1<?php
2/**
3 * DokuWiki Plugin fileshare (Syntax Component)
4 *
5 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
6 * @author  Soft2C.de <info@soft2c.de>
7 */
8
9if (! defined ( 'NL' ))
10	define ( 'NL', "\n" );
11if (! defined ( 'DOKU_INC' ))
12	define ( 'DOKU_INC', dirname ( __FILE__ ) . '/../../' );
13if (! defined ( 'DOKU_PLUGIN' ))
14	define ( 'DOKU_PLUGIN', DOKU_INC . 'lib/plugins/' );
15require_once (DOKU_PLUGIN . 'syntax.php');
16require_once (DOKU_INC . 'inc/media.php');
17require_once (DOKU_INC . 'inc/auth.php');
18
19require_once (DOKU_INC . 'inc/infoutils.php');
20
21class syntax_plugin_fileshare_Fileshare extends DokuWiki_Syntax_Plugin {
22    /**
23     * @return string Syntax mode type
24     */
25    public function getType() {
26        return 'container';
27    }
28    /**
29     * @return string Paragraph type
30     */
31    public function getPType() {
32        return 'normal';
33    }
34    /**
35     * @return int Sort order - Low numbers go before high numbers
36     */
37    public function getSort() {
38        return 280;
39    }
40
41    /**
42     * Connect lookup pattern to lexer.
43     *
44     * @param string $mode Parser mode
45     */
46    public function connectTo($mode) {
47    	$this->Lexer->addSpecialPattern ( '\{\{FileSharing\}\}', $mode, 'plugin_fileshare_Fileshare' );
48    	$this->Lexer->addSpecialPattern ( '\{\{FileSharing>.+\}\}', $mode, 'plugin_fileshare_Fileshare' );
49    }
50
51    /**
52     * Handle matches of the fileshare syntax
53     *
54     * @param string          $match   The match of the syntax
55     * @param int             $state   The state of the handler
56     * @param int             $pos     The position in the document
57     * @param Doku_Handler    $handler The handler
58     * @return array Data for the renderer
59     */
60    public function handle($match, $state, $pos, Doku_Handler $handler){
61    	$pos = strpos($match, "{{FileSharing>");
62    	if($pos !== FALSE){
63    		$data = explode("|",preg_replace("/{{FileSharing>(.*?)}}/","\\1",$match));
64    		return $data;
65    	}
66
67    	$data = array ();
68    	return $data;
69    }
70
71    /**
72     * Render xhtml output or metadata
73     *
74     * @param string         $mode      Renderer mode (supported modes: xhtml)
75     * @param Doku_Renderer  $renderer  The renderer
76     * @param array          $data      The data from the handler() function
77     * @return bool If rendering was successful.
78     */
79    public function render($mode, Doku_Renderer $renderer, $data) {
80    	if ($_FILES ['upload'] ['tmp_name']) {
81    		$dir = $_POST ['ns'];
82    		$tmp_name = $_FILES ['upload'] ['tmp_name'];
83    		// basename() kann Directory-Traversal-Angriffe verhindern;
84    		// weitere Validierung/Bereinigung des Dateinamens kann angebracht sein
85    		$name = basename ( $_FILES ['upload'] ['name'] );
86
87    		if ( move_uploaded_file ( $tmp_name, $dir . '/' . $name )=== FALSE) {
88    			$lastError = error_get_last();
89    			$err = $lastError ? "Error: ".$lastError["message"]." on line ".$lastError["line"] : "";
90    			$renderer->doc .= 'Fehler beim Upload! '.$err;
91    		}
92    	}
93        if($mode != 'xhtml') return false;
94
95        $renderer->nocache();
96
97        if(empty($data)){
98        	$givenDir='';
99        }
100        else{
101        	$givenDir= current($data);
102        }
103
104        $this->renderForm ( $givenDir, $renderer  );
105
106        return true;
107    }
108
109    private function renderForm($dir, $renderer) {
110    	global $ID;
111    	$archivRootDir = $this->getConf ( 'archivRootDir' );
112
113    	if(!isset($archivRootDir) || trim($archivRootDir)===''){
114    		$renderer->doc .= 'Please set the root dir to archive files in the admin section!';
115    	}
116    	else
117    	{
118    		$fileDir = $archivRootDir;
119
120    		if(isset($dir) && trim($dir)!==''){
121    			$fileDir =$fileDir. '/' . $dir;
122    		}
123
124    		$this->createDir ( $fileDir, $renderer );
125
126
127
128    		$renderer->doc .= '<div style="padding:4px 8px 4px 8px;">';
129
130    		$renderer->doc .= '<h2>' .  $fileDir . '</h2>';
131
132
133    		$delete = false;
134    		if (isset ( $_GET ['action'] )) {
135    			$action = $_GET ['action'];
136    			if (strcmp ( $action, 'DELETE' ) == 0) {
137    				$delete = true;
138    			}
139    		}
140
141//     		$renderer->doc .= '<form action="' . wl ( $ID ) . '" method="GET" name="fileshare" id="fileshare">';
142//     		$renderer->doc .= <<<EOT
143// <input type="hidden" name="id" value="$_REQUEST[id]" />
144// EOT;
145//     		$renderer->doc .= '</form>';
146			if($this->isAuthorized('role_upload')){
147    			$renderer->doc .= $this->upload_plugin_uploadform ( $fileDir );
148			}
149    		$renderer->doc .= '</div>';
150    		$renderer->doc .= $this->readFileList ( $fileDir, $delete);
151    	}
152    }
153
154    private function createDir($dir, $renderer) {
155    	if (! file_exists ( $dir )) {
156    		if (! mkdir ( $dir, 0755, true )) {
157    			$renderer->doc .= 'Erstellung der Verzeichnisse: ' . $dir . ' schlug fehl...';
158    		}
159    	}
160    }
161
162    private function readFileList($dir, $delete) {
163    	$refreshbutton = $this->getLang ( 'refreshbutton' );
164    	$loeschenbutton = $this->getLang ( 'loeschenbutton' );
165
166    	$html .= '<div style="padding:4px 8px 4px 8px;">';
167    	$html .= '<form action="' . $_SERVER ['PHP_SELF'] . '" method="GET" name="filesharelist" id="filesharelist">';
168    	$html .= '<input type="hidden" name="id" value="' . $_REQUEST[id]. '" />';
169    	if($this->isAuthorized('role_delete')){
170	    	$html .= '<button style="float:left" name="action" value="DELETE" type="submit"> ' . $loeschenbutton . ' </button>';
171	    	$html .= '<button style="float:left" name="action" value="REFRESH" type="submit"> ' . $refreshbutton . ' </button>';
172    	}
173    	$cdir = scandir ( $dir );
174    	foreach ( $cdir as $key => $value ) {
175    		if (! in_array ( $value, array (
176    				".",
177    				".."
178    		) )) {
179    			$fileHash = 'f'.hash('md5', $value, false);
180    			if( $delete == true && isset (  $_GET[$fileHash] )&& strcmp ( $_GET[$fileHash], 'on' ) == 0){
181    				if(unlink($dir.'/'.$value)== true){
182    				$html .= '<br>'.$this->getLang ( 'file_deleted' ) . $value;
183    				}
184    				else{
185    					$html .= '<br>'.$this->getLang ( 'file_not_deleted' );
186    					if($this->isAuthorized('role_download'))
187    						$html .= '<a href="filesharedownload.php?file=' . $value . '&something=' . hsc ( $dir ) . '">' . $value . '</a>';
188    					else
189    						$html .=$value;
190    				}
191    			}else{
192    				if($this->isAuthorized('role_delete'))
193	    				$html .= '<br><input type="checkbox" id="' . $fileHash . '" name="' . $fileHash . '" >  : ';
194    				else
195    					$html .= '<br>';
196	    			if($this->isAuthorized('role_download'))
197    					$html .= '<a href="filesharedownload.php?file=' . $value . '&something=' . hsc ( $dir ) . '">' . $value . '</a>';
198    				else
199    					$html .= $value;
200    			}
201    		}
202    	}
203    	$html .= '</form>';
204    	$html .= '</div>';
205
206    	return $html;
207    }
208
209    function upload_plugin_uploadform($ns) {
210    	global $ID;
211    	global $lang;
212    	$html = '';
213
214    	$params = array ();
215    	$params ['id'] = 'plugin_fileshare_Fileshare';
216    	$params ['action'] = wl ( $ID );
217    	$params ['method'] = 'post';
218    	$params ['enctype'] = 'multipart/form-data';
219    	$params ['class'] = 'plugin_fileshare_Fileshare';
220
221    	// Modification of the default dw HTML upload form
222    	$form = new Doku_Form ( $params );
223    	$form->addElement ( formSecurityToken () );
224    	// 		$form->addHidden ( 'page', hsc ( $ID ) );
225    	$form->addHidden ( 'ns', hsc ( $ns ) );
226    	$form->addElement ( form_makeFileField ( 'upload', '', 'upload__file' ) );
227    	$form->addElement ( form_makeButton ( 'submit', '', $lang ['btn_upload'] ) );
228    	$form->endFieldset ();
229
230    	$html .= '<div class="plugin_fileshare_Fileshare"><p>' . NL;
231    	$html .= $form->getForm ();
232    	$html .= '</p></div>' . NL;
233    	return $html;
234    }
235
236    private function isAuthorized($settingRole) {
237    	$allowedUserGroups = $this->getConf ( $settingRole);
238
239    	$allowedUserGroups = utf8_strtolower ( $allowedUserGroups );
240    	$members = explode ( ',', $allowedUserGroups );
241    	$members = array_map ( 'trim', $members );
242    	$members = array_unique ( $members );
243    	$members = array_filter ( $members );
244
245    	// compare cleaned values
246    	foreach ( $members as $member ) {
247    		if ($member == 'all')
248    			return true;
249    	}
250
251    	global $INPUT;
252    	$remoteUser = $INPUT->server->str ( 'REMOTE_USER' );
253
254    	if (! $remoteUser) {
255    		return false;
256    	}
257
258    	global $USERINFO;
259    	$groups = $USERINFO ['grps'];
260
261    	foreach ( $members as $member ) {
262	    	if (in_array ( $member, $groups ))
263	    		return true;
264	    	else {
265	    		if ($member == $remoteUser)
266	    			return true;
267	    	}
268    	}
269
270    	return false;
271    }
272}
273
274// vim:ts=4:sw=4:et:
275