| Files Gallery 是一个单文件的 PHP 程序,只需要把这个文件放到任意文件夹中,通过浏览器访问,该文件夹就变成了网页版本的文件库,可以预览图片、视频、音频,以及文本文件。 |
只有一个 .php 文件很有意思。Files Gallery也就是说,你只需要有一个可以运行 PHP 的环境,直接把 Files Gallery 的单文件 index.php 放进去,再用浏览器访问,就好了。非常的简单,可以说无需安装(运行 php 环境不算),就能用。我是这样用的:临时运行 php -S 0.0.0.0:8888,就打开了一个 8888 端口的 php 服务器,然后再浏览器打开 http://127.0.0.1:8888/index.php 就是这样了:
可以预览视频、音乐、全景图片,高亮显示代码,还支持幻灯片播放,修改配置文件后还能正则表达式过滤文件、添加用户名密码、上传文件等等。这个 .php 文件只有 130KB,真的是轻量级到爆啊。我觉得唯一的问题,就是 PHP 环境这件事了吧
代码:
<?php
/* Files Gallery 0.9.12
www.files.gallery | www.files.gallery/docs/ | www.files.gallery/docs/license/
---
This PHP file is only 10% of the application, used only to connect with the file system. 90% of the codebase, including app logic, interface, design and layout is managed by the app Javascript and CSS files.
---
class Config / load config with static methods to access config options
class Login / check and manage logins
class U / static utility functions
class Path / static functions to convert and validate file paths
class Json / JSON response functions
class X3 / helper functions when running Files Gallery alongside X3 www.photo.gallery
class Tests / outputs PHP, server and config diagnostics by url ?action=tests
class FileResponse / outputs file, video preview image, resized image and proxies any file by PHP
class ResizeImage / serves a resized image
class Dirs / outputs menu json from dir structure
class Dir / loads data array for a single dir
class File / returns data array for a single file
class Iptc / extract IPTC image data from images
class Exif / extract Exif image data from images
class Filemanager / functions that handle file operations on server
class Zipper / create and extract zip files
class Request / extract parameters for all actions
class Document / creates the main Files Gallery document response
*/
// class Config / constructor and static methods to access config options
class Config {
// config defaults / https://www.files.gallery/docs/config/
// Only edit directly here if it is a temporary installation. Settings here will be lost when updating!
// Instead, add options into external config file in your storage_path _files/config/config.php (generated on first run)
private static $default = [
'root' => '',
'start_path' => false,
'username' => '',
'password' => '',
'load_images' => true,
'load_files_proxy_php' => false,
'load_images_max_filesize' => 1000000,
'image_resize_enabled' => true,
'image_resize_cache' => true,
'image_resize_dimensions' => 320,
'image_resize_dimensions_retina' => 480,
'image_resize_dimensions_allowed' => '',
'image_resize_types' => 'jpeg, png, gif, webp, bmp, avif',
'image_resize_quality' => 85,
'image_resize_function' => 'imagecopyresampled',
'image_resize_sharpen' => true,
'image_resize_memory_limit' => 256,
'image_resize_max_pixels' => 60000000,
'image_resize_min_ratio' => 1.5,
'image_resize_cache_direct' => false,
'folder_preview_image' => true,
'folder_preview_default' => '_filespreview.jpg',
'menu_enabled' => true,
'menu_show' => true,
'menu_max_depth' => 5,
'menu_sort' => 'name_asc',
'menu_cache_validate' => true,
'menu_load_all' => false,
'menu_recursive_symlinks' => true,
'layout' => 'rows',
'sort' => 'name_asc',
'sort_dirs_first' => true,
'sort_function' => 'locale',
'cache' => true,
'cache_key' => 0,
'storage_path' => '_files',
'files_exclude' => '',
'dirs_exclude' => '',
'allow_symlinks' => true,
'title' => '%name% [%count%]',
'history' => true,
'transitions' => true,
'click' => 'popup',
'click_window' => '',
'click_window_popup' => true,
'code_max_load' => 100000,
'topbar_sticky' => 'scroll',
'get_mime_type' => false,
'context_menu' => true,
'prevent_right_click' => false,
'license_key' => '',
'filter_live' => true,
'filter_props' => 'name, filetype, mime, features, title',
'download_dir' => 'browser',
'download_dir_cache' => 'dir',
'assets' => '',
'allow_upload' => false,
'allow_delete' => false,
'allow_rename' => false,
'allow_new_folder' => false,
'allow_new_file' => false,
'allow_duplicate' => false,
'allow_text_edit' => false,
'allow_zip' => false,
'allow_unzip' => false,
'allow_move' => false,
'allow_copy' => false,
'allow_download' => true,
'allow_mass_download' => false,
'allow_mass_copy_links' => false,
'allow_check_updates' => false,
'allow_tests' => true,
'allow_tasks' => false,
'demo_mode' => false,
'upload_allowed_file_types' => '',
'upload_max_filesize' => 0,
'upload_exists' => 'increment',
'popup_video' => true,
'video_thumbs' => true,
'video_ffmpeg_path' => 'ffmpeg',
'lang_default' => 'en',
'lang_auto' => true
];
// global application variables created on new Config()
public static $version = '0.9.12'; // Files Gallery version
public static $config = []; // config array merged from _filesconfig.php, config.php and default config
public static $localconfigpath = '_filesconfig.php'; // optional config file in current dir, useful when overriding shared configs
public static $localconfig = []; // config array from localconfigpath
public static $storagepath; // absolute storage path for cache, config, plugins and more, normally _files dir
public static $storageconfigpath; // absolute path to storage config, normally _files/config/config.php
public static $storageconfig = []; // config array from storage path, normally _files/config/config.php
public static $cachepath; // absolute cache path shortcut
public static $__dir__; // absolute __DIR__ path with normalized OS path
public static $__file__; // absolute __FILE__ path with normalized OS path
public static $root; // absolute root path interpolated from config root option, normally current dir
public static $document_root; // absolute server document root with normalized OS path
public static $has_login; // detect if there application has login
public static $created = []; // checks what dirs and files get created by config on ?action=tests
// config construct created static app vars and merge configs
public function __construct() {
// get absolute __DIR__ and __FILE__ paths with normalized OS paths
self::$__dir__ = Path::realpath(__DIR__);
self::$__file__ = Path::realpath(__FILE__);
// load local config _filesconfig.php if exists
self::$localconfig = $this->load(self::$localconfigpath);
// create initial config array from default and localconfig
self::$config = array_replace(self::$default, self::$localconfig);
// set absolute storagepath, create storage dirs if required, and load, create or update storage config.php
$this->storage();
// assign public real root path
self::$root = Path::realpath(self::get('root'));
// error if root path does not exist
if(!self::$root) U::error('root dir <b>' . self::get('root') . '</b> does not exist');
// storagepath can't be the same as root dir, because storage_path is excluded
if(self::$storagepath === self::$root) U::error('storage_path can\'t be the same as root');
// get server document root with normalized OS path
self::$document_root = Path::realpath($_SERVER['DOCUMENT_ROOT']);
// assign public $has_login if username or password or X3 login (plugin)
self::$has_login = self::get('username') || self::get('password') || X3::login();
}
// public shortcut function to get config option Config::get('option')
public static function get($option){
return self::$config[$option];
}
// load a config file and trim values / returns empty array if file doesn't exist
private function load($path) {
if(empty($path) || !file_exists($path)) return [];
$config = include $path;
if(empty($config) || !is_array($config)) return [];
return array_map(function($v){
return is_string($v) ? trim($v) : $v;
}, $config);
}
// set storagepath from config, create dir if necessary
private function storage(){
// ignore storagepath and disable cache settings if storage_path is specifically set to FALSE
if(self::get('storage_path') === false) {
foreach (['cache', 'image_resize_cache', 'folder_preview_image'] as $key) self::$config[$key] = false;
return;
}
// shortcut to config storage_path
$path = rtrim(self::get('storage_path'), '\/');
// invalid config storage_path can't be empty or non-string
if(!$path || !is_string($path)) U::error('Invalid storage_path parameter');
// get request ?action if any, to determine if we attempt to make dirs and files on config construct
$action = U::get('action');
// if ?action=tests, check what dirs and files will get created, for tests output
if($action === 'tests') {
foreach (['', '/config', '/config/config.php', '/cache/images', '/cache/folders', '/cache/menu'] as $key) {
if(!file_exists($path . $key)) self::$created[] = $path . $key;
}
}
// only make dirs and config if main document (no ?action, except action tests)
$make = !$action || $action === 'tests';
// make storage path dir if it doesn't exist or return error
if($make) U::mkdir($path);
// store absolute storagepath
self::$storagepath = Path::realpath($path);
// error in case storagepath still doesn't seem to exist from realpath()
if(!self::$storagepath) U::error('storage_path does not exist and can\'t be created');
// absolute cache path shortcut
self::$cachepath = self::$storagepath . '/cache';
// assign storage config path (normally */_files/config/config.php), from where we load config and save options
self::$storageconfigpath = self::$storagepath . '/config/config.php';
// load storage config (normally _files/config/config.php) or return empty array
self::$storageconfig = $this->load(self::$storageconfigpath);
// if storage config is not empty, update config by merging default, storageconfig and localconfig
if(!empty(self::$storageconfig)) self::$config = array_replace(self::$default, self::$storageconfig, self::$localconfig);
// only make storage dirs and config.php if main document or ?action=tests
if(!$make) return;
// create required storage dirs if they don't exist / error on fail
foreach (['config', 'cache/images', 'cache/folders', 'cache/menu'] as $dir) U::mkdir(self::$storagepath . '/' . $dir);
// create or update config file if older than index.php
if(!file_exists(self::$storageconfigpath) || filemtime(self::$storageconfigpath) < filemtime(__FILE__)) self::save();
}
// save to config.php in storagepath (normally _files/config/config.php) or create new config.php if file doesn't exist
public static function save($options = []){
// merge array of parameters with current storageconfig, and intersect with default, to remove invalida/outdated options
$save = array_intersect_key(array_replace(self::$storageconfig, $options), self::$default);
// create exported array string with save values merged into default values, all commented out
$export = preg_replace("/ '/", " //'", var_export(array_replace(self::$default, $save), true));
// loop save options and un-comment options where values differ from default options (for convenience, only store differences)
foreach ($save as $key => $value) if($value !== self::$default[$key]) $export = str_replace("//'" . $key, "'" . $key, $export);
// write formatted config array to config (normally _files/config/config.php)
return @file_put_contents(self::$storageconfigpath, '<?php ' . PHP_EOL . PHP_EOL . '// CONFIG / https://www.files.gallery/docs/config/' . PHP_EOL . '// Uncomment the parameters you want to edit.' . PHP_EOL . 'return ' . $export . ';');
}
}
// class Login / check and manage logins
class Login {
// vars
private $username; // config username
private $password; // config password
private $is_logout; // is_logout gets assigned when user logs out
private $client_hash; // hash unique to client and install location, must match on login from form
private $login_hash; // unique hash for $_SESSION['login']
private $sidmd5; // encrypted session ID to compare on login
// start new login check
public function __construct() {
// assign $username and $password shortcuts from config
$this->username = Config::get('username');
$this->password = Config::get('password');
// make sure username or password is not empty
foreach (['username', 'password'] as $key) if(!$this->{$key}) U::error("$key can't be empty");
// PHP session_start() or error
if(session_status() === PHP_SESSION_NONE && !session_start()) U::error('Failed to initiate PHP session_start()', 500);
// create a unique client hash specific to install location, must match on login from login form
$this->client_hash = md5($this->ip() . $this->server('HTTP_USER_AGENT') . __FILE__ . $this->server('HTTP_HOST'));
// create a unique login hash used for $_SESSION['login']
$this->login_hash = md5($this->username . $this->password . $this->client_hash);
// return to app if user is already logged in
if($this->is_logged_in()) return;
// exit with error on ?action requests (is not login attempt, and don't show login form)
if($this->unauthorized()) return;
// get md5() hashed version of session ID, to compare from login form on login
$this->sidmd5 = md5(session_id());
// verify login (may or may not be login attempt) or show form
if(!$this->verify_login()) return $this->form();
// on successful login, store $_SESSION['login'] as login_hash
return $_SESSION['login'] = $this->login_hash;
}
// get client IP for unique client_hash
private function ip(){
foreach(['HTTP_CLIENT_IP','HTTP_X_FORWARDED_FOR','HTTP_X_FORWARDED','HTTP_FORWARDED_FOR','HTTP_FORWARDED','REMOTE_ADDR'] as $key){
$ip = explode(',', $this->server($key))[0];
if($ip && filter_var($ip, FILTER_VALIDATE_IP)) return $ip;
}
return ''; // return empty string if nothing found
}
// get $_SERVER parameters or empty string
private function server($str){
return isset($_SERVER[$str]) ? $_SERVER[$str] : '';
}
// check if user session is already logged in
private function is_logged_in(){
// false if session does not match
if(!isset($_SESSION['login']) || $_SESSION['login'] != $this->login_hash) return;
// logged in, if action is not logout
if(!U::get('logout')) return true;
// logout action, return false
$this->is_logout = true;
unset($_SESSION['login']);
return;
}
// exit with error on ?action request (is not login attempt, and don't show login form)
private function unauthorized(){
// return to verify login if !action or action is tests
if(!U::get('action') || U::get('action') === 'tests') return;
// return json error if request is POST
if($_SERVER['REQUEST_METHOD'] === 'POST') return Json::error('login');
// login error with login link
U::error('Please <a href="' . strtok($_SERVER['REQUEST_URI'], '?') . '">login</a> to continue', 401);
}
// verify a login attempt
private function verify_login(){
// false if client_hash from form does not match
if(U::post('client_hash') != $this->client_hash) return;
// false if sidmd5 from form does not match
if(U::post('sidmd5') != $this->sidmd5) return;
// false if username from form does not match
if($this->lower(trim(U::post('fusername'))) != $this->lower($this->username)) return;
// trim form password
$fpassword = trim(U::post('fpassword'));
// use password_verify() to verify, if password is encrypted with password_hash() (most secure)
if(function_exists('password_needs_rehash') && !password_needs_rehash($this->password, PASSWORD_DEFAULT)) return password_verify($fpassword, $this->password);
// verify vs non-encrypted password or if password was stored with md5
return $fpassword === $this->password || md5($fpassword) === $this->password;
}
// lowercase username for case-insensitive username validation uses mb_strtolower() if function exists
private function lower($str){
return function_exists('mb_strtolower') ? mb_strtolower($str) : strtolower($str);
}
// login page / output form html and exit
private function form($login = false) {
// get login form page header
U::html_header('Login', 'page-login');
// login page html / block basic bots by injecting form via javascript
?><body class="page-login-body">
<article class="login-container"></article>
</body>
<script>
document.querySelector('.login-container').innerHTML = '\
<h1>Login</h1>\
<?php echo $this->form_alert(); ?>
<form class="login-form">\
<input type="text" class="input" name="fusername" placeholder="Username" required autofocus spellcheck="false" autocorrect="off" autocapitalize="off" autocomplete="off">\
<input type="password" class="input" name="fpassword" placeholder="Password" required spellcheck="false" autocomplete="off">\
<input type="hidden" name="client_hash" value="<?php echo $this->client_hash; ?>">\
<input type="hidden" name="sidmd5" value="<?php echo $this->sidmd5; ?>">\
<button type="submit" class="button">Login</button>\
</form>';
document.querySelector('.login-form').addEventListener('submit', (e) => {
document.body.classList.add('form-loading');
e.currentTarget.action = '<?php echo U::get('logout') ? strtok($_SERVER['REQUEST_URI'], '?') : $_SERVER['REQUEST_URI']; ?>';
e.currentTarget.method = 'post';
}, false);
</script>
</html><?php exit; // end form and exit
}
// outputs an alert in login form on logout, incorrect login or session ID mismatch
private function form_alert(){
// logout alert if was logout operation
if($this->is_logout) return '<div class="alert alert-warning" role="alert">You are now logged out</div>';
// no alert if is not a login attempt
if(!U::post('sidmd5')) return '';
// sidmd5 does not match
if(U::post('sidmd5') !== $this->sidmd5) return '<div class="alert alert-danger" role="alert">PHP session ID mismatch</div>';
// incorrect login alert
return '<div class="alert alert-danger" role="alert">Incorrect login</div>';
}
}
// class U / static utility functions (short U because I want compact function access)
class U {
// get file basename / basically just a wrapper in case it needs to be refined on some servers
public static function basename($path){
return basename($path); // because setlocale(LC_ALL,'en_US.UTF-8')
// OPTIONAL: replace basename() which may fail on UTF-8 chars if locale != UTF8
//$arr = explode('/', str_replace('\\', '/', $path));
//return end($arr);
}
// get mime type for file
public static function mime($path){
if(function_exists('mime_content_type')) return mime_content_type($path);
if(function_exists('finfo_file')) return finfo_file(finfo_open(FILEINFO_MIME_TYPE), $path);
return false;
}
// get file extension with options to lowercase and include dot
public static function extension($path, $lowercase = false, $dot = false) {
$ext = pathinfo($path, PATHINFO_EXTENSION);
if(!$ext) return '';
if($lowercase) $ext = strtolower($ext);
if($dot) $ext = '.' . $ext;
return $ext;
}
// glob() wrapper for reading paths / escape [brackets] in folder names (it's complicated)
public static function glob($path, $dirs_only = false){
if(preg_match('/\[.+]/', $path)) $path = str_replace(['[',']', '\[', '\]'], ['\[','\]', '[[]', '[]]'], $path);
return @glob($path, $dirs_only ? GLOB_NOSORT|GLOB_ONLYDIR : GLOB_NOSORT);
}
// get $_POST parameter or false
public static function post($param){
return isset($_POST[$param]) && !empty($_POST[$param]) ? $_POST[$param] : false;
}
// get $_GET parameter or false
public static function get($param){
return isset($_GET[$param]) && !empty($_GET[$param]) ? $_GET[$param] : false;
}
// make dir unless it already exists, error if fail
public static function mkdir($path){
if(!file_exists($path) && !mkdir($path, 0777, true)) U::error('Failed to create ' . $path, 500);
}
// helper function to check for and include various files html, php, css and js from storage_path _files/*
public static function uinclude($file){
if(!Config::$storagepath) return;
$path = Config::$storagepath . '/' . $file;
if(!file_exists($path)) return;
$ext = U::extension($path);
if(in_array($ext, ['html', 'php'])) return include $path;
$src = Path::urlpath($path); // get urlpath for public resource
if(!$src) return; // return if storagepath is non-public (not inside document root)
$src .= '?' . filemtime($path); // append modified time of file, so updated resources don't get cached in browser
if($ext === 'js') echo '<script src="' . $src . '"></script>';
if($ext === 'css') echo '<link href="' . $src . '" rel="stylesheet">';
}
// attempt to ini_get($directive)
public static function ini_get($directive){
$val = function_exists('ini_get') ? @ini_get($directive) : false;
return is_string($val) ? trim($val) : $val;
}
// get php ini value to bytes
public static function ini_value_to_bytes($directive) {
$val = U::ini_get($directive);
if(empty($val) || !is_string($val)) return 0;
if(function_exists('ini_parse_quantity')) return @ini_parse_quantity($val) ?: 0;
if(!preg_match('/^(\d+)([G|M|K])?$/i', trim($val), $m)) return 0;
if(!isset($m[2])) return (int) $m[1];
return (int) $m[1] *= ['G' => 1024 * 1024 * 1024, 'M' => 1024 * 1024, 'K' => 1024][strtoupper($m[2])];
}
// get memory limit in MB, if available, so we can calculate memory for image resize operations
public static function get_memory_limit_mb() {
$val = U::ini_value_to_bytes('memory_limit');
return $val ? $val / 1024 / 1024 : 0; // convert bytes to M
}
// detect FFmpeg availability for video thumbnails and return path or false / https://ffmpeg.org/
public static function ffmpeg_path(){
// below config options must be enabled for FFmpeg to apply
foreach (['video_thumbs', 'load_images', 'image_resize_cache', 'video_ffmpeg_path'] as $key) if(!Config::get($key)) return;
// exec() must be available to access command-line FFmpeg
if(!function_exists('exec')) return;
// path to ffmpeg in command-line is normally just 'ffmpeg', but escapeshellarg() in case using absolute path
$path = escapeshellarg(Config::get('video_ffmpeg_path'));
//$path = '"' . str_replace('"', '\"', Config::get('video_ffmpeg_path')) . '"'; // <- if path contains Chinese chars
// attempt to run -version function on ffmpeg and return the path or false on fail
return @exec($path . ' -version') ? $path : false;
}
// readfile() wrapper function to output file with tests, clone option and headers
public static function readfile($path, $mime, $message = false, $cache = false, $clone = false){
if(!$path || !file_exists($path)) return false;
if($clone && @copy($path, $clone)) U::message('cloned to ' . U::basename($clone));
U::header($message, $cache, $mime, filesize($path), 'inline', U::basename($path));
if(!is_readable($path) || readfile($path) === false) U::error('Failed to read file ' . U::basename($path), 400);
exit;
}
// return an array of supported image resize types / used by Javascript to determine what resized image types can be requested
public static function resize_image_types(){
return array_merge(['jpeg', 'jpg', 'png', 'gif'], array_filter(['webp', 'bmp', 'avif'], function($type){
return function_exists('imagecreatefrom' . $type);
}));
}
// common error response with response code, error message and json option
// 400 Bad Request, 403 Forbidden, 401 Unauthorized, 404 Not Found, 500 Internal Server Error
public static function error($error = 'Error', $http_response_code = false, $is_json = false){
if($is_json) return Json::error($error);
if($http_response_code) http_response_code($http_response_code);
U::header("[ERROR] $error", false);
exit("<h3>Error</h3>$error.");
}
// get dirs hash based on various options for cache paths and browser localstorage / with cached response
private static $dirs_hash;
public static function dirs_hash(){
if(self::$dirs_hash) return self::$dirs_hash;
return self::$dirs_hash = substr(md5(Config::$document_root . Config::$__dir__ . Config::$root . Config::$version . Config::get('cache_key') . U::image_resize_cache_direct() . Config::get('files_exclude') . Config::get('dirs_exclude')), 0, 6);
}
// check if image_resize_cache_direct is enabled for direct access to resized image cache files / with cached response
private static $image_resize_cache_direct;
public static function image_resize_cache_direct(){
if(isset(self::$image_resize_cache_direct)) return self::$image_resize_cache_direct;
return self::$image_resize_cache_direct = Config::get('image_resize_cache_direct') && !Config::$has_login && Config::get('load_images') && Config::get('image_resize_cache') && Config::get('image_resize_enabled') && Path::is_within_docroot(Config::$storagepath);
}
// image_resize_dimensions_retina (serve larger dimension resized images for HiDPI screens) with cached response
private static $image_resize_dimensions_retina;
public static function image_resize_dimensions_retina(){
if(isset(self::$image_resize_dimensions_retina)) return self::$image_resize_dimensions_retina;
$retina = intval(Config::get('image_resize_dimensions_retina'));
return self::$image_resize_dimensions_retina = $retina > Config::get('image_resize_dimensions') ? $retina : false;
}
// get common html header for main document and login page
public static function html_header($title, $class){
?>
<!doctype html><!-- www.files.gallery -->
<html class="<?php echo $class; ?>" data-theme="contrast">
<script>
let theme = (() => {
try {
return localStorage.getItem('files:theme');
} catch (e) {
return false;
};
})() || (matchMedia('(prefers-color-scheme:dark)').matches ? 'dark' : 'contrast');
if(theme !== 'contrast') document.documentElement.dataset.theme = theme;
</script>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex, nofollow">
<link rel="apple-touch-icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMAAAADABAMAAACg8nE0AAAAD1BMVEUui1f///9jqYHr9O+fyrIM/O8AAAABIklEQVR42u3awRGCQBBE0ZY1ABUCADQAoEwAzT8nz1CyLLszB6p+B8CrZuDWujtHAAAAAAAAAAAAAAAAAACOQPPp/2Y0AiZtJNgAjTYzmgDtNhAsgEkyrqDkApkVlsBDsq6wBIY4EIqBVuYVFkC98/ycCkr8CbIr6MCNsyosgJvsKxwFQhEw7APqY3mN5cBOnt6AZm/g6g2o8wYqb2B1BQcgeANXb0DuwOwNdKcHLgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeA20mArmB6Ugg0NsCcP/9JS8GAKSlVZMBk8p1GRgM2R4jMHu51a/2G1ju7wfoNrYHyCtUY3zpOthc4MgdNy3N/0PruC/JlVAwAAAAAAAAAAAAAAABwZuAHuVX4tWbMpKYAAAAASUVORK5CYII=">
<meta name="apple-mobile-web-app-capable" content="yes">
<title><?php echo $title; ?></title>
<?php U::uinclude('include/head.html'); ?>
<link href="<?php echo U::assetspath(); ?>files.photo.gallery@<?php echo Config::$version ?>/css/files.css" rel="stylesheet">
<?php U::uinclude('css/custom.css'); ?>
</head>
<?php
}
// output file as download using correct headers and readfile() / used to download zip and force download single files
public static function download($file, $message, $mime, $filename){
U::header($message, false, $mime, filesize($file), 'attachment', $filename);
while (ob_get_level()) ob_end_clean();
return readfile($file) !== false;
}
// assign assets url for plugins, Javascript, CSS and languages, defaults to CDN https://www.jsdelivr.com/
// if you want to self-host assets: https://www.files.gallery/docs/self-hosted-assets/
private static $assetspath;
public static function assetspath(){
if(self::$assetspath) return self::$assetspath;
return self::$assetspath = Config::get('assets') ? rtrim(Config::get('assets'), '/') . '/' : 'https://cdn.jsdelivr.net/npm/';
}
// response headers
// cache time 1 year for cacheable assets / can be modified if you really need to
public static $cache_time = 31536000;
// array of messages to go into files-response header
private static $messages = [];
// add messages (string or array) to files-response header
public static function message($items = []){
self::$messages = array_merge(self::$messages, is_string($items) ? [$items] : array_filter($items));
}
// set request response headers, including files-message header for diagnosing response
public static function header($message, $cache = null, $type = false, $length = 0, $disposition = false, $filename = ''){
// prepend main $message to $messages array
if($message) array_unshift(self::$messages, $message);
// append PHP response time to $messages
if(isset($_SERVER['REQUEST_TIME_FLOAT'])) self::$messages[] = round(microtime(true) - $_SERVER['REQUEST_TIME_FLOAT'], 3) . 's';
// append memory usage to $messages
if(function_exists('memory_get_peak_usage')) self::$messages[] = round(memory_get_peak_usage() / 1048576, 1) . 'M';
// assign files-message header with all $messages
header('files-response: ' . implode(' | ', self::$messages));
// cache response headers
if($cache){
$shared = Config::$has_login ? 'private' : 'public'; // private or shared cache depending on login
header('expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + self::$cache_time));
header('cache-control: ' . $shared . ', max-age=' . self::$cache_time . ', s-maxage=' . self::$cache_time . ', immutable');
// no cache response headers if specifically set to false (if null, don't do anything)
} else if($cache === false){
header('cache-control: no-store, must-revalidate');
}
// assign content-type header
if($type) header("content-type: $type");
// assign content-length header / only assigned when reading actual files on disk when we can get filesize()
if($length) header("content-length: $length");
// assign content-disposition when reading files on disk, assigned to either 'inline' or 'attachment'
if($disposition) header('content-disposition: ' . $disposition . '; filename="' . addslashes($filename) . '"');
}
}
// class Path / various static functions to convert and validate file paths
class Path {
// returns resolved absolute paths and normalizes slashes across OS / returns false if file does not exist
public static function realpath($path){
$realpath = realpath($path);
return $realpath ? str_replace('\\', '/', $realpath) : false;
}
// get absolute path by appending relative path to root path (does not resolve symlinks)
public static function rootpath($relpath){
return Config::$root . (strlen($relpath) ? "/$relpath" : ''); // check paths with strlen() in case dirname is '0'
}
// get relative path from full root path / used as internal reference and in query ?path/path
public static function relpath($path){
return trim(substr($path, strlen(Config::$root)), '\/');
}
// get public url path relative to script or server document root
public static function urlpath($path){
// return if item is not within server document root, because it can't be accessed by www url
if(!self::is_within_docroot($path)) return false;
// if item is within application dir, we can return relative path
if(self::is_within_path($path, Config::$__dir__)) return $path === Config::$__dir__ ? '.' : substr($path, strlen(Config::$__dir__) + 1);
// return root-relative path
return $path === Config::$document_root ? '/' : substr($path, strlen(Config::$document_root));
}
// determines if a path is equal to or inside another path / append slash so that path/dirx/ does not match path/dir/
public static function is_within_path($path, $root){
return $path && strpos($path . '/', $root . '/') === 0;
}
// determines if path is within server document root (so we can determine if it's accessible by URL)
public static function is_within_docroot($path){
return $path && self::is_within_path($path, Config::$document_root);
}
// calculate path for image resize cache
public static function imagecachepath($path, $image_resize_dimensions, $filesize, $filemtime){
return Config::$cachepath . '/images/' . substr(md5($path), 0, 6) . ".$filesize.$filemtime.$image_resize_dimensions.jpg";
}
// determines if relative path is valid, and returns full rootpath or false if invalid
public static function valid_rootpath($relpath, $is_dir = false){
// invalid if path is false (might be previously unresolved)
if($relpath === false) return;
// invalid if is file and path is empty (path can be '' empty string for root dir)
if(!$is_dir && empty($relpath)) return;
// relative path should never start or end with slash/
if(preg_match('/^\/|\/$/', $relpath)) return;
// get root path from relative path
$rootpath = self::rootpath($relpath);
// realpath may differ from rootpath if symlinked or if relpath contains parent ../ paths
$realpath = self::realpath($rootpath);
// invalid if file does not exist
if(!$realpath) return;
// additional security checks if realpath differs from rootpath, and realpath is no longer within root
// blocks potential abuse of relative paths like ?path/../../../../dir
if($realpath !== $rootpath && !self::is_within_path($realpath, Config::$root)) {
if(strpos(($is_dir ? $relpath : dirname($relpath)), ':') !== false) return; // dir may not contain ':'
if(strpos($relpath, '..') !== false) return; // path may not contain '..'
//if(self::is_exclude($realpath, $is_dir, true)) return; // check is_exclude also on realpath / seems pointless ...
}
// is invalid
if(!is_readable($realpath)) return; // not readable
if($is_dir && !is_dir($realpath)) return; // invalid dir
if(!$is_dir && !is_file($realpath)) return;// invalid file
if(self::is_exclude($rootpath, $is_dir)) return; // rootpath is excluded
// return full path
return $rootpath;
}
// determine if path should be excluded from displaying in the gallery
public static function is_exclude($path = false, $is_dir = true, $symlinked = false){
// is not excluded if empty or path is root
if(!$path || $path === Config::$root) return;
// exclude relative paths that start with _files* (reserved for hidden items)
if(strpos('/' . self::relpath($path), '/_files') !== false) return true;
// exclude Files Gallery PHP application name (normally "index.php" but could be renamed)
if($path === Config::$__file__) return true;
// exclude symlinks if symlinks not allowed (symlinks might be sensitive)
if($symlinked && !Config::get('allow_symlinks')) return true;
// exclude Files Gallery storage_path (normally _files dir relative to PHP file)
if(Config::$storagepath && self::is_within_path($path, Config::$storagepath)) return true;
// exclude if dir or file's parent dir is excluded by config dirs_exclude
if(Config::get('dirs_exclude')) {
// dir to check is path or parent dir if file
$dirname = $is_dir ? $path : dirname($path);
// check if dir matches dirs_exclude, unless dir is root (root dir can't be excluded)
if($dirname !== Config::$root && preg_match(Config::get('dirs_exclude'), self::relpath($dirname))) return true;
}
// exclude file
if(!$is_dir){
// get file name
$filename = U::basename($path);
// make sure file is not local config file
if($filename === Config::$localconfigpath) return true;
// exclude file name (not path) by files_exclude
if(Config::get('files_exclude') && preg_match(Config::get('files_exclude'), $filename)) return true;
}
}
}
// class Json / JSON response functions
class Json {
// output json from array and exit
public static function jexit($arr = []){
header('content-type: application/json');
exit(json_encode($arr));
}
// json error with message
public static function error($error = 'Error'){
self::jexit(['error' => $error]);
}
// output json from array and cache as .json / used by class dirs and class dir
public static function cache($arr = [], $message = false, $cache = true){
$json = empty($arr) ? '{}' : @json_encode($arr, JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_PARTIAL_OUTPUT_ON_ERROR);
if(empty($json)) self::error(json_last_error() ? json_last_error_msg() : 'json_encode() error');
if($cache) @file_put_contents($cache, $json);
U::message(['cache ' . ($cache ? 'ON' : 'OFF') ]);
U::header($message, false, 'application/json;');
echo $json;
}
}
// class X3 / functions if running Files Gallery alongside X3 www.photo.gallery
class X3 {
// vars
private static $path; // cache absolute X3 path
private static $inc = '/app/x3.inc.php'; // relative path to the X3 include file that is used for checking and invalidating cache
// checks if Files Gallery root points into X3 content and returns path to X3 root
public static function path(){
if(isset(self::$path)) return self::$path; // serve previously resolved path
// loop resolved path and original config path, in case resolved path was symlinked content
foreach ([Config::$root, Config::get('root')] as $path) {
// match /content and check if /app/x3.inc.php exists in parent
if($path && preg_match('/(.+)\/content/', $path, $match)) return self::$path = file_exists($match[1] . self::$inc) ? Path::realpath($match[1]) : false;
}
// nope
return self::$path = false;
}
// attempt to load x3-login if 1. root is X3 path, 2. there is no existing login, 3. files.x3-login.php exists
public static function login(){
return self::path() && U::uinclude('plugins/files.x3-login.php');
}
// get public url path of X3, used to render X3 thumbnails instead of thumbs created by Files Gallery
public static function urlpath(){
return self::path() ? Path::urlpath(self::path()) : false;
}
// on Filemanager actions, invalidate X3 cache updating modified time of x3.inc.php
public static function invalidate(){
if(self::path()) @touch(self::path() . self::$inc);
}
}
// class Tests / outputs PHP, server and config diagnostics by url ?action=tests
class Tests {
// html response
private $html = '';
// construct new Tests()
function __construct() {
// display all errors to catch anything unusual
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
// first let's check if new Config() created dirs and files in storagepath
$this->created();
// title, version, server name, PHP version and server software
$this->html .= '<h2>Files Gallery ' . Config::$version . '</h2>';
if(isset($_SERVER['SERVER_NAME'])) $this->prop('<b>'.$_SERVER['SERVER_NAME'].'</b>');
$this->prop('<b>PHP ' . phpversion().'</b>');
if(isset($_SERVER['SERVER_SOFTWARE'])) $this->prop('<b>'.$_SERVER['SERVER_SOFTWARE'].'</b>');
// check if paths root, storage_path and index.php exist and are writeable
$this->check_path(Config::$root, 'root');
$this->check_path(Config::$storagepath, 'storage_path');
$this->check_path(__FILE__, U::basename(__FILE__));
// check a few PHP extensions gd, exif and mbstring
if(function_exists('extension_loaded')) foreach (['gd', 'exif', 'mbstring'] as $name) $this->prop($name, extension_loaded($name));
// check if ZipArchive class exists
$this->prop('ZipArchive', class_exists('ZipArchive'));
// check various PHP functions
foreach (['mime_content_type', 'finfo_file', 'iptcparse', 'exif_imagetype', 'session_start', 'ini_get', 'exec'] as $name) $this->prop($name . '()', function_exists($name));
// check ffmpeg if exec is available, else don't check, because ffmpeg could be enabled even if !exec()
if(function_exists('exec')) $this->prop('ffmpeg', !!U::ffmpeg_path());
// get various PHP ini values with ini_get()
if(function_exists('ini_get')) foreach (['memory_limit', 'file_uploads', 'upload_max_filesize', 'post_max_size', 'max_file_uploads'] as $name) $this->prop($name, 'neutral', @ini_get($name));
// validate regex for files_exclude and dirs_exclude config options
foreach (['files_exclude', 'dirs_exclude'] as $key) if(Config::get($key) && @preg_match(Config::get($key), '') === false) $this->prop("Invalid <strong>$key</strong> regex", false);
// output merged config in readable format, with sensitive properties masked out
$this->showconfig();
// output basic formatted tests in html format
$this->output();
// exit on tests output
exit;
}
// checks if new Config() created dirs and files in storagepath
// useful to run ?action=tests if you want to create config.php file before executing Files Gallery
private function created(){
if(empty(Config::$created)) return;
$this->html .= '<p>Successfully created the following storage items:</p>';
foreach (Config::$created as $key) $this->prop($key, true);
}
// checks if a path exists and is writeable
private function check_path($path, $name){
if(!$path) return $this->prop($name, false);
if(!file_exists($path)) return $this->prop("$name does not exist", false);
if(!is_writable($path)) return $this->prop($name . ' is not writeable ' . substr(sprintf('%o', fileperms($path)), -4) . ' [owner ' . fileowner($path) . ']', false);
$this->prop($name, true);
}
// outputs and formats a property feature <div> element to html
private function prop($name, $success = 'neutral', $value = ''){
$class = is_string($success) ? $success : ($success ? ' success' : 'fail');
$this->html .= "<div class=\"test $class\">$name <b>$value</b></div>";
}
// output merged config in readable format, with sensitive properties masked out
private function showconfig(){
// copy config array
$arr = Config::$config;
// mask sensitive values
foreach (['root', 'storage_path', 'start_path', 'username', 'password', 'license_key', 'allow_tasks'] as $prop) if($arr[$prop]) $arr[$prop] = '***';
// create PHP array string that resembles config.php files
$php = '<?php' . PHP_EOL . PHP_EOL . 'return ' . var_export($arr, true) . ';';
// add to html response and highlight
$this->html .= '<h2>Config</h2>' . highlight_string($php, true);
}
// output basic formatted tests in html format
private function output(){
echo '<!doctype html><html><head><title>Files Gallery check system and config.</title><meta name="robots" content="noindex,nofollow"><style>body{font-family:system-ui;color:#444;line-height:1.6;margin:2vw 3vw;overflow:scroll}b{font-weight:600}.test:before{display:inline-block;width:18px;text-align:center;margin-right:5px}.neutral:before{color:#BBB}.success:before{color:#78a642}.success:before,.neutral:before{content:"\2713"}.fail:before{content:"\2A09";color:firebrick}</style></head><body>' . $this->html . '</body></html>';
}
}
// class FileResponse / outputs file, video preview image, resized image or proxies any file by PHP
class FileResponse {
// vars
private $path;
private $mime;
private $resize;
private $clone;
// construct resize image, all processes in due order
public function __construct($path, $resize = false, $clone = false){
// exif if invalid $path
if(!$path) U::error('Invalid file request', 404);
// store path and resolve potential symlinks
$this->path = Path::realpath($path);
// get mime to check if requested video or image files are valid
$this->mime = U::mime($this->path);
// resize numeric value assigned if image resize, but could be set to 'video'
$this->resize = is_numeric($resize) ? intval($resize) : $resize;
// clone the file (used by folder preview action)
$this->clone = $clone;
// get FFmpeg video preview image
if($this->resize === 'video') return $this->get_video_preview();
// get resized image preview (convert resize parameter to number, else it will return 0, not allowed)
if($this->resize) return $this->get_image_preview();
// get file proxied through PHP if it's not within document root
$this->get_file_proxied();
}
// get FFmpeg video preview image
private function get_video_preview(){
// image_resize_cache required
if(!Config::get('image_resize_cache')) U::error('image_resize_cache must be enabled to create and store video thumbs', 400);
// requirements with diagnostics / only check $mime if $mime detected
if($this->mime && strtok($this->mime, '/') !== 'video') U::error('Unsupported video type ' . $this->mime, 415);
// get cache path, where we will look for image or create it
$cache = Path::imagecachepath($this->path, 480, filesize($this->path), filemtime($this->path));
// check for cached video thumbnail / clone if called from folder preview
if($cache) U::readfile($cache, 'image/jpeg', 'Video preview from cache', true, $this->clone);
// get FFmpeg path `video_ffmpeg_path` or error
$ffmpeg_path = U::ffmpeg_path() ?: U::error('<a href="http://ffmpeg.org/" target="_blank">FFmpeg</a> disabled. Check your <a href="' . U::basename(__FILE__) . '?check=1" target="_blank">diagnostics</a>.', 400);
// ffmpeg command to create video preview in $cache path
$cmd = $ffmpeg_path . ' -ss 3 -t 1 -hide_banner -i "' . str_replace('"', '\"', $this->path) . '" -frames:v 1 -an -vf "thumbnail,scale=480:320:force_original_aspect_ratio=increase,crop=480:320" -r 1 -y -f mjpeg "' . $cache . '" 2>&1';
// attempt to execute FFmpeg command
exec($cmd, $output, $result_code);
// fail if result_code is anything else than 0
if($result_code) U::error("Error generating thumbnail for video (\$result_code $result_code)", 500);
// if for some reason, the created $cache file does not exist
if(!file_exists($cache)) U::error('Cache file ' . U::basename($cache) . ' does not exist', 404);
// fix for empty video previews that get created for extremely short videos (or other unknown errors)
if(!filesize($cache) && imagejpeg(imagecreate(1, 1), $cache)) U::readfile($cache, 'image/jpeg', '1px placeholder image created and cached', true, $this->clone);
// output created video thumbnail
U::readfile($cache, 'image/jpeg', 'Video preview image created', true, $this->clone);
}
// check if requested resize value is allowed
private function resize_allowed(){
if(empty($this->resize) || !is_numeric($this->resize)) return false;
if($this->resize === Config::get('image_resize_dimensions')) return true;
if($this->resize === Config::get('image_resize_dimensions_retina')) return true;
// check image_resize_dimensions_allowed array
$allowed = Config::get('image_resize_dimensions_allowed') ?: [];
return in_array($this->resize, array_filter(array_map('intval', is_array($allowed) ? $allowed : explode(',', $allowed))));
}
// get image preview resized image
private function get_image_preview(){
// only image mime types can be resized
if($this->mime && strtok($this->mime, '/') !== 'image') U::error('Unsupported image type ' . $this->mime, 415);
// allow resize image only if config load_images and image_resize_enabled are enabled
foreach (['load_images', 'image_resize_enabled'] as $key) if(!Config::get($key)) U::error("Config $key disabled", 400);
// check if requested resize value is allowed
if(!$this->resize_allowed()) U::error("Resize parameter $this->resize is not allowed", 400);
// get ResizeImage()
new ResizeImage($this->path, $this->resize, $this->clone);
}
// get file proxied through PHP if it's not within document root
private function get_file_proxied(){
// don't allow getting file by proxy if !load_files_proxy_php and the file is available in document root
if(!Config::get('load_files_proxy_php') && Path::is_within_docroot($this->path)) U::error('File can\'t be proxied', 400);
// read file / $mime or 'application/octet-stream' if $mime is unknown (should not happen unless missing functions)
U::readfile($this->path, ($this->mime ?: 'application/octet-stream'), 'File proxied', true);
}
}
// class ResizeImage / serves a resized image
class ResizeImage {
// set a different fill color than black (default) for images with transparency / disabled by default []
// only enable when strictly required, as it will assign fill color also for non-transparent images
public static $fill_color = []; // white [255, 255, 255];
// class properties
private $path; // full path to image
private $rwidth; // calculated resize width
private $rheight; // calculated resize height
private $pixels; // used to check if pixels > max_pixels and to calculate required memory
private $bits; // extracted from getimagesize() for use in set_memory_limit()
private $channels; // extracted from getimagesize() for use in set_memory_limit()
private $dst_image; // destination image GD resource with resize dimensions, also used in sharpen() and exif_orientation()
// construct resize image, all processes in due order
public function __construct($path, $resize, $clone = false){
// vars
$this->path = $path;
$filesize = filesize($this->path);
// create local $short vars from config 'image_resize_*' options, because it's much easier and more readable
foreach (['cache', 'types', 'quality', 'function', 'sharpen', 'memory_limit', 'max_pixels', 'min_ratio'] as $key) {
$$key = Config::get("image_resize_$key");
}
// add to response headers
U::message(['cache ' . ($cache ? 'ON' : 'OFF'), "resize $resize", "quality $quality", $function]);
// get cache path for image (or null for imagejpeg())
$cache_path = $cache ? Path::imagecachepath($this->path, $resize, $filesize, filemtime($this->path)) : null;
// attempt to load $cache_path / will simply fail if $cache_path does not exist
if($cache_path) U::readfile($cache_path, 'image/jpeg', 'Resized image from cache', true, $clone);
// getimagesize / original dimensions, image type, bits, channels and mime
$imagesize = getimagesize($this->path);
if(empty($imagesize) || !is_array($imagesize)) U::error('Failed getimagesize()', 500); // die!
// vars extrapolated from $imagesize
$width = (int) $imagesize[0]; // (int) because AVIF might return '0x0'
$height = (int) $imagesize[1]; // (int) because AVIF might return '0x0'
$ratio = max($width, $height) / $resize; // calculate resize ratio from image longest side (width or height)
$this->rwidth = round($width / $ratio); // calculate resize width
$this->rheight = round($height / $ratio); // calculate resize height
$this->pixels = $width * $height; // used to check if pixels > max_pixels and to calculate required memory
$type = $imagesize[2]; // returns one of the IMAGETYPE_XXX constants indicating the type of the image.
$mime = isset($imagesize['mime']) && is_string($imagesize['mime']) ? $imagesize['mime'] : false;
$this->bits = isset($imagesize['bits']) && is_numeric($imagesize['bits']) ? $imagesize['bits'] : 8;
$this->channels = isset($imagesize['channels']) && is_numeric($imagesize['channels']) ? $imagesize['channels'] : 3;
// get image type extension or die / used to check if $ext is in `image_resize_types` and for "imagecreatefrom$ext"() function
$ext = image_type_to_extension($type, false) ?: U::error("Invalid image type $type");
// add more calculated values to response headers
U::message([$mime, $ext, "$width x $height", 'ratio ' . round($ratio, 2), "$this->rwidth x $this->rheight"]);
// if image extension is not in `image_resize_types`, attempt to serve original if filesize is <= `load_images_max_filesize`
if(!in_array($ext, $this->get_resize_types($types))){
// exit if original image exceeds `load_images_max_filesize`
if($filesize > Config::get('load_images_max_filesize')) U::error("Image $ext is not in `image_resize_types`, and can't serve original because filesize $filesize exceeds `load_images_max_filesize` " . Config::get('load_images_max_filesize') . ' bytes', 400);
// attempt to serve original or error
if(!U::readfile($this->path, $mime, 'Original image served because image is not within image_resize_types', true, $clone)) U::error('File does not exist', 404);
}
// exit if image pixels (dimensions) exceeds 'image_resize_max_pixels' => 60000000 (default)
if($max_pixels && $this->pixels > $max_pixels) U::error("Image pixels $this->pixels ($width x $height) exceeds `image_resize_max_pixels` $max_pixels", 400);
// serve original if resize ratio < min_ratio, but only if filesize <= load_images_max_filesize
if($ratio < max($min_ratio, 1) && $filesize <= Config::get('load_images_max_filesize') && !U::readfile($this->path, $mime, "Original image served, because resize ratio $ratio < min_ratio $min_ratio", true, $clone)) U::error('File does not exist', 404);
// prepare imagecreatefrom$EXT() to create image GD resource from path
$imagecreatefrom = "imagecreatefrom$ext";
if(!function_exists($imagecreatefrom)) U::error("Function $imagecreatefrom() does not exist", 500);
// check if avaialble memory is sufficient to resize image, and attempt to temporarily assign higher memory_limit
$this->set_memory_limit($memory_limit);
// create new source image GD resource from path
$src_image = $imagecreatefrom($this->path) ?: U::error("Function $imagecreatefrom() failed", 500);
// create destination image GD resource with resize dimensions
$this->dst_image = imagecreatetruecolor($this->rwidth, $this->rheight) ?: U::error('Function imagecreatetruecolor() failed', 500);
// set a different fill color than black (default) for images with transparency / disabled by default $fill_color = []
$this->set_fill_color($ext);
// imagecopyresampled() src_image to dst_image
if(!call_user_func($function, $this->dst_image, $src_image, 0, 0, 0, 0, $this->rwidth, $this->rheight, $width, $height)) U::error("Function $function() failed", 500);
// destroy src_image GD resource to free up memory
imagedestroy($src_image);
// rotate resized image according to exif image orientation if required
$this->exif_orientation();
// sharpen resized images, because default PHP imagecopyresized() make images blurry ...
if($sharpen) $this->sharpen();
// add headers for direct output if !cache / missing content-length but that's ok
if(!$cache_path) U::header('Resized image served', true, 'image/jpeg');
// create jpg image in cache path or output directly if !cache
if(!imagejpeg($this->dst_image, $cache_path, $quality)) U::error('PHP imagejpeg() failed', 500);
// destroy dst_image resource to free up memory
imagedestroy($this->dst_image);
// cache readfile
if($cache_path && !U::readfile($cache_path, 'image/jpeg', 'Resized image served', true, $clone)) U::error('Cache file does not exist', 404);
// always exit
exit;
}
// check if avaialble memory is sufficient to resize image, and attempt to temporarily assign new memory_limit
private function set_memory_limit($memory_limit){
// config image_resize_memory_limit must be assigned
if(empty($memory_limit)) return;
// get memory_limit in MB
$current = U::get_memory_limit_mb();
// pointless to make any assumptions if we can't get default memory_limit, just try to resize ...
if(empty($current)) return;
// calculate approximate required memory to resize image
$required = round(($this->pixels * $this->bits / 8 * $this->channels * 1.33 + $this->rwidth * $this->rheight * 4) / 1048576, 1);
// get new memory_limit, assigned from config image_resize_memory_limit, if higher than $current
$new = function_exists('ini_set') ? max($current, $memory_limit) : $current;
// error if required memory > available memory
if($required > $new) U::error("Resizing this image requires >= {$required}M. Your PHP memory_limit is {$new}M", 400);
// assign $new memory from config image_resize_memory_limit if > $current (default memory_limit)
if($new > $current && @ini_set('memory_limit', $new . 'M')) U::message("{$current}M => {$new}M (min {$required}M)");
}
// get resize types array from config 'image_resize_types' => 'jpeg, png, gif, webp, bmp, avif'
private function get_resize_types($types){
return array_filter(array_map(function($key){
$type = trim(strtolower($key));
return $type === 'jpg' ? 'jpeg' : $type;
}, explode(',', $types)));
}
// sharpen resized images, because default PHP imagecopyresized() make images blurry ...
private function sharpen(){
$matrix = [
[-1, -1, -1],
[-1, 20, -1],
[-1, -1, -1],
];
$divisor = array_sum(array_map('array_sum', $matrix));
$offset = 0;
imageconvolution($this->dst_image, $matrix, $divisor, $offset);
}
// rotate resized image according to exif image orientation (no way we deal with this in browser)
private function exif_orientation(){
// attempt to get image exif array
$exif = Exif::exif_data($this->path);
// exit if there is no exif orientation value
if(!$exif || !isset($exif['Orientation'])) return;
// assign $orientation
$orientation = $exif['Orientation'];
// array of orientation values to rotate (4, 5 and 7 will also be flipped)
$orientation_to_rotation = [3 => 180, 4 => 180, 5 => 270, 6 => 270, 7 => 90, 8 => 90];
// return if orientation is not valid or is not in array (does not require rotation)
if(!array_key_exists($orientation, $orientation_to_rotation)) return;
// rotate image according to exif $orientation, write back to already-resized image destination resource
$this->dst_image = imagerotate($this->dst_image, $orientation_to_rotation[$orientation], 0);
// after rotation, orientation values 4, 5 and 7 also need to be flipped in place
if(in_array($orientation, [4, 5, 7]) && function_exists('imageflip')) imageflip($this->dst_image, IMG_FLIP_HORIZONTAL);
// add header props
U::message("orientated from EXIF $orientation");
}
// sets a different fill color than black (default) for images with transparency / disabled by default
private function set_fill_color($ext){
if(!is_array(self::$fill_color) || count(self::$fill_color) !== 3 || !in_array($ext, ['png', 'gif', 'webp', 'avif'])) return;
$color = call_user_func_array('imagecolorallocate', array_merge([$this->dst_image], self::$fill_color));
if(imagefill($this->dst_image, 0, 0, $color)) U::message('Fill rgb(' . join(', ', self::$fill_color) . ')');
}
}
// class Dirs / outputs menu json from dir structure
class Dirs {
// vars
private $dirs = []; // array of dirs to output when re-creating
private $cache_file = false; // cache file path / gets assigned to a path if cache is enabled
private $load_files = false; // load files into each menu dir if Config::get('menu_load_all')
// construct Dirs
public function __construct(){
// first check and assign cache / returns cache json if valid
$this->check_cache();
// load files in each dir if config menu_load_all
$this->load_files = Config::get('menu_load_all');
// if not cached, get dirs starting from root dir
$this->get_dirs(Config::$root);
// outputs dirs json format and cache
Json::cache($this->dirs, 'Dirs reloaded', $this->cache_file);
}
// check cache for menu and return if valid
private function check_cache(){
// exit if cache disabled
if(!Config::get('cache')) return;
// get cache hash from POST menu_cache_hash so we can assign correct cache file
$hash = U::post('menu_cache_hash');
// validate $hash to make sure we check and create correct cache file names (not strictly necessary, but just in case)
if(!$hash || !preg_match('/^.{6}\..{6}\..\d+$/', $hash)) Json::error('Invalid menu cache hash');
// assign cache file when cache is enabled / check if file exists, or write to this file when re-creating
$this->cache_file = Config::$cachepath . "/menu/$hash.json";
// return if cache file does not exist
if(!file_exists($this->cache_file)) return;
// get json from cache file
$json = @file_get_contents($this->cache_file);
// return if the file is empty (for some reason)
if(empty($json)) return;
// check if menu cache is valid by comparing folder modified dates
if(!$this->menu_cache_is_valid($json)) return;
// assign headers
U::header('Valid menu cache', null, 'application/json');
// if browser has valid menu cache stored, just confirm cache is valid // don't use Json::exit, because we already set header
if(U::post('localstorage')) exit(json_encode(['localstorage' => true]));
// output json cache file
exit($json);
}
// check if json menu cache is valid by comparing folder dates (modified time)
private function menu_cache_is_valid($json){
if(!Config::get('menu_cache_validate')) return true; // don't validate deep levels beyond 2
$arr = @json_decode($json, true); // create array to compare times
if(empty($arr)) return;
// loop dirs and compare modified-time to check if cache is valid / skip shallow 1st level dirs
foreach ($arr as $val) {
if(strpos($val['path'], '/') !== false && $val['mtime'] !== @filemtime(Path::rootpath($val['path']))) return;
}
return $json; // it's valid, because json folder dates match real folder dates
}
// get_dirs recursive directories
private function get_dirs($path, $depth = 0) {
// load data for dir / ignore depth 0 (root), because it's already loaded, unless load_files
if($depth || $this->load_files) {
// return if dir is excluded
if(Path::is_exclude($path, true)) return;
// get array of data for dir, including files load_files (config menu_load_all)
$data = (new Dir($path))->load($this->load_files);
// exit if empty / should not happen, but just on case
if(empty($data)) return;
// assign dir $data to array of $dirs
$this->dirs[] = $data;
// exit if current depth >= config menu_max_depth (don't get subdirs)
if(Config::get('menu_max_depth') && $depth >= Config::get('menu_max_depth')) return;
// exit if item is symlink and don't follow symlinks (don't get subdirs)
if($data['is_link'] && !Config::get('menu_recursive_symlinks')) return;// $arr;
}
// get subdirs from current path
$subdirs = U::glob("$path/*", true);
// sort subdirs and get data for each dir (including further subdirs)
if(!empty($subdirs)) foreach($this->sort($subdirs) as $subdir) $this->get_dirs($subdir, $depth + 1);
}
// sort subfolders
private function sort($dirs){
if(strpos(Config::get('menu_sort'), 'date') === 0){
usort($dirs, function($a, $b) {
return filemtime($a) - filemtime($b);
});
} else {
natcasesort($dirs);
}
return substr(Config::get('menu_sort'), -4) === 'desc' ? array_reverse($dirs) : $dirs;
}
}
// class Dir / loads data array for a single dir with or without files
class Dir {
// vars
public $data; // array of public data to be returned / shared with File
public $path; // path of dir / shared with File
public $realpath; // dir realpath, normally the same as $path, unless $path contains symlink
private $filemtime; // dir filemtime (modified time), used for cache validation and data
private $filenames; // array of file names in dir
private $cache_path; // calculated json file cache path
// construct assign common vars
public function __construct($path){
$this->path = $path;
$this->realpath = $path ? Path::realpath($path) : false;
$this->filemtime = filemtime($this->realpath);
$this->cache_path = $this->get_cache_path();
}
// get dir json from cache, or reload / used by main dir files action request
public function json(){
// return json cache file if exists
if(U::readfile($this->cache_path, 'application/json', 'JSON served from cache')) return;
// reload, encode as json, and store json cache file
Json::cache($this->load(true), 'JSON created', $this->cache_path);
}
// get dir array from cache or reload / used in Document class when getting dir arrays for root and start path
public function get(){
// get cache if valid, also returns files[] array as bonus since it's already cached
if($this->cache_is_valid()) return json_decode(file_get_contents($this->cache_path), true);
// reload dir without files (we don't want to delay Document with this, unless cached)
return $this->load();
}
// load dir array / used when dir is not cached (always by menu get_dirs())
public function load($files = false){
// dir array
$this->data = [
'basename' => U::basename($this->path),
'fileperms' => substr(sprintf('%o', fileperms($this->realpath)), -4),
'filetype' => 'dir',
'is_readable' => is_readable($this->realpath),
'is_writeable' => is_writeable($this->realpath),
'is_link' => is_link($this->path),
'is_dir' => true,
'mime' => 'directory',
'mtime' => $this->filemtime,
'path' => Path::relpath($this->path), // if path is realpath and is symlinked, it might be wrong
'files_count' => 0,
'dirsize' => 0,
'images_count' => 0,
'url_path' => Path::urlpath($this->path)
];
// get files[] array for dir
if($files) $this->get_files();
// assign direct url to json cache file for faster loading from javascript / used by Dirs class (menu), only when !files
// won't work if you have blocked public web access to cache dir files / if so, comment out the below line
if(!$files) $this->set_json_cache_url();
// return data array for this dir
return $this->data;
}
// get json cache path for dir (does not validate if cache file exists)
private function get_cache_path(){
if(!Config::get('cache') || !$this->realpath) return;
return Config::$cachepath . '/folders/' . U::dirs_hash() . '.' . substr(md5($this->realpath), 0, 6) . '.' . $this->filemtime . '.json';
}
// used to check if json cache file exists, and therefore is valid
private function cache_is_valid(){
return $this->cache_path && file_exists($this->cache_path);
}
// assign direct url to json cache file for faster loading from javascript / used by Dirs class (menu)
private function set_json_cache_url(){
// don't allow direct access if login or !public or !valid cache
if(Config::$has_login || !$this->cache_is_valid() || !Path::is_within_docroot(Config::$storagepath)) return;
$this->data['json_cache'] = Path::urlpath($this->cache_path);
}
// optional get array of files from dir / only gets called if file data should be loaded
private function get_files(){
// forget it if we can't read dir
if(!$this->data['is_readable']) return;
// start files array, even if empty (so we know it's an empty folder)
$this->data['files'] = [];
// scandir for filenames
$this->filenames = scandir($this->path, SCANDIR_SORT_NONE);
// exit if dir is empty
if(empty($this->filenames)) return;
// loop filenames add to $this->data['files']
foreach($this->filenames as $filename) {
// skip dots
if(in_array($filename, ['.', '..'])) continue;
// add file to $this->data['files'] array
new File($this, $filename);
}
// sort files by natural case, with dirs on top (already sorts in javascript, but faster when pre-sorted in cache)
uasort($this->data['files'], function($a, $b){
if(!Config::get('sort_dirs_first') || $a['is_dir'] === $b['is_dir']) return strnatcasecmp($a['basename'], $b['basename']);
return $b['is_dir'] ? 1 : -1;
});
}
}
// class File / returns data array for a single file
class File {
// vars
private $dir; // parent dir object
private $file; // file array
private $realpath; // realpath of item, in case symlinked, faster access for various operations
private $image = []; // image data array, populated and assigned to $this->file['image'] if file is image
private $image_info; // image_info from getimagesize() to get IPTC
// public construct file
public function __construct($dir, $filename){
// parent dir object
$this->dir = $dir;
// assemble full path from parent dir path
$path = $this->dir->path . '/' . $filename;
// get resolved realpath, to check if file truly exists (symlink target could be deaf), and for faster function access
$this->realpath = Path::realpath($path); // may differ from $path if symlinked
// exit if no realpath for some reason, for example symlink target is dead
if(!$this->realpath) return;
// path is symlinked if realpath differs from $path
$symlinked = $this->realpath !== $path;
// get filetype
$filetype = filetype($this->realpath);
// determine if file is dir
$is_dir = $filetype === 'dir' ? true : false;
// skip item if excluded
if(Path::is_exclude($path, $is_dir, $symlinked)) return;
// count file into parent dir
if(!$is_dir) $this->dir->data['files_count'] ++;
// check if file is symlink (only if realpath !== path)
$is_link = $symlinked ? is_link($path) : false;
// get filesize if !$is_dir
$filesize = $is_dir ? 0 : filesize($this->realpath);
// append filesize to parent dirsize
$this->dir->data['dirsize'] += $filesize;
// add properties to file array
$this->file = [
'basename' => $filename,
'ext' => $is_dir ? '' : U::extension($is_link ? $this->realpath : $filename, true),
'fileperms' => substr(sprintf('%o', fileperms($this->realpath)), -4),
'filetype' => $filetype,
'filesize' => $filesize,
'is_readable' => is_readable($this->realpath),
'is_writeable' => is_writeable($this->realpath),
'is_link' => $is_link,
'is_dir' => $is_dir,
'mtime' => filemtime($this->realpath),
'path' => ltrim($this->dir->data['path'] . '/', '/') . $filename,
'url_path' => Path::urlpath($path)
];
// assign file mime type / will return null for most files unless config get_mime_type = true (slow)
$this->file['mime'] = $this->mime();
// assign image data if file is image
$this->set_image_data();
// read .URL shortcut files and present as links / https://fileinfo.com/extension/url
$this->set_file_url();
// add to dir files array with filename as key
$this->dir->data['files'][$filename] = $this->file;
}
// get file mime type if !extension of config get_mime_type is enabled
private function mime(){
if($this->file['is_dir']) return 'directory'; // directory
if(!$this->file['is_readable']) return null; // skip and return null
if(!$this->file['ext'] || $this->file['ext'] === 'ts' || Config::get('get_mime_type')) return U::mime($this->realpath);
return null; // don't check mime, mime will be detected from extension in javascript
}
// assign image data if file is image
private function set_image_data(){
// first check if item seems like an image by checking mime or extension
if(!$this->is_image()) return;
// count image in dir, assuming it's some kind of image, even if !getimagesize() or !readable
$this->dir->data['images_count'] ++;
// pre-assign image icon, assuming it's some kind of image, even if !getimagesize() or !readable
$this->file['icon'] = 'image';
// getimagesize() wrapper, populates and re-formats $this->image / exit if empty
if(!$this->getimagesize()) return;
// assign item mime from getimagesize() because it is more accurate and we might not have file mime yet anyway
if(isset($this->image['mime'])) $this->file['mime'] = $this->image['mime'];
// get image Iptc
$this->image['iptc'] = Iptc::get($this->image_info);
// get image Exif
$this->image['exif'] = Exif::get($this->realpath);
// invert image width height if exif orientation is > 4 && < 9, because dimensions should match browser-oriented image
$this->image_orientation_flip_dimensions();
// find optional panorama sizes `_files_{size}_{filename.jpg}` for equirectangular 2/1 aspect panorama images
$this->image_panorama_sizes();
// get image resize cache for direct access by javascript if config image_resize_cache_direct
$this->get_image_resize_cache();
// remove empty values and add image array to file output
$this->file['image'] = array_filter($this->image);
}
// check if file seems to be an image by means of mime type or extension
private function is_image(){
if($this->file['is_dir']) return;
if($this->file['mime']) return strpos($this->file['mime'], 'image/') === 0;
return in_array($this->file['ext'], ['gif','jpg','jpeg','jpc','jp2','jpx','jb2','png','swf','psd','bmp','tiff','tif','wbmp','xbm','ico','webp','avif','svg']);
}
// getimagesize() wrapper validates and re-formats output into $this->image array
private function getimagesize(){
// exit
if(!$this->file['is_readable'] || $this->file['ext'] === 'svg') return;
// getimagesize()
$imagesize = @getimagesize($this->realpath, $this->image_info);
// exit on invalid $imagesize
if(empty($imagesize) || !is_array($imagesize)) return;
// re-format properties from getimagesize() into $this->image array
foreach ([
'width',
'height',
'type',
'bits' => 'bits',
'channels' => 'channels',
'mime' => 'mime'
] as $key => $name) if(isset($imagesize[$key])) $this->image[$name] = $imagesize[$key];
// valid if array is !empty
return !empty($this->image);
}
// if image is oriented by some Exif orientation values, we need to flip width and height properties to match browser orientation
private function image_orientation_flip_dimensions(){
if(!isset($this->image['exif']['Orientation']) || !in_array($this->image['exif']['Orientation'], [5, 6, 7, 8])) return;
list($this->image['width'], $this->image['height']) = [$this->image['height'], $this->image['width']]; // flip width/height
}
// find optional panorama sizes `_files_{size}_{filename.jpg}` for equirectangular 2/1 aspect panorama images
private function image_panorama_sizes(){
// must be public image (url_path), with >= 2024 and exactly 2:1 aspect ratio (equirectangular)
if(!$this->file['url_path'] || !$this->image['width'] || $this->image['width'] <= 2048 || $this->image['width'] / $this->image['height'] !== 2) return;
$resized = [];
foreach ([2048, 4096, 8192] as $width) { // look for sizes 2048, 4096 and 8192
if($width >= $this->image['width']) break; // break loop if resized image width >= original already
if(file_exists($this->dir->realpath . '/_files_' . $width . '_' . $this->file['basename'])) $resized[] = $width;
}
if(!empty($resized)) $this->file['panorama_resized'] = array_reverse($resized);
}
// get image resize cache for direct access by javascript if config image_resize_cache_direct
private function get_image_resize_cache(){
if(!U::image_resize_cache_direct()) return;
foreach ([Config::get('image_resize_dimensions'), U::image_resize_dimensions_retina()] as $resize) {
if(!$resize) continue;
$cache_file = Path::imagecachepath($this->realpath, $resize, $this->file['filesize'], $this->file['mtime']);
if(file_exists($cache_file)) $this->image["resize$resize"] = Path::urlpath($cache_file);
}
}
// read and parse .URL shortcut files and present as links / https://fileinfo.com/extension/url
private function set_file_url(){
if(!$this->file['is_readable'] || $this->file['ext'] !== 'url') return;
$lines = @file($this->realpath);
if(empty($lines) || !is_array($lines)) return;
foreach ($lines as $str) {
if(!preg_match('/^url\s*=\s*([\S\s]+)/i', trim($str), $matches) || !isset($matches[1])) continue;
$this->file['url'] = $matches[1];
break;
}
}
}
// class Iptc / extract IPTC image data from images
class Iptc {
// array of iptc entries with their corresponding codes to extract from IPTC, which otherwise contains tons of junk
public static $entries = [
'title' => '005',
'headline' => '105',
'description' => '120',
'creator' => '080',
'credit' => '110',
'copyright' => '116',
'keywords' => '025',
'city' => '090',
'sub-location' => '092',
'province-state' => '095'
];
// get iptc tag values, might be an array (keywords) or first array item (string) / attempts to fix invalid utf8
private static function tag($value){
// might be an array like 'keywords', just output array
if(count($value) > 1) return $value;
// get trimmed string value
$string = isset($value[0]) && is_string($value[0]) ? trim($value[0]) : false;
// invalid or empty string
if(empty($string)) return false;
// clamp string at 1000 chars, because some messed up images include a dump of garbled junk
$clamped = function_exists('mb_substr') ? @mb_substr($string, 0, 1000) : @substr($string, 0, 1000);
// return original string if the above didn't work for some ridiculous reason
if(!$clamped) return $string;
// return string if we can't detect valid utf-8 or string is already valid utf-8
if(!function_exists('mb_convert_encoding') || preg_match('//u', $clamped)) return $clamped;
// attempt to convert the encoding
$converted = @mb_convert_encoding($clamped, 'UTF-8', @mb_list_encodings());
// return converted value if successful
return $converted ?: $clamped;
}
// get iptc from $image_info (getimagesize($path, $image_info))
public static function get($i){
// get iptc from $image_info (getimagesize($path, $image_info))
$iptc = !empty($i) && is_array($i) && isset($i['APP13']) && function_exists('iptcparse') ? @iptcparse($i['APP13']) : false;
// return empty array if falsy, error or empty[] response
if(empty($iptc)) return [];
// populate $entries from $iptc
$output = [];
foreach (self::$entries as $name => $code) {
$value = isset($iptc['2#' . $code]) ? $iptc['2#' . $code] : false;
$output[$name] = !empty($value) && is_array($value) ? self::tag($value) : false;
}
// return array with all non-empty values
return array_filter($output);
}
}
// class Exif / extract Exif image data from images
class Exif {
// these are the values we want
public static $entries = [
'ApertureFNumber', // from exif COMPUTED values
//'CCDWidth' // from exif COMPUTED values
//'DateTime', // only used to detect original photo time, if DateTimeOriginal is not defined
'DateTimeOriginal', // original photo taken time, which will replace the file's date
'ExposureTime',
//'FNumber',
'FocalLength',
//'Make', // normally pointless when there is 'Model'
'Model',
'Orientation', // used only for Javascript to detect the orientation of the image and display appropriately
'ISOSpeedRatings',
//'Software',
];
// returns the exif data array from an image, if function exists and exif array is valid
public static function exif_data($path){
$exif = function_exists('exif_read_data') ? @exif_read_data($path) : false;
return !empty($exif) && is_array($exif) ? $exif : false;
}
// get Exif $entries for a specific image
public static function get($path){
// get exif
$exif = self::exif_data($path);
if(!$exif) return;
// start output array
$output = [];
// loop $entries, check in $exif and $exif['COMPUTED'] and add to ouput
foreach (self::$entries as $key) {
$output[$key] = isset($exif[$key]) ? $exif[$key] : (isset($exif['COMPUTED'][$key]) ? $exif['COMPUTED'][$key] : false);
}
// get GPS coordinates
$output['gps'] = self::gps($exif);
// remove empty values and return array
return array_filter($output);
}
// get GPS coordinates in array
private static function gps($exif){
// prepare array for coordinates
$arr = [];
// loop to get coordinates
foreach (['GPSLatitude', 'GPSLongitude'] as $key) {
// invalid exif
if(!isset($exif[$key]) || !isset($exif[$key . 'Ref'])) return false;
// coordinate array
$coordinate = is_string($exif[$key]) ? array_map('trim', explode(',', $exif[$key])) : $exif[$key];
// loop
for ($i = 0; $i < 3; $i++) {
$part = explode('/', $coordinate[$i]);
if(count($part) == 1) {
$coordinate[$i] = $part[0];
} else if (count($part) == 2) {
if(empty($part[1])) return false; // invalid GPS, $part[1] can't be 0
$coordinate[$i] = floatval($part[0]) / floatval($part[1]);
} else {
$coordinate[$i] = 0;
}
}
// output
list($degrees, $minutes, $seconds) = $coordinate;
$sign = in_array($exif[$key . 'Ref'], ['W', 'S']) ? -1 : 1;
$arr[] = $sign * ($degrees + $minutes / 60 + $seconds / 3600);
}
// return array
return !empty($arr) ? $arr : false;
}
}
// class Filemanager / functions that handle file operations on server
class Filemanager {
// success counter for multi-item actions
static $success = 0;
static $count = 0;
// file manager actions JSON response / accepts true/false or array with success property
public static function json($res, $err){
// create $arr from boolean with $arr['success'] or pass through existing array
$arr = is_array($res) ? $res : ['success' => $res];
// assign complete error if action was !success (not even partially success)
if(!isset($arr['success']) || empty($arr['success'])) return Json::error($err);
// on success, invalidate X3 cache if x3-plugin active
X3::invalidate();
// output success / remove empty values, because javascript don't need em
Json::jexit(array_filter($arr));
}
// check if name is allowed and return trimmed value / duplicate, new_file, new_folder, rename, zip
// for security and practical reasons, don't allow invalid characters <>:"'/\|?*# or .. or ends with .
public static function name_is_allowed($name = false){
return !empty($name) && is_string($name) && !ctype_space($name) && !preg_match('/[<>:"\'\/\\\|?*#]|\.\.|\.$/', $name);
}
// get unique incremental filename for functions like duplicate and zip / default increment name starts at 2
public static function get_unique_filename($path, $i = 2) {
// die if already unique
if(!file_exists($path)) return $path;
// break path into filename and extension
$pathinfo = pathinfo($path);
$filename = $pathinfo['filename']; // file name without extension for numbering
$ext = !is_dir($path) && !empty($pathinfo['extension']) ? '.' . $pathinfo['extension'] : ''; // extension append to filename
// check if file is numbered already like file-3.jpg, so we can assign to file-4.jpg instead of file-3-2.jpg
$numbered_name = explode('-', $filename);
$current_count = array_pop($numbered_name);
if(count($numbered_name) && is_numeric($current_count)) {
$filename = join('-', $numbered_name);
$i = $current_count + 1;
}
// increment filename if file already exists / default start by filename-2.ext
while (file_exists($path)) {
$path = $pathinfo['dirname'] . '/' . $filename . '-' . $i . $ext;
$i++;
}
// return first available $path
return $path;
}
// recursive iterator for copy, delete, duplicate
protected static function iterator($path, $mode = RecursiveIteratorIterator::SELF_FIRST){
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS), $mode, RecursiveIteratorIterator::CATCH_GET_CHILD);
self::$count += iterator_count($iterator);
return $iterator;
}
// delete single file or folder
private static function delete_file_or_folder($path){
return is_dir($path) ? @rmdir($path) : @unlink($path);
}
// delete single file or folder recursively
public static function delete($path){
// if dir, iterate recursively and attempt to delete all descendants
// check if_writeable() will skip dirs that are not writeable, because we can't delete direct children. However, we may still be able to delete deep descendants, so might as well try to delete what can be deleted.
if(is_dir($path)/* && is_writable($path)*/) foreach (self::iterator($path, RecursiveIteratorIterator::CHILD_FIRST) as $item) self::$success += self::delete_file_or_folder($item->getPathname());
// delete file or folder after first deleting recursive items in folder
return self::delete_file_or_folder($path);
}
// non-recursive copy single file or folder / creates folder when necessary
private static function copy_file_or_folder($from, $to){
// if(Path::is_exclude($to, is_dir($from))) return false; // exclude copy $to paths? kinda pointless
if(Path::is_within_path($to, $from)) return false; // don't allow copying files or dirs into self or same location
//if(!is_readable($from)) return false; // already checked in valid_rootpath() filter
if(is_dir($from)) return is_dir($to) || @mkdir($to, 0777, true); // is_dir already or make new dir
if(!is_readable($from)) return false; // can't read file source / might be recursive file
if(file_exists($to) && filemtime($to) >= filemtime($from)) return false; // file already exists and is newer than source
if(!@copy($from, $to)) return false; // attempt to copy from to / overwrite existing older files in $to location
@touch($to, filemtime($from)); // inherit file modified time
return true; // return success
}
// copy single file or folder recursively / kinda how the default php copy() should have worked? Also used for duplicate
public static function copy($from, $to){
if(!self::copy_file_or_folder($from, $to)) return false; // only continue on success
if(is_dir($from)) {
$iterator = self::iterator($from);
foreach ($iterator as $descendant) self::$success += self::copy_file_or_folder($descendant, $to . '/' . $iterator->getSubPathName());
}
return true;
}
// move file or folder / uses rename() wihch is recursive by default
private static function move($from, $to){
// if(Path::is_exclude($to, is_dir($from))) return false; // exclude move $to paths? Kinda pointless
if(Path::is_within_path($to, $from)) return false; // don't allow moving files or dirs into self or same location
if(file_exists($to) && filemtime($to) >= filemtime($from)) return false; // $to already exists and is newer than $from
return @rename($from, $to); // can overwrite existing older files, but fails to overwrite non-empty dirs, which is ok
}
// duplicate single file or folder recursively incrementing filename (if filename provided, use copy($from, $to) instead)
public static function duplicate($path){
// copy item recursively with unique incremental file name
return self::copy($path, self::get_unique_filename($path));
}
// run action on array of files and folders / return succes/fail array
public static function items($action, $paths, $dir = false){
// count paths / recursive iterators may add to count
self::$count = count($paths);
// loops paths
foreach ($paths as $path) self::$success += self::$action($path, ($dir ? $dir . '/' . U::basename($path) : false));
// return success and fail count
return ['success' => self::$success, 'fail' => self::$count - self::$success];
}
// return an array of downloadable files from within an array of $paths
public static function get_downloadables($paths){
// prepare downloadables array
$downloadables = [];
// loop dir $paths / only dir $paths are forwarded to check recursively, as JS already knows the files
foreach ($paths as $dir) {
if(Path::is_exclude($dir, true)) continue; // shouldn't be necessary when forwarded from frontend, but just in case
foreach (self::iterator($dir) as $item) { // loop dirs get all descendants
$path = $item->getPathname();
// create download list from readable, non-excluded files only (not dirs, as we don't download a dir)
if(!is_readable($path) || is_dir($path) || Path::is_exclude($path, false)) continue;
// send to Javascript
$downloadables[] = [
'path' => Path::relpath($path),
'url_path' => Path::urlpath($path),
'basename' => U::basename($path),
'ext' => U::extension($path),
'filesize' => filesize($path)
];
}
}
// return downloadables array
return $downloadables;
}
}
// class Zipper / extends Filemanager / create and extract zip files
class Zipper extends Filemanager {
// vars
private $zip;
private $is_json;
// construct check class_exists('ZipArchive') and create new ZipArchive
public function __construct($is_json = false){
$this->is_json = $is_json;
if(!class_exists('ZipArchive')) U::error('Missing PHP ZipArchive class', 500, $this->is_json);
$this->zip = new ZipArchive();
}
// generic open zip with errors
private function open($dest, $flags = null){
// open zip
$res = @$this->zip->open($dest, $flags);
// return error type messages / https://www.php.net/manual/en/ziparchive.open.php
$zip_open_errors = [
4 => 'Seek error.',
5 => 'Read error.',
9 => 'No such file.',
11 => 'Can\'t open file.',
10 => 'File already exists.',
14 => 'Malloc failure.',
18 => 'Invalid argument.',
19 => 'Not a zip archive.',
21 => 'Zip archive inconsistent.'
];
// die if error
if($res !== true) U::error($res && isset($zip_open_errors[$res]) ? $zip_open_errors[$res] : 'Unknown zip error', 500, $this->is_json);
}
// extract $zip_file into $dir (optional) / $dir is parent of zip if not set
public function extract($zip_file, $dir = false){
// check valid zip
if(!is_file($zip_file) || U::extension($zip_file, true) !== 'zip' || empty(filesize($zip_file))) U::error('Invalid zip file', 400, $this->is_json);
// $dir is parent of zip if not set
if(!$dir) $dir = dirname($zip_file);
// check target_dir writeable
if(!is_writable($dir)) U::error('Target dir is not writeable', 403, $this->is_json);
// open zip file
$this->open($zip_file);
// extract to target_dir
$success = @$this->zip->extractTo($dir);
// return always close() and $success
return @$this->zip->close() && $success;
}
// create a new $zip_file from multiple $paths
public function create($paths, $zip_file = false){
//
$first_path = reset($paths);
// create zip root from first array path, so we can create relative local paths inside zip
$root = dirname($first_path) . '/';
// unique incremental 'archive.zip' if multiple paths or filename.jpg.zip (don't append .zip if extension already zip)
if(!$zip_file) $zip_file = self::get_unique_filename($root . (count($paths) > 1 ? 'archive.zip' : U::basename($first_path) . (U::extension($first_path, true) !== 'zip' ? '.zip' : '')));
// create new zip file or die
$this->open($zip_file, ZipArchive::CREATE | ZipArchive::OVERWRITE);
// loop $paths to add files
foreach ($paths as $path) {
// add file or dir / if added and is_dir, add file or dir recursively
if($this->add_file_or_dir($path, $root) && is_dir($path)) foreach(self::iterator($path) as $file) $this->add_file_or_dir($file, $root);
}
// detect files count in zip
$num_files = version_compare(PHP_VERSION, '7.2.0') >= 0 ? $this->zip->count() : $this->zip->numFiles;
// success only if close() and has files and zip file exists in tar
return $this->zip->close() && !empty($num_files) && file_exists($zip_file);
}
// add_file_or_dir
private function add_file_or_dir($path, $root){
if(Path::is_exclude($path, is_dir($path)) || !is_readable($path)) return false; // file excluded, continue
$local_path = str_replace($root, '', $path); // local path relative to root
return is_dir($path) ? @$this->zip->addEmptyDir($local_path) : @$this->zip->addFile($path, $local_path);
}
}
// class Request / extract parameters for all actions
class Request {
// vars
public $action;
public $params;
private $is_post;
// construct
public function __construct(){
$this->action = U::get('action');
$this->is_post = $_SERVER['REQUEST_METHOD'] === 'POST';
// check that request method matches action, so we can't make POST requests from GET / this should be improved
if($this->is_post === in_array($this->action, ['download_dir_zip', 'preview', 'file', 'download', 'tasks', 'tests'])) $this->error('Invalid request method ' . $_SERVER['REQUEST_METHOD']);
$this->params = $this->get_request_data();
if(!is_array($this->params)) $this->error('Invalid parameters');
}
// get request data parameters
public function get_request_data(){
if(!$this->is_post) return $_GET;
if(isset($_POST) && !empty($_POST)) return $_POST;
$php_input = @json_decode(@trim(@file_get_contents('php://input')), true); // javascript fetch()
return $php_input ?: [];
}
// get specific string value parameter from data (dir, file path etc)
public function param($param){
if(!isset($this->params[$param])) return false;
if(!is_string($this->params[$param])) $this->error("Invalid $param parameter"); // must be string if exists
return trim($this->params[$param]); // trim it
}
// error response based on request type / 400 Bad Request default / 401, 403, 404, 500
public function error($err, $code = 400){
if($this->is_post) return Json::error($err);
U::error($err, $code);
}
}
// class Document / creates the main Files Gallery document response
class Document {
// private Document class vars
private $start_path = ''; // start_path extracted and validated from query or $config['start_path']
private $absolute_start_path = false; // absolute path of start_path, for validation and dirs preload
private $dirs = []; // array of dirs to be preloaded, normally root and query or start_path (if not same as root)
private $menu_exists = false; // determines if menu exists from config and checks for dirs in root
private $menu_cache_hash = false; // assign a menu cache hash so menu cache can be validated on load
private $menu_cache_file = false; // assign direct access to menu json cache file when menu_cache_validate is disabled
// document construct tasks
public function __construct(){
// first we must get and validate start_path from ?query or config start_path
$this->get_start_path();
// always get root dir array (outputs as json, for javascript)
$this->dirs[''] = (new Dir(Config::$root))->get();
// get start path dir (if valid and not same as root, in case symlinked)
if($this->absolute_start_path && Path::realpath($this->absolute_start_path) !== Config::$root) $this->dirs[$this->start_path] = (new Dir($this->absolute_start_path))->get();
// prepare menu variables menu_exists, menu_cache_hash and menu_cache_file
$this->prepare_menu();
// output main Files Gallery document HTML
$this->HTML();
}
// get start_path from ?query or from config start_path (if set)
private function get_start_path(){
// first check if we have a query path
$query_path = $this->get_query_path();
// we have a query path (although it's not necessarily a valid dir)
if($query_path){
// assign query_path as start_path
$this->start_path = $query_path;
// check and return valid root path from query path
$this->absolute_start_path = Path::valid_rootpath($this->start_path, true);
// start path from config with error response invalid (path must exist, non-excluded and must be inside root)
} else if(Config::get('start_path')) {
// get realpath from config start_path
$this->absolute_start_path = Path::realpath(Config::get('start_path'));
// error if path does not exist or !is within root or is_exclude
if(!$this->absolute_start_path || !Path::is_within_path($this->absolute_start_path, Config::$root) || Path::is_exclude($this->absolute_start_path)) U::error('Invalid start_path ' . Config::get('start_path'));
// assign root-relative start_path to forward to javascript
$this->start_path = Path::relpath($this->absolute_start_path);
}
}
// parse query_string and get first ?parameter to be considered path
private function get_query_path(){
if(!Config::get('history') || empty($_SERVER['QUERY_STRING'])) return; // only if history and QUERY_STRING
$path = explode('&', $_SERVER['QUERY_STRING'])[0]; // get first parameter in QUERY_STRING for path
if(!$path || strpos($path, '=') !== false) return; // make sure path exists and is not assigned parameter=value
return trim(rawurldecode($path), '/'); // trime and decode
}
// prepare main menu variables
private function prepare_menu(){
// exit if !menu_enabled
if(!Config::get('menu_enabled')) return;
// get root dirs / used to decide if menu_exists, breadcrumbs and to generate shallow menu_cache_hash
$root_dirs = array_filter(glob(Config::$root . '/*', GLOB_ONLYDIR|GLOB_NOSORT), function($dir){
return !Path::is_exclude($dir, true, is_link($dir));
});
// menu exists only if root_dirs is not empty
$this->menu_exists = !empty($root_dirs);
// exit if !menu_exists
if(!$this->menu_exists) return;
// get menu_cache_hash used to validate first level shallow menu cache and when !menu_cache_validate
$this->get_menu_cache_hash($root_dirs);
// get JSON menu_cache_file to forward to Javascript if menu_cache_validate is disabled
$this->get_menu_cache_file();
}
// menu_cache_hash used to validate first level shallow menu cache (no validation required) and when !menu_cache_validate
private function get_menu_cache_hash($root_dirs){
$mtime_count = filemtime(Config::$root);
foreach ($root_dirs as $root_dir) $mtime_count += filemtime($root_dir);
// create hash based on various parameters that may affect the menu
$this->menu_cache_hash = substr(md5(Config::$document_root . Config::$__dir__ . Config::$root), 0, 6) . '.' . substr(md5(Config::$version . Config::get('cache_key') . Config::get('menu_max_depth') . Config::get('menu_load_all') . (Config::get('menu_load_all') ? Config::get('files_exclude') . U::image_resize_cache_direct() : '') . Config::$has_login . Config::get('dirs_exclude') . Config::get('menu_sort')), 0, 6) . '.' . $mtime_count;
}
// get JSON menu_cache_file to forward to Javascript if menu_cache_validate is disabled
private function get_menu_cache_file(){
// exit if menu_cache_validate or !cache or !storage is_within_doc_root
if(Config::get('menu_cache_validate') || !Config::get('cache') || !Path::is_within_docroot(Config::$storagepath)) return;
// check if valid menu json cache file exists
$path = Config::$cachepath . '/menu/' . $this->menu_cache_hash . '.json';
$url_path = file_exists($path) ? Path::urlpath($path) : false;
if($url_path) $this->menu_cache_file = $url_path . '?' . filemtime($path);
}
// output main Files Gallery document HTML
private function HTML(){
// main document, output version, request time and memory
U::header('Version ' . Config::$version);
// main document html start
U::html_header($this->start_path ? U::basename($this->start_path) : './', 'menu-' . ($this->menu_exists ? 'enabled' : 'disabled sidebar-closed'));
?>
<body class="body-loading">
<main id="main">
<nav id="topbar"<?php if(Config::get('topbar_sticky')) echo ' class="topbar-sticky"'; ?>>
<div id="topbar-top">
<div id="search-container"><input id="search" class="input" type="search" placeholder="search" size="1" spellcheck="false" autocomplete="off" autocorrect="off" autocapitalize="off" disabled></div>
<div id="change-layout" class="dropdown"></div>
<div id="change-sort" class="dropdown"></div>
</div>
<div id="topbar-breadcrumbs"></div>
<div id="files-sortbar"></div>
<div class="topbar-select"></div>
<div id="topbar-info" class="info-hidden"></div>
</nav>
<div id="files-container"><div id="files" class="list files-<?php echo Config::get('layout'); ?>"></div></div>
</main>
<?php if($this->menu_exists) { ?>
<aside id="sidebar">
<button id="sidebar-toggle" type="button" class="button-icon"></button>
<div id="sidebar-inner">
<div id="sidebar-topbar"></div>
<div id="sidebar-menu"></div>
</div>
</aside>
<div id="sidebar-bg"></div>
<?php } ?>
<div id="contextmenu" class="dropdown-menu" tabindex="-1"></div>
<?php U::uinclude('include/footer.html'); ?>
<!-- javascript -->
<script>
const _c = <?php echo json_encode($this->get_javascript_config(), JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE | JSON_PARTIAL_OUTPUT_ON_ERROR); ?>;
var CodeMirror = {};
</script>
<?php
// load _files/js/custom.js if the file exists
U::uinclude('js/custom.js');
// preload all Javascript assets
foreach (array_filter([
'toastify-js@1.12.0/src/toastify.min.js',
'sweetalert2@11.12.3/dist/sweetalert2.min.js',
'animejs@3.2.2/lib/anime.min.js',
'yall-js@3.2.0/dist/yall.min.js',
'filesize@9.0.11/lib/filesize.min.js',
'screenfull@5.2.0/dist/screenfull.min.js',
'dayjs@1.11.12/dayjs.min.js',
'dayjs@1.11.12/plugin/localizedFormat.js',
'dayjs@1.11.12/plugin/relativeTime.js',
(in_array(Config::get('download_dir'), ['zip', 'files']) ? 'js-file-downloader@1.1.25/dist/js-file-downloader.min.js' : false),
'file-saver@2.0.5/dist/FileSaver.min.js',
'jszip@3.10.1/dist/jszip.min.js',
'codemirror@6.65.7/mode/meta.js',
'files.photo.gallery@' . Config::$version . '/js/files.js'
]) as $key) echo '<script src="' . U::assetspath() . $key . '"></script>' . PHP_EOL;
?></body></html><?php
// end HTML
}
// get Javascript config array / includes config properties and calculated values specifically for Javascript
private function get_javascript_config(){
// exclude config user settings for frontend (Javascript) when sensitive and/or not used in frontend
$exclude = [
'root',
'start_path',
'image_resize_cache',
'image_resize_quality',
'image_resize_function',
'image_resize_cache_direct',
'menu_load_all',
'cache_key',
'storage_path',
'files_exclude',
'dirs_exclude',
'username',
'password',
'allow_tasks',
'allow_symlinks',
'menu_recursive_symlinks',
'image_resize_sharpen',
'get_mime_type',
'license_key',
'video_thumbs',
'video_ffmpeg_path',
'folder_preview_default',
'image_resize_dimensions_allowed',
'download_dir_cache'
];
// create config array without excluded items
$config = array_diff_key(Config::$config, array_flip($exclude));
// return Javascript config array, merged (some values overridden) with main $config
return array_replace($config, [
'script' => U::basename(__FILE__), // so JS knows where to post
'menu_exists' => $this->menu_exists, // so JS knows if menu exists
'menu_cache_hash' => $this->menu_cache_hash, // hash to post from JS when loading menu to check cache
'menu_cache_file' => $this->menu_cache_file, // direct url to JSON menu cache file if !menu_cache_validate
'start_path' => $this->start_path, // assign calculated start_path for first JS load
'query_path_invalid' => $this->start_path && !$this->absolute_start_path, // invalid query path forward to JS
'dirs' => $this->dirs, // preload dirs array for Javascript, will be served as json
'dirs_hash' => U::dirs_hash(), // dirs_hash to manage JS localStorage
'resize_image_types' => U::resize_image_types(), // let JS know what image types can be resized
'image_cache_hash' => $this->get_image_cache_hash(), // image cache hash to prevent expired cached/proxy images
'image_resize_dimensions_retina' => U::image_resize_dimensions_retina(), // calculated retina
'location_hash' => md5(Config::$root), // so JS can assume localStorage for relative paths like menu items open
'has_login' => Config::$has_login, // for logout interface
'version' => Config::$version, // forward version to JS
'index_html' => intval(U::get('index_html')), // popuplated when index.html is published by plugins/files.tasks.php
'server_exif' => function_exists('exif_read_data'), // so images can be oriented from exif orientation if detected
'image_resize_memory_limit' => $this->get_image_resize_memory_limit(), // so JS can calculate what images can be resized
'md5' => $this->get_md5('6c6963656e73655f6b6579'), // calculate md5 hash
'video_thumbs_enabled' => !!U::ffmpeg_path(), // so JS can attempt to load video preview images
'lang_custom' => $this->lang_custom(), // get custom language files _files/lang/*.json
'x3_path' => X3::urlpath(), // in case of used with X3, forward X3 url path for thumbnails
'userx' => isset($_SERVER['USERX']) ? $_SERVER['USERX'] : false, // forward USERX from server (if set)
'assets' => U::assetspath(), // calculated assets path (Javascript and CSS files from CDN or local)
'watermark_files' => $this->get_watermark_files(), // get uploaded watermark files (font, image) from _files/watermark/*
'ZipArchive_enabled' => class_exists('ZipArchive'), // required for zip and unzip functions on server
'upload_max_filesize' => $this->get_upload_max_filesize() // let the upload interface know upload_max_filesize
]);
}
// get image cache hash from settings, used by JS when loading images, to prevent expired images from being served by cache/proxy
private function get_image_cache_hash(){
if(!Config::get('load_images')) return false; // exit
return substr(md5(Config::$document_root . Config::$root . Config::get('image_resize_function') . Config::get('image_resize_quality')), 0, 6);
}
// get image resize memory_limit so JS can calculate at what dimensions images can be resized
private function get_image_resize_memory_limit(){
if(!function_exists('ini_set')) return U::get_memory_limit_mb();
return (int) max(U::get_memory_limit_mb(), Config::get('image_resize_memory_limit'));
}
// calculate md5 hash from string
private function get_md5($str){
$str = Config::get(hex2bin($str));
return $str ? md5($str) : false;
}
// look for custom language files in _files/lang/*.json and forward to Javascript
private function lang_custom() {
if(!Config::$storagepath) return false;
$dir = Config::$storagepath . '/lang'; // custom languages path
$files = is_dir($dir) ? glob($dir . '/*.json') : false; // get language json files
if(empty($files)) return false; // exit
$langs = []; // start languages array
foreach ($files as $path) { // loop language files
$json = @file_get_contents($path);
$data = !empty($json) ? @json_decode($json, true) : false;
if(!empty($data)) $langs[strtok(U::basename($path), '.')] = $data; // assign language as array
}
return !empty($langs) ? $langs : false; // return array of languages with values
}
// search for watermark files (font, image) in _files/watermark/* for Uppy Compressor
private function get_watermark_files() {
if(!Config::get('allow_upload') || !Config::$storagepath || !Path::is_within_docroot(Config::$storagepath)) return false;
$dir = Config::$storagepath . '/watermark'; // _files/watermark
if(!file_exists($dir) || !is_readable($dir)) return false; // exit
$files = @glob($dir . '/*', GLOB_NOSORT); // get files in _files/watermark/*
return array_filter(array_map(function($file){
return Path::urlpath($file); // map results to relative url's loadable from Javascript
}, $files ?: [])); // default to empty array [] just in case there was some error
}
// get upload_max_filesize for uploader interface, limited by PHP upload_max_filesize, post_max_size and config upload_max_filesize
private function get_upload_max_filesize(){
if(!Config::get('allow_upload')) return 0; // just return 0 if upload is disabled
$arr = array_filter([U::ini_value_to_bytes('upload_max_filesize'), U::ini_value_to_bytes('post_max_size'), Config::get('upload_max_filesize')]); // don't include falsy values
return empty($arr) ? 0 : min($arr);
}
}
/* Files Gallery application logic starts here */
// set UTF-8 locale so that basename() and other string functions work correctly with multi-byte strings.
setlocale(LC_ALL, 'en_US.UTF-8');
// start new Config()
new Config();
// start new Login()
if(Config::$has_login) new Login();
// process actions ?action=
if(U::get('action')){
// start new request
$request = new Request();
// action shortcut
$action = $request->action;
// only allow valid actions
if(!in_array($action, ['files', 'dirs', 'load_text_file', 'check_updates', 'do_update', 'save_license', 'delete', 'text_edit', 'unzip', 'rename', 'new_file', 'new_folder', 'zip', 'copy', 'move', 'duplicate', 'get_downloadables', 'upload', 'download_dir_zip', 'preview', 'file', 'download', 'tasks', 'tests'])) $request->error("Invalid action '$action'");
// check if actions with config allow_{$ACTION} (most write actions) are allowed
if(isset(Config::$config['allow_' . $action]) && !Config::get('allow_' . $action)) $request->error("$action not allowed");
// block all write actions in demo mode (that's what demo_mode option is for)
if(Config::get('demo_mode') && in_array($action, ['upload', 'delete', 'rename', 'new_folder', 'new_file', 'duplicate', 'text_edit', 'zip', 'unzip', 'move', 'copy'])) $request->error("$action not allowed in demo mode");
// block all download actions [get_downloadables, download_dir_zip, download] if !allow_download
if(!Config::get('allow_download') && strpos($action, 'download') !== false) $request->error('Download not allowed');
// block all mass download actions [get_downloadables, download_dir_zip] if !allow_mass_download
if(!Config::get('allow_mass_download') && in_array($action, ['get_downloadables', 'download_dir_zip'])) $request->error('Mass download not allowed');
// prepare and validate $dir (full) from ?file parameter (if isset) for various actions
$dir = $request->param('dir');
if($dir !== false){ // explicitly check !== false because $dir could be valid '' empty (root)
$dir = Path::valid_rootpath($dir, true);
if(!$dir) $request->error('Invalid dir path');
// some actions require $dir to be writeable
if(in_array($action, ['copy', 'move', 'unzip', 'upload']) && !is_writable($dir)) $request->error('Dir is not writeable');
// actions that strictly require $dir (it's optional for some actions)
} else if(in_array($action, ['files', 'copy', 'move', 'upload', 'download_dir_zip', 'preview'])){
$request->error('Missing dir parameter');
}
// prepare and validate $file (full) from ?file parameter (if isset) for various actions
$file = $request->param('file');
if($file){
$file = Path::valid_rootpath($file);
if(!$file) $request->error('Invalid file path');
// actions that strictly require $file
} else if(in_array($action, ['load_text_file', 'file', 'download'])){
$request->error('Missing file parameter');
}
// validate items for Filemanager actions (all but upload)
if(isset($request->params['items'])){
// assign $items
$items = $request->params['items'];
// invalid $items if false, empty array or !array
if(empty($items) || !is_array($items)) $request->error('Invalid items parameter');
// assign [paths] / make sure each item.path exists, is valid, not excluded, and relative to Config::$root
$paths = array_values(array_filter(array_map(function($item){
return Path::valid_rootpath($item['path'], $item['is_dir']);
}, $items)));
// no valid item paths
if(empty($paths)) $request->error('Invalid item paths');
// shortcut because many actions only apply to a single item
$first_path = reset($paths);
// only actions new_file and new_file are allowed on root dir / other actions don't make sense for root
if($first_path === Config::$root && !in_array($action, ['new_file', 'new_folder'])) $request->error("Can't $action root directory");
// prepare $new_path for actions rename (required), new_file, new_folder, zip and duplicate
$new_path = false; // instantiate var because it's optional for all actions except rename
$name = $request->param('name'); // get ?name parameter
if($name !== false) {
// check if $name is allowed
if(!Filemanager::name_is_allowed($name)) $request->error(trim("Invalid name $name"));
// get parent dir / if new_folder or new_file, use selected item path, else dirname() of selected item path
$parent_dir = in_array($action, ['new_folder', 'new_file']) ? $first_path : dirname($first_path);
if(!is_dir($parent_dir)) $request->error('Not a directory'); // parent path must be dir
if(!is_writable($parent_dir)) $request->error('Dir is not writeable'); // dir must be writeable
// assign $new_path from $name
$new_path = $parent_dir . '/' . $name;
if(file_exists($new_path)) $request->error((is_dir($new_path) ? 'Dir' : 'File') . ' already exists');
}
// actions that require items parameter
} else if(in_array($action, ['copy', 'delete', 'duplicate', 'get_downloadables', 'move', 'new_file', 'new_folder', 'rename', 'text_edit', 'unzip', 'zip'])){
$request->error('Missing items parameter');
}
/* ACTIONS */
// get files from dir_target
if($action === 'files') {
// output dir array in json format (checks json cache first)
(new Dir($dir))->json();
// get dirs for menu
} else if($action=== 'dirs'){
new Dirs();
// read text file
} else if($action === 'load_text_file'){
if(filesize($file) > Config::get('code_max_load')) U::error('File size exceeds `code_max_load`', 400);
header('content-type: text/plain; charset=UTF-8');
if(@readfile($file) === false) U::error('failed to read file', 500);
// check Files Gallery updates JSON file from jsdelivr.com repository
} else if($action === 'check_updates'){
$json = @json_decode(@file_get_contents('https://data.jsdelivr.com/v1/package/npm/files.photo.gallery'), true);
$latest = !empty($json) && isset($json['versions'][0]) && version_compare($json['versions'][0], Config::$version) > 0 ? $json['versions'][0] : false;
Json::jexit([
'success' => $latest,
'writeable' => $latest && is_writable(__FILE__) // only check if __FILE__ is writeable if $latest
]);
// attempt to update Files Gallery index.php to latest version via remote repository jsdelivr.com
} else if($action === 'do_update'){
// various requirements, which would normally be satisfied if accessed from the interface
$version = $request->param('version');
if(!$version || !Config::get('allow_check_updates') || version_compare($version, Config::$version) <= 0 || !is_writable(__FILE__)) $request->error('Error');
$get = @file_get_contents('https://cdn.jsdelivr.net/npm/files.photo.gallery@' . $version . '/index.php');
if(empty($get) || strpos($get, '<?php') !== 0 || !@file_put_contents(__FILE__, $get)) Json::error('failed to update');
Json::jexit(['success' => true]);
// save input license key to user config
} else if($action === 'save_license'){
$key = $request->param('key');
Json::jexit([
'success' => $key && Config::$storageconfigpath && Config::save(['license_key' => $key]),
'md5' => $key ? md5($key) : false
]);
// delete items
} else if($action === 'delete') {
Filemanager::json(Filemanager::items('delete', $paths), 'failed to delete items');
// text_edit write to file
} else if($action === 'text_edit'){
if(!isset($request->params['text']) || !is_string($request->params['text'])) $request->error('Invalid text parameter');
if(!is_writeable($first_path)) $request->error('File is not writeable');
if(!is_file($first_path)) $request->error('Not a file');
if(@file_put_contents($first_path, $request->params['text']) === false) $request->error('failed to write to file', 500);
@touch(dirname($first_path)); // invalidate cache by updating parent dir mtime
Filemanager::json(true, 'failed to write to file');
// unzip zip file
} else if($action === 'unzip'){
// extract single zip file to $dir / if !$dir, it uses zip file parent
Filemanager::json((new Zipper(true))->extract($first_path, $dir), 'Failed to extract zip file');
// rename
} else if($action === 'rename'){
// new_path (derrved from $name) is required for rename action
if(!$new_path) $request->error('Missing name parameter');
// attempt to rename single file
Filemanager::json(@rename($first_path, $new_path), 'Rename failed');
// new_file
} else if($action === 'new_file'){
// attempt to create new file from $new_path or assign unique incremental filename "untitled-file.txt"
Filemanager::json(@touch($new_path?:Filemanager::get_unique_filename($first_path . '/untitled-file.txt')), 'Create new file failed');
// new_folder
} else if($action === 'new_folder'){
// attempt to create new directory from $new_path or assign unique incremental folder name from "untitled-folder"
Filemanager::json(@mkdir($new_path?:Filemanager::get_unique_filename($first_path . '/untitled-folder')), 'Create new folder failed');
// zip items / $new_path is optional, will create auto-named zip in current dir if empty
} else if($action === 'zip') {
Filemanager::json((new Zipper(true))->create($paths, $new_path), 'Failed to zip items');
// copy or move use identical pre-process
} else if(in_array($action, ['copy', 'move'])) {
// don't allow copy/move items over themselves copy/move dirs into themselves (may cause infinite recursion)
// this is already blocked in copy function, but better detect up front for items array and respond appropriately
$valid_copy_move_paths = array_filter($paths, function($path) use ($dir){
return !Path::is_within_path($dir . '/' . U::basename($path), $path);
});
// can't copy/move into self error
if(empty($valid_copy_move_paths)) $request->error("can't $action into self");
// response
Filemanager::json(Filemanager::items($action, $valid_copy_move_paths, $dir), $action . ' failed');
// duplicate / really just a shortcut for copy into same dir
} else if($action === 'duplicate') {
// duplicates a single item with provided $name (pre-assigned to $new_path)
if($new_path) Filemanager::json(Filemanager::copy($first_path, $new_path), 'duplicate failed');
// duplicates an array of files and dirs, automatically incrementing file names
Filemanager::json(Filemanager::items('duplicate', $paths), 'duplicate failed');
// get_downloadables returns an array of downloadable files recursively from an array of directories
} else if($action === 'get_downloadables'){
// return an array of downloadable files from within an array of $paths
Json::jexit(Filemanager::get_downloadables($paths));
// upload
} else if($action === 'upload'){
// get $_FILES['file'] array
$upload = isset($_FILES) && isset($_FILES['file']) && is_array($_FILES['file']) ? $_FILES['file'] : false;
// invalid $_FILES['file']
if(empty($upload) || !isset($upload['error']) || is_array($upload['error'])) $request->error('Invalid $_FILES[]');
// PHP meaningful file upload errors / https://www.php.net/manual/en/features.file-upload.errors.php
if($upload['error'] !== 0) {
$upload_errors = [
1 => 'Uploaded file exceeds upload_max_filesize directive in php.ini',
2 => 'Uploaded file exceeds MAX_FILE_SIZE directive specified in the HTML form',
3 => 'The uploaded file was only partially uploaded',
4 => 'No file was uploaded',
6 => 'Missing a temporary folder',
7 => 'Failed to write file to disk.',
8 => 'A PHP extension stopped the file upload.'
];
$request->error(isset($upload_errors[$upload['error']]) ? $upload_errors[$upload['error']] : 'unknown error');
}
// invalid $upload['size']
if(!isset($upload['size']) || empty($upload['size'])) $request->error('Invalid file size');
// $upload['size'] must not exceed $config['upload_max_filesize']
if(Config::get('upload_max_filesize') && $upload['size'] > Config::get('upload_max_filesize')) $request->error('File size [' . $upload['size'] . '] exceeds upload_max_filesize option [' . Config::get('upload_max_filesize') . ']');
// get filename
$filename = $upload['name'];
// for security reasons, slashes are never allowed in file names
if(strpos($filename, '/') !== false || strpos($filename, '\\') !== false) $request->error('Illegal \slash/ in filename ' . $filename);
// get allowed_file_types / 'image/*, .pdf, .mp4'
$allowed_file_types = Config::get('upload_allowed_file_types') ? array_filter(array_map('trim', explode(',', Config::get('upload_allowed_file_types')))) : false;
// check allowed_file_types
if(!empty($allowed_file_types)){
$mime = U::mime($upload['tmp_name']) ?: $upload['type']; // mime from PHP or upload[type]
$ext = U::extension($filename, true, true); // get extension lowercase starting with .dot
$is_valid = false; // default !is_valid until validated
// check if extension match || wildcard match mime type image/*
foreach ($allowed_file_types as $allowed_file_type) if($ext === ('.' . ltrim($allowed_file_type, '.')) || fnmatch($allowed_file_type, $mime)) {
$is_valid = true;
break;
}
// invalid file type
if(!$is_valid) $request->error("Invalid file type $filename");
// for additional security, check if uploaded image is an actual image with exif_imagetype() function
if(function_exists('exif_imagetype') && in_array($ext, ['.gif', '.jpeg', '.jpg', '.png', '.swf', '.psd', '.bmp', '.tif', '.tiff', 'webp', 'avif']) && !@exif_imagetype($upload['tmp_name'])) $request->error("Invalid image type $filename");
}
// create subdirs when relativePath exists (keeps folder structure from drag and drop)
$relative_path = $request->param('relativePath');
if(!empty($relative_path) && $relative_path != 'null' && $relative_path != $filename && strpos($relative_path, '/') !== false){
$new_dir = dirname("$dir/$relative_path");
if(file_exists($new_dir) || @mkdir($new_dir, 0777, true)) $dir = $new_dir;
}
// assign move to path
$move_path = "$dir/$filename";
// fail if config upload_exists === false
if(Config::get('upload_exists') === 'fail' && file_exists($move_path)) $request->error("$filename already exists");
// increment file name if file name already exists
if(Config::get('upload_exists') === 'increment') $move_path = Filemanager::get_unique_filename($move_path);
// all is well! attempt to move_uploaded_file() / JSON RESPONSE
Filemanager::json([
'success' => @move_uploaded_file($upload['tmp_name'], $move_path),
'filename' => $filename, // return filename in case it was incremented or renamed
'url' => Path::urlpath($move_path) // for usage with showLinkToFileUploadResult
], 'failed to move_uploaded_file()');
// $_GET download_dir_zip / download files in directory as zip file
} else if($action === 'download_dir_zip'){
// check download_dir enabled
if(Config::get('download_dir') !== 'zip') $request->error('download_dir zip disabled');
// create zip cache directly in dir (recommended, so that dir can be renamed while zip cache remains)
if(!Config::$storagepath || Config::get('download_dir_cache') === 'dir') {
if(!is_writable($dir)) $request->error('Dir is not writeable', 500);
$zip_file_name = '_files.zip';
$zip_file = $dir . '/' . $zip_file_name;
// create zip file in storage _files/zip/$dirname.$md5.zip /
} else {
U::mkdir(Config::$storagepath . '/zip');
$zip_file_name = U::basename($dir) . '.' . substr(md5($dir), 0, 6) . '.zip';
$zip_file = Config::$storagepath . '/zip/' . $zip_file_name;
}
// cached / download_dir_cache && file_exists() && zip is not older than dir time
$cached = Config::get('download_dir_cache') && file_exists($zip_file) && filemtime($zip_file) >= filemtime($dir);
// create zip if !cached
if(!$cached && !(new Zipper())->create([$dir], $zip_file)) $request->error('Failed to create ZIP file', 500);
// ignore user abort so we can delete file also on download cancel
if(!Config::get('download_dir_cache')) @ignore_user_abort(true);
// output zip file as download using correct headers and readfile()
U::download($zip_file, $zip_file_name . ($cached ? ' cached' : ' created'), 'application/zip', U::basename($dir) . '.zip');
// delete temporary zip file if cache disabled
if(!Config::get('download_dir_cache')) @unlink($zip_file);
// $_GET folder preview from images/video inside dir
} else if($action === 'preview'){
// allow folder preview image only if folder_preview_image, load_images, image_resize_enabled and cache
foreach (['folder_preview_image', 'load_images', 'image_resize_enabled', 'image_resize_cache'] as $key) if(!Config::get($key)) $request->error("Config option $key disabled", 403);
// 1. first check if default folder_preview_default '_filespreview.jpg' exists in dir / must be resized
$default = Config::get('folder_preview_default') ? $dir . '/' . Config::get('folder_preview_default') : false;
if($default && file_exists($default)) {
U::message(Config::get('folder_preview_default'));
new ResizeImage($default, Config::get('image_resize_dimensions')); // default resize for small preview images
}
// 2. assign cache path
$cache = Config::$cachepath . '/images/preview.' . substr(md5($dir), 0, 6) . '.jpg';
// check if preview cache file exists / _files/cache/images/preview.HASH.jpg
if(file_exists($cache)) {
// make sure cache file is valid (must be newer than dir updated time)
if(filemtime($cache) >= filemtime($dir)) U::readfile($cache, 'image/jpeg', 'Preview image from cache', true);
// delete expired cache file if is older than dir updated time [silent]
@unlink($cache);
}
// 3. glob files to look for images and video
$files = U::glob("$dir/*");
// files found
if(!empty($files)) {
// prepare arrays of supported image and video formats
$image_types = U::resize_image_types();
$video_types = U::ffmpeg_path() ? ['mp4', 'm4v', 'm4p', 'webm', 'ogv', 'mkv', 'avi', 'mov', 'wmv'] : [];
// loop files to locate first match
foreach ($files as $file) {
// get extension lowercase
$ext = U::extension($file, true);
if(empty($ext)) continue; // skip if no extension
// match image or video, return target resize_dimensions if image
$match = in_array($ext, $image_types) ? Config::get('image_resize_dimensions') : (in_array($ext, $video_types) ? 'video' : false);
if(!$match) continue; // skip if extension not supported
// skip if is_exclude or !readable
if(Path::is_exclude($file, false) || !is_readable($file)) continue;
// get preview image ro video, and clone into preview $cache for faster access on next request for dir
new FileResponse($file, $match, $cache);
break; exit; // just in case, although new FileResponse() will exit on U::readfile()
}
}
// 4. nothing found (no images in dir)
// create empty 1px in $cache, and output (so next check knows dir is empty or has no images, unless updated)
if(imagejpeg(imagecreate(1, 1), $cache)) U::readfile($cache, 'image/jpeg', '1px placeholder image created and cached', true);
// $_GET file / resize parameter for preview images, else will proxy any file
} else if($action === 'file'){
new FileResponse($file, U::get('resize'));
// $_GET force download single file by PHP
} else if($action === 'download'){
// output file as download using correct headers and readfile()
U::download($file, 'Download ' . U::basename($file), U::mime($file) ?: 'application/octet-stream', U::basename($file));
// $_GET tasks plugin (for pre-caching or clearing cache, not official plugin yet ...)
} else if($action === 'tasks'){
if(!U::uinclude('plugins/files.tasks.php')) $request->error('Can\'t find tasks plugin', 404);
// output PHP and server features by url ?action=tests / for diagnostics only
} else if($action === 'tests'){
new Tests();
// invalid action 400
} else {
$request->error("Invalid action $action");
}
// output main Files Gallery document html if !action
} else {
new Document();
}
// THE END!
⚡ 会员下载
登录后可见积分下载
登录后可使用积分下载
本站资源仅供学习交流使用请勿商业运营,严禁使用模板&源码从事违法,侵权等非法活动!如链接失效内容有误,请到评论反馈。
免费声明
- 本网站的文章内容可能来源于网络,仅供大家学习与参考,如有侵权,请联系站长QQ:304906607进行删除处理。
- 文章采用: 《署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0)。
- 本站资源大多存储在云盘,如发现链接失效,请联系我们我们会第一时间更新。
- 本站一切资源不代表本站立场,并不代表本站赞同其观点和对其真实性负责。
- 本站一律禁止以任何方式发布或转载任何违法的相关信息,访客发现请向站长举报
- 本站永久网址:https://www.aybk.cn
秋云商城公益版发布:全面解密功能增强
« 上一篇
10-07
一个隐藏视频的小玩意
下一篇 »
10-06
发表评论
请先登录后才能发表评论