PluginProbe ʕ •ᴥ•ʔ
Download Manager / trunk
Download Manager vtrunk
3.3.62 3.3.61 3.3.60 3.3.59 3.3.58 3.3.57 3.3.56 trunk 2.1.3 2.3.0 2.5.96 2.5.97 2.6.2 2.6.96 2.8.3 2.9.99 3.0.4 3.1.05 3.1.07 3.1.08 3.1.11 3.1.12 3.1.14 3.1.17 3.1.18 3.1.22 3.1.23 3.1.24 3.1.25 3.1.26 3.1.27 3.1.28 3.2.04 3.2.13 3.2.14 3.2.16 3.2.18 3.2.19 3.2.21 3.2.22 3.2.23 3.2.24 3.2.25 3.2.27 3.2.28 3.2.29 3.2.30 3.2.31 3.2.32 3.2.33 3.2.34 3.2.35 3.2.37 3.2.38 3.2.39 3.2.40 3.2.41 3.2.42 3.2.43 3.2.44 3.2.45 3.2.46 3.2.47 3.2.48 3.2.49 3.2.50 3.2.51 3.2.52 3.2.53 3.2.54 3.2.55 3.2.56 3.2.57 3.2.58 3.2.59 3.2.60 3.2.61 3.2.63 3.2.64 3.2.65 3.2.66 3.2.67 3.2.68 3.2.69 3.2.70 3.2.71 3.2.72 3.2.73 3.2.74 3.2.75 3.2.76 3.2.77 3.2.78 3.2.79 3.2.80 3.2.81 3.2.82 3.2.83 3.2.84 3.2.85 3.2.86 3.2.87 3.2.88 3.2.89 3.2.90 3.2.91 3.2.92 3.2.93 3.2.94 3.2.95 3.2.96 3.2.97 3.2.98 3.2.99 3.3.00 3.3.01 3.3.02 3.3.03 3.3.04 3.3.05 3.3.06 3.3.07 3.3.08 3.3.09 3.3.10 3.3.11 3.3.12 3.3.13 3.3.14 3.3.15 3.3.16 3.3.17 3.3.18 3.3.19 3.3.20 3.3.21 3.3.22 3.3.23 3.3.24 3.3.25 3.3.26 3.3.27 3.3.28 3.3.29 3.3.30 3.3.31 3.3.32 3.3.33 3.3.34 3.3.35 3.3.36 3.3.37 3.3.38 3.3.39 3.3.40 3.3.41 3.3.42 3.3.43 3.3.44 3.3.45 3.3.46 3.3.47 3.3.48 3.3.49 3.3.50 3.3.51 3.3.52 3.3.53 3.3.54 3.3.55
download-manager / src / AssetManager / AssetManager.php
download-manager / src / AssetManager Last commit date
views 1 week ago Asset.php 1 year ago AssetManager.php 1 year ago
AssetManager.php
714 lines
1 <?php
2 /*
3 Asset Manager for WordPress Download Manager
4 Author: Shahjada
5 Version: 1.0.0
6 */
7
8 namespace WPDM\AssetManager;
9
10 use WPDM\__\__;
11 use WPDM\__\Crypt;
12 use WPDM\__\Messages;
13 use WPDM\__\Session;
14 use WPDM\__\Template;
15 use WPDM\__\FileSystem;
16
17 define('WPDMAM_NONCE_KEY', 'r2pj@|k5.|;B1?n9MqB)%<w2Yz|XZx(alt@Aoc|~,|93lei|wR.R9~5X4D$ZH&*7U}Ot');
18
19
20 class AssetManager
21 {
22 private static $instance;
23 private $dir, $url, $root;
24 private $mime_type;
25
26 public static function getInstance()
27 {
28 if (self::$instance === null) {
29 self::$instance = new self;
30 self::$instance->dir = dirname(__FILE__);
31 self::$instance->url = WP_PLUGIN_URL . '/' . basename(self::$instance->dir);
32 self::$instance->actions();
33 //print_r($_SESSION);
34 }
35 return self::$instance;
36 }
37
38 public static function root($path = '')
39 {
40 if(!function_exists('get_home_path'))
41 include_once ABSPATH.'wp-admin/includes/file.php';
42 $current_user = wp_get_current_user();
43 $fbRoot = get_option('_wpdm_file_browser_root');
44 $fbRoot = str_replace(get_home_path(), "", $fbRoot);
45 $userRoot = current_user_can(WPDM_ADMIN_CAP) ? trailingslashit(get_home_path().$fbRoot) : trailingslashit(UPLOAD_DIR . $current_user->user_login);
46
47 //Create user root if dir doesn't already exist
48 if(!current_user_can(WPDM_ADMIN_CAP) && !file_exists($userRoot))
49 {
50 @mkdir($userRoot, 0775, true);
51 FileSystem::blockHTTPAccess($userRoot);
52 }
53
54 $userRoot = self::fsPath($userRoot);
55 $userRootExt = $path !== '' ? $userRoot.$path : $userRoot;
56 $userRootExt = preg_replace(array('/\.\.\//', '/\.\//', '/\/\.\.$/'), "", $userRootExt);
57 $realUserRootExt = realpath($userRootExt);
58 if($realUserRootExt) $realUserRootExt = self::fsPath($realUserRootExt);
59 $userRootExt = self::fsPath($userRootExt);
60
61 if(substr_count($userRootExt, $userRoot) == 0 || !$realUserRootExt || substr_count($realUserRootExt, $userRoot) === 0) return "[INVALID_PATH]";
62
63 if (is_dir($userRootExt)) $userRootExt = trailingslashit($userRootExt);
64
65 return $userRootExt;
66 }
67
68 private function actions()
69 {
70
71 add_action('init', array($this, 'assetPicker'), 1);
72 add_action('init', array($this, 'download'), 1);
73
74 //add_action('wp_ajax_wpdm_fm_file_upload', array($this,'uploadFile'));
75 add_action('wp_ajax_wpdm_mkdir', array($this, 'mkDir'));
76 add_action('wp_ajax_wpdm_newfile', array($this, 'newFile'));
77 add_action('wp_ajax_wpdm_scandir', array($this, 'scanDir'));
78 add_action('wp_ajax_wpdm_createzip', array($this, 'createZip'));
79 add_action('wp_ajax_wpdm_unzipit', array($this, 'unZip'));
80 add_action('wp_ajax_wpdm_openfile', array($this, 'openFile'));
81 add_action('wp_ajax_wpdm_filesettings', array($this, 'fileSettings'));
82 add_action('wp_ajax_wpdm_unlink', array($this, 'deleteItem'));
83 add_action('wp_ajax_wpdm_rename', array($this, 'renameItem'));
84 add_action('wp_ajax_wpdm_savefile', array($this, 'saveFile'));
85 add_action('wp_ajax_wpdm_copypaste', array($this, 'copyItem'));
86 add_action('wp_ajax_wpdm_cutpaste', array($this, 'moveItem'));
87 add_action('wp_ajax_wpdm_addcomment', array($this, 'addComment'));
88 add_action('wp_ajax_wpdm_newsharelink', array($this, 'addShareLink'));
89 add_action('wp_ajax_wpdm_getlinkdet', array($this, 'getLinkDet'));
90 add_action('wp_ajax_wpdm_updatelink', array($this, 'updateLink'));
91 add_action('wp_ajax_wpdm_deletelink', array($this, 'deleteLink'));
92
93 //add_action('wpdm_asset_viewer_head', [$this, 'enqueueScripts']);
94
95 add_action('wpdm_after_upload_file', array($this, 'upload'), 1);
96 //add_action('wp_enqueue_scripts', array($this,'siteScripts'));
97 add_action('admin_enqueue_scripts', array($this, 'adminScripts'));
98
99 //add_shortcode('wpdm_asset_manager', array($this,'_assetManager'));
100 add_shortcode('wpdm_asset', array($this, 'wpdmAsset'));
101
102 //add_filter('wpdm_frontend', array($this,'frontendFileManagerTab'));
103
104 if (is_admin()) {
105 add_action('admin_menu', array($this, 'adminMenu'), 1);
106 }
107
108 }
109
110 function dequeueScripts() {
111 global $wp_scripts;
112 $wp_scripts->queue = array();
113 }
114
115
116 function dequeueStyles() {
117 global $wp_styles;
118 $wp_styles->queue = array();
119 }
120
121 function assetPicker()
122 {
123 //$this->dequeueScripts();
124 //$this->dequeueStyles();
125 global $wp_query;
126 if (wpdm_query_var('assetpicker', 'int') === 1) {
127 if(!current_user_can('access_server_browser')) Messages::fullPage("Error", esc_attr__( 'You are not authorized to access this page', 'download-manager' ), 'error');
128 http_response_code(200);
129 include Template::locate("asset-manager-picker.php", __DIR__.'/views');
130 die();
131 }
132 }
133
134
135 function siteScripts()
136 {
137 global $post;
138
139 if (is_single() && !has_shortcode($post->post_content, '[wpdm_asset_manager]')) return;
140
141 $cm_settings['codeEditor'] = wp_enqueue_code_editor(array('type' => 'text/plain'));
142 wp_localize_script('jquery', 'wpdmcm_settings', $cm_settings);
143
144 wp_enqueue_script('wp-theme-plugin-editor');
145 wp_enqueue_style('wp-codemirror');
146
147 wp_enqueue_script('jquery-ui-core');
148 wp_enqueue_script('jquery-ui-autocomplete');
149 }
150
151
152 function adminScripts($hook)
153 {
154 if ($hook !== 'wpdmpro_page_wpdm-asset-manager') return;
155
156 $cm_settings['codeEditor'] = wp_enqueue_code_editor(array('type' => 'text/plain'));
157 wp_localize_script('jquery', 'wpdmcm_settings', $cm_settings);
158
159 wp_enqueue_script('wp-theme-plugin-editor');
160 wp_enqueue_style('wp-codemirror');
161
162 wp_enqueue_script('jquery-ui-core');
163 wp_enqueue_script('jquery-ui-autocomplete');
164
165 }
166
167 public function download()
168 {
169 if (isset($_REQUEST['asset']) && isset($_REQUEST['key'])) {
170 $asset = new Asset();
171 $asset->get(wpdm_query_var('asset', 'int'));
172 if (wp_verify_nonce($_REQUEST['key'], $asset->path))
173 $asset->download();
174 else
175 \WPDM\__\Messages::error(apply_filters('wpdm_asset_download_link_expired_message', __("Download link is expired! Go back and Refresh the page to regenerate download link", "download-manager")), 1);
176 die();
177 }
178 if (isset($_REQUEST['wpdmfmdl']) && is_user_logged_in()) {
179 $file = AssetManager::root(Crypt::decrypt(wpdm_query_var('wpdmfmdl')));
180 if (!$file) \WPDM\__\Messages::error("File Not Found!", 1);
181 FileSystem::downloadFile($file, wp_basename($file), 10240, false, [ 'play' => wpdm_query_var('play')]);
182 die();
183 }
184 }
185
186 public static function getDir()
187 {
188 return self::$instance->dir;
189 }
190
191 public static function getUrl()
192 {
193 return self::$instance->url;
194 }
195
196 public function adminMenu()
197 {
198 add_submenu_page('edit.php?post_type=wpdmpro', __("Asset Manager", 'download-manager'), __('Asset Manager', 'download-manager'), 'access_server_browser', 'wpdm-asset-manager', array($this, '_assetManager'));
199 }
200
201 static function mimeType($file)
202 {
203 $contenttype = wp_check_filetype($file);
204 $contenttype = $contenttype['type'];
205 if (!$contenttype) {
206 $file = explode(".", $file);
207 $contenttype = "unknown/" . end($file);
208 }
209 return $contenttype;
210 }
211
212 function mkDir()
213 {
214 global $current_user;
215 if (isset($_REQUEST['__wpdm_mkdir']) && !wp_verify_nonce($_REQUEST['__wpdm_mkdir'], WPDMAM_NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
216 check_ajax_referer(WPDMAM_NONCE_KEY, '__wpdm_mkdir');
217 if (!current_user_can('upload_files') || !current_user_can('access_server_browser')) die('Error! Unauthorized Access.');
218 $root = AssetManager::root();
219 $relpath = Crypt::decrypt(wpdm_query_var('path'));
220 $path = AssetManager::root($relpath);
221 if (!$path) wp_send_json(array('success' => false, 'message' => __("Error! Unauthorized Path.", "download-manager")));
222 $name = wpdm_query_var('name', 'filename');
223 mkdir($path . $name);
224 wp_send_json(array('success' => true, 'path' => $path . $name));
225 }
226
227 function newFile()
228 {
229 global $current_user;
230 if (isset($_REQUEST['__wpdm_newfile']) && !wp_verify_nonce($_REQUEST['__wpdm_newfile'], WPDMAM_NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
231 check_ajax_referer(WPDMAM_NONCE_KEY, '__wpdm_newfile');
232 if (!current_user_can('upload_files') || !current_user_can('access_server_browser')) die('Error! Unauthorized Access.');
233 $root = AssetManager::root();
234 $relpath = Crypt::decrypt(wpdm_query_var('path'));
235 $path = AssetManager::root($relpath);
236 if (!$path) wp_send_json(array('success' => false, 'message' => __("Error! Unauthorized Path.", "download-manager")));
237
238 $name = wpdm_query_var('name', 'filename');
239 //Check file is in allowed types
240 if (WPDM()->fileSystem->isBlocked($name)) wp_send_json(array('success' => false, 'message' => __("Error! FileType is not allowed.", "download-manager")));
241
242 $ret = file_put_contents($path . $name, '');
243 if ($ret !== false)
244 wp_send_json(array('success' => true, 'filepath' => $path . $name));
245 else
246 wp_send_json(array('success' => false, 'filepath' => $path . $name));
247
248 }
249
250 function scanDir()
251 {
252 if (!isset($_REQUEST['__wpdm_scandir']) || !wp_verify_nonce($_REQUEST['__wpdm_scandir'], NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
253 check_ajax_referer(NONCE_KEY, '__wpdm_scandir');
254 //if (!current_user_can(WPDM_ADMIN_CAP)) wp_send_json(array('success' => false, 'message' => __("Error! You are not authorized to execute this action.", "download-manager")));
255 if (!current_user_can('upload_files') || !current_user_can('access_server_browser')) die('Error! Unauthorized Access.');
256 global $current_user;
257 $root = AssetManager::root();
258 $relpath = Crypt::decrypt(wpdm_query_var('path'));
259 $path = AssetManager::root($relpath);
260 if (!$path) wp_send_json(array('success' => false, 'message' => __("Error! Unauthorized Path.", "download-manager")));
261 $keyword = null;
262 if(!wpdm_query_var('keyword', 'txt'))
263 $items = scandir($path, SCANDIR_SORT_ASCENDING);
264 else {
265 $keyword = wpdm_query_var('keyword', 'txt');
266 $items = glob( "{$path}*{$keyword}*");
267 foreach ($items as &$item) {
268 $item = str_replace($path, "", $item);
269 }
270 }
271 if(!is_array($items)) $items = [];
272 $items = array_diff($items, ['.', '..']);
273
274 if ((int)wpdm_query_var('dirs') !== 1) {
275 $page = wpdm_query_var( 'sdpage', 'int' );
276 $page = $page < 1 ? 1 : $page;
277 $items_per_page = $keyword ? 90 : 50;
278 $total_pages = $keyword ? 1 : (int) ceil( count( $items ) / $items_per_page );
279 $start = $keyword ? 0 : ( $page - 1 ) * $items_per_page;
280 $items = array_slice( $items, $start, $items_per_page );
281 }
282
283 $_items = [];
284 $_dirs = [];
285 update_user_meta(get_current_user_id(), 'working_dir', $path);
286 foreach ($items as $item) {
287
288 $item_label = $item;
289 $item_label = esc_attr($item_label);
290 //$item_label = strlen($item_label) > 30 ? substr($item_label, 0, 15) . "..." . substr($item_label, strlen($item_label) - 15) : $item_label;
291 $ext = explode('.', $item);
292 $ext = end($ext);
293 $icon = FileSystem::fileTypeIcon($ext);
294 $type = is_dir($path . $item) ? 'dir' : 'file';
295 $note = is_dir($path . $item) ? (count(scandir($path . $item)) - 2) . ' items' : number_format((filesize($path . $item) / 1024), 2) . ' KB';
296 $rpath = str_replace($root, "", $path . $item);
297 $wp_rel_path = str_replace(UPLOAD_DIR, '', $path . $item);
298 $wp_rel_path = str_replace(ABSPATH, '', $wp_rel_path);
299 $_rpath = Crypt::encrypt($rpath);
300 if ($type === 'dir') {
301 $_dirs[] = array('item_label' => $item_label, 'item' => $item, 'icon' => $icon, 'type' => $type, 'note' => $note, 'path' => $_rpath, 'id' => md5($rpath));
302 } else {
303 $contenttype = function_exists('mime_content_type') ? mime_content_type($path . $item) : self::mimeType($item);
304 $_items[] = array('item_label' => $item_label, 'item' => $item, 'icon' => $icon, 'type' => $type, 'contenttype' => $contenttype, 'note' => $note, 'path_on' => $path . $item, 'wp_rel_path' => $wp_rel_path, 'path' => $_rpath, 'id' => md5($rpath));
305 }
306
307 }
308
309 $allitems = $_dirs;
310 foreach ($_items as $_item) {
311 $allitems[] = $_item;
312 }
313 $parts = explode("/", $relpath);
314 $breadcrumb[] = "<i class='fa fa-hdd color-purple'></i><a href='#' class='media-folder' data-path=''>" . __("Home", "download-manager") . "</a>";
315 $topath = array();
316 foreach ($parts as $part) {
317 $topath[] = $part;
318 $rpath = Crypt::encrypt(implode("/", $topath));
319 $breadcrumb[] = "<a href='#' class='media-folder' data-path='{$rpath}'>" . esc_attr($part) . "</a>";
320 }
321 $breadcrumb = implode("<i class='fa fa-folder-open'></i>", $breadcrumb);
322 if ((int)wpdm_query_var('dirs') === 1)
323 wp_send_json($_dirs);
324 else
325 wp_send_json(array('success' => true, 'total_pages' => $total_pages, 'current_page' => $page, 'items_per_page' => $items_per_page, 'items' => $allitems, 'breadcrumb' => $breadcrumb, 'root' => $root, WPDM_ADMIN_CAP => current_user_can(WPDM_ADMIN_CAP), 'roles' => $current_user->roles));
326 die();
327 }
328
329 function createZip()
330 {
331 if (!isset($_REQUEST['__wpdm_createzip']) || !wp_verify_nonce($_REQUEST['__wpdm_createzip'], WPDMAM_NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
332 check_ajax_referer(WPDMAM_NONCE_KEY, '__wpdm_createzip');
333 //if (!current_user_can(WPDM_ADMIN_CAP)) wp_send_json(array('success' => false, 'message' => __("Error! You are not authorized to execute this action.", "download-manager")));
334 if (!current_user_can(WPDM_ADMIN_CAP)) wp_send_json(array('success' => false, 'message' => __("<b>Unauthorized Action!</b><br/>Execution is cancelled by the system.", "download-manager")));
335 global $current_user;
336 $root = AssetManager::root();
337 $relpath = Crypt::decrypt(wpdm_query_var('dir_path'));
338 $path = AssetManager::root($relpath);
339 if (!$path) wp_send_json(array('success' => false, 'message' => __("Error! Unauthorized Path.", "download-manager")));
340 $zipped = FileSystem::zipDir($path);
341 rename($zipped, untrailingslashit($path) . ".zip");
342 wp_send_json(array('success' => true, 'zipped' => untrailingslashit($path) . ".zip", 'refresh' => true));
343 die();
344 }
345
346 function unZip(){
347 if (!isset($_REQUEST['__wpdm_unzipit']) || !wp_verify_nonce($_REQUEST['__wpdm_unzipit'], WPDMAM_NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
348 check_ajax_referer(WPDMAM_NONCE_KEY, '__wpdm_unzipit');
349 //if (!current_user_can(WPDM_ADMIN_CAP)) wp_send_json(array('success' => false, 'message' => __("Error! You are not authorized to execute this action.", "download-manager")));
350 if (!current_user_can(WPDM_ADMIN_CAP)) wp_send_json(array('success' => false, 'message' => __("<b>Unauthorized Action!</b><br/>Execution is cancelled by the system.", "download-manager")));
351 global $current_user;
352 $root = AssetManager::root();
353 $relpath = Crypt::decrypt(wpdm_query_var('dir_path'));
354 $path = AssetManager::root($relpath);
355 if (!$path || FileSystem::mime_type($path) !== 'application/zip') wp_send_json(array('success' => false, 'message' => __("Error! Unauthorized Path.", "download-manager")));
356 FileSystem::unZip($path);
357 wp_send_json(array('success' => true, 'refresh' => true));
358 die();
359 }
360
361 function deleteItem()
362 {
363
364 __::isAuthentic('__wpdm_unlink', WPDMAM_NONCE_KEY, 'manage_options', true);
365
366 $relpath = Crypt::decrypt(wpdm_query_var('delete'));
367 $path = AssetManager::root($relpath);
368 if (!$path) wp_send_json(array('success' => false, 'message' => __("Error! Unauthorized Path.", "download-manager")));
369 if (is_dir($path))
370 $this->rmDir($path);
371 else
372 unlink($path);
373
374 Asset::delete($path);
375
376 die($path);
377 }
378
379 function openFile()
380 {
381 if (!isset($_REQUEST['__wpdm_openfile']) || !wp_verify_nonce($_REQUEST['__wpdm_openfile'], WPDMAM_NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
382 check_ajax_referer(WPDMAM_NONCE_KEY, '__wpdm_openfile');
383 if (!current_user_can('upload_files')) wp_send_json(array('success' => false, 'message' => __("Error! You are not authorized to execute this action.", "download-manager")));
384 $relpath = Crypt::decrypt(wpdm_query_var('file'));
385 $path = AssetManager::root($relpath);
386 if (!$path) wp_send_json(array('success' => false, 'message' => __("Error! Unauthorized Path.", "download-manager")));
387 if (file_exists($path) && is_file($path)) {
388 $cid = uniqid();
389 Session::set($cid, $path);
390 $type = function_exists('mime_content_type') ? mime_content_type($path) : self::mimeType($path);
391 $ext = explode(".", $path);
392 $ext = end($ext);
393 $ext = strtolower($ext);
394
395 if (strstr("__{$type}", "text/") || in_array($ext, array('txt', 'csv', 'css', 'html', 'log')))
396 wp_send_json(array('content' => file_get_contents($path), 'id' => $cid));
397 else if (strstr("__{$type}", "svg"))
398 wp_send_json(array('content' => '', 'embed' => file_get_contents($path), 'id' => $cid));
399 else {
400 $file = Crypt::decrypt(wpdm_query_var('file'));
401 $file = basename($file);
402 $fetchurl = home_url("/?wpdmfmdl=" . wpdm_query_var('file'));
403 if (strstr("__{$type}", "image/")) {
404 $embed_code = "<img src='$fetchurl' />";
405 wp_send_json(array('content' => '', 'embed' => $embed_code, 'id' => $cid));
406 }
407 if (strstr("__{$type}", "audio/")) {
408 $embed_code = do_shortcode("[audio src='{$fetchurl}&file={$file}']");
409 wp_send_json(array('content' => '', 'embed' => $embed_code, 'id' => $cid));
410 }
411 if (strstr("__{$type}", "video/")) {
412 $embed_code = do_shortcode("[video src='{$fetchurl}&file={$file}']");
413 wp_send_json(array('content' => '', 'embed' => $embed_code, 'id' => $cid));
414 }
415 if ($type === 'application/pdf') {
416 //$embed_code = do_shortcode("[video src='{$fetchurl}&file={$file}']");
417 $embed_code = "<iframe style='width: 100%;height: 100%;' src='{$fetchurl}&file={$file}&play=1'></iframe><style>#filecontent_alt{ padding: 0 !important; overflow: hidden; }</style>";
418 wp_send_json(array('content' => '', 'embed' => $embed_code, 'id' => $cid));
419 }
420 }
421
422
423 } else {
424 wp_send_json(array('content' => 'Failed to open file! '. $path, 'id' => uniqid()));
425 die();
426 }
427
428 }
429
430 function fileSettings()
431 {
432
433 if (!isset($_REQUEST['__wpdm_filesettings']) || !wp_verify_nonce($_REQUEST['__wpdm_filesettings'], WPDMAM_NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
434 check_ajax_referer(WPDMAM_NONCE_KEY, '__wpdm_filesettings');
435 if (!current_user_can(WPDM_ADMIN_CAP)) wp_send_json(array('success' => false, 'message' => __("Error! Unauthorized Access.", "download-manager")));
436 $relpath = Crypt::decrypt(wpdm_query_var('file'));
437 $path = AssetManager::root($relpath);
438 if (!$path) wp_send_json(array('success' => false, 'message' => __("Error! Unauthorized Path.", "download-manager")));
439 if (file_exists($path)) {
440 $asset = new Asset($path);
441 wp_send_json($asset);
442 } else {
443 wp_send_json(array('success' => false, 'message' => __("Error! Unauthorized Path.", "download-manager")));
444 die();
445 }
446
447 }
448
449
450 function addComment()
451 {
452 if (!isset($_REQUEST['__wpdm_addcomment']) || !wp_verify_nonce($_REQUEST['__wpdm_addcomment'], NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
453 check_ajax_referer(NONCE_KEY, '__wpdm_addcomment');
454 if (!is_user_logged_in()) wp_send_json(array('success' => false, 'message' => __("Error! You are not authorized to execute this action.", "download-manager")));
455
456 $asset_id = wpdm_query_var('assetid', 'int');
457 $asset = new Asset();
458 $asset->get($asset_id)->newComment(wpdm_query_var('comment', 'txts'), get_current_user_id())->save();
459 wp_send_json($asset->comments);
460 }
461
462 function addShareLink()
463 {
464 if (!isset($_REQUEST['__wpdm_newsharelink']) || !wp_verify_nonce($_REQUEST['__wpdm_newsharelink'], WPDMAM_NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
465 check_ajax_referer(WPDMAM_NONCE_KEY, '__wpdm_newsharelink');
466 if (!current_user_can('access_server_browser')) wp_send_json(array('success' => false, 'message' => __("Error! You are not authorized to execute this action.", "download-manager")));
467
468 $asset_ID = wpdm_query_var('asset', 'int');
469 $asset = new Asset();
470 $asset->get($asset_ID)->newLink(wpdm_query_var('access'))->save();
471 wp_send_json($asset->links);
472 }
473
474 function getLinkDet()
475 {
476 if (!isset($_REQUEST['__wpdm_getlinkdet']) || !wp_verify_nonce($_REQUEST['__wpdm_getlinkdet'], WPDMAM_NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
477 check_ajax_referer(WPDMAM_NONCE_KEY, '__wpdm_getlinkdet');
478 if (!current_user_can('access_server_browser')) wp_send_json(array('success' => false, 'message' => __("Error! You are not authorized to execute this action.", "download-manager")));
479
480 $link_ID = wpdm_query_var('linkid', 'int');
481 $link = Asset::getLink($link_ID);
482 wp_send_json($link);
483 }
484
485 function updateLink()
486 {
487 if (!isset($_REQUEST['__wpdm_updatelink']) || !wp_verify_nonce($_REQUEST['__wpdm_updatelink'], WPDMAM_NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
488 check_ajax_referer(WPDMAM_NONCE_KEY, '__wpdm_updatelink');
489 if (!current_user_can('access_server_browser')) wp_send_json(array('success' => false, 'message' => __("Error! You are not authorized to execute this action.", "download-manager")));
490
491 $link_ID = wpdm_query_var('ID', 'int');
492 $access = wpdm_query_var('access');
493 if (!isset($access['roles'])) $access['roles'] = array();
494 if (!isset($access['users'])) $access['users'] = array();
495 $link = Asset::updateLink(array('access' => json_encode($access)), $link_ID);
496 wp_send_json(array('success' => $link));
497 }
498
499 function deleteLink()
500 {
501 if (!isset($_REQUEST['__wpdm_deletelink']) || !wp_verify_nonce($_REQUEST['__wpdm_deletelink'], WPDMAM_NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
502 check_ajax_referer(WPDMAM_NONCE_KEY, '__wpdm_deletelink');
503 if (!current_user_can('access_server_browser')) wp_send_json(array('success' => false, 'message' => __("Error! You are not authorized to execute this action.", "download-manager")));
504
505 $link_ID = wpdm_query_var('linkid', 'int');
506 $link = Asset::deleteLink($link_ID);
507 wp_send_json(array('success' => $link));
508
509 }
510
511 function saveFile()
512 {
513 if (!isset($_REQUEST['__wpdm_savefile']) || !wp_verify_nonce($_REQUEST['__wpdm_savefile'], WPDMAM_NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
514 check_ajax_referer(WPDMAM_NONCE_KEY, '__wpdm_savefile');
515 if (!current_user_can(WPDM_ADMIN_CAP)) wp_send_json(array('success' => false, 'message' => __("Error! You are not authorized to execute this action.", "download-manager")));
516
517 $ofilepath = Session::get(wpdm_query_var('opened'));
518 $relpath = Crypt::decrypt(wpdm_query_var('file'));
519 $path = AssetManager::root($relpath);
520 if (!$path) wp_send_json(array('success' => false, 'message' => __("Error! Unauthorized Path.", "download-manager")));
521
522 if (WPDM()->fileSystem->isBlocked($path)) wp_send_json(array('success' => false, 'message' => __("Error! FileType is not allowed.", "download-manager")));
523
524 if (file_exists($path) && is_file($path)) {
525 $content = stripslashes_deep($_POST['content']);
526 file_put_contents($path, $content);
527 wp_send_json(array('success' => true, 'message' => 'Saved Successfully.', 'type' => 'success'));
528 } else {
529 wp_send_json(array('success' => false, 'message' => __("Error! Couldn't open file ( $path ).", "download-manager")));
530 }
531
532 }
533
534 function renameItem()
535 {
536 if (!isset($_REQUEST['__wpdm_rename']) || !wp_verify_nonce($_REQUEST['__wpdm_rename'], WPDMAM_NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
537 check_ajax_referer(WPDMAM_NONCE_KEY, '__wpdm_rename');
538 if (!current_user_can(WPDM_ADMIN_CAP)) wp_send_json(array('success' => false, 'message' => __("Error! You are not authorized to execute this action.", "download-manager")));
539 global $current_user;
540 $asset = new Asset();
541 $asset->get(wpdm_query_var('assetid', 'int'));
542 $root = AssetManager::root();
543 $oldpath = $asset->path;
544 $newpath = dirname($asset->path) . '/' . str_replace(array("/", "\\", "\"", "'"), "_", wpdm_query_var('newname'));
545
546 if (WPDM()->fileSystem->isBlocked(wpdm_query_var('newname'))) wp_send_json(array('success' => false, 'message' => __("Error! FileType is not allowed.", "download-manager")));
547
548 if (!strstr($newpath, $root)) die('Error!' . $newpath . " -- " . $root);
549 rename($oldpath, $newpath);
550 $asset->updatePath($newpath);
551 wp_send_json($asset);
552 }
553
554 function moveItem()
555 {
556 if (!isset($_REQUEST['__wpdm_cutpaste']) || !wp_verify_nonce($_REQUEST['__wpdm_cutpaste'], WPDMAM_NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
557 check_ajax_referer(WPDMAM_NONCE_KEY, '__wpdm_cutpaste');
558 if (!current_user_can(WPDM_ADMIN_CAP)) wp_send_json(array('success' => false, 'message' => __("Error! You are not authorized to execute this action.", "download-manager")));
559
560 $opath = explode("|||", wpdm_query_var('source'));
561 $olddir = Crypt::decrypt($opath[0]);
562 $file = end($opath);
563
564 //Check file is in allowed types
565 if (WPDM()->fileSystem->isBlocked($file)) wp_send_json(array('success' => false, 'message' => __("Error! FileType is not allowed.", "download-manager")));
566
567
568 $oldpath = AssetManager::root($olddir . '/' . $file);
569 $newpath = AssetManager::root(Crypt::decrypt(wpdm_query_var('dest'))) . $file;
570 if (!$oldpath) wp_send_json(array('success' => false, 'message' => __("Invalid source path", "download-manager")));
571 if (!$newpath) wp_send_json(array('success' => false, 'message' => __("Invalid destination path", "download-manager")));
572 rename($oldpath, $newpath);
573
574 $asset = new Asset();
575 $asset = $asset->get($oldpath);
576 if ($asset)
577 $asset->updatePath($newpath);
578
579 wp_send_json(array('success' => true, 'message' => __("File moved successfully", "download-manager")));
580 }
581
582 function copyItem()
583 {
584 if (!isset($_REQUEST['__wpdm_copypaste']) || !wp_verify_nonce($_REQUEST['__wpdm_copypaste'], WPDMAM_NONCE_KEY)) wp_send_json(array('success' => false, 'message' => __("Error! Session Expired. Try refreshing page.", "download-manager")));
585 check_ajax_referer(WPDMAM_NONCE_KEY, '__wpdm_copypaste');
586 if (!current_user_can(WPDM_ADMIN_CAP)) wp_send_json(array('success' => false, 'message' => __("Error! You are not authorized to execute this action.", "download-manager")));
587 global $current_user;
588 $root = AssetManager::root();
589 $opath = explode("|||", wpdm_query_var('source'));
590 $olddir = Crypt::decrypt($opath[0]);
591 $file = end($opath);
592 $oldpath = AssetManager::root($olddir . '/' . $file);
593 $newpath = AssetManager::root(Crypt::decrypt(wpdm_query_var('dest'))) . $file;
594 if (!strstr($oldpath, $root)) wp_send_json(array('success' => false, 'message' => __("Invalid source path", "download-manager")));
595 if (!strstr($newpath, $root)) wp_send_json(array('success' => false, 'message' => __("Invalid destination path", "download-manager")));
596
597 //Check file is in allowed types
598 if (WPDM()->fileSystem->isBlocked($newpath)) wp_send_json(array('success' => false, 'message' => __("Error! FileType is not allowed.", "download-manager")));
599
600 copy($oldpath, $newpath);
601
602 wp_send_json(array('success' => true, 'message' => __("File copied successfully", "download-manager")));
603 }
604
605 function rmDir($dir)
606 {
607 $files = array_diff(scandir($dir), array('.', '..'));
608 foreach ($files as $file) {
609 (is_dir("$dir/$file")) ? $this->rmDir("$dir/$file") : unlink("$dir/$file");
610 }
611 return rmdir($dir);
612 }
613
614 function copyDir($src, $dst)
615 {
616 $src = realpath($src);
617 $dir = opendir($src);
618
619 $dst = realpath($dst) . '/' . basename($src);
620 @mkdir($dst);
621
622 while (false !== ($file = readdir($dir))) {
623 if (($file != '.') && ($file != '..')) {
624 if (is_dir($src . '/' . $file)) {
625 $this->copyDir($src . '/' . $file, $dst . '/' . $file);
626 } else {
627 copy($src . '/' . $file, $dst . '/' . $file);
628 }
629 }
630 }
631 closedir($dir);
632 }
633
634 function frontendFileManagerTab($tabs)
635 {
636 $tabs['asset-manager'] = array('label' => 'Asset Manager', 'callback' => array($this, '_assetManager'), 'icon' => 'fa fa-copy');
637 return $tabs;
638 }
639
640 function _assetManager()
641 {
642
643 include Template::locate("asset-manager-ui.php", __DIR__.'/views');
644
645 }
646
647 /**
648 * Shortcode processor for [wpdm_asset ...$params]
649 * @param $params
650 * @return bool|mixed|string
651 */
652 function wpdmAsset($params)
653 {
654 if (!isset($params['id'])) return \WPDM\__\Messages::error(__("Asset not found!", "download-manager"), -1);
655 $path_or_id = (int)$params['id'];
656 $asset = new Asset();
657 $asset->get($path_or_id);
658 ob_start();
659 include Template::locate("embed-asset.php", __DIR__.'/views');
660 $content = ob_get_clean();
661 return $content;
662 }
663
664 function upload($file)
665 {
666 if (isset($_REQUEST['__wpdmfm_upload']) && wp_verify_nonce($_REQUEST['__wpdmfm_upload'], NONCE_KEY)) {
667 $working_dir = get_user_meta(get_current_user_id(), 'working_dir', true);
668 $root = AssetManager::root();
669 if (!strstr($working_dir, $root)) wp_send_json(array('success' => false));
670 if ($working_dir != '') {
671 $dest = $working_dir . basename($file);
672 rename($file, $dest);
673 wp_send_json(array('success' => true, 'src' => $file, 'file' => $dest));
674 } else
675 wp_send_json(array('success' => false));
676 }
677 }
678
679 /**
680 * Extract zip
681 */
682 function extract()
683 {
684 $relpath = Crypt::decrypt(wpdm_query_var('zipfile'));
685 $zipfile = AssetManager::root($relpath);
686 $reldest = Crypt::decrypt(wpdm_query_var('zipdest'));
687 if ($reldest == '') $reldest = dirname($zipfile);
688 $zipdest = AssetManager::root($reldest);
689 if (!current_user_can(WPDM_ADMIN_CAP)) wp_send_json(array('success' => false, 'message' => __("Error! Only Administrator can execute this operation.", "download-manager")));
690 if (!$zipfile || !stristr($zipfile, '.zip')) wp_send_json(array('success' => false, 'message' => __("Error! Unauthorized Path.", "download-manager")));
691 if (!$zipdest) wp_send_json(array('success' => false, 'message' => __("Error! Invalid Destination Path.", "download-manager")));
692 if (!class_exists('\ZipArchive')) wp_send_json(array('success' => false, 'message' => __('Please activate "zlib" in your server to perform zip operations', 'download-manager')));
693 $zip = new \ZipArchive();
694 if ($zip->open($zipfile) === TRUE) {
695 $zip->extractTo($zipdest);
696 $zip->close();
697 wp_send_json(array('success' => true, 'message' => __("Unzipped successfully.", "download-manager")));
698 } else {
699 wp_send_json(array('success' => false, 'message' => __("Error! Couldn't open the zip file.", "download-manager")));
700 }
701 }
702
703 static function fsPath($path)
704 {
705 $path = str_replace("\\", "/", $path);
706 $path = is_dir($path) ? trailingslashit($path) : $path;
707 return $path;
708 }
709
710 }
711
712
713
714