Context Navigation

source: trunk/upload.php @ 1851

Last change on this file since 1851 was 1850, checked in by rvelices, 17 years ago
change the way confguest_access is handled so that web services work correctly (and also nbm.php and feed.php)
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 12.7 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| file : $Id: upload.php 1850 2007-02-22 05:31:08Z rvelices $
8	// \| last update : $Date: 2007-02-22 05:31:08 +0000 (Thu, 22 Feb 2007) $
9	// \| last modifier : $Author: rvelices $
10	// \| revision : $Revision: 1850 $
11	// +-----------------------------------------------------------------------+
12	// \| This program is free software; you can redistribute it and/or modify \|
13	// \| it under the terms of the GNU General Public License as published by \|
14	// \| the Free Software Foundation \|
15	// \| \|
16	// \| This program is distributed in the hope that it will be useful, but \|
17	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
18	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
19	// \| General Public License for more details. \|
20	// \| \|
21	// \| You should have received a copy of the GNU General Public License \|
22	// \| along with this program; if not, write to the Free Software \|
23	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
24	// \| USA. \|
25	// +-----------------------------------------------------------------------+
26	define('PHPWG_ROOT_PATH','./');
27	include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
28
29	check_status(ACCESS_GUEST);
30
31	$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
32	$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
33	$name = !empty($_POST['name'])?$_POST['name']:'';
34	$author = !empty($_POST['author'])?$_POST['author']:'';
35	$date_creation = !empty($_POST['date_creation'])?$_POST['date_creation']:'';
36	$comment = !empty($_POST['comment'])?$_POST['comment']:'';
37
38	//------------------------------------------------------------------- functions
39	// The validate_upload function checks if the image of the given path is valid.
40	// A picture is valid when :
41	// - width, height and filesize are not higher than the maximum
42	// filesize authorized by the administrator
43	// - the type of the picture is among jpg, gif and png
44	// The function returns an array containing :
45	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
46	// - $result['error'] contains an array with the different errors
47	// found with the picture
48	function validate_upload( $temp_name, $my_max_file_size,
49	$image_max_width, $image_max_height )
50	{
51	global $conf, $lang, $page, $mail_address;
52
53	$result = array();
54	$result['error'] = array();
55	//echo $_FILES['picture']['name']."<br />".$temp_name;
56	$extension = get_extension( $_FILES['picture']['name'] );
57	if (!in_array($extension, $conf['picture_ext']))
58	{
59	array_push( $result['error'], l10n('upload_advise_filetype') );
60	return $result;
61	}
62	if ( !isset( $_FILES['picture'] ) )
63	{
64	// do we even have a file?
65	array_push( $result['error'], "You did not upload anything!" );
66	}
67	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
68	{
69	array_push( $result['error'],
70	l10n('upload_advise_filesize').$my_max_file_size.' KB' );
71	}
72	else
73	{
74	// check if we are allowed to upload this file_type
75	// upload de la photo sous un nom temporaire
76	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
77	{
78	array_push( $result['error'], l10n('upload_cannot_upload') );
79	}
80	else
81	{
82	$size = getimagesize( $temp_name );
83	if ( isset( $image_max_width )
84	and $image_max_width != ""
85	and $size[0] > $image_max_width )
86	{
87	array_push( $result['error'],
88	l10n('upload_advise_width').$image_max_width.' px' );
89	}
90	if ( isset( $image_max_height )
91	and $image_max_height != ""
92	and $size[1] > $image_max_height )
93	{
94	array_push( $result['error'],
95	l10n('upload_advise_height').$image_max_height.' px' );
96	}
97	// $size[2] == 1 means GIF
98	// $size[2] == 2 means JPG
99	// $size[2] == 3 means PNG
100	switch ( $size[2] )
101	{
102	case 1 : $result['type'] = 'gif'; break;
103	case 2 : $result['type'] = 'jpg'; break;
104	case 3 : $result['type'] = 'png'; break;
105	default :
106	array_push( $result['error'], l10n('upload_advise_filetype') );
107	}
108	}
109	}
110	if ( sizeof( $result['error'] ) > 0 )
111	{
112	// destruction de l'image avec le nom temporaire
113	@unlink( $temp_name );
114	}
115	else
116	{
117	@chmod( $temp_name, 0644);
118	}
119
120	//------------------------------------------------------------ log informations
121	pwg_log();
122
123	return $result;
124	}
125
126	//-------------------------------------------------- access authorization check
127	if (is_numeric($_GET['cat']))
128	{
129	$page['category'] = $_GET['cat'];
130	}
131
132	if (isset($page['category']))
133	{
134	check_restrictions( $page['category'] );
135	$result = get_cat_info( $page['category'] );
136	$page['cat_dir'] = get_complete_dir( $page['category'] );
137	$page['cat_site_id'] = $result['site_id'];
138	$page['cat_name'] = $result['name'];
139	$page['cat_uploadable'] = $result['uploadable'];
140
141	if (url_is_remote($page['cat_dir']) or !$page['cat_uploadable'])
142	{
143	die('Fatal: you take a wrong way, bye bye');
144	}
145	}
146
147	$error = array();
148	$page['upload_successful'] = false;
149	if ( isset( $_GET['waiting_id'] ) )
150	{
151	$page['waiting_id'] = $_GET['waiting_id'];
152	}
153	//-------------------------------------------------------------- picture upload
154	// verfying fields
155	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
156	{
157	$path = $page['cat_dir'].$_FILES['picture']['name'];
158	if ( @is_file( $path ) )
159	{
160	array_push( $error, l10n('upload_file_exists') );
161	}
162	// test de la présence des champs obligatoires
163	if ( empty($_FILES['picture']['name']))
164	{
165	array_push( $error, l10n('upload_filenotfound') );
166	}
167	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
168	$_POST['mail_address'] ) )
169	{
170	array_push( $error, l10n('reg_err_mail_address') );
171	}
172	if ( empty($_POST['username']) )
173	{
174	array_push( $error, l10n('upload_err_username') );
175	}
176
177	$date_creation = '';
178	if ( !empty($_POST['date_creation']) )
179	{
180	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
181	// int checkdate ( int month, int day, int year)
182	if (checkdate($month, $day, $year))
183	{
184	$date_creation = $year.'-'.$month.'-'.$day;
185	}
186	else
187	{
188	array_push( $error, l10n('err_date') );
189	}
190	}
191	// creation of the "infos" field :
192	// <infos author="Pierrick LE GALL" comment="my comment"
193	// date_creation="2004-08-14" name="" />
194	$xml_infos = '<infos';
195	$xml_infos.= encodeAttribute('author', $_POST['author']);
196	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
197	$xml_infos.= encodeAttribute('date_creation', $date_creation);
198	$xml_infos.= encodeAttribute('name', $_POST['name']);
199	$xml_infos.= ' />';
200
201	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
202	{
203	array_push( $error, l10n('update_wrong_dirname') );
204	}
205
206	if ( sizeof( $error ) == 0 )
207	{
208	$result = validate_upload( $path, $conf['upload_maxfilesize'],
209	$conf['upload_maxwidth'],
210	$conf['upload_maxheight'] );
211	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
212	{
213	array_push( $error, $result['error'][$j] );
214	}
215	}
216
217	if ( sizeof( $error ) == 0 )
218	{
219	$query = 'insert into '.WAITING_TABLE;
220	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
221	$query.= ' values ';
222	$query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
223	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
224	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
225	$query.= ';';
226	pwg_query( $query );
227	$page['waiting_id'] = mysql_insert_id();
228	}
229	}
230
231	//------------------------------------------------------------ thumbnail upload
232	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
233	{
234	// upload of the thumbnail
235	$query = 'select file';
236	$query.= ' from '.WAITING_TABLE;
237	$query.= ' where id = '.$_GET['waiting_id'];
238	$query.= ';';
239	$result= pwg_query( $query );
240	$row = mysql_fetch_array( $result );
241	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
242	$extension = get_extension( $_FILES['picture']['name'] );
243
244	if (($path = mkget_thumbnail_dir($page['cat_dir'], $error)) != false)
245	{
246	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
247	$result = validate_upload( $path, $conf['upload_maxfilesize'],
248	$conf['upload_maxwidth_thumbnail'],
249	$conf['upload_maxheight_thumbnail'] );
250	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
251	{
252	array_push( $error, $result['error'][$j] );
253	}
254	}
255
256	if ( sizeof( $error ) == 0 )
257	{
258	$query = 'update '.WAITING_TABLE;
259	$query.= " set tn_ext = '".$extension."'";
260	$query.= ' where id = '.$_GET['waiting_id'];
261	$query.= ';';
262	pwg_query( $query );
263	$page['upload_successful'] = true;
264	}
265	}
266
267	//
268	// Start output of page
269	//
270	$title= l10n('upload_title');
271	$page['body_id'] = 'theUploadPage';
272	include(PHPWG_ROOT_PATH.'include/page_header.php');
273	$template->set_filenames(array('upload'=>'upload.tpl'));
274
275	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
276	if ( isset( $page['waiting_id'] ) )
277	{
278	$u_form.= '&waiting_id='.$page['waiting_id'];
279	}
280
281	if ( isset( $page['waiting_id'] ) )
282	{
283	$advise_title=l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
284	}
285	else
286	{
287	$advise_title = l10n('upload_advise');
288	$advise_title.= get_cat_display_name($page['cat_name']);
289	}
290
291	$template->assign_vars(
292	array(
293	'U_HOME' => make_index_url(),
294
295	'ADVISE_TITLE' => $advise_title,
296	'NAME' => $username,
297	'EMAIL' => $mail_address,
298	'NAME_IMG' => $name,
299	'AUTHOR_IMG' => $author,
300	'DATE_IMG' => $date_creation,
301	'COMMENT_IMG' => $comment,
302
303	'F_ACTION' => $u_form,
304
305	'U_RETURN' => make_index_url(array('category' => $page['category'])),
306	)
307	);
308
309	if ( !$page['upload_successful'] )
310	{
311	$template->assign_block_vars('upload_not_successful',array());
312	//-------------------------------------------------------------- errors display
313	if ( sizeof( $error ) != 0 )
314	{
315	$template->assign_block_vars('upload_not_successful.errors',array());
316	for ( $i = 0; $i < sizeof( $error ); $i++ )
317	{
318	$template->assign_block_vars('upload_not_successful.errors.error',array('ERROR'=>$error[$i]));
319	}
320	}
321
322	//--------------------------------------------------------------------- advises
323	if ( !empty($conf['upload_maxfilesize']) )
324	{
325	$content = l10n('upload_advise_filesize');
326	$content.= $conf['upload_maxfilesize'].' KB';
327	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
328	}
329
330	if ( isset( $page['waiting_id'] ) )
331	{
332	if ( $conf['upload_maxwidth_thumbnail'] != '' )
333	{
334	$content = l10n('upload_advise_width');
335	$content.= $conf['upload_maxwidth_thumbnail'].' px';
336	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
337	}
338	if ( $conf['upload_maxheight_thumbnail'] != '' )
339	{
340	$content = l10n('upload_advise_height');
341	$content.= $conf['upload_maxheight_thumbnail'].' px';
342	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
343	}
344	}
345	else
346	{
347	if ( $conf['upload_maxwidth'] != '' )
348	{
349	$content = l10n('upload_advise_width');
350	$content.= $conf['upload_maxwidth'].' px';
351	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
352	}
353	if ( $conf['upload_maxheight'] != '' )
354	{
355	$content = l10n('upload_advise_height');
356	$content.= $conf['upload_maxheight'].' px';
357	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
358	}
359	}
360	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>l10n('upload_advise_filetype')));
361
362	//----------------------------------------- optionnal username and mail address
363	if ( !isset( $page['waiting_id'] ) )
364	{
365	$template->assign_block_vars('upload_not_successful.fields',array());
366	$template->assign_block_vars('note',array());
367	}
368	}
369	else
370	{
371	$template->assign_block_vars('upload_successful',array());
372	}
373
374	//----------------------------------------------------------- html code display
375	$template->parse('upload');
376	include(PHPWG_ROOT_PATH.'include/page_tail.php');
377	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: