<?php
/**
 *  Copyright (C) 2022, 2024  Double Bastion LLC
 *
 *  This file is part of Roundpin, which is licensed under the
 *  GNU Affero General Public License Version 3.0. The license terms
 *  are detailed in the "LICENSE.txt" file located in the root directory.
 */

session_start();

if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access']) && isset($_POST['sipUser']) && $_POST['sipUser'] != '') {

  $sipUser = $_POST['sipUser'];
  $resmessage = '';

  try {

    // Check for undefined error, multiple files, $_FILES corruption
    if (!isset($_FILES['uploadedRecFile']['error']) || is_array($_FILES['uploadedRecFile']['error'])) {
        throw new RuntimeException('Invalid parameters.');
    }

    // Check $_FILES['upfile']['error'] value
    switch ($_FILES['uploadedRecFile']['error']) {
        case UPLOAD_ERR_OK:
             break;
        case UPLOAD_ERR_NO_FILE:
             throw new RuntimeException('No file sent.');
        case UPLOAD_ERR_INI_SIZE:
             throw new RuntimeException('The file size limit was exceeded! Please choose a file with a smaller size!');
        case UPLOAD_ERR_FORM_SIZE:
             throw new RuntimeException('The file size limit was exceeded! Please choose a file with a smaller size!');
        default:
             throw new RuntimeException('Unknown error.');
    }

    // Check file size (in bytes)
    if ($_FILES['uploadedRecFile']['size'] > 786432000) {
        throw new RuntimeException('Uploaded file size exceeds the limit of 750 MB.');
    }

    // Check MIME Type
    $finfo = new finfo(FILEINFO_MIME_TYPE);
    $detMime = $finfo->file($_FILES['uploadedRecFile']['tmp_name']);
    if ($detMime != 'video/webm' && $detMime != 'audio/webm') { throw new RuntimeException('Invalid file format.'); }

    // Check if the uploaded file contains PHP or JavaScript code tags
    $upFileContent = file_get_contents($_FILES['uploadedRecFile']['tmp_name']);
    if ((strpos($upFileContent, "<?php") !== false) || (strpos($upFileContent, "<script") !== false)) { throw new RuntimeException('Invalid file type.'); }

    // Create the directories if they don't exist
    if (!is_dir('../textchat/' . $sipUser)) {
        mkdir('../textchat/' . $sipUser, 0700);
    }

    if (!is_dir('../textchat/' . $sipUser . '/uploads')) {
        mkdir('../textchat/' . $sipUser . '/uploads', 0700);
    }

    // Check if the name of the uploaded file is valid
    $nameWithoutExt = pathinfo($_FILES["uploadedRecFile"]["name"], PATHINFO_FILENAME);

    if (preg_match('/^[a-zA-Z0-9\-\_\.]+$/', $nameWithoutExt)) {

        // Check if the name of the uploaded file is larger than 50 bytes
        if (strlen(basename($_FILES["uploadedRecFile"]["name"])) <= 50) {

            // Check if a file with the same name already exists in the 'uploads' directory of that respective user
            if (!file_exists('../textchat/' . $sipUser . '/uploads/' . basename($_FILES["uploadedRecFile"]["name"]))) {

                $upload_dir = '../textchat/' . $sipUser . '/uploads/';
                $targetfile = $upload_dir . basename($_FILES["uploadedRecFile"]["name"]);

                // Scan the uploaded file with ClamAV if ClamAV is installed
                if (file_exists('/usr/bin/clamdscan')) {

                    $clamdisrunning = exec("systemctl show -p ActiveState --value clamav-daemon");

                    if ($clamdisrunning == 'active') {

		        $safePath = escapeshellarg($_FILES["uploadedRecFile"]['tmp_name']);
                        $runclamdscan = 'clamdscan --fdpass --quiet ' . $safePath . '';
		        $resout = '';
		        $rescheck = 1;
		        exec($runclamdscan, $resout, $rescheck);

		        if ($rescheck == 0) {

                            if (move_uploaded_file($_FILES["uploadedRecFile"]["tmp_name"], $targetfile)) {
                                chmod($targetfile, 0600);
                            } else {
                                throw new RuntimeException('There was an error while uploading the file.');
                            }

                        } else { unlink($safePath); throw new RuntimeException('The file contains a virus or other type of malware.'); }

                    } else { throw new RuntimeException("The ClavAV antivirus is installed but clamav-daemon is not active and the uploaded file couldn't be scanned! Please check the status of clamav-daemon!"); }

                } else {

                        if (move_uploaded_file($_FILES["uploadedRecFile"]["tmp_name"], $targetfile)) {
                            chmod($targetfile, 0600);

                        } else { throw new RuntimeException('There was an error while uploading the file.'); }
                }

            } else { throw new RuntimeException('A file with the same name, ' . basename($_FILES["uploadedRecFile"]["name"]) . ', has been already sent. Please send a different file or rename your file before sending it.'); }

        } else { throw new RuntimeException('The name of the uploaded file is too long. File name length should not exceed 50 (Latin) characters. You can give a shorter name to your file and try again.'); }

    } else { throw new RuntimeException('The name of the uploaded file is not valid. File names should contain only alphanumeric characters, hyphens, underscores and dots.'); }

  } catch (RuntimeException $e) {

        $resmessage = $e->getMessage();
  }

  $respdata = ['error' => $resmessage];

  echo json_encode($respdata);

} else {
       header("Location: ../login.php");
}

?>