Context Navigation

source: trunk/upload.php @ 1861

Last change on this file since 1861 was 1861, checked in by rvelices, 17 years ago

refactoring pagecategory before 1.7 release

pagecategory is not an id anymore, but an associative array of category info
all of pagecat_xxx or pageuppercats merged into one
simplifies calls to make_index_url
give plugins a clean start for page variables for version 1.7

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 12.6 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| file : $Id: upload.php 1861 2007-02-27 01:56:16Z rvelices $
8	// \| last update : $Date: 2007-02-27 01:56:16 +0000 (Tue, 27 Feb 2007) $
9	// \| last modifier : $Author: rvelices $
10	// \| revision : $Revision: 1861 $
11	// +-----------------------------------------------------------------------+
12	// \| This program is free software; you can redistribute it and/or modify \|
13	// \| it under the terms of the GNU General Public License as published by \|
14	// \| the Free Software Foundation \|
15	// \| \|
16	// \| This program is distributed in the hope that it will be useful, but \|
17	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
18	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
19	// \| General Public License for more details. \|
20	// \| \|
21	// \| You should have received a copy of the GNU General Public License \|
22	// \| along with this program; if not, write to the Free Software \|
23	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
24	// \| USA. \|
25	// +-----------------------------------------------------------------------+
26	define('PHPWG_ROOT_PATH','./');
27	include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
28
29	check_status(ACCESS_GUEST);
30
31	$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
32	$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
33	$name = !empty($_POST['name'])?$_POST['name']:'';
34	$author = !empty($_POST['author'])?$_POST['author']:'';
35	$date_creation = !empty($_POST['date_creation'])?$_POST['date_creation']:'';
36	$comment = !empty($_POST['comment'])?$_POST['comment']:'';
37
38	//------------------------------------------------------------------- functions
39	// The validate_upload function checks if the image of the given path is valid.
40	// A picture is valid when :
41	// - width, height and filesize are not higher than the maximum
42	// filesize authorized by the administrator
43	// - the type of the picture is among jpg, gif and png
44	// The function returns an array containing :
45	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
46	// - $result['error'] contains an array with the different errors
47	// found with the picture
48	function validate_upload( $temp_name, $my_max_file_size,
49	$image_max_width, $image_max_height )
50	{
51	global $conf, $lang, $page, $mail_address;
52
53	$result = array();
54	$result['error'] = array();
55	//echo $_FILES['picture']['name']."<br />".$temp_name;
56	$extension = get_extension( $_FILES['picture']['name'] );
57	if (!in_array($extension, $conf['picture_ext']))
58	{
59	array_push( $result['error'], l10n('upload_advise_filetype') );
60	return $result;
61	}
62	if ( !isset( $_FILES['picture'] ) )
63	{
64	// do we even have a file?
65	array_push( $result['error'], "You did not upload anything!" );
66	}
67	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
68	{
69	array_push( $result['error'],
70	l10n('upload_advise_filesize').$my_max_file_size.' KB' );
71	}
72	else
73	{
74	// check if we are allowed to upload this file_type
75	// upload de la photo sous un nom temporaire
76	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
77	{
78	array_push( $result['error'], l10n('upload_cannot_upload') );
79	}
80	else
81	{
82	$size = getimagesize( $temp_name );
83	if ( isset( $image_max_width )
84	and $image_max_width != ""
85	and $size[0] > $image_max_width )
86	{
87	array_push( $result['error'],
88	l10n('upload_advise_width').$image_max_width.' px' );
89	}
90	if ( isset( $image_max_height )
91	and $image_max_height != ""
92	and $size[1] > $image_max_height )
93	{
94	array_push( $result['error'],
95	l10n('upload_advise_height').$image_max_height.' px' );
96	}
97	// $size[2] == 1 means GIF
98	// $size[2] == 2 means JPG
99	// $size[2] == 3 means PNG
100	switch ( $size[2] )
101	{
102	case 1 : $result['type'] = 'gif'; break;
103	case 2 : $result['type'] = 'jpg'; break;
104	case 3 : $result['type'] = 'png'; break;
105	default :
106	array_push( $result['error'], l10n('upload_advise_filetype') );
107	}
108	}
109	}
110	if ( sizeof( $result['error'] ) > 0 )
111	{
112	// destruction de l'image avec le nom temporaire
113	@unlink( $temp_name );
114	}
115	else
116	{
117	@chmod( $temp_name, 0644);
118	}
119
120	//------------------------------------------------------------ log informations
121	pwg_log();
122
123	return $result;
124	}
125
126	//-------------------------------------------------- access authorization check
127	if (is_numeric($_GET['cat']))
128	{
129	$page['category'] = $_GET['cat'];
130	}
131
132	if (isset($page['category']))
133	{
134	check_restrictions( $page['category'] );
135	$category = get_cat_info( $page['category'] );
136	$category['cat_dir'] = get_complete_dir( $page['category'] );
137
138	if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
139	{
140	die('Fatal: you take a wrong way, bye bye');
141	}
142	}
143
144	$error = array();
145	$page['upload_successful'] = false;
146	if ( isset( $_GET['waiting_id'] ) )
147	{
148	$page['waiting_id'] = $_GET['waiting_id'];
149	}
150	//-------------------------------------------------------------- picture upload
151	// verfying fields
152	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
153	{
154	$path = $category['cat_dir'].$_FILES['picture']['name'];
155	if ( @is_file( $path ) )
156	{
157	array_push( $error, l10n('upload_file_exists') );
158	}
159	// test de la présence des champs obligatoires
160	if ( empty($_FILES['picture']['name']))
161	{
162	array_push( $error, l10n('upload_filenotfound') );
163	}
164	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
165	$_POST['mail_address'] ) )
166	{
167	array_push( $error, l10n('reg_err_mail_address') );
168	}
169	if ( empty($_POST['username']) )
170	{
171	array_push( $error, l10n('upload_err_username') );
172	}
173
174	$date_creation = '';
175	if ( !empty($_POST['date_creation']) )
176	{
177	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
178	// int checkdate ( int month, int day, int year)
179	if (checkdate($month, $day, $year))
180	{
181	$date_creation = $year.'-'.$month.'-'.$day;
182	}
183	else
184	{
185	array_push( $error, l10n('err_date') );
186	}
187	}
188	// creation of the "infos" field :
189	// <infos author="Pierrick LE GALL" comment="my comment"
190	// date_creation="2004-08-14" name="" />
191	$xml_infos = '<infos';
192	$xml_infos.= encodeAttribute('author', $_POST['author']);
193	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
194	$xml_infos.= encodeAttribute('date_creation', $date_creation);
195	$xml_infos.= encodeAttribute('name', $_POST['name']);
196	$xml_infos.= ' />';
197
198	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
199	{
200	array_push( $error, l10n('update_wrong_dirname') );
201	}
202
203	if ( sizeof( $error ) == 0 )
204	{
205	$result = validate_upload( $path, $conf['upload_maxfilesize'],
206	$conf['upload_maxwidth'],
207	$conf['upload_maxheight'] );
208	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
209	{
210	array_push( $error, $result['error'][$j] );
211	}
212	}
213
214	if ( sizeof( $error ) == 0 )
215	{
216	$query = 'insert into '.WAITING_TABLE;
217	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
218	$query.= ' values ';
219	$query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
220	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
221	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
222	$query.= ';';
223	pwg_query( $query );
224	$page['waiting_id'] = mysql_insert_id();
225	}
226	}
227
228	//------------------------------------------------------------ thumbnail upload
229	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
230	{
231	// upload of the thumbnail
232	$query = 'select file';
233	$query.= ' from '.WAITING_TABLE;
234	$query.= ' where id = '.$_GET['waiting_id'];
235	$query.= ';';
236	$result= pwg_query( $query );
237	$row = mysql_fetch_array( $result );
238	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
239	$extension = get_extension( $_FILES['picture']['name'] );
240
241	if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
242	{
243	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
244	$result = validate_upload( $path, $conf['upload_maxfilesize'],
245	$conf['upload_maxwidth_thumbnail'],
246	$conf['upload_maxheight_thumbnail'] );
247	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
248	{
249	array_push( $error, $result['error'][$j] );
250	}
251	}
252
253	if ( sizeof( $error ) == 0 )
254	{
255	$query = 'update '.WAITING_TABLE;
256	$query.= " set tn_ext = '".$extension."'";
257	$query.= ' where id = '.$_GET['waiting_id'];
258	$query.= ';';
259	pwg_query( $query );
260	$page['upload_successful'] = true;
261	}
262	}
263
264	//
265	// Start output of page
266	//
267	$title= l10n('upload_title');
268	$page['body_id'] = 'theUploadPage';
269	include(PHPWG_ROOT_PATH.'include/page_header.php');
270	$template->set_filenames(array('upload'=>'upload.tpl'));
271
272	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
273	if ( isset( $page['waiting_id'] ) )
274	{
275	$u_form.= '&waiting_id='.$page['waiting_id'];
276	}
277
278	if ( isset( $page['waiting_id'] ) )
279	{
280	$advise_title=l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
281	}
282	else
283	{
284	$advise_title = l10n('upload_advise');
285	$advise_title.= get_cat_display_name($category['upper_names']);
286	}
287
288	$template->assign_vars(
289	array(
290	'U_HOME' => make_index_url(),
291
292	'ADVISE_TITLE' => $advise_title,
293	'NAME' => $username,
294	'EMAIL' => $mail_address,
295	'NAME_IMG' => $name,
296	'AUTHOR_IMG' => $author,
297	'DATE_IMG' => $date_creation,
298	'COMMENT_IMG' => $comment,
299
300	'F_ACTION' => $u_form,
301
302	'U_RETURN' => make_index_url(array('category' => $category)),
303	)
304	);
305
306	if ( !$page['upload_successful'] )
307	{
308	$template->assign_block_vars('upload_not_successful',array());
309	//-------------------------------------------------------------- errors display
310	if ( sizeof( $error ) != 0 )
311	{
312	$template->assign_block_vars('upload_not_successful.errors',array());
313	for ( $i = 0; $i < sizeof( $error ); $i++ )
314	{
315	$template->assign_block_vars('upload_not_successful.errors.error',array('ERROR'=>$error[$i]));
316	}
317	}
318
319	//--------------------------------------------------------------------- advises
320	if ( !empty($conf['upload_maxfilesize']) )
321	{
322	$content = l10n('upload_advise_filesize');
323	$content.= $conf['upload_maxfilesize'].' KB';
324	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
325	}
326
327	if ( isset( $page['waiting_id'] ) )
328	{
329	if ( $conf['upload_maxwidth_thumbnail'] != '' )
330	{
331	$content = l10n('upload_advise_width');
332	$content.= $conf['upload_maxwidth_thumbnail'].' px';
333	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
334	}
335	if ( $conf['upload_maxheight_thumbnail'] != '' )
336	{
337	$content = l10n('upload_advise_height');
338	$content.= $conf['upload_maxheight_thumbnail'].' px';
339	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
340	}
341	}
342	else
343	{
344	if ( $conf['upload_maxwidth'] != '' )
345	{
346	$content = l10n('upload_advise_width');
347	$content.= $conf['upload_maxwidth'].' px';
348	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
349	}
350	if ( $conf['upload_maxheight'] != '' )
351	{
352	$content = l10n('upload_advise_height');
353	$content.= $conf['upload_maxheight'].' px';
354	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
355	}
356	}
357	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>l10n('upload_advise_filetype')));
358
359	//----------------------------------------- optionnal username and mail address
360	if ( !isset( $page['waiting_id'] ) )
361	{
362	$template->assign_block_vars('upload_not_successful.fields',array());
363	$template->assign_block_vars('note',array());
364	}
365	}
366	else
367	{
368	$template->assign_block_vars('upload_successful',array());
369	}
370
371	//----------------------------------------------------------- html code display
372	$template->parse('upload');
373	include(PHPWG_ROOT_PATH.'include/page_tail.php');
374	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: