CodeIgniter - Multifile upload

1. <?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
2.  
3.     /*
4.     Class: MY_Upload (Helper)
5.    
6.     Description:
7.         A helper class that extends the CI_Upload class.
8.     */
9.     class MY_Upload extends CI_Upload {
10.    
11.     /*
12.         Function: upload_files()
13.        
14.         Description:
15.             Uploads the files.
16.            
17.         Parameters:
18.             $files - An array files we are trying to upload
19.            
20.         Returns:
21.             TRUE - If all the files have been uploaded successfully
22.             FALSE - IF nothing was uploaded or there was an error
23.            
24.         See Also:
25.             <do_upload_array>
26.     */
27.     public function upload_files($files)
28.     {
29.         if (isset($files))
30.         {
31.             foreach ($files as $field => $file)
32.             {
33.                 foreach($file as $key => $config)
34.                 {
35.                     $this->initialize($config);
36.                     if(!$this->do_upload_array($field, $key)){
37.                         return FALSE;
38.                     }
39.                 }
40.             }
41.             return TRUE;
42.         }
43.     }
44.    
45.     /*
46.         Function: do_upload_array()
47.        
48.         Description:
49.             Uploads the files.
50.            
51.         Parameters:
52.             $field - Refers to the name of the field element
53.             $key - Refers to the array of the field element
54.            
55.         Returns:
56.             TRUE - If all the files have been uploaded successfully
57.             FALSE - If there are errors
58.            
59.         See Also:
60.             <upload_files>
61.             <validate_upload_path>
62.     */
63.     public function do_upload_array($field, $key, $index='')
64.     {
65.     // Is $_FILES[$field] set? If not, no reason to continue.
66.         if (!isset($_FILES[$field]))
67.         {
68.             $this->set_error('upload_no_file_selected');
69.             return FALSE;
70.         }
71.  
72.         // Is the upload path valid?
73.         if ( ! $this->validate_upload_path())
74.         {
75.             // errors will already be set by validate_upload_path() so just return FALSE
76.             return FALSE;
77.         }
78.  
79.         if($index !== ''){
80.             // Was the file able to be uploaded? If not, determine the reason why.
81.             if ( ! is_uploaded_file($_FILES[$field]['tmp_name'][$index][$key]))
82.             {
83.                 $error = ( ! isset($_FILES[$field]['error'][$index][$key])) ? 4 : $_FILES[$field]['error'][$index][$key];
84.    
85.                 switch($error)
86.                 {
87.                     case 1: // UPLOAD_ERR_INI_SIZE
88.                         $this->set_error('upload_file_exceeds_limit');
89.                         break;
90.                     case 2: // UPLOAD_ERR_FORM_SIZE
91.                         $this->set_error('upload_file_exceeds_form_limit');
92.                         break;
93.                     case 3: // UPLOAD_ERR_PARTIAL
94.                         $this->set_error('upload_file_partial');
95.                         break;
96.                     case 4: // UPLOAD_ERR_NO_FILE
97.                         $this->set_error('upload_no_file_selected');
98.                         break;
99.                     case 6: // UPLOAD_ERR_NO_TMP_DIR
100.                         $this->set_error('upload_no_temp_directory');
101.                         break;
102.                     case 7: // UPLOAD_ERR_CANT_WRITE
103.                         $this->set_error('upload_unable_to_write_file');
104.                         break;
105.                     case 8: // UPLOAD_ERR_EXTENSION
106.                         $this->set_error('upload_stopped_by_extension');
107.                         break;
108.                     default :   $this->set_error('upload_no_file_selected');
109.                         break;
110.                 }
111.    
112.                 return FALSE;
113.             }
114.    
115.    
116.             // Set the uploaded data as class variables
117.             $this->file_temp = $_FILES[$field]['tmp_name'][$index][$key];
118.             $this->file_size = $_FILES[$field]['size'][$index][$key];
119.             $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type'][$index][$key]);
120.             $this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
121.             $this->file_name = $this->_prep_filename($_FILES[$field]['name'][$index][$key]);
122.             $this->file_ext  = $this->get_extension($this->file_name);
123.             $this->client_name = $this->file_name;
124.         }else{
125.             // Was the file able to be uploaded? If not, determine the reason why.
126.             if ( ! is_uploaded_file($_FILES[$field]['tmp_name'][$key]))
127.             {
128.                 $error = ( ! isset($_FILES[$field]['error'][$key])) ? 4 : $_FILES[$field]['error'][$key];
129.    
130.                 switch($error)
131.                 {
132.                     case 1: // UPLOAD_ERR_INI_SIZE
133.                         $this->set_error('upload_file_exceeds_limit');
134.                         break;
135.                     case 2: // UPLOAD_ERR_FORM_SIZE
136.                         $this->set_error('upload_file_exceeds_form_limit');
137.                         break;
138.                     case 3: // UPLOAD_ERR_PARTIAL
139.                         $this->set_error('upload_file_partial');
140.                         break;
141.                     case 4: // UPLOAD_ERR_NO_FILE
142.                         $this->set_error('upload_no_file_selected');
143.                         break;
144.                     case 6: // UPLOAD_ERR_NO_TMP_DIR
145.                         $this->set_error('upload_no_temp_directory');
146.                         break;
147.                     case 7: // UPLOAD_ERR_CANT_WRITE
148.                         $this->set_error('upload_unable_to_write_file');
149.                         break;
150.                     case 8: // UPLOAD_ERR_EXTENSION
151.                         $this->set_error('upload_stopped_by_extension');
152.                         break;
153.                     default :   $this->set_error('upload_no_file_selected');
154.                         break;
155.                 }
156.    
157.                 return FALSE;
158.             }
159.    
160.    
161.             // Set the uploaded data as class variables
162.             $this->file_temp = $_FILES[$field]['tmp_name'][$key];
163.             $this->file_size = $_FILES[$field]['size'][$key];
164.             $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type'][$key]);
165.             $this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
166.             $this->file_name = $this->_prep_filename($_FILES[$field]['name'][$key]);
167.             $this->file_ext  = $this->get_extension($this->file_name);
168.             $this->client_name = $this->file_name;
169.         }
170.  
171.         // Is the file type allowed to be uploaded?
172.         if ( ! $this->is_allowed_filetype())
173.         {
174.             $this->set_error('upload_invalid_filetype');
175.             return FALSE;
176.         }
177.  
178.         // if we're overriding, let's now make sure the new name and type is allowed
179.         if ($this->_file_name_override != '')
180.         {
181.             $this->file_name = $this->_prep_filename($this->_file_name_override);
182.  
183.             // If no extension was provided in the file_name config item, use the uploaded one
184.             if (strpos($this->_file_name_override, '.') === FALSE)
185.             {
186.                 $this->file_name .= $this->file_ext;
187.             }
188.  
189.             // An extension was provided, lets have it!
190.             else
191.             {
192.                 $this->file_ext  = $this->get_extension($this->_file_name_override);
193.             }
194.  
195.             if ( ! $this->is_allowed_filetype(TRUE))
196.             {
197.                 $this->set_error('upload_invalid_filetype');
198.                 return FALSE;
199.             }
200.         }
201.  
202.         // Convert the file size to kilobytes
203.         if ($this->file_size > 0)
204.         {
205.             $this->file_size = round($this->file_size/1024, 2);
206.         }
207.  
208.         // Is the file size within the allowed maximum?
209.         if ( ! $this->is_allowed_filesize())
210.         {
211.             $this->set_error('upload_invalid_filesize');
212.             return FALSE;
213.         }
214.  
215.         // Are the image dimensions within the allowed size?
216.         // Note: This can fail if the server has an open_basdir restriction.
217.         if ( ! $this->is_allowed_dimensions())
218.         {
219.             $this->set_error('upload_invalid_dimensions');
220.             return FALSE;
221.         }
222.  
223.         // Sanitize the file name for security
224.         $this->file_name = $this->clean_file_name($this->file_name);
225.  
226.         // Truncate the file name if it's too long
227.         if ($this->max_filename > 0)
228.         {
229.             $this->file_name = $this->limit_filename_length($this->file_name, $this->max_filename);
230.         }
231.  
232.         // Remove white spaces in the name
233.         if ($this->remove_spaces == TRUE)
234.         {
235.             $this->file_name = preg_replace("/\s+/", "_", $this->file_name);
236.         }
237.  
238.         /*
239.          * Validate the file name
240.          * This function appends an number onto the end of
241.          * the file if one with the same name already exists.
242.          * If it returns false there was a problem.
243.          */
244.         $this->orig_name = $this->file_name;
245.  
246.         if ($this->overwrite == FALSE)
247.         {
248.             $this->file_name = $this->set_filename($this->upload_path, $this->file_name);
249.  
250.             if ($this->file_name === FALSE)
251.             {
252.                 return FALSE;
253.             }
254.         }
255.  
256.         /*
257.          * Run the file through the XSS hacking filter
258.          * This helps prevent malicious code from being
259.          * embedded within a file.  Scripts can easily
260.          * be disguised as images or other file types.
261.          */
262.         if ($this->xss_clean)
263.         {
264.             if ($this->do_xss_clean() === FALSE)
265.             {
266.                 $this->set_error('upload_unable_to_write_file');
267.                 return FALSE;
268.             }
269.         }
270.  
271.         /*
272.          * Move the file to the final destination
273.          * To deal with different server configurations
274.          * we'll attempt to use copy() first.  If that fails
275.          * we'll use move_uploaded_file().  One of the two should
276.          * reliably work in most environments
277.          */
278.         if ( ! @copy($this->file_temp, $this->upload_path.$this->file_name))
279.         {
280.             if ( ! @move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name))
281.             {
282.                 $this->set_error('upload_destination_error');
283.                 return FALSE;
284.             }
285.         }
286.  
287.         /*
288.          * Set the finalized image dimensions
289.          * This sets the image width/height (assuming the
290.          * file was an image).  We use this information
291.          * in the "data" function.
292.          */
293.         $this->set_image_properties($this->upload_path.$this->file_name);
294.  
295.         return TRUE;
296.     }
297.    
298.     /**
299.      * Validate Upload Path
300.      *
301.      * Verifies that it is a valid upload path with proper permissions.
302.      *
303.      * ADDED: Creates directory if the directory doesn't exist
304.      *
305.      * @return  bool
306.      */
307.     public function validate_upload_path()
308.     {
309.         if ($this->upload_path == '')
310.         {
311.             $this->set_error('upload_no_filepath');
312.             return FALSE;
313.         }
314.  
315.         if (function_exists('realpath') AND @realpath($this->upload_path) !== FALSE)
316.         {
317.             $this->upload_path = str_replace("\\", "/", realpath($this->upload_path));
318.         }
319.  
320.         if ( ! @is_dir($this->upload_path))
321.         {
322.             if(!mkdir($this->upload_path, 0777, true))
323.             {
324.                 $this->set_error('upload_no_filepath');
325.                 return FALSE;
326.             }
327.         }
328.  
329.         if ( ! is_really_writable($this->upload_path))
330.         {
331.             $this->set_error('upload_not_writable');
332.             return FALSE;
333.         }
334.  
335.         $this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/",  $this->upload_path);
336.         return TRUE;
337.     }
338.     }
339.