Context Navigation

source: trunk/upload.php @ 20

Last change on this file since 20 was 20, checked in by z0rglub, 21 years ago
* empty log message *
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 11.8 KB

Line
1	<?php
2	/***************************************************************************
3	* upload.php *
4	* ------------------- *
5	* application : PhpWebGallery 1.3 *
6	* author : Pierrick LE GALL <pierrick@z0rglub.com> *
7	* *
8	***************************************************************************/
9
10	/***************************************************************************
11	* *
12	* This program is free software; you can redistribute it and/or modify *
13	* it under the terms of the GNU General Public License as published by *
14	* the Free Software Foundation; *
15	* *
16	***************************************************************************/
17
18	//------------------------------------------------------------------- functions
19
20	// The validate_upload function checks if the image of the given path is valid.
21	// A picture is valid when :
22	// - width, height and filesize are not higher than the maximum
23	// filesize authorized by the administrator
24	// - the type of the picture is among jpg, gif and png
25	// The function returns an array containing :
26	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
27	// - $result['error'] contains an array with the different errors
28	// found with the picture
29	function validate_upload( $temp_name, $my_max_file_size,
30	$image_max_width, $image_max_height )
31	{
32	global $lang;
33
34	$result = array();
35	$result['error'] = array();
36	//echo $_FILES['picture']['name']."<br />".$temp_name;
37	$extension = get_extension( $_FILES['picture']['name'] );
38	if ( $extension != 'gif' and $extension != 'jpg' and $extension != 'png' )
39	{
40	array_push( $result['error'], $lang['upload_advise_filetype'] );
41	return $result;
42	}
43	if ( !isset( $_FILES['picture'] ) )
44	{
45	// do we even have a file?
46	array_push( $result['error'], "You did not upload anything!" );
47	}
48	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
49	{
50	array_push( $result['error'],
51	$lang['upload_advise_width'].$my_max_file_size.' KB' );
52	}
53	else
54	{
55	// check if we are allowed to upload this file_type
56	// upload de la photo sous un nom temporaire
57	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
58	{
59	array_push( $result['error'], $lang['upload_cannot_upload'] );
60	}
61	else
62	{
63	$size = getimagesize( $temp_name );
64	if ( isset( $image_max_width )
65	and $image_max_width != ""
66	and $size[0] > $image_max_width )
67	{
68	array_push( $result['error'],
69	$lang['upload_advise_width'].$image_max_width.' px' );
70	}
71	if ( isset( $image_max_height )
72	and $image_max_height != ""
73	and $size[1] > $image_max_height )
74	{
75	array_push( $result['error'],
76	$lang['upload_advise_height'].$image_max_height.' px' );
77	}
78	// $size[2] == 1 means GIF
79	// $size[2] == 2 means JPG
80	// $size[2] == 3 means PNG
81	switch ( $size[2] )
82	{
83	case 1 : $result['type'] = 'gif'; break;
84	case 2 : $result['type'] = 'jpg'; break;
85	case 3 : $result['type'] = 'png'; break;
86	default :
87	array_push( $result['error'], $lang['upload_advise_filetype'] );
88	}
89	}
90	}
91	if ( sizeof( $result['error'] ) > 0 )
92	{
93	// destruction de l'image avec le nom temporaire
94	@unlink( $temp_name );
95	}
96	return $result;
97	}
98	//----------------------------------------------------------- personnal include
99	include_once( './include/init.inc.php' );
100	//-------------------------------------------------- access authorization check
101	check_login_authorization();
102	check_cat_id( $_GET['cat'] );
103	if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
104	{
105	check_restrictions( $page['cat'] );
106	$result = get_cat_info( $page['cat'] );
107	$page['cat_dir'] = $result['dir'];
108	$page['cat_site_id'] = $result['site_id'];
109	$page['cat_name'] = $result['name'];
110	}
111	else
112	{
113	$access_forbidden = true;
114	}
115	if ( $access_forbidden == true
116	or $page['cat_site_id'] != 1
117	or $conf['upload_available'] == 'false' )
118	{
119	echo '<div style="text-align:center;">'.$lang['upload_forbidden'].'<br />';
120	echo '<a href="'.add_session_id_to_url( './category.php' ).'">';
121	echo $lang['thumbnails'].'</a></div>';
122	exit();
123	}
124	//----------------------------------------------------- template initialization
125	$vtp = new VTemplate;
126	$handle = $vtp->Open( './template/'.$user['template'].'/upload.vtp' );
127	initialize_template();
128
129	$tpl = array( 'upload_title', 'upload_username', 'mail_address', 'submit',
130	'upload_successful', 'search_return_main_page' );
131	templatize_array( $tpl, 'lang', $sub );
132	// user
133	$vtp->setGlobalVar( $handle, 'style', $user['style'] );
134	$vtp->setGlobalVar( $handle, 'user_login', $user['username'] );
135	$vtp->setGlobalVar( $handle, 'user_mail_address',$user['mail_address'] );
136
137	$error = array();
138	$i = 0;
139	$page['upload_successful'] = false;
140	if ( isset( $_GET['waiting_id'] ) )
141	{
142	$page['waiting_id'] = $_GET['waiting_id'];
143	}
144	//-------------------------------------------------------------- picture upload
145	// vérification de la présence et de la validité des champs.
146	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
147	{
148	$path = $page['cat_dir'].$_FILES['picture']['name'];
149	if ( @is_file( $path ) )
150	{
151	$error[$i++] = $lang['upload_file_exists'];
152	}
153	// test de la présence des champs obligatoires
154	if ( $_FILES['picture']['name'] == "" )
155	{
156	$error[$i++] = $lang['upload_filenotfound'];
157	}
158	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
159	$_POST['mail_address'] ) )
160	{
161	$error[$i++] = $lang['reg_err_mail_address'];
162	}
163	if ( $_POST['username'] == '' )
164	{
165	$error[$i++] = $lang['upload_err_username'];
166	}
167
168	if ( sizeof( $error ) == 0 )
169	{
170	$result = validate_upload( $path, $conf['upload_maxfilesize'],
171	$conf['upload_maxwidth'],
172	$conf['upload_maxheight'] );
173	$upload_type = $result['type'];
174	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
175	{
176	$error[$i++] = $result['error'][$j];
177	}
178	}
179
180	if ( sizeof( $error ) == 0 )
181	{
182	$query = 'insert into '.PREFIX_TABLE.'waiting';
183	$query.= ' (cat_id,file,username,mail_address,date) values';
184	$query.= " (".$page['cat'].",'".$_FILES['picture']['name']."'";
185	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
186	$query.= ",'".$_POST['mail_address']."',".time().")";
187	$query.= ';';
188	mysql_query( $query );
189	$page['waiting_id'] = mysql_insert_id();
190	}
191	}
192	//------------------------------------------------------------ thumbnail upload
193	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
194	{
195	// upload of the thumbnail
196	$query = 'select file';
197	$query.= ' from '.PREFIX_TABLE.'waiting';
198	$query.= ' where id = '.$_GET['waiting_id'];
199	$query.= ';';
200	$result= mysql_query( $query );
201	$row = mysql_fetch_array( $result );
202	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
203	$extension = get_extension( $_FILES['picture']['name'] );
204	$path = $page['cat_dir'].'thumbnail/';
205	$path.= $conf['prefix_thumbnail'].$file.'.'.$extension;
206	$result = validate_upload( $path, $conf['upload_maxfilesize'],
207	$conf['upload_maxwidth_thumbnail'],
208	$conf['upload_maxheight_thumbnail'] );
209	$upload_type = $result['type'];
210	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
211	{
212	$error[$i++] = $result['error'][$j];
213	}
214	if ( sizeof( $error ) == 0 )
215	{
216	$query = 'update '.PREFIX_TABLE.'waiting';
217	$query.= " set tn_ext = '".$extension."'";
218	$query.= ' where id = '.$_GET['waiting_id'];
219	$query.= ';';
220	mysql_query( $query );
221	$page['upload_successful'] = true;
222	}
223	}
224
225	if ( !$page['upload_successful'] )
226	{
227	$vtp->addSession( $handle, 'upload_not_successful' );
228	//-------------------------------------------------------------- errors display
229	if ( sizeof( $error ) != 0 )
230	{
231	$vtp->addSession( $handle, 'errors' );
232	for ( $i = 0; $i < sizeof( $error ); $i++ )
233	{
234	$vtp->addSession( $handle, 'li' );
235	$vtp->setVar( $handle, 'li.li', $error[$i] );
236	$vtp->closeSession( $handle, 'li' );
237	}
238	$vtp->closeSession( $handle, 'errors' );
239	}
240	//----------------------------------------------------------------- form action
241	$url = './upload.php?cat='.$page['cat'].'&expand='.$_GET['expand'];
242	if ( isset( $page['waiting_id'] ) )
243	{
244	$url.= '&waiting_id='.$page['waiting_id'];
245	}
246	$vtp->setGlobalVar( $handle, 'form_action', $url );
247	//--------------------------------------------------------------------- advises
248	if ( $conf['upload_maxfilesize'] != '' )
249	{
250	$vtp->addSession( $handle, 'advise' );
251	$content = $lang['upload_advise_filesize'];
252	$content.= $conf['upload_maxfilesize'].' KB';
253	$vtp->setVar( $handle, 'advise.content', $content );
254	$vtp->closeSession( $handle, 'advise' );
255	}
256	if ( isset( $page['waiting_id'] ) )
257	{
258	$advise_title=$lang['upload_advise_thumbnail'].$_FILES['picture']['name'];
259	$vtp->setGlobalVar( $handle, 'advise_title', $advise_title );
260
261	if ( $conf['upload_maxwidth_thumbnail'] != '' )
262	{
263	$vtp->addSession( $handle, 'advise' );
264	$content = $lang['upload_advise_width'];
265	$content.= $conf['upload_maxwidth_thumbnail'].' px';
266	$vtp->setVar( $handle, 'advise.content', $content );
267	$vtp->closeSession( $handle, 'advise' );
268	}
269	if ( $conf['upload_maxheight_thumbnail'] != '' )
270	{
271	$vtp->addSession( $handle, 'advise' );
272	$content = $lang['upload_advise_height'];
273	$content.= $conf['upload_maxheight_thumbnail'].' px';
274	$vtp->setVar( $handle, 'advise.content', $content );
275	$vtp->closeSession( $handle, 'advise' );
276	}
277	}
278	else
279	{
280	$advise_title = $lang['upload_advise'];
281	$advise_title.= get_cat_display_name( $page['cat_name'], ' - ',
282	'font-style:italic;' );
283	$vtp->setGlobalVar( $handle, 'advise_title', $advise_title );
284
285	if ( $conf['upload_maxwidth'] != '' )
286	{
287	$vtp->addSession( $handle, 'advise' );
288	$content = $lang['upload_advise_width'];
289	$content.= $conf['upload_maxwidth'].' px';
290	$vtp->setVar( $handle, 'advise.content', $content );
291	$vtp->closeSession( $handle, 'advise' );
292	}
293	if ( $conf['upload_maxheight'] != '' )
294	{
295	$vtp->addSession( $handle, 'advise' );
296	$content = $lang['upload_advise_height'];
297	$content.= $conf['upload_maxheight'].' px';
298	$vtp->setVar( $handle, 'advise.content', $content );
299	$vtp->closeSession( $handle, 'advise' );
300	}
301	}
302	$vtp->addSession( $handle, 'advise' );
303	$content = $lang['upload_advise_filetype'];
304	$vtp->setVar( $handle, 'advise.content', $content );
305	$vtp->closeSession( $handle, 'advise' );
306	//----------------------------------------- optionnal username and mail address
307	if ( !isset( $page['waiting_id'] ) )
308	{
309	$vtp->addSession( $handle, 'fields' );
310	$vtp->closeSession( $handle, 'fields' );
311	}
312	$vtp->closeSession( $handle, 'upload_not_successful' );
313	}
314	else
315	{
316	$vtp->addSession( $handle, 'upload_successful' );
317	$vtp->closeSession( $handle, 'upload_successful' );
318	}
319	//----------------------------------------------------- return to main page url
320	$url = './category.php?cat='.$page['cat'].'&expand='.$_GET['expand'];
321	$vtp->setGlobalVar( $handle, 'return_url', add_session_id( $url ) );
322	//----------------------------------------------------------- html code display
323	$code = $vtp->Display( $handle, 0 );
324	echo $code;
325	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: