IsOldEAFilePrefix); $vHighPath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_FILM_H_MP4, $IsOldEAFilePrefix); $vMediumPath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_FILM_M_MP4, $IsOldEAFilePrefix); $vLowPath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_FILM_L_MP4, $IsOldEAFilePrefix); $vFlvPath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_FILM_FLV, $IsOldEAFilePrefix); $vMobilePath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_FILM_MOBILE_MP4, $IsOldEAFilePrefix); $vIPhonePath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_FILM_MOBILE_IPHONE, $IsOldEAFilePrefix); $vAndroidPath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_FILM_MOBILE_ANDROID, $IsOldEAFilePrefix); @mkdir($destDir, 0777, true); @mkdir($destEADir, 0777, true); /* write all existed files */ $this->writeFile($files['thumb_small']['tmp_name'], $smallPath); $this->writeFile($files['thumb_large']['tmp_name'], $largePath); if (!$isPhoto) { $this->writeFile($files['high']['tmp_name'], $vHighPath); $this->writeFile($files['medium']['tmp_name'], $vMediumPath); $this->writeFile($files['low']['tmp_name'], $vLowPath); $this->writeFile($files['flv']['tmp_name'], $vFlvPath); $this->writeFile($files['mobile']['tmp_name'], $vMobilePath); $this->writeFile($files['iphone']['tmp_name'], $vIPhonePath); $this->writeFile($files['android']['tmp_name'], $vAndroidPath); } $ret = $this->writeFile($files['original']['tmp_name'], $destPath); /* trigger index */ if (!empty($files['original']) && $ret) { @touch($destPath, $mtime / 1000); $path_part = pathinfo($rename_path ? $rename_path : $fileName); if (isset($_REQUEST['title'])) { $path_part['title'] = $_REQUEST['title']; } if (isset($_REQUEST['description'])) { $path_part['description'] = $_REQUEST['description']; } $dbPath = SYNOPHOTO_SERVICE_REAL_DIR_PATH . trim($destShareName . "/" . $path_part['basename'], "/"); File::AddFile($dbPath, $destPath, $path_part['title'], $path_part['description']); } PhotoLog::Add($fileName." was uploaded to album ".$destShareName." successfully.", true, strtolower(GetLoginUsername())); $ret = true; End: return $ret; } private function writeFile($tmpPath, $destPath) { if (empty($tmpPath)) { return false; } if (!is_uploaded_file($tmpPath)) { return false; } if (!@move_uploaded_file($tmpPath, $destPath)) { return false; } @chmod($destPath, 0777); return true; } } $api = new FileAPI(); $api->Run();