Subversion Repositories sysadmin_scripts

Rev

Rev 126 | Blame | Compare with Previous | Last modification | View Log | Download | RSS feed

<?php

/*
 * script: upload_file.php
 * author: Rod Rodolico
 * date:   2022-06-04
 * use:    Upload a file and create an info file with parameters
 * 
 * Description:
 * This is a general purpose file upload script, the generalized form of upload_sysinfo_report.php which is used in the sysinfo
 * project.
 * 
 * Uploaded file is saved into STORAGE_PATH/upload_type, where upload_type is passed as a parameter. If no upload_type is specified, 
 * the file is stored in STORAGE_PATH.
 * 
 * A second file is then created by appending .info to the file. This file contains the contents of all parameters passed on the 
 * URL GET/POST (using $_REQUEST) in key:value format. Note that this is the exact file name with .info appended, so joe.info 
 * becomes joe.info.info
 * 
 * Three parameters have special meaning
 * file is the key looked for for the actual file contents
 * if filename is set, it is sanitized and used to store the file on disk. Otherwise, a random file name is created.
 * if upload_type is set, the file is stored in STORAGE_PATH/upload_type. Otherwise, STORAGE_PATH/ is used.
 * Both of these are sanitized by removing all non-alphanumeric/underscore characters. See function sanitize_filename
 * 
 * Example Usage:
 * http://url?upload_type=sysinfo&filename=joe.info&report_date=2016-04-01 13:11:04&client=My Client Name&hostname=server.example.com&serialnumber=dd-app-005&report=now is the time for all good men
 * Obviously, all values must be URL encoded
 * 
 * The file STORAGE_PATH/sysinfo/joe.info will be created with the file contents
 * The file STORAGE_PATH/sysinfo/joe.info.info will be created with the following contents
 * upload_type:sysinfo
 * filename:joe.info
 * report_date:2016-04-01 13:11:04
 * client:My Client Name
 * hostname:server.example.com
 * serialnumber:dd-app-005
 * report:now is the time for all good men
 * 
 * NOTE: if STORAGE_PATH/whatever doesn't exist, it is created as the web server user, with permissions 777
 * 
 * To create the storage directory manually, it must be writable by the web server user, ie if storing in storing it 
 * in ~/camp/sysinfo_reports, the following should be run as root
 * mkdir -p ~camp/sysinfo_reports/http
 * chown camp:www-data ~camp/sysinfo_reports/http
 * chmod 775 ~camp/sysinfo_reports/http
*/

define ( 'VERSION', '1.0' );
define ( 'BUILD_DATE', '2016-04-03' );
define ( 'STORAGE_PATH', '/srv/camp/reports' ); 

function sanitize_filename ( $filename, $allowed = 'a-zA-Z0-9-', $special_chars = '_', $replace_char = '-', $removeDups = true ) {
   $filename = str_replace( $allowed . $special_chars,$replace_char, $filename );
   if ( $removeDups )
      $filename = preg_replace( "/($replace_char)+/", $replace_char, $filename );
   return $filename;
}


function saveFile ( $filesHash, $targetPath, $filename, $info ) {
   if ( $filesHash['error'] )
      return "Error in filesHash " . $filesHash[error];
   // first, let's get a file name we can use
   if ( ! $filename ) {
      $filename = sanitize_filename( isset( $filesHash['name'] ) ? $filesHash['name'] : $filesHash['tmp_name']  );
      if ( ! $filename ) {
         $filename = uniqid( rand(), true );
      }
   }
   $targetPath .= '/' . $filename;
   while ( file_exists( $targetPath ) ) {
      $targetPath .= '.1';
   }
   # Now, move the uploaded file
   if ( move_uploaded_file( $filesHash['tmp_name'], $targetPath ) ) {
      $targetPath .= '.info';
      file_put_contents( $targetPath, $info );
   } else {
      return "could not save file $targetPath";
   }
   return filesize($targetPath);
}


// file_put_contents( STORAGE_PATH . '/report.log', print_r( $report, true ) );


$path = STORAGE_PATH;
if ( isset( $_REQUEST['upload_type'] ) ) {
   $path .= '/' . sanitize_filename( $_REQUEST['upload_type'] );
}

if ( ! is_dir( $path ) ) {
   mkdir( $path, 0777, true );
}

$text = array();
foreach ( $_REQUEST as $key => $value ) {
   $text[] = $key . ':' . $value;
}
$text = implode( "\n", $text );
foreach ( $_FILES as $key => $value ) {
   file_put_contents( "/tmp/uploadFile", $text );
   print saveFile( 
      $value, 
      $path,
      isset( $_REQUEST['filename'] ) ? sanitize_filename( $_REQUEST['filename'] ) : '',
      $text
   );
}


?>