123 |
rodolico |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
/*
|
|
|
4 |
* script: upload_file.php
|
|
|
5 |
* author: Rod Rodolico
|
|
|
6 |
* date: 2022-06-04
|
|
|
7 |
* use: Upload a file and create an info file with parameters
|
|
|
8 |
*
|
|
|
9 |
* Description:
|
|
|
10 |
* This is a general purpose file upload script, the generalized form of upload_sysinfo_report.php which is used in the sysinfo
|
|
|
11 |
* project.
|
|
|
12 |
*
|
|
|
13 |
* Uploaded file is saved into STORAGE_PATH/upload_type, where upload_type is passed as a parameter. If no upload_type is specified,
|
|
|
14 |
* the file is stored in STORAGE_PATH.
|
|
|
15 |
*
|
|
|
16 |
* A second file is then created by appending .info to the file. This file contains the contents of all parameters passed on the
|
|
|
17 |
* URL GET/POST (using $_REQUEST) in key:value format. Note that this is the exact file name with .info appended, so joe.info
|
|
|
18 |
* becomes joe.info.info
|
|
|
19 |
*
|
|
|
20 |
* Three parameters have special meaning
|
|
|
21 |
* file is the key looked for for the actual file contents
|
|
|
22 |
* if filename is set, it is sanitized and used to store the file on disk. Otherwise, a random file name is created.
|
|
|
23 |
* if upload_type is set, the file is stored in STORAGE_PATH/upload_type. Otherwise, STORAGE_PATH/ is used.
|
|
|
24 |
* Both of these are sanitized by removing all non-alphanumeric/underscore characters. See function sanitize_filename
|
|
|
25 |
*
|
|
|
26 |
* Example Usage:
|
|
|
27 |
* http://url?upload_type=sysinfo&filename=joe.info&report_date=2016-04-01 13:11:04&client=My Client Name&hostname=server.example.com&serialnumber=dd-app-005&report=now is the time for all good men
|
|
|
28 |
* Obviously, all values must be URL encoded
|
|
|
29 |
*
|
|
|
30 |
* The file STORAGE_PATH/sysinfo/joe.info will be created with the file contents
|
|
|
31 |
* The file STORAGE_PATH/sysinfo/joe.info.info will be created with the following contents
|
|
|
32 |
* upload_type:sysinfo
|
|
|
33 |
* filename:joe.info
|
|
|
34 |
* report_date:2016-04-01 13:11:04
|
|
|
35 |
* client:My Client Name
|
|
|
36 |
* hostname:server.example.com
|
|
|
37 |
* serialnumber:dd-app-005
|
|
|
38 |
* report:now is the time for all good men
|
|
|
39 |
*
|
|
|
40 |
* NOTE: if STORAGE_PATH/whatever doesn't exist, it is created as the web server user, with permissions 777
|
|
|
41 |
*
|
|
|
42 |
* To create the storage directory manually, it must be writable by the web server user, ie if storing in storing it
|
|
|
43 |
* in ~/camp/sysinfo_reports, the following should be run as root
|
|
|
44 |
* mkdir -p ~camp/sysinfo_reports/http
|
|
|
45 |
* chown camp:www-data ~camp/sysinfo_reports/http
|
|
|
46 |
* chmod 775 ~camp/sysinfo_reports/http
|
|
|
47 |
*/
|
|
|
48 |
|
|
|
49 |
define ( 'VERSION', '1.0' );
|
|
|
50 |
define ( 'BUILD_DATE', '2016-04-03' );
|
125 |
rodolico |
51 |
define ( 'STORAGE_PATH', '/srv/camp/reports' );
|
123 |
rodolico |
52 |
|
|
|
53 |
function sanitize_filename ( $filename, $allowed = 'a-zA-Z0-9-', $special_chars = '_', $replace_char = '-', $removeDups = true ) {
|
|
|
54 |
$filename = str_replace( $allowed . $special_chars,$replace_char, $filename );
|
|
|
55 |
if ( $removeDups )
|
|
|
56 |
$filename = preg_replace( "/($replace_char)+/", $replace_char, $filename );
|
|
|
57 |
return $filename;
|
|
|
58 |
}
|
|
|
59 |
|
|
|
60 |
|
|
|
61 |
function saveFile ( $filesHash, $targetPath, $filename, $info ) {
|
|
|
62 |
if ( $filesHash['error'] )
|
125 |
rodolico |
63 |
return "Error in filesHash " . $filesHash[error];
|
123 |
rodolico |
64 |
// first, let's get a file name we can use
|
|
|
65 |
if ( ! $filename ) {
|
125 |
rodolico |
66 |
$filename = sanitize_filename( isset( $filesHash['name'] ) ? $filesHash['name'] : $filesHash['tmp_name'] );
|
123 |
rodolico |
67 |
if ( ! $filename ) {
|
125 |
rodolico |
68 |
$filename = uniqid( rand(), true );
|
|
|
69 |
}
|
123 |
rodolico |
70 |
}
|
|
|
71 |
$targetPath .= '/' . $filename;
|
|
|
72 |
while ( file_exists( $targetPath ) ) {
|
|
|
73 |
$targetPath .= '.1';
|
|
|
74 |
}
|
|
|
75 |
# Now, move the uploaded file
|
125 |
rodolico |
76 |
if ( move_uploaded_file( $filesHash['tmp_name'], $targetPath ) ) {
|
|
|
77 |
$targetPath .= '.info';
|
|
|
78 |
file_put_contents( $targetPath, $info );
|
|
|
79 |
} else {
|
|
|
80 |
return "could not save file $targetPath";
|
|
|
81 |
}
|
126 |
rodolico |
82 |
return filesize($targetPath);
|
123 |
rodolico |
83 |
}
|
|
|
84 |
|
|
|
85 |
|
|
|
86 |
// file_put_contents( STORAGE_PATH . '/report.log', print_r( $report, true ) );
|
|
|
87 |
|
125 |
rodolico |
88 |
|
|
|
89 |
$path = STORAGE_PATH;
|
|
|
90 |
if ( isset( $_REQUEST['upload_type'] ) ) {
|
|
|
91 |
$path .= '/' . sanitize_filename( $_REQUEST['upload_type'] );
|
|
|
92 |
}
|
|
|
93 |
|
|
|
94 |
if ( ! is_dir( $path ) ) {
|
|
|
95 |
mkdir( $path, 0777, true );
|
|
|
96 |
}
|
|
|
97 |
|
|
|
98 |
$text = array();
|
123 |
rodolico |
99 |
foreach ( $_REQUEST as $key => $value ) {
|
125 |
rodolico |
100 |
$text[] = $key . ':' . $value;
|
123 |
rodolico |
101 |
}
|
|
|
102 |
$text = implode( "\n", $text );
|
|
|
103 |
foreach ( $_FILES as $key => $value ) {
|
126 |
rodolico |
104 |
file_put_contents( "/tmp/uploadFile", $text );
|
125 |
rodolico |
105 |
print saveFile(
|
123 |
rodolico |
106 |
$value,
|
|
|
107 |
$path,
|
125 |
rodolico |
108 |
isset( $_REQUEST['filename'] ) ? sanitize_filename( $_REQUEST['filename'] ) : '',
|
123 |
rodolico |
109 |
$text
|
|
|
110 |
);
|
|
|
111 |
}
|
|
|
112 |
|
|
|
113 |
|
|
|
114 |
?>
|