Project-Pro/shopPRO
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor code structure for improved readability and maintainability

Browse Source
This commit is contained in:
Jacek Pyziak
2025-09-28 18:27:48 +02:00
parent 17d69ac9df
commit d903f9fc55
13 changed files with 228 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
admin/templates/articles/article-edit.php
View File

@@ -4,6 +4,17 @@
<? <?
global $db; global $db;
$upload_token = bin2hex( random_bytes(24) );
$_SESSION['upload_tokens'][$upload_token] = [
'user_id' => $this -> user['id'],
'expires' => time() + 60*20
];
$_SESSION['rfm_akey'] = bin2hex(random_bytes(16));
$_SESSION['rfm_akey_expires'] = time() + 20*60;
$_SESSION['can_use_rfm'] = true;
$rfmAkeyJS = $_SESSION['rfm_akey'];
ob_start(); ob_start();
?> ?>
<div id="settings-tabs"> <div id="settings-tabs">
@@ -95,7 +106,11 @@ ob_start();
$( function() { $( function() {
$( '#text_<?= $lg['id'];?>, #entry_<?= $lg['id'];?>, #table_of_contents_<?= $lg['id'];?>' ).ckeditor( { $( '#text_<?= $lg['id'];?>, #entry_<?= $lg['id'];?>, #table_of_contents_<?= $lg['id'];?>' ).ckeditor( {
toolbar : 'MyToolbar', toolbar : 'MyToolbar',
height:'250' height:'250',
filebrowserBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&akey=<?= $rfmAkeyJS;?>',
filebrowserImageBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&akey=<?= $rfmAkeyJS;?>',
filebrowserUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&upload=1&akey=<?= $rfmAkeyJS;?>',
filebrowserImageUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&upload=1&akey=<?= $rfmAkeyJS;?>'
}); });
}); });
</script> </script>
@@ -401,6 +416,9 @@ echo $grid -> draw();
$( "#images-uploader" ).pluploadQueue( $( "#images-uploader" ).pluploadQueue(
{ {
multipart_params: {
upload_token: '<?= $upload_token ?>',
},
runtimes: 'html5,flash,html4', runtimes: 'html5,flash,html4',
init: init:
{ {
@@ -453,6 +471,9 @@ echo $grid -> draw();
$( "#files-uploader" ).pluploadQueue( $( "#files-uploader" ).pluploadQueue(
{ {
multipart_params: {
upload_token: '<?= $upload_token ?>',
},
runtimes: 'html5,flash,html4', runtimes: 'html5,flash,html4',
init: init:
{ {

29
admin/templates/shop-product/product-edit.php
View File

@@ -4,6 +4,17 @@
<? <?
global $db; global $db;
$upload_token = bin2hex( random_bytes(24) );
$_SESSION['upload_tokens'][$upload_token] = [
'user_id' => $this -> user['id'],
'expires' => time() + 60*20
];
$_SESSION['rfm_akey'] = bin2hex(random_bytes(16));
$_SESSION['rfm_akey_expires'] = time() + 20*60;
$_SESSION['can_use_rfm'] = true;
$rfmAkeyJS = $_SESSION['rfm_akey'];
ob_start(); ob_start();
?> ?>
@@ -119,7 +130,11 @@ ob_start();
$(function() { $(function() {
$('#short_description_<?= $lg['id']; ?>, #description_<?= $lg['id']; ?>').ckeditor({ $('#short_description_<?= $lg['id']; ?>, #description_<?= $lg['id']; ?>').ckeditor({
toolbar: 'MyToolbar', toolbar: 'MyToolbar',
height: '250' height: '250',
filebrowserBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&akey=<?= $rfmAkeyJS;?>',
filebrowserImageBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&akey=<?= $rfmAkeyJS;?>',
filebrowserUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&upload=1&akey=<?= $rfmAkeyJS;?>',
filebrowserImageUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&upload=1&akey=<?= $rfmAkeyJS;?>'
}); });
}); });
</script> </script>
@@ -208,7 +223,11 @@ ob_start();
$(function() { $(function() {
$('#tab_description_1_<?= $lg['id']; ?>, #tab_description_2_<?= $lg['id']; ?>').ckeditor({ $('#tab_description_1_<?= $lg['id']; ?>, #tab_description_2_<?= $lg['id']; ?>').ckeditor({
toolbar: 'MyToolbar', toolbar: 'MyToolbar',
height: '250' height: '250',
filebrowserBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&akey=<?= $rfmAkeyJS;?>',
filebrowserImageBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&akey=<?= $rfmAkeyJS;?>',
filebrowserUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&upload=1&akey=<?= $rfmAkeyJS;?>',
filebrowserImageUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&upload=1&akey=<?= $rfmAkeyJS;?>'
}); });
}); });
</script> </script>
@@ -826,6 +845,9 @@ echo $grid->draw();
}); });
$("#images-uploader").pluploadQueue({ $("#images-uploader").pluploadQueue({
multipart_params: {
upload_token: '<?= $upload_token ?>',
},
runtimes: 'html5,flash,html4', runtimes: 'html5,flash,html4',
init: { init: {
Refresh: function(up) { Refresh: function(up) {
@@ -874,6 +896,9 @@ echo $grid->draw();
}); });
$("#files-uploader").pluploadQueue({ $("#files-uploader").pluploadQueue({
multipart_params: {
upload_token: '<?= $upload_token ?>',
},
runtimes: 'html5,flash,html4', runtimes: 'html5,flash,html4',
init: { init: {
Refresh: function(up) { Refresh: function(up) {

25
autoload/admin/controls/class.Articles.php
View File

@@ -39,19 +39,24 @@ class Articles
exit; exit;
} }
public static function article_edit() public static function article_edit() {
{ global $user;
if ( !$user ) {
header( 'Location: /admin/' );
exit;
}
\admin\factory\Articles::delete_nonassigned_images(); \admin\factory\Articles::delete_nonassigned_images();
\admin\factory\Articles::delete_nonassigned_files(); \admin\factory\Articles::delete_nonassigned_files();
return \admin\view\Articles::article_edit( return \Tpl::view( 'articles/article-edit', [
\admin\factory\Articles::article_details( 'article' => \admin\factory\Articles::article_details( (int)\S::get( 'id' ) ),
\S::get( 'id' ) 'menus' => \admin\factory\Pages::menus_list(),
), 'languages' => \admin\factory\Languages::languages_list(),
\admin\factory\Pages::menus_list(), 'layouts' => \admin\factory\Layouts::layouts_list(),
\admin\factory\Languages::languages_list(), 'user' => $user
\admin\factory\Layouts::layouts_list() ] );
);
} }
public static function view_list() public static function view_list()

31
autoload/admin/controls/class.ShopProduct.php
View File

@@ -229,22 +229,29 @@ class ShopProduct
} }
// edycja produktu // edycja produktu
public static function product_edit() public static function product_edit() {
{ global $user;
if ( !$user ) {
header( 'Location: /admin/' );
exit;
}
\admin\factory\ShopProduct::delete_nonassigned_images(); \admin\factory\ShopProduct::delete_nonassigned_images();
\admin\factory\ShopProduct::delete_nonassigned_files(); \admin\factory\ShopProduct::delete_nonassigned_files();
return \Tpl::view( 'shop-product/product-edit', [ return \Tpl::view( 'shop-product/product-edit', [
'product' => \admin\factory\ShopProduct::product_details( (int) \S::get( 'id' ) ), 'product' => \admin\factory\ShopProduct::product_details( (int) \S::get( 'id' ) ),
'languages' => \admin\factory\Languages::languages_list(), 'languages' => \admin\factory\Languages::languages_list(),
'categories' => \admin\factory\ShopCategory::subcategories( null ), 'categories' => \admin\factory\ShopCategory::subcategories( null ),
'layouts' => \admin\factory\Layouts::layouts_list(), 'layouts' => \admin\factory\Layouts::layouts_list(),
'products' => \admin\factory\ShopProduct::products_list(), 'products' => \admin\factory\ShopProduct::products_list(),
'dlang' => \front\factory\Languages::default_language(), 'dlang' => \front\factory\Languages::default_language(),
'sets' => \shop\ProductSet::sets_list(), 'sets' => \shop\ProductSet::sets_list(),
'producers' => \admin\factory\ShopProducer::all(), 'producers' => \admin\factory\ShopProducer::all(),
'units' => \admin\factory\Dictionaries::all_units() 'units' => \admin\factory\Dictionaries::all_units(),
] ); 'user' => $user
] );
} }
// ajax_load_products ARCHIVE // ajax_load_products ARCHIVE

14
autoload/admin/view/class.Articles.php
View File

@@ -8,7 +8,7 @@ class Articles
$tpl = new \Tpl; $tpl = new \Tpl;
return $tpl -> render( 'articles/articles-browse-list' ); return $tpl -> render( 'articles/articles-browse-list' );
} }
public static function subpages_list( $pages, $article_pages, $parent_id = 0, $step = 1 ) public static function subpages_list( $pages, $article_pages, $parent_id = 0, $step = 1 )
{ {
$tpl = new \Tpl(); $tpl = new \Tpl();
@@ -18,21 +18,11 @@ class Articles
$tpl -> article_pages = $article_pages; $tpl -> article_pages = $article_pages;
return $tpl -> render( 'articles/subpages-list' ); return $tpl -> render( 'articles/subpages-list' );
} }
public static function articles_list() public static function articles_list()
{ {
$tpl = new \Tpl; $tpl = new \Tpl;
return $tpl -> render( 'articles/articles-list' ); return $tpl -> render( 'articles/articles-list' );
} }
public static function article_edit( $article, $menus, $languages, $layouts )
{
$tpl = new \Tpl;
$tpl -> article = $article;
$tpl -> menus = $menus;
$tpl -> languages = $languages;
$tpl -> layouts = $layouts;
return $tpl -> render( 'articles/article-edit' );
}
} }
?> ?>

18
libraries/filemanager-9.14.2/dialog.php
View File

@@ -1,4 +1,20 @@
<?php <?php
session_start();
$user = $_SESSION['user'];
if ( !$user ) {
header('HTTP/1.1 403 Forbidden');
exit('Access denied');
}
$akey = $_GET['akey'] ?? $_POST['akey'] ?? '';
if (
empty($_SESSION['rfm_akey']) ||
$akey !== $_SESSION['rfm_akey'] ||
(($_SESSION['rfm_akey_expires'] ?? 0) < time())
) {
header('HTTP/1.1 403 Forbidden');
exit('Invalid key');
}
$time = time(); $time = time();
@@ -20,7 +36,7 @@ $_SESSION['RF']["verify"] = "RESPONSIVEfilemanager";
if (!empty($_FILES)) { if (!empty($_FILES)) {
$directorio = $config['current_path']; $directorio = $config['current_path'];
if (!file_exists($directorio)) { if (!file_exists($directorio)) {
mkdir($directorio); mkdir($directorio);
} }

57
libraries/plupload/upload-articles-files.php
View File

@@ -4,6 +4,21 @@ require_once '../medoo/medoo.php';
date_default_timezone_set( 'Europe/Warsaw' ); date_default_timezone_set( 'Europe/Warsaw' );
session_start(); session_start();
$upload_token = $_REQUEST['upload_token'] ?? '';
if ( !isset( $_SESSION['upload_tokens'][$upload_token] ) ) {
http_response_code(403);
echo json_encode( ['error' => 'Brak tokenu uploadu'] );
exit;
}
$tokenData = $_SESSION['upload_tokens'][$upload_token];
if ( $tokenData['expires'] < time() ) {
unset( $_SESSION['upload_tokens'][$upload_token] );
http_response_code(403);
echo json_encode( ['error' => 'Token wygasł'] );
exit;
}
$mdb = new medoo( [ $mdb = new medoo( [
'database_type' => 'mysql', 'database_type' => 'mysql',
'database_name' => $database['name'], 'database_name' => $database['name'],
@@ -34,14 +49,14 @@ $fileName = isset( $_REQUEST["name"] ) ? $_REQUEST["name"] : '';
$fileName = preg_replace( '/[^\w\._]+/', '-', $fileName ); $fileName = preg_replace( '/[^\w\._]+/', '-', $fileName );
if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) ) if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) )
{ {
$ext = strrpos( $fileName, '.' ); $ext = strrpos( $fileName, '.' );
$fileName_a = substr( $fileName, 0, $ext ); $fileName_a = substr( $fileName, 0, $ext );
$fileName_b = substr( $fileName, $ext ); $fileName_b = substr( $fileName, $ext );
$count = 1; $count = 1;
while ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b ) ) while ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b ) )
$count++; $count++;
@@ -50,9 +65,9 @@ if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) )
$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName; $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) ) ) if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) ) )
{ {
while ( ( $file = readdir( $dir ) ) !== false ) while ( ( $file = readdir( $dir ) ) !== false )
{ {
$tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file; $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
@@ -62,7 +77,7 @@ if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir )
} }
closedir($dir); closedir($dir);
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}' );
@@ -72,40 +87,40 @@ if ( isset( $_SERVER["HTTP_CONTENT_TYPE"] ) )
if ( isset( $_SERVER["CONTENT_TYPE"] ) ) if ( isset( $_SERVER["CONTENT_TYPE"] ) )
$contentType = $_SERVER["CONTENT_TYPE"]; $contentType = $_SERVER["CONTENT_TYPE"];
if ( strpos( $contentType, "multipart" ) !== false ) if ( strpos( $contentType, "multipart" ) !== false )
{ {
if ( isset( $_FILES['file']['tmp_name'] ) && is_uploaded_file( $_FILES['file']['tmp_name'] ) ) if ( isset( $_FILES['file']['tmp_name'] ) && is_uploaded_file( $_FILES['file']['tmp_name'] ) )
{ {
$out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" ); $out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" );
if ( $out ) if ( $out )
{ {
$in = fopen( $_FILES['file']['tmp_name'], "rb" ); $in = fopen( $_FILES['file']['tmp_name'], "rb" );
if ( $in ) if ( $in )
{ {
while ( $buff = fread( $in, 4096 ) ) while ( $buff = fread( $in, 4096 ) )
fwrite($out, $buff); fwrite($out, $buff);
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}' );
fclose( $in ); fclose( $in );
fclose( $out ); fclose( $out );
@unlink( $_FILES['file']['tmp_name'] ); @unlink( $_FILES['file']['tmp_name'] );
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' );
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}' );
} }
else else
{ {
$out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" ); $out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" );
if ( $out ) if ( $out )
{ {
$in = fopen( "php://input", "rb" ); $in = fopen( "php://input", "rb" );
if ( $in ) if ( $in )
{ {
while ( $buff = fread( $in, 4096 ) ) while ( $buff = fread( $in, 4096 ) )
fwrite( $out, $buff ); fwrite( $out, $buff );
@@ -115,22 +130,22 @@ else
fclose( $in ); fclose( $in );
fclose( $out ); fclose( $out );
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' );
} }
if ( !$chunks || $chunk == $chunks - 1 ) if ( !$chunks || $chunk == $chunks - 1 )
{ {
rename( "{$filePath}.part", $filePath ); rename( "{$filePath}.part", $filePath );
$mdb -> insert( 'pp_articles_files', [ $mdb -> insert( 'pp_articles_files', [
'article_id' => null, 'article_id' => null,
'src' => substr( $filePath, 5, strlen( $filePath ) ) 'src' => substr( $filePath, 5, strlen( $filePath ) )
] ); ] );
$file_id = $mdb -> id(); $file_id = $mdb -> id();
$file_name = explode( '/', $filePath ); $file_name = explode( '/', $filePath );
$file_name = $file_name[ count( $file_name ) - 1 ]; $file_name = $file_name[ count( $file_name ) - 1 ];
} }

55
libraries/plupload/upload-articles-images.php
View File

@@ -4,6 +4,21 @@ require_once '../medoo/medoo.php';
date_default_timezone_set( 'Europe/Warsaw' ); date_default_timezone_set( 'Europe/Warsaw' );
session_start(); session_start();
$upload_token = $_REQUEST['upload_token'] ?? '';
if ( !isset( $_SESSION['upload_tokens'][$upload_token] ) ) {
http_response_code(403);
echo json_encode( ['error' => 'Brak tokenu uploadu'] );
exit;
}
$tokenData = $_SESSION['upload_tokens'][$upload_token];
if ( $tokenData['expires'] < time() ) {
unset( $_SESSION['upload_tokens'][$upload_token] );
http_response_code(403);
echo json_encode( ['error' => 'Token wygasł'] );
exit;
}
$mdb = new medoo( [ $mdb = new medoo( [
'database_type' => 'mysql', 'database_type' => 'mysql',
'database_name' => $database['name'], 'database_name' => $database['name'],
@@ -34,14 +49,14 @@ $fileName = isset( $_REQUEST["name"] ) ? $_REQUEST["name"] : '';
$fileName = preg_replace( '/[^\w\._]+/', '-', $fileName ); $fileName = preg_replace( '/[^\w\._]+/', '-', $fileName );
if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) ) if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) )
{ {
$ext = strrpos( $fileName, '.' ); $ext = strrpos( $fileName, '.' );
$fileName_a = substr( $fileName, 0, $ext ); $fileName_a = substr( $fileName, 0, $ext );
$fileName_b = substr( $fileName, $ext ); $fileName_b = substr( $fileName, $ext );
$count = 1; $count = 1;
while ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b ) ) while ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b ) )
$count++; $count++;
@@ -50,9 +65,9 @@ if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) )
$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName; $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) ) ) if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) ) )
{ {
while ( ( $file = readdir( $dir ) ) !== false ) while ( ( $file = readdir( $dir ) ) !== false )
{ {
$tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file; $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
@@ -62,7 +77,7 @@ if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir )
} }
closedir($dir); closedir($dir);
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}' );
@@ -72,40 +87,40 @@ if ( isset( $_SERVER["HTTP_CONTENT_TYPE"] ) )
if ( isset( $_SERVER["CONTENT_TYPE"] ) ) if ( isset( $_SERVER["CONTENT_TYPE"] ) )
$contentType = $_SERVER["CONTENT_TYPE"]; $contentType = $_SERVER["CONTENT_TYPE"];
if ( strpos( $contentType, "multipart" ) !== false ) if ( strpos( $contentType, "multipart" ) !== false )
{ {
if ( isset( $_FILES['file']['tmp_name'] ) && is_uploaded_file( $_FILES['file']['tmp_name'] ) ) if ( isset( $_FILES['file']['tmp_name'] ) && is_uploaded_file( $_FILES['file']['tmp_name'] ) )
{ {
$out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" ); $out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" );
if ( $out ) if ( $out )
{ {
$in = fopen( $_FILES['file']['tmp_name'], "rb" ); $in = fopen( $_FILES['file']['tmp_name'], "rb" );
if ( $in ) if ( $in )
{ {
while ( $buff = fread( $in, 4096 ) ) while ( $buff = fread( $in, 4096 ) )
fwrite($out, $buff); fwrite($out, $buff);
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}' );
fclose( $in ); fclose( $in );
fclose( $out ); fclose( $out );
@unlink( $_FILES['file']['tmp_name'] ); @unlink( $_FILES['file']['tmp_name'] );
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' );
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}' );
} }
else else
{ {
$out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" ); $out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" );
if ( $out ) if ( $out )
{ {
$in = fopen( "php://input", "rb" ); $in = fopen( "php://input", "rb" );
if ( $in ) if ( $in )
{ {
while ( $buff = fread( $in, 4096 ) ) while ( $buff = fread( $in, 4096 ) )
fwrite( $out, $buff ); fwrite( $out, $buff );
@@ -115,18 +130,18 @@ else
fclose( $in ); fclose( $in );
fclose( $out ); fclose( $out );
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' );
} }
if ( !$chunks || $chunk == $chunks - 1 ) if ( !$chunks || $chunk == $chunks - 1 )
{ {
rename( "{$filePath}.part", $filePath ); rename( "{$filePath}.part", $filePath );
$o = $mdb -> max( 'pp_articles_images', 'o' ); $o = $mdb -> max( 'pp_articles_images', 'o' );
$mdb -> insert( 'pp_articles_images', [ $mdb -> insert( 'pp_articles_images', [
'article_id' => $_POST['article_id'] ? $_POST['article_id'] : null, 'article_id' => $_POST['article_id'] ? $_POST['article_id'] : null,
'src' => substr( $filePath, 5, strlen( $filePath ) ), 'src' => substr( $filePath, 5, strlen( $filePath ) ),
'o' => ++$o 'o' => ++$o

57
libraries/plupload/upload-product-files.php
View File

@@ -4,6 +4,21 @@ require_once '../medoo/medoo.php';
date_default_timezone_set( 'Europe/Warsaw' ); date_default_timezone_set( 'Europe/Warsaw' );
session_start(); session_start();
$upload_token = $_REQUEST['upload_token'] ?? '';
if ( !isset( $_SESSION['upload_tokens'][$upload_token] ) ) {
http_response_code(403);
echo json_encode( ['error' => 'Brak tokenu uploadu'] );
exit;
}
$tokenData = $_SESSION['upload_tokens'][$upload_token];
if ( $tokenData['expires'] < time() ) {
unset( $_SESSION['upload_tokens'][$upload_token] );
http_response_code(403);
echo json_encode( ['error' => 'Token wygasł'] );
exit;
}
$mdb = new medoo( [ $mdb = new medoo( [
'database_type' => 'mysql', 'database_type' => 'mysql',
'database_name' => $database['name'], 'database_name' => $database['name'],
@@ -34,14 +49,14 @@ $fileName = isset( $_REQUEST["name"] ) ? $_REQUEST["name"] : '';
$fileName = preg_replace( '/[^\w\._]+/', '-', $fileName ); $fileName = preg_replace( '/[^\w\._]+/', '-', $fileName );
if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) ) if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) )
{ {
$ext = strrpos( $fileName, '.' ); $ext = strrpos( $fileName, '.' );
$fileName_a = substr( $fileName, 0, $ext ); $fileName_a = substr( $fileName, 0, $ext );
$fileName_b = substr( $fileName, $ext ); $fileName_b = substr( $fileName, $ext );
$count = 1; $count = 1;
while ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b ) ) while ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b ) )
$count++; $count++;
@@ -50,9 +65,9 @@ if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) )
$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName; $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) ) ) if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) ) )
{ {
while ( ( $file = readdir( $dir ) ) !== false ) while ( ( $file = readdir( $dir ) ) !== false )
{ {
$tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file; $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
@@ -62,7 +77,7 @@ if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir )
} }
closedir($dir); closedir($dir);
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}' );
@@ -72,40 +87,40 @@ if ( isset( $_SERVER["HTTP_CONTENT_TYPE"] ) )
if ( isset( $_SERVER["CONTENT_TYPE"] ) ) if ( isset( $_SERVER["CONTENT_TYPE"] ) )
$contentType = $_SERVER["CONTENT_TYPE"]; $contentType = $_SERVER["CONTENT_TYPE"];
if ( strpos( $contentType, "multipart" ) !== false ) if ( strpos( $contentType, "multipart" ) !== false )
{ {
if ( isset( $_FILES['file']['tmp_name'] ) && is_uploaded_file( $_FILES['file']['tmp_name'] ) ) if ( isset( $_FILES['file']['tmp_name'] ) && is_uploaded_file( $_FILES['file']['tmp_name'] ) )
{ {
$out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" ); $out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" );
if ( $out ) if ( $out )
{ {
$in = fopen( $_FILES['file']['tmp_name'], "rb" ); $in = fopen( $_FILES['file']['tmp_name'], "rb" );
if ( $in ) if ( $in )
{ {
while ( $buff = fread( $in, 4096 ) ) while ( $buff = fread( $in, 4096 ) )
fwrite($out, $buff); fwrite($out, $buff);
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}' );
fclose( $in ); fclose( $in );
fclose( $out ); fclose( $out );
@unlink( $_FILES['file']['tmp_name'] ); @unlink( $_FILES['file']['tmp_name'] );
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' );
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}' );
} }
else else
{ {
$out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" ); $out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" );
if ( $out ) if ( $out )
{ {
$in = fopen( "php://input", "rb" ); $in = fopen( "php://input", "rb" );
if ( $in ) if ( $in )
{ {
while ( $buff = fread( $in, 4096 ) ) while ( $buff = fread( $in, 4096 ) )
fwrite( $out, $buff ); fwrite( $out, $buff );
@@ -115,22 +130,22 @@ else
fclose( $in ); fclose( $in );
fclose( $out ); fclose( $out );
} }
else else
die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' ); die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' );
} }
if ( !$chunks || $chunk == $chunks - 1 ) if ( !$chunks || $chunk == $chunks - 1 )
{ {
rename( "{$filePath}.part", $filePath ); rename( "{$filePath}.part", $filePath );
$mdb -> insert( 'pp_shop_products_files', [ $mdb -> insert( 'pp_shop_products_files', [
'product_id' => null, 'product_id' => null,
'src' => substr( $filePath, 5, strlen( $filePath ) ) 'src' => substr( $filePath, 5, strlen( $filePath ) )
] ); ] );
$file_id = $mdb -> id(); $file_id = $mdb -> id();
$file_name = explode( '/', $filePath ); $file_name = explode( '/', $filePath );
$file_name = $file_name[ count( $file_name ) - 1 ]; $file_name = $file_name[ count( $file_name ) - 1 ];
} }

15
libraries/plupload/upload-product-images.php
View File

@@ -4,6 +4,21 @@ require_once '../medoo/medoo.php';
date_default_timezone_set( 'Europe/Warsaw' ); date_default_timezone_set( 'Europe/Warsaw' );
session_start(); session_start();
$upload_token = $_REQUEST['upload_token'] ?? '';
if ( !isset( $_SESSION['upload_tokens'][$upload_token] ) ) {
http_response_code(403);
echo json_encode( ['error' => 'Brak tokenu uploadu'] );
exit;
}
$tokenData = $_SESSION['upload_tokens'][$upload_token];
if ( $tokenData['expires'] < time() ) {
unset( $_SESSION['upload_tokens'][$upload_token] );
http_response_code(403);
echo json_encode( ['error' => 'Token wygasł'] );
exit;
}
$mdb = new medoo( [ $mdb = new medoo( [
'database_type' => 'mysql', 'database_type' => 'mysql',
'database_name' => $database['name'], 'database_name' => $database['name'],

BIN
updates/0.20/ver_0.230.zip Normal file
View File

Binary file not shown.

3
updates/changelog.php
View File

@@ -1,3 +1,6 @@
<b>ver. 0.230</b><br />
- FIX - poprawki bezpieczeństwa
<hr>
<b>ver. 0.229</b><br /> <b>ver. 0.229</b><br />
- NEW - pola dodatkowe z opcją wymagane/niewymagane - NEW - pola dodatkowe z opcją wymagane/niewymagane
<hr> <hr>

2
updates/versions.php
View File

@@ -1,5 +1,5 @@
<? <?
$current_ver = 229; $current_ver = 230;
for ($i = 1; $i <= $current_ver; $i++) for ($i = 1; $i <= $current_ver; $i++)
{ {