Context Navigation

source: trunk/upload.php @ 4461

Last change on this file since 4461 was 4325, checked in by nikrou, 15 years ago

Feature 1244 resolved
Replace all mysql functions in core code by ones independant of database engine

Fix small php code synxtax : hash must be accessed with [ ] and not { }.

Property svn:eol-style set to LF

File size: 14.1 KB

Rev	Line
[2]	1	<?php
[354]	2	// +-----------------------------------------------------------------------+
[2297]	3	// \| Piwigo - a PHP based picture gallery \|
	4	// +-----------------------------------------------------------------------+
[3049]	5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[2325]	23
[364]	24	define('PHPWG_ROOT_PATH','./');
[345]	25
[2325]	26	// +-----------------------------------------------------------------------+
	27	// \| Includes \|
	28	// +-----------------------------------------------------------------------+
	29	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
[1850]	30
[2325]	31	// +-----------------------------------------------------------------------+
	32	// \| Check Access and exit when user status is not ok \|
	33	// +-----------------------------------------------------------------------+
	34	check_status($conf['upload_user_access']);
[1631]	35
[2325]	36	$username = !empty($_POST['username']) ? $_POST['username']:(is_classic_user() ? $user['username'] : '');
	37	$mail_address = !empty($_POST['mail_address']) ? $_POST['mail_address'] : (is_classic_user() ? $user['email'] : '');
	38	$name = !empty($_POST['name']) ? $_POST['name'] : '';
	39	$author = !empty($_POST['author']) ? $_POST['author'] : (is_classic_user() ? $user['username'] : '');
	40	$date_creation = !empty($_POST['date_creation']) ? $_POST['date_creation'] : '';
	41	$comment = !empty($_POST['comment']) ? $_POST['comment'] : '';
	42
[10]	43	//------------------------------------------------------------------- functions
[2]	44	// The validate_upload function checks if the image of the given path is valid.
	45	// A picture is valid when :
	46	// - width, height and filesize are not higher than the maximum
	47	// filesize authorized by the administrator
	48	// - the type of the picture is among jpg, gif and png
	49	// The function returns an array containing :
	50	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
	51	// - $result['error'] contains an array with the different errors
	52	// found with the picture
	53	function validate_upload( $temp_name, $my_max_file_size,
	54	$image_max_width, $image_max_height )
	55	{
[1631]	56	global $conf, $lang, $page, $mail_address;
	57
[2]	58	$result = array();
	59	$result['error'] = array();
[3747]	60	//echo $_FILES['picture']['name']."<br />".$temp_name;
[2]	61	$extension = get_extension( $_FILES['picture']['name'] );
[585]	62	if (!in_array($extension, $conf['picture_ext']))
[2]	63	{
[1631]	64	array_push( $result['error'], l10n('upload_advise_filetype') );
[2]	65	return $result;
	66	}
	67	if ( !isset( $_FILES['picture'] ) )
	68	{
	69	// do we even have a file?
[19]	70	array_push( $result['error'], "You did not upload anything!" );
[2]	71	}
	72	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
	73	{
[19]	74	array_push( $result['error'],
[1631]	75	l10n('upload_advise_filesize').$my_max_file_size.' KB' );
[2]	76	}
	77	else
	78	{
	79	// check if we are allowed to upload this file_type
	80	// upload de la photo sous un nom temporaire
	81	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
	82	{
[1631]	83	array_push( $result['error'], l10n('upload_cannot_upload') );
[2]	84	}
	85	else
	86	{
	87	$size = getimagesize( $temp_name );
	88	if ( isset( $image_max_width )
[10]	89	and $image_max_width != ""
	90	and $size[0] > $image_max_width )
[2]	91	{
[19]	92	array_push( $result['error'],
[1631]	93	l10n('upload_advise_width').$image_max_width.' px' );
[2]	94	}
	95	if ( isset( $image_max_height )
[10]	96	and $image_max_height != ""
	97	and $size[1] > $image_max_height )
[2]	98	{
[19]	99	array_push( $result['error'],
[1631]	100	l10n('upload_advise_height').$image_max_height.' px' );
[2]	101	}
	102	// $size[2] == 1 means GIF
	103	// $size[2] == 2 means JPG
	104	// $size[2] == 3 means PNG
[19]	105	switch ( $size[2] )
[2]	106	{
[19]	107	case 1 : $result['type'] = 'gif'; break;
	108	case 2 : $result['type'] = 'jpg'; break;
	109	case 3 : $result['type'] = 'png'; break;
	110	default :
[2265]	111	array_push( $result['error'], l10n('upload_advise_filetype') );
[2]	112	}
	113	}
	114	}
	115	if ( sizeof( $result['error'] ) > 0 )
	116	{
	117	// destruction de l'image avec le nom temporaire
	118	@unlink( $temp_name );
	119	}
[345]	120	else
	121	{
[587]	122	@chmod( $temp_name, 0644);
[345]	123	}
[1631]	124
	125	//------------------------------------------------------------ log informations
[1843]	126	pwg_log();
[1631]	127
[2]	128	return $result;
[1631]	129	}
[345]	130
[2]	131	//-------------------------------------------------- access authorization check
[2325]	132	if (isset($_POST['category']) and is_numeric($_POST['category']))
	133	{
	134	$page['category'] = $_POST['category'];
	135	}
	136	else
[2033]	137	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
[2]	138	{
[1843]	139	$page['category'] = $_GET['cat'];
[1036]	140	}
[2325]	141	else
	142	{
	143	$page['category'] = null;
	144	}
[1036]	145
[2325]	146	if (! empty($page['category']))
[1036]	147	{
[2325]	148	check_restrictions($page['category']);
	149	$category = get_cat_info($page['category']);
	150	$category['cat_dir'] = get_complete_dir($page['category']);
[2265]	151
[1861]	152	if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
[667]	153	{
[2265]	154	page_forbidden('upload not allowed');
[667]	155	}
[2]	156	}
[2325]	157	else
	158	{
	159	if (isset($_POST['submit']))
	160	{
	161	// $page['category'] may be set by a futur plugin but without it
	162	bad_request('invalid parameters');
	163	}
	164	else
	165	{
	166	$category = null;
	167	}
[2033]	168	}
[10]	169
[2]	170	$error = array();
	171	$page['upload_successful'] = false;
	172	if ( isset( $_GET['waiting_id'] ) )
	173	{
	174	$page['waiting_id'] = $_GET['waiting_id'];
	175	}
[2325]	176
[2]	177	//-------------------------------------------------------------- picture upload
[26]	178	// verfying fields
[10]	179	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
[2]	180	{
[1861]	181	$path = $category['cat_dir'].$_FILES['picture']['name'];
[2]	182	if ( @is_file( $path ) )
	183	{
[1631]	184	array_push( $error, l10n('upload_file_exists') );
[2]	185	}
	186	// test de la présence des champs obligatoires
[369]	187	if ( empty($_FILES['picture']['name']))
[2]	188	{
[1631]	189	array_push( $error, l10n('upload_filenotfound') );
[2]	190	}
[3747]	191	if ( !preg_match( '/([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)/',
[2]	192	$_POST['mail_address'] ) )
	193	{
[1631]	194	array_push( $error, l10n('reg_err_mail_address') );
[2]	195	}
[369]	196	if ( empty($_POST['username']) )
[2]	197	{
[1631]	198	array_push( $error, l10n('upload_err_username') );
[2]	199	}
[2265]	200
[345]	201	$date_creation = '';
[369]	202	if ( !empty($_POST['date_creation']) )
[26]	203	{
	204	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
	205	// int checkdate ( int month, int day, int year)
[488]	206	if (checkdate($month, $day, $year))
[26]	207	{
[488]	208	$date_creation = $year.'-'.$month.'-'.$day;
[26]	209	}
	210	else
	211	{
[1631]	212	array_push( $error, l10n('err_date') );
[26]	213	}
	214	}
	215	// creation of the "infos" field :
	216	// <infos author="Pierrick LE GALL" comment="my comment"
[488]	217	// date_creation="2004-08-14" name="" />
[2485]	218	$xml_infos = '<infos ';
[1058]	219	$xml_infos.= encodeAttribute('author', $_POST['author']);
	220	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
	221	$xml_infos.= encodeAttribute('date_creation', $date_creation);
	222	$xml_infos.= encodeAttribute('name', $_POST['name']);
[26]	223	$xml_infos.= ' />';
[345]	224
	225	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
	226	{
[1631]	227	array_push( $error, l10n('update_wrong_dirname') );
[345]	228	}
[2265]	229
[2]	230	if ( sizeof( $error ) == 0 )
	231	{
	232	$result = validate_upload( $path, $conf['upload_maxfilesize'],
	233	$conf['upload_maxwidth'],
	234	$conf['upload_maxheight'] );
	235	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
	236	{
[26]	237	array_push( $error, $result['error'][$j] );
[2]	238	}
	239	}
	240
	241	if ( sizeof( $error ) == 0 )
	242	{
[369]	243	$query = 'insert into '.WAITING_TABLE;
[61]	244	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
	245	$query.= ' values ';
[1843]	246	$query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
[2]	247	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
[26]	248	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
[2]	249	$query.= ';';
[587]	250	pwg_query( $query );
[4325]	251	$page['waiting_id'] = pwg_db_insert_id();
[1901]	252
	253	if ($conf['email_admin_on_picture_uploaded'])
	254	{
	255	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
	256
[1915]	257	$waiting_url = get_absolute_root_url().'admin.php?page=upload';
[1901]	258
[1908]	259	$keyargs_content = array
	260	(
	261	get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
	262	get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
	263	get_l10n_args('User: %s', $_POST['username']),
	264	get_l10n_args('Email: %s', $_POST['mail_address']),
	265	get_l10n_args('Picture name: %s', $_POST['name']),
	266	get_l10n_args('Author: %s', $_POST['author']),
	267	get_l10n_args('Creation date: %s', $_POST['date_creation']),
	268	get_l10n_args('Comment: %s', $_POST['comment']),
	269	get_l10n_args('', ''),
	270	get_l10n_args('Waiting page: %s', $waiting_url)
	271	);
[1901]	272
[1908]	273	pwg_mail_notification_admins
[1901]	274	(
[1908]	275	get_l10n_args('Picture uploaded by %s', $_POST['username']),
	276	$keyargs_content
[1901]	277	);
	278	}
[2]	279	}
	280	}
[369]	281
[2]	282	//------------------------------------------------------------ thumbnail upload
[10]	283	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
[2]	284	{
	285	// upload of the thumbnail
	286	$query = 'select file';
[369]	287	$query.= ' from '.WAITING_TABLE;
[2]	288	$query.= ' where id = '.$_GET['waiting_id'];
	289	$query.= ';';
[587]	290	$result= pwg_query( $query );
[4325]	291	$row = pwg_db_fetch_assoc( $result );
[2]	292	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
	293	$extension = get_extension( $_FILES['picture']['name'] );
[1631]	294
[1861]	295	if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
[2]	296	{
[1631]	297	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
	298	$result = validate_upload( $path, $conf['upload_maxfilesize'],
	299	$conf['upload_maxwidth_thumbnail'],
	300	$conf['upload_maxheight_thumbnail'] );
	301	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
	302	{
	303	array_push( $error, $result['error'][$j] );
	304	}
[2]	305	}
[1631]	306
[2]	307	if ( sizeof( $error ) == 0 )
	308	{
[369]	309	$query = 'update '.WAITING_TABLE;
[2]	310	$query.= " set tn_ext = '".$extension."'";
	311	$query.= ' where id = '.$_GET['waiting_id'];
	312	$query.= ';';
[587]	313	pwg_query( $query );
[2]	314	$page['upload_successful'] = true;
	315	}
	316	}
	317
[369]	318	//
	319	// Start output of page
	320	//
[1631]	321	$title= l10n('upload_title');
	322	$page['body_id'] = 'theUploadPage';
[369]	323	include(PHPWG_ROOT_PATH.'include/page_header.php');
	324	$template->set_filenames(array('upload'=>'upload.tpl'));
	325
[2325]	326	// Load category list
	327	$query = '
	328	SELECT
	329	id, name, uppercats, global_rank
	330	FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_CACHE_CATEGORIES_TABLE.'
	331	ON id = cat_id and user_id = '.$user['id'].'
	332	WHERE
	333	uploadable = \'true\'
	334	'.get_sql_condition_FandF
	335	(
	336	array
	337	(
	338	'visible_categories' => 'id',
	339	),
	340	'AND'
	341	).'
	342	;';
	343	display_select_cat_wrapper($query, array($page['category']), 'categories');
	344
[1843]	345	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
[369]	346	if ( isset( $page['waiting_id'] ) )
	347	{
	348	$u_form.= '&waiting_id='.$page['waiting_id'];
	349	}
	350
	351	if ( isset( $page['waiting_id'] ) )
	352	{
[2325]	353	$advise_title = l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
[369]	354	}
	355	else
	356	{
[2325]	357	$advise_title = l10n('Choose an image');
[369]	358	}
	359
[2265]	360	$template->assign(
[1082]	361	array(
	362	'ADVISE_TITLE' => $advise_title,
[4304]	363	'NAME' => stripslashes($username),
[1082]	364	'EMAIL' => $mail_address,
	365	'NAME_IMG' => $name,
[4304]	366	'AUTHOR_IMG' => stripslashes($author),
[1082]	367	'DATE_IMG' => $date_creation,
	368	'COMMENT_IMG' => $comment,
[1631]	369
[1082]	370	'F_ACTION' => $u_form,
[369]	371
[1861]	372	'U_RETURN' => make_index_url(array('category' => $category)),
[1082]	373	)
	374	);
[2265]	375
	376	$template->assign('errors', $error);
	377	$template->assign('UPLOAD_SUCCESSFUL', $page['upload_successful'] );
	378
[2]	379	if ( !$page['upload_successful'] )
	380	{
	381	//--------------------------------------------------------------------- advises
[369]	382	if ( !empty($conf['upload_maxfilesize']) )
[2]	383	{
[1631]	384	$content = l10n('upload_advise_filesize');
[2]	385	$content.= $conf['upload_maxfilesize'].' KB';
[2265]	386	$template->append('advises', $content);
[2]	387	}
[369]	388
[2]	389	if ( isset( $page['waiting_id'] ) )
	390	{
	391	if ( $conf['upload_maxwidth_thumbnail'] != '' )
	392	{
[1631]	393	$content = l10n('upload_advise_width');
[2]	394	$content.= $conf['upload_maxwidth_thumbnail'].' px';
[2265]	395	$template->append('advises', $content);
[2]	396	}
	397	if ( $conf['upload_maxheight_thumbnail'] != '' )
	398	{
[1631]	399	$content = l10n('upload_advise_height');
[2]	400	$content.= $conf['upload_maxheight_thumbnail'].' px';
[2265]	401	$template->append('advises', $content);
[2]	402	}
	403	}
	404	else
	405	{
	406	if ( $conf['upload_maxwidth'] != '' )
	407	{
[1631]	408	$content = l10n('upload_advise_width');
[2]	409	$content.= $conf['upload_maxwidth'].' px';
[2265]	410	$template->append('advises', $content);
[2]	411	}
	412	if ( $conf['upload_maxheight'] != '' )
	413	{
[1631]	414	$content = l10n('upload_advise_height');
[2]	415	$content.= $conf['upload_maxheight'].' px';
[2265]	416	$template->append('advises', $content);
[2]	417	}
	418	}
[2265]	419	$template->append('advises', l10n('upload_advise_filetype'));
	420
[2]	421	//----------------------------------------- optionnal username and mail address
	422	if ( !isset( $page['waiting_id'] ) )
	423	{
[2265]	424	$template->assign('SHOW_FORM_FIELDS', true);
[2]	425	}
	426	}
[1631]	427
[2]	428	//----------------------------------------------------------- html code display
[688]	429	$template->parse('upload');
[369]	430	include(PHPWG_ROOT_PATH.'include/page_tail.php');
[362]	431	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: