Context Navigation

source: branches/2.1/upload.php @ 6343

Last change on this file since 6343 was 6343, checked in by plg, 14 years ago

merge r6341 from trunk to branch 2.1

Fix incorrect permissions

Property svn:eol-style set to LF
Property svn:mergeinfo set to
/branches/2.0/upload.php merged eligible
/trunk/upload.php merged eligible

File size: 14.6 KB

Rev	Line
[2]	1	<?php
[354]	2	// +-----------------------------------------------------------------------+
[2297]	3	// \| Piwigo - a PHP based picture gallery \|
	4	// +-----------------------------------------------------------------------+
[5196]	5	// \| Copyright(C) 2008-2010 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[2325]	23
[364]	24	define('PHPWG_ROOT_PATH','./');
[345]	25
[2325]	26	// +-----------------------------------------------------------------------+
	27	// \| Includes \|
	28	// +-----------------------------------------------------------------------+
	29	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
[1850]	30
[2325]	31	// +-----------------------------------------------------------------------+
	32	// \| Check Access and exit when user status is not ok \|
	33	// +-----------------------------------------------------------------------+
	34	check_status($conf['upload_user_access']);
[1631]	35
[2325]	36	$username = !empty($_POST['username']) ? $_POST['username']:(is_classic_user() ? $user['username'] : '');
	37	$mail_address = !empty($_POST['mail_address']) ? $_POST['mail_address'] : (is_classic_user() ? $user['email'] : '');
	38	$name = !empty($_POST['name']) ? $_POST['name'] : '';
	39	$author = !empty($_POST['author']) ? $_POST['author'] : (is_classic_user() ? $user['username'] : '');
	40	$date_creation = !empty($_POST['date_creation']) ? $_POST['date_creation'] : '';
	41	$comment = !empty($_POST['comment']) ? $_POST['comment'] : '';
	42
[10]	43	//------------------------------------------------------------------- functions
[2]	44	// The validate_upload function checks if the image of the given path is valid.
	45	// A picture is valid when :
	46	// - width, height and filesize are not higher than the maximum
	47	// filesize authorized by the administrator
	48	// - the type of the picture is among jpg, gif and png
	49	// The function returns an array containing :
	50	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
	51	// - $result['error'] contains an array with the different errors
	52	// found with the picture
	53	function validate_upload( $temp_name, $my_max_file_size,
	54	$image_max_width, $image_max_height )
	55	{
[1631]	56	global $conf, $lang, $page, $mail_address;
	57
[2]	58	$result = array();
	59	$result['error'] = array();
[3747]	60	//echo $_FILES['picture']['name']."<br />".$temp_name;
[2]	61	$extension = get_extension( $_FILES['picture']['name'] );
[585]	62	if (!in_array($extension, $conf['picture_ext']))
[2]	63	{
[5021]	64	array_push( $result['error'], l10n('the picture must be to the fileformat jpg, gif or png') );
[2]	65	return $result;
	66	}
	67	if ( !isset( $_FILES['picture'] ) )
	68	{
	69	// do we even have a file?
[19]	70	array_push( $result['error'], "You did not upload anything!" );
[2]	71	}
	72	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
	73	{
[19]	74	array_push( $result['error'],
[5292]	75	l10n('the filesize of the picture must not exceed :').$my_max_file_size.' KB' );
[2]	76	}
	77	else
	78	{
	79	// check if we are allowed to upload this file_type
	80	// upload de la photo sous un nom temporaire
	81	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
	82	{
[5021]	83	array_push( $result['error'], l10n('can\'t upload the picture on the server') );
[2]	84	}
	85	else
	86	{
	87	$size = getimagesize( $temp_name );
	88	if ( isset( $image_max_width )
[10]	89	and $image_max_width != ""
	90	and $size[0] > $image_max_width )
[2]	91	{
[19]	92	array_push( $result['error'],
[5292]	93	l10n('the width of the picture must not exceed :').$image_max_width.' px' );
[2]	94	}
	95	if ( isset( $image_max_height )
[10]	96	and $image_max_height != ""
	97	and $size[1] > $image_max_height )
[2]	98	{
[19]	99	array_push( $result['error'],
[5292]	100	l10n('the height of the picture must not exceed :').$image_max_height.' px' );
[2]	101	}
	102	// $size[2] == 1 means GIF
	103	// $size[2] == 2 means JPG
	104	// $size[2] == 3 means PNG
[19]	105	switch ( $size[2] )
[2]	106	{
[19]	107	case 1 : $result['type'] = 'gif'; break;
	108	case 2 : $result['type'] = 'jpg'; break;
	109	case 3 : $result['type'] = 'png'; break;
	110	default :
[5021]	111	array_push( $result['error'], l10n('the picture must be to the fileformat jpg, gif or png') );
[2]	112	}
	113	}
	114	}
	115	if ( sizeof( $result['error'] ) > 0 )
	116	{
	117	// destruction de l'image avec le nom temporaire
	118	@unlink( $temp_name );
	119	}
[345]	120	else
	121	{
[587]	122	@chmod( $temp_name, 0644);
[345]	123	}
[1631]	124
	125	//------------------------------------------------------------ log informations
[1843]	126	pwg_log();
[1631]	127
[2]	128	return $result;
[1631]	129	}
[345]	130
[2]	131	//-------------------------------------------------- access authorization check
[2325]	132	if (isset($_POST['category']) and is_numeric($_POST['category']))
	133	{
	134	$page['category'] = $_POST['category'];
	135	}
	136	else
[2033]	137	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
[2]	138	{
[1843]	139	$page['category'] = $_GET['cat'];
[1036]	140	}
[2325]	141	else
	142	{
	143	$page['category'] = null;
	144	}
[1036]	145
[2325]	146	if (! empty($page['category']))
[1036]	147	{
[2325]	148	check_restrictions($page['category']);
	149	$category = get_cat_info($page['category']);
	150	$category['cat_dir'] = get_complete_dir($page['category']);
[2265]	151
[1861]	152	if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
[667]	153	{
[2265]	154	page_forbidden('upload not allowed');
[667]	155	}
[2]	156	}
[2325]	157	else
	158	{
	159	if (isset($_POST['submit']))
	160	{
	161	// $page['category'] may be set by a futur plugin but without it
	162	bad_request('invalid parameters');
	163	}
	164	else
	165	{
	166	$category = null;
	167	}
[2033]	168	}
[10]	169
[2]	170	$error = array();
	171	$page['upload_successful'] = false;
	172	if ( isset( $_GET['waiting_id'] ) )
	173	{
	174	$page['waiting_id'] = $_GET['waiting_id'];
	175	}
[2325]	176
[2]	177	//-------------------------------------------------------------- picture upload
[26]	178	// verfying fields
[10]	179	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
[2]	180	{
[1861]	181	$path = $category['cat_dir'].$_FILES['picture']['name'];
[2]	182	if ( @is_file( $path ) )
	183	{
[5021]	184	array_push( $error, l10n('A picture\'s name already used') );
[2]	185	}
	186	// test de la présence des champs obligatoires
[369]	187	if ( empty($_FILES['picture']['name']))
[2]	188	{
[5021]	189	array_push( $error, l10n('You must choose a picture fileformat for the image') );
[2]	190	}
[3747]	191	if ( !preg_match( '/([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)/',
[2]	192	$_POST['mail_address'] ) )
	193	{
[5021]	194	array_push( $error, l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)') );
[2]	195	}
[369]	196	if ( empty($_POST['username']) )
[2]	197	{
[5021]	198	array_push( $error, l10n('the username must be given') );
[2]	199	}
[2265]	200
[345]	201	$date_creation = '';
[369]	202	if ( !empty($_POST['date_creation']) )
[26]	203	{
	204	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
	205	// int checkdate ( int month, int day, int year)
[488]	206	if (checkdate($month, $day, $year))
[26]	207	{
[488]	208	$date_creation = $year.'-'.$month.'-'.$day;
[26]	209	}
	210	else
	211	{
[5021]	212	array_push( $error, l10n('wrong date') );
[26]	213	}
	214	}
	215	// creation of the "infos" field :
	216	// <infos author="Pierrick LE GALL" comment="my comment"
[488]	217	// date_creation="2004-08-14" name="" />
[2485]	218	$xml_infos = '<infos ';
[1058]	219	$xml_infos.= encodeAttribute('author', $_POST['author']);
	220	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
	221	$xml_infos.= encodeAttribute('date_creation', $date_creation);
	222	$xml_infos.= encodeAttribute('name', $_POST['name']);
[26]	223	$xml_infos.= ' />';
[345]	224
	225	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
	226	{
[5021]	227	array_push( $error, l10n('wrong filename') );
[345]	228	}
[2265]	229
[2]	230	if ( sizeof( $error ) == 0 )
	231	{
	232	$result = validate_upload( $path, $conf['upload_maxfilesize'],
	233	$conf['upload_maxwidth'],
	234	$conf['upload_maxheight'] );
	235	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
	236	{
[26]	237	array_push( $error, $result['error'][$j] );
[2]	238	}
	239	}
	240
	241	if ( sizeof( $error ) == 0 )
	242	{
[369]	243	$query = 'insert into '.WAITING_TABLE;
[61]	244	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
	245	$query.= ' values ';
[1843]	246	$query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
[2]	247	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
[26]	248	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
[2]	249	$query.= ';';
[587]	250	pwg_query( $query );
[4892]	251	$page['waiting_id'] = pwg_db_insert_id(WAITING_TABLE);
[1901]	252
	253	if ($conf['email_admin_on_picture_uploaded'])
	254	{
	255	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
	256
[1915]	257	$waiting_url = get_absolute_root_url().'admin.php?page=upload';
[1901]	258
[1908]	259	$keyargs_content = array
	260	(
	261	get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
	262	get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
	263	get_l10n_args('User: %s', $_POST['username']),
	264	get_l10n_args('Email: %s', $_POST['mail_address']),
	265	get_l10n_args('Picture name: %s', $_POST['name']),
	266	get_l10n_args('Author: %s', $_POST['author']),
	267	get_l10n_args('Creation date: %s', $_POST['date_creation']),
	268	get_l10n_args('Comment: %s', $_POST['comment']),
	269	get_l10n_args('', ''),
	270	get_l10n_args('Waiting page: %s', $waiting_url)
	271	);
[1901]	272
[1908]	273	pwg_mail_notification_admins
[1901]	274	(
[1908]	275	get_l10n_args('Picture uploaded by %s', $_POST['username']),
	276	$keyargs_content
[1901]	277	);
	278	}
[2]	279	}
	280	}
[369]	281
[2]	282	//------------------------------------------------------------ thumbnail upload
[10]	283	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
[2]	284	{
	285	// upload of the thumbnail
	286	$query = 'select file';
[369]	287	$query.= ' from '.WAITING_TABLE;
[2]	288	$query.= ' where id = '.$_GET['waiting_id'];
	289	$query.= ';';
[587]	290	$result= pwg_query( $query );
[4325]	291	$row = pwg_db_fetch_assoc( $result );
[2]	292	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
	293	$extension = get_extension( $_FILES['picture']['name'] );
[1631]	294
[1861]	295	if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
[2]	296	{
[1631]	297	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
	298	$result = validate_upload( $path, $conf['upload_maxfilesize'],
	299	$conf['upload_maxwidth_thumbnail'],
	300	$conf['upload_maxheight_thumbnail'] );
	301	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
	302	{
	303	array_push( $error, $result['error'][$j] );
	304	}
[2]	305	}
[1631]	306
[2]	307	if ( sizeof( $error ) == 0 )
	308	{
[369]	309	$query = 'update '.WAITING_TABLE;
[2]	310	$query.= " set tn_ext = '".$extension."'";
	311	$query.= ' where id = '.$_GET['waiting_id'];
	312	$query.= ';';
[587]	313	pwg_query( $query );
[2]	314	$page['upload_successful'] = true;
	315	}
	316	}
	317
[369]	318	//
	319	// Start output of page
	320	//
[5021]	321	$title= l10n('Upload a picture');
[1631]	322	$page['body_id'] = 'theUploadPage';
[369]	323	include(PHPWG_ROOT_PATH.'include/page_header.php');
	324	$template->set_filenames(array('upload'=>'upload.tpl'));
	325
[2325]	326	// Load category list
	327	$query = '
	328	SELECT
	329	id, name, uppercats, global_rank
	330	FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_CACHE_CATEGORIES_TABLE.'
	331	ON id = cat_id and user_id = '.$user['id'].'
	332	WHERE
	333	uploadable = \'true\'
	334	'.get_sql_condition_FandF
	335	(
	336	array
	337	(
	338	'visible_categories' => 'id',
	339	),
	340	'AND'
	341	).'
	342	;';
	343	display_select_cat_wrapper($query, array($page['category']), 'categories');
	344
[1843]	345	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
[369]	346	if ( isset( $page['waiting_id'] ) )
	347	{
	348	$u_form.= '&waiting_id='.$page['waiting_id'];
	349	}
	350
	351	if ( isset( $page['waiting_id'] ) )
	352	{
[5292]	353	$advise_title = l10n('Optional, but recommended : choose a thumbnail to associate to').' '.$_FILES['picture']['name'];
[369]	354	}
	355	else
	356	{
[2325]	357	$advise_title = l10n('Choose an image');
[369]	358	}
	359
[2265]	360	$template->assign(
[1082]	361	array(
	362	'ADVISE_TITLE' => $advise_title,
[4304]	363	'NAME' => stripslashes($username),
[1082]	364	'EMAIL' => $mail_address,
	365	'NAME_IMG' => $name,
[4304]	366	'AUTHOR_IMG' => stripslashes($author),
[1082]	367	'DATE_IMG' => $date_creation,
	368	'COMMENT_IMG' => $comment,
[1631]	369
[1082]	370	'F_ACTION' => $u_form,
[369]	371
[1861]	372	'U_RETURN' => make_index_url(array('category' => $category)),
[1082]	373	)
	374	);
[2265]	375
	376	$template->assign('errors', $error);
	377	$template->assign('UPLOAD_SUCCESSFUL', $page['upload_successful'] );
	378
[2]	379	if ( !$page['upload_successful'] )
	380	{
	381	//--------------------------------------------------------------------- advises
[369]	382	if ( !empty($conf['upload_maxfilesize']) )
[2]	383	{
[5292]	384	$content = l10n('the filesize of the picture must not exceed :');
[2]	385	$content.= $conf['upload_maxfilesize'].' KB';
[2265]	386	$template->append('advises', $content);
[2]	387	}
[369]	388
[2]	389	if ( isset( $page['waiting_id'] ) )
	390	{
	391	if ( $conf['upload_maxwidth_thumbnail'] != '' )
	392	{
[5292]	393	$content = l10n('the width of the picture must not exceed :');
[2]	394	$content.= $conf['upload_maxwidth_thumbnail'].' px';
[2265]	395	$template->append('advises', $content);
[2]	396	}
	397	if ( $conf['upload_maxheight_thumbnail'] != '' )
	398	{
[5292]	399	$content = l10n('the height of the picture must not exceed :');
[2]	400	$content.= $conf['upload_maxheight_thumbnail'].' px';
[2265]	401	$template->append('advises', $content);
[2]	402	}
	403	}
	404	else
	405	{
	406	if ( $conf['upload_maxwidth'] != '' )
	407	{
[5292]	408	$content = l10n('the width of the picture must not exceed :');
[2]	409	$content.= $conf['upload_maxwidth'].' px';
[2265]	410	$template->append('advises', $content);
[2]	411	}
	412	if ( $conf['upload_maxheight'] != '' )
	413	{
[5292]	414	$content = l10n('the height of the picture must not exceed :');
[2]	415	$content.= $conf['upload_maxheight'].' px';
[2265]	416	$template->append('advises', $content);
[2]	417	}
	418	}
[5021]	419	$template->append('advises', l10n('the picture must be to the fileformat jpg, gif or png'));
[2265]	420
[2]	421	//----------------------------------------- optionnal username and mail address
	422	if ( !isset( $page['waiting_id'] ) )
	423	{
[2265]	424	$template->assign('SHOW_FORM_FIELDS', true);
[2]	425	}
	426	}
[1631]	427
[2]	428	//----------------------------------------------------------- html code display
[688]	429	$template->parse('upload');
[369]	430	include(PHPWG_ROOT_PATH.'include/page_tail.php');
[362]	431	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: