Context Navigation

source: trunk/upload.php @ 1222

Last change on this file since 1222 was 1082, checked in by plg, 18 years ago

new: cleaner URL. Instead of category.php?cat=search&search=123&start=42,
you now have category.php?/search/123/start-42. Functions make_index_url and
make_picture_url build these new URLs. Functions duplicate_picture_url and
duplicate_index_url provide shortcuts to URL creation. The current main page
page is still category.php but this can be modified easily in make_index_url
function. In this first version, no backward compatibility. Calendar
definition in URL must be discussed with rvelices.

improvement: picture.php redesigned. First actions like "set as
representative" or "delete a comment" which all lead to a redirection. Then
the page (the big mess) and includes of new sub pages to manage specific
parts of the page (metadata, user comments, rates).

new: with the cleaner URL comes a new terminology. $pagecat doesn't
exist anymore. $pagesection is among 'categories', 'tags' (TODO),
'list', 'most_seen'... And sub parameters are set : $pagecategory if
$pagesection is "categories". See URL analyse in
include/section_init.inc.php for details.

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 13.0 KB

Rev	Line
[2]	1	<?php
[354]	2	// +-----------------------------------------------------------------------+
[593]	3	// \| PhpWebGallery - a PHP based picture gallery \|
	4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
[1058]	5	// \| Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net \|
[354]	6	// +-----------------------------------------------------------------------+
[593]	7	// \| branch : BSF (Best So Far)
[354]	8	// \| file : $RCSfile$
	9	// \| last update : $Date: 2006-03-15 22:44:35 +0000 (Wed, 15 Mar 2006) $
	10	// \| last modifier : $Author: plg $
	11	// \| revision : $Revision: 1082 $
	12	// +-----------------------------------------------------------------------+
	13	// \| This program is free software; you can redistribute it and/or modify \|
	14	// \| it under the terms of the GNU General Public License as published by \|
	15	// \| the Free Software Foundation \|
	16	// \| \|
	17	// \| This program is distributed in the hope that it will be useful, but \|
	18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	20	// \| General Public License for more details. \|
	21	// \| \|
	22	// \| You should have received a copy of the GNU General Public License \|
	23	// \| along with this program; if not, write to the Free Software \|
	24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	25	// \| USA. \|
	26	// +-----------------------------------------------------------------------+
[364]	27	define('PHPWG_ROOT_PATH','./');
	28	include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
[345]	29
[10]	30	//------------------------------------------------------------------- functions
[2]	31	// The validate_upload function checks if the image of the given path is valid.
	32	// A picture is valid when :
	33	// - width, height and filesize are not higher than the maximum
	34	// filesize authorized by the administrator
	35	// - the type of the picture is among jpg, gif and png
	36	// The function returns an array containing :
	37	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
	38	// - $result['error'] contains an array with the different errors
	39	// found with the picture
	40	function validate_upload( $temp_name, $my_max_file_size,
	41	$image_max_width, $image_max_height )
	42	{
[585]	43	global $conf, $lang;
[2]	44
	45	$result = array();
	46	$result['error'] = array();
	47	//echo $_FILES['picture']['name']."<br />".$temp_name;
	48	$extension = get_extension( $_FILES['picture']['name'] );
[585]	49	if (!in_array($extension, $conf['picture_ext']))
[2]	50	{
[19]	51	array_push( $result['error'], $lang['upload_advise_filetype'] );
[2]	52	return $result;
	53	}
	54	if ( !isset( $_FILES['picture'] ) )
	55	{
	56	// do we even have a file?
[19]	57	array_push( $result['error'], "You did not upload anything!" );
[2]	58	}
	59	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
	60	{
[19]	61	array_push( $result['error'],
[585]	62	$lang['upload_advise_filesize'].$my_max_file_size.' KB' );
[2]	63	}
	64	else
	65	{
	66	// check if we are allowed to upload this file_type
	67	// upload de la photo sous un nom temporaire
	68	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
	69	{
[19]	70	array_push( $result['error'], $lang['upload_cannot_upload'] );
[2]	71	}
	72	else
	73	{
	74	$size = getimagesize( $temp_name );
	75	if ( isset( $image_max_width )
[10]	76	and $image_max_width != ""
	77	and $size[0] > $image_max_width )
[2]	78	{
[19]	79	array_push( $result['error'],
	80	$lang['upload_advise_width'].$image_max_width.' px' );
[2]	81	}
	82	if ( isset( $image_max_height )
[10]	83	and $image_max_height != ""
	84	and $size[1] > $image_max_height )
[2]	85	{
[19]	86	array_push( $result['error'],
	87	$lang['upload_advise_height'].$image_max_height.' px' );
[2]	88	}
	89	// $size[2] == 1 means GIF
	90	// $size[2] == 2 means JPG
	91	// $size[2] == 3 means PNG
[19]	92	switch ( $size[2] )
[2]	93	{
[19]	94	case 1 : $result['type'] = 'gif'; break;
	95	case 2 : $result['type'] = 'jpg'; break;
	96	case 3 : $result['type'] = 'png'; break;
	97	default :
	98	array_push( $result['error'], $lang['upload_advise_filetype'] );
[2]	99	}
	100	}
	101	}
	102	if ( sizeof( $result['error'] ) > 0 )
	103	{
	104	// destruction de l'image avec le nom temporaire
	105	@unlink( $temp_name );
	106	}
[345]	107	else
	108	{
[587]	109	@chmod( $temp_name, 0644);
[345]	110	}
[2]	111	return $result;
	112	}
[345]	113
[2]	114	//-------------------------------------------------- access authorization check
[1036]	115	if (is_numeric($_GET['cat']))
[2]	116	{
[1036]	117	$page['cat'] = $_GET['cat'];
	118	}
	119
	120	if (isset($page['cat']))
	121	{
[2]	122	check_restrictions( $page['cat'] );
	123	$result = get_cat_info( $page['cat'] );
[82]	124	$page['cat_dir'] = get_complete_dir( $page['cat'] );
[38]	125	$page['cat_site_id'] = $result['site_id'];
	126	$page['cat_name'] = $result['name'];
	127	$page['cat_uploadable'] = $result['uploadable'];
[1082]	128
	129	if (url_is_remote($page['cat_dir']) or !$page['cat_uploadable'])
[667]	130	{
[1082]	131	die('Fatal: you take a wrong way, bye bye');
[667]	132	}
[2]	133	}
[10]	134
[2]	135	$error = array();
	136	$page['upload_successful'] = false;
	137	if ( isset( $_GET['waiting_id'] ) )
	138	{
	139	$page['waiting_id'] = $_GET['waiting_id'];
	140	}
	141	//-------------------------------------------------------------- picture upload
[26]	142	// verfying fields
[10]	143	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
[2]	144	{
	145	$path = $page['cat_dir'].$_FILES['picture']['name'];
	146	if ( @is_file( $path ) )
	147	{
[26]	148	array_push( $error, $lang['upload_file_exists'] );
[2]	149	}
	150	// test de la présence des champs obligatoires
[369]	151	if ( empty($_FILES['picture']['name']))
[2]	152	{
[26]	153	array_push( $error, $lang['upload_filenotfound'] );
[2]	154	}
	155	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
	156	$_POST['mail_address'] ) )
	157	{
[26]	158	array_push( $error, $lang['reg_err_mail_address'] );
[2]	159	}
[369]	160	if ( empty($_POST['username']) )
[2]	161	{
[26]	162	array_push( $error, $lang['upload_err_username'] );
[2]	163	}
[345]	164
	165	$date_creation = '';
[369]	166	if ( !empty($_POST['date_creation']) )
[26]	167	{
	168	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
	169	// int checkdate ( int month, int day, int year)
[488]	170	if (checkdate($month, $day, $year))
[26]	171	{
[488]	172	$date_creation = $year.'-'.$month.'-'.$day;
[26]	173	}
	174	else
	175	{
	176	array_push( $error, $lang['err_date'] );
	177	}
	178	}
	179	// creation of the "infos" field :
	180	// <infos author="Pierrick LE GALL" comment="my comment"
[488]	181	// date_creation="2004-08-14" name="" />
[26]	182	$xml_infos = '<infos';
[1058]	183	$xml_infos.= encodeAttribute('author', $_POST['author']);
	184	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
	185	$xml_infos.= encodeAttribute('date_creation', $date_creation);
	186	$xml_infos.= encodeAttribute('name', $_POST['name']);
[26]	187	$xml_infos.= ' />';
[345]	188
	189	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
	190	{
	191	array_push( $error, $lang['update_wrong_dirname'] );
	192	}
[26]	193
[2]	194	if ( sizeof( $error ) == 0 )
	195	{
	196	$result = validate_upload( $path, $conf['upload_maxfilesize'],
	197	$conf['upload_maxwidth'],
	198	$conf['upload_maxheight'] );
	199	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
	200	{
[26]	201	array_push( $error, $result['error'][$j] );
[2]	202	}
	203	}
	204
	205	if ( sizeof( $error ) == 0 )
	206	{
[369]	207	$query = 'insert into '.WAITING_TABLE;
[61]	208	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
	209	$query.= ' values ';
	210	$query.= '('.$page['cat'].",'".$_FILES['picture']['name']."'";
[2]	211	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
[26]	212	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
[2]	213	$query.= ';';
[587]	214	pwg_query( $query );
[2]	215	$page['waiting_id'] = mysql_insert_id();
	216	}
	217	}
[369]	218
[2]	219	//------------------------------------------------------------ thumbnail upload
[10]	220	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
[2]	221	{
	222	// upload of the thumbnail
	223	$query = 'select file';
[369]	224	$query.= ' from '.WAITING_TABLE;
[2]	225	$query.= ' where id = '.$_GET['waiting_id'];
	226	$query.= ';';
[587]	227	$result= pwg_query( $query );
[2]	228	$row = mysql_fetch_array( $result );
	229	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
	230	$extension = get_extension( $_FILES['picture']['name'] );
	231	$path = $page['cat_dir'].'thumbnail/';
[20]	232	$path.= $conf['prefix_thumbnail'].$file.'.'.$extension;
[2]	233	$result = validate_upload( $path, $conf['upload_maxfilesize'],
	234	$conf['upload_maxwidth_thumbnail'],
	235	$conf['upload_maxheight_thumbnail'] );
	236	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
	237	{
[26]	238	array_push( $error, $result['error'][$j] );
[2]	239	}
	240	if ( sizeof( $error ) == 0 )
	241	{
[369]	242	$query = 'update '.WAITING_TABLE;
[2]	243	$query.= " set tn_ext = '".$extension."'";
	244	$query.= ' where id = '.$_GET['waiting_id'];
	245	$query.= ';';
[587]	246	pwg_query( $query );
[2]	247	$page['upload_successful'] = true;
	248	}
	249	}
	250
[369]	251	//
	252	// Start output of page
	253	//
	254	$title= $lang['upload_title'];
	255	include(PHPWG_ROOT_PATH.'include/page_header.php');
	256	$template->set_filenames(array('upload'=>'upload.tpl'));
	257
[520]	258	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['cat'];
[369]	259	if ( isset( $page['waiting_id'] ) )
	260	{
	261	$u_form.= '&waiting_id='.$page['waiting_id'];
	262	}
	263
	264	if ( isset( $page['waiting_id'] ) )
	265	{
	266	$advise_title=$lang['upload_advise_thumbnail'].$_FILES['picture']['name'];
	267	}
	268	else
	269	{
	270	$advise_title = $lang['upload_advise'];
[642]	271	$advise_title.= get_cat_display_name($page['cat_name']);
[369]	272	}
	273
	274	$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
[849]	275	$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
[369]	276	$name = !empty($_POST['name'])?$_POST['name']:'';
	277	$author = !empty($_POST['author'])?$_POST['author']:'';
	278	$date_creation = !empty($_POST['date_creation'])?$_POST['date_creation']:'';
	279	$comment = !empty($_POST['comment'])?$_POST['comment']:'';
	280
[1082]	281	$template->assign_vars(
	282	array(
	283	'ADVISE_TITLE' => $advise_title,
	284	'NAME' => $username,
	285	'EMAIL' => $mail_address,
	286	'NAME_IMG' => $name,
	287	'AUTHOR_IMG' => $author,
	288	'DATE_IMG' => $date_creation,
	289	'COMMENT_IMG' => $comment,
	290
	291	'L_TITLE' => $lang['upload_title'],
	292	'L_USERNAME' => $lang['upload_username'],
	293	'L_EMAIL' => $lang['mail_address'],
	294	'L_NAME_IMG' => $lang['upload_name'],
	295	'L_SUBMIT' => $lang['submit'],
	296	'L_AUTHOR' => $lang['upload_author'],
	297	'L_CREATION_DATE' => $lang['upload_creation_date'],
	298	'L_COMMENT' => $lang['comment'],
	299	'L_RETURN' => $lang['home'],
	300	'L_RETURN_HINT' => $lang['home_hint'],
	301	'L_UPLOAD_DONE' => $lang['upload_successful'],
	302	'L_MANDATORY' => $lang['mandatory'],
	303
	304	'F_ACTION' => $u_form,
[369]	305
[1082]	306	'U_RETURN' => make_index_url(array('category' => $page['cat'])),
	307	)
	308	);
[369]	309
[2]	310	if ( !$page['upload_successful'] )
	311	{
[369]	312	$template->assign_block_vars('upload_not_successful',array());
[2]	313	//-------------------------------------------------------------- errors display
[369]	314	if ( sizeof( $error ) != 0 )
	315	{
	316	$template->assign_block_vars('upload_not_successful.errors',array());
	317	for ( $i = 0; $i < sizeof( $error ); $i++ )
[2]	318	{
[369]	319	$template->assign_block_vars('upload_not_successful.errors.error',array('ERROR'=>$error[$i]));
[2]	320	}
[369]	321	}
	322
[2]	323	//--------------------------------------------------------------------- advises
[369]	324	if ( !empty($conf['upload_maxfilesize']) )
[2]	325	{
	326	$content = $lang['upload_advise_filesize'];
	327	$content.= $conf['upload_maxfilesize'].' KB';
[369]	328	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	329	}
[369]	330
[2]	331	if ( isset( $page['waiting_id'] ) )
	332	{
	333	if ( $conf['upload_maxwidth_thumbnail'] != '' )
	334	{
[369]	335	$content = $lang['upload_advise_width'];
[2]	336	$content.= $conf['upload_maxwidth_thumbnail'].' px';
[369]	337	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	338	}
	339	if ( $conf['upload_maxheight_thumbnail'] != '' )
	340	{
	341	$content = $lang['upload_advise_height'];
	342	$content.= $conf['upload_maxheight_thumbnail'].' px';
[369]	343	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	344	}
	345	}
	346	else
	347	{
	348	if ( $conf['upload_maxwidth'] != '' )
	349	{
	350	$content = $lang['upload_advise_width'];
	351	$content.= $conf['upload_maxwidth'].' px';
[369]	352	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	353	}
	354	if ( $conf['upload_maxheight'] != '' )
	355	{
	356	$content = $lang['upload_advise_height'];
	357	$content.= $conf['upload_maxheight'].' px';
[369]	358	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	359	}
	360	}
[369]	361	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$lang['upload_advise_filetype']));
	362
[2]	363	//----------------------------------------- optionnal username and mail address
	364	if ( !isset( $page['waiting_id'] ) )
	365	{
[369]	366	$template->assign_block_vars('upload_not_successful.fields',array());
	367	$template->assign_block_vars('note',array());
[2]	368	}
	369	}
	370	else
	371	{
[369]	372	$template->assign_block_vars('upload_successful',array());
[2]	373	}
	374	//----------------------------------------------------------- html code display
[688]	375	$template->parse('upload');
[369]	376	include(PHPWG_ROOT_PATH.'include/page_tail.php');
[362]	377	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/upload.php @ 1222

Download in other formats: