[cocanwiki.git] / scripts / upload_file.ml

(* COCANWIKI - a wiki written in Objective CAML.
 * Written by Richard W.M. Jones <rich@merjis.com>.
 * Copyright (C) 2004 Merjis Ltd.
 * $Id: upload_file.ml,v 1.12 2006/03/27 18:09:47 rich Exp $
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; see the file COPYING.  If not, write to
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
 * Boston, MA 02111-1307, USA.
 *)

open Apache
open Registry
open Cgi
open Printf

open ExtString

open Cocanwiki
open Cocanwiki_template
open Cocanwiki_ok
open Cocanwiki_emailnotify
open Cocanwiki_images
open Cocanwiki_strings

(* Valid file names. *)
let file_ok_re = Pcre.regexp "^[a-z0-9][-._a-z0-9]*$"

let run r (q : cgi) dbh hostid { hostname = hostname } user=
  let name = q#param "name" in
  let title = q#param "title" in

  (* See if there was an upload. *)
  let file =
    try
      let upload = q#upload "file" in
      upload.upload_value
    with
        Not_found ->
          error ~title:"No file" ~back_button:true
            dbh hostid q "No file was uploaded.";
          return () in

  (* Check the name is valid. *)
  if not (Pcre.pmatch ~rex:file_ok_re name) then (
    error ~title:"Bad File Name" ~back_button:true
      dbh hostid q
      ("The File Name must contain only lowercase English letters, " ^
       "numbers, dots, dashes and underscore.");
    return ()
  );

  (* Identify the MIME type from the extension. *)
  let mime_type = mime_type_of_filename name in

  let title = if string_is_whitespace title then None else Some title in

  (* Check if something with the same name already exists.  If replace=1
   * then we can replace it, otherwise we must present an error message.
   *)
  let replace = q#param_true "replace" in
  let sth = dbh#prepare_cached "select 1 from files
                                 where hostid = ? and name = ?" in
  sth#execute [Some hostid; Some name];

  let exists = try sth#fetch1int () = 1 with Not_found -> false in

  if exists then (
    if not replace then (
      error ~title:"File already exists" ~back_button:true
        dbh hostid q "An file with the same name already exists.";
    return ()
    ) else (
      let sth = dbh#prepare_cached "update files
                                       set name_deleted = name, name = null
                                     where hostid = ? and name = ?" in
      sth#execute [Some hostid; Some name];
    )
  );

  (* Put the file into the database. *)
  let sth =
    dbh#prepare_cached
      "insert into files (hostid, name, content, title, mime_type)
       values (?, ?, ?, ?, ?)" in
  sth#execute [Some hostid; Some name; `Binary file; title;
               Some mime_type];

  PGOCaml.commit dbh;

  (* Email notify. *)
  let subject = "File " ^ name ^ " has been uploaded." in
  let body = fun () ->
    "Page: http://" ^ hostname ^ "/_files" in

  email_notify ~body ~subject ~user dbh hostid;

  let buttons = [ ok_button "/_files" ] in
  ok ~title:"File uploaded" ~buttons
    dbh hostid q "File was uploaded successfully."

let () =
  register_script ~restrict:[CanEdit] run