ilch Forum » Ilch Clan 1.1 » Module und Modifikationen » Ilch Session variablen + filemanager

Geschlossen
  1. #1
    User Pic
    MonkeyOnKeyboard Moderator
    Registriert seit
    10.02.2014
    Beiträge
    457
    Beitragswertungen
    22 Beitragspunkte
    Hi Community,

    ich wurde von dem entwickler simogeo (simogeo filemanager)
    an euch verwiesen.

    Das Problem ist, sein Script nutzt für die erstellung von userfolder $_Session variablen

    Nun gibt es ja in ilch keine $_SESSION['userfoldername'] variable

    ich poste mal das script was den ordner anlegen soll bzw den ordner definiert.

    <?php
    /**
     *	Filemanager PHP connector
     *  This file should at least declare auth() function 
     *  and instantiate the Filemanager as '$fm'
     *  
     *  IMPORTANT : by default Read and Write access is granted to everyone
     *  Copy/paste this file to 'user.config.php' file to implement your own auth() function
     *  to grant access to wanted users only
     *
     *	filemanager.php
     *	use for ckeditor filemanager
     *
     *	@license	MIT License
     *  @author		Simon Georget <simon (at) linea21 (dot) com>
     *	@copyright	Authors
     */
     
    function auth() {
    session_name  ('sid');
        session_start();
        if(isset($_SESSION['authname']) )
        {
            if($_SESSION['authright'] <= -3)
            {
                return true;
            }
        }
        return false;
    }
    
    $folderPath = 'community/include/images/uploads/userfiles/' . $_SESSION['userfoldername'].'/';
    $fm = new Filemanager();
    $fm->setFileRoot($folderPath, true);
    
    
    
    
    ?>


    Ich weiß es ist ungewöhnlich, da es sich um ein fremdaddon handelt.
    Hoffe aber auf eure Hilfe, denn ich komm nicht mehr weiter und wie gesagt der entwickler des filemanagers hat das ticket geschlossen, mit dem vernerk, wende dich an ilch.


    verwendete ilch Version: 1.1 P

    betroffene Homepage: caelum-et-infernum.eu


    Zuletzt modifiziert von magicmarkus am 17.08.2015 - 09:50:02
    0 Mitglieder finden den Beitrag gut.
  2. #2
    User Pic
    Siggi Hall Of Fame
    Registriert seit
    08.02.2007
    Beiträge
    6.558
    Beitragswertungen
    327 Beitragspunkte
    Wenn ich das richtig lese willst du einfach nur einen Ordner erstellen mit den Session Name des Users?

    Dann sollte es doch mit $_SESSION['authname'] gehen?
    0 Mitglieder finden den Beitrag gut.
  3. #3
    User Pic
    MonkeyOnKeyboard Moderator
    Registriert seit
    10.02.2014
    Beiträge
    457
    Beitragswertungen
    22 Beitragspunkte
    ZitatZitat geschrieben von Siggi
    Wenn ich das richtig lese willst du einfach nur einen Ordner erstellen mit den Session Name des Users?

    Dann sollte es doch mit $_SESSION['authname'] gehen?


    das habe ich ja schon versucht aber das script schin alles hinter dem ersten /' zu ignorieren.

    am besten ich pack das mal heir rein was für das mkdir zuständig ist.

    <?php
    /**
     *	Filemanager PHP class
     *
     *	filemanager.class.php
     *	class for the filemanager.php connector
     *
     *	@license	MIT License
     *	@author		Riaan Los <mail (at) riaanlos (dot) nl>
     *	@author		Simon Georget <simon (at) linea21 (dot) com>
     *	@copyright	Authors
     */
    
    class Filemanager {
    
    	protected $config = array();
    	protected $language = array();
    	protected $get = array();
    	protected $post = array();
    	protected $properties = array();
    	protected $item = array();
    	protected $languages = array();
    	protected $allowed_actions = array();
    	protected $root = '';				// Filemanager root folder
    	protected $doc_root = '';		// root folder known by JS : $this->config['options']['fileRoot'] (filepath or '/') or $_SERVER['DOCUMENT_ROOT'] - overwritten by setFileRoot() method
    	protected $dynamic_fileroot = ''; // Only set if setFileRoot() is called. Second part of the path : '/Filemanager/assets/' ( doc_root - $_SERVER['DOCUMENT_ROOT'])
    	protected $path_to_files = ''; // path to FM userfiles folder - automatically computed by the PHP class, something like '/var/www/Filemanager/userfiles'
    	protected $logger = false;
    	protected $logfile = '';
    	protected $cachefolder = '_thumbs/';
    	protected $thumbnail_width = 64;
    	protected $thumbnail_height = 64;
    	protected $separator = 'userfiles'; // @todo fix keep it or not?
    
    	public function __construct($extraConfig = '') {
    		
    		// getting default config file
    		$content = file_get_contents("../../scripts/filemanager.config.js.default");
    		$config_default = json_decode($content, true);
    		
    		// getting user config file
    		$content = file_get_contents("../../scripts/filemanager.config.js");
    		$config = json_decode($content, true);
    		
    		if(!$config) {
    			$this->error("Error parsing the settings file! Please check your JSON syntax.");
    		}
    		$this->config = array_replace_recursive ($config_default, $config);
    
    		// override config options if needed
    		if(!empty($extraConfig)) {
    			$this->setup($extraConfig);
    		}
    		
    		// set logfile path according to system if not set into config file
    		if(!isset($this->config['options']['logfile']))
    			$this->config['options']['logfile'] = sys_get_temp_dir(). '/filemanager.log';
    
    		$this->root = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR;
    		$this->properties = array(
    				'Date Created'=>null,
    				'Date Modified'=>null,
    				'Height'=>null,
    				'Width'=>null,
    				'Size'=>null
    		);
    
    		// Log actions or not?
    		if ($this->config['options']['logger'] == true ) {
    			if(isset($this->config['options']['logfile'])) {
    				$this->logfile = $this->config['options']['logfile'];
    			}
    			$this->enableLog();
    		}
    
    		// if fileRoot is set manually, $this->doc_root takes fileRoot value
    		// for security check in is_valid_path() method
    		// else it takes $_SERVER['DOCUMENT_ROOT'] default value
    		if ($this->config['options']['fileRoot'] !== false ) {
    			if($this->config['options']['serverRoot'] === true) {
    				$this->doc_root = $_SERVER['DOCUMENT_ROOT'];
    				$this->separator = basename($this->config['options']['fileRoot']);
    				$this->path_to_files = $_SERVER['DOCUMENT_ROOT'] .'/' . $this->config['options']['fileRoot'];
    			} else {
    				$this->doc_root = $this->config['options']['fileRoot'];
    				$this->separator = basename($this->config['options']['fileRoot']);
    				$this->path_to_files = $this->config['options']['fileRoot'];
    			}
    		} else {
    			$this->doc_root = $_SERVER['DOCUMENT_ROOT'];
    			$this->path_to_files = $this->root . $this->separator .'/' ;
    		}
    
    		$this->__log(__METHOD__ . ' $this->root value ' . $this->root);
    		$this->__log(__METHOD__ . ' $this->path_to_files ' . $this->path_to_files);
    		$this->__log(__METHOD__ . ' $this->doc_root value ' . $this->doc_root);
    		$this->__log(__METHOD__ . ' $this->separator value ' . $this->separator);
    
    		$this->setParams();
    		$this->setPermissions();
    		$this->availableLanguages();
    		$this->loadLanguageFile();
    	}
    
    	// $extraconfig should be formatted as json config array.
    	public function setup($extraconfig) {
    
    		$this->config = array_replace_recursive($this->config, $extraconfig);
    			
    	}
    
    	// allow Filemanager to be used with dynamic folders
    	public function setFileRoot($path, $mkdir = false) {
    
    		// Paths are bit complex to handle - kind of nightmare actually ....
    		// 3 parts are availables
    		// [1] $this->doc_root. The first part of the path : '/var/www'
    		// [2] $this->dynamic_fileroot. The second part of the path : '/Filemanager/assets/' ( doc_root - $_SERVER['DOCUMENT_ROOT'])
    		// [3] $this->path_to_files or $this->doc_root. The full path : '/var/www/Filemanager/assets/'
    		
    		$path = rtrim($path, '/') . '/';
    		if($this->config['options']['serverRoot'] === true) {
    			$this->doc_root = $_SERVER['DOCUMENT_ROOT']. '/'.  $path; // i.e  '/var/www/'
    		} else {
    			$this->doc_root =  $path; // i.e  '/var/www/'
    		}
    		
    		// necessary for retrieving path when set dynamically with $fm->setFileRoot() method
    		$this->dynamic_fileroot = str_replace($_SERVER['DOCUMENT_ROOT'], '', $this->doc_root);
    		$this->path_to_files = $this->doc_root;
    		$this->separator = basename($this->doc_root);
    		
    		// do we create folder ?
    		if($mkdir && !file_exists($this->doc_root)) {
    			mkdir($this->doc_root, 0755, true);
    			$this->__log(__METHOD__ . ' creating  ' . $this->doc_root. ' folder through mkdir()');
    		}
    		
    		$this->__log(__METHOD__ . ' $this->doc_root value overwritten : ' . $this->doc_root);
    		$this->__log(__METHOD__ . ' $this->dynamic_fileroot value ' . $this->dynamic_fileroot);
    		$this->__log(__METHOD__ . ' $this->path_to_files ' . $this->path_to_files);
    		$this->__log(__METHOD__ . ' $this->separator value ' . $this->separator);
    	}
    
    	public function error($string,$textarea=false) {
    		$array = array(
    				'Error'=>$string,
    				'Code'=>'-1',
    				'Properties'=>$this->properties
    		);
    
    		$this->__log( __METHOD__ . ' - error message : ' . $string);
    
    		if($textarea) {
    			echo '<textarea>' . json_encode($array) . '</textarea>';
    		} else {
    			echo json_encode($array);
    		}
    		die();
    	}
    
    	public function lang($string) {
    		if(isset($this->language[$string]) && $this->language[$string]!='') {
    			return $this->language[$string];
    		} else {
    			return 'Language string error on ' . $string;
    		}
    	}
    
    	public function getvar($var, $sanitize = true) {
    		if(!isset($_GET[$var]) || $_GET[$var]=='') {
    			$this->error(sprintf($this->lang('INVALID_VAR'),$var));
    		} else {
    			if($sanitize) {
    				$this->get[$var] = $this->sanitize($_GET[$var]);
    			} else {
    				$this->get[$var] = $_GET[$var];
    			}
    			return true;
    		}
    	}
    	public function postvar($var, $sanitize = true) {
    		if(!isset($_POST[$var]) || ($var != 'content' && $_POST[$var]=='')) {
    			$this->error(sprintf($this->lang('INVALID_VAR'),$var));
    		} else {
    			if($sanitize) {
    				$this->post[$var] = $this->sanitize($_POST[$var]);
    			} else {
    				$this->post[$var] = $_POST[$var];
    			}
    			return true;
    		}
    	}
    
    	public function getinfo() {
    		$this->item = array();
    		$this->item['properties'] = $this->properties;
    		$this->get_file_info('', false);
    		
    		// handle path when set dynamically with $fm->setFileRoot() method
    		if($this->dynamic_fileroot != '') {
    			$path = $this->dynamic_fileroot. $this->get['path'];
    			// $path = str_replace($_SERVER['DOCUMENT_ROOT'], '', $this->path_to_files) . $this->get['path']; // instruction could replace the line above
    			$path = preg_replace('~/+~', '/', $path); // remove multiple slashes
    		} else {
    			$path = $this->get['path'];
    		}
    		
    		$array = array(
    				'Path'=> $path,
    				'Filename'=>$this->item['filename'],
    				'File Type'=>$this->item['filetype'],
    				'Protected'=>$this->item['protected'],
    				'Preview'=>$this->item['preview'],
    				'Properties'=>$this->item['properties'],
    				'Error'=>"",
    				'Code'=>0
    		);
    		return $array;
    	}
    
    	public function getfolder() {
    		$array = array();
    		$filesDir = array();
    
    		$current_path = $this->getFullPath();
    
    
    		if(!$this->is_valid_path($current_path)) {
    			$this->error("No way.");
    		}
    		
    		if(!is_dir($current_path)) {
    			$this->error(sprintf($this->lang('DIRECTORY_NOT_EXIST'),$this->get['path']));
    		}
    		
    		// check if file is readable
    		if(!$this->has_system_permission($current_path, array('r'))) {
    			$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')));
    		}
    		
    		if(!$handle = @opendir($current_path)) {
    			$this->error(sprintf($this->lang('UNABLE_TO_OPEN_DIRECTORY'),$this->get['path']));
    		} else {
    			while (false !== ($file = readdir($handle))) {
    				if($file != "." && $file != "..") {
    					array_push($filesDir, $file);
    				}
    			}
    			closedir($handle);
    			
    			// By default
    			// Sorting files by name ('default' or 'NAME_DESC' cases from $this->config['options']['fileSorting']
    			natcasesort($filesDir);
    
    			foreach($filesDir as $file) {
    				
    				if(is_dir($current_path . $file)) {
    					if(!in_array($file, $this->config['exclude']['unallowed_dirs']) && !preg_match( $this->config['exclude']['unallowed_dirs_REGEXP'], $file)) {
    						
    						// check if file is writable and readable
    						if(!$this->has_system_permission($current_path . $file, array('w', 'r'))) {
    							$protected = 1;
    							$previewPath = $this->config['icons']['path'] . 'locked_' . $this->config['icons']['directory'];
    						} else {
    							$protected =0;
    							$previewPath = $this->config['icons']['path'] . $this->config['icons']['directory'];
    						}
    						
    						$array[$this->get['path'] . $file .'/'] = array(
    								'Path'=> $this->get['path'] . $file .'/',
    								'Filename'=>$file,
    								'File Type'=>'dir',
    								'Protected'=>$protected,
    								'Preview'=> $previewPath,
    								'Properties'=>array(
    										'Date Created'=> date($this->config['options']['dateFormat'], filectime($this->getFullPath($this->get['path'] . $file .'/'))),
    										'Date Modified'=> date($this->config['options']['dateFormat'], filemtime($this->getFullPath($this->get['path'] . $file .'/'))),
    										'filemtime'=> filemtime($this->getFullPath($this->get['path'] . $file .'/')),
    										'Height'=>null,
    										'Width'=>null,
    										'Size'=>null
    								),
    								'Error'=>"",
    								'Code'=>0
    						);
    					}
    				} else if (!in_array($file, $this->config['exclude']['unallowed_files'])  && !preg_match( $this->config['exclude']['unallowed_files_REGEXP'], $file)) {
    					$this->item = array();
    					$this->item['properties'] = $this->properties;
    					$this->get_file_info($this->get['path'] . $file, true);
    					
    
    					if(!isset($this->params['type']) || (isset($this->params['type']) && strtolower($this->params['type'])=='images' && in_array(strtolower($this->item['filetype']),array_map('strtolower', $this->config['images']['imagesExt'])))) {
    						if($this->config['upload']['imagesOnly']== false || ($this->config['upload']['imagesOnly']== true && in_array(strtolower($this->item['filetype']),array_map('strtolower', $this->config['images']['imagesExt'])))) {
    							$array[$this->get['path'] . $file] = array(
    									'Path'=>$this->get['path'] . $file,
    									'Filename'=>$this->item['filename'],
    									'File Type'=>$this->item['filetype'],
    									'Protected'=>$this->item['protected'],
    									'Preview'=>$this->item['preview'],
    									'Properties'=>$this->item['properties'],
    									'Error'=>"",
    									'Code'=>0
    							);
    						}
    					}
    				}
    			}
    		}
    		
    		$array = $this->sortFiles($array);
    
    		return $array;
    	}
    	
    	
    	public function editfile() {
    
    		$current_path = $this->getFullPath();
    		
    		// check if file is writable
    		if(!$this->has_system_permission($current_path, array('w'))) {
    			$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')));
    		}
    		
    		if(!$this->has_permission('edit') || !$this->is_valid_path($current_path) || !$this->is_editable($current_path)) {
    			$this->error("No way.");
    		}
    
    		$this->__log(__METHOD__ . ' - editing file '. $current_path);
    
    		$content = file_get_contents($current_path);
    		$content = htmlspecialchars($content);
    
    		if($content === false) {
    			$this->error(sprintf($this->lang('ERROR_OPENING_FILE')));
    		}
    
    		$array = array(
    				'Error'=>"",
    				'Code'=>0,
    				'Path'=>$this->get['path'],
    				'Content'=>$this->formatPath($content)
    		);
    		
    		return $array;
    	}
    
    	public function savefile() {
    	
    		$current_path = $this->getFullPath($this->post['path']);
    	
    		if(!$this->has_permission('edit') || !$this->is_valid_path($current_path) || !$this->is_editable($current_path)) {
    			$this->error("No way.");
    		}
    	
    		if(!$this->has_system_permission($current_path, array('w'))) {
    			$this->error(sprintf($this->lang('ERROR_WRITING_PERM')));
    		}
    		
    		$this->__log(__METHOD__ . ' - saving file '. $current_path);
    		
    		$content =  htmlspecialchars_decode($this->post['content']);
    		$r = file_put_contents($current_path, $content, LOCK_EX);
    
    		if(!is_numeric($r)) {
    			$this->error(sprintf($this->lang('ERROR_SAVING_FILE')));
    		}
    	
    		$array = array(
    					'Error'=>"",
    					'Code'=>0,
    					'Path'=>$this->formatPath($this->post['path'])
    			);
    		
    		return $array;
    	}
    
    	public function rename() {
    
    		$suffix='';
    
    		if(substr($this->get['old'],-1,1)=='/') {
    			$this->get['old'] = substr($this->get['old'],0,(strlen($this->get['old'])-1));
    			$suffix='/';
    		}
    		$tmp = explode('/',$this->get['old']);
    		$filename = $tmp[(sizeof($tmp)-1)];
    		$path = str_replace('/' . $filename,'',$this->get['old']);
    
    		$new_file = $this->getFullPath($path . '/' . $this->get['new']). $suffix;
    		$old_file = $this->getFullPath($this->get['old']) . $suffix;
    
    		if(!$this->has_permission('rename') || !$this->is_valid_path($old_file)) {
    			$this->error("No way.");
    		}
    		
    		// check if file is writable
    		if(!$this->has_system_permission($old_file, array('w'))) {
    			$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')));
    		}
    		
    		// check if not requesting main FM userfiles folder
    		if($this->is_root_folder($old_file)) {
    			$this->error(sprintf($this->lang('NOT_ALLOWED')));
    		}
    		
    		// For file only - we check if the new given extension is allowed regarding the security Policy settings
    		if(is_file($old_file) && $this->config['security']['allowChangeExtensions'] && !$this->is_allowed_file_type($new_file)) {
    			$this->error(sprintf($this->lang('INVALID_FILE_TYPE')));
    		}
    
    		$this->__log(__METHOD__ . ' - renaming '. $old_file. ' to ' . $new_file);
    
    		if(file_exists ($new_file)) {
    			if($suffix=='/' && is_dir($new_file)) {
    				$this->error(sprintf($this->lang('DIRECTORY_ALREADY_EXISTS'),$this->get['new']));
    			}
    			if($suffix=='' && is_file($new_file)) {
    				$this->error(sprintf($this->lang('FILE_ALREADY_EXISTS'),$this->get['new']));
    			}
    		}
    
    		if(!rename($old_file,$new_file)) {
    			if(is_dir($old_file)) {
    				$this->error(sprintf($this->lang('ERROR_RENAMING_DIRECTORY'),$filename,$this->get['new']));
    			} else {
    				$this->error(sprintf($this->lang('ERROR_RENAMING_FILE'),$filename,$this->get['new']));
    			}
    		}
    		$array = array(
    				'Error'=>"",
    				'Code'=>0,
    				'Old Path'=>$this->formatPath($this->get['old'].$suffix),
    				'Old Name'=>$filename,
    				'New Path'=>$this->formatPath($path . '/' . $this->get['new'].$suffix),
    				'New Name'=>$this->get['new']
    		);
    		return $array;
    	}
    
    	public function move() {
    		
    		// dynamic fileroot dir must be used when enabled
    		if($this->dynamic_fileroot != '') {
    			$rootDir = $this->dynamic_fileroot;
    			//$rootDir = str_replace($_SERVER['DOCUMENT_ROOT'], '', $this->path_to_files); // instruction could replace the line above
    		} else {
    			$rootDir = $this->get['root'];
    		}
    
    		$rootDir = str_replace('//', '/', $rootDir);
    		$oldPath = $this->getFullPath($this->get['old']);
    		
    		// check if file is writable
    		if(!$this->has_system_permission($oldPath, array('w'))) {
    			$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')),true);
    		}
    		
    		
    		// check if not requesting main FM userfiles folder
    		if($this->is_root_folder($oldPath)) {
    			$this->error(sprintf($this->lang('NOT_ALLOWED')),true);
    		}
    
    		// old path
    		$tmp = explode('/',trim($this->get['old'], '/'));
    		$fileName = array_pop($tmp); // file name or new dir name
    		$path = '/' . implode('/', $tmp) . '/';
    
    		// new path
    		if (substr($this->get['new'], 0, 1) != "/") {
    			// make path relative from old dir
    			$newPath = $path . '/' . $this->get['new'] . '/';
    		} else {
    			$newPath = $rootDir . '/' . $this->get['new'] . '/';
    		}
    
    		$newPath = preg_replace('#/+#', '/', $newPath);
    		$newPath = $this->expandPath($newPath, true);		
    
    		$newRelativePath = str_replace('./', '',$newPath);
    		$newPath = $this->getFullPath($newPath);
    		
    		if(!$this->has_permission('move') || !$this->is_valid_path($oldPath) || !$this->is_valid_path($newPath)) {
    			$this->error("No way.");
    		}
    
    		// check if file already exists
    		if (file_exists($newPath.$fileName)) {
    			if(is_dir($newPath.$fileName)) {
    				$this->error(sprintf($this->lang('DIRECTORY_ALREADY_EXISTS'),rtrim($this->get['new'], '/').'/'.$fileName));
    			} else {
    				$this->error(sprintf($this->lang('FILE_ALREADY_EXISTS'),rtrim($this->get['new'], '/').'/'.$fileName));
    			}
    		}
    
    		// create dir if not exists
    		if (!file_exists($newPath)) {
    			if(!mkdir($newPath,0755, true)) {
    				$this->error(sprintf($this->lang('UNABLE_TO_CREATE_DIRECTORY'),$newPath));
    			}
    		}
    
    		// move
    		$this->__log(__METHOD__ . ' - moving '. $oldPath. ' to directory ' . $newPath);
    
    		if(!rename($oldPath,$newPath . $fileName)) {
    			if(is_dir($oldPath)) {
    				$this->error(sprintf($this->lang('ERROR_RENAMING_DIRECTORY'),$path,$this->get['new']));
    			} else {
    				$this->error(sprintf($this->lang('ERROR_RENAMING_FILE'),$path . $fileName,$this->get['new']));
    			}
    		}
    
    		$array = array(
    				'Error'=>"",
    				'Code'=>0,
    				'Old Path'=>$path,
    				'Old Name'=>$fileName,
    				'New Path'=>$this->formatPath($newRelativePath),
    				'New Name'=>$fileName,
    		);
    		return $array;
    	}
    
    	public function delete() {
    
    		$current_path = $this->getFullPath();
    		$thumbnail_path = $this->get_thumbnail_path($current_path);
    		
    		
    		if(!$this->has_permission('delete') || !$this->is_valid_path($current_path)) {
    			$this->error("No way.");
    		}
    		
    		// check if file is writable
    		if(!$this->has_system_permission($current_path, array('w'))) {
    			$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')));
    		}
    		
    		// check if not requesting main FM userfiles folder
    		if($this->is_root_folder($current_path)) {
    			$this->error(sprintf($this->lang('NOT_ALLOWED')));
    		}
    			
    		if(is_dir($current_path)) {
    			
    			$this->unlinkRecursive($current_path);
    			
    			// we remove thumbnails if needed
    			$this->__log(__METHOD__ . ' - deleting thumbnails folder '. $thumbnail_path);
    			$this->unlinkRecursive($thumbnail_path);
    			
    			$array = array(
    					'Error'=>"",
    					'Code'=>0,
    					'Path'=>$this->formatPath($this->get['path'])
    			);
    
    			$this->__log(__METHOD__ . ' - deleting folder '. $current_path);
    			return $array;
    
    		} else if(file_exists($current_path)) {
    			
    			unlink($current_path);
    			
    			// delete thumbail if exists
    			$this->__log(__METHOD__ . ' - deleting thumbnail file '. $thumbnail_path);
    			if(file_exists($thumbnail_path)) unlink($thumbnail_path);
    			
    			$array = array(
    					'Error'=>"",
    					'Code'=>0,
    					'Path'=>$this->formatPath($this->get['path'])
    			);
    
    			$this->__log(__METHOD__ . ' - deleting file '. $current_path);
    			return $array;
    
    		} else {
    			$this->error(sprintf($this->lang('INVALID_DIRECTORY_OR_FILE')));
    		}
    	}
    	
    	public function replace() {
    		
    		$this->setParams();
    
    		if(!isset($_FILES['fileR']) || !is_uploaded_file($_FILES['fileR']['tmp_name'])) {
    			
    			// if fileSize limit set by the user is greater than size allowed in php.ini file, we apply server restrictions
    			// and log a warning into file
    			if($this->config['upload']['fileSizeLimit'] > $this->getMaxUploadFileSize()) {
    				$this->__log(__METHOD__ . ' [WARNING] : file size limit set by user is greater than size allowed in php.ini file : '. $this->config['upload']['fileSizeLimit']. $this->lang('mb') .' > '. $this->getMaxUploadFileSize(). $this->lang('mb'). '.');
    				$this->config['upload']['fileSizeLimit'] = $this->getMaxUploadFileSize();
    				$this->error(sprintf($this->lang('UPLOAD_FILES_SMALLER_THAN'),$this->config['upload']['fileSizeLimit'] . $this->lang('mb')),true);
    			}
    			
    			$this->error(sprintf($this->lang('INVALID_FILE_UPLOAD') . ' '. sprintf($this->lang('UPLOAD_FILES_SMALLER_THAN'),$this->config['upload']['fileSizeLimit'] . $this->lang('mb'))),true);
    		}
    		// we determine max upload size if not set
    		if($this->config['upload']['fileSizeLimit'] == 'auto') {
    			$this->config['upload']['fileSizeLimit'] = $this->getMaxUploadFileSize();
    		}
    
    		if($_FILES['fileR']['size'] > ($this->config['upload']['fileSizeLimit'] * 1024 * 1024)) {
    			$this->error(sprintf($this->lang('UPLOAD_FILES_SMALLER_THAN'),$this->config['upload']['fileSizeLimit'] . $this->lang('mb')),true);
    		}
    		
    		// we check the given file has the same extension as the old one
    		if(strtolower(pathinfo($_FILES['fileR']['name'], PATHINFO_EXTENSION)) != strtolower(pathinfo($this->post['newfilepath'], PATHINFO_EXTENSION))) {
    			$this->error(sprintf($this->lang('ERROR_REPLACING_FILE') . ' '. pathinfo($this->post['newfilepath'], PATHINFO_EXTENSION)),true);
    		}
    		
    		if(!$this->is_allowed_file_type($_FILES['fileR']['name'])) {
    			$this->error(sprintf($this->lang('INVALID_FILE_TYPE')),true);
    		}
    		
    		// we check if extension is allowed regarding the security Policy settings
    		if(!$this->is_allowed_file_type($_FILES['fileR']['name'])) {
    			$this->error(sprintf($this->lang('INVALID_FILE_TYPE')),true);
    		}
    		
    		// we check if only images are allowed
    		if($this->config['upload']['imagesOnly'] || (isset($this->params['type']) && strtolower($this->params['type'])=='images')) {
    			if(!($size = @getimagesize($_FILES['fileR']['tmp_name']))){
    				$this->error(sprintf($this->lang('UPLOAD_IMAGES_ONLY')),true);
    			}
    			if(!in_array($size[2], array(1, 2, 3, 7, 8))) {
    				$this->error(sprintf($this->lang('UPLOAD_IMAGES_TYPE_JPEG_GIF_PNG')),true);
    			}
    		}
    
    		$current_path = $this->getFullPath($this->post['newfilepath']);
    		
    		// check if file is writable
    		if(!$this->has_system_permission($current_path, array('w'))) {
    			$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')), true);
    		}
    
    		if(!$this->has_permission('replace') || !$this->is_valid_path($current_path)) {
    			$this->error("No way.");
    		}
    
    		move_uploaded_file($_FILES['fileR']['tmp_name'], $current_path);
    		
    		// we delete thumbnail if file is image and thumbnail already
    		if($this->is_image($current_path) && file_exists($this->get_thumbnail($current_path))) {
    			unlink($this->get_thumbnail($current_path));
    		}
    
    		// automatically resize image if it's too big
    		$imagePath = $current_path;
    		if($this->is_image($imagePath) && $this->config['images']['resize']['enabled']) {
    			if ($size = @getimagesize($imagePath)){
    				if ($size[0] > $this->config['images']['resize']['maxWidth'] || $size[1] > $this->config['images']['resize']['maxHeight']) {
    					require_once('./inc/wideimage/lib/WideImage.php');
    					
    					$image = WideImage::load($imagePath);
    					$resized = $image->resize($this->config['images']['resize']['maxWidth'], $this->config['images']['resize']['maxHeight'], 'inside');
    					$resized->saveToFile($imagePath);
    					
    					$this->__log(__METHOD__ . ' - resizing image : '. $current_path);
    				}
    			}
    		}
    
    		chmod($current_path, 0644);
    
    		$response = array(
    				'Path'=>dirname($this->post['newfilepath']),
    				'Name'=>basename($this->post['newfilepath']),
    				'Error'=>"",
    				'Code'=>0
    		);
    
    		$this->__log(__METHOD__ . ' - replacing file '. $current_path);
    
    		echo '<textarea>' . json_encode($response) . '</textarea>';
    		die();
    	}
    
    	public function add() {
    			
    		$this->setParams();
    
    		if(!isset($_FILES['newfile']) || !is_uploaded_file($_FILES['newfile']['tmp_name'])) {
    			
    			// if fileSize limit set by the user is greater than size allowed in php.ini file, we apply server restrictions
    			// and log a warning into file
    			if($this->config['upload']['fileSizeLimit'] > $this->getMaxUploadFileSize()) {
    				$this->__log(__METHOD__ . ' [WARNING] : file size limit set by user is greater than size allowed in php.ini file : '. $this->config['upload']['fileSizeLimit'] . 'Mb > '. $this->getMaxUploadFileSize() .'Mb.');
    				$this->config['upload']['fileSizeLimit'] = $this->getMaxUploadFileSize();
    				$this->error(sprintf($this->lang('UPLOAD_FILES_SMALLER_THAN'),$this->config['upload']['fileSizeLimit'] . $this->lang('mb')),true);
    			}
    			
    			$this->error(sprintf($this->lang('INVALID_FILE_UPLOAD') . ' '. sprintf($this->lang('UPLOAD_FILES_SMALLER_THAN'),$this->config['upload']['fileSizeLimit'] . $this->lang('mb'))),true);
    		}
    		// we determine max upload size if not set
    		if($this->config['upload']['fileSizeLimit'] == 'auto') {
    			$this->config['upload']['fileSizeLimit'] = $this->getMaxUploadFileSize();
    		}
    
    		if($_FILES['newfile']['size'] > ($this->config['upload']['fileSizeLimit'] * 1024 * 1024)) {
    			$this->error(sprintf($this->lang('UPLOAD_FILES_SMALLER_THAN'),$this->config['upload']['fileSizeLimit'] . $this->lang('mb')),true);
    		}
    		
    		// we check if extension is allowed regarding the security Policy settings
    		if(!$this->is_allowed_file_type($_FILES['newfile']['name'])) {
    			$this->error(sprintf($this->lang('INVALID_FILE_TYPE')),true);
    		}
    		
    		// we check if only images are allowed
    		if($this->config['upload']['imagesOnly'] || (isset($this->params['type']) && strtolower($this->params['type'])=='images')) {
    			if(!($size = @getimagesize($_FILES['newfile']['tmp_name']))){
    				$this->error(sprintf($this->lang('UPLOAD_IMAGES_ONLY')),true);
    			}
    			if(!in_array($size[2], array(1, 2, 3, 7, 8))) {
    				$this->error(sprintf($this->lang('UPLOAD_IMAGES_TYPE_JPEG_GIF_PNG')),true);
    			}
    		}
    		$_FILES['newfile']['name'] = $this->cleanString($_FILES['newfile']['name'],array('.','-'));
    
    		$current_path = $this->getFullPath($this->post['currentpath']);
    
    		if(!$this->is_valid_path($current_path)) {
    			$this->error("No way.");
    		}
    
    		if(!$this->config['upload']['overwrite']) {
    			$_FILES['newfile']['name'] = $this->checkFilename($current_path,$_FILES['newfile']['name']);
    		}
    		move_uploaded_file($_FILES['newfile']['tmp_name'], $current_path . $_FILES['newfile']['name']);
    
    		// automatically resize image if it's too big
    		$imagePath = $current_path . $_FILES['newfile']['name'];
    		if($this->is_image($imagePath) && $this->config['images']['resize']['enabled']) {
    			if ($size = @getimagesize($imagePath)){
    				if ($size[0] > $this->config['images']['resize']['maxWidth'] || $size[1] > $this->config['images']['resize']['maxHeight']) {
    					require_once('./inc/wideimage/lib/WideImage.php');
    					
    					$image = WideImage::load($imagePath);
    					$resized = $image->resize($this->config['images']['resize']['maxWidth'], $this->config['images']['resize']['maxHeight'], 'inside');
    					$resized->saveToFile($imagePath);
    					
    					$this->__log(__METHOD__ . ' - resizing image : '. $_FILES['newfile']['name']. ' into '. $current_path);
    				}
    			}
    		}
    
    		chmod($current_path . $_FILES['newfile']['name'], 0644);
    
    		$response = array(
    				'Path'=>$this->post['currentpath'],
    				'Name'=>$_FILES['newfile']['name'],
    				'Error'=>"",
    				'Code'=>0
    		);
    
    		$this->__log(__METHOD__ . ' - adding file '. $_FILES['newfile']['name']. ' into '. $current_path);
    
    		echo '<textarea>' . json_encode($response) . '</textarea>';
    		die();
    	}
    
    	public function addfolder() {
    			
    		$current_path = $this->getFullPath();
    			
    		if(!$this->is_valid_path($current_path)) {
    			$this->error("No way.");
    		}
    		if(is_dir($current_path . $this->get['name'])) {
    			$this->error(sprintf($this->lang('DIRECTORY_ALREADY_EXISTS'),$this->get['name']));
    
    		}
    		$newdir = $this->cleanString($this->get['name']);
    		if(!mkdir($current_path . $newdir,0755)) {
    			$this->error(sprintf($this->lang('UNABLE_TO_CREATE_DIRECTORY'),$newdir));
    		}
    		$array = array(
    				'Parent'=>$this->get['path'],
    				'Name'=>$this->get['name'],
    				'Error'=>"",
    				'Code'=>0
    		);
    		$this->__log(__METHOD__ . ' - adding folder '. $current_path . $newdir);
    
    		return $array;
    	}
    	
    	/**
    	 * function zipFile.  Creates a zip file from source to destination
    	 *
    	 * @param  string $source Source path for zip
    	 * @param  string $destination Destination path for zip
    	 * @param  string|boolean $flag OPTIONAL If true includes the folder also
    	 * @return boolean
    	 * @link 	 http://stackoverflow.com/questions/17584869/zip-main-folder-with-sub-folder-inside
    	 */
    	public function zipFile($source, $destination, $flag = '')
    	{
    		if (!extension_loaded('zip') || !file_exists($source)) {
    			return false;
    		}
    	
    		$zip = new ZipArchive();
    		if (!$zip->open($destination, ZIPARCHIVE::CREATE)) {
    			return false;
    		}
    	
    		$source = str_replace('\\', '/', realpath($source));
    		if($flag)
    		{
    			$flag = basename($source) . '/';
    			//$zip->addEmptyDir(basename($source) . '/');
    		}
    	
    		if (is_dir($source) === true)
    		{
    			// add file to prevent empty archive error on download
    			$zip->addFromString('fm', "This archive has been generated by simogeo's Filemanager : https://github.com/simogeo/Filemanager/");
    			
    			$files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source), RecursiveIteratorIterator::SELF_FIRST);
    			foreach ($files as $file)
    			{
    				$file = str_replace('\\', '/', realpath($file));
    	
    				if (is_dir($file) === true)
    				{
    					$zip->addEmptyDir(str_replace($source . '/', '', $flag.$file . '/'));
    				}
    				else if (is_file($file) === true)
    				{
    					$zip->addFromString(str_replace($source . '/', '', $flag.$file), file_get_contents($file));
    				}
    			}
    		}
    		else if (is_file($source) === true)
    		{
    			$zip->addFromString($flag.basename($source), file_get_contents($source));
    		}
    	
    		return $zip->close();
    	}
    
    	public function download() {
    			
    		$current_path = $this->getFullPath();
    		
    		if(!$this->has_permission('download') || !$this->is_valid_path($current_path)) {
    			$this->error("No way.");
    		}
    		
    		// check if file is writable
    		if(!$this->has_system_permission($current_path, array('w'))) {
    			$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')),true);
    		}
    		
    		// we check if extension is allowed regarding the security Policy settings
    		if(is_file($current_path)) {
    			if(!$this->is_allowed_file_type(basename($current_path))) {
    				$this->error(sprintf($this->lang('INVALID_FILE_TYPE')),true);
    			}
    			
    		} else {
    			
    			// check if permission is granted
    			if(is_dir($current_path) && $this->config['security']['allowFolderDownload'] == false ) {
    				$this->error(sprintf($this->lang('NOT_ALLOWED')),true);
    			}
    			
    			// check if not requesting main FM userfiles folder
    			if($this->is_root_folder($current_path)) {
    				$this->error(sprintf($this->lang('NOT_ALLOWED')),true);
    			}
    			
    			$destination_path = sys_get_temp_dir().'/'.uniqid().'.zip';
    			
    			// if Zip archive is created
    			if($this->zipFile($current_path, $destination_path, true)) {
    				$current_path = $destination_path;
    			} else {
    				$this->error($this->lang('ERROR_CREATING_ZIP'));
    			}
    			
    		}
    
    		if(isset($this->get['path']) && file_exists($current_path)) {
    			header("Content-type: application/force-download");
    			header('Content-Disposition: inline; filename="' . basename($current_path) . '"');
    			header("Content-Transfer-Encoding: Binary");
    			header("Content-length: ".filesize($current_path));
    			header('Content-Type: application/octet-stream');
    			header('Content-Disposition: attachment; filename="' . basename($current_path) . '"');
    			readfile($current_path);
    			$this->__log(__METHOD__ . ' - downloading '. $current_path);
    			exit();
    		} else {
    			$this->error(sprintf($this->lang('FILE_DOES_NOT_EXIST'),$current_path));
    		}
    	}
    
    	public function preview($thumbnail) {
    			
    		$current_path = $this->getFullPath();
    			
    		if(isset($this->get['path']) && file_exists($current_path)) {
    			
    			// if $thumbnail is set to true we return the thumbnail
    			if($this->config['options']['generateThumbnails'] == true && $thumbnail == true) {
    				// get thumbnail (and create it if needed)
    				$returned_path = $this->get_thumbnail($current_path);
    			} else {
    				$returned_path = $current_path;
    			}
    			
    			header("Content-type: image/" . strtolower(pathinfo($returned_path, PATHINFO_EXTENSION)));
    			header("Content-Transfer-Encoding: Binary");
    			header("Content-length: ".filesize($returned_path));
    			header('Content-Disposition: inline; filename="' . basename($returned_path) . '"');
    			readfile($returned_path);
    			
    			exit();
    			
    		} else {
    			$this->error(sprintf($this->lang('FILE_DOES_NOT_EXIST'),$current_path));
    		}
    	}
    
    	public function getMaxUploadFileSize() {
    			
    		$max_upload = (int) ini_get('upload_max_filesize');
    		$max_post = (int) ini_get('post_max_size');
    		$memory_limit = (int) ini_get('memory_limit');
    
    		$upload_mb = min($max_upload, $max_post, $memory_limit);
    
    		$this->__log(__METHOD__ . ' - max upload file size is '. $upload_mb. 'Mb');
    
    		return $upload_mb;
    	}
    
    	private function setParams() {
    		$tmp = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/');
    		$tmp = explode('?',$tmp);
    		$params = array();
    		if(isset($tmp[1]) && $tmp[1]!='') {
    			$params_tmp = explode('&',$tmp[1]);
    			if(is_array($params_tmp)) {
    				foreach($params_tmp as $value) {
    					$tmp = explode('=',$value);
    					if(isset($tmp[0]) && $tmp[0]!='' && isset($tmp[1]) && $tmp[1]!='') {
    						$params[$tmp[0]] = $tmp[1];
    					}
    				}
    			}
    		}
    		$this->params = $params;
    	}
    	
    	private function setPermissions() {
    		
    		$this->allowed_actions = $this->config['options']['capabilities'];
    		
    		if($this->config['edit']['enabled']) array_push($this->allowed_actions, 'edit');
    		
    	}
    	
    	// check if system permission is granted
    	private function has_system_permission($filepath, $perms) {
    		
    		if(in_array('r', $perms)) {
    			if(!is_readable($filepath)) return false;
    		}
    		if(in_array('w', $perms)) {
    			if(!is_writable($filepath)) return false;
    		}
    		
    		return true;
    
    	}
    
    
    	private function get_file_info($path='', $thumbnail = false) {
    			
    		// DO NOT  rawurlencode() since $current_path it
    		// is used for displaying name file
    		if($path=='') {
    			$current_path = $this->get['path'];
    		} else {
    			$current_path = $path;
    		}
    		$tmp = explode('/',$current_path);
    		$this->item['filename'] = $tmp[(sizeof($tmp)-1)];
    
    		$tmp = explode('.',$this->item['filename']);
    		$this->item['filetype'] = $tmp[(sizeof($tmp)-1)];
    		$this->item['filemtime'] = filemtime($this->getFullPath($current_path));
    		$this->item['filectime'] = filectime($this->getFullPath($current_path));
    		
    		// check if file is writable and readable
    		if(!$this->has_system_permission($this->getFullPath($current_path), array('w', 'r'))) {
    			$this->item['protected'] = 1;
    			$this->item['preview'] = $this->config['icons']['path'] . 'locked_' . $this->config['icons']['default'];
    			// prevent Internal Server Error HTTP_CODE 500 on non readable files/folders
    			// without returning errors
    			return;
    			
    		}	else {
    			$this->item['protected'] = 0;
    			$this->item['preview'] = $this->config['icons']['path'] . $this->config['icons']['default'];
    		}
    		
    		if(is_dir($current_path)) {
    
    			$this->item['preview'] = $this->config['icons']['path'] . $this->config['icons']['directory'];
    
    		} else if(in_array(strtolower($this->item['filetype']),array_map('strtolower', $this->config['images']['imagesExt']))) {
    			
    			// svg should not be previewed as raster formats images
    			if($this->item['filetype'] == 'svg') {
    				$this->item['preview'] = $current_path;
    			} else {
    				$this->item['preview'] = 'connectors/php/filemanager.php?mode=preview&path='. rawurlencode($current_path).'&'. time();
    				if($thumbnail) $this->item['preview'] .= '&thumbnail=true';
    			}
    			//if(isset($get['getsize']) && $get['getsize']=='true') {
    			$this->item['properties']['Size'] = filesize($this->getFullPath($current_path));
    			if ($this->item['properties']['Size']) {
    				list($width, $height, $type, $attr) = getimagesize($this->getFullPath($current_path));
    			} else {
    				$this->item['properties']['Size'] = 0;
    				list($width, $height) = array(0, 0);
    			}
    			$this->item['properties']['Height'] = $height;
    			$this->item['properties']['Width'] = $width;
    			$this->item['properties']['Size'] = filesize($this->getFullPath($current_path));
    			//}
    
    	} else if(file_exists($this->root . $this->config['icons']['path'] . strtolower($this->item['filetype']) . '.png')) {
    
    		$this->item['preview'] = $this->config['icons']['path'] . strtolower($this->item['filetype']) . '.png';
    		$this->item['properties']['Size'] = filesize($this->getFullPath($current_path));
    		if (!$this->item['properties']['Size']) $this->item['properties']['Size'] = 0;
    
    	}
    
    	$this->item['properties']['Date Modified'] = date($this->config['options']['dateFormat'], $this->item['filemtime']);
    	$this->item['properties']['filemtime'] = filemtime($this->getFullPath($current_path));
    	//$return['properties']['Date Created'] = $this->config['options']['dateFormat'], $return['filectime']); // PHP cannot get create timestamp
    }
    
    private function getFullPath($path = '') {
    		
    	if($path == '') {
    		if(isset($this->get['path'])) $path = $this->get['path'];
    	}
    	
    	if($this->config['options']['fileRoot'] !== false) {
    		$full_path = $this->doc_root . rawurldecode(str_replace ( $this->doc_root , '' , $path));
    		if($this->dynamic_fileroot != '') {
    			$full_path = $this->doc_root . rawurldecode(str_replace ( $this->dynamic_fileroot , '' , $path));
    			// $dynPart = str_replace($_SERVER['DOCUMENT_ROOT'], '', $this->path_to_files); // instruction could replace the line above
    			// $full_path = $this->path_to_files . rawurldecode(str_replace ( $dynPart , '' , $path)); // instruction could replace the line above
    		}
    	} else {
    		$full_path = $this->doc_root . rawurldecode($path);
    	}
    		
    	$full_path = str_replace("//", "/", $full_path);
    		
    	// $this->__log("getFullPath() returned path : " . $full_path);
    		
    	return $full_path;
    		
    }
    
    /**
     * format path regarding the initial configuration
     * @param string $path
     */
    private function formatPath($path) {
    	
    	if($this->dynamic_fileroot != '') {
    		
    		$a = explode($this->separator, $path);
    		return end($a);
    		
    	} else {
    		
    		return $path;
    		
    	}
    
    }
    
    private function sortFiles($array) {
    
    	// handle 'NAME_ASC'
    	if($this->config['options']['fileSorting'] == 'NAME_ASC') {
    		$array = array_reverse($array);
    	}
    
    	// handle 'TYPE_ASC' and 'TYPE_DESC'
    	if(strpos($this->config['options']['fileSorting'], 'TYPE_') !== false || $this->config['options']['fileSorting'] == 'default') {
    		
    		$a = array();
    		$b = array();
    		
    		foreach ($array as $key=>$item){
    			if(strcmp($item["File Type"], "dir") == 0) {
    				$a[$key]=$item;
    			}else{
    				$b[$key]=$item;
    			}
    		}
    
    		if($this->config['options']['fileSorting'] == 'TYPE_ASC') {
    			$array = array_merge($a, $b);
    		}
    
    		if($this->config['options']['fileSorting'] == 'TYPE_DESC' || $this->config['options']['fileSorting'] == 'default') {
    			$array = array_merge($b, $a);
    		}
    	}
    
    	// handle 'MODIFIED_ASC' and 'MODIFIED_DESC'
    	if(strpos($this->config['options']['fileSorting'], 'MODIFIED_') !== false) {
    
    		$modified_order_array = array();  // new array as a column to sort collector
    
    		foreach ($array as $item) {
    			$modified_order_array[] = $item['Properties']['filemtime'];
    		}
    
    		if($this->config['options']['fileSorting'] == 'MODIFIED_ASC') {
    			array_multisort($modified_order_array, SORT_ASC, $array);
    		}
    		if($this->config['options']['fileSorting'] == 'MODIFIED_DESC') {
    			array_multisort($modified_order_array, SORT_DESC, $array);
    		}
    		return $array;
    
    	}
    	
    	return $array;
    
    
    }
    
    // @todo to remove
    // private function startsWith($haystack, $needle) {
    //     // search backwards starting from haystack length characters from the end
    //     return $needle === "" || strrpos($haystack, $needle, -strlen($haystack)) !== FALSE;
    // }
    
    private function is_valid_path($path) {
    	
    	//  @todo to remove
      // if(!$this->startsWith(realpath($path), realpath($this->path_to_files))) return false;
      // @see https://github.com/simogeo/Filemanager/issues/332
      // @see http://stackoverflow.com/questions/5642785/php-a-good-way-to-universalize-paths-across-oss-slash-directions
      
    	// $givenpath = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $path);
    	// $rootpath = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $this->path_to_files);
    	// $this->__log('substr doc_root : ' . substr(realpath($path) . DIRECTORY_SEPARATOR, 0, strlen($this->doc_root)));
    	// $this->__log('doc_root : ' . realpath($this->doc_root) . DIRECTORY_SEPARATOR);
    	
    	// return $this->startsWith($givenpath, $rootpath);
    	
    	$this->__log('substr path_to_files : ' . substr(realpath($path) . DIRECTORY_SEPARATOR, 0, strlen($this->path_to_files)));
    	$this->__log('path_to_files : ' . realpath($this->path_to_files) . DIRECTORY_SEPARATOR);
    	
    	return substr(realpath($path) . DIRECTORY_SEPARATOR, 0, strlen($this->path_to_files)) == (realpath($this->path_to_files) . DIRECTORY_SEPARATOR);
    	
    	
    }
    
    private function unlinkRecursive($dir,$deleteRootToo=true) {
    	if(!$dh = @opendir($dir)) {
    		return;
    	}
    	while (false !== ($obj = readdir($dh))) {
    		if($obj == '.' || $obj == '..') {
    			continue;
    		}
    
    		if (!@unlink($dir . '/' . $obj)) {
    			$this->unlinkRecursive($dir.'/'.$obj, true);
    		}
    	}
    
    	closedir($dh);
    
    	if ($deleteRootToo) {
    		@rmdir($dir);
    	}
    
    	return;
    }
    
    /**
     * is_allowed_file_type()
     * check if extension is allowed regarding the security Policy / Restrictions settings
     * @param string $file
     */
    private function is_allowed_file_type($file) {
    	
    	$path_parts = pathinfo($file);
    			
    	// if there is no extension
    	if (! isset ( $path_parts ['extension'] )) {
    		// we check if no extension file are allowed
    		return (bool) $this->config['security']['allowNoExtension'];
    	}
    	
    	$exts = array_map('strtolower', $this->config['security']['uploadRestrictions']);
    	
    	if($this->config['security']['uploadPolicy'] == 'DISALLOW_ALL') {
    			
    		if(!in_array(strtolower($path_parts['extension']), $exts))
    			return false;
    	}
    	if($this->config['security']['uploadPolicy'] == 'ALLOW_ALL') {
    	
    		if(in_array(strtolower($path_parts['extension']), $exts))
    			return false;
    	}
    	
    	return true;
    	
    }
    
    private function cleanString($string, $allowed = array()) {
    	$allow = null;
    
    	if (!empty($allowed)) {
    		foreach ($allowed as $value) {
    			$allow .= "\\$value";
    		}
    	}
    
    	$mapping = array(
    			'Š'=>'S', 'š'=>'s', '&#272;'=>'Dj', '&#273;'=>'dj', 'Ž'=>'Z', 'ž'=>'z', '&#268;'=>'C', '&#269;'=>'c', '&#262;'=>'C', '&#263;'=>'c',
    			'À'=>'A', 'Á'=>'A', 'Â'=>'A', 'Ã'=>'A', 'Ä'=>'A', 'Å'=>'A', 'Æ'=>'A', 'Ç'=>'C', 'È'=>'E', 'É'=>'E',
    			'Ê'=>'E', 'Ë'=>'E', 'Ì'=>'I', 'Í'=>'I', 'Î'=>'I', 'Ï'=>'I', 'Ñ'=>'N', 'Ò'=>'O', 'Ó'=>'O', 'Ô'=>'O',
    			'Õ'=>'O', 'Ö'=>'O', '&#336;'=>'O', 'Ø'=>'O', 'Ù'=>'U', 'Ú'=>'U', 'Û'=>'U', 'Ü'=>'U', '&#368;'=>'U', 'Ý'=>'Y',
    			'Þ'=>'B', 'ß'=>'Ss','à'=>'a', 'á'=>'a', 'â'=>'a', 'ã'=>'a', 'ä'=>'a', 'å'=>'a', 'æ'=>'a', 'ç'=>'c',
    			'è'=>'e', 'é'=>'e', 'ê'=>'e', 'ë'=>'e', 'ì'=>'i', 'í'=>'i', 'î'=>'i', 'ï'=>'i', 'ð'=>'o', 'ñ'=>'n',
    			'ò'=>'o', 'ó'=>'o', 'ô'=>'o', 'õ'=>'o', 'ö'=>'o', '&#337;'=>'o', 'ø'=>'o', 'ù'=>'u', 'ú'=>'u', '&#369;'=>'u',
    			'û'=>'u', 'ü'=>'u', 'ý'=>'y', 'ý'=>'y', 'þ'=>'b', 'ÿ'=>'y', '&#340;'=>'R', '&#341;'=>'r', ' '=>'_', "'"=>'_', '/'=>''
    	);
    
    	if (is_array($string)) {
    
    		$cleaned = array();
    
    		foreach ($string as $key => $clean) {
    			$clean = strtr($clean, $mapping);
    
    			if($this->config['options']['chars_only_latin'] == true) {
    				$clean = preg_replace("/[^{$allow}_a-zA-Z0-9]/u", '', $clean);
    				// $clean = preg_replace("/[^{$allow}_a-zA-Z0-9\x{0430}-\x{044F}\x{0410}-\x{042F}]/u", '', $clean); // allow only latin alphabet with cyrillic
    			}
    			$cleaned[$key] = preg_replace('/[_]+/', '_', $clean); // remove double underscore
    		}
    	} else {
    		$clean = strtr($string, $mapping);
    		if($this->config['options']['chars_only_latin'] == true) {
    			$clean = preg_replace("/[^{$allow}_a-zA-Z0-9]/u", '', $clean);
    			// $clean = preg_replace("/[^{$allow}_a-zA-Z0-9\x{0430}-\x{044F}\x{0410}-\x{042F}]/u", '', $string); // allow only latin alphabet with cyrillic
    		}
    		$cleaned = preg_replace('/[_]+/', '_', $clean); // remove double underscore
    		
    	}
    	return $cleaned;
    }
    
    /**
     * Checking if permission is set or not for a given action
     * @param string $action
     * @return boolean
     */
    private function has_permission($action) {
    	return in_array($action, $this->allowed_actions);
    }
    
    /**
     * Return Thumbnail path from given path
     * works for both file and dir path
     * @param string $path
     */
    private function get_thumbnail_path($path) {
    	
    	$pos = strrpos($path, $this->separator);
    	$a[0] = substr($path,0,$pos);
    	$a[1] = substr($path,$pos+strlen($this->separator));
    
    	$path_parts = pathinfo($path);
    
    	$thumbnail_path = $a[0].$this->separator.'/'.$this->cachefolder.dirname(end($a)).'/';
    	if(!is_dir($path)) $thumbnail_name = $path_parts['filename'] . '_' . $this->thumbnail_width . 'x' . $this->thumbnail_height . 'px.' . $path_parts['extension'];
    	
    	if(is_dir($path)) {
    		$thumbnail_fullpath = $thumbnail_path;
    	} else {
    		$thumbnail_fullpath = $thumbnail_path.$thumbnail_name;
    	}
    
    	return $thumbnail_fullpath;
    
    }
    
    /**
     * For debugging just call
     * the direct URL http://localhost/Filemanager/connectors/php/filemanager.php?mode=preview&path=%2FFilemanager%2Fuserfiles%2FMy%20folder3%2Fblanches_neiges.jPg&thumbnail=true
     * and echo vars below
     * @param string $path
     */
    private function get_thumbnail($path) {
    	
    	require_once('./inc/wideimage/lib/WideImage.php');
    	
    	$thumbnail_fullpath = $this->get_thumbnail_path($path);
    	
    	// echo $thumbnail_fullpath.'<br>';
    	
    	// if thumbnail does not exist we generate it
    	if(!file_exists($thumbnail_fullpath)) {
    		
    		// create folder if it does not exist
    		if(!file_exists(dirname($thumbnail_fullpath))) {
    			mkdir(dirname($thumbnail_fullpath), 0755, true);
    		}
    		$image = WideImage::load($path);
    		$resized = $image->resize($this->thumbnail_width, $this->thumbnail_height, 'outside')->crop('center', 'center', $this->thumbnail_width, $this->thumbnail_height);
    		$resized->saveToFile($thumbnail_fullpath);
    
    		$this->__log(__METHOD__ . ' - generating thumbnail :  '. $thumbnail_fullpath);
    		
    	}
    	
    	return $thumbnail_fullpath;
    }
    
    private function sanitize($var) {
    	
    	$sanitized = strip_tags($var);
    	$sanitized = str_replace('http://', '', $sanitized);
    	$sanitized = str_replace('https://', '', $sanitized);
    	$sanitized = str_replace('../', '', $sanitized);
    
    	return $sanitized;
    }
    
    private function checkFilename($path,$filename,$i='') {
    	if(!file_exists($path . $filename)) {
    		return $filename;
    	} else {
    		$_i = $i;
    		$tmp = explode(/*$this->config['upload']['suffix'] . */$i . '.',$filename);
    		if($i=='') {
    			$i=1;
    		} else {
    			$i++;
    		}
    		$filename = str_replace($_i . '.' . $tmp[(sizeof($tmp)-1)],$i . '.' . $tmp[(sizeof($tmp)-1)],$filename);
    		return $this->checkFilename($path,$filename,$i);
    	}
    }
    
    private function loadLanguageFile() {
    
    	// we load langCode var passed into URL if present and if exists
    	// else, we use default configuration var
    	$lang = $this->config['options']['culture'];
    	if(isset($this->params['langCode']) && in_array($this->params['langCode'], $this->languages)) $lang = $this->params['langCode'];
    
    	if(file_exists($this->root. 'scripts/languages/'.$lang.'.js')) {
    		$stream =file_get_contents($this->root. 'scripts/languages/'.$lang.'.js');
    		$this->language = json_decode($stream, true);
    	} else {
    		$stream =file_get_contents($this->root. 'scripts/languages/'.$lang.'.js');
    		$this->language = json_decode($stream, true);
    	}
    }
    
    private function availableLanguages() {
    
    	if ($handle = opendir($this->root.'/scripts/languages/')) {
    		while (false !== ($file = readdir($handle))) {
    			if ($file != "." && $file != "..") {
    				array_push($this->languages, pathinfo($file, PATHINFO_FILENAME));
    			}
    		}
    		closedir($handle);
    	}
    }
    
    private function is_image($path) {
    	
    	$a = getimagesize($path);
    	$image_type = $a[2];
    
    	return in_array($image_type , array(IMAGETYPE_GIF , IMAGETYPE_JPEG ,IMAGETYPE_PNG , IMAGETYPE_BMP));
    }
    
    private function is_root_folder($path) {
    	return rtrim($this->path_to_files,"/") == rtrim($path,"/");
    }
    
    private function is_editable($file) {
    
    	$path_parts = pathinfo($file);
    	
    	$exts = array_map('strtolower', $this->config['edit']['editExt']);
    	
    	return in_array($path_parts['extension'], $exts);
    }
    
    
    private function get_user_ip()
    {
    	$client  = @$_SERVER['HTTP_CLIENT_IP'];
    	$forward = @$_SERVER['HTTP_X_FORWARDED_FOR'];
    	$remote  = $_SERVER['REMOTE_ADDR'];
    
    	if(filter_var($client, FILTER_VALIDATE_IP))
    	{
    		$ip = $client;
    	}
    	elseif(filter_var($forward, FILTER_VALIDATE_IP))
    	{
    		$ip = $forward;
    	}
    	else
    	{
    		$ip = $remote;
    	}
    
    	return $ip;
    }
    
    
    private function __log($msg) {
    		
    	if($this->logger == true) {
    
    		$fp = fopen($this->logfile, "a");
    		$str = "[" . date("d/m/Y h:i:s", time()) . "]#".  $this->get_user_ip() . "#" . $msg;
    		fwrite($fp, $str . PHP_EOL);
    		fclose($fp);
    	}
    		
    }
    
    public function enableLog($logfile = '') {
    		
    	$this->logger = true;
    		
    	if($logfile != '') {
    		$this->logfile = $logfile;
    	}
    		
    	$this->__log(__METHOD__ . ' - Log enabled (in '. $this->logfile. ' file)');
    		
    }
    
    public function disableLog() {
    
    	$this->logger = false;
    
    	$this->__log(__METHOD__ . ' - Log disabled');
    }
    
    /**
     * Remove "../" from path
     *
     * @param string path to be converted
     * @param bool if dir names should be cleaned
     * @return string or false in case of error (as exception are not used here)
     */
    public function expandPath($path, $clean = false)
    {
    	$todo  = explode('/', $path);
    	$fullPath = array();
    
    	foreach ($todo as $dir) {
    		if ($dir == '..') {
    			$element = array_pop($fullPath);
    			if (is_null($element)) {
    				return false;
    			}
    		} else {
    			if ($clean) {
    				$dir = $this->cleanString($dir);
    			}
    			array_push($fullPath, $dir);
    		}
    	}
    	return implode('/', $fullPath);
    }
    }
    ?>


    wie gesagt er macht alles bis in meinem fall zum "include/images/uploads/userfiles/'" was dahinter ist ignoriert er. . $_SESSION['userfoldername'].'/';

    auch wenn ich das in authname umändere gleiches problem.
    lt. simogeo kein problem von ihm sondern von ilch
    0 Mitglieder finden den Beitrag gut.
  4. #4
    User Pic
    Siggi Hall Of Fame
    Registriert seit
    08.02.2007
    Beiträge
    6.558
    Beitragswertungen
    327 Beitragspunkte
    Würde sagen den kannst du nicht einfach so in ilch einbauen aber denke dafür hab ich zu wenig Ahnung um dies genau zu sagen
    0 Mitglieder finden den Beitrag gut.
  5. #5
    User Pic
    MonkeyOnKeyboard Moderator
    Registriert seit
    10.02.2014
    Beiträge
    457
    Beitragswertungen
    22 Beitragspunkte
    ZitatZitat geschrieben von Siggi
    Würde sagen den kannst du nicht einfach so in ilch einbauen aber denke dafür hab ich zu wenig Ahnung um dies genau zu sagen


    der kommt ja mit ilch mit uns ist für den ckeditor gedacht.
    Nuja beides ckeditor und den filemanager habe ich auf die neuste version geupdatet und den ckeditor im forum eingebaut.
    aufruf des filemanagers klappt ja auch nur er ignoriert einfach in der $folderpath die variable $_SESSION['athname']

    ich hab die vermutung das liegt an der class datei wie er dann die ordner zusammenbaut.

    leider gibt es in punkto filemanger für ckeditor keine so große alternastive die ein userordner anlegen können.

    Hier mal der auszug aus der logdfatei um nochmal zu dokumentieren das er es ignoriert.

    [17/08/2015 06:20:40]#217.228.253.185#path_to_files : /var/www/vhosts/caelum-et-infernum.eu/httpdocs/include/images/uploads/userfiles/
    [17/08/2015 06:20:40]#217.228.253.185#Filemanager::enableLog - Log enabled (in /tmp/filemanager.log file)
    [17/08/2015 06:20:40]#217.228.253.185#Filemanager::__construct $this->root value /var/www/vhosts/caelum-et-infernum.eu/httpdocs/include/includes/filemanager/
    [17/08/2015 06:20:40]#217.228.253.185#Filemanager::__construct $this->path_to_files /var/www/vhosts/caelum-et-infernum.eu/httpdocs//
    [17/08/2015 06:20:40]#217.228.253.185#Filemanager::__construct $this->doc_root value /var/www/vhosts/caelum-et-infernum.eu/httpdocs
    [17/08/2015 06:20:40]#217.228.253.185#Filemanager::__construct $this->separator value 
    [17/08/2015 06:20:40]#217.228.253.185#Filemanager::setFileRoot $this->doc_root value overwritten : /var/www/vhosts/caelum-et-infernum.eu/httpdocs/include/images/uploads/userfiles/
    [17/08/2015 06:20:40]#217.228.253.185#Filemanager::setFileRoot $this->dynamic_fileroot value /include/images/uploads/userfiles/
    [17/08/2015 06:20:40]#217.228.253.185#Filemanager::setFileRoot $this->path_to_files /var/www/vhosts/caelum-et-infernum.eu/httpdocs/include/images/uploads/userfiles/
    [17/08/2015 06:20:40]#217.228.253.185#Filemanager::setFileRoot $this->separator value userfiles
    [17/08/2015 06:20:40]#217.228.253.185#substr path_to_files : /var/www/vhosts/caelum-et-infernum.eu/httpdocs/include/images/uploads/userfiles/
    [17/08/2015 06:20:40]#217.228.253.185#path_to_files : /var/www/vhosts/caelum-et-infernum.eu/httpdocs/include/images/uploads/userfiles/



    Zuletzt modifiziert von magicmarkus am 17.08.2015 - 18:30:15
    0 Mitglieder finden den Beitrag gut.
  6. #6
    User Pic
    MonkeyOnKeyboard Moderator
    Registriert seit
    10.02.2014
    Beiträge
    457
    Beitragswertungen
    22 Beitragspunkte
    So ich mach es mal über einen neuen Post.

    Also man kann den filemanager und ckeditor doch sehr schön in ilch intigrieren, läuft jetzt alles.

    Der Fehler lag bei mir und zwar in der user.config.php.

    Ich habe den Sessionaufruf, statts vor der Fallentscheidung, mitten rein gebaut.

    So ist es nun korrekt

    session_name  ('sid');
        session_start();
     
    
    
    $folderPath = "include/downs/upload/members/" . $_SESSION['authname'] . "/";
    //$folderPath =  . $_SESSION['uploadURL'] . ;
    $fm = new Filemanager();
    $fm->setFileRoot($folderPath, true);
    
    function auth() {
       if(isset($_SESSION['authright']) )
        {
            if($_SESSION['authright'] <= -3)
            {
                return true;
            }
        }
        return false;
    }


    Läuft doch alles super.
    0 Mitglieder finden den Beitrag gut.
Geschlossen

Zurück zu Module und Modifikationen

Optionen: Bei einer Antwort zu diesem Thema eine eMail erhalten