Questions-and-Answers/admin/models/ajax.php

608 lines
20 KiB
PHP
Raw Normal View History

2018-04-24 12:12:24 +00:00
<?php
2022-03-03 02:58:38 +00:00
/*--------------------------------------------------------------------------------------------------------| www.vdm.io |------/
__ __ _ _____ _ _ __ __ _ _ _
\ \ / / | | | __ \ | | | | | \/ | | | | | | |
\ \ / /_ _ ___| |_ | | | | _____ _____| | ___ _ __ _ __ ___ ___ _ __ | |_ | \ / | ___| |_| |__ ___ __| |
\ \/ / _` / __| __| | | | |/ _ \ \ / / _ \ |/ _ \| '_ \| '_ ` _ \ / _ \ '_ \| __| | |\/| |/ _ \ __| '_ \ / _ \ / _` |
\ / (_| \__ \ |_ | |__| | __/\ V / __/ | (_) | |_) | | | | | | __/ | | | |_ | | | | __/ |_| | | | (_) | (_| |
\/ \__,_|___/\__| |_____/ \___| \_/ \___|_|\___/| .__/|_| |_| |_|\___|_| |_|\__| |_| |_|\___|\__|_| |_|\___/ \__,_|
| |
|_|
/-------------------------------------------------------------------------------------------------------------------------------/
@version 1.0.x
@build 2nd March, 2022
@created 30th January, 2017
@package Questions and Answers
@subpackage ajax.php
@author Llewellyn van der Merwe <https://www.vdm.io/>
@copyright Copyright (C) 2015. All Rights Reserved
@license GNU/GPL Version 2 or later - http://www.gnu.org/licenses/gpl-2.0.html
Questions &amp; Answers
/-----------------------------------------------------------------------------------------------------------------------------*/
// No direct access to this file
defined('_JEXEC') or die('Restricted access');
use Joomla\Utilities\ArrayHelper;
/**
* Questionsanswers Ajax Model
*/
class QuestionsanswersModelAjax extends JModelList
{
protected $app_params;
public function __construct()
{
parent::__construct();
// get params
$this->app_params = JComponentHelper::getParams('com_questionsanswers');
2018-04-24 12:12:24 +00:00
}
// Used in question_and_answer
protected $viewid = array();
protected function getViewID($call = 'table')
{
if (!isset($this->viewid[$call]))
{
// get the vdm key
$jinput = JFactory::getApplication()->input;
$vdm = $jinput->get('vdm', null, 'WORD');
2020-05-30 22:29:42 +00:00
if ($vdm)
2018-04-24 12:12:24 +00:00
{
2018-12-27 11:06:27 +00:00
// set view and id
2018-04-24 12:12:24 +00:00
if ($view = QuestionsanswersHelper::get($vdm))
{
$current = (array) explode('__', $view);
if (QuestionsanswersHelper::checkString($current[0]) && isset($current[1]) && is_numeric($current[1]))
{
// get the view name & id
$this->viewid[$call] = array(
'a_id' => (int) $current[1],
'a_view' => $current[0]
);
}
}
2020-05-30 22:29:42 +00:00
// set GUID if found
if (($guid = QuestionsanswersHelper::get($vdm . '__guid')) !== false && method_exists('QuestionsanswersHelper', 'validGUID'))
{
if (QuestionsanswersHelper::validGUID($guid))
{
$this->viewid[$call]['a_guid'] = $guid;
}
}
2018-12-27 11:06:27 +00:00
// set return if found
2020-05-30 22:29:42 +00:00
if (($return = QuestionsanswersHelper::get($vdm . '__return')) !== false)
2018-12-27 11:06:27 +00:00
{
if (QuestionsanswersHelper::checkString($return))
{
$this->viewid[$call]['a_return'] = $return;
}
}
2018-04-24 12:12:24 +00:00
}
}
if (isset($this->viewid[$call]))
{
return $this->viewid[$call];
}
return false;
}
// allowed views
protected $allowedViews = array('question_and_answer');
// allowed targets
protected $targets = array('main', 'answer');
// allowed types
protected $types = array('image' => 'image', 'images' => 'image', 'document' => 'document', 'documents' => 'document');
// set some buckets
protected $target;
protected $targetType;
protected $formatType;
// file details
protected $fileName;
protected $folderPath;
protected $fullPath;
protected $fileFormat;
// return error if upload fails
protected $errorMessage;
// set uploading values
protected $use_streams = false;
protected $allow_unsafe = false;
protected $safeFileOptions = array();
public function uploadfile($target, $type)
{
// get the view values
$view = $this->getViewID();
if (in_array($target, $this->targets) && isset($this->types[$type]) && isset($view['a_view']) && in_array($view['a_view'], $this->allowedViews))
{
$this->target = (string) $target;
$this->targetType = (string) $type;
$this->formatType = (string) $this->types[$type];
2020-05-30 22:29:42 +00:00
if (($package = $this->_getPackageFromUpload()) !== false)
2018-04-24 12:12:24 +00:00
{
// now we move the file into place
return $this->uploadNow($package, $view);
}
return array('error' => $this->errorMessage);
}
return array('error' => JText::_('COM_QUESTIONSANSWERS_THERE_HAS_BEEN_AN_ERROR'));
}
protected function uploadNow($package, $view)
{
// set the package name to file name if found
$name = $this->formatType;
if (isset($package['packagename']))
{
$name = QuestionsanswersHelper::safeString(str_replace('.'.$this->fileFormat, '', $package['packagename']), 'filename', '_', false);
}
2020-05-30 22:29:42 +00:00
$this->fileName = $this->target . '_' . $this->targetType . '_' . $this->fileFormat . '_' . QuestionsanswersHelper::randomkey(20) . 'VDM' . $name;
2018-04-24 12:12:24 +00:00
// set the folder path
2020-05-30 22:29:42 +00:00
if ($this->formatType === 'file' || $this->formatType === 'document' || $this->formatType === 'media')
2018-04-24 12:12:24 +00:00
{
// get the folder path
$this->folderPath = QuestionsanswersHelper::getFolderPath('path', 'hiddenfilepath');
}
else
{
// get the file path
$this->folderPath = QuestionsanswersHelper::getFolderPath();
}
// set full path to the file
$this->fullPath = $this->folderPath . $this->fileName . '.' . $this->fileFormat;
// move to target folder
if (JFile::move($package['dir'], $this->fullPath))
{
// do crop/resize if it is an image and cropping is set
if ($this->formatType === 'image')
{
QuestionsanswersHelper::resizeImage($this->fileName, $this->fileFormat, $this->target, $this->folderPath, $this->fullPath);
}
2020-05-30 22:29:42 +00:00
$encryption = null;
$expertmode = false;
// basic encryption of these format types
if ($this->formatType === 'document' || $this->formatType === 'media')
{
// Get the basic encryption.
$encryptionkey = QuestionsanswersHelper::getCryptKey('basic');
}
// medium encryption of these format types
elseif ($this->formatType === 'file')
{
// check if we have expert Mode
if (method_exists('QuestionsanswersHelper', 'encrypt'))
{
$expertmode = true;
}
else
{
// Get the medium encryption.
$encryptionkey = QuestionsanswersHelper::getCryptKey('medium');
}
}
2018-04-24 12:12:24 +00:00
// set link options
2020-05-30 22:29:42 +00:00
if (isset($encryptionkey) && $encryptionkey)
2018-04-24 12:12:24 +00:00
{
// Get the encryption object.
2020-05-30 22:29:42 +00:00
$encryption = new FOFEncryptAes($encryptionkey, 128);
2018-04-24 12:12:24 +00:00
}
// when it is documents we need to give file name in base64
2020-05-30 22:29:42 +00:00
if ($this->formatType === 'file' || $this->formatType === 'document' || $this->formatType === 'media')
2018-04-24 12:12:24 +00:00
{
// store the name
$keyName = $this->fileName;
2020-05-30 22:29:42 +00:00
if (QuestionsanswersHelper::checkObject($encryption) || $expertmode)
2018-04-24 12:12:24 +00:00
{
2020-05-30 22:29:42 +00:00
// also encrypt the actual content of the file
if ($this->formatType === 'file')
{
// add notice to name that file is encrypted
$this->fileName = $keyName = '.' . $this->fileName;
$securefullPath = $this->folderPath . $this->fileName;
// also encrypt the actual content of the file
if ($expertmode)
{
QuestionsanswersHelper::writeFile($securefullPath, wordwrap(QuestionsanswersHelper::encrypt(file_get_contents($this->fullPath)), 128, "\n", true));
}
else
{
QuestionsanswersHelper::writeFile($securefullPath, wordwrap($encryption->encryptString(file_get_contents($this->fullPath)), 128, "\n", true));
}
// remove the original
jimport('joomla.filesystem.file');
JFile::delete($this->fullPath);
}
2018-04-24 12:12:24 +00:00
// Get the encryption object.
2020-05-30 22:29:42 +00:00
if ($expertmode)
{
$localFile = QuestionsanswersHelper::base64_urlencode(QuestionsanswersHelper::encrypt($keyName, false), true);
}
else
{
$localFile = QuestionsanswersHelper::base64_urlencode($encryption->encryptString($keyName));
}
2018-04-24 12:12:24 +00:00
}
else
{
// can not get the encryption object so only base64 encode
$localFile = QuestionsanswersHelper::base64_urlencode($keyName, true);
}
}
// check if we must update the current item
2020-05-30 22:29:42 +00:00
if (isset($view['a_id']) && $view['a_id'] > 0)
2018-04-24 12:12:24 +00:00
{
$object = new stdClass();
$object->id = (int) $view['a_id'];
2020-05-30 22:29:42 +00:00
if ($this->formatType === 'file' || $this->targetType === 'image' || $this->targetType === 'document')
2018-04-24 12:12:24 +00:00
{
2020-05-30 22:29:42 +00:00
if (QuestionsanswersHelper::checkObject($encryption) || $expertmode)
2018-04-24 12:12:24 +00:00
{
// Get the encryption object.
2020-05-30 22:29:42 +00:00
if ($expertmode)
{
$object->{$this->target . '_' . $this->targetType} = QuestionsanswersHelper::encrypt($this->fileName);
}
else
{
$object->{$this->target . '_' . $this->targetType} = $encryption->encryptString($this->fileName);
}
2018-04-24 12:12:24 +00:00
}
else
{
// can not get the encryption object.
2020-05-30 22:29:42 +00:00
$object->{$this->target . '_' . $this->targetType} = $this->fileName;
2018-04-24 12:12:24 +00:00
}
}
elseif ($this->targetType === 'images' || $this->targetType === 'documents' || $this->targetType === 'media')
{
2020-05-30 22:29:42 +00:00
$this->fileName = $this->setFileNameArray('add', $encryption, $view);
if (QuestionsanswersHelper::checkObject($encryption))
2018-04-24 12:12:24 +00:00
{
// Get the encryption object.
2020-05-30 22:29:42 +00:00
$object->{$this->target . '_' . $this->targetType} = $encryption->encryptString($this->fileName);
2018-04-24 12:12:24 +00:00
}
else
{
// can not get the encryption object.
2020-05-30 22:29:42 +00:00
$object->{$this->target . '_' . $this->targetType} = $this->fileName;
2018-04-24 12:12:24 +00:00
}
}
2020-05-30 22:29:42 +00:00
JFactory::getDbo()->updateObject('#__questionsanswers_' . (string) $view['a_view'], $object, 'id');
2018-04-24 12:12:24 +00:00
}
elseif ($this->targetType === 'images' || $this->targetType === 'documents' || $this->targetType === 'media')
{
$this->fileName = array($this->fileName);
$this->fileName = '["'.implode('", "', $this->fileName).'"]';
}
// set the results
$result = array('success' => $this->fileName, 'fileformat' => $this->fileFormat);
// add some more values if document format type
2020-05-30 22:29:42 +00:00
if ($this->formatType === 'file' || $this->formatType === 'document' || $this->formatType === 'media')
2018-04-24 12:12:24 +00:00
{
2020-05-30 22:29:42 +00:00
// set link options
$linkOptions = QuestionsanswersHelper::getLinkOptions();
// do not lock file for link unless lock is set
2018-04-24 12:12:24 +00:00
if ($linkOptions['lock'] == 0)
{
$localFile = QuestionsanswersHelper::base64_urlencode($keyName, true);
}
2020-05-30 22:29:42 +00:00
$tokenLink = '';
2018-04-24 12:12:24 +00:00
if ($linkOptions['session'])
{
2020-05-30 22:29:42 +00:00
$tokenLink = '&' . JSession::getFormToken() . '=1';
2018-04-24 12:12:24 +00:00
}
2020-05-30 22:29:42 +00:00
// if document or file
if ($this->formatType === 'file' || $this->formatType === 'document')
2018-04-24 12:12:24 +00:00
{
$result['link'] = 'index.php?option=com_questionsanswers&task=download.document&file=' . $localFile . $tokenLink;
}
// if media
elseif ($this->formatType === 'media')
{
$result['link'] = 'index.php?option=com_questionsanswers&task=download.media&file=' . $localFile . $tokenLink;
}
$result['key'] = $keyName;
}
return $result;
}
$this->remove($package['packagename']);
return array('error' => JText::_('COM_QUESTIONSANSWERS_THERE_HAS_BEEN_AN_ERROR'));
}
public function removeFile($oldFile, $target, $clearDB, $type)
{
// get view values
$view = $this->getViewID();
if (in_array($target, $this->targets) && isset($this->types[$type]) && isset($view['a_view']) && in_array($view['a_view'], $this->allowedViews))
{
$this->target = (string) $target;
$this->targetType = (string) $type;
$this->formatType = (string) $this->types[$type];
$this->fileName = (string) $oldFile;
2020-05-30 22:29:42 +00:00
// check permissions
2018-04-24 12:12:24 +00:00
if (isset($view['a_id']) && $view['a_id'] > 0 && isset($view['a_view']))
{
// get user to see if he has permission to upload
$user = JFactory::getUser();
2020-05-30 22:29:42 +00:00
if (!$user->authorise($view['a_view'] . '.edit.'. $this->target . '_' . $this->targetType, 'com_questionsanswers'))
2018-04-24 12:12:24 +00:00
{
return array('error' => JText::_('COM_QUESTIONSANSWERS_YOU_DO_NOT_HAVE_PERMISSION_TO_REMOVE_THIS_FILE'));
}
}
2020-05-30 22:29:42 +00:00
if ($this->formatType === 'file' || $this->formatType === 'document' || $this->formatType === 'media')
2018-04-24 12:12:24 +00:00
{
// get the file path
$this->folderPath = QuestionsanswersHelper::getFolderPath('path', 'hiddenfilepath');
}
else
{
// get the file path
$this->folderPath = QuestionsanswersHelper::getFolderPath();
}
// remove from the db if there is an id
2020-05-30 22:29:42 +00:00
if ($clearDB == 1 && isset($view['a_id']) && $view['a_id'] > 0)
2018-04-24 12:12:24 +00:00
{
$object = new stdClass();
$object->id = (int) $view['a_id'];
2020-05-30 22:29:42 +00:00
if ($this->formatType === 'file' || $this->targetType === 'image' || $this->targetType === 'document')
2018-04-24 12:12:24 +00:00
{
2020-05-30 22:29:42 +00:00
$object->{$this->target . '_' . $this->targetType} = '';
JFactory::getDbo()->updateObject('#__questionsanswers_' . $view['a_view'], $object, 'id');
2018-04-24 12:12:24 +00:00
}
elseif ($this->targetType === 'images' || $this->targetType === 'documents' || $this->targetType === 'media')
{
// Get the basic encription.
2020-05-30 22:29:42 +00:00
$encryptionkey = QuestionsanswersHelper::getCryptKey('basic');
$encryption = null;
if ($encryptionkey)
2018-04-24 12:12:24 +00:00
{
// Get the encryption object.
2020-05-30 22:29:42 +00:00
$encryption = new FOFEncryptAes($encryptionkey, 128);
2018-04-24 12:12:24 +00:00
}
2020-05-30 22:29:42 +00:00
$fileNameArray = $this->setFileNameArray('remove', $encryption, $view);
if (QuestionsanswersHelper::checkObject($encryption))
2018-04-24 12:12:24 +00:00
{
// Get the encryption object.
2020-05-30 22:29:42 +00:00
$object->{$this->target.'_'.$this->targetType} = $encryption->encryptString($fileNameArray);
2018-04-24 12:12:24 +00:00
}
else
{
// can not get the encryption object.
$object->{$this->target.'_'.$this->targetType} = $fileNameArray;
}
JFactory::getDbo()->updateObject('#__questionsanswers_'.$view['a_view'], $object, 'id');
}
}
// load the file class
jimport('joomla.filesystem.file');
2020-05-30 22:29:42 +00:00
// check if this is a locked file
if (substr($this->fileName, 0, 1) === '.' && JFile::exists($this->folderPath . $this->fileName))
2018-04-24 12:12:24 +00:00
{
2020-05-30 22:29:42 +00:00
// remove the file
return JFile::delete($this->folderPath . $this->fileName);
}
else
{
// set formats
$this->formats = QuestionsanswersHelper::getFileExtensions($this->formatType);
foreach ($this->formats as $fileFormat)
2018-04-24 12:12:24 +00:00
{
2020-05-30 22:29:42 +00:00
if (JFile::exists($this->folderPath . $this->fileName . '.' . $fileFormat))
{
// remove the file
return JFile::delete($this->folderPath . $this->fileName . '.' . $fileFormat);
}
2018-04-24 12:12:24 +00:00
}
}
}
return array('error' => JText::_('COM_QUESTIONSANSWERS_THERE_HAS_BEEN_AN_ERROR'));
}
2020-05-30 22:29:42 +00:00
protected function setFileNameArray($action, $encryption, $view)
2018-04-24 12:12:24 +00:00
{
$curentFiles = QuestionsanswersHelper::getVar($view['a_view'], $view['a_id'], 'id', $this->target.'_'.$this->targetType);
// unlock if needed
2020-05-30 22:29:42 +00:00
if ($encryption && $curentFiles === base64_encode(base64_decode($curentFiles, true)))
2018-04-24 12:12:24 +00:00
{
2020-05-30 22:29:42 +00:00
// decrypt data image.
$curentFiles = rtrim($encryption->decryptString($curentFiles), "\0");
2018-04-24 12:12:24 +00:00
}
// convert to array if needed
if (QuestionsanswersHelper::checkJson($curentFiles))
{
$curentFiles = json_decode($curentFiles, true);
}
// remove or add the file name
if (QuestionsanswersHelper::checkArray($curentFiles))
{
if ('add' === $action)
{
$curentFiles[] = $this->fileName;
}
else
{
if(($key = array_search($this->fileName, $curentFiles)) !== false)
{
unset($curentFiles[$key]);
}
}
}
elseif ('add' === $action)
{
$curentFiles = array($this->fileName);
}
else
{
$curentFiles = '';
}
// convert to json
if (QuestionsanswersHelper::checkArray($curentFiles))
{
return '["'.implode('", "', $curentFiles).'"]';
}
return '';
}
/**
* Works out an importation file from a HTTP upload
*
* @return file definition or false on failure
*/
protected function _getPackageFromUpload()
{
// Get the uploaded file information
2019-04-04 11:57:56 +00:00
$app = JFactory::getApplication();
$input = $app->input;
2018-04-24 12:12:24 +00:00
// See JInputFiles::get.
$userfiles = $input->files->get('files', null, 'array');
// Make sure that file uploads are enabled in php
if (!(bool) ini_get('file_uploads'))
{
$this->errorMessage = JText::_('COM_QUESTIONSANSWERS_WARNING_IMPORT_FILE_ERROR');
return false;
}
// get the files from array
$userfile = null;
if (is_array($userfiles))
{
$userfile = array_values($userfiles)[0];
}
// If there is no uploaded file, we have a problem...
if (!is_array($userfile))
{
$this->errorMessage = JText::_('COM_QUESTIONSANSWERS_NO_IMPORT_FILE_SELECTED');
return false;
}
// Check if there was a problem uploading the file.
if ($userfile['error'] || $userfile['size'] < 1)
{
$this->errorMessage = JText::_('COM_QUESTIONSANSWERS_WARNING_IMPORT_UPLOAD_ERROR');
return false;
}
// Build the appropriate paths
2019-04-04 11:57:56 +00:00
$config = JFactory::getConfig();
$tmp_dest = $config->get('tmp_path') . '/' . $userfile['name'];
$tmp_src = $userfile['tmp_name'];
2018-04-24 12:12:24 +00:00
// Move uploaded file
jimport('joomla.filesystem.file');
jimport('joomla.filesystem.folder');
$p_file = JFile::upload($tmp_src, $tmp_dest, $this->use_streams, $this->allow_unsafe, $this->safeFileOptions);
// Was the package downloaded?
if (!$p_file)
{
$session = JFactory::getSession();
$session->clear('package');
$session->clear('dataType');
$session->clear('hasPackage');
$this->errorMessage = JText::_('COM_QUESTIONSANSWERS_COULD_NOT_UPLOAD_THE_FILE');
// was not uploaded
return false;
}
// check that this is a valid file
$package = $this->check($userfile['name']);
return $package;
}
/**
* Check a file and verifies it as a allowed file format file
*
* @param string $archivename The uploaded package filename or import directory
*
* @return array of elements
*
*/
protected function check($archivename)
{
2020-05-30 22:29:42 +00:00
// set formats
$this->formats = QuestionsanswersHelper::getFileExtensions($this->formatType);
2018-04-24 12:12:24 +00:00
// Clean the name
$archivename = JPath::clean($archivename);
// get file format
$this->fileFormat = strtolower(pathinfo($archivename, PATHINFO_EXTENSION));
// get fileFormat key
$allowedFormats = array();
2020-05-30 22:29:42 +00:00
if (in_array($this->fileFormat, $this->formats))
2018-04-24 12:12:24 +00:00
{
// get allowed formats
2020-05-30 22:29:42 +00:00
$allowedFormats = (array) $this->app_params->get($this->formatType.'_formats', array());
2018-04-24 12:12:24 +00:00
}
// check the extension
if (!in_array($this->fileFormat, $allowedFormats))
{
// Cleanup the import files
$this->remove($archivename);
$this->errorMessage = JText::_('COM_QUESTIONSANSWERS_DOES_NOT_HAVE_A_VALID_FILE_TYPE');
return false;
}
// check permission if user
$view = $this->getViewID();
2020-05-30 22:29:42 +00:00
// get user to see if he has permission to upload
$user = JFactory::getUser();
if (!$user->authorise($view['a_view'] . '.edit.' . $this->target . '_' . $this->targetType, 'com_questionsanswers'))
2018-04-24 12:12:24 +00:00
{
2020-05-30 22:29:42 +00:00
// Cleanup the import files
$this->remove($archivename);
$this->errorMessage = JText::_('COM_QUESTIONSANSWERS_YOU_DO_NOT_HAVE_PERMISSION_TO_UPLOAD_AN' . $this->targetType);
return false;
2018-04-24 12:12:24 +00:00
}
2020-05-30 22:29:42 +00:00
2019-04-04 11:57:56 +00:00
$config = JFactory::getConfig();
2018-04-24 12:12:24 +00:00
// set Package Name
2019-04-04 11:57:56 +00:00
$check['packagename'] = $archivename;
2020-05-30 22:29:42 +00:00
2018-04-24 12:12:24 +00:00
// set directory
2019-04-04 11:57:56 +00:00
$check['dir'] = $config->get('tmp_path'). '/' .$archivename;
2020-05-30 22:29:42 +00:00
2018-04-24 12:12:24 +00:00
return $check;
}
2020-05-30 22:29:42 +00:00
2018-04-24 12:12:24 +00:00
/**
* Clean up temporary uploaded file
*
* @param string $package Name of the uploaded file
*
* @return boolean True on success
*
*/
protected function remove($package)
{
jimport('joomla.filesystem.file');
2020-05-30 22:29:42 +00:00
2019-04-04 11:57:56 +00:00
$config = JFactory::getConfig();
$package = $config->get('tmp_path'). '/' .$package;
2018-04-24 12:12:24 +00:00
// Is the package file a valid file?
if (is_file($package))
{
JFile::delete($package);
}
elseif (is_file(JPath::clean($package)))
{
// It might also be just a base filename
JFile::delete(JPath::clean($package));
}
}
2022-03-03 02:58:38 +00:00
}