Xataface AJAX Upload Module 0.1
jQuery Ajax Upload Widget for Xataface
|
00001 <?php 00002 class actions_ajax_upload_handleupload { 00003 00004 const VALIDATION_ERROR=501; 00005 00006 public function handle($params){ 00007 00008 $app = Dataface_Application::getInstance(); 00009 $query = $app->getQuery(); 00010 try { 00011 00012 if ( !@$_POST['-table'] ) throw new Exception("No table specified"); 00013 if ( !@$_POST['--field'] ) throw new Exception("No field specified"); 00014 00015 $fieldName = $_POST['--field']; 00016 $tableName = $_POST['-table']; 00017 $recordId = null; 00018 $new = false; 00019 if ( @$_POST['--record-id'] ){ 00020 $recordId = $_POST['--record-id']; 00021 } 00022 00023 $record = null; 00024 if ( $recordId ){ 00025 $record = df_get_record_by_id($recordId); 00026 if ( PEAR::isError($record) ){ 00027 throw new Exception("Record not loaded for record id ($recordId): ".$record->getMessage()); 00028 } 00029 } 00030 00031 00032 00033 if ( !$record ){ 00034 $record = new Dataface_Record($tableName, array()); 00035 $new = true; 00036 } 00037 00038 if ( is_a($record, 'Dataface_RelatedRecord') ){ 00039 $record = $record->toRecord($record->_relationship->getTable($fieldName)->tablename); 00040 } 00041 00042 if ( !$record ){ 00043 throw new Exception("Record is null."); 00044 } 00045 00046 if ( PEAR::isError($record) ) throw new Exception($record->getMessage()); 00047 00048 // At this point $record should be a Dataface_Record object 00049 00050 if ( $new and !$record->checkPermission('new', array('field'=>$fieldName)) ){ 00051 throw new Exception("Permission denied. You don't have permission to add new values to this field.", 401); 00052 00053 } 00054 00055 00056 00057 if ( !$new and !$record->checkPermission('edit', array('field'=>$fieldName)) ){ 00058 throw new Exception("Permission denied. You don't have permission to edit this field.", 401); 00059 } 00060 00061 00062 00063 // At this point it appears that the user has permission to set this 00064 // field value 00065 00066 // We should start to validate the file upload based on other parameters 00067 // in the fields.ini file (e.g. mimetype, extension, file size, etc..). 00068 00069 $table = $record->table(); 00070 $field =& $table->getField($fieldName); 00071 00072 if ( $field['Type'] != 'container' ){ 00073 throw new Exception("The upload field '".$fieldName."' of table '".$tableName."' is not a container. Set it to Type=container in the fields.ini file."); 00074 } 00075 00076 $savePath = $field['savepath']; 00077 if ( !is_dir($savePath) ){ 00078 throw new Exception("The save path for $tableName.$fieldName is set to $savePath which does not exist. Please create this directory in order to enable file uploads."); 00079 00080 } 00081 00082 if ( !is_writable($savePath) ){ 00083 throw new Exception("The save path for $tableName.$fieldName is set to $savePath which is not writable. Please make this directory writable to proceed."); 00084 00085 } 00086 00087 $tmpDir = $savePath.DIRECTORY_SEPARATOR.'uploads'; 00088 $tmpUrl = $field['url'].'/uploads'; 00089 if ( !is_dir($tmpDir) ){ 00090 mkdir($tmpDir); 00091 if ( !is_dir($tmpDir) ){ 00092 throw new Exception("Failed to create directory $tmpDir in order to upload files. Please check that the webserver has permission to create this directory or create this directory first and make it writable by the webserver."); 00093 } 00094 } 00095 00096 // Clean all old entries in the temp dir. 00097 $files = scandir($tmpDir); 00098 $now = time(); 00099 $cutOff = $now-3600; 00100 foreach ($files as $f){ 00101 if ( $f == '.' or $f == '..' ) continue; 00102 $fpath = $tmpDir.DIRECTORY_SEPARATOR.$f; 00103 if ( filemtime($fpath) < $cutOff ){ 00104 @unlink($fpath); 00105 } 00106 } 00107 00108 00109 // Now that we have a place to put the file we can get the file information 00110 // and ensure that it meets all of our requirements. 00111 00112 if ( !@$_FILES['files'] ){ 00113 throw new Exception("No files were provided"); 00114 } 00115 00116 $fileInfo = array( 00117 'name' => $_FILES['files']['name'][0], 00118 'type' => $_FILES['files']['type'][0], 00119 'tmp_name' => $_FILES['files']['tmp_name'][0], 00120 'error' => $_FILES['files']['error'][0], 00121 'size' => $_FILES['files']['size'][0] 00122 ); 00123 00124 00125 if ( !$fileInfo ){ 00126 throw new Exception("No file was provided"); 00127 } 00128 00129 // Let's make sure the file complies with the validation parameters 00130 $result = array(); 00131 if ( !$this->validate($field, $fileInfo, $result) ){ 00132 throw new Exception("Validation failure: ".$result['message'], self::VALIDATION_ERROR); 00133 } 00134 00135 00136 00137 $fileId = uniqid(); 00138 $filePath = $tmpDir.DIRECTORY_SEPARATOR.$fileId; 00139 00140 if ( !move_uploaded_file($fileInfo['tmp_name'], $filePath) ){ 00141 throw new Exception("Failed to upload file with error code: ".$fileInfo['error']); 00142 } 00143 $fileUrl = $tmpUrl.'/'.$fileId; 00144 00145 // Now we serialize the file info so that it will be available later when the record 00146 // is saved. 00147 $infoPath = $filePath.'.info'; 00148 file_put_contents($infoPath, serialize($fileInfo)); 00149 00150 // Now to generate the output 00151 00152 $out = array(); 00153 00154 if ( !$recordId ){ 00155 $recordId = ''; 00156 } 00157 00158 $out[] = array( 00159 'id' => $fileId, 00160 'name' => $fileInfo['name'], 00161 'size' => filesize($filePath), 00162 'type' => $this->getMimeType($filePath), 00163 'url' => $fileUrl, 00164 'thumbnail_url' => $this->getThumbnail($fileUrl, $filePath), 00165 'delete_url' => DATAFACE_SITE_HREF.'?-action=ajax_upload_delete&--file='.urlencode($fileId).'&--field='.urlencode($fieldName).'&-table='.urlencode($tableName).'&--record-id='.urlencode($recordId), 00166 'delete_type' => 'DELETE' 00167 ); 00168 00169 00170 header('Vary: Accept'); 00171 if (isset($_SERVER['HTTP_ACCEPT']) && 00172 (strpos($_SERVER['HTTP_ACCEPT'], 'application/json') !== false)) { 00173 header('Content-type: application/json'); 00174 } else { 00175 header('Content-type: text/plain'); 00176 } 00177 echo json_encode($out); 00178 } catch (Exception $ex){ 00179 00180 if ( $ex->getCode() ){ 00181 //echo "there";exit; 00182 //throw $ex; 00183 $out = array(); 00184 $out[] = array( 00185 'code'=>$ex->getCode(), 00186 'message' =>$ex->getMessage(), 00187 'error'=>1 00188 ); 00189 header('Vary: Accept'); 00190 if (isset($_SERVER['HTTP_ACCEPT']) && 00191 (strpos($_SERVER['HTTP_ACCEPT'], 'application/json') !== false)) { 00192 header('Content-type: application/json'); 00193 } else { 00194 header('Content-type: text/plain'); 00195 } 00196 echo json_encode($out); 00197 00198 00199 } else { 00200 //echo "here";exit; 00201 throw $ex; 00202 } 00203 } 00204 00205 00206 00207 00208 00209 } 00210 00211 function getMimeType($path){ 00212 return Dataface_ModuleTool::getInstance()->loadModule('modules_ajax_upload')->getMimeType($path); 00213 00214 } 00215 00216 00217 00218 00219 function getThumbnail($url, $path){ 00220 return Dataface_ModuleTool::getInstance()->loadModule('modules_ajax_upload')->getThumbnail($url, $path); 00221 00222 00223 } 00224 00225 00226 00238 function validate(&$field, $value, &$params){ 00239 return Dataface_ModuleTool::getInstance()->loadModule('modules_ajax_upload')->validate($field, $value, $params); 00240 } 00241 00242 }