I want to post Yii csrftoken with dropzone request here is my code
$this->widget('ext.dropzone.EDropzone', array(
'model' => $model,
'attribute' => 'file',
'url' => $this->createUrl('//media/file'),
'mimeTypes' => array('image/jpeg', 'image/png'),
'options' => array('sending' => 'function(file, xhr, formData) {
formData.append("YII_CSRF_TOKEN", "' . Yii::app()->request->csrfToken . '");
}',),
));
//controller > media (it dose not access the controller )
public function actionFile() {
$save_path = Yii::app()->basePath . '/../media/portfolio/';
$save_url = Yii::app()->createAbsoluteUrl('//media/portfolio/');
if (empty($_FILES) === false) {
$file_name = $_FILES['Company'] ['name']['file'];
$fileType = $_FILES['Company']['type']['file'];
$tmp_name = $_FILES['Company']['tmp_name']['file'];
$file_size = $_FILES['Company']['size']['file'];
$temp_arr = explode(".", $file_name);
$file_ext = array_pop($temp_arr);
$file_ext = trim($file_ext);
$file_ext = strtolower($file_ext);
if (!file_exists($save_path))
mkdir($save_path);
$new_file_name = rand(0,1000) . '.' . $file_ext;
$file_path = $save_path . $new_file_name;
move_uploaded_file($tmp_name, $file_path);
}
}
This is how to stop CsrfValidation for some actions
//main/config
Add the following lines under components
'request' => array(
'class' => 'HttpRequest',
'noCsrfValidationRoutes' => array(
'^site/upload.*$',
),
'enableCookieValidation' => true,
'enableCsrfValidation' => true,
),
Then inside the component folder
class HttpRequest extends CHttpRequest
{
public $prev_url;
public $noCsrfValidationRoutes = array();
protected function normalizeRequest()
{
parent::normalizeRequest();
if(!isset($_SERVER['REQUEST_METHOD']) || $_SERVER['REQUEST_METHOD'] != 'POST')
{
return;
}
$route = Yii::app()->getUrlManager()->parseUrl($this);
if($this->enableCsrfValidation)
{
foreach($this->noCsrfValidationRoutes as $cr)
{
if(preg_match('#'.$cr.'#', $route))
{
Yii::app()->detachEventHandler('onBeginRequest', array($this,'validateCsrfToken'));
Yii::trace('Route "'.$route.' passed without CSRF validation');
break; // found first route and break
}
}
}
}
public function getCurrentUri()
{
// Get HTTP/HTTPS (the possible values for this vary from server to server)
$myUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] && !in_array(strtolower($_SERVER['HTTPS']),array('off','no'))) ? 'https' : 'http';
// Get domain portion
$myUrl .= '://'.$_SERVER['HTTP_HOST'];
// Get path to script
$myUrl .= $_SERVER['REQUEST_URI'];
// Add path info, if any
$get = $_GET; // Create a copy of $_GET
if (count($get)) { // Only add a query string if there's anything left
$myUrl .= '?'.http_build_query($get);
}
return $myUrl;
}
}
This is what I found that worked in my search for getting the CSRF tokens to work with the xupload/blueimp jquery file uploader. Put this in the file "EHttpRequest.php" (or create it) in your components directory.
Source: http://www.yiiframework.com/forum/index.php/topic/14500-re-writing-a-class-method-without-editing-framework-files/
<?php
class EHttpRequest extends CHttpRequest
{
public function validateCsrfToken($event)
{
if($this->getIsPostRequest())
{
$cookies=$this->getCookies();
if($cookies->contains($this->csrfTokenName) && isset($_POST[$this->csrfTokenName]) || isset($_GET[$this->csrfTokenName] ))
{
$tokenFromCookie=$cookies->itemAt($this->csrfTokenName)->value;
$tokenFrom=!empty($_POST[$this->csrfTokenName]) ? $_POST[$this->csrfTokenName] : $_GET[$this->csrfTokenName];
$valid=$tokenFromCookie===$tokenFrom;
}
else
$valid=false;
if(!$valid)
throw new CHttpException(400,Yii::t('yii','Lite: The CSRF token could not be verified.'));
}
}
}
?>
Caution: There could be some security risks in doing this, if anyone sees anything wrong with this security-wise, let me know.
Related
I have a small app to sell online courses.
Everytime I reset my migrations by doing php artisan migrate:reset, I get this error if I try to update a field in my Ecourses edit blade file.
Here's my controller
public function update(Request $request, $id)
{
$slugify = new Slugify();
$this->validate($request, [
'name' => 'required',
'price' => 'nullable',
'category_id' => 'required',
'level_id' => 'required',
'subtitle' => 'required',
'description' => 'required',
'video_link' => 'required',
'document' => 'nullable|file',
'status' => 'required|integer'
]);
$ecourse = Ecourse::findOrFail($id);
$ecourse->name = $request->name;
$ecourse->slug = $slugify->slugify($request->name);
$ecourse->price = $request->price;
$ecourse->status = $request->status;
$ecourse->description = $request->description;
$ecourse->subtitle = $request->subtitle;
$ecourse->video_link = $request->video_link;
$ecourse->category_id = $request->category_id;
$ecourse->level_id = $request->level_id;
$document = $request->file('document');
if ($request->hasFile('document')) {
$documentFullname = $document->getClientOriginalName();
$documentName = pathinfo($documentFullname, PATHINFO_FILENAME);
$extension = $document->getClientOriginalExtension();
$file = time() . '_' . $documentName . '.' . $extension;
$document->storeAs('public/ecourses-files/', $file );
}
$fileToDelete = 'public/ecourses-files'. '/' . $ecourse->document;
if (Storage::exists($fileToDelete)) {
Storage::delete($fileToDelete);
}
$ecourse->document = $file;
$ecourse->save();
return redirect()->route('admin.ecourses.index')->with('success','Formation mise à jour');
}
The error is due to this line $ecourse->document = $file; and to make it work I have to comment it, update my Ecourse blade and then uncomment it.
I really don't know what's happening here...
Any help or explanation would be appreciated.
Thanks and take care.
Well it looks like that $request->hasFile('document') return false in this case this block of code will never run
if ($request->hasFile('document')) {
$documentFullname = $document->getClientOriginalName();
$documentName = pathinfo($documentFullname, PATHINFO_FILENAME);
$extension = $document->getClientOriginalExtension();
$file = time() . '_' . $documentName . '.' . $extension;
$document->storeAs('public/ecourses-files/', $file );
}
So there is no variable $file is defined, to solve this you can do
$file = null;
if ($request->hasFile('document')) {
$documentFullname = $document->getClientOriginalName();
$documentName = pathinfo($documentFullname, PATHINFO_FILENAME);
$extension = $document->getClientOriginalExtension();
$file = time() . '_' . $documentName . '.' . $extension;
$document->storeAs('public/ecourses-files/', $file );
}
This will solve the problem but in case that column document cannot be null it will give you an error so you you will have to make it required in validation rules and check why $request->hasFile('document') returns false
Alternative solution, check $file with isset(), if not define then define it, as like :
if(!isset($file)){
$file = null;
}
$ecourse->document = $file;
There is an operator for this:
$course->document = $file ?? null;
I am very new to PHP, I am using PHP Slim Framework. I have tried to research through Stack Overflow but didn't find an answer that answered my question.
I am trying add a car description on my school project, it captures all the fields well but the image is not being saved to the database and not being uploaded to the images folder, instead it saves the image in the database as a json as:
{
"car_images":
[
{
"file":"C:\\xampp\\tmp\\php8F2B.tmp"
}
]
}
instead of a91cffe8c9b5082f.jpg.
when I try to view the image in a browser on my localhost it goes to this path:
http://localhost/carbac/public/category_image/%7B%22car_images%22:[%7B%22file%22:%22C://xampp//tmp//php8F2B.tmp%22%7D]%7D
What could I be doing wrong?
Below is my function for capturing the details:
public function add(Request $request, Response $response, $args){
$car_category_id = $request->getParam('car_category_id');
$name = $request->getParam('name');
$description = $request->getParam('description');
$price = $request->getParam('price');
$mileage = $request->getParam('mileage');
$fuel_type = $request->getParam('fuel_type');
$transmission = $request->getParam('transmission');
$fuel_economy = $request->getParam('fuel_economy');
$air_condition = $request->getParam('air_condition');
$hourly_price = $request->getParam('hourly_price');
$daily_price = $request->getParam('daily_price');
$year = $request->getParam('year');
$directory = __DIR__ . '/../../../public/profile_image';
$uploadedFiles = $request->getUploadedFiles()['category_image'];
$avater = $request->getUploadedFiles();
foreach($uploadedFiles as $uploadedFile) {
if ($uploadedFile->getError() === UPLOAD_ERR_OK) {
$avater[] = \App\Helpers\FileUpload::moveUploadedFile($directory, $uploadedFile, ['png', 'jpeg', 'gif', 'jpg']);
} else {
$Flash = new Flash();
$Flash->addMessage('message', "Sorry, something went wrong from our end, please notify site owner");
$Flash->addMessage('status', "callout-danger");
return $response->withRedirect($this->router->pathFor('car_description'));
}
}
if( ! $avater ) {
$Flash = new Flash();
$Flash->addMessage('message', "Sorry, Please make image you are uploading is either a 'png', 'jpeg' or 'gif'");
$Flash->addMessage('status', "callout-danger");
return $response->withRedirect($this->router->pathFor('car_description'));
}
$car_description = CarDescription::create([
'car_category_id' => $car_category_id,
'name' => $name,
'description' => $description,
'year' => $year,
'mileage' => $mileage,
'price' => $price,
'fuel_type' => $fuel_type,
'transmission' => $transmission,
'fuel_economy' => $fuel_economy,
'air_condition' => $air_condition,
'hourly_price' => $hourly_price,
'daily_price' => $daily_price,
'images' => json_encode($avater)
]);
i want to upload a file from the form into my Application folder(public/img/clientes/).
my form file upload field:
$this->add(array(
'name' => 'foto',
'attributes' => array(
'type' => 'file',
),
'options' => array(
'label' => 'Logo da empresa:',
),
));
my add action function on the controller:
public function addAction()
{
$form = new ClienteForm();
if ($this->getRequest()->isPost()) {
$data = $this->params()->fromPost();
$form->setData($data);
if ($form->isValid()) {
$data = $form->getData();
$name = $data['foto'];
if(isset($name)){
if(!empty($name)){
$location = __DIR__."../../../public/img/clientes/";
if(!move_uploaded_file($name, $location)){
return $this->redirect()->toRoute('home');
}
}
}
$this->clienteManager->addNewCliente($data);
return $this->redirect()->toRoute('clientes');
}
}
return new ViewModel([
'form' => $form
]);
}
I cant seam to find the reason for this not to workIf anyone could help me with a solution here i would be incredibly grateful.
Hope everything is self-descriptive here. Just the upload location is a bit strange. As every request is handled through index.php by ZF and this file uses chdir(dirname(__DIR__)) method to go to upper level, so everything is relative to the application root. That's why we can access directly public/img/clientes, in this case. But the recommendation set it via the configuration in module.config.php. And make it available using ServiceManager.
Make sure your upload directory has a right permission.
...
if ($this->getRequest()->isPost()) {
// Merge data thus
$data = array_merge_recursive(
$this->getRequest()->getPost()->toArray(),
$this->getRequest()->getFiles()->toArray()
);
$form->setData($data);
if ($form->isValid()) {
$data = $form->getData();
// Upload path
$location = "public/img/clientes/";
// A bit validation of uploaded file
$allowedExtension = array('jpg', 'jpeg', 'png');
$extension = explode('.', $data['foto']['name']);
$extension = end($extension);
$fileName = time() . '.' . $extension;
// Check if everything is OK!
if (0 === $data['foto']['error'] && in_array($extension, $allowedExtension)) {
move_uploaded_file($data['foto']['tmp_name'], $location . $fileName);
} else {
echo 'Something went wrong!';
}
}
}
...
Here is already two questions about this problem
Zf2 file upload by jQuery File Upload - file was not found
Can't get blueimp / jQuery-File-Upload and ZF2 running
without ansers. And i'm create issue on ZF2 with code examples.
github.com/zendframework/zf2/issues/6291
And also have request from another developer on my email with question, how to implement jQuery File Upload with ZF2.
github.com/blueimp/jQuery-File-Upload
So, there is real problem for many peple, and no any manuals, no answers.
Please, before send me to read documentation, notice, that i'm spend many hours on problem and already read all documentation and not only i'm have this problem.
Please, write manual with code examples, like How to implement it. Or just answer, why we have this error and how to resolve it?
There i'm copy my example from ZF2 issue.
I'm try use jQuery-File-Upload
Just copy standard tpl, include css and scrypts and it's work, send files to my controller.
But controller doesn't work.
Here is my code
public function processjqueryAction()
{
$request = $this->getRequest();
$response = $this->getResponse();
$jsonModel = new \Zend\View\Model\JsonModel();
if ($request->isPost()) {
try {
$datas = [];
$datas['files'] = [];
$uploadPath = $this->getFileUploadLocation();
$uploadFiles = $this->params()->fromFiles('files');
// throw new \Exception(json_encode("FILES " . serialize($_FILES)));
// Сохранение выгруженного файла
$adapter = new \Zend\File\Transfer\Adapter\Http();
$adapter->setDestination($uploadPath);
$adapter->setValidators(array(
new \Zend\Validator\File\Extension(array(
'extension' => array('jpg', 'jpeg', 'png', 'rtf')
)
),
// new \Zend\Validator\File\Upload()
));
if (!$adapter->isValid()) {
throw new \Exception(json_encode("!isValid " . implode(" ", $adapter->getMessages())));
}
$files = $adapter->getFileInfo();
// throw new \Exception(json_encode($files));
foreach ($files as $file => $info) {
// throw new \Exception(json_encode($info));
$name = $adapter->getFileName($file);
// file uploaded & is valid
if (!$adapter->isUploaded($file)) {
throw new \Exception(json_encode("!isUploaded") . implode(" ", $adapter->getMessages()));
continue;
}
if (!$adapter->isValid($file)) {
throw new \Exception(json_encode("!isValid " . implode(" ", $adapter->getMessages())));
continue;
}
// receive the files into the user directory
$check = $adapter->receive($file); // this has to be on top
if (!$check) {
throw new \Exception(json_encode("! receive" . implode(" ", $adapter->getMessages())));
}
/**
* "name": "picture1.jpg",
"size": 902604,
"url": "http:\/\/example.org\/files\/picture1.jpg",
"thumbnailUrl": "http:\/\/example.org\/files\/thumbnail\/picture1.jpg",
"deleteUrl": "http:\/\/example.org\/files\/picture1.jpg",
"deleteType": "DELETE"
*/
$fileclass = new stdClass();
// we stripped out the image thumbnail for our purpose, primarily for security reasons
// you could add it back in here.
$fileclass->name = $name;
$fileclass->size = $adapter->getFileSize($name);
$fileclass->type = $adapter->getMimeType($name);
$fileclass->deleteUrl = '/uploads/delete';
$fileclass->deleteType = 'DELETE';
//$fileclass->error = 'null';
$fileclass->url = '/';
$datas['files'][] = $fileclass;
}
$response->getHeaders()->addHeaders(array(
'Pragma' => 'no-cache',
'Cache-Control' => 'private, no-cache',
"Content-Type" => 'application/json'
));
// return $response->setContent(json_encode(array('files' => $files)));
return $response->setContent(json_encode($datas));
} catch (\Exception $e) {
return $response->setContent(json_encode($e->getMessage()));
}
}
return $jsonModel;
}
Sorry for debug code, but with it you can see, i'm try hard to make it work, over 3 hours.
Error is
"File 'CIMG0042.JPG' was not found"
When i'm call $adapter->isValid()
Or when call it with file name, same error.
Path, where files uploaded, is correct and writable. $_FILES array is exist and valid.
Here is $_FILES json
FILES a:1:{s:5:\"files\";a:5:{s:4:\"name\";a:1:{i:0;s:28:\"52876065d17dce0a7472e5d6.jpg\";}s:4:\"type\";a:1:{i:0;s:10:\"image\/jpeg\";}s:8:\"tmp_name\";a:1:{i:0;s:14:\"\/tmp\/phpmfT2mB\";}s:5:\"error\";a:1:{i:0;i:0;}s:4:\"size\";a:1:{i:0;i:82640;}}}
And result of $files = $adapter->getFileInfo();
"{"files_0_":{"name":"52876065d17dce0a7472e5d6.jpg","type":"image\/jpeg","tmp_name":"\/tmp\/phpF6VoO9","error":0,"size":"82640","options":{"ignoreNoFile":false,"useByteString":true,"magicFile":null,"detectInfos":true},"validated":false,"received":false,"filtered":false,"validators":["Zend\\Validator\\File\\Upload","Zend\\Validator\\File\\Extension"],"destination":"\/home\/seyfer\/www\/zend2-tutorial.me\/module\/Users\/config\/..\/..\/..\/data\/uploads"}}"
isUploaded passes, but isValid not.
What i'm doing wrong?
Documentation say this
Zend_File_Transfer has been deprecated in favor of using the standard ZF2 Zend\Form and Zend\InputFilter features.
Maybe it's mean, that Form need to be used for file uploading in any way?
UPD 25.05.14
Now i'm add form
class UploadJqueryForm extends BaseForm
{
public function __construct()
{
parent::__construct(__CLASS__);
$this->setAttribute('method', 'post');
$this->setAttribute('enctype', 'multipart/form-data');
$this->init();
}
public function init()
{
$fileupload = new Element\File('files');
$fileupload->setLabel("files");
$fileupload->setAttribute('multiple', 'multiple');
$this->add($fileupload);
$button = new Element\Button('start');
$button->setAttribute("type", 'submit');
$button->setValue("Start upload")->setLabel("Start upload");
$this->add($button);
$button = new Element\Button('cancel');
$button->setAttribute("type", 'reset');
$button->setValue("Cancel upload")->setLabel("Cancel upload");
$this->add($button);
$button = new Element\Button('delete');
$button->setAttribute("type", 'button');
$button->setValue("Delete")->setLabel("Delete");
$this->add($button);
$checkbox = new Element\Checkbox('toggle');
$checkbox->setValue("Toggle")->setLabel("Toggle");
$checkbox->setAttribute("required", "");
$this->add($checkbox);
}
}
Use it
public function processjqueryAction()
{
$form = new \Users\Form\UploadJqueryForm();
$request = $this->getRequest();
$response = $this->getResponse();
$jsonModel = new \Zend\View\Model\JsonModel();
try {
if ($request->isPost()) {
$data = array_merge_recursive(
$this->getRequest()->getPost()->toArray(), $this->getRequest()->getFiles()->toArray()
);
// throw new \Exception(json_encode("data " . serialize($data)));
$form->setData($data);
if ($form->isValid()) {
$datas = [];
$datas['files'] = [];
$uploadPath = $this->getFileUploadLocation();
// $uploadFiles = $this->params()->fromFiles('files');
// throw new \Exception(json_encode("FILES " . serialize($_FILES)));
// Сохранение выгруженного файла
$adapter = new \Zend\File\Transfer\Adapter\Http();
$adapter->setDestination($uploadPath);
$adapter->setValidators(array(
new \Zend\Validator\File\Extension(array(
'extension' => array('jpg', 'jpeg', 'png', 'rtf')
)
),
));
if (!$adapter->isValid()) {
throw new \Exception(json_encode("!isValid " . implode(" ", $adapter->getMessages())));
}
$files = $adapter->getFileInfo();
// throw new \Exception(json_encode($files));
foreach ($files as $file => $info) {
// throw new \Exception(json_encode($info));
$name = $adapter->getFileName($file);
// file uploaded & is valid
if (!$adapter->isUploaded($file)) {
throw new \Exception(json_encode("!isUploaded") . implode(" ", $adapter->getMessages()));
continue;
}
if (!$adapter->isValid($file)) {
throw new \Exception(json_encode("!isValid " . implode(" ", $adapter->getMessages())));
continue;
}
// receive the files into the user directory
$check = $adapter->receive($file); // this has to be on top
if (!$check) {
throw new \Exception(json_encode("! receive" . implode(" ", $adapter->getMessages())));
}
/**
* "name": "picture1.jpg",
"size": 902604,
"url": "http:\/\/example.org\/files\/picture1.jpg",
"thumbnailUrl": "http:\/\/example.org\/files\/thumbnail\/picture1.jpg",
"deleteUrl": "http:\/\/example.org\/files\/picture1.jpg",
"deleteType": "DELETE"
*/
$fileclass = new stdClass();
// we stripped out the image thumbnail for our purpose, primarily for security reasons
// you could add it back in here.
$fileclass->name = $name;
$fileclass->size = $adapter->getFileSize($name);
$fileclass->type = $adapter->getMimeType($name);
$fileclass->deleteUrl = '/uploads/delete';
$fileclass->deleteType = 'DELETE';
//$fileclass->error = 'null';
$fileclass->url = '/';
$datas['files'][] = $fileclass;
}
$response->getHeaders()->addHeaders(array(
'Pragma' => 'no-cache',
'Cache-Control' => 'private, no-cache',
"Content-Type" => 'application/json'
));
return $response->setContent(json_encode($datas));
} else {
throw new \Exception(json_encode("!isValid form" . serialize($form->getMessages())));
}
}
} catch (\Exception $e) {
return $response->setContent(json_encode($e->getMessage()));
}
return $jsonModel;
And still get error
File '24866-fu-blyad-otvratitelno.jpg' was not found
Also I tried with InputFilter
class UploadJqueryFilter extends InputFilter implements
InputFilterAwareInterface
{
public function __construct()
{
$this->getInputFilter();
}
public function getInputFilter()
{
$toggle = new Input('toggle');
$toggle->setRequired(FALSE);
$this->add($toggle);
$files = new \Zend\InputFilter\FileInput('files');
$files->setRequired(TRUE);
$files->getValidatorChain()->attach(new Validator\File\UploadFile);
$files->getFilterChain()->attach(new \Zend\Filter\File\RenameUpload(array(
'target' => __DIR__ . '/../../../../../../tmpuploads/tmp',
'randomize' => true,
)));
$this->add($files);
return $this;
}
public function setInputFilter(InputFilterInterface $inputFilter)
{
return false;
}
}
And have same error.
I had this problem too. Wasting several hours before found the problem. Turn out it's because the name attribute for input tag cannot be set as 'files'.
So this is a no:
<input id="files" type="file" name="files" data-url="/upload-action" />
Changing the name attribute to any string other than files such as file will solve this problem.
<input id="files" type="file" name="file" data-url="/upload-action" />
I see from $_FILES that you had set name as files. Try changing that.
Make sure you update the reference you made in your controller too.
I am trying to create event with picture, but when i upload picture to facebook it throws me an error (#324) Missing or invalid image file
this is the function to upload picture.
public function uploadFacebookEventPicture($fullPath, $eventId) {
$mainImage = '#' . $fullPath;
$imgData = array(
'picture' => $mainImage
);
try {
$data = $this->facebook->api('/'.$eventId, 'post', $imgData);
return $data;
} catch (FacebookApiException $e) {
error_log('Failed to attach picture to event. Exception: ' . $e->getMessage());
}
return null;
}
the par of code i use after form post
if ($file[$name]['error'] == 0) {
$fileName = $file[$name]['name'];
$fileInfo = pathinfo($fileName);
$newFileName = md5($fileName . microtime()) . '.' . $fileInfo['extension'];
$fullPath = $this->config->applications->uploadPath . $newFileName;
$form->$name->addFilter('Rename', $fullPath);
if ($form->$name->receive()) {
$resize = new SimpleImage();
$resize->load($fullPath);
$resize->resizeToWidth($this->config->applications->resize->width);
$resize->save($fullPath);
// Gathering data for saving files information
$fileInfo = array(
'name' => $newFileName,
'type' => FileTypes::IMAGE,
'description' => 'Application: Uploaded from Events form in back-end',
);
$fileId = $dbFiles->save($fileInfo);
$eventFileData = array(
'event_id' => $eventId,
'file_id' => $fileId,
'main_image' => ($name == 'mainImage') ? 1 : 0
);
$dbEventFiles->save($eventFileData);
if ($name === 'mainImage') {
$success = **$this->uploadFacebookEventPicture($fullPath, $eventData['fb_event_id']**);
}
}
}
facebook object is created with upload file true
$facebook = new Facebook(array(
'appId' => $config->facebook->appId,
'secret' => $config->facebook->secret,
'fileUpload' => true
));
According to Facebook bug tracker, this bug has been fixed:
Bug tracker post
Status changed to Fixed
Code above works fine for uploading facebook event picture.