Context Navigation

source: trunk/upload.php @ 1631

Last change on this file since 1631 was 1631, checked in by rub, 17 years ago
Fixed Issue ID 0000494: Stats do not currently include Uploads Fixed: Error when thumbnail directory not exists Fixed: Apply current translation norme Fixed: Improvement style sheet (like other PWG sheet)
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 12.9 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2006-12-03 22:32:02 +0000 (Sun, 03 Dec 2006) $
10	// \| last modifier : $Author: rub $
11	// \| revision : $Revision: 1631 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27	define('PHPWG_ROOT_PATH','./');
28	include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
29
30	$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
31	$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
32	$name = !empty($_POST['name'])?$_POST['name']:'';
33	$author = !empty($_POST['author'])?$_POST['author']:'';
34	$date_creation = !empty($_POST['date_creation'])?$_POST['date_creation']:'';
35	$comment = !empty($_POST['comment'])?$_POST['comment']:'';
36
37	//------------------------------------------------------------------- functions
38	// The validate_upload function checks if the image of the given path is valid.
39	// A picture is valid when :
40	// - width, height and filesize are not higher than the maximum
41	// filesize authorized by the administrator
42	// - the type of the picture is among jpg, gif and png
43	// The function returns an array containing :
44	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
45	// - $result['error'] contains an array with the different errors
46	// found with the picture
47	function validate_upload( $temp_name, $my_max_file_size,
48	$image_max_width, $image_max_height )
49	{
50	global $conf, $lang, $page, $mail_address;
51
52	$result = array();
53	$result['error'] = array();
54	//echo $_FILES['picture']['name']."<br />".$temp_name;
55	$extension = get_extension( $_FILES['picture']['name'] );
56	if (!in_array($extension, $conf['picture_ext']))
57	{
58	array_push( $result['error'], l10n('upload_advise_filetype') );
59	return $result;
60	}
61	if ( !isset( $_FILES['picture'] ) )
62	{
63	// do we even have a file?
64	array_push( $result['error'], "You did not upload anything!" );
65	}
66	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
67	{
68	array_push( $result['error'],
69	l10n('upload_advise_filesize').$my_max_file_size.' KB' );
70	}
71	else
72	{
73	// check if we are allowed to upload this file_type
74	// upload de la photo sous un nom temporaire
75	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
76	{
77	array_push( $result['error'], l10n('upload_cannot_upload') );
78	}
79	else
80	{
81	$size = getimagesize( $temp_name );
82	if ( isset( $image_max_width )
83	and $image_max_width != ""
84	and $size[0] > $image_max_width )
85	{
86	array_push( $result['error'],
87	l10n('upload_advise_width').$image_max_width.' px' );
88	}
89	if ( isset( $image_max_height )
90	and $image_max_height != ""
91	and $size[1] > $image_max_height )
92	{
93	array_push( $result['error'],
94	l10n('upload_advise_height').$image_max_height.' px' );
95	}
96	// $size[2] == 1 means GIF
97	// $size[2] == 2 means JPG
98	// $size[2] == 3 means PNG
99	switch ( $size[2] )
100	{
101	case 1 : $result['type'] = 'gif'; break;
102	case 2 : $result['type'] = 'jpg'; break;
103	case 3 : $result['type'] = 'png'; break;
104	default :
105	array_push( $result['error'], l10n('upload_advise_filetype') );
106	}
107	}
108	}
109	if ( sizeof( $result['error'] ) > 0 )
110	{
111	// destruction de l'image avec le nom temporaire
112	@unlink( $temp_name );
113	}
114	else
115	{
116	@chmod( $temp_name, 0644);
117	}
118
119	//------------------------------------------------------------ log informations
120	pwg_log('upload',
121	get_cat_display_name($page['cat_name']),
122	$_FILES['picture']['name'].
123	' ['.$mail_address.'] '.'['.($result ? 'OK' : 'KO').']');
124
125	return $result;
126	}
127
128	//-------------------------------------------------- access authorization check
129	if (is_numeric($_GET['cat']))
130	{
131	$page['cat'] = $_GET['cat'];
132	}
133
134	if (isset($page['cat']))
135	{
136	check_restrictions( $page['cat'] );
137	$result = get_cat_info( $page['cat'] );
138	$page['cat_dir'] = get_complete_dir( $page['cat'] );
139	$page['cat_site_id'] = $result['site_id'];
140	$page['cat_name'] = $result['name'];
141	$page['cat_uploadable'] = $result['uploadable'];
142
143	if (url_is_remote($page['cat_dir']) or !$page['cat_uploadable'])
144	{
145	die('Fatal: you take a wrong way, bye bye');
146	}
147	}
148
149	$error = array();
150	$page['upload_successful'] = false;
151	if ( isset( $_GET['waiting_id'] ) )
152	{
153	$page['waiting_id'] = $_GET['waiting_id'];
154	}
155	//-------------------------------------------------------------- picture upload
156	// verfying fields
157	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
158	{
159	$path = $page['cat_dir'].$_FILES['picture']['name'];
160	if ( @is_file( $path ) )
161	{
162	array_push( $error, l10n('upload_file_exists') );
163	}
164	// test de la présence des champs obligatoires
165	if ( empty($_FILES['picture']['name']))
166	{
167	array_push( $error, l10n('upload_filenotfound') );
168	}
169	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
170	$_POST['mail_address'] ) )
171	{
172	array_push( $error, l10n('reg_err_mail_address') );
173	}
174	if ( empty($_POST['username']) )
175	{
176	array_push( $error, l10n('upload_err_username') );
177	}
178
179	$date_creation = '';
180	if ( !empty($_POST['date_creation']) )
181	{
182	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
183	// int checkdate ( int month, int day, int year)
184	if (checkdate($month, $day, $year))
185	{
186	$date_creation = $year.'-'.$month.'-'.$day;
187	}
188	else
189	{
190	array_push( $error, l10n('err_date') );
191	}
192	}
193	// creation of the "infos" field :
194	// <infos author="Pierrick LE GALL" comment="my comment"
195	// date_creation="2004-08-14" name="" />
196	$xml_infos = '<infos';
197	$xml_infos.= encodeAttribute('author', $_POST['author']);
198	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
199	$xml_infos.= encodeAttribute('date_creation', $date_creation);
200	$xml_infos.= encodeAttribute('name', $_POST['name']);
201	$xml_infos.= ' />';
202
203	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
204	{
205	array_push( $error, l10n('update_wrong_dirname') );
206	}
207
208	if ( sizeof( $error ) == 0 )
209	{
210	$result = validate_upload( $path, $conf['upload_maxfilesize'],
211	$conf['upload_maxwidth'],
212	$conf['upload_maxheight'] );
213	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
214	{
215	array_push( $error, $result['error'][$j] );
216	}
217	}
218
219	if ( sizeof( $error ) == 0 )
220	{
221	$query = 'insert into '.WAITING_TABLE;
222	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
223	$query.= ' values ';
224	$query.= '('.$page['cat'].",'".$_FILES['picture']['name']."'";
225	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
226	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
227	$query.= ';';
228	pwg_query( $query );
229	$page['waiting_id'] = mysql_insert_id();
230	}
231	}
232
233	//------------------------------------------------------------ thumbnail upload
234	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
235	{
236	// upload of the thumbnail
237	$query = 'select file';
238	$query.= ' from '.WAITING_TABLE;
239	$query.= ' where id = '.$_GET['waiting_id'];
240	$query.= ';';
241	$result= pwg_query( $query );
242	$row = mysql_fetch_array( $result );
243	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
244	$extension = get_extension( $_FILES['picture']['name'] );
245
246	if (($path = mkget_thumbnail_dir($page['cat_dir'], $error)) != false)
247	{
248	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
249	$result = validate_upload( $path, $conf['upload_maxfilesize'],
250	$conf['upload_maxwidth_thumbnail'],
251	$conf['upload_maxheight_thumbnail'] );
252	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
253	{
254	array_push( $error, $result['error'][$j] );
255	}
256	}
257
258	if ( sizeof( $error ) == 0 )
259	{
260	$query = 'update '.WAITING_TABLE;
261	$query.= " set tn_ext = '".$extension."'";
262	$query.= ' where id = '.$_GET['waiting_id'];
263	$query.= ';';
264	pwg_query( $query );
265	$page['upload_successful'] = true;
266	}
267	}
268
269	//
270	// Start output of page
271	//
272	$title= l10n('upload_title');
273	$page['body_id'] = 'theUploadPage';
274	include(PHPWG_ROOT_PATH.'include/page_header.php');
275	$template->set_filenames(array('upload'=>'upload.tpl'));
276
277	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['cat'];
278	if ( isset( $page['waiting_id'] ) )
279	{
280	$u_form.= '&waiting_id='.$page['waiting_id'];
281	}
282
283	if ( isset( $page['waiting_id'] ) )
284	{
285	$advise_title=l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
286	}
287	else
288	{
289	$advise_title = l10n('upload_advise');
290	$advise_title.= get_cat_display_name($page['cat_name']);
291	}
292
293	$template->assign_vars(
294	array(
295	'U_HOME' => make_index_url(),
296
297	'ADVISE_TITLE' => $advise_title,
298	'NAME' => $username,
299	'EMAIL' => $mail_address,
300	'NAME_IMG' => $name,
301	'AUTHOR_IMG' => $author,
302	'DATE_IMG' => $date_creation,
303	'COMMENT_IMG' => $comment,
304
305	'F_ACTION' => $u_form,
306
307	'U_RETURN' => make_index_url(array('category' => $page['cat'])),
308	)
309	);
310
311	if ( !$page['upload_successful'] )
312	{
313	$template->assign_block_vars('upload_not_successful',array());
314	//-------------------------------------------------------------- errors display
315	if ( sizeof( $error ) != 0 )
316	{
317	$template->assign_block_vars('upload_not_successful.errors',array());
318	for ( $i = 0; $i < sizeof( $error ); $i++ )
319	{
320	$template->assign_block_vars('upload_not_successful.errors.error',array('ERROR'=>$error[$i]));
321	}
322	}
323
324	//--------------------------------------------------------------------- advises
325	if ( !empty($conf['upload_maxfilesize']) )
326	{
327	$content = l10n('upload_advise_filesize');
328	$content.= $conf['upload_maxfilesize'].' KB';
329	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
330	}
331
332	if ( isset( $page['waiting_id'] ) )
333	{
334	if ( $conf['upload_maxwidth_thumbnail'] != '' )
335	{
336	$content = l10n('upload_advise_width');
337	$content.= $conf['upload_maxwidth_thumbnail'].' px';
338	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
339	}
340	if ( $conf['upload_maxheight_thumbnail'] != '' )
341	{
342	$content = l10n('upload_advise_height');
343	$content.= $conf['upload_maxheight_thumbnail'].' px';
344	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
345	}
346	}
347	else
348	{
349	if ( $conf['upload_maxwidth'] != '' )
350	{
351	$content = l10n('upload_advise_width');
352	$content.= $conf['upload_maxwidth'].' px';
353	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
354	}
355	if ( $conf['upload_maxheight'] != '' )
356	{
357	$content = l10n('upload_advise_height');
358	$content.= $conf['upload_maxheight'].' px';
359	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
360	}
361	}
362	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>l10n('upload_advise_filetype')));
363
364	//----------------------------------------- optionnal username and mail address
365	if ( !isset( $page['waiting_id'] ) )
366	{
367	$template->assign_block_vars('upload_not_successful.fields',array());
368	$template->assign_block_vars('note',array());
369	}
370	}
371	else
372	{
373	$template->assign_block_vars('upload_successful',array());
374	}
375
376	//----------------------------------------------------------- html code display
377	$template->parse('upload');
378	include(PHPWG_ROOT_PATH.'include/page_tail.php');
379	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: