'swfupload_js', 'access callback' => 'swfupload_upload_access', 'type' => MENU_CALLBACK, 'file' => 'swfupload.admin.inc', ); return $items; } /** * Validate access to the swfuploadpath */ function swfupload_upload_access() { $result = FALSE; $p = (object) $_POST; // Validate the request. if (!empty($p->sid)) { // $hash_arr[0] is the uid the user wants to athenticate for. // $hash_arr[1] is the md5-hashed sid of drupals authetication token. $hash_arr = explode('*', _swfupload_hex2bin($p->sid)); $uid = $hash_arr[0]; $token = $hash_arr[1]; if ($uid == 0) { // If the uid is 0, there will be no session id. // We'll check if the hash of the current remote address matches the sent one. return ($token == md5($_SERVER['REMOTE_ADDR'])); } // Get all session for the provided user $result = db_query('SELECT sid FROM {sessions} WHERE uid = :uid', array(':uid' => $uid)); // There is no user with that uid, deny permission. if ($result == FALSE) { return FALSE; } $valid_sids = array(); // create our hashes we need for verification foreach ($result as $row) { $valid_sids[$row->sid] = md5($row->sid); } // If the hashed session is is present in the stored hashed session ids from the database, // and if there weren't more that 5 invalid attempts for matching, // make the user account global so other modules can use its credentials. if (in_array($token, $valid_sids) && flood_is_allowed('swfupload_restore_session', 5)) { // Use the global user, as we are about to store the loaded account object in it. global $user; // Now load the global user object to "login". We use the $uid provided, as we verfified // that the token is correct (and matches this user) $user = user_load($uid); // This is needed. Most people forget about this - thats why forms wont work anymore ... the validation fails (token). session_id(array_search($token, $valid_sids)); // As the user session is restored, check for general rights to use swfupload return user_access('upload files with swfupload'); } else { // Register unwanted attempts to rstore the session. flood_register_event('swfupload_restore_session'); } // The sid doesn't exist for this user or its a flood attack return FALSE; } // No session ID is set, we can assume we're still in the same session return (!empty($p->op) && user_access('upload files with swfupload')); } /** * Implements hook_theme(). */ function swfupload_theme() { return array( 'swfupload_widget' => array( 'render element' => 'element', ), ); } /** * Implements hook_elements(). */ function swfupload_element_info() { $path = drupal_get_path('module', 'swfupload'); return array( 'swfupload_widget' => array( '#process' => array('swfupload_widget_process'), '#value_callback' => 'swfupload_widget_value', '#input' => TRUE, '#attached' => array( 'js' => array( 'misc/tabledrag.js' => array('weight' => -10), $path . '/js/swfupload_widget.js' => array('weight' => 10), ), 'css' => array( $path . '/swfupload.css', ), ), '#theme' => 'swfupload_widget', '#theme_wrappers' => array('form_element'), ), ); } /** * Implements hook_swfupload(). */ function swfupload_swfupload(&$file, $op, &$instance, $instance_settings) { switch ($op) { case 'init': $columns = 0; if ($instance_settings->description_field) { $instance->elements['description'] = $instance->elements['filename']; $instance->elements['description']['type'] = 'textfield'; $instance->elements['drag']['title'] = t('Description'); unset($instance->elements['filename']); } if ($instance_settings->display_field) { $instance->elements['display'] = array( 'title' => t('Display'), 'type' => 'checkbox', 'default_value' => $instance_settings->display_default, 'class' => 'checkbox', 'contains_progressbar' => TRUE, 'add_separator' => TRUE, ); $columns++; } foreach (array('alt' => t('Alt'), 'title' => t('Title')) as $elem => $title) { if (!empty($instance_settings->{$elem . '_field'})) { $instance->elements[$elem] = array( 'title' => $title, 'type' => ($instance_settings->{$elem . '_type'} ? $instance_settings->{$elem . '_type'} : 'textfield'), 'default_value' => $instance_settings->{$elem}, 'class' => 'text', 'contains_progressbar' => TRUE, 'add_separator' => TRUE, ); // Replace tokens. if (module_exists('token')) { $instance->elements[$elem]['default_value'] = token_replace($instance->elements[$elem]['default_value']); } $columns++; } } if ($columns == 0) { $instance->elements['progress'] = array( 'type' => 'markup', 'value' => ' ', 'class' => 'checkbox', 'contains_progressbar' => TRUE, ); } unset($instance->elements[$elem]['add_separator']); break; case 'move_uploaded_file': if (isset($_FILES["Filedata"]) && is_uploaded_file($_FILES["Filedata"]["tmp_name"]) && $_FILES["Filedata"]["error"] == 0) { // Set a message of the type 'swfupload_error' in order to place the message in the progressbar. drupal_set_message(t('There was an error uploading the file'), 'swfupload_error'); return; } $_FILES['files']['name'][$instance->name] = reset($_FILES[$instance->name]['name']); $_FILES['files']['type'][$instance->name] = reset($_FILES[$instance->name]['type']); $_FILES['files']['tmp_name'][$instance->name] = reset($_FILES[$instance->name]['tmp_name']); $_FILES['files']['error'][$instance->name] = reset($_FILES[$instance->name]['error']); $_FILES['files']['size'][$instance->name] = reset($_FILES[$instance->name]['size']); // Replace tokens. if (module_exists('token')) { $file->file_path = token_replace($file->file_path, 'user'); } // Check if the file directory exists file_prepare_directory($file->file_path, FILE_CREATE_DIRECTORY); if (user_access('upload files with swfupload') && ($file = file_save_upload($instance->name, $file->validators, $file->file_path))) { if (image_get_info($file->uri)) { $file->thumb = swfupload_thumb($file); } break; } drupal_set_message(t('There was an error uploading the file'), 'swfupload_error'); break; } } /** * Implements hook_library(). */ function swfupload_libraries_info() { $libraries = array( 'swfupload' => array( 'name' => 'SWFUpload', 'vendor url' => 'http://code.google.com/p/swfupload/', 'version arguments' => array( 'file' => 'swfupload.js', 'pattern' => '/SWFUpload.version \= \"([0-9.]{1,}) ([0-9-]{1,})\"/', 'lines' => 60, ), 'files' => array( 'js' => array('swfupload.js'), ), ), ); return $libraries; } /** * Implements hook_requirements(). */ function swfupload_requirements($phase) { $requirements = array(); $library = libraries_load('swfupload'); // Ensure translations don't break at install time $t = get_t(); // Report Drupal version if ($phase == 'runtime') { $requirements['swfupload'] = array( 'title' => $t('SWFUpload'), 'value' => empty($library) ? t('SWFUpload library was not found!') : $library['version'], 'severity' => empty($library) ? REQUIREMENT_ERROR : REQUIREMENT_OK, ); } return $requirements; } /** * Generates an unique key, used for validating upload requests */ function _swfupload_post_key() { global $user; return bin2hex($user->uid . '*' . md5(($user->uid && $user->sid) ? $user->sid : $_SERVER['REMOTE_ADDR'])); } /** * Converts an hexadecimal string to binairy */ function _swfupload_hex2bin($h) { if (!is_string($h)) { return NULL; } $r = ''; for ($a = 0; $a < drupal_strlen($h); $a += 2) { $r .= chr(hexdec($h{$a} . $h{($a + 1)})); } return $r; } /** * Create a thumbnail to be shown in the swfupload table. */ function swfupload_thumb($file) { // Force an object. $file = (object) $file; return image_style_url('thumbnail', $file->uri); }