LDAPAccountManager/lam/templates/upload/massDoUpload.php

<?php
namespace LAM\UPLOAD;
/*

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2004 - 2018  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

/**
* Creates LDAP accounts for file upload.
*
* @author Roland Gruber
* @package tools
*/

/** security functions */
include_once(__DIR__ . "/../../lib/security.inc");
/** access to configuration */
include_once(__DIR__ . '/../../lib/config.inc');
/** LDAP handle */
include_once(__DIR__ . '/../../lib/ldap.inc');
/** status messages */
include_once(__DIR__ . '/../../lib/status.inc');
/** account modules */
include_once(__DIR__ . '/../../lib/modules.inc');
/** PDF */
include_once(__DIR__ . '/../../lib/pdf.inc');


// Start session
startSecureSession();
enforceUserIsLoggedIn();

// check if this tool may be run
checkIfToolIsActive('toolFileUpload');

// die if no write access
if (!checkIfWriteAccessIsAllowed()) die();

// Redirect to startpage if user is not loged in
if (!isLoggedIn()) {
	metaRefresh("../login.php");
	exit;
}

// Set correct language, codepages, ....
setlanguage();

include __DIR__ . '/../../lib/adminHeader.inc';
$typeId = htmlspecialchars($_SESSION['mass_typeId']);
$typeManager = new \LAM\TYPES\TypeManager();
$type = $typeManager->getConfiguredType($typeId);

// check if account type is ok
if ($type->isHidden()) {
	logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $type->getId());
	die();
}
if (!checkIfNewEntriesAreAllowed($type->getId()) || !checkIfWriteAccessIsAllowed($type->getId())) {
	logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $type->getId());
	die();
}

echo '<div id="uploadContent" class="' . $type->getScope() . '-bright smallPaddingContent">';
$tokenPrefix = '?' . getSecurityTokenName() . '=' . getSecurityTokenValue();
?>
	<script type="text/javascript">
		jQuery(document).ready(function(){
			window.lam.upload.continueUpload('../misc/ajax.php?function=upload&typeId=' + '<?php echo $type->getId() ?>', '<?php echo getSecurityTokenName(); ?>', '<?php echo getSecurityTokenValue(); ?>');
		});
	</script>

<?php
echo '</div>';
include __DIR__ . '/../../lib/adminFooter.inc';
?>
Ajax file upload 2016-12-07 20:18:06 +00:00			`<?php`
new type API for upload 2017-01-07 17:23:04 +00:00			`namespace LAM\UPLOAD;`
Ajax file upload 2016-12-07 20:18:06 +00:00			`/*`

			`This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)`
changed CSRF token handling from GET to POST 2018-03-14 19:06:09 +00:00			`Copyright (C) 2004 - 2018 Roland Gruber`
Ajax file upload 2016-12-07 20:18:06 +00:00
			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; either version 2 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program; if not, write to the Free Software`
			`Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA`

			`*/`

			`/**`
			`* Creates LDAP accounts for file upload.`
			`*`
			`* @author Roland Gruber`
			`* @package tools`
			`*/`

			`/** security functions */`
refactoring 2018-12-23 16:28:42 +00:00			`include_once(__DIR__ . "/../../lib/security.inc");`
Ajax file upload 2016-12-07 20:18:06 +00:00			`/** access to configuration */`
refactoring 2018-12-23 16:28:42 +00:00			`include_once(__DIR__ . '/../../lib/config.inc');`
Ajax file upload 2016-12-07 20:18:06 +00:00			`/** LDAP handle */`
refactoring 2018-12-23 16:28:42 +00:00			`include_once(__DIR__ . '/../../lib/ldap.inc');`
Ajax file upload 2016-12-07 20:18:06 +00:00			`/** status messages */`
refactoring 2018-12-23 16:28:42 +00:00			`include_once(__DIR__ . '/../../lib/status.inc');`
Ajax file upload 2016-12-07 20:18:06 +00:00			`/** account modules */`
refactoring 2018-12-23 16:28:42 +00:00			`include_once(__DIR__ . '/../../lib/modules.inc');`
Ajax file upload 2016-12-07 20:18:06 +00:00			`/** PDF */`
refactoring 2018-12-23 16:28:42 +00:00			`include_once(__DIR__ . '/../../lib/pdf.inc');`
Ajax file upload 2016-12-07 20:18:06 +00:00

			`// Start session`
			`startSecureSession();`
check if user is logged in 2017-02-11 16:11:37 +00:00			`enforceUserIsLoggedIn();`
Ajax file upload 2016-12-07 20:18:06 +00:00
			`// check if this tool may be run`
			`checkIfToolIsActive('toolFileUpload');`

			`// die if no write access`
			`if (!checkIfWriteAccessIsAllowed()) die();`

			`// Redirect to startpage if user is not loged in`
			`if (!isLoggedIn()) {`
			`metaRefresh("../login.php");`
			`exit;`
			`}`

			`// Set correct language, codepages, ....`
			`setlanguage();`

refactoring 2018-12-23 16:28:42 +00:00			`include __DIR__ . '/../../lib/adminHeader.inc';`
new type API for upload 2017-01-07 17:23:04 +00:00			`$typeId = htmlspecialchars($_SESSION['mass_typeId']);`
			`$typeManager = new \LAM\TYPES\TypeManager();`
			`$type = $typeManager->getConfiguredType($typeId);`
Ajax file upload 2016-12-07 20:18:06 +00:00
			`// check if account type is ok`
new type API for upload 2017-01-07 17:23:04 +00:00			`if ($type->isHidden()) {`
			`logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $type->getId());`
Ajax file upload 2016-12-07 20:18:06 +00:00			`die();`
			`}`
new type API for upload 2017-01-07 17:23:04 +00:00			`if (!checkIfNewEntriesAreAllowed($type->getId()) \|\| !checkIfWriteAccessIsAllowed($type->getId())) {`
			`logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $type->getId());`
Ajax file upload 2016-12-07 20:18:06 +00:00			`die();`
			`}`

new type API for upload 2017-01-07 17:23:04 +00:00			`echo '<div id="uploadContent" class="' . $type->getScope() . '-bright smallPaddingContent">';`
Ajax file upload 2016-12-07 20:18:06 +00:00			`$tokenPrefix = '?' . getSecurityTokenName() . '=' . getSecurityTokenValue();`
			`?>`
			`<script type="text/javascript">`
			`jQuery(document).ready(function(){`
changed CSRF token handling from GET to POST 2018-03-14 19:06:09 +00:00			`window.lam.upload.continueUpload('../misc/ajax.php?function=upload&typeId=' + '<?php echo $type->getId() ?>', '<?php echo getSecurityTokenName(); ?>', '<?php echo getSecurityTokenValue(); ?>');`
Ajax file upload 2016-12-07 20:18:06 +00:00			`});`
			`</script>`

			`<?php`
			`echo '</div>';`
refactoring 2018-12-23 16:28:42 +00:00			`include __DIR__ . '/../../lib/adminFooter.inc';`
Ajax file upload 2016-12-07 20:18:06 +00:00			`?>`