Here you have an example of a PHP file that can receive an uploaded image
from JW Player Screenshoot/Snapshot plugins and upload forms.
cf. http://www.longtailvideo.com/addons/plugins/102/Screenshoot
cf. http://www.longtailvideo.com/addons/plugins/96/Snapshot
<?php
// Upload Daemon for JW Player Screenshoot/Snapshot plugins and upload forms
// V1.0 by songems; for screenshoot-1/snapshot-1; coded for php4.3 or later
{
$elog = 1; // 0/1: disable/enable logging for debug
$oamd = 1; // 0/1: overwrite/append mode for logging
$ddir = 1; // 0/1: disable/enable data directory
$pref = 1; // 0/1: disable/enable file name prefix
$rael = 0; // 0-2: remote address encoding level (1: not for Win)
$rdig = 4; // 1-7: randmize digits
$ftyp = array(
'jpg' => '\xFF\xD8\xFF',
'gif' => 'GIF8[79]a',
'png' => '\x89PNG\x0D\x0A\x1A\x0A',
'flv' => 'FLV\x01',
'zip' => 'PK\x03\x04',
'gz' => '\x1F\x8B\x08',
); // valid file types in lower case, and their headers
if ($pref) {
$date = date('YmdHis');
$addr = explode('.',$_SERVER['REMOTE_ADDR']); // array
$adrs[0] = vsprintf(str_repeat('%02x',count($addr)),$addr); // 8 chars max. effective
if ($rael >= 1) {
$adrs[1] = strtr(substr(crypt($adrs[0],'./'),2),'/','-'); // [a-zA-Z0-9./], not unique if Win
}
if ($rael >= 2) {
$adrs[2] = bin2hex($adrs[1]); // unique if IPv4
}
mt_srand();
$rand = sprintf('%0'.$rdig.'lx',mt_rand(0,(1<<4*$rdig)-1)); // e.g. 0 <= $rand <= 0xFF
$pref = implode('',array($date,$adrs[$rael],$rand)).'_';
} else {
$pref = '';
}
$base = basename($_SERVER['SCRIPT_NAME'],'.php'); // base name
;; if ($elog) {
;; $head = $base.'.log'; // fixed
;; $oamd = $oamd ? 'ab' : 'wb'; // append : overwrite
;; $HEAD = fopen($head,$oamd) or exit("Can't open \"".$head."\".\r\n");
;; chmod($head,0600);
;; fwrite($HEAD,"\r\n//*");
;; if ($pref) {
;; array_unshift($adrs,$pref);
;; fwrite($HEAD,' '.implode(' ',$adrs));
;; }
;; fwrite($HEAD,"\r\n\$_SERVER = ");
;; fwrite($HEAD,var_export($_SERVER,TRUE));
;; fwrite($HEAD,";\r\n\$_POST = ");
;; fwrite($HEAD,var_export($_POST,TRUE));
;; fwrite($HEAD,";\r\n\$_FILES = ");
;; fwrite($HEAD,var_export($_FILES,TRUE));
;; fwrite($HEAD,";\r\n");
;; }
$file = 'index.html';
if (!file_exists($file)) {
touch($file) or exit("Can't touch \"".$file."\".\r\n");
}
chmod($file,0604);
$dsep = DIRECTORY_SEPARATOR; // directory separator
$ddir = $ddir ? $base.$dsep : ''; // data dir. : current dir.
if ($ddir != '') {
mkdir($ddir,0701);
if (is_dir($ddir)) {
chmod($ddir,0701);
$file = $ddir.$file;
if (!file_exists($file)) {
touch($file) or exit("Can't touch \"".$file."\".\r\n");
}
chmod($file,0604);
} else {
$ddir = ''; // current directory
}
}
//;; $flsh = $_SERVER['HTTP_X_FLASH_VERSION'];
$ctyp = $_SERVER['CONTENT_TYPE'];
if ($ctyp != 'application/octet-stream') {
$ctyp = '';
}
if ($ctyp) {
$buff = file_get_contents('php://input');
$body = $base.'.tmp';
foreach ($ftyp as $key => $val) {
if (preg_match("/^$val/",$buff)) {
$body = $base.'.'.$key;
break;
}
}
$base = $body; // new base name with extension
$body = $ddir.$pref.$base;
touch($body) or exit("Can't touch \"".$body."\".\r\n");
chmod($body,0600);
//;; file_put_contents($body,$buff) or exit("Can't put to \"".$body."\".\r\n"); // php5 or later
;; $BODY = fopen($body,'wb') or exit("Can't open \">".$body."\".\r\n");
;; fwrite($BODY,$buff);
;; fclose($BODY);
} else {
$temp = $_FILES['Filedata']['tmp_name'];
is_uploaded_file($temp) or exit('File not found.');
$body = preg_replace('/.*[\x00-\x1F"*\/:<>?\\|]/','',$_FILES['Filedata']['name']);
if ($body == '') {
$body = $base;
}
if (!$ftyp[strtolower(pathinfo($body,PATHINFO_EXTENSION))]) {
$body .= '.tmp'; // for security
}
$base = $body; // new base name with extension
$body = $ddir.$pref.$base;
touch($body) or exit("Can't touch \"".$body."\".\r\n");
chmod($body,0600);
move_uploaded_file($temp,$body) or exit("Can't move \"".$temp.'" to "'.$body."\".\r\n");
$BODY = fopen($body,'a+') or exit("Can't open \"+>".$body."\".\r\n");
for ($offs = -2, fseek($BODY,$offs,SEEK_END); $offs < 0; $offs++) {
$char = fgetc($BODY);
if ($char == "\r" || $char == "\n") {
break; // for a bug of screenshoot-1
}
}
ftruncate($BODY,filesize($body)+$offs);
;; $elog and fwrite($HEAD,'// Truncated: '.-$offs." bytes\r\n");
fclose($BODY);
}
chmod($body,0604);
$size = filesize($body);
if ($size && $_POST['Download']) {
$buff = 'Content-Disposition: attachment; filename="'.$base.'"';
header($buff);
;; $elog and fwrite($HEAD,$buff."\r\n");
$buff = 'Content-Length: '.$size;
header($buff);
;; $elog and fwrite($HEAD,$buff."\r\n");
$buff = 'Content-Type: application/octet-stream';
header($buff);
;; $elog and fwrite($HEAD,$buff."\r\n\r\n"); // (end of http headers)
readfile($body) or exit("Can't read \"".$body."\".\r\n");
} else {
if ($size) {
$base = rawurlencode($base); // new base name rawurlencoded
$body = $ddir.$pref.$base;
$buff = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).$dsep.$body;
} else {
$buff = 'File not found.';
}
print $buff;
;; $elog and fwrite($HEAD,$buff);
}
;; $elog and fclose($HEAD);
}
?>
Here you have an example of a CGI file that can receive an uploaded image
from JW Player Screenshoot/Snapshot plugins and upload forms.
cf. http://www.longtailvideo.com/addons/plugins/102/Screenshoot
cf. http://www.longtailvideo.com/addons/plugins/96/Snapshot
#!/usr/local/bin/perl
# Upload Daemon for JW Player Screenshoot/Snapshot plugins and upload forms
# V1.0 by songems; for screenshoot-1/snapshot-1; coded for perl4 or later
{
binmode(STDOUT);
$| = 0; # 0/1: disable/enable auto flush
$elog = 1; # 0/1: disable/enable logging for debug
$oamd = 1; # 0/1: overwrite/append mode for logging
$ddir = 1; # 0/1: disable/enable data directory
$pref = 1; # 0/1: disable/enable file name prefix
$rael = 0; # 0-2: remote address encoding level (1: not for Win)
$rdig = 4; # 1-7: randmize digits
%ftyp = (
'jpg', '\xFF\xD8\xFF',
'gif', 'GIF8[79]a',
'png', '\x89PNG\x0D\x0A\x1A\x0A',
'flv', 'FLV\x01',
'zip', 'PK\x03\x04',
'gz', '\x1F\x8B\x08',
); # valid file types in lower case, and their headers
if ($pref) {
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();
$date = sprintf('%04d'.'%02d'x5,$year+1900,$mon+1,$mday,$hour,$min,$sec);
@addr = split(/\./,$ENV{'REMOTE_ADDR'});
$adrs[0] = sprintf('%02x'x($#addr+1),@addr); # 8 chars max. effective
if ($rael >= 1) {
$adrs[1] = substr(crypt($adrs[0],'./'),2); # [a-zA-Z0-9./], not unique if Win
$adrs[1] =~ tr/\//-/; # '/' to '-' for file name
}
if ($rael >= 2) {
$adrs[2] = unpack('H*',$adrs[1]); # unique if IPv4
}
srand();
$rand = sprintf('%0'.$rdig.'lx',(rand(0x8000)<<15|rand(0x8000))>>30-4*$rdig); # e.g. 0 <= $rand < 0x100
$pref = join('',$date,$adrs[$rael],$rand).'_';
} else {
$pref = '';
}
$base = $0; # script name
$base =~ s/.*[\/\\:]//;
$base =~ s/\.[^.]*$//; # base name
;; if ($elog) {
;; $head = $base.'.log'; # fixed
;; $oamd = $oamd ? '>>' : '>'; # append : overwrite
;; open(STDERR,$oamd.$head) || die "Can't open \"".$head."\": $!\r\n";
;; binmode STDERR;
;; chmod(0600,$head);
;; print STDERR "\r\n#**";
;; print STDERR ' ',join(' ',$pref,@adrs) if $pref;
;; print STDERR "\r\n";
;; foreach $key (keys %ENV) {
;; print STDERR '# ',$key,'="',$ENV{$key},"\"\r\n";
;; }
;; }
$file = 'index.html';
if (!-e $file) {
open(TOUCH,">>$file") || die "Can't touch \"".$file."\": $!\r\n";
close(TOUCH);
}
chmod(0604,$file);
$dsep = $^X =~ /^[a-z]:/i ? "\\" : '/'; # directory separator
$ddir = $ddir ? $base.$dsep : ''; # data dir. : current dir.
if ($ddir ne '') {
mkdir($ddir,0701);
if (-d $ddir) {
chmod(0701,$ddir);
$file = $ddir.$file;
if (!-e $file) {
open(TOUCH,">>$file") || die "Can't touch \"".$file."\": $!\r\n";
close(TOUCH);
}
chmod(0604,$file);
} else {
$ddir = ''; # current directory
}
}
$flsh = $ENV{'HTTP_X_FLASH_VERSION'};
$ctyp = $ENV{'CONTENT_TYPE'};
$ctyp = '' if $ctyp ne 'application/octet-stream';
$stat = 0; # initialize sequencer status
while (($_ = <>) ne '') {
;;;; if ($stat == 0 && $ctyp) {
$body = $base.'.tmp';
foreach $key (keys %ftyp) {
if (/^$ftyp{$key}/) {
$body = $base.'.'.$key;
last;
}
}
$base = $body; # new base name with extension
$body = $ddir.$pref.$base;
open(SUBOUT,">$body") || die "Can't open \">".$body."\": $!\r\n";
binmode SUBOUT;
chmod(0600,$body);
$bsep = $lsep = '';
$file = $body;
$type = $ctyp;
$stat = 2;
}
;;;; if ($stat == 0) {
;; print STDERR if $elog;
if (/^--/) {
$bsep = $_;
$bsep =~ s/\r?\n$//;
$name = $file = $type = '';
$stat++;
}
} elsif ($stat == 1) {
;; print STDERR if $elog;
if (/^\r?\n$/) {
;; print STDERR '# name="',$name,"\"\r\n" if $elog && $name ne '';
;; print STDERR '# file="',$file,"\"\r\n" if $elog && $file ne '';
;; print STDERR '# type="',$type,"\"\r\n" if $elog && $type;
if ($file ne '') {
$body = $file;
$body =~ s/.*[\x00-\x1F"*\/:<>?\\|]//;
$body = $base if $body eq '';
$suff = $body =~ /\.([^.]*)$/ ? $1 : '';
$suff =~ tr/A-Z/a-z/; # cf. lc (perl5 or later)
$body .= '.tmp' if !$ftyp{$suff}; # for security
$base = $body; # new base name with extension
$body = $ddir.$pref.$base;
if ($type) {
open(SUBOUT,">$body") || die "Can't open \">".$body."\": $!\r\n";
binmode SUBOUT;
chmod(0600,$body);
}
}
$lsep = '';
$stat++;
} else {
$name = $1 if /\bname="([^"]*)"/i;
$file = $1 if /\bfilename="([^"]*)"/i;
$type = $1 if /^Content-Type:\s*(\S+)/i;
}
} elsif ($stat == 2) {
;;;; if ($bsep ne '' && /^$bsep/) {
;; print STDERR $lsep,$_ if $elog;
$name = $file = $type = '';
$stat = 1;
} elsif (/^\r?\n$/) {
$lsep .= $&; # for a bug of screenshoot-1
} else {
s/\r?\n$//;
if ($file ne '' && $type) {
print SUBOUT $lsep,$_;
} else {
$post{$name} = $lsep.$_ if $name ne '';
;; print STDERR $lsep,$_ if $elog;
;; print STDERR "\r\n# \$post{'",$name,'\'}="',$post{$name},'"' if $elog && $post{$name} ne '';
}
$lsep = $&;
}
}
}
;; print STDERR "\r\n" if $elog && $flsh && !$ctyp;
close(SUBOUT);
chmod(0604,$body);
$size = -s $body;
if ($size && $post{'Download'}) {
$buff = 'Content-Disposition: attachment; filename="'.$base."\"\r\n";
$buff .= 'Content-Length: '.$size."\r\n";
$buff .= "Content-Type: application/octet-stream\r\n\r\n"; # end of http headers
print $buff;
;; print STDERR $buff if $elog;
open(SUBIN,$body) || die "Can't open \"".$body."\": $!\r\n";
binmode SUBIN;
print while (<SUBIN>);
close(SUBIN);
} else {
print "\r\n"; # end of http headers
;; print STDERR "\r\n" if $elog; # (end of http headers)
if ($size) {
;; $base =~ s/([^\w.-])/'%'.sprintf('%02X',ord($1))/eg; # new base name rawurlencoded as php
#;; $base =~ s/([^\w.-])/'%'.unpack('H2',$1)/eg; # new base name rawurlencoded (faster than above)
$body = $ddir.$pref.$base;
$buff = 'http://'.$ENV{'SERVER_NAME'}.$ENV{'SCRIPT_NAME'};
$buff =~ s/[^\/\\]+$/$body/;
} else {
$buff = 'File not found.';
}
print $buff;
;; print STDERR $buff if $elog;
}
;; close(STDERR) if $elog;
}