Wordpress用户文件上载和下载限制限制问题

时间:2015-11-04 08:40:13

标签: php wordpress

我有一个wordpress插件,它通常会向用户显示网站管理员为每个用户上传的可下载文件。

这个插件工作正常,上传文件工作正常,但文件只显示139个文件要下载,虽然代码没有任何限制。

以下是显示要下载的文件列表的简短代码。

<?php

class Bhuppu_Admin {

    static $short_code_added;
    public $errors;

    function __construct() {

        register_activation_hook(BHUUFU_PLUGIN_FILE, array(&$this, 'activation'));
        add_action('admin_init', array(&$this, 'enqueue'), 10);
        add_action('edit_user_profile', array(&$this, 'add_user_file_upload_fields'));
        add_action('edit_user_profile_update', array(&$this, 'save_user_file_upload_fields'));
        add_filter('upload_dir', array(&$this, 'user_upload_files_dir'));
        add_shortcode('list_user_files', array(&$this, 'user_uploaded_files_list'));
        add_filter('the_posts', array(&$this, 'conditionally_add_scripts_and_styles'));
        add_action('template_redirect', array(&$this, 'template_redirect'));
        add_action('wp_ajax_query-attachments', array(&$this, 'change_media_display'), 0);
        add_filter('wp_prepare_attachment_for_js', array(&$this, 'change_upload_media_display'),10,3);

        //ajax
        add_action('wp_ajax_deletefile', array(&$this, 'deletefile'));
        do_action('BHUUFU/init');
    }


    //setup on activation 
    public function activation() {
        //create sub directory
        $baseDir = WP_CONTENT_DIR . '/uploads/user-files/';
        wp_mkdir_p($baseDir);

        //create .htacess file
        $server_address = $_SERVER['SERVER_ADDR'];
        $filename = $baseDir . '.htaccess';
        if (!file_exists($filename)) {
            $file_handle = fopen($filename, "w") or die("Error: Unable to create .htaccess file");
            $content_string = "Options -Indexes\n";
            fwrite($file_handle, $content_string);
            $content_string = "Deny from all\n";
            fwrite($file_handle, $content_string);
            fclose($file_handle);
        }
    }

    //change upload directory
    public function user_upload_files_dir($upload) {
        //check if this a user-edit page
        $current_page = basename($_SERVER['HTTP_REFERER']);
        $current_page_tmp = explode("?", $current_page);
        $current_page = $current_page_tmp[0];
        if ($current_page != "user-edit.php")
            return $upload;

        // check if it a async-upload request
        $referer = basename($_SERVER['REQUEST_URI']);
        if ($referer != "async-upload.php")
            return $upload;

        //get userid from http http_referer
        $p = parse_url($_SERVER['HTTP_REFERER']);
        parse_str($p["query"], $get);
        $user_id = $get['user_id'];

        //change upload directory to user-files/$user_id
        $baseDir = WP_CONTENT_DIR . '/uploads/user-files/';
        $baseUrl = WP_CONTENT_URL . '/uploads/user-files/';
        $upload['subdir'] = $user_id;
        $upload['path'] = $baseDir . $upload['subdir'];
        $upload['url'] = $baseUrl . $upload['subdir'];

        return $upload;
    }

    //Enqueue class assets\
    public function enqueue() {
        global $pagenow;
        if ($pagenow != "user-edit.php")
            return;
        // Enqueue styles
        wp_enqueue_style('bhuufu_admin_styles', BHUUFU_URL . '/assets/css/admin_styles.css');
        // Enqueue scripts
        wp_enqueue_script('jquery');
        wp_enqueue_script('bhuufu_repeatable-fields.js', BHUUFU_URL . '/assets/js/repeatable-fields.js');
        wp_enqueue_script('bhuufu_admin_script', BHUUFU_URL . 'assets/js/stb_admin.js');
        // Hook to add/remove files
        do_action('BHUUFU/assets/enqueue');
    }

    //conditionally_add_scripts_and_styles
    public function conditionally_add_scripts_and_styles($posts) {

        if (empty($posts))
            return $posts;
        $shortcode_found = false;
        foreach ($posts as $post) {

            if (stripos($post->post_content, '[list_user_files]') !== false) {
                $shortcode_found = true;
                break;
            }
        }

        if ($shortcode_found) {
            wp_enqueue_style('user-upload-css', BHUUFU_URL . 'assets/css/styles.css');
        }

        return $posts;
    }

    //user_file_upload_fields
    function add_user_file_upload_fields($user) {
        $bhu_uufef = get_user_meta($user->ID, 'user_file_uploads', true);
        wp_enqueue_media();
        ?>
        <h3><?php _e('File Uploads', 'wpcf7'); ?></h3>
        <div class="ff-repeatable">
            <table>
                <thead>
                    <tr>
                        <th><?php _e('Url', 'wpcf7'); ?></th>
                        <th><?php _e('Name', 'wpcf7'); ?></th>
                        <th><?php _e('Decsription', 'wpcf7'); ?></th>
                        <th><img alt="Add Row" class="ff-add-row" src="<?php echo BHUUFU_URL; ?>assets/images/add.png"></th>
                    </tr>
                </thead>
                <tbody>
                    <tr class="ff-add-template" style="">
                        <td><input type="text" name="bhuufu-user-uploads[file_url_tmp][]" class="medium-text file_url" value="" /></td>
                        <td><input type="text" name="bhuufu-user-uploads[file_name_tmp][]" class="medium-text file_name" value="" /></td>
                        <td><input type="text" name="bhuufu-user-uploads[file_description_tmp][]" class="medium-text file_description" value="" /></td>
                        <td>
                            <input type="hidden" name="bhuufu-user-uploads[file_id_tmp][]" class="medium-text file_id" value="" />
                            <input type="hidden" name="bhuufu-user-uploads[file_oname_tmp][]" class="medium-text file_oname" value="" />
                            <input type="hidden" name="bhuufu-user-uploads[file_mime_tmp][]" class="medium-text file_mime" value="" />
                            <input class="button _unique_name_button" name="_unique_name_button" value="Select File" />
                            <img alt="Remove Row" class="ff-remove-row" src="<?php echo BHUUFU_URL; ?>assets/images/remove.png">
                        </td>
                    </tr>
                    <?php
                    if (isset($bhu_uufef['file_url']) && $extra_fields = array_filter($bhu_uufef['file_url'])) {
                        foreach ($extra_fields as $key => $value) {
                            echo'
                     <tr>
                        <td><input type="text" name="bhuufu-user-uploads[file_url_tmp][]" class="medium-text file_url" value="' . $bhu_uufef['file_url'][$key] . '" /></td>
                        <td><input type="text" name="bhuufu-user-uploads[file_name_tmp][]" class="medium-text file_name" value="' . $bhu_uufef['file_name'][$key] . '" /></td>
                        <td><input type="text" name="bhuufu-user-uploads[file_description_tmp][]" class="medium-text file_description" value="' . $bhu_uufef['file_description'][$key] . '" /></td>
                        <td>
                        <input type="hidden" name="bhuufu-user-uploads[file_id_tmp][]" class="medium-text file_id" value="' . $bhu_uufef['file_id'][$key] . '" />
                        <input type="hidden" name="bhuufu-user-uploads[file_oname_tmp][]" class="medium-text file_oname" value="' . $bhu_uufef['file_oname'][$key] . '" />
                        <input type="hidden" name="bhuufu-user-uploads[file_mime_tmp][]" class="medium-text file_mime" value="' . $bhu_uufef['file_mime'][$key] . '" />
                        <input class="button _unique_name_button" name="_unique_name_button" value="Select File" />
                        <img alt="Remove Row" class="ff-remove-row" src="' . BHUUFU_URL . 'assets/images/remove.png">
                        </td>
                    </tr>';
                        }
                    } else {
                        echo'
                     <tr>
                        <td><input type="text" name="bhuufu-user-uploads[file_url_tmp][]" class="medium-text file_url" value="" /></td>
                        <td><input type="text" name="bhuufu-user-uploads[file_name_tmp][]" class="medium-text file_name" value="" /></td>
                        <td><input type="text" name="bhuufu-user-uploads[file_description_tmp][]" class="medium-text file_description"  value="" /></td>
                        <td>
                        <input type="hidden" name="bhuufu-user-uploads[file_id_tmp][]" class="medium-text file_id" value="" />
                        <input type="hidden" name="bhuufu-user-uploads[file_oname_tmp][]" class="medium-text file_oname" value="" />
                        <input type="hidden" name="bhuufu-user-uploads[file_mime_tmp][]" class="medium-text file_mime" value="" />
                        <input class="button _unique_name_button" name="_unique_name_button" value="Select File" />
                        <img alt="Remove Row" class="ff-remove-row" src="' . BHUUFU_URL . 'assets/images/remove.png">
                        </td> 
                    </tr>';
                    }
                    ?>
                </tbody>            
            </table>
        </div>
        <?php
    }

    //user porfile fields save
        public function save_user_file_upload_fields($user_id) {
            if (isset($_POST['bhuufu-user-uploads']['file_url_tmp']) && $extra_fields = array_filter($_POST['bhuufu-user-uploads']['file_url_tmp'])) {
                foreach ($extra_fields as $key => $value) {
                    $_POST['bhuufu-user-uploads']['file_url'][] = $_POST['bhuufu-user-uploads']['file_url_tmp'][$key];
                    $_POST['bhuufu-user-uploads']['file_name'][] = $_POST['bhuufu-user-uploads']['file_name_tmp'][$key];
                    $_POST['bhuufu-user-uploads']['file_description'][] = $_POST['bhuufu-user-uploads']['file_description_tmp'][$key];
                    $_POST['bhuufu-user-uploads']['file_id'][] = $_POST['bhuufu-user-uploads']['file_id_tmp'][$key];
                    $_POST['bhuufu-user-uploads']['file_oname'][] = $_POST['bhuufu-user-uploads']['file_oname_tmp'][$key];
                    $_POST['bhuufu-user-uploads']['file_mime'][] = $_POST['bhuufu-user-uploads']['file_mime_tmp'][$key];
                }
            }
            unset($_POST['bhuufu-user-uploads']['file_url_tmp']);
            unset($_POST['bhuufu-user-uploads']['file_name_tmp']);
            unset($_POST['bhuufu-user-uploads']['file_description_tmp']);
            unset($_POST['bhuufu-user-uploads']['file_id_tmp']);
            unset($_POST['bhuufu-user-uploads']['file_oname_tmp']);
            unset($_POST['bhuufu-user-uploads']['file_mime_tmp']);
            update_usermeta($user_id, 'user_file_uploads', $_POST['bhuufu-user-uploads']);
        }

    //delete file
    public function deletefile() {
        global $wpdb;
        $file_id = $_REQUEST["file_id"];
        $user_id = $_REQUEST["user_id"];

        // Delete file
        $is_deleted = wp_delete_attachment($file_id);
        if ($is_deleted->ID) {
            $bhu_uufef = get_user_meta($user_id, 'user_file_uploads', true);
            $key = array_search($file_id, $bhu_uufef['file_id']);
            unset($bhu_uufef['file_url'][$key]);
            unset($bhu_uufef['file_name'][$key]);
            unset($bhu_uufef['file_description'][$key]);
            unset($bhu_uufef['file_id'][$key]);
            unset($bhu_uufef['file_oname'][$key]);
            unset($bhu_uufef['file_mime'][$key]);
            update_usermeta($user_id, 'user_file_uploads', $bhu_uufef);
            $result['status'] = "sucess";
        } else {
            $result['status'] = "fail";
        }

        echo json_encode($result);

        exit;
    }

    //user frontend to display the download list
    public function user_uploaded_files_list() {
        if (is_user_logged_in()) {
            //list all files uploaded for user
            global $current_user;
            $bhu_uufef = get_user_meta($current_user->ID, 'user_file_uploads', true);
            if (isset($bhu_uufef['file_url']) && $extra_fields = array_filter($bhu_uufef['file_url'])) {
                $count = 1;
                $output .= <<< _RAMA
                            <tr>
                            <th>SN#</th>
                            <th>File name</th>
                            <th>Description</th>
                            <th>Size</th>
                            <th>Download</th>
                            </tr>
                _RAMA;
                foreach ($extra_fields as $key => $value) {
                    $wpnonce = wp_create_nonce("bhu_" . $bhu_uufef['file_id'][$key]);
                    $size = size_format(filesize(get_attached_file($bhu_uufef['file_id'][$key])));
                       $download_link = "<a href='" . BHUUFU_URL . 'download.php?id=' . $bhu_uufef['file_id'][$key] . "&amp;wpnonce=$wpnonce' title='Download' target='_blank' class='small-btn'><img alt='Download' class='ff-add-row' src='http://www.rcmfire.com/wp-content/uploads/2014/10/download.png'></a>";
                    if ($count & 1)
                        $class = 'odd';
                    else
                        $class = 'even';
                    $output .= <<< _RAMA
                            <tr class="$class">
                            <td>$count</td>
                            <td>{$bhu_uufef['file_name'][$key]}</td>
                            <td>{$bhu_uufef['file_description'][$key]}</td>
                            <td>$size</td>
                            <td>$download_link</td>
                            </tr>
                _RAMA;
                    $count++;
                }
            } else {
                $output = "<tr><td colspan='5'><p>No current uploads</p></td></tr>";
            }
            $logout_url = '<a href="' . wp_logout_url(home_url()) . '" title="Logout">Logout</a>';
            $table = <<< _RAMA
                        <table width="100%">
                        <thead>
                        <tr>
                        <td colspan="4">Welcome $current_user->user_login</td>
                        <td>$logout_url</td>
                        </tr>
                        </thead>
                        <tbody>
                        $output
                        </tbody>
                    </table>
            _RAMA;
            $final_html = "<div class='user-download-files' >" . $table . "</div>";
            return $final_html;
                } else {
                    $form = $_REQUEST['form'];
                    switch ($form) {
                        case 'lostpassword':
                            include_once BHUUFU_PATH . '/includes/user/forms/lostpassword-form.php';
                            break;
                        case 'resetpassword':
                            include_once BHUUFU_PATH . '/includes/user/forms/restpassword-form.php';
                            break;
                        default:
                            include_once BHUUFU_PATH . '/includes/user/forms/login-form.php';
                            break;
                    }
                }
            }

            //to handle login,reset,new password
            public function template_redirect() {
                $do_process = $_REQUEST['do_process'];
                switch ($do_process) {
                    case 'lostpassword':
                        include_once BHUUFU_PATH . '/includes/user/process/lostpassword-process.php';
                        break;
                    case 'resetpassword':
                        include_once BHUUFU_PATH . '/includes/user/process/resetpassword-process.php';
                        break;
                    default:
                        include_once BHUUFU_PATH . '/includes/user/process/login-process.php';
                        break;
                }
            }

        //check password reset key
        public static function check_password_reset_key($key, $login) {
            global $wpdb;

            $key = preg_replace('/[^a-z0-9]/i', '', $key);

            if (empty($key) || !is_string($key))
                return new WP_Error('invalid_key', __('Invalid key'));

            if (empty($login) || !is_string($login))
                return new WP_Error('invalid_key', __('Invalid key'));

            $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login));

            if (empty($user))
                return new WP_Error('invalid_key', __('Invalid key'));

            return $user;
        }

    //reset password
    public static function reset_password($user, $new_pass) {

        wp_set_password($new_pass, $user->ID);
    }

    //alter images display on miedia uploader
    public function change_media_display() {
        //check if this a user-edit page
        $current_page = basename($_SERVER['HTTP_REFERER']);
        $current_page_tmp = explode("?", $current_page);
        $current_page = $current_page_tmp[0];

        // check if it a async-upload request
        $referer = basename($_SERVER['REQUEST_URI']);

        if ($current_page == "user-edit.php" && $referer == "admin-ajax.php") {

            if ( ! current_user_can( 'upload_files' ) )
        wp_send_json_error();

            $query = isset($_REQUEST['query']) ? (array) $_REQUEST['query'] : array();
            $query = array_intersect_key($query, array_flip(array(
                's', 'order', 'orderby', 'posts_per_page', 'paged', 'post_mime_type',
                'post_parent', 'post__in', 'post__not_in',
                    )));

            $query['post_type'] = 'attachment';
            if (current_user_can(get_post_type_object('attachment')->cap->read_private_posts))
                $query['post_status'] = 'private';

            /**
             * Filter the arguments passed to WP_Query during an AJAX call for querying attachments.
             *
             * @since 3.7.0
             *
             * @param array $query An array of query variables. @see WP_Query::parse_query()
             */
            $query = apply_filters('ajax_query_attachments_args', $query);
            $query = new WP_Query($query);

            $posts = array_map('wp_prepare_attachment_for_js', $query->posts);
            $posts = array_filter($posts);
//            foreach ($posts as $key => $post) {
//                $posts[$key]['type'] = 'images';
//            }
            wp_send_json_success($posts);
        }
    }

    //change upload media display
    public function change_upload_media_display($response, $attachment, $meta) {
        //check if this a user-edit page
        $current_page = basename($_SERVER['HTTP_REFERER']);
        $current_page_tmp = explode("?", $current_page);
        $current_page = $current_page_tmp[0];

        // check if it a async-upload request
        //$referer = basename($_SERVER['REQUEST_URI']);
        if ($current_page == "user-edit.php") {
            //change image type
            if ( $response['type'] = "image" )
                $response['type'] = "images" ;

            //change attachment status to private
            if ( $attachment->post_status = "inherit" ) {
                $attachment_change = array( 'ID' => $attachment->ID, 'post_status' => 'private' );
                wp_update_post( $attachment_change );
            }
        }

        return $response;
    }

}

new Bhuppu_Admin;   

0 个答案:

没有答案