Remote File Uploader Script

1. <?php
2. /*
3. * Remote File Copy PHP Script 2.0.0
4. *
5. * Copyright 2012, Sebastian Tschan
6. * https://blueimp.net
7. *
8. * Licensed under the MIT license:
9. * http://www.opensource.org/licenses/MIT
10. */
11.  
12. $upload_dir = __DIR__."/files";
13.  
14. if (empty($_REQUEST["url"])) {
15. ?><!DOCTYPE HTML>
16. <html lang="en">
17. <head>
18. <!--[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]-->
19. <meta charset="utf-8">
20. <title>Remote File Copy</title>
21. <meta name="viewport" content="width=device-width, initial-scale=1.0">
22. </head>
23. <body>
24. <form>
25. <input type="url" placeholder="URL" required>
26. <button type="submit">Start</button>
27. </form>
28. <ul></ul>
29. <progress value="0" max="100" style="display:none;"></progress>
30. <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>
31. <script>
32. function callback(message) {
33. if (!message) {
34. console.error('Empty event callback response.');
35. return;
36. }
37. $.each(message, function (key, value) {
38. switch (key) {
39. case 'send':
40. $('progress').show();
41. break;
42. case 'progress':
43. if (value && value.total) {
44. $('progress').val(value.loaded / value.total * 100);
45. }
46. break;
47. case 'done':
48. $('<li style="color:green;">').text(value && value.name).appendTo('ul');
49. $('progress').hide();
50. break;
51. case 'fail':
52. $('<li style="color:red;">').text(value && value.message).appendTo('ul');
53. $('progress').hide();
54. break;
55. }
56. });
57. }
58. $('form').on('submit', function (e) {
59. e.preventDefault();
60. $('<iframe src="javascript:false;" style="display:none;"></iframe>')
61. .prop('src', '?url=' + encodeURIComponent($(this).find('input').val()))
62. .appendTo(document.body);
63. });
64. </script>
65. </body>
66. </html><?php
67. exit;
68. }
69.  
70. $url = !empty($_REQUEST["url"]) && preg_match("|^http(s)?://.+$|", stripslashes($_REQUEST["url"])) ?
71. stripslashes($_REQUEST["url"]) : null;
72.  
73. $callback = !empty($_REQUEST["callback"]) && preg_match("|^\w+$|", $_REQUEST["callback"]) ?
74. $_REQUEST["callback"] : "callback";
75.  
76. $use_curl = false;defined("CURLOPT_PROGRESSFUNCTION");
77.  
78. $temp_file = tempnam(sys_get_temp_dir(), "upload-");
79.  
80. $fileinfo = new stdClass();
81. $fileinfo->name = trim(basename($url), ".\x00..\x20");
82.  
83. // 1KB of initial data, required by Webkit browsers:
84. echo "<span>".str_repeat("0", 1000)."</span>";
85.  
86. function event_callback ($message) {
87. global $callback;
88. echo "<script>parent.".$callback."(".json_encode($message).");</script>";
89. }
90.  
91. function get_file_path () {
92. global $upload_dir, $fileinfo, $temp_file;
93. return $upload_dir."/".basename($fileinfo->name).'.'.basename($temp_file).'.dat';
94. }
95.  
96. function stream_notification_callback ($notification_code, $severity, $message, $message_code, $bytes_transferred, $bytes_max) {
97. global $fileinfo;
98. switch($notification_code) {
99. case STREAM_NOTIFY_FILE_SIZE_IS:
100. $fileinfo->size = $bytes_max;
101. break;
102. case STREAM_NOTIFY_MIME_TYPE_IS:
103. $fileinfo->type = $message;
104. break;
105. case STREAM_NOTIFY_PROGRESS:
106. if (!$bytes_transferred) {
107. event_callback(array("send" => $fileinfo));
108. }
109. event_callback(array("progress" => array("loaded" => $bytes_transferred, "total" => $bytes_max)));
110. break;
111. }
112. }
113.  
114. function curl_progress_callback ($curl_resource, $total, $loaded) {
115. global $fileinfo;
116. if (!$loaded) {
117. if (!isset($fileinfo->size)) {
118. $fileinfo->size = $total;
119. event_callback(array("send" => $fileinfo));
120. }
121. }
122. event_callback(array("progress" => array("loaded" => $loaded, "total" => $total)));
123. }
124.  
125. if (!$url) {
126. $success = false;
127. } else if ($use_curl) {
128. $fp = fopen($temp_file, "w");
129. $ch = curl_init($url);
130. curl_setopt($ch, CURLOPT_NOPROGRESS, false );
131. curl_setopt($ch, CURLOPT_PROGRESSFUNCTION, "curl_progress_callback");
132. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
133. curl_setopt($ch, CURLOPT_FILE, $fp);
134. $success = curl_exec($ch);
135. $curl_info = curl_getinfo($ch);
136. if (!$success) {
137. $err = array("message" => curl_error($ch));
138. }
139. curl_close($ch);
140. fclose($fp);
141. $fileinfo->size = $curl_info["size_download"];
142. $fileinfo->type = $curl_info["content_type"];
143. } else {
144. $ctx = stream_context_create();
145. stream_context_set_params($ctx, array("notification" => "stream_notification_callback"));
146. $success = copy($url, $temp_file, $ctx);
147. if (!$success) {
148. $err = error_get_last();
149. }
150. }
151.  
152. if ($success) {
153. $success = rename($temp_file, get_file_path());
154. }
155.  
156. if ($success) {
157. event_callback(array("done" => $fileinfo));
158. } else {
159. unlink($temp_file);
160. if (!$err) {
161. $err = array("message" => "Invalid url parameter");
162. }
163. event_callback(array("fail" => $err));
164. }