all

file.php

@@ -4,29 +4,6 @@
 require_once(__DIR__.DIRECTORY_SEPARATOR."src".DIRECTORY_SEPARATOR."XUP".DIRECTORY_SEPARATOR."adapters".DIRECTORY_SEPARATOR."dropbox.php");
 require_once(__DIR__.DIRECTORY_SEPARATOR."src".DIRECTORY_SEPARATOR."XUP".DIRECTORY_SEPARATOR."adapters".DIRECTORY_SEPARATOR."amazonwebservices.php");
 
-use XUP\Uploader\Main;
-use XUP\Uploader\Drive;
-use XUP\Uploader\Dropbox;
-use XUP\Uploader\AmazonWebServices;
-$output = array();
-$services = array("Drive","Dropbox","AmazonWebServices");
-$action = $_POST["action"];
-foreach ($services as $service) {
-	$class = "XUP\Uploader\\".$service;
-	$adapter = new $class();
-	$output[$service] = $action($adapter,$_POST);
-}
-exit(json_encode($output));
-
-function upload($adapter,$post) {
-	$params = json_encode(array("formid" => injection($post["formid"]),"folder"=>injection($post["folder"]),"qid" => injection($post["qid"]), "key" => $post["key"], "file" => injection($post["file"]),"folderKey" => injection($post["folderKey"])));
-	return $adapter->upload($params);
-}
-function deleteFile($adapter,$post) {
-	$params = json_encode(array("formid" => injection($post["formid"]),"qid" => injection($post["qid"]),"remove" => $post["remove"],"aws" => $post["aws"]));
-	return $adapter->deleteFile($params);
-}
-
 function injection($str) {
 	$bad = array(
 		'<!--', '-->',
@@ -66,3 +43,170 @@ function injection($str) {
 	while ($old !== $str);
 	return $str;	
 }
+
+if($_POST["action"] == "save"){
+	function fileNameExist($path,$filename){
+		while(file_exists($path.DIRECTORY_SEPARATOR.$filename) != false) {
+			$filename = "1_".$filename;
+		}
+		return $filename;
+	}
+
+	function type($str){
+		$neverAllow =  array(
+			'php', 
+			'pl', 
+			'cgi',
+			'rb', 
+			'asp', 
+			'aspx',
+			'exe', 
+			'scr', 
+			'dll',
+			'msi',
+			'vbs',
+			'bat',
+			'com',
+			'pif',
+			'cmd',
+			'vxd',
+			'cpl'
+		);
+		foreach ($neverAllow as $fft){
+			if(stripos($str,$fft) !== FALSE)
+			{
+				return false;
+			}		
+		}
+		return true; 
+	}
+	function mime($str){
+		$neverAllow = array(
+			"application/octet-stream",
+			"application/javascript",
+			"text/javascript"
+		);
+		foreach ($neverAllow as $fmt){
+			if(stripos($fmt, $str))
+			{
+				return false;
+			}		
+			else
+			{
+				return true;
+			}
+		}
+	}
+	function getFolder($formid,$key){
+		$file = fopen("/tmp/$formid/$key.txt","r");
+		$date = fgets($file);
+		fclose($file);
+		return $date;
+	}
+	function saveFolder($formid,$key,$date){
+		$file = fopen("/tmp/$formid/$key.txt","wr") or die ("Unable to open file");
+		fwrite($file,$date."-".$key) or die ("Unable to write file!");
+		fclose($file);
+		return true;
+	}
+	function save($fileTmpName,$filePath,$fileName,$folder){
+		if(move_uploaded_file($fileTmpName, $filePath. DIRECTORY_SEPARATOR .$fileName)){
+			if(mime($filePath. DIRECTORY_SEPARATOR .$fileName.DIRECTORY_SEPARATOR.$fileName) != true)
+			{
+				exit(json_encode(array("succes"=>false,"error"=>"mime_content_type($fileName)")));	
+			}
+			chmod($filePath. DIRECTORY_SEPARATOR .$fileName, 0776);
+			header("HTTP/1.1 200");
+			exit(json_encode(array("succes"=>true,"filename" => $fileName,"folder" => $folder,"error"=>null)));			
+		}
+		else{
+			var_dump($fileTmpName . " " . $fileName . " ".$filePath);
+			header("HTTP/1.1 500");
+			exit(json_encode(array("succes"=>false,"error"=>"Internal Server Error!")));
+		}
+	}
+	$formid = injection($_POST["formid"]);
+	$key = injection($_POST["filekey"]);
+	$folder = null;
+	if(realpath("/tmp/$formid") !== true){
+		if(file_exists("/tmp/$formid" !== true)){
+			$oldumask = umask(0);//kalkacak
+			mkdir("/tmp/$formid",0777,true);//644
+			umask($oldumask);//kalkacak
+		}
+	}
+	if(file_exists(DIRECTORY_SEPARATOR."tmp".DIRECTORY_SEPARATOR."$formid".DIRECTORY_SEPARATOR."$key.txt")){
+		$folder = getFolder($formid,$key);
+	}
+	else{
+		$folder = date("h-ia d-m-Y");
+		saveFolder($formid,$key,$folder);
+		$folder = $folder."-".$key;
+	}
+	$qid = injection($_POST["qid"]);
+	$path = DIRECTORY_SEPARATOR . "tmp"; 
+	$file_path = implode(DIRECTORY_SEPARATOR, array($path,$formid,$folder,"questionid".$qid));
+	if(realpath($file_path) !== true){
+		if(file_exists($file_path) !== true){
+			$oldumask = umask(0);//kalkacak
+			mkdir($file_path,0777,true);//644
+			umask($oldumask);//kalkacak
+		}
+	}
+	foreach ($_FILES as $key => $value) {
+		$file_name = injection($_FILES[$key]["name"]);
+		$array = explode('.', $file_name);
+		$extension = end($array);
+		if(type($extension) != true){
+			exit(json_encode(array("succes"=>false,"error"=>"type")));
+		}
+
+		$chars = range("a","z");
+		$numbers= range("0","9");
+		foreach ($chars as $char){
+			if(stripos($file_name, $char)){
+				break;
+			}
+			else{
+				foreach ($numbers as $number) {
+					if(stripos($file_name, $number)){
+						$tmp = explode(".", $file_name);
+						$extension = ".".end($tmp);
+						$file_name = $formid.$extension;
+					}
+				}
+			}
+		}
+		if(file_exists($file_path.DIRECTORY_SEPARATOR.$file_name)){
+			$newFileName = fileNameExist($file_path,$file_name);
+			save($_FILES[$key]["tmp_name"],$file_path,$newFileName,$folder);
+		}
+		else{
+			save($_FILES[$key]["tmp_name"],$file_path,$file_name,$folder);		
+		}
+	}
+
+}
+
+use XUP\Uploader\Main;
+use XUP\Uploader\Drive;
+use XUP\Uploader\Dropbox;
+use XUP\Uploader\AmazonWebServices;
+$output = array();
+$services = array("Drive","Dropbox","AmazonWebServices");
+$action = $_POST["action"];
+foreach ($services as $service) {
+	$class = "XUP\Uploader\\".$service;
+	$adapter = new $class();
+	$output[$service] = $action($adapter,$_POST);
+}
+exit(json_encode($output));
+
+function upload($adapter,$post) {
+	$params = json_encode(array("formid" => injection($post["formid"]),"folder"=>injection($post["folder"]),"qid" => injection($post["qid"]), "key" => $post["key"], "file" => injection($post["file"]),"folderKey" => injection($post["folderKey"])));
+	return $adapter->upload($params);
+}
+function deleteFile($adapter,$post) {
+	$params = json_encode(array("formid" => injection($post["formid"]),"qid" => injection($post["qid"]),"remove" => $post["remove"],"aws" => $post["aws"]));
+	return $adapter->deleteFile($params);
+}

gearman/workers/amazonWorker.php

@@ -14,16 +14,21 @@
 function toprakAwsUpload($job) {
 	try{
 		$params = (array)json_decode($job->workload());
+		var_dump($params);
+		$params["folderKey"] = "isAbsolutelyNotNull";
+		foreach ($params as $param => $value) {
+			if(empty($value) || $value == "null" || $value == "{}"){
+				var_dump($param." is null!");
+				return json_encode(array("Error" => $param." is null","File" => null,"Url" => null));
+			}
+		}
 		$formid = $params["formid"];
 		$folder = $params["folder"];
 		$qid = $params["qid"];
 		$file = $params["file"];
 		$keys = (array)json_decode($params["key"]);
 		var_dump($params);
 		var_dump($keys);
-		if(empty($keys)){
-			return json_encode(array("Error" => "Key Does Not Exist","File" => null,'Folder' => null,"Url" => null, "Remove" => null));		
-		}
 		var_dump($params);
 		$access = $keys["access"];
 		$secret = $keys["secret"];
@@ -66,6 +71,12 @@ function toprakAwsUpload($job) {
 }
 function toprakAwsRemove($job){
 		try{
+			foreach ($params as $param => $value) {
+				if(empty($value) || $value == "null" || $value == "{}"){
+					var_dump($param." is null!");
+					return json_encode(array("Error" => $param." is null","File" => null,"Url" => null));
+				}
+			}
 			$params = (array)json_decode($job->workload());
 			var_dump($params);
 			$keys = (array)json_decode($params["key"]);

gearman/workers/driveWorker.php

@@ -18,12 +18,22 @@ function toprakDriveUpload($job) {
 	try{		
 	$params = (array)json_decode($job->workload());
 	var_dump($params);
-		// foreach ($params as $param) {
-		// 	if(empty($param)){
-		// 		return json_encode(array("Error" => 2,"File" => null,"Url" => null));
-		// 	}
-		// }
+		foreach ($params as $param => $value) {
+			if(empty($value) || $value == "null" || $value == "{}" || $value == ""){
+				if($params["folderKey"] == null){
+
+				}
+				else{
+					var_dump($param." is null!");
+					return json_encode(array("Error" => $param." is null","File" => null,"Url" => null));
+				}
+			}
+		}
 		$tokens = (array)json_decode($params["key"]);
+		if(empty($tokens["access_token"]) || empty($tokens["refresh_token"])){
+			var_dump("Tokens are null!");
+			return json_encode(array("Error" => "Tokens Are Null","File" => null,"Url" => null));
+		}
 		$formid = $params["formid"];
 		$file = $params["file"];
 		$qid = $params["qid"];
@@ -32,7 +42,6 @@ function toprakDriveUpload($job) {
 		$base_path = DIRECTORY_SEPARATOR . "tmp";
 		$path =  $folder . DIRECTORY_SEPARATOR. "questionid".$qid;
 		$file_path = $base_path.DIRECTORY_SEPARATOR . $formid . DIRECTORY_SEPARATOR .$path.DIRECTORY_SEPARATOR.$file;
-		var_dump($params,"\n\n\n");
 		if(!file_exists($file_path)){
 			return json_encode(array("Error" => "File Does Not Exist","File" => null,'Folder' => null,"Url" => null, "Remove" => null));
 		}
@@ -44,10 +53,11 @@ function toprakDriveUpload($job) {
 			$client->setApplicationName("XUP_File_Uploader");
 			$client->setAccessToken((string)$tokens["access_token"]);
 			if($client->isAccessTokenExpired()) {
-				$refresh = $client->refreshToken((string)$tokens["refresh_token"]);
 				$drive = new Drive();
-				$drive->save($formid,$qid,json_encode(array("access_token" => (string)$refresh["access_token"],"refresh_token" => (string)$tokens["refresh_token"])));	
-				echo "\nKey Updated\n\n";
+				$refresh = $client->refreshToken((string)$tokens["refresh_token"]);
+				$keys = json_encode(array("access_token" => (string)$refresh["access_token"],"refresh_token" => (string)$tokens["refresh_token"]));
+				var_dump($drive->insert($formid,$qid,$keys));	
+				echo "\nKey Updated\n \n";
 			}	 
 			$service = new Google_Service_Drive($client);
 			$pagetoken = null;
@@ -113,9 +123,10 @@ function toprakDriveRemove($job) {
 	try{
 		$params = (array)json_decode($job->workload());
 		var_dump($params);
-		foreach ($params as $param) {
-			if(empty($param)){
-				return json_encode(array("Error" => "Please Check Input Variables"));
+		foreach ($params as $param => $value) {
+			if(empty($value) || $value == "null" || $value == "{}"){
+				var_dump($param." is null!");
+				return json_encode(array("Error" => $param." is null","File" => null,"Url" => null));
 			}
 		}
 		$tokens = (array)json_decode($params["key"]);
@@ -132,7 +143,7 @@ function toprakDriveRemove($job) {
 		if($client->isAccessTokenExpired()){
 			$refresh = $client->refreshToken($refreshKey);
 			$drive = new Drive();
-			$drive->save($formid,$qid,json_encode(array("access_token" => (string)$refresh["access_token"],"refresh_token" => (string)$tokens["refresh_token"])));	
+			$drive->insert($formid,$qid,json_encode(array("access_token" => (string)$refresh["access_token"],"refresh_token" => (string)$tokens["refresh_token"])));	
 			echo "\nKey Updated\n\n";
 		}
 		$service = new Google_Service_Drive($client);

gearman/workers/dropboxWorker.php

@@ -16,7 +16,8 @@ function toprakDbxUpload($job) {
 		var_dump($params);
 		foreach ($params as $param) {
 			if(empty($param)){
-				return json_encode(array("Error" => "File Does Not Exist","File" => null,'Folder' => null,"Url" => null, "Remove" => null));
+				echo($param." is null!");
+				return json_encode(array("Error" => $param." is null","File" => null,"Url" => null));
 			}
 		}
 		$token = (string)$params["key"];
@@ -50,12 +51,12 @@ function toprakDbxUpload($job) {
 function toprakDbxRemove($job){
 	try{
 		$params = (array)json_decode($job->workload());
-		foreach ($params as $param) {
-			if(empty($param)){
-				return json_encode(array("Error" => "Please Check Input Variables"));
-				}
+		foreach ($params as $param => $value) {
+			if(empty($value) || $value == "null" || $value == "{}"){
+				var_dump($param." is null!");
+				return json_encode(array("Error" => $param." is null","File" => null,"Url" => null));
 			}
-
+		}
 		$token = $params["key"];
 		$remove = (array)json_decode($params["remove"]);
 		$remove = $remove["Dropbox"];