docs/api/source-admin.controller.tool.upload.html
| 1: | <?php |
| 2: | namespace Opencart\Admin\Controller\Tool; |
| 3: | /** |
| 4: | * Class Upload |
| 5: | * |
| 6: | * @package Opencart\Admin\Controller\Tool |
| 7: | */ |
| 8: | class Upload extends \Opencart\System\Engine\Controller { |
| 9: | /** |
| 10: | * Index |
| 11: | * |
| 12: | * @return void |
| 13: | */ |
| 14: | public function index(): void { |
| 15: | $this->load->language('tool/upload'); |
| 16: | |
| 17: | $this->document->setTitle($this->language->get('heading_title')); |
| 18: | |
| 19: | $url = ''; |
| 20: | |
| 21: | if (isset($this->request->get['sort'])) { |
| 22: | $url .= '&sort=' . $this->request->get['sort']; |
| 23: | } |
| 24: | |
| 25: | if (isset($this->request->get['order'])) { |
| 26: | $url .= '&order=' . $this->request->get['order']; |
| 27: | } |
| 28: | |
| 29: | if (isset($this->request->get['page'])) { |
| 30: | $url .= '&page=' . $this->request->get['page']; |
| 31: | } |
| 32: | |
| 33: | $data['breadcrumbs'] = []; |
| 34: | |
| 35: | $data['breadcrumbs'][] = [ |
| 36: | 'text' => $this->language->get('text_home'), |
| 37: | 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token']) |
| 38: | ]; |
| 39: | |
| 40: | $data['breadcrumbs'][] = [ |
| 41: | 'text' => $this->language->get('heading_title'), |
| 42: | 'href' => $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url) |
| 43: | ]; |
| 44: | |
| 45: | $data['add'] = $this->url->link('tool/upload.form', 'user_token=' . $this->session->data['user_token'] . $url); |
| 46: | $data['delete'] = $this->url->link('tool/upload.delete', 'user_token=' . $this->session->data['user_token']); |
| 47: | |
| 48: | $data['list'] = $this->getList(); |
| 49: | |
| 50: | $data['user_token'] = $this->session->data['user_token']; |
| 51: | |
| 52: | $data['header'] = $this->load->controller('common/header'); |
| 53: | $data['column_left'] = $this->load->controller('common/column_left'); |
| 54: | $data['footer'] = $this->load->controller('common/footer'); |
| 55: | |
| 56: | $this->response->setOutput($this->load->view('tool/upload', $data)); |
| 57: | } |
| 58: | |
| 59: | /** |
| 60: | * List |
| 61: | * |
| 62: | * @return void |
| 63: | */ |
| 64: | public function list(): void { |
| 65: | $this->load->language('tool/upload'); |
| 66: | |
| 67: | $this->response->setOutput($this->getList()); |
| 68: | } |
| 69: | |
| 70: | /** |
| 71: | * Get List |
| 72: | * |
| 73: | * @return string |
| 74: | */ |
| 75: | protected function getList(): string { |
| 76: | if (isset($this->request->get['filter_name'])) { |
| 77: | $filter_name = $this->request->get['filter_name']; |
| 78: | } else { |
| 79: | $filter_name = ''; |
| 80: | } |
| 81: | |
| 82: | if (isset($this->request->get['filter_date_from'])) { |
| 83: | $filter_date_from = $this->request->get['filter_date_from']; |
| 84: | } else { |
| 85: | $filter_date_from = ''; |
| 86: | } |
| 87: | |
| 88: | if (isset($this->request->get['filter_date_to'])) { |
| 89: | $filter_date_to = $this->request->get['filter_date_to']; |
| 90: | } else { |
| 91: | $filter_date_to = ''; |
| 92: | } |
| 93: | |
| 94: | if (isset($this->request->get['sort'])) { |
| 95: | $sort = (string)$this->request->get['sort']; |
| 96: | } else { |
| 97: | $sort = 'date_added'; |
| 98: | } |
| 99: | |
| 100: | if (isset($this->request->get['order'])) { |
| 101: | $order = (string)$this->request->get['order']; |
| 102: | } else { |
| 103: | $order = 'DESC'; |
| 104: | } |
| 105: | |
| 106: | if (isset($this->request->get['page'])) { |
| 107: | $page = (int)$this->request->get['page']; |
| 108: | } else { |
| 109: | $page = 1; |
| 110: | } |
| 111: | |
| 112: | $url = ''; |
| 113: | |
| 114: | if (isset($this->request->get['filter_name'])) { |
| 115: | $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); |
| 116: | } |
| 117: | |
| 118: | if (isset($this->request->get['filter_date_from'])) { |
| 119: | $url .= '&filter_date_from=' . $this->request->get['filter_date_from']; |
| 120: | } |
| 121: | |
| 122: | if (isset($this->request->get['filter_date_to'])) { |
| 123: | $url .= '&filter_date_to=' . $this->request->get['filter_date_to']; |
| 124: | } |
| 125: | |
| 126: | if (isset($this->request->get['sort'])) { |
| 127: | $url .= '&sort=' . $this->request->get['sort']; |
| 128: | } |
| 129: | |
| 130: | if (isset($this->request->get['order'])) { |
| 131: | $url .= '&order=' . $this->request->get['order']; |
| 132: | } |
| 133: | |
| 134: | if (isset($this->request->get['page'])) { |
| 135: | $url .= '&page=' . $this->request->get['page']; |
| 136: | } |
| 137: | |
| 138: | $data['action'] = $this->url->link('tool/upload.list', 'user_token=' . $this->session->data['user_token'] . $url); |
| 139: | |
| 140: | $data['uploads'] = []; |
| 141: | |
| 142: | $filter_data = [ |
| 143: | 'filter_name' => $filter_name, |
| 144: | 'filter_date_from' => $filter_date_from, |
| 145: | 'filter_date_to' => $filter_date_to, |
| 146: | 'sort' => $sort, |
| 147: | 'order' => $order, |
| 148: | 'start' => ($page - 1) * $this->config->get('config_pagination_admin'), |
| 149: | 'limit' => $this->config->get('config_pagination_admin') |
| 150: | ]; |
| 151: | |
| 152: | $this->load->model('tool/upload'); |
| 153: | |
| 154: | $results = $this->model_tool_upload->getUploads($filter_data); |
| 155: | |
| 156: | foreach ($results as $result) { |
| 157: | $data['uploads'][] = [ |
| 158: | 'upload_id' => $result['upload_id'], |
| 159: | 'name' => $result['name'], |
| 160: | 'code' => $result['code'], |
| 161: | 'date_added' => date($this->language->get('date_format_short'), strtotime($result['date_added'])), |
| 162: | 'download' => $this->url->link('tool/upload.download', 'user_token=' . $this->session->data['user_token'] . '&code=' . $result['code'] . $url) |
| 163: | ]; |
| 164: | } |
| 165: | |
| 166: | $url = ''; |
| 167: | |
| 168: | if (isset($this->request->get['filter_name'])) { |
| 169: | $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); |
| 170: | } |
| 171: | |
| 172: | if (isset($this->request->get['filter_date_from'])) { |
| 173: | $url .= '&filter_date_from=' . $this->request->get['filter_date_from']; |
| 174: | } |
| 175: | |
| 176: | if (isset($this->request->get['filter_date_to'])) { |
| 177: | $url .= '&filter_date_to=' . $this->request->get['filter_date_to']; |
| 178: | } |
| 179: | |
| 180: | if ($order == 'ASC') { |
| 181: | $url .= '&order=DESC'; |
| 182: | } else { |
| 183: | $url .= '&order=ASC'; |
| 184: | } |
| 185: | |
| 186: | if (isset($this->request->get['page'])) { |
| 187: | $url .= '&page=' . $this->request->get['page']; |
| 188: | } |
| 189: | |
| 190: | $data['sort_name'] = $this->url->link('tool/upload.list', 'user_token=' . $this->session->data['user_token'] . '&sort=name' . $url); |
| 191: | $data['sort_code'] = $this->url->link('tool/upload.list', 'user_token=' . $this->session->data['user_token'] . '&sort=code' . $url); |
| 192: | $data['sort_date_added'] = $this->url->link('tool/upload.list', 'user_token=' . $this->session->data['user_token'] . '&sort=date_added' . $url); |
| 193: | |
| 194: | $url = ''; |
| 195: | |
| 196: | if (isset($this->request->get['filter_name'])) { |
| 197: | $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); |
| 198: | } |
| 199: | |
| 200: | if (isset($this->request->get['filter_date_from'])) { |
| 201: | $url .= '&filter_date_from=' . $this->request->get['filter_date_from']; |
| 202: | } |
| 203: | |
| 204: | if (isset($this->request->get['filter_date_to'])) { |
| 205: | $url .= '&filter_date_to=' . $this->request->get['filter_date_to']; |
| 206: | } |
| 207: | |
| 208: | if (isset($this->request->get['sort'])) { |
| 209: | $url .= '&sort=' . $this->request->get['sort']; |
| 210: | } |
| 211: | |
| 212: | if (isset($this->request->get['order'])) { |
| 213: | $url .= '&order=' . $this->request->get['order']; |
| 214: | } |
| 215: | |
| 216: | $upload_total = $this->model_tool_upload->getTotalUploads($filter_data); |
| 217: | |
| 218: | $data['pagination'] = $this->load->controller('common/pagination', [ |
| 219: | 'total' => $upload_total, |
| 220: | 'page' => $page, |
| 221: | 'limit' => $this->config->get('config_pagination_admin'), |
| 222: | 'url' => $this->url->link('tool/upload.list', 'user_token=' . $this->session->data['user_token'] . $url . '&page={page}') |
| 223: | ]); |
| 224: | |
| 225: | $data['results'] = sprintf($this->language->get('text_pagination'), ($upload_total) ? (($page - 1) * $this->config->get('config_pagination_admin')) + 1 : 0, ((($page - 1) * $this->config->get('config_pagination_admin')) > ($upload_total - $this->config->get('config_pagination_admin'))) ? $upload_total : ((($page - 1) * $this->config->get('config_pagination_admin')) + $this->config->get('config_pagination_admin')), $upload_total, ceil($upload_total / $this->config->get('config_pagination_admin'))); |
| 226: | |
| 227: | $data['filter_name'] = $filter_name; |
| 228: | $data['filter_date_from'] = $filter_date_from; |
| 229: | $data['filter_date_to'] = $filter_date_to; |
| 230: | |
| 231: | $data['sort'] = $sort; |
| 232: | $data['order'] = $order; |
| 233: | |
| 234: | return $this->load->view('tool/upload_list', $data); |
| 235: | } |
| 236: | |
| 237: | /** |
| 238: | * Delete |
| 239: | * |
| 240: | * @return void |
| 241: | */ |
| 242: | public function delete(): void { |
| 243: | $this->load->language('tool/upload'); |
| 244: | |
| 245: | $json = []; |
| 246: | |
| 247: | if (isset($this->request->post['selected'])) { |
| 248: | $selected = $this->request->post['selected']; |
| 249: | } else { |
| 250: | $selected = []; |
| 251: | } |
| 252: | |
| 253: | if (!$this->user->hasPermission('modify', 'tool/upload')) { |
| 254: | $json['error'] = $this->language->get('error_permission'); |
| 255: | } |
| 256: | |
| 257: | if (!$json) { |
| 258: | $this->load->model('tool/upload'); |
| 259: | |
| 260: | foreach ($selected as $upload_id) { |
| 261: | // Remove file before deleting DB record. |
| 262: | $upload_info = $this->model_tool_upload->getUpload($upload_id); |
| 263: | |
| 264: | if ($upload_info && is_file(DIR_UPLOAD . $upload_info['filename'])) { |
| 265: | unlink(DIR_UPLOAD . $upload_info['filename']); |
| 266: | } |
| 267: | |
| 268: | $this->model_tool_upload->deleteUpload($upload_id); |
| 269: | } |
| 270: | |
| 271: | $json['success'] = $this->language->get('text_success'); |
| 272: | } |
| 273: | |
| 274: | $this->response->addHeader('Content-Type: application/json'); |
| 275: | $this->response->setOutput(json_encode($json)); |
| 276: | } |
| 277: | |
| 278: | /** |
| 279: | * Download |
| 280: | * |
| 281: | * @return void |
| 282: | */ |
| 283: | public function download(): void { |
| 284: | $this->load->language('tool/upload'); |
| 285: | |
| 286: | if (isset($this->request->get['code'])) { |
| 287: | $code = $this->request->get['code']; |
| 288: | } else { |
| 289: | $code = ''; |
| 290: | } |
| 291: | |
| 292: | $this->load->model('tool/upload'); |
| 293: | |
| 294: | $upload_info = $this->model_tool_upload->getUploadByCode($code); |
| 295: | |
| 296: | if ($upload_info) { |
| 297: | $file = DIR_UPLOAD . $upload_info['filename']; |
| 298: | $mask = basename($upload_info['name']); |
| 299: | |
| 300: | if (!headers_sent()) { |
| 301: | if (is_file($file)) { |
| 302: | header('Content-Type: application/octet-stream'); |
| 303: | header('Content-Description: File Transfer'); |
| 304: | header('Content-Disposition: attachment; filename="' . ($mask ?: basename($file)) . '"'); |
| 305: | header('Content-Transfer-Encoding: binary'); |
| 306: | header('Expires: 0'); |
| 307: | header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); |
| 308: | header('Pragma: public'); |
| 309: | header('Content-Length: ' . filesize($file)); |
| 310: | |
| 311: | readfile($file); |
| 312: | exit; |
| 313: | } else { |
| 314: | exit(sprintf($this->language->get('error_not_found'), basename($file))); |
| 315: | } |
| 316: | } else { |
| 317: | exit($this->language->get('error_headers_sent')); |
| 318: | } |
| 319: | } else { |
| 320: | $this->load->language('error/not_found'); |
| 321: | |
| 322: | $this->document->setTitle($this->language->get('heading_title')); |
| 323: | |
| 324: | $data['breadcrumbs'] = []; |
| 325: | |
| 326: | $data['breadcrumbs'][] = [ |
| 327: | 'text' => $this->language->get('text_home'), |
| 328: | 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token']) |
| 329: | ]; |
| 330: | |
| 331: | $data['breadcrumbs'][] = [ |
| 332: | 'text' => $this->language->get('heading_title'), |
| 333: | 'href' => $this->url->link('error/not_found', 'user_token=' . $this->session->data['user_token']) |
| 334: | ]; |
| 335: | |
| 336: | $data['header'] = $this->load->controller('common/header'); |
| 337: | $data['column_left'] = $this->load->controller('common/column_left'); |
| 338: | $data['footer'] = $this->load->controller('common/footer'); |
| 339: | |
| 340: | $this->response->setOutput($this->load->view('error/not_found', $data)); |
| 341: | } |
| 342: | } |
| 343: | |
| 344: | /** |
| 345: | * Upload |
| 346: | * |
| 347: | * @return void |
| 348: | */ |
| 349: | public function upload(): void { |
| 350: | $this->load->language('tool/upload'); |
| 351: | |
| 352: | $json = []; |
| 353: | |
| 354: | // Check user has permission |
| 355: | if (!$this->user->hasPermission('modify', 'tool/upload')) { |
| 356: | $json['error'] = $this->language->get('error_permission'); |
| 357: | } |
| 358: | |
| 359: | if (empty($this->request->files['file']['name']) || !is_file($this->request->files['file']['tmp_name'])) { |
| 360: | $json['error'] = $this->language->get('error_upload'); |
| 361: | } |
| 362: | |
| 363: | if (!$json) { |
| 364: | // Sanitize the filename |
| 365: | $filename = basename(html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8')); |
| 366: | |
| 367: | // Validate the filename length |
| 368: | if ((oc_strlen($filename) < 3) || (oc_strlen($filename) > 128)) { |
| 369: | $json['error'] = $this->language->get('error_filename'); |
| 370: | } |
| 371: | |
| 372: | // Allowed file extension types |
| 373: | $allowed = []; |
| 374: | |
| 375: | $extension_allowed = preg_replace('\r?\n', "\n", $this->config->get('config_file_ext_allowed')); |
| 376: | |
| 377: | $filetypes = explode("\n", $extension_allowed); |
| 378: | |
| 379: | foreach ($filetypes as $filetype) { |
| 380: | $allowed[] = trim($filetype); |
| 381: | } |
| 382: | |
| 383: | if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) { |
| 384: | $json['error'] = $this->language->get('error_file_type'); |
| 385: | } |
| 386: | |
| 387: | // Allowed file mime types |
| 388: | $allowed = []; |
| 389: | |
| 390: | $mime_allowed = preg_replace('\r?\n', "\n", $this->config->get('config_file_mime_allowed')); |
| 391: | |
| 392: | $filetypes = explode("\n", $mime_allowed); |
| 393: | |
| 394: | foreach ($filetypes as $filetype) { |
| 395: | $allowed[] = trim($filetype); |
| 396: | } |
| 397: | |
| 398: | if (!in_array($this->request->files['file']['type'], $allowed)) { |
| 399: | $json['error'] = $this->language->get('error_file_type'); |
| 400: | } |
| 401: | |
| 402: | // Return any upload error |
| 403: | if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) { |
| 404: | $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']); |
| 405: | } |
| 406: | } |
| 407: | |
| 408: | if (!$json) { |
| 409: | $file = $filename . '.' . oc_token(32); |
| 410: | |
| 411: | move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file); |
| 412: | |
| 413: | // Hide the uploaded file name so people cannot link to it directly. |
| 414: | $this->load->model('tool/upload'); |
| 415: | |
| 416: | $json['code'] = $this->model_tool_upload->addUpload($filename, $file); |
| 417: | |
| 418: | $json['success'] = $this->language->get('text_success'); |
| 419: | } |
| 420: | |
| 421: | $this->response->addHeader('Content-Type: application/json'); |
| 422: | $this->response->setOutput(json_encode($json)); |
| 423: | } |
| 424: | } |
| 425: | |
OpenCart API API documentation generated by ApiGen dev-master