westdc-ftp/web/proftp_upload.php

80 lines
2.5 KiB
PHP
Raw Permalink Normal View History

<?php
require_once('mydir.php');
$link = pg_connect("dbname=metadata user=gis password=gispassword host=210.77.68.241");
if (!$link)
{
die("Error in connection: " . pg_last_error());
}
//安全检查只接受来自westdc.westgis.ac.cn的访问
if(@$_SERVER['HTTP_CLIENT_IP']){
$onlineip=$_SERVER['HTTP_CLIENT_IP'];
}elseif(@$_SERVER['HTTP_X_FORWARDED_FOR']){
$onlineip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
$onlineip=$_SERVER['REMOTE_ADDR'];
}
if ($onlineip!='210.77.68.241' && $onlineip!='210.77.68.215' && $onlineip!='2001:cc0:f006::9')
die("error! You are not permitted to visit this page.".$onlineip);
//文件生成
$uuid=$_GET['uuid'];
$filelist=$_GET['filelist'];
$lang=$_GET['lang'];
if(empty($uuid) || !preg_match("/^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$/",$uuid))
{
die("uuid error! Error in parameter.".$uuid);
}
$homedir='/disk1/WestDC/upload/'.$uuid;
$old=umask(0);
@mkdir($homedir,0777);
umask($old);
if ($filelist)
{
set_time_limit(0);
//是否应当移除FTP信息即用户提交后不再有权限更新
//todo...
//保留path值
if (empty($lang)) $lang='';
$sql="select * from dataset where uuid='$uuid' and lang='$lang'";
$result=pg_query($link,$sql);
$row=pg_fetch_assoc($result);
if ($row) $homedir=$row['path'];
//delete dataset & datafile records
$sql="delete from dataset where uuid='$uuid' and lang='$lang'";
pg_query($link,$sql);
$sql = "INSERT INTO dataset (host,uuid,path,lang) VALUES ('ftp2.westgis.ac.cn','$uuid','$homedir','$lang') RETURNING id";
$result=pg_query($link,$sql);
$row=pg_fetch_assoc($result);
$dsid=$row['id'];
$dir = new mydir();
$files=$dir->recursive($homedir);
foreach ($files as $k=>$v)
{
//$pathinfo = pathinfo($path.$v);
$filename = mb_substr($v,mb_strlen($homedir)+1);
$filesize = filesize($v);
$isdir=is_dir($v)?1:0;
$depth=substr_count($filename,"/")+1;
if (substr($filename,-1,1)=='/') $depth--;
//$this->chmodr($path.$v,0444);
$escape_filename=pg_escape_string($filename);
$sql = "INSERT INTO datafile (dsid,filename,filesize,isdir,depth) VALUES ('$dsid','{$escape_filename}','$filesize','$isdir','$depth')";
$rs = pg_query($link,$sql);
if(!$rs)
{
$messages[] = "数据文件".$filename.'写入失败';
}
}
}
pg_free_result($result);
pg_close($link);
?>