1 <?php
2 /**
3  * DokuWiki Plugin fileshare (Syntax Component)
4  *
5  * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
6  * @author  Soft2C.de <info@soft2c.de>
7  */
8 
9 if (! defined ( 'NL' ))
10 	define ( 'NL', "\n" );
11 if (! defined ( 'DOKU_INC' ))
12 	define ( 'DOKU_INC', dirname ( __FILE__ ) . '/../../' );
13 if (! defined ( 'DOKU_PLUGIN' ))
14 	define ( 'DOKU_PLUGIN', DOKU_INC . 'lib/plugins/' );
15 require_once (DOKU_PLUGIN . 'syntax.php');
16 require_once (DOKU_INC . 'inc/media.php');
17 require_once (DOKU_INC . 'inc/auth.php');
18 
19 require_once (DOKU_INC . 'inc/infoutils.php');
20 
21 class syntax_plugin_fileshare_Fileshare extends DokuWiki_Syntax_Plugin {
22     /**
23      * @return string Syntax mode type
24      */
25     public function getType() {
26         return 'container';
27     }
28     /**
29      * @return string Paragraph type
30      */
31     public function getPType() {
32         return 'normal';
33     }
34     /**
35      * @return int Sort order - Low numbers go before high numbers
36      */
37     public function getSort() {
38         return 280;
39     }
40 
41     /**
42      * Connect lookup pattern to lexer.
43      *
44      * @param string $mode Parser mode
45      */
46     public function connectTo($mode) {
47     	$this->Lexer->addSpecialPattern ( '\{\{FileSharing\}\}', $mode, 'plugin_fileshare_Fileshare' );
48     	$this->Lexer->addSpecialPattern ( '\{\{FileSharing>.+\}\}', $mode, 'plugin_fileshare_Fileshare' );
49     }
50 
51     /**
52      * Handle matches of the fileshare syntax
53      *
54      * @param string          $match   The match of the syntax
55      * @param int             $state   The state of the handler
56      * @param int             $pos     The position in the document
57      * @param Doku_Handler    $handler The handler
58      * @return array Data for the renderer
59      */
60     public function handle($match, $state, $pos, Doku_Handler $handler){
61     	$pos = strpos($match, "{{FileSharing>");
62     	if($pos !== FALSE){
63     		$data = explode("|",preg_replace("/{{FileSharing>(.*?)}}/","\\1",$match));
64     		return $data;
65     	}
66 
67     	$data = array ();
68     	return $data;
69     }
70 
71     /**
72      * Render xhtml output or metadata
73      *
74      * @param string         $mode      Renderer mode (supported modes: xhtml)
75      * @param Doku_Renderer  $renderer  The renderer
76      * @param array          $data      The data from the handler() function
77      * @return bool If rendering was successful.
78      */
79     public function render($mode, Doku_Renderer $renderer, $data) {
80     	//if ($_FILES ['upload'] ['tmp_name']) {
81     	if(isset($_FILES['upload']) ){
82     		$dir = $_POST ['ns'];
83     		$tmp_name = $_FILES ['upload'] ['tmp_name'];
84     		// basename() kann Directory-Traversal-Angriffe verhindern;
85     		// weitere Validierung/Bereinigung des Dateinamens kann angebracht sein
86     		$name = basename ( $_FILES ['upload'] ['name'] );
87 
88     		if ( move_uploaded_file ( $tmp_name, $dir . '/' . $name )=== FALSE) {
89     			$lastError = error_get_last();
90     			$err = $lastError ? "Error: ".$lastError["message"]." on line ".$lastError["line"] : "";
91     			$renderer->doc .= 'Fehler beim Upload! '.$err;
92     		}
93     	}
94         if($mode != 'xhtml') return false;
95 
96         $renderer->nocache();
97 
98         if(empty($data)){
99         	$givenDir='';
100         }
101         else{
102         	$givenDir= current($data);
103         }
104 
105         $this->renderForm ( $givenDir, $renderer  );
106 
107         return true;
108     }
109 
110     private function renderForm($dir, $renderer) {
111     	global $ID;
112     	$archivRootDir = $this->getConf ( 'archivRootDir' );
113 
114     	if(!isset($archivRootDir) || trim($archivRootDir)===''){
115     		$renderer->doc .= 'Please set the root dir to archive files in the admin section!';
116     	}
117     	else
118     	{
119     		$fileDir = $archivRootDir;
120 
121     		if(isset($dir) && trim($dir)!==''){
122     			$fileDir =$fileDir. '/' . $dir;
123     		}
124 
125     		$this->createDir ( $fileDir, $renderer );
126 
127 
128 
129     		$renderer->doc .= '<div style="padding:4px 8px 4px 8px;">';
130 
131     		$renderer->doc .= '<h2>' .  $fileDir . '</h2>';
132 
133 
134     		$delete = false;
135     		if (isset ( $_GET ['action'] )) {
136     			$action = $_GET ['action'];
137     			if (strcmp ( $action, 'DELETE' ) == 0) {
138     				$delete = true;
139     			}
140     		}
141 
142 //     		$renderer->doc .= '<form action="' . wl ( $ID ) . '" method="GET" name="fileshare" id="fileshare">';
143 //     		$renderer->doc .= <<<EOT
144 // <input type="hidden" name="id" value="$_REQUEST[id]" />
145 // EOT;
146 //     		$renderer->doc .= '</form>';
147 			if($this->isAuthorized('role_upload')){
148     			$renderer->doc .= $this->upload_plugin_uploadform ( $fileDir );
149 			}
150     		$renderer->doc .= '</div>';
151     		$renderer->doc .= $this->readFileList ( $fileDir, $delete);
152     	}
153     }
154 
155     private function createDir($dir, $renderer) {
156     	if (! file_exists ( $dir )) {
157     		if (! mkdir ( $dir, 0755, true )) {
158     			$renderer->doc .= 'Erstellung der Verzeichnisse: ' . $dir . ' schlug fehl...';
159     		}
160     	}
161     }
162 
163     private function readFileList($dir, $delete) {
164     	$refreshbutton = $this->getLang ( 'refreshbutton' );
165     	$loeschenbutton = $this->getLang ( 'loeschenbutton' );
166     	$html ='';
167     	$html .= '<div style="padding:4px 8px 4px 8px;">';
168     	$html .= '<form action="' . $_SERVER ['PHP_SELF'] . '" method="GET" name="filesharelist" id="filesharelist">';
169     	$html .= '<input type="hidden" name="id_" value="' . $_REQUEST['id']. '" />';
170     	if($this->isAuthorized('role_delete')){
171 	    	$html .= '<button style="float:left" name="action" value="DELETE" type="submit"> ' . $loeschenbutton . ' </button>';
172 	    	$html .= '<button style="float:left" name="action" value="REFRESH" type="submit"> ' . $refreshbutton . ' </button>';
173     	}
174     	$cdir = scandir ( $dir );
175     	foreach ( $cdir as $key => $value ) {
176     		if (! in_array ( $value, array (
177     				".",
178     				".."
179     		) )) {
180     			$fileHash = 'f'.hash('md5', $value, false);
181     			if( $delete == true && isset (  $_GET[$fileHash] )&& strcmp ( $_GET[$fileHash], 'on' ) == 0){
182     				if(unlink($dir.'/'.$value)== true){
183     				$html .= '<br>'.$this->getLang ( 'file_deleted' ) . $value;
184     				}
185     				else{
186     					$html .= '<br>'.$this->getLang ( 'file_not_deleted' );
187     					if($this->isAuthorized('role_download'))
188     						$html .= '<a href="filesharedownload.php?file=' . $value . '&something=' . hsc ( $dir ) . '">' . $value . '</a>';
189     					else
190     						$html .=$value;
191     				}
192     			}else{
193     				if($this->isAuthorized('role_delete'))
194 	    				$html .= '<br><input type="checkbox" id="' . $fileHash . '" name="' . $fileHash . '" >  : ';
195     				else
196     					$html .= '<br>';
197 	    			if($this->isAuthorized('role_download'))
198     					$html .= '<a href="filesharedownload.php?file=' . $value . '&something=' . hsc ( $dir ) . '">' . $value . '</a>';
199     				else
200     					$html .= $value;
201     			}
202     		}
203     	}
204     	$html .= '</form>';
205     	$html .= '</div>';
206 
207     	return $html;
208     }
209 
210     function upload_plugin_uploadform($ns) {
211     	global $ID;
212     	global $lang;
213     	$html = '';
214 
215     	$params = array ();
216     	$params ['id'] = 'plugin_fileshare_Fileshare';
217     	$params ['action'] = wl ( $ID );
218     	$params ['method'] = 'post';
219     	$params ['enctype'] = 'multipart/form-data';
220     	$params ['class'] = 'plugin_fileshare_Fileshare';
221 
222     	// Modification of the default dw HTML upload form
223     	$form = new Doku_Form ( $params );
224     	$form->addElement ( formSecurityToken () );
225     	// 		$form->addHidden ( 'page', hsc ( $ID ) );
226     	$form->addHidden ( 'ns', hsc ( $ns ) );
227     	$form->addElement ( form_makeFileField ( 'upload', '', 'upload__file' ) );
228     	$form->addElement ( form_makeButton ( 'submit', '', $lang ['btn_upload'] ) );
229     	$form->endFieldset ();
230 
231     	$html .= '<div class="plugin_fileshare_Fileshare"><p>' . NL;
232     	$html .= $form->getForm ();
233     	$html .= '</p></div>' . NL;
234     	return $html;
235     }
236 
237     private function isAuthorized($settingRole) {
238     	$allowedUserGroups = $this->getConf ( $settingRole);
239 
240     	$allowedUserGroups = utf8_strtolower ( $allowedUserGroups );
241     	$members = explode ( ',', $allowedUserGroups );
242     	$members = array_map ( 'trim', $members );
243     	$members = array_unique ( $members );
244     	$members = array_filter ( $members );
245 
246     	// compare cleaned values
247     	foreach ( $members as $member ) {
248     		if ($member == 'all')
249     			return true;
250     	}
251 
252     	global $INPUT;
253     	$remoteUser = $INPUT->server->str ( 'REMOTE_USER' );
254 
255     	if (! $remoteUser) {
256     		return false;
257     	}
258 
259     	global $USERINFO;
260     	$groups = $USERINFO ['grps'];
261 
262     	foreach ( $members as $member ) {
263 	    	if (in_array ( $member, $groups ))
264 	    		return true;
265 	    	else {
266 	    		if ($member == $remoteUser)
267 	    			return true;
268 	    	}
269     	}
270 
271     	return false;
272     }
273 }
274 
275 // vim:ts=4:sw=4:et:
276