HEX
Server: LiteSpeed
System: Linux s917.lon1.mysecurecloudhost.com 4.18.0-477.21.1.lve.1.el8.x86_64 #1 SMP Tue Sep 5 23:08:35 UTC 2023 x86_64
User: assibfaf (3034)
PHP: 7.4.33
Disabled: NONE
Upload Files
File: /home/assibfaf/public_html/prox-controllers/Api/Files.php
<?php
/**
 * @package    Proxim
 * @author     Davison Pro <davisonpro.coder@gmail.com | https://davisonpro.dev>
 * @copyright  2019 Proxim
 * @version    1.0.0
 * @since      File available since Release 1.0.0
 */

namespace Proxim\Api;

use Db;
use Proxim\Database\DbQuery;
use Proxim\User\Customer;
use Proxim\Order\Order;
use Proxim\Order\File;
use Proxim\Mail;
use Proxim\Application;
use Proxim\Configuration;
use Proxim\Tools;
use Proxim\Validate;
use Proxim\Route;
use Proxim\Util\ArrayUtils;
use Proxim\Util\DateUtils;
use Proxim\Crypto\Hashing;
use Proxim\Preference\UploadType;
use Proxim\Uploader;
use Proxim\Util\StringUtils;

class Files extends Route {
	
	public function getOrderFiles( $orderId ) {
		$app = $this->app;
		$payload = $app->request->post();

		$order = new Order( (int) $orderId );
		if (!Validate::isLoadedObject($order)) {
			return $app->response([
				"success" => false,
			]);	
		}

		$return_files = array();

		$files = $order->getFiles();
		foreach( $files as $file ) {
            if ($file->uploader_id == $order->customer_id) {
                $return_files[] = $file->present();
            } else {
                if(
                    $order->status_id == Order::DELIVERED ||
                    $order->status_id == Order::FINISHED 
                ) {
                    $return_files[] = $file->present();
                }
                
            }
       	}

		return $app->response([
			"success" => true,
			"files" => $return_files,
			"showAntiPlag" => true
		]);	
    }

    public function getUploadedFiles() {
		$app = $this->app;
		$payload = $app->request->post();

		$filesToCheck = ArrayUtils::get($payload, 'filesToCheck');

		if (!$filesToCheck || !is_array($filesToCheck)) {
			return $app->response([
				"success" => true,
				"files" => []
			]);
		}

		$files = array();
		foreach ($filesToCheck as $fileId) {
			$file = new File( (int) $fileId);
			if (Validate::isLoadedObject($file)) {
				$files[$file->id] = [
					"id" => (int) $file->id,
					"name" => $file->source,
					"size" => (int) $file->size,
					"description" => "",
					"fileType" => "order_pending",
					"uploadTypeId" => null,
					"createdAt" => (float) str_pad(strtotime($file->date_add),13,'0',STR_PAD_RIGHT)
				];
			}
		}

		return $app->response([
			"success" => true,
			"message" => null,
			"files" => $files
		]);
    }

    public function uploadFile() {
		$app = $this->app;
		$payload = $app->request->post();
		$user = $app->container->user;

		$file_number = ArrayUtils::get($payload, 'file_number');
		if ($file_number) {
			$file_number = $file_number[0];
		}

		if(!$file_number) {
			return $app->response([
				"success" => false,
			]);	
		}

		$uploader = new Uploader();
		$uploader->setName('files');
		$uploadedFile = $uploader->process()[0];

		if (!$uploadedFile) {
			return $app->response([
				"success" => false,
			]);	
		}

		$file = new File();
		$file->uploader_id = $user->id;
		$file->file_type_id = null;
		$file->file_description = null;
		$file->name = $uploadedFile['name'];
		$file->source = $uploadedFile['source_name'];
		$file->size = (int) $uploadedFile['size'];
		$file->extension = $uploadedFile['extension'];

		$ok = $file->add(true);

		if (!$ok) {
			return $app->response([
				"success" => false,
			]);	
		}

		$newName = $file->name;
		if($file->extension && !StringUtils::endsWith($newName, $file->extension)) {
			$newName .= "." . $file->extension;
		}

		$returnFile = array(
			"id" => $file->id, 
			"name" => $file->source, 
			"newName" => $newName, 
			"size" =>  $file->size, 
			"url" => "not", 
			"thumbnailUrl" => null, 
			"uploadTypeId" => null,
			"customDesc" => "",
			"description" => "",
			"deleteType" => "DELETE", 
			"deleteUrl" => null, 
		);

		return $app->response([
			"success" => true,
			"files" => array($returnFile)
		]);
    }

    public function uploadOrderFiles( $orderId ) {
		$app = $this->app;
		$payload = $app->request->post();
		$user = $app->container->user;

		$order = new Order( (int) $orderId );

		if (!Validate::isLoadedObject($order)) {
			return $app->response([
				"success" => false,
			]);	
		}

		$file_number = ArrayUtils::get($payload, 'file_number');
		$file_number = $file_number[0];

		$descriptions = ArrayUtils::get($payload, 'descriptions');
		$description = $descriptions[0];

		$upload_type_ids = ArrayUtils::get($payload, 'upload_type_ids');
		$upload_type_id = $upload_type_ids[0];

		$uploader = new Uploader();
		$uploader->setName('files');
		$uploader->setPrefix($order->id);
		$uploadedFile = $uploader->process()[0];

		if (!$uploadedFile) {
			return $app->response([
				"success" => false,
				"errors" => [
					"This file could not be uploaded. Please contact support."
				]
			]);	
		}

		if ( ArrayUtils::has($payload, 'custom_descs') ) {
			$custom_desc = ArrayUtils::get($payload, 'custom_descs')[0];
			$description = $custom_desc;
		} else {
			$uploadType = new UploadType( (int) $description );
			$description = ArrayUtils::get($uploadType, 'description');
		}

		$file = new File();
		$file->uploader_id = $user->id;
		$file->order_id = $order->id;
		$file->file_type_id = $upload_type_id;
		$file->file_description = $description;
		$file->name = $uploadedFile['name'];
		$file->source = $uploadedFile['source_name'];
		$file->size = $uploadedFile['size'];
		$file->extension = $uploadedFile['extension'];
		$ok = $file->add(true);

		if (!$ok) {
			return $app->response([
				"success" => false,
			]);	
		}

		$returnFile = array(
			"id" => $file->id, 
			"name" => $file->source, 
			"size" =>  $file->size, 
			"url" => $file->getDownloadLink(), 
			"thumbnailUrl" => null, 
			"deleteUrl" => null, 
			"deleteType" => "DELETE", 
			"newName" => $file->name, 
			"description" => $file->file_description
		);

		return $app->response([
			"success" => true,
			"files" => array($returnFile)
		]);	
    }

    public function updateFileDescription() {
		$app = $this->app;
		$payload = $app->request->post();

		$upload_type_ids = ArrayUtils::get($payload, 'upload_type_ids');

		if (!$upload_type_ids || !is_array($upload_type_ids)) {
			return $app->response([
				"success" => true
			]);
		}

		$upload_type_other_descriptions = ArrayUtils::get($payload, 'upload_type_other_descriptions');

		foreach ($upload_type_ids as $fileId => $fileType) {
			$file = new File( (int) $fileId );
			if (Validate::isLoadedObject($file)) {
				if (is_array($upload_type_other_descriptions)) {
					$description = ArrayUtils::get($upload_type_other_descriptions, $file->id);
					$file->file_description = $description;
				}
				$file->file_type_id = $fileType;
				$file->update();
			}
		}

		return $app->response([
			"success" => true
		]);
    }

    public function downloadFile( $fileId ) {
		$app = $this->app;
		$payload = $app->request->post();
		$user = $app->container->user;

		$file = new File( (int) $fileId ); 
		if (!Validate::isLoadedObject($file)) {
			$app->setTemplate('404');
        	$app->display();
		}

		$order = new Order( (int) $file->order_id );
		if (!Validate::isLoadedObject($order)) {
			$app->setTemplate('404');
        	$app->display();
		}

		if ( $user->id == $order->customer_id ) {
			// update file download
			$file->downloaded = 1;
			$file->downloaded_at = DateUtils::now();
			$file->update();
		}

		$this->file_download( $file );
    }

    public function file_download( $file ) {
		$app = $this->app;
		$file_path = PROX_DIR_UPLOADS . $file->source;

		$downloadFile = @fopen($file_path,"rb");
		if (!$downloadFile) {
			$app->setTemplate('404');
        	$app->display();
		}

		$downloadFileName = $file->name;
		if($file->extension && !StringUtils::endsWith($downloadFileName, $file->extension)) {
			$downloadFileName .= "." . $file->extension;
		}

    	$downloadFileSize = filesize($file_path);

		$mime_types = array(
	        "htm" => "text/html",
	        "exe" => "application/octet-stream",
	        "zip" => "application/zip",
	        "doc" => "application/msword",
	        "docx" => "application/msword",
	        "jpg" => "image/jpg",
	        "php" => "text/plain",
	        "xls" => "application/vnd.ms-excel",
	        "ppt" => "application/vnd.ms-powerpoint",
	        "gif" => "image/gif",
	        "pdf" => "application/pdf",
	        "txt" => "text/plain",
	        "html"=> "text/html",
	        "png" => "image/png",
	        "jpeg"=> "image/jpg",
			"js" => "application/x-javascript"
	    );

		if( array_key_exists($file->extension, $mime_types) ) {
            $mime_type = $mime_types[$file->extension];
        } else {
            $mime_type = "application/force-download";
        }

        @ob_end_clean();
        if( ini_get('zlib.output_compression') ) {
        	ini_set('zlib.output_compression', 'Off');
        }

        header('Pragma: public');
        header("Expires: 0");
        header('Connection: Keep-Alive');
        header("Cache-Control: public, must-revalidate, post-check=0, pre-check=0");
	    header('Content-Type: ' . $mime_type);
	    header('Content-Disposition: attachment; filename="'.$downloadFileName.'"');
	    header("Content-Transfer-Encoding: binary");
	    header('Accept-Ranges: bytes');

	    if( isset($_SERVER['HTTP_RANGE']) ) {
	        list($a, $range) = explode("=",$_SERVER['HTTP_RANGE'],2);
	        list($range) = explode(",",$range,2);
	        list($range, $range_end) = explode("-", $range);
	        $range=intval($range);
	        if(!$range_end) {
	            $range_end=$size-1;
	        } else {
	            $range_end=intval($range_end);
	        }

	        $new_length = $range_end-$range+1;
	        header("HTTP/1.1 206 Partial Content");
	        header("Content-Length: $new_length");
	        header("Content-Range: bytes $range-$range_end/$downloadFileSize");
	    } else {
	        $new_length = $downloadFileSize;
	        header("Content-Length: " . $downloadFileSize);
	    }

	    $chunksize = 1*(1024*1024);
	    $bytes_sent = 0;

        if(isset($_SERVER['HTTP_RANGE'])) {
	        fseek($downloadFile, $range);
	    }

        while(
        	!feof($downloadFile) && 
        	(!connection_aborted()) && 
        	($bytes_sent < $new_length) 
        ) {
            $buffer = fread($downloadFile, $chunksize);
            echo($buffer);
            flush();
            $bytes_sent += strlen($buffer);
        }

	    @fclose($downloadFile);
	    exit;
    }

    public function deleteFile( $fileId ) {
		$app = $this->app;
		$payload = $app->request->post();
		$user = $app->container->user;

		$file = new File( (int) $fileId ); 
		if (!Validate::isLoadedObject($file)) {
			return $app->response([
				"success" => false
			]);	
		}

		$order = new Order( $file->order_id );
		if ( !Validate::isLoadedObject($order) || $order->customer_id != $user->id ) {
			return $app->response([
				"success" => false
			]);	
		}

		$mailParams = array(
			'file' => $file->present(),
			'order_url' => Configuration::get('SITE_DOMAIN', PROX_ADMIN_SITE_ID) . '/order/' . $order->id
		);
 
		Mail::Send(
			'file_delete',
			'File delete request for #' . $order->id . ' at '. Configuration::get('SITE_NAME'),
			$mailParams,
			array(
				Configuration::get('SITE_EMAIL'),
				$user->email
			)
		);

		$orderPayed = $order->is_paid || $order->status_id = Order::FREE_INQUIRY ? true : false;

		return $app->response([
			"orderPayed" => (bool) $orderPayed
		]);	
    }

}