Rev 125 | Blame | Compare with Previous | Last modification | View Log | Download | RSS feed
<?php
/*
* script: upload_file.php
* author: Rod Rodolico
* date: 2022-06-04
* use: Upload a file and create an info file with parameters
*
* Description:
* This is a general purpose file upload script, the generalized form of upload_sysinfo_report.php which is used in the sysinfo
* project.
*
* Uploaded file is saved into STORAGE_PATH/upload_type, where upload_type is passed as a parameter. If no upload_type is specified,
* the file is stored in STORAGE_PATH.
*
* A second file is then created by appending .info to the file. This file contains the contents of all parameters passed on the
* URL GET/POST (using $_REQUEST) in key:value format. Note that this is the exact file name with .info appended, so joe.info
* becomes joe.info.info
*
* Three parameters have special meaning
* file is the key looked for for the actual file contents
* if filename is set, it is sanitized and used to store the file on disk. Otherwise, a random file name is created.
* if upload_type is set, the file is stored in STORAGE_PATH/upload_type. Otherwise, STORAGE_PATH/ is used.
* Both of these are sanitized by removing all non-alphanumeric/underscore characters. See function sanitize_filename
*
* Example Usage:
* http://url?upload_type=sysinfo&filename=joe.info&report_date=2016-04-01 13:11:04&client=My Client Name&hostname=server.example.com&serialnumber=dd-app-005&report=now is the time for all good men
* Obviously, all values must be URL encoded
*
* The file STORAGE_PATH/sysinfo/joe.info will be created with the file contents
* The file STORAGE_PATH/sysinfo/joe.info.info will be created with the following contents
* upload_type:sysinfo
* filename:joe.info
* report_date:2016-04-01 13:11:04
* client:My Client Name
* hostname:server.example.com
* serialnumber:dd-app-005
* report:now is the time for all good men
*
* NOTE: if STORAGE_PATH/whatever doesn't exist, it is created as the web server user, with permissions 777
*
* To create the storage directory manually, it must be writable by the web server user, ie if storing in storing it
* in ~/camp/sysinfo_reports, the following should be run as root
* mkdir -p ~camp/sysinfo_reports/http
* chown camp:www-data ~camp/sysinfo_reports/http
* chmod 775 ~camp/sysinfo_reports/http
*/
define ( 'VERSION', '1.0' );
define ( 'BUILD_DATE', '2016-04-03' );
define ( 'STORAGE_PATH', '/srv/camp/reports' );
function sanitize_filename ( $filename, $allowed = 'a-zA-Z0-9-', $special_chars = '_', $replace_char = '-', $removeDups = true ) {
$filename = str_replace( $allowed . $special_chars,$replace_char, $filename );
if ( $removeDups )
$filename = preg_replace( "/($replace_char)+/", $replace_char, $filename );
return $filename;
}
function saveFile ( $filesHash, $targetPath, $filename, $info ) {
if ( $filesHash['error'] )
return "Error in filesHash " . $filesHash[error];
// first, let's get a file name we can use
if ( ! $filename ) {
$filename = sanitize_filename( isset( $filesHash['name'] ) ? $filesHash['name'] : $filesHash['tmp_name'] );
if ( ! $filename ) {
$filename = uniqid( rand(), true );
}
}
$targetPath .= '/' . $filename;
while ( file_exists( $targetPath ) ) {
$targetPath .= '.1';
}
# Now, move the uploaded file
if ( move_uploaded_file( $filesHash['tmp_name'], $targetPath ) ) {
$targetPath .= '.info';
file_put_contents( $targetPath, $info );
} else {
return "could not save file $targetPath";
}
return filesize($targetPath);
}
// file_put_contents( STORAGE_PATH . '/report.log', print_r( $report, true ) );
$path = STORAGE_PATH;
if ( isset( $_REQUEST['upload_type'] ) ) {
$path .= '/' . sanitize_filename( $_REQUEST['upload_type'] );
}
if ( ! is_dir( $path ) ) {
mkdir( $path, 0777, true );
}
$text = array();
foreach ( $_REQUEST as $key => $value ) {
$text[] = $key . ':' . $value;
}
$text = implode( "\n", $text );
foreach ( $_FILES as $key => $value ) {
file_put_contents( "/tmp/uploadFile", $text );
print saveFile(
$value,
$path,
isset( $_REQUEST['filename'] ) ? sanitize_filename( $_REQUEST['filename'] ) : '',
$text
);
}
?>