Context Navigation

source: trunk/upload.php @ 1846

Last change on this file since 1846 was 1843, checked in by rub, 17 years ago
First Fix 0000494: Stats do not currently include Uploads
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 12.8 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2007-02-20 22:07:52 +0000 (Tue, 20 Feb 2007) $
10	// \| last modifier : $Author: rub $
11	// \| revision : $Revision: 1843 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27	define('PHPWG_ROOT_PATH','./');
28	include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
29
30	$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
31	$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
32	$name = !empty($_POST['name'])?$_POST['name']:'';
33	$author = !empty($_POST['author'])?$_POST['author']:'';
34	$date_creation = !empty($_POST['date_creation'])?$_POST['date_creation']:'';
35	$comment = !empty($_POST['comment'])?$_POST['comment']:'';
36
37	//------------------------------------------------------------------- functions
38	// The validate_upload function checks if the image of the given path is valid.
39	// A picture is valid when :
40	// - width, height and filesize are not higher than the maximum
41	// filesize authorized by the administrator
42	// - the type of the picture is among jpg, gif and png
43	// The function returns an array containing :
44	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
45	// - $result['error'] contains an array with the different errors
46	// found with the picture
47	function validate_upload( $temp_name, $my_max_file_size,
48	$image_max_width, $image_max_height )
49	{
50	global $conf, $lang, $page, $mail_address;
51
52	$result = array();
53	$result['error'] = array();
54	//echo $_FILES['picture']['name']."<br />".$temp_name;
55	$extension = get_extension( $_FILES['picture']['name'] );
56	if (!in_array($extension, $conf['picture_ext']))
57	{
58	array_push( $result['error'], l10n('upload_advise_filetype') );
59	return $result;
60	}
61	if ( !isset( $_FILES['picture'] ) )
62	{
63	// do we even have a file?
64	array_push( $result['error'], "You did not upload anything!" );
65	}
66	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
67	{
68	array_push( $result['error'],
69	l10n('upload_advise_filesize').$my_max_file_size.' KB' );
70	}
71	else
72	{
73	// check if we are allowed to upload this file_type
74	// upload de la photo sous un nom temporaire
75	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
76	{
77	array_push( $result['error'], l10n('upload_cannot_upload') );
78	}
79	else
80	{
81	$size = getimagesize( $temp_name );
82	if ( isset( $image_max_width )
83	and $image_max_width != ""
84	and $size[0] > $image_max_width )
85	{
86	array_push( $result['error'],
87	l10n('upload_advise_width').$image_max_width.' px' );
88	}
89	if ( isset( $image_max_height )
90	and $image_max_height != ""
91	and $size[1] > $image_max_height )
92	{
93	array_push( $result['error'],
94	l10n('upload_advise_height').$image_max_height.' px' );
95	}
96	// $size[2] == 1 means GIF
97	// $size[2] == 2 means JPG
98	// $size[2] == 3 means PNG
99	switch ( $size[2] )
100	{
101	case 1 : $result['type'] = 'gif'; break;
102	case 2 : $result['type'] = 'jpg'; break;
103	case 3 : $result['type'] = 'png'; break;
104	default :
105	array_push( $result['error'], l10n('upload_advise_filetype') );
106	}
107	}
108	}
109	if ( sizeof( $result['error'] ) > 0 )
110	{
111	// destruction de l'image avec le nom temporaire
112	@unlink( $temp_name );
113	}
114	else
115	{
116	@chmod( $temp_name, 0644);
117	}
118
119	//------------------------------------------------------------ log informations
120	pwg_log();
121
122	return $result;
123	}
124
125	//-------------------------------------------------- access authorization check
126	if (is_numeric($_GET['cat']))
127	{
128	$page['category'] = $_GET['cat'];
129	}
130
131	if (isset($page['category']))
132	{
133	check_restrictions( $page['category'] );
134	$result = get_cat_info( $page['category'] );
135	$page['cat_dir'] = get_complete_dir( $page['category'] );
136	$page['cat_site_id'] = $result['site_id'];
137	$page['cat_name'] = $result['name'];
138	$page['cat_uploadable'] = $result['uploadable'];
139
140	if (url_is_remote($page['cat_dir']) or !$page['cat_uploadable'])
141	{
142	die('Fatal: you take a wrong way, bye bye');
143	}
144	}
145
146	$error = array();
147	$page['upload_successful'] = false;
148	if ( isset( $_GET['waiting_id'] ) )
149	{
150	$page['waiting_id'] = $_GET['waiting_id'];
151	}
152	//-------------------------------------------------------------- picture upload
153	// verfying fields
154	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
155	{
156	$path = $page['cat_dir'].$_FILES['picture']['name'];
157	if ( @is_file( $path ) )
158	{
159	array_push( $error, l10n('upload_file_exists') );
160	}
161	// test de la présence des champs obligatoires
162	if ( empty($_FILES['picture']['name']))
163	{
164	array_push( $error, l10n('upload_filenotfound') );
165	}
166	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
167	$_POST['mail_address'] ) )
168	{
169	array_push( $error, l10n('reg_err_mail_address') );
170	}
171	if ( empty($_POST['username']) )
172	{
173	array_push( $error, l10n('upload_err_username') );
174	}
175
176	$date_creation = '';
177	if ( !empty($_POST['date_creation']) )
178	{
179	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
180	// int checkdate ( int month, int day, int year)
181	if (checkdate($month, $day, $year))
182	{
183	$date_creation = $year.'-'.$month.'-'.$day;
184	}
185	else
186	{
187	array_push( $error, l10n('err_date') );
188	}
189	}
190	// creation of the "infos" field :
191	// <infos author="Pierrick LE GALL" comment="my comment"
192	// date_creation="2004-08-14" name="" />
193	$xml_infos = '<infos';
194	$xml_infos.= encodeAttribute('author', $_POST['author']);
195	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
196	$xml_infos.= encodeAttribute('date_creation', $date_creation);
197	$xml_infos.= encodeAttribute('name', $_POST['name']);
198	$xml_infos.= ' />';
199
200	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
201	{
202	array_push( $error, l10n('update_wrong_dirname') );
203	}
204
205	if ( sizeof( $error ) == 0 )
206	{
207	$result = validate_upload( $path, $conf['upload_maxfilesize'],
208	$conf['upload_maxwidth'],
209	$conf['upload_maxheight'] );
210	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
211	{
212	array_push( $error, $result['error'][$j] );
213	}
214	}
215
216	if ( sizeof( $error ) == 0 )
217	{
218	$query = 'insert into '.WAITING_TABLE;
219	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
220	$query.= ' values ';
221	$query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
222	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
223	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
224	$query.= ';';
225	pwg_query( $query );
226	$page['waiting_id'] = mysql_insert_id();
227	}
228	}
229
230	//------------------------------------------------------------ thumbnail upload
231	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
232	{
233	// upload of the thumbnail
234	$query = 'select file';
235	$query.= ' from '.WAITING_TABLE;
236	$query.= ' where id = '.$_GET['waiting_id'];
237	$query.= ';';
238	$result= pwg_query( $query );
239	$row = mysql_fetch_array( $result );
240	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
241	$extension = get_extension( $_FILES['picture']['name'] );
242
243	if (($path = mkget_thumbnail_dir($page['cat_dir'], $error)) != false)
244	{
245	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
246	$result = validate_upload( $path, $conf['upload_maxfilesize'],
247	$conf['upload_maxwidth_thumbnail'],
248	$conf['upload_maxheight_thumbnail'] );
249	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
250	{
251	array_push( $error, $result['error'][$j] );
252	}
253	}
254
255	if ( sizeof( $error ) == 0 )
256	{
257	$query = 'update '.WAITING_TABLE;
258	$query.= " set tn_ext = '".$extension."'";
259	$query.= ' where id = '.$_GET['waiting_id'];
260	$query.= ';';
261	pwg_query( $query );
262	$page['upload_successful'] = true;
263	}
264	}
265
266	//
267	// Start output of page
268	//
269	$title= l10n('upload_title');
270	$page['body_id'] = 'theUploadPage';
271	include(PHPWG_ROOT_PATH.'include/page_header.php');
272	$template->set_filenames(array('upload'=>'upload.tpl'));
273
274	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
275	if ( isset( $page['waiting_id'] ) )
276	{
277	$u_form.= '&waiting_id='.$page['waiting_id'];
278	}
279
280	if ( isset( $page['waiting_id'] ) )
281	{
282	$advise_title=l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
283	}
284	else
285	{
286	$advise_title = l10n('upload_advise');
287	$advise_title.= get_cat_display_name($page['cat_name']);
288	}
289
290	$template->assign_vars(
291	array(
292	'U_HOME' => make_index_url(),
293
294	'ADVISE_TITLE' => $advise_title,
295	'NAME' => $username,
296	'EMAIL' => $mail_address,
297	'NAME_IMG' => $name,
298	'AUTHOR_IMG' => $author,
299	'DATE_IMG' => $date_creation,
300	'COMMENT_IMG' => $comment,
301
302	'F_ACTION' => $u_form,
303
304	'U_RETURN' => make_index_url(array('category' => $page['category'])),
305	)
306	);
307
308	if ( !$page['upload_successful'] )
309	{
310	$template->assign_block_vars('upload_not_successful',array());
311	//-------------------------------------------------------------- errors display
312	if ( sizeof( $error ) != 0 )
313	{
314	$template->assign_block_vars('upload_not_successful.errors',array());
315	for ( $i = 0; $i < sizeof( $error ); $i++ )
316	{
317	$template->assign_block_vars('upload_not_successful.errors.error',array('ERROR'=>$error[$i]));
318	}
319	}
320
321	//--------------------------------------------------------------------- advises
322	if ( !empty($conf['upload_maxfilesize']) )
323	{
324	$content = l10n('upload_advise_filesize');
325	$content.= $conf['upload_maxfilesize'].' KB';
326	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
327	}
328
329	if ( isset( $page['waiting_id'] ) )
330	{
331	if ( $conf['upload_maxwidth_thumbnail'] != '' )
332	{
333	$content = l10n('upload_advise_width');
334	$content.= $conf['upload_maxwidth_thumbnail'].' px';
335	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
336	}
337	if ( $conf['upload_maxheight_thumbnail'] != '' )
338	{
339	$content = l10n('upload_advise_height');
340	$content.= $conf['upload_maxheight_thumbnail'].' px';
341	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
342	}
343	}
344	else
345	{
346	if ( $conf['upload_maxwidth'] != '' )
347	{
348	$content = l10n('upload_advise_width');
349	$content.= $conf['upload_maxwidth'].' px';
350	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
351	}
352	if ( $conf['upload_maxheight'] != '' )
353	{
354	$content = l10n('upload_advise_height');
355	$content.= $conf['upload_maxheight'].' px';
356	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
357	}
358	}
359	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>l10n('upload_advise_filetype')));
360
361	//----------------------------------------- optionnal username and mail address
362	if ( !isset( $page['waiting_id'] ) )
363	{
364	$template->assign_block_vars('upload_not_successful.fields',array());
365	$template->assign_block_vars('note',array());
366	}
367	}
368	else
369	{
370	$template->assign_block_vars('upload_successful',array());
371	}
372
373	//----------------------------------------------------------- html code display
374	$template->parse('upload');
375	include(PHPWG_ROOT_PATH.'include/page_tail.php');
376	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: