meilleure determination du type de fichier

This commit is contained in:
thaaoblues 2024-09-09 20:38:23 +02:00
parent 4426e82b27
commit da1b253679
5 changed files with 232 additions and 119 deletions

15
bdd.php
View file

@ -11,6 +11,13 @@ $uploadDir = 'archives/';
// le type de document est classifié entre 0 et n dans l'ensemble des entiers naturels
$max_val_type = 3;
/*
1 : texte
2 : image
3 : pdf
0 : non supporté
-1 : erreur
*/
// Liste des extensions autorisées pour les images
$image_extensions = [
@ -87,7 +94,6 @@ function saveFilesFromPost($postData,$id_ensemble) {
// Iterate through each file in the $_FILES array
$safe_type = intval($postData['type']);
$i = 0;
@ -95,6 +101,7 @@ function saveFilesFromPost($postData,$id_ensemble) {
foreach ($_FILES as $file) {
$safe_type = checkFileTypeSecure($file['tmp_name']);
// Create a unique filename to avoid overwriting existing files
$uniqueFileName = uniqid() . '_' . $fileName;
@ -102,8 +109,8 @@ function saveFilesFromPost($postData,$id_ensemble) {
// Extract file information
if (isset($file['name'])){
$fileName = htmlspecialchars($file['name']);
if(!check_ext($fileName)){
echo(json_encode(["status"=>"0","msg"=>"le fichier '$fileName' n'a pas passé les filtres d'extensions."]));
if(!check_ext($fileName) || $safe_type == 0){
echo(json_encode(["status"=>"0","msg"=>"le fichier '$fileName' n'a pas passé les filtres de contenu. ( dommaaaaggee :c )"]));
exit;
}
@ -355,7 +362,7 @@ function generer_chronologie(){
// on rajoute le chemin vers chaque document présent dans l'ensemble
$resultat_complet = array();
foreach($ensembles as $ens){
$sql = "SELECT titre,upload_path,ensemble_id FROM documents WHERE ensemble_id=?";
$sql = "SELECT titre,upload_path,ensemble_id,type FROM documents WHERE ensemble_id=?";
$res = $conn->execute_query($sql,array($ens["id"]));
$ens["documents"] = array();
while($doc = $res->fetch_assoc()){

View file

@ -169,19 +169,6 @@ async function gen_contenu() {
const data = await response.json();
console.log(data);
const image_extensions = [
'jpg',
'jpeg',
'png',
'gif',
'bmp',
'tiff',
'tif',
'webp',
'svg',
'ico',
'raw'
];
const dataContainer = document.getElementById('data-container');
@ -209,10 +196,8 @@ async function gen_contenu() {
uploadPathDiv.textContent = `Upload Path: ${doc.upload_path}`;
card.appendChild(uploadPathDiv);*/
// Ajout du contenu spécifique selon le type de fichier
let ext = doc.upload_path.toString().split(".").pop();
switch (true) {
case image_extensions.includes(ext): // image
switch (doc.type) {
case 2: // image
const img = document.createElement('img');
img.src = doc.upload_path;
img.alt = doc.titre;
@ -225,7 +210,7 @@ async function gen_contenu() {
imageLink.target = '_blank';
card.appendChild(imageLink);
break;
case ext == "pdf": // pdf
case 3: // pdf
const embed = document.createElement('embed');
embed.src = doc.upload_path;
card.appendChild(embed);
@ -237,17 +222,27 @@ async function gen_contenu() {
pdfLink.target = '_blank';
card.appendChild(pdfLink);
break;
case ext == "mp4": // video
case 4: // video
const video = document.createElement('video');
video.src = doc.upload_path;
video.controls = true;
card.appendChild(video);
break;
case ext == "html":
case 5:
const iframe = document.createElement('iframe');
iframe.src = doc.upload_path;
card.appendChild(iframe);
break;
case 1:
const textarea = document.createElement('textarea');
var xmlhttp, text;
xmlhttp = new XMLHttpRequest();
xmlhttp.open('GET', doc.upload_path, false);
xmlhttp.send();
text = xmlhttp.responseText;
textarea.value = text;
card.appendChild(textarea)
default:
const unsupportedLink = document.createElement('a');
unsupportedLink.href = doc.upload_path;

View file

@ -56,23 +56,9 @@ async function rechercher(){
card.appendChild(titre_ensemble);
// fichiers spéciaux ?
let ext = doc.upload_path.toString().split(".").pop();
const image_extensions = [
'jpg',
'jpeg',
'png',
'gif',
'bmp',
'tiff',
'tif',
'webp',
'svg',
'ico',
'raw'
];
switch (true) {
case image_extensions.includes(ext): // image
switch (doc.type) {
case 2: // image
const img = document.createElement('img');
img.src = doc.upload_path;
img.alt = doc.titre;
@ -85,7 +71,7 @@ async function rechercher(){
imageLink.target = '_blank';
card.appendChild(imageLink);
break;
case ext == "pdf": // pdf
case 3: // pdf
const embed = document.createElement('embed');
embed.src = doc.upload_path;
card.appendChild(embed);
@ -97,17 +83,27 @@ async function rechercher(){
pdfLink.target = '_blank';
card.appendChild(pdfLink);
break;
case ext == "mp4": // video
case 4: // video
const video = document.createElement('video');
video.src = doc.upload_path;
video.controls = true;
card.appendChild(video);
break;
case ext == "html":
case 5:
const iframe = document.createElement('iframe');
iframe.src = doc.upload_path;
card.appendChild(iframe);
break;
case 1:
const textarea = document.createElement('textarea');
var xmlhttp, text;
xmlhttp = new XMLHttpRequest();
xmlhttp.open('GET', doc.upload_path, false);
xmlhttp.send();
text = xmlhttp.responseText;
textarea.value = text;
card.appendChild(textarea)
default:
const unsupportedLink = document.createElement('a');
unsupportedLink.href = doc.upload_path;
@ -169,23 +165,10 @@ async function gen_chronologie(){
card.appendChild(titre_ensemble);
// fichiers spéciaux ?
let ext = doc.upload_path.toString().split(".").pop();
const image_extensions = [
'jpg',
'jpeg',
'png',
'gif',
'bmp',
'tiff',
'tif',
'webp',
'svg',
'ico',
'raw'
];
switch (true) {
case image_extensions.includes(ext): // image
switch (doc.type) {
case 2: // image
const img = document.createElement('img');
img.src = doc.upload_path;
img.alt = doc.titre;
@ -198,7 +181,7 @@ async function gen_chronologie(){
imageLink.target = '_blank';
card.appendChild(imageLink);
break;
case ext == "pdf": // pdf
case 3: // pdf
const embed = document.createElement('embed');
embed.src = doc.upload_path;
card.appendChild(embed);
@ -210,17 +193,27 @@ async function gen_chronologie(){
pdfLink.target = '_blank';
card.appendChild(pdfLink);
break;
case ext == "mp4": // video
case 4: // video
const video = document.createElement('video');
video.src = doc.upload_path;
video.controls = true;
card.appendChild(video);
break;
case ext == "html":
case 5:
const iframe = document.createElement('iframe');
iframe.src = doc.upload_path;
card.appendChild(iframe);
break;
case 1:
const textarea = document.createElement('textarea');
var xmlhttp, text;
xmlhttp = new XMLHttpRequest();
xmlhttp.open('GET', doc.upload_path, false);
xmlhttp.send();
text = xmlhttp.responseText;
textarea.value = text;
card.appendChild(textarea)
default:
const unsupportedLink = document.createElement('a');
unsupportedLink.href = doc.upload_path;

View file

@ -16,4 +16,90 @@ function assainir_et_valider_mel($og_mel): string {
}
}
function getFileSignature($filePath, $length = 8) {
// Open the file and read the first few bytes (file signature)
if ($file = fopen($filePath, 'rb')) {
$signature = fread($file, $length);
fclose($file);
return bin2hex($signature); // Return as hexadecimal string
}
return false;
}
function checkFileTypeSecure($filePath) {
if (!file_exists($filePath)) {
return -1; // File does not exist
}
// Get the file's signature (magic bytes)
$fileSignature = getFileSignature($filePath);
// Check for common signatures
$signatures = [
'text' => [
'txt' => 'efbbbf', // UTF-8 encoded text files (BOM)
],
'pdf' => [
'pdf' => '25504446', // PDF files always start with "%PDF" in hex
],
'image' => [
'jpeg' => 'ffd8ffe0', // JPEG
'png' => '89504e47', // PNG
'gif' => '47494638', // GIF
'bmp' => '424d', // BMP
'webp' => '52494646', // WebP starts with "RIFF"
'tiff' => '49492a00' // TIFF
],
'video' => [
'mp4' => '00000018', // MP4
//'avi' => '52494646', // AVI starts with "RIFF" bah relou du coup c'est pareil que webp
'mkv' => '1a45dfa3', // MKV
'mov' => '00000014' // MOV
],
'html' => [
'html' => '3c68746d', // HTML documents start with "<html"
]
];
// Check against known file signatures
// Check for plain text
foreach ($signatures['text'] as $format => $signature) {
if (strpos($fileSignature, $signature) === 0) {
return 1; // Plain text file
}
}
// Check for PDF
foreach ($signatures['pdf'] as $format => $signature) {
if (strpos($fileSignature, $signature) === 0) {
return 3; // PDF file
}
}
// Check for images
foreach ($signatures['image'] as $format => $signature) {
if (strpos($fileSignature, $signature) === 0) {
return 2; // Image file
}
}
// Check for videos
foreach ($signatures['video'] as $format => $signature) {
if (strpos($fileSignature, $signature) === 0) {
return 4; // Video file
}
}
// Check for HTML documents
foreach ($signatures['html'] as $format => $signature) {
if (strpos($fileSignature, $signature) === 0) {
return 5; // HTML file
}
}
return 0; // Unknown or unsupported file type
}
?>

View file

@ -54,21 +54,7 @@ function generer_chronologie() {
echo "<p>Upload Path: {$row['upload_path']}</p>";
echo "<p>Ensemble ID: {$row['ensemble_id']}</p>";
$extension = pathinfo($row['upload_path'], PATHINFO_EXTENSION);
if (strtolower($extension) === 'pdf'):
echo "<embed src=\"{$row['upload_path']}\" type=\"application/pdf\" width=\"100%\" height=\"600px\" />";
elseif (in_array(strtolower($extension), ['jpg', 'jpeg', 'png', 'gif'])):
echo "<img src=\"{$row['upload_path']}\">";
elseif (strtolower($extension) == "html"):
echo("<iframe src=\"{$row['upload_path']}\"></iframe>");
else:
echo "<p>Unsupported file type</p>".$row['upload_path'];
endif;
echo "<p>Theme ID: {$row['theme_id']}</p>";
generateFileHTML($row);
}
@ -82,6 +68,52 @@ function generer_chronologie() {
}
// Function to handle different file types and generate HTML dynamically
function generateFileHTML($row) {
// Simulating the switch-case equivalent in PHP using a switch on doc.type
$doc_type = $row['type']; // Assuming 'type' is the same as doc.type in JS
switch ($doc_type) {
case 2: // Image
// Create image element
echo "<img src=\"{$row['upload_path']}\" alt=\"{$row['titre']}\" />";
// Create link to view image
echo "<a href=\"{$row['upload_path']}\" class=\"lien\" target=\"_blank\">Voir image</a>";
break;
case 3: // PDF
// Create embed for PDF
echo "<embed src=\"{$row['upload_path']}\" type=\"application/pdf\" width=\"100%\" height=\"600px\" />";
// Create link to view PDF
echo "<a href=\"{$row['upload_path']}\" class=\"lien\" target=\"_blank\">Voir PDF en grand</a>";
break;
case 4: // Video
// Create video element with controls
echo "<video src=\"{$row['upload_path']}\" controls></video>";
break;
case 5: // HTML
// Create iframe for HTML document
echo "<iframe src=\"{$row['upload_path']}\" width=\"100%\" height=\"600px\"></iframe>";
break;
case 1: // Plain Text
// Fetch content via PHP file_get_contents
$text = file_get_contents($row['upload_path']);
echo "<textarea readonly style=\"width: 100%; height: 200px;\">$text</textarea>";
break;
default:
// Unsupported file type, create link
echo "<a href=\"{$row['upload_path']}\" class=\"lien\" target=\"_blank\">Type de fichier non supporté.</a>";
break;
}
}
?>
<!DOCTYPE html>
<html lang="en">