westdc-ftp/web/proftp_upload.php

80 lines
2.5 KiB
PHP
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
require_once('mydir.php');
$link = pg_connect("dbname=metadata user=gis password=gispassword host=210.77.68.241");
if (!$link)
{
die("Error in connection: " . pg_last_error());
}
//安全检查只接受来自westdc.westgis.ac.cn的访问
if(@$_SERVER['HTTP_CLIENT_IP']){
$onlineip=$_SERVER['HTTP_CLIENT_IP'];
}elseif(@$_SERVER['HTTP_X_FORWARDED_FOR']){
$onlineip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
$onlineip=$_SERVER['REMOTE_ADDR'];
}
if ($onlineip!='210.77.68.241' && $onlineip!='210.77.68.215' && $onlineip!='2001:cc0:f006::9')
die("error! You are not permitted to visit this page.".$onlineip);
//文件生成
$uuid=$_GET['uuid'];
$filelist=$_GET['filelist'];
$lang=$_GET['lang'];
if(empty($uuid) || !preg_match("/^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$/",$uuid))
{
die("uuid error! Error in parameter.".$uuid);
}
$homedir='/disk1/WestDC/upload/'.$uuid;
$old=umask(0);
@mkdir($homedir,0777);
umask($old);
if ($filelist)
{
set_time_limit(0);
//是否应当移除FTP信息即用户提交后不再有权限更新
//todo...
//保留path值
if (empty($lang)) $lang='';
$sql="select * from dataset where uuid='$uuid' and lang='$lang'";
$result=pg_query($link,$sql);
$row=pg_fetch_assoc($result);
if ($row) $homedir=$row['path'];
//delete dataset & datafile records
$sql="delete from dataset where uuid='$uuid' and lang='$lang'";
pg_query($link,$sql);
$sql = "INSERT INTO dataset (host,uuid,path,lang) VALUES ('ftp2.westgis.ac.cn','$uuid','$homedir','$lang') RETURNING id";
$result=pg_query($link,$sql);
$row=pg_fetch_assoc($result);
$dsid=$row['id'];
$dir = new mydir();
$files=$dir->recursive($homedir);
foreach ($files as $k=>$v)
{
//$pathinfo = pathinfo($path.$v);
$filename = mb_substr($v,mb_strlen($homedir)+1);
$filesize = filesize($v);
$isdir=is_dir($v)?1:0;
$depth=substr_count($filename,"/")+1;
if (substr($filename,-1,1)=='/') $depth--;
//$this->chmodr($path.$v,0444);
$escape_filename=pg_escape_string($filename);
$sql = "INSERT INTO datafile (dsid,filename,filesize,isdir,depth) VALUES ('$dsid','{$escape_filename}','$filesize','$isdir','$depth')";
$rs = pg_query($link,$sql);
if(!$rs)
{
$messages[] = "数据文件".$filename.'写入失败';
}
}
}
pg_free_result($result);
pg_close($link);
?>