chamilo-lms/main/conference/audiopost.php

<?php 
//file_put_contents("result.txt", print_r($_POST, true));
//file_put_contents("result3.txt", print_r($_FILES, true));
//file_put_contents("result2.txt", print_r($_GET, true));
require('../inc/global.inc.php');

// check the request comes from our red5 server
$ips = gethostbynamel(api_get_setting('service_visio','visio_host'));
$is_our_server = false;
if(is_array($ips))
{
	foreach($ips as $ip)
	{
		if($ip == $_SERVER['REMOTE_HOST']){$is_our_server = true;}
	}
}
if($is_our_server)
{
	if(api_get_setting('service_visio','active')=='true')
	{
		//check encryption key
		$string1 = $_GET['course_code'].$_GET['user_id'].gmdate('Ymd').$_configuration['security_key'];
		$string2 = $_GET['course_code'].$_GET['user_id'].(gmdate('Ymd')-1).$_configuration['security_key'];
		if(md5($string1) == $_GET['checker'] or md5($string2) == $_GET['checker'])
		{
			$course_info = api_get_course_info($_GET['course_code']);
			$target = api_get_path(SYS_COURSE_PATH).$course_info['path'].'/document/audio/';
			$basename = basename( $_FILES['file']['name']);
			$target = $target . $basename ;
			if(!move_uploaded_file($_FILES['file']['tmp_name'], $target))
			{
				error_log(__FILE__.':'.__LINE__.': File upload to '.$target.' failed',0);
			}
			else
			{
				$id = DocumentManager::add_document($course_info,'/audio/'.$basename,'file',filesize($target),$basename);
				if($id !== false)
				{
					$res = api_item_property_update($course_info,TOOL_DOCUMENT,$id,'DocumentAdded',$_GET['user_id']);
					if($res === false)
					{
						error_log(__FILE__.':'.__LINE__.': Something went wrong with item properties update of '.$target,0);					
					}
				}
				else
				{
					error_log(__FILE__.':'.__LINE__.': Could not create document record for document '.$target,0);					
				}
			}
		}
		else
		{
			error_log(__FILE__.':'.__LINE__.': Attempting to save file but hash check did not suceed (hacking attempt?)',0);
		}
	}
	else
	{
		error_log(__FILE__.':'.__LINE__.': Attempting to save file but videoconf is not enabled',0);
	}
}
else
{
	error_log(__FILE__.':'.__LINE__.': Attempting to save file but coming from unknown source',0);
}
?>
[svn r15019] Renamed testpost.php 17 years ago			`<?php`
			`//file_put_contents("result.txt", print_r($_POST, true));`
			`//file_put_contents("result3.txt", print_r($_FILES, true));`
			`//file_put_contents("result2.txt", print_r($_GET, true));`
			`require('../inc/global.inc.php');`
[svn r15056] Improvements to audio upload script (security features and lots of well-placed error_logging) 17 years ago
			`// check the request comes from our red5 server`
			`$ips = gethostbynamel(api_get_setting('service_visio','visio_host'));`
			`$is_our_server = false;`
			`if(is_array($ips))`
[svn r15019] Renamed testpost.php 17 years ago			`{`
[svn r15056] Improvements to audio upload script (security features and lots of well-placed error_logging) 17 years ago			`foreach($ips as $ip)`
			`{`
			`if($ip == $_SERVER['REMOTE_HOST']){$is_our_server = true;}`
			`}`
			`}`
			`if($is_our_server)`
			`{`
			`if(api_get_setting('service_visio','active')=='true')`
			`{`
			`//check encryption key`
			`$string1 = $_GET['course_code'].$_GET['user_id'].gmdate('Ymd').$_configuration['security_key'];`
			`$string2 = $_GET['course_code'].$_GET['user_id'].(gmdate('Ymd')-1).$_configuration['security_key'];`
			`if(md5($string1) == $_GET['checker'] or md5($string2) == $_GET['checker'])`
			`{`
			`$course_info = api_get_course_info($_GET['course_code']);`
			`$target = api_get_path(SYS_COURSE_PATH).$course_info['path'].'/document/audio/';`
			`$basename = basename( $_FILES['file']['name']);`
			`$target = $target . $basename ;`
			`if(!move_uploaded_file($_FILES['file']['tmp_name'], $target))`
			`{`
			`error_log(__FILE__.':'.__LINE__.': File upload to '.$target.' failed',0);`
			`}`
			`else`
			`{`
			`$id = DocumentManager::add_document($course_info,'/audio/'.$basename,'file',filesize($target),$basename);`
			`if($id !== false)`
			`{`
			`$res = api_item_property_update($course_info,TOOL_DOCUMENT,$id,'DocumentAdded',$_GET['user_id']);`
			`if($res === false)`
			`{`
			`error_log(__FILE__.':'.__LINE__.': Something went wrong with item properties update of '.$target,0);`
			`}`
			`}`
			`else`
			`{`
			`error_log(__FILE__.':'.__LINE__.': Could not create document record for document '.$target,0);`
			`}`
			`}`
			`}`
			`else`
			`{`
			`error_log(__FILE__.':'.__LINE__.': Attempting to save file but hash check did not suceed (hacking attempt?)',0);`
			`}`
			`}`
			`else`
			`{`
			`error_log(__FILE__.':'.__LINE__.': Attempting to save file but videoconf is not enabled',0);`
			`}`
			`}`
			`else`
			`{`
			`error_log(__FILE__.':'.__LINE__.': Attempting to save file but coming from unknown source',0);`
[svn r15019] Renamed testpost.php 17 years ago			`}`
			`?>`