Context Navigation

source: trunk/upload.php @ 2299

Last change on this file since 2299 was 2299, checked in by plg, 16 years ago

Bug fixed: as rvelices notified me by email, my header replacement script was
bugged (r2297 was repeating new and old header).

By the way, I've also removed the replacement keywords. We were using them
because it was a common usage with CVS but it is advised not to use them with
Subversion. Personnaly, it is a problem when I search differences between 2
Piwigo installations outside Subversion.

Property svn:eol-style set to LF
Property svn:keywords set to Author Date Id Revision

File size: 12.9 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23	define('PHPWG_ROOT_PATH','./');
24	include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
25
26	check_status(ACCESS_GUEST);
27
28	$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
29	$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
30	$name = !empty($_POST['name'])?$_POST['name']:'';
31	$author = !empty($_POST['author'])?$_POST['author']:'';
32	$date_creation = !empty($_POST['date_creation'])?$_POST['date_creation']:'';
33	$comment = !empty($_POST['comment'])?$_POST['comment']:'';
34
35	//------------------------------------------------------------------- functions
36	// The validate_upload function checks if the image of the given path is valid.
37	// A picture is valid when :
38	// - width, height and filesize are not higher than the maximum
39	// filesize authorized by the administrator
40	// - the type of the picture is among jpg, gif and png
41	// The function returns an array containing :
42	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
43	// - $result['error'] contains an array with the different errors
44	// found with the picture
45	function validate_upload( $temp_name, $my_max_file_size,
46	$image_max_width, $image_max_height )
47	{
48	global $conf, $lang, $page, $mail_address;
49
50	$result = array();
51	$result['error'] = array();
52	//echo $_FILES['picture']['name']."<br />".$temp_name;
53	$extension = get_extension( $_FILES['picture']['name'] );
54	if (!in_array($extension, $conf['picture_ext']))
55	{
56	array_push( $result['error'], l10n('upload_advise_filetype') );
57	return $result;
58	}
59	if ( !isset( $_FILES['picture'] ) )
60	{
61	// do we even have a file?
62	array_push( $result['error'], "You did not upload anything!" );
63	}
64	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
65	{
66	array_push( $result['error'],
67	l10n('upload_advise_filesize').$my_max_file_size.' KB' );
68	}
69	else
70	{
71	// check if we are allowed to upload this file_type
72	// upload de la photo sous un nom temporaire
73	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
74	{
75	array_push( $result['error'], l10n('upload_cannot_upload') );
76	}
77	else
78	{
79	$size = getimagesize( $temp_name );
80	if ( isset( $image_max_width )
81	and $image_max_width != ""
82	and $size[0] > $image_max_width )
83	{
84	array_push( $result['error'],
85	l10n('upload_advise_width').$image_max_width.' px' );
86	}
87	if ( isset( $image_max_height )
88	and $image_max_height != ""
89	and $size[1] > $image_max_height )
90	{
91	array_push( $result['error'],
92	l10n('upload_advise_height').$image_max_height.' px' );
93	}
94	// $size[2] == 1 means GIF
95	// $size[2] == 2 means JPG
96	// $size[2] == 3 means PNG
97	switch ( $size[2] )
98	{
99	case 1 : $result['type'] = 'gif'; break;
100	case 2 : $result['type'] = 'jpg'; break;
101	case 3 : $result['type'] = 'png'; break;
102	default :
103	array_push( $result['error'], l10n('upload_advise_filetype') );
104	}
105	}
106	}
107	if ( sizeof( $result['error'] ) > 0 )
108	{
109	// destruction de l'image avec le nom temporaire
110	@unlink( $temp_name );
111	}
112	else
113	{
114	@chmod( $temp_name, 0644);
115	}
116
117	//------------------------------------------------------------ log informations
118	pwg_log();
119
120	return $result;
121	}
122
123	//-------------------------------------------------- access authorization check
124	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
125	{
126	$page['category'] = $_GET['cat'];
127	}
128
129	if (isset($page['category']))
130	{
131	check_restrictions( $page['category'] );
132	$category = get_cat_info( $page['category'] );
133	$category['cat_dir'] = get_complete_dir( $page['category'] );
134
135	if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
136	{
137	page_forbidden('upload not allowed');
138	}
139	}
140	else { // $page['category'] may be set by a futur plugin but without it
141	bad_request('invalid parameters');
142	}
143
144	$error = array();
145	$page['upload_successful'] = false;
146	if ( isset( $_GET['waiting_id'] ) )
147	{
148	$page['waiting_id'] = $_GET['waiting_id'];
149	}
150	//-------------------------------------------------------------- picture upload
151	// verfying fields
152	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
153	{
154	$path = $category['cat_dir'].$_FILES['picture']['name'];
155	if ( @is_file( $path ) )
156	{
157	array_push( $error, l10n('upload_file_exists') );
158	}
159	// test de la présence des champs obligatoires
160	if ( empty($_FILES['picture']['name']))
161	{
162	array_push( $error, l10n('upload_filenotfound') );
163	}
164	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
165	$_POST['mail_address'] ) )
166	{
167	array_push( $error, l10n('reg_err_mail_address') );
168	}
169	if ( empty($_POST['username']) )
170	{
171	array_push( $error, l10n('upload_err_username') );
172	}
173
174	$date_creation = '';
175	if ( !empty($_POST['date_creation']) )
176	{
177	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
178	// int checkdate ( int month, int day, int year)
179	if (checkdate($month, $day, $year))
180	{
181	$date_creation = $year.'-'.$month.'-'.$day;
182	}
183	else
184	{
185	array_push( $error, l10n('err_date') );
186	}
187	}
188	// creation of the "infos" field :
189	// <infos author="Pierrick LE GALL" comment="my comment"
190	// date_creation="2004-08-14" name="" />
191	$xml_infos = '<infos';
192	$xml_infos.= encodeAttribute('author', $_POST['author']);
193	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
194	$xml_infos.= encodeAttribute('date_creation', $date_creation);
195	$xml_infos.= encodeAttribute('name', $_POST['name']);
196	$xml_infos.= ' />';
197
198	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
199	{
200	array_push( $error, l10n('update_wrong_dirname') );
201	}
202
203	if ( sizeof( $error ) == 0 )
204	{
205	$result = validate_upload( $path, $conf['upload_maxfilesize'],
206	$conf['upload_maxwidth'],
207	$conf['upload_maxheight'] );
208	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
209	{
210	array_push( $error, $result['error'][$j] );
211	}
212	}
213
214	if ( sizeof( $error ) == 0 )
215	{
216	$query = 'insert into '.WAITING_TABLE;
217	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
218	$query.= ' values ';
219	$query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
220	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
221	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
222	$query.= ';';
223	pwg_query( $query );
224	$page['waiting_id'] = mysql_insert_id();
225
226	if ($conf['email_admin_on_picture_uploaded'])
227	{
228	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
229
230	$waiting_url = get_absolute_root_url().'admin.php?page=upload';
231
232	$keyargs_content = array
233	(
234	get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
235	get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
236	get_l10n_args('User: %s', $_POST['username']),
237	get_l10n_args('Email: %s', $_POST['mail_address']),
238	get_l10n_args('Picture name: %s', $_POST['name']),
239	get_l10n_args('Author: %s', $_POST['author']),
240	get_l10n_args('Creation date: %s', $_POST['date_creation']),
241	get_l10n_args('Comment: %s', $_POST['comment']),
242	get_l10n_args('', ''),
243	get_l10n_args('Waiting page: %s', $waiting_url)
244	);
245
246	pwg_mail_notification_admins
247	(
248	get_l10n_args('Picture uploaded by %s', $_POST['username']),
249	$keyargs_content
250	);
251	}
252	}
253	}
254
255	//------------------------------------------------------------ thumbnail upload
256	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
257	{
258	// upload of the thumbnail
259	$query = 'select file';
260	$query.= ' from '.WAITING_TABLE;
261	$query.= ' where id = '.$_GET['waiting_id'];
262	$query.= ';';
263	$result= pwg_query( $query );
264	$row = mysql_fetch_array( $result );
265	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
266	$extension = get_extension( $_FILES['picture']['name'] );
267
268	if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
269	{
270	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
271	$result = validate_upload( $path, $conf['upload_maxfilesize'],
272	$conf['upload_maxwidth_thumbnail'],
273	$conf['upload_maxheight_thumbnail'] );
274	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
275	{
276	array_push( $error, $result['error'][$j] );
277	}
278	}
279
280	if ( sizeof( $error ) == 0 )
281	{
282	$query = 'update '.WAITING_TABLE;
283	$query.= " set tn_ext = '".$extension."'";
284	$query.= ' where id = '.$_GET['waiting_id'];
285	$query.= ';';
286	pwg_query( $query );
287	$page['upload_successful'] = true;
288	}
289	}
290
291	//
292	// Start output of page
293	//
294	$title= l10n('upload_title');
295	$page['body_id'] = 'theUploadPage';
296	include(PHPWG_ROOT_PATH.'include/page_header.php');
297	$template->set_filenames(array('upload'=>'upload.tpl'));
298
299	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
300	if ( isset( $page['waiting_id'] ) )
301	{
302	$u_form.= '&waiting_id='.$page['waiting_id'];
303	}
304
305	if ( isset( $page['waiting_id'] ) )
306	{
307	$advise_title=l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
308	}
309	else
310	{
311	$advise_title = l10n('upload_advise');
312	$advise_title.= get_cat_display_name($category['upper_names']);
313	}
314
315	$template->assign(
316	array(
317	'ADVISE_TITLE' => $advise_title,
318	'NAME' => $username,
319	'EMAIL' => $mail_address,
320	'NAME_IMG' => $name,
321	'AUTHOR_IMG' => $author,
322	'DATE_IMG' => $date_creation,
323	'COMMENT_IMG' => $comment,
324
325	'F_ACTION' => $u_form,
326
327	'U_RETURN' => make_index_url(array('category' => $category)),
328	)
329	);
330
331	$template->assign('errors', $error);
332	$template->assign('UPLOAD_SUCCESSFUL', $page['upload_successful'] );
333
334	if ( !$page['upload_successful'] )
335	{
336	//--------------------------------------------------------------------- advises
337	if ( !empty($conf['upload_maxfilesize']) )
338	{
339	$content = l10n('upload_advise_filesize');
340	$content.= $conf['upload_maxfilesize'].' KB';
341	$template->append('advises', $content);
342	}
343
344	if ( isset( $page['waiting_id'] ) )
345	{
346	if ( $conf['upload_maxwidth_thumbnail'] != '' )
347	{
348	$content = l10n('upload_advise_width');
349	$content.= $conf['upload_maxwidth_thumbnail'].' px';
350	$template->append('advises', $content);
351	}
352	if ( $conf['upload_maxheight_thumbnail'] != '' )
353	{
354	$content = l10n('upload_advise_height');
355	$content.= $conf['upload_maxheight_thumbnail'].' px';
356	$template->append('advises', $content);
357	}
358	}
359	else
360	{
361	if ( $conf['upload_maxwidth'] != '' )
362	{
363	$content = l10n('upload_advise_width');
364	$content.= $conf['upload_maxwidth'].' px';
365	$template->append('advises', $content);
366	}
367	if ( $conf['upload_maxheight'] != '' )
368	{
369	$content = l10n('upload_advise_height');
370	$content.= $conf['upload_maxheight'].' px';
371	$template->append('advises', $content);
372	}
373	}
374	$template->append('advises', l10n('upload_advise_filetype'));
375
376	//----------------------------------------- optionnal username and mail address
377	if ( !isset( $page['waiting_id'] ) )
378	{
379	$template->assign('SHOW_FORM_FIELDS', true);
380	}
381	}
382
383	//----------------------------------------------------------- html code display
384	$template->parse('upload');
385	include(PHPWG_ROOT_PATH.'include/page_tail.php');
386	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: