Context Navigation

source: trunk/upload.php @ 1915

Last change on this file since 1915 was 1915, checked in by rub, 17 years ago
Add the last (before 1.8) tabsheet on administration menu (Waiting elements). Small change way mail function.
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 13.6 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| file : $Id: upload.php 1915 2007-03-16 18:49:19Z rub $
8	// \| last update : $Date: 2007-03-16 18:49:19 +0000 (Fri, 16 Mar 2007) $
9	// \| last modifier : $Author: rub $
10	// \| revision : $Revision: 1915 $
11	// +-----------------------------------------------------------------------+
12	// \| This program is free software; you can redistribute it and/or modify \|
13	// \| it under the terms of the GNU General Public License as published by \|
14	// \| the Free Software Foundation \|
15	// \| \|
16	// \| This program is distributed in the hope that it will be useful, but \|
17	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
18	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
19	// \| General Public License for more details. \|
20	// \| \|
21	// \| You should have received a copy of the GNU General Public License \|
22	// \| along with this program; if not, write to the Free Software \|
23	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
24	// \| USA. \|
25	// +-----------------------------------------------------------------------+
26	define('PHPWG_ROOT_PATH','./');
27	include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
28
29	check_status(ACCESS_GUEST);
30
31	$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
32	$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
33	$name = !empty($_POST['name'])?$_POST['name']:'';
34	$author = !empty($_POST['author'])?$_POST['author']:'';
35	$date_creation = !empty($_POST['date_creation'])?$_POST['date_creation']:'';
36	$comment = !empty($_POST['comment'])?$_POST['comment']:'';
37
38	//------------------------------------------------------------------- functions
39	// The validate_upload function checks if the image of the given path is valid.
40	// A picture is valid when :
41	// - width, height and filesize are not higher than the maximum
42	// filesize authorized by the administrator
43	// - the type of the picture is among jpg, gif and png
44	// The function returns an array containing :
45	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
46	// - $result['error'] contains an array with the different errors
47	// found with the picture
48	function validate_upload( $temp_name, $my_max_file_size,
49	$image_max_width, $image_max_height )
50	{
51	global $conf, $lang, $page, $mail_address;
52
53	$result = array();
54	$result['error'] = array();
55	//echo $_FILES['picture']['name']."<br />".$temp_name;
56	$extension = get_extension( $_FILES['picture']['name'] );
57	if (!in_array($extension, $conf['picture_ext']))
58	{
59	array_push( $result['error'], l10n('upload_advise_filetype') );
60	return $result;
61	}
62	if ( !isset( $_FILES['picture'] ) )
63	{
64	// do we even have a file?
65	array_push( $result['error'], "You did not upload anything!" );
66	}
67	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
68	{
69	array_push( $result['error'],
70	l10n('upload_advise_filesize').$my_max_file_size.' KB' );
71	}
72	else
73	{
74	// check if we are allowed to upload this file_type
75	// upload de la photo sous un nom temporaire
76	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
77	{
78	array_push( $result['error'], l10n('upload_cannot_upload') );
79	}
80	else
81	{
82	$size = getimagesize( $temp_name );
83	if ( isset( $image_max_width )
84	and $image_max_width != ""
85	and $size[0] > $image_max_width )
86	{
87	array_push( $result['error'],
88	l10n('upload_advise_width').$image_max_width.' px' );
89	}
90	if ( isset( $image_max_height )
91	and $image_max_height != ""
92	and $size[1] > $image_max_height )
93	{
94	array_push( $result['error'],
95	l10n('upload_advise_height').$image_max_height.' px' );
96	}
97	// $size[2] == 1 means GIF
98	// $size[2] == 2 means JPG
99	// $size[2] == 3 means PNG
100	switch ( $size[2] )
101	{
102	case 1 : $result['type'] = 'gif'; break;
103	case 2 : $result['type'] = 'jpg'; break;
104	case 3 : $result['type'] = 'png'; break;
105	default :
106	array_push( $result['error'], l10n('upload_advise_filetype') );
107	}
108	}
109	}
110	if ( sizeof( $result['error'] ) > 0 )
111	{
112	// destruction de l'image avec le nom temporaire
113	@unlink( $temp_name );
114	}
115	else
116	{
117	@chmod( $temp_name, 0644);
118	}
119
120	//------------------------------------------------------------ log informations
121	pwg_log();
122
123	return $result;
124	}
125
126	//-------------------------------------------------- access authorization check
127	if (is_numeric($_GET['cat']))
128	{
129	$page['category'] = $_GET['cat'];
130	}
131
132	if (isset($page['category']))
133	{
134	check_restrictions( $page['category'] );
135	$category = get_cat_info( $page['category'] );
136	$category['cat_dir'] = get_complete_dir( $page['category'] );
137
138	if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
139	{
140	die('Fatal: you take a wrong way, bye bye');
141	}
142	}
143
144	$error = array();
145	$page['upload_successful'] = false;
146	if ( isset( $_GET['waiting_id'] ) )
147	{
148	$page['waiting_id'] = $_GET['waiting_id'];
149	}
150	//-------------------------------------------------------------- picture upload
151	// verfying fields
152	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
153	{
154	$path = $category['cat_dir'].$_FILES['picture']['name'];
155	if ( @is_file( $path ) )
156	{
157	array_push( $error, l10n('upload_file_exists') );
158	}
159	// test de la présence des champs obligatoires
160	if ( empty($_FILES['picture']['name']))
161	{
162	array_push( $error, l10n('upload_filenotfound') );
163	}
164	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
165	$_POST['mail_address'] ) )
166	{
167	array_push( $error, l10n('reg_err_mail_address') );
168	}
169	if ( empty($_POST['username']) )
170	{
171	array_push( $error, l10n('upload_err_username') );
172	}
173
174	$date_creation = '';
175	if ( !empty($_POST['date_creation']) )
176	{
177	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
178	// int checkdate ( int month, int day, int year)
179	if (checkdate($month, $day, $year))
180	{
181	$date_creation = $year.'-'.$month.'-'.$day;
182	}
183	else
184	{
185	array_push( $error, l10n('err_date') );
186	}
187	}
188	// creation of the "infos" field :
189	// <infos author="Pierrick LE GALL" comment="my comment"
190	// date_creation="2004-08-14" name="" />
191	$xml_infos = '<infos';
192	$xml_infos.= encodeAttribute('author', $_POST['author']);
193	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
194	$xml_infos.= encodeAttribute('date_creation', $date_creation);
195	$xml_infos.= encodeAttribute('name', $_POST['name']);
196	$xml_infos.= ' />';
197
198	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
199	{
200	array_push( $error, l10n('update_wrong_dirname') );
201	}
202
203	if ( sizeof( $error ) == 0 )
204	{
205	$result = validate_upload( $path, $conf['upload_maxfilesize'],
206	$conf['upload_maxwidth'],
207	$conf['upload_maxheight'] );
208	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
209	{
210	array_push( $error, $result['error'][$j] );
211	}
212	}
213
214	if ( sizeof( $error ) == 0 )
215	{
216	$query = 'insert into '.WAITING_TABLE;
217	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
218	$query.= ' values ';
219	$query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
220	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
221	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
222	$query.= ';';
223	pwg_query( $query );
224	$page['waiting_id'] = mysql_insert_id();
225
226	if ($conf['email_admin_on_picture_uploaded'])
227	{
228	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
229
230	$waiting_url = get_absolute_root_url().'admin.php?page=upload';
231
232	$keyargs_content = array
233	(
234	get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
235	get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
236	get_l10n_args('User: %s', $_POST['username']),
237	get_l10n_args('Email: %s', $_POST['mail_address']),
238	get_l10n_args('Picture name: %s', $_POST['name']),
239	get_l10n_args('Author: %s', $_POST['author']),
240	get_l10n_args('Creation date: %s', $_POST['date_creation']),
241	get_l10n_args('Comment: %s', $_POST['comment']),
242	get_l10n_args('', ''),
243	get_l10n_args('Waiting page: %s', $waiting_url)
244	);
245
246	pwg_mail_notification_admins
247	(
248	get_l10n_args('Picture uploaded by %s', $_POST['username']),
249	$keyargs_content
250	);
251	}
252	}
253	}
254
255	//------------------------------------------------------------ thumbnail upload
256	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
257	{
258	// upload of the thumbnail
259	$query = 'select file';
260	$query.= ' from '.WAITING_TABLE;
261	$query.= ' where id = '.$_GET['waiting_id'];
262	$query.= ';';
263	$result= pwg_query( $query );
264	$row = mysql_fetch_array( $result );
265	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
266	$extension = get_extension( $_FILES['picture']['name'] );
267
268	if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
269	{
270	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
271	$result = validate_upload( $path, $conf['upload_maxfilesize'],
272	$conf['upload_maxwidth_thumbnail'],
273	$conf['upload_maxheight_thumbnail'] );
274	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
275	{
276	array_push( $error, $result['error'][$j] );
277	}
278	}
279
280	if ( sizeof( $error ) == 0 )
281	{
282	$query = 'update '.WAITING_TABLE;
283	$query.= " set tn_ext = '".$extension."'";
284	$query.= ' where id = '.$_GET['waiting_id'];
285	$query.= ';';
286	pwg_query( $query );
287	$page['upload_successful'] = true;
288	}
289	}
290
291	//
292	// Start output of page
293	//
294	$title= l10n('upload_title');
295	$page['body_id'] = 'theUploadPage';
296	include(PHPWG_ROOT_PATH.'include/page_header.php');
297	$template->set_filenames(array('upload'=>'upload.tpl'));
298
299	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
300	if ( isset( $page['waiting_id'] ) )
301	{
302	$u_form.= '&waiting_id='.$page['waiting_id'];
303	}
304
305	if ( isset( $page['waiting_id'] ) )
306	{
307	$advise_title=l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
308	}
309	else
310	{
311	$advise_title = l10n('upload_advise');
312	$advise_title.= get_cat_display_name($category['upper_names']);
313	}
314
315	$template->assign_vars(
316	array(
317	'U_HOME' => make_index_url(),
318
319	'ADVISE_TITLE' => $advise_title,
320	'NAME' => $username,
321	'EMAIL' => $mail_address,
322	'NAME_IMG' => $name,
323	'AUTHOR_IMG' => $author,
324	'DATE_IMG' => $date_creation,
325	'COMMENT_IMG' => $comment,
326
327	'F_ACTION' => $u_form,
328
329	'U_RETURN' => make_index_url(array('category' => $category)),
330	)
331	);
332
333	if ( !$page['upload_successful'] )
334	{
335	$template->assign_block_vars('upload_not_successful',array());
336	//-------------------------------------------------------------- errors display
337	if ( sizeof( $error ) != 0 )
338	{
339	$template->assign_block_vars('upload_not_successful.errors',array());
340	for ( $i = 0; $i < sizeof( $error ); $i++ )
341	{
342	$template->assign_block_vars('upload_not_successful.errors.error',array('ERROR'=>$error[$i]));
343	}
344	}
345
346	//--------------------------------------------------------------------- advises
347	if ( !empty($conf['upload_maxfilesize']) )
348	{
349	$content = l10n('upload_advise_filesize');
350	$content.= $conf['upload_maxfilesize'].' KB';
351	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
352	}
353
354	if ( isset( $page['waiting_id'] ) )
355	{
356	if ( $conf['upload_maxwidth_thumbnail'] != '' )
357	{
358	$content = l10n('upload_advise_width');
359	$content.= $conf['upload_maxwidth_thumbnail'].' px';
360	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
361	}
362	if ( $conf['upload_maxheight_thumbnail'] != '' )
363	{
364	$content = l10n('upload_advise_height');
365	$content.= $conf['upload_maxheight_thumbnail'].' px';
366	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
367	}
368	}
369	else
370	{
371	if ( $conf['upload_maxwidth'] != '' )
372	{
373	$content = l10n('upload_advise_width');
374	$content.= $conf['upload_maxwidth'].' px';
375	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
376	}
377	if ( $conf['upload_maxheight'] != '' )
378	{
379	$content = l10n('upload_advise_height');
380	$content.= $conf['upload_maxheight'].' px';
381	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
382	}
383	}
384	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>l10n('upload_advise_filetype')));
385
386	//----------------------------------------- optionnal username and mail address
387	if ( !isset( $page['waiting_id'] ) )
388	{
389	$template->assign_block_vars('upload_not_successful.fields',array());
390	$template->assign_block_vars('note',array());
391	}
392	}
393	else
394	{
395	$template->assign_block_vars('upload_successful',array());
396	}
397
398	//----------------------------------------------------------- html code display
399	$template->parse('upload');
400	include(PHPWG_ROOT_PATH.'include/page_tail.php');
401	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: