source: trunk/upload.php @ 1036

Last change on this file since 1036 was 1036, checked in by plg, 18 years ago

improvement: $pagewhere string replaced by $pageitems.
$pagewhere was an SQL clause used to retrieve pictures in #images
table. $pageitems is the list of picture ids of the current section.

improvement: function initialize_category replaced by dedicated included PHP
script include/section_init.inc.php. Code was refactored to improve
readibility and maintenability. $pagenavigation_bar is now build in
category.php instead of initialize_category function. Function check_cat_id
was also replaced by a piece of code in the new file. The file to include to
display thumbnails from category.php is now set in section_init.inc.php
instead of calculated in category.php.

bug fix: the test for rel="up" link for standard HTML navigation links in
category menu was not working with non numeric categories, such as
"favorites".

improvement: function check_login_authorization removed because useless but
in profile.php.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 13.1 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $RCSfile$
9// | last update   : $Date: 2006-02-12 21:52:16 +0000 (Sun, 12 Feb 2006) $
10// | last modifier : $Author: plg $
11// | revision      : $Revision: 1036 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27define('PHPWG_ROOT_PATH','./');
28include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
29
30//------------------------------------------------------------------- functions
31// The validate_upload function checks if the image of the given path is valid.
32// A picture is valid when :
33//     - width, height and filesize are not higher than the maximum
34//       filesize authorized by the administrator
35//     - the type of the picture is among jpg, gif and png
36// The function returns an array containing :
37//     - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
38//     - $result['error'] contains an array with the different errors
39//       found with the picture
40function validate_upload( $temp_name, $my_max_file_size,
41                          $image_max_width, $image_max_height )
42{
43  global $conf, $lang;
44               
45  $result = array();
46  $result['error'] = array();
47  //echo $_FILES['picture']['name']."<br />".$temp_name;
48  $extension = get_extension( $_FILES['picture']['name'] );
49  if (!in_array($extension, $conf['picture_ext']))
50  {
51    array_push( $result['error'], $lang['upload_advise_filetype'] );
52    return $result;
53  }
54  if ( !isset( $_FILES['picture'] ) )
55  {
56    // do we even have a file?
57    array_push( $result['error'], "You did not upload anything!" );
58  }
59  else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
60  {
61    array_push( $result['error'],
62                $lang['upload_advise_filesize'].$my_max_file_size.' KB' );
63  }
64  else
65  {
66    // check if we are allowed to upload this file_type
67    // upload de la photo sous un nom temporaire
68    if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
69    {
70      array_push( $result['error'], $lang['upload_cannot_upload'] );
71    }
72    else
73    {
74      $size = getimagesize( $temp_name );
75      if ( isset( $image_max_width )
76           and $image_max_width != ""
77           and $size[0] > $image_max_width )
78      {
79        array_push( $result['error'],
80                    $lang['upload_advise_width'].$image_max_width.' px' );
81      }
82      if ( isset( $image_max_height )
83           and $image_max_height != ""
84           and $size[1] > $image_max_height )
85      {
86        array_push( $result['error'],
87                    $lang['upload_advise_height'].$image_max_height.' px' );
88      }
89      // $size[2] == 1 means GIF
90      // $size[2] == 2 means JPG
91      // $size[2] == 3 means PNG
92      switch ( $size[2] )
93      {
94      case 1 : $result['type'] = 'gif'; break;
95      case 2 : $result['type'] = 'jpg'; break;
96      case 3 : $result['type'] = 'png'; break;
97      default :
98        array_push( $result['error'], $lang['upload_advise_filetype'] ); 
99      }
100    }
101  }
102  if ( sizeof( $result['error'] ) > 0 )
103  {
104    // destruction de l'image avec le nom temporaire
105    @unlink( $temp_name );
106  }
107  else
108  {
109    @chmod( $temp_name, 0644);
110  }
111  return $result;
112}       
113
114//-------------------------------------------------- access authorization check
115if (is_numeric($_GET['cat']))
116{
117  $page['cat'] = $_GET['cat'];
118}
119
120if (isset($page['cat']))
121{
122  check_restrictions( $page['cat'] );
123  $result = get_cat_info( $page['cat'] );
124  $page['cat_dir']        = get_complete_dir( $page['cat'] );
125  $page['cat_site_id']    = $result['site_id'];
126  $page['cat_name']       = $result['name'];
127  $page['cat_uploadable'] = $result['uploadable'];
128  if ($page['cat_site_id'] != 1 or !$page['cat_uploadable'])
129  {
130    echo '<div style="text-align:center;">'.$lang['upload_forbidden'].'<br />';
131    echo '<a href="./category.php">';
132    echo $lang['thumbnails'].'</a></div>';
133    exit();
134  }
135}
136
137$error = array();
138$page['upload_successful'] = false;
139if ( isset( $_GET['waiting_id'] ) )
140{
141  $page['waiting_id'] = $_GET['waiting_id'];
142}
143//-------------------------------------------------------------- picture upload
144// verfying fields
145if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
146{
147  $path = $page['cat_dir'].$_FILES['picture']['name'];
148  if ( @is_file( $path ) )
149  {
150    array_push( $error, $lang['upload_file_exists'] );
151  }
152  // test de la présence des champs obligatoires
153  if ( empty($_FILES['picture']['name']))
154  {
155    array_push( $error, $lang['upload_filenotfound'] );
156  }
157  if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
158             $_POST['mail_address'] ) )
159  {
160    array_push( $error, $lang['reg_err_mail_address'] );
161  }
162  if ( empty($_POST['username']) )
163  {
164    array_push( $error, $lang['upload_err_username'] );
165  }
166 
167  $date_creation = '';
168  if ( !empty($_POST['date_creation']) )
169  {
170    list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
171    // int checkdate ( int month, int day, int year)
172    if (checkdate($month, $day, $year))
173    {
174      $date_creation = $year.'-'.$month.'-'.$day;
175    }
176    else
177    {
178      array_push( $error, $lang['err_date'] );
179    }
180  }
181  // creation of the "infos" field :
182  // <infos author="Pierrick LE GALL" comment="my comment"
183  //        date_creation="2004-08-14" name="" />
184  $xml_infos = '<infos';
185  $xml_infos.= ' author="'.htmlspecialchars($_POST['author'],ENT_QUOTES).'"';
186  $xml_infos.= ' comment="'.htmlspecialchars($_POST['comment'],ENT_QUOTES).'"';
187  $xml_infos.= ' date_creation="'.$date_creation.'"';
188  $xml_infos.= ' name="'.htmlspecialchars( $_POST['name'], ENT_QUOTES).'"';
189  $xml_infos.= ' />';
190
191  if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
192  {
193    array_push( $error, $lang['update_wrong_dirname'] );
194  }
195 
196  if ( sizeof( $error ) == 0 )
197  {
198    $result = validate_upload( $path, $conf['upload_maxfilesize'],
199                               $conf['upload_maxwidth'],
200                               $conf['upload_maxheight']  );
201    for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
202    {
203      array_push( $error, $result['error'][$j] );
204    }
205  }
206
207  if ( sizeof( $error ) == 0 )
208  {
209    $query = 'insert into '.WAITING_TABLE;
210    $query.= ' (storage_category_id,file,username,mail_address,date,infos)';
211    $query.= ' values ';
212    $query.= '('.$page['cat'].",'".$_FILES['picture']['name']."'";
213    $query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
214    $query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
215    $query.= ';';
216    pwg_query( $query );
217    $page['waiting_id'] = mysql_insert_id();
218  }
219}
220
221//------------------------------------------------------------ thumbnail upload
222if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
223{
224  // upload of the thumbnail
225  $query = 'select file';
226  $query.= ' from '.WAITING_TABLE;
227  $query.= ' where id = '.$_GET['waiting_id'];
228  $query.= ';';
229  $result= pwg_query( $query );
230  $row = mysql_fetch_array( $result );
231  $file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
232  $extension = get_extension( $_FILES['picture']['name'] );
233  $path = $page['cat_dir'].'thumbnail/';
234  $path.= $conf['prefix_thumbnail'].$file.'.'.$extension;
235  $result = validate_upload( $path, $conf['upload_maxfilesize'],
236                             $conf['upload_maxwidth_thumbnail'],
237                             $conf['upload_maxheight_thumbnail']  );
238  for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
239  {
240    array_push( $error, $result['error'][$j] );
241  }
242  if ( sizeof( $error ) == 0 )
243  {
244    $query = 'update '.WAITING_TABLE;
245    $query.= " set tn_ext = '".$extension."'";
246    $query.= ' where id = '.$_GET['waiting_id'];
247    $query.= ';';
248    pwg_query( $query );
249    $page['upload_successful'] = true;
250  }
251}
252
253//
254// Start output of page
255//
256$title= $lang['upload_title'];
257include(PHPWG_ROOT_PATH.'include/page_header.php');
258$template->set_filenames(array('upload'=>'upload.tpl'));
259
260$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['cat'];
261if ( isset( $page['waiting_id'] ) )
262{
263$u_form.= '&amp;waiting_id='.$page['waiting_id'];
264}
265
266if ( isset( $page['waiting_id'] ) )
267{
268  $advise_title=$lang['upload_advise_thumbnail'].$_FILES['picture']['name'];
269}
270else
271{
272  $advise_title = $lang['upload_advise'];
273  $advise_title.= get_cat_display_name($page['cat_name']);
274}
275
276$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
277$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
278$name = !empty($_POST['name'])?$_POST['name']:'';
279$author = !empty($_POST['author'])?$_POST['author']:'';
280$date_creation = !empty($_POST['date_creation'])?$_POST['date_creation']:'';
281$comment = !empty($_POST['comment'])?$_POST['comment']:'';
282
283$template->assign_vars(array(
284  'ADVISE_TITLE' => $advise_title,
285  'NAME' => $username,
286  'EMAIL' => $mail_address,
287  'NAME_IMG' => $name,
288  'AUTHOR_IMG' => $author,
289  'DATE_IMG' => $date_creation,
290  'COMMENT_IMG' => $comment,
291
292  'L_TITLE' => $lang['upload_title'],
293  'L_USERNAME' => $lang['upload_username'],
294  'L_EMAIL' =>  $lang['mail_address'], 
295  'L_NAME_IMG' =>  $lang['upload_name'], 
296  'L_SUBMIT' =>  $lang['submit'],
297  'L_AUTHOR' =>  $lang['upload_author'], 
298  'L_CREATION_DATE' =>  $lang['upload_creation_date'], 
299  'L_COMMENT' =>  $lang['comment'],
300  'L_RETURN' =>  $lang['home'],
301  'L_RETURN_HINT' =>  $lang['home_hint'],
302  'L_UPLOAD_DONE' =>  $lang['upload_successful'],
303  'L_MANDATORY' =>  $lang['mandatory'],
304       
305  'F_ACTION' => $u_form,
306
307  'U_RETURN' => PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']
308  ));
309 
310if ( !$page['upload_successful'] )
311{
312  $template->assign_block_vars('upload_not_successful',array());
313//-------------------------------------------------------------- errors display
314if ( sizeof( $error ) != 0 )
315{
316  $template->assign_block_vars('upload_not_successful.errors',array());
317  for ( $i = 0; $i < sizeof( $error ); $i++ )
318  {
319    $template->assign_block_vars('upload_not_successful.errors.error',array('ERROR'=>$error[$i]));
320  }
321}
322
323//--------------------------------------------------------------------- advises
324  if ( !empty($conf['upload_maxfilesize']) )
325  {
326    $content = $lang['upload_advise_filesize'];
327    $content.= $conf['upload_maxfilesize'].' KB';
328    $template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
329  }
330
331  if ( isset( $page['waiting_id'] ) )
332  {
333    if ( $conf['upload_maxwidth_thumbnail'] != '' )
334    {
335          $content = $lang['upload_advise_width'];
336      $content.= $conf['upload_maxwidth_thumbnail'].' px';
337          $template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
338    }
339    if ( $conf['upload_maxheight_thumbnail'] != '' )
340    {
341      $content = $lang['upload_advise_height'];
342      $content.= $conf['upload_maxheight_thumbnail'].' px';
343          $template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
344    }
345  }
346  else
347  {
348    if ( $conf['upload_maxwidth'] != '' )
349    {
350      $content = $lang['upload_advise_width'];
351      $content.= $conf['upload_maxwidth'].' px';
352          $template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
353    }
354    if ( $conf['upload_maxheight'] != '' )
355    {
356      $content = $lang['upload_advise_height'];
357      $content.= $conf['upload_maxheight'].' px';
358          $template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
359    }
360  }
361  $template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$lang['upload_advise_filetype']));
362 
363//----------------------------------------- optionnal username and mail address
364  if ( !isset( $page['waiting_id'] ) )
365  {
366    $template->assign_block_vars('upload_not_successful.fields',array());
367        $template->assign_block_vars('note',array());
368  }
369}
370else
371{
372  $template->assign_block_vars('upload_successful',array());
373}
374//----------------------------------------------------------- html code display
375$template->parse('upload');
376include(PHPWG_ROOT_PATH.'include/page_tail.php');
377?>
Note: See TracBrowser for help on using the repository browser.