| 
<?php
 use Xmf\Jwt\TokenReader;
 
 /**
 * PHP Server-Side Example for Fine Uploader (traditional endpoint handler).
 * Maintained by Widen Enterprises.
 *
 * This example:
 *  - handles chunked and non-chunked requests
 *  - supports the concurrent chunking feature
 *  - assumes all upload requests are multipart encoded
 *  - supports the delete file feature
 *
 * Follow these steps to get up and running with Fine Uploader in a PHP environment:
 *
 * 1. Setup your client-side code, as documented on http://docs.fineuploader.com.
 *
 * 2. Copy this file and handler.php to your server.
 *
 * 3. Ensure your php.ini file contains appropriate values for
 *    max_input_time, upload_max_filesize and post_max_size.
 *
 * 4. Ensure your "chunks" and "files" folders exist and are writable.
 *    "chunks" is only needed if you have enabled the chunking feature client-side.
 *
 * 5. If you have chunking enabled in Fine Uploader, you MUST set a value for the `chunking.success.endpoint` option.
 *    This will be called by Fine Uploader when all chunks for a file have been successfully uploaded, triggering the
 *    PHP server to combine all parts into one file. This is particularly useful for the concurrent chunking feature,
 *    but is now required in all cases if you are making use of this PHP example.
 *
 *
 * @license   MIT License (MIT)
 * @copyright Copyright (c) 2015-present, Widen Enterprises, Inc.
 * @link      https://github.com/FineUploader/php-traditional-server
 *
 * The MIT License (MIT)
 *
 * Copyright (c) 2015-present, Widen Enterprises, Inc.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */
 
 if (isset($_POST['Authorization'])) {
 define('PROTECTOR_SKIP_DOS_CHECK', 1);
 }
 include __DIR__ . '/mainfile.php';
 $xoopsLogger->activated = false;
 
 /**
 * Get our expected claims from the JSON Web Token.
 *
 * This is the list of claims which should be included:
 *
 *  aud     audience (asserted as our php script name)
 *  cat     category id the user has chosen and is authorized for
 *  uid     user id (asserted as the session specified user)
 *  handler handler class
 *  moddir  module directory for handler
 *
 * We will assert that aud and uid agree with our expectations (for security)
 */
 $assert = array(
 'aud' => basename(__FILE__),
 'uid' => $xoopsUser instanceof \XoopsUser ? $xoopsUser->id() : 0,
 );
 $claims = TokenReader::fromRequest('fineuploader', 'Authorization', $assert);
 
 if ($claims === false) {
 echo json_encode(array('error' => "Invalid request token"));
 exit;
 }
 
 // Include the base upload handler class
 XoopsLoad::load('fineuploadhandler', 'system');
 
 $handler = (property_exists($claims, 'handler')) ? $claims->handler : '';
 $moddir  = (property_exists($claims, 'moddir'))  ? $claims->moddir  : '';
 
 if ($handler === '' || $moddir === '') {
 header("HTTP/1.0 400 Bad Request");
 exit;
 }
 
 /**
 * The handler claim can be specified as either:
 * - a fully qualified and autoloading namespaced name,
 * - a legacy handler name
 */
 $className = $handler;
 if (false === strpos($handler, '\\')) {
 XoopsLoad::load($handler, $moddir);
 $className = $moddir . $handler;
 }
 /* @var SystemFineUploadHandler $uploader */
 $uploader = new $className($claims);
 
 $method = get_request_method();
 
 if ($method === "POST") {
 header("Content-Type: text/plain");
 
 // Assumes you have a chunking.success.endpoint set to point here with a query parameter of "done".
 // For example: /myserver/handlers/endpoint.php?done
 if (isset($_GET["done"])) {
 $result = $uploader->combineChunks(XOOPS_ROOT_PATH . "/uploads");
 } else { // Handle upload requests
 // Call handleUpload() with the name of the folder, relative to PHP's getcwd()
 $result = $uploader->handleUpload(XOOPS_ROOT_PATH . "/uploads");
 
 // To return a name used for uploaded file you can use the following line.
 $result["uploadName"] = $uploader->getUploadName();
 }
 
 echo json_encode($result);
 } elseif ($method == "DELETE") { // for delete file requests
 $result = $uploader->handleDelete("files");
 echo json_encode($result);
 } else {
 header("HTTP/1.0 405 Method Not Allowed");
 }
 
 /**
 * This will retrieve the "intended" request method.  Normally, this is the
 * actual method of the request.  Sometimes, though, the intended request method
 * must be hidden in the parameters of the request.  For example, when attempting to
 * delete a file using a POST request. In that case, "DELETE" will be sent along with
 * the request in a "_method" parameter.
 *
 * @return string
 */
 function get_request_method()
 {
 if (isset($_POST["_method"]) && $_POST["_method"] != null) {
 return $_POST["_method"];
 }
 return $_SERVER["REQUEST_METHOD"];
 }
 
 |