1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
<?php
/*
* Copyright 2014 Florian "Bluewind" Pritz <bluewind@server-speed.net>
*
* Licensed under AGPLv3
* (see COPYING for full license text)
*
*/
class Mmultipaste extends CI_Model {
function __construct()
{
parent::__construct();
$this->load->model("muser");
$this->load->model("mfile");
}
/**
* Returns an unused ID
*
* @param min minimal length of the resulting ID
* @param max maximum length of the resulting ID
*/
public function new_id($min = 3, $max = 6)
{
static $id_blacklist = NULL;
if ($id_blacklist == NULL) {
// This prevents people from being unable to access their uploads
// because of URL rewriting
$id_blacklist = scandir(FCPATH);
$id_blacklist[] = "file";
$id_blacklist[] = "user";
}
$max_tries = 100;
for ($try = 0; $try < $max_tries; $try++) {
$id = "m-".random_alphanum($min, $max);
// TODO: try to insert the id into file_groups instead of checking with
// id_exists (prevents race conditio)
if ($this->id_exists($id) || in_array($id, $id_blacklist)) {
continue;
}
$this->db->insert("multipaste", array(
"url_id" => $id,
"user_id" => $this->muser->get_userid(),
"date" => time(),
));
return $id;
}
throw new \exceptions\PublicApiException("file/new_id-try-limit", "Failed to find unused ID after $max_tries tries");
}
public function id_exists($id)
{
if (!$id) {
return false;
}
$sql = '
SELECT url_id
FROM '.$this->db->dbprefix.'multipaste
WHERE url_id = ?
LIMIT 1';
$query = $this->db->query($sql, array($id));
return $query->num_rows() == 1;
}
public function valid_id($id)
{
$files = $this->get_files($id);
if (count($files) === 0) {
return false;
}
foreach ($files as $file) {
if (!$this->mfile->valid_id($file["id"])) {
return false;
}
}
return true;
}
function adopt($id)
{
$userid = $this->muser->get_userid();
$this->db->set(array('user_id' => $userid ))
->where('url_id', $id)
->where('user_id', 0)
->update('multipaste');
return $this->db->affected_rows();
}
public function get_tarball_path($id)
{
return $this->config->item("upload_path")."/special/multipaste-tarballs/".substr(md5($id), 0, 3)."/$id.tar.gz";
}
public function delete_by_user($userid)
{
$query = $this->db->select("url_id")
->where("user_id", $userid)
->get("multipaste")->result_array();
$ids = array_map(function ($a) {return $a['url_id'];}, $query);
foreach ($ids as $id) {
$this->delete_id($id);
}
}
public function delete_id($id)
{
$this->db->where('url_id', $id)
->delete('multipaste');
$path = $this->get_tarball_path($id);
$f = new \service\storage($this->get_tarball_path($id));
$f->unlink();
return $this->id_exists($id);
}
public function get_owner($id)
{
return $this->db->query("
SELECT user_id
FROM ".$this->db->dbprefix."multipaste
WHERE url_id = ?
", array($id))->row_array()["user_id"];
}
public function get_multipaste($id)
{
return $this->db->query("
SELECT url_id, user_id, date
FROM ".$this->db->dbprefix."multipaste
WHERE url_id = ?
", array($id))->row_array();
}
public function get_files($url_id)
{
$ret = array();
$query = $this->db->query("
SELECT mfm.file_url_id
FROM ".$this->db->dbprefix."multipaste_file_map mfm
JOIN ".$this->db->dbprefix."multipaste m ON m.multipaste_id = mfm.multipaste_id
WHERE m.url_id = ?
ORDER BY mfm.sort_order
", array($url_id))->result_array();
foreach ($query as $row) {
$filedata = $this->mfile->get_filedata($row["file_url_id"]);
$ret[] = $filedata;
}
return $ret;
}
public function get_multipaste_id($url_id)
{
$query = $this->db->query("
SELECT multipaste_id
FROM ".$this->db->dbprefix."multipaste
WHERE url_id = ?
", array($url_id));
if ($query->num_rows() > 0) {
return $query->row_array()["multipaste_id"];
}
return false;
}
}
|
