Context Navigation

source: trunk/upload.php @ 2342

Last change on this file since 2342 was 2325, checked in by rub, 16 years ago

Resolved issue 0000823: Enhance upload functionalities

First commit, others will be follow.
Not hesitate to change my translations.

Add upload configuration tabsheet (move and add configuration)
Change and add define for access level
Can show upload link every time
Can restrict access upload.class.php
Can choice category on upload page
Add upload class not use for the moment
Review quickly and temporary style of upload.tpl

Property svn:eol-style set to LF
Property svn:keywords set to Author Date Id Revision

File size: 14.4 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	define('PHPWG_ROOT_PATH','./');
25
26	// +-----------------------------------------------------------------------+
27	// \| Includes \|
28	// +-----------------------------------------------------------------------+
29	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
30	include_once(PHPWG_ROOT_PATH.'include/upload.class.php');
31
32	// +-----------------------------------------------------------------------+
33	// \| Check Access and exit when user status is not ok \|
34	// +-----------------------------------------------------------------------+
35	check_status($conf['upload_user_access']);
36
37	// +-----------------------------------------------------------------------+
38	// \| Create upload object \|
39	// +-----------------------------------------------------------------------+
40	$upload = new Upload();
41
42
43	$username = !empty($_POST['username']) ? $_POST['username']:(is_classic_user() ? $user['username'] : '');
44	$mail_address = !empty($_POST['mail_address']) ? $_POST['mail_address'] : (is_classic_user() ? $user['email'] : '');
45	$name = !empty($_POST['name']) ? $_POST['name'] : '';
46	$author = !empty($_POST['author']) ? $_POST['author'] : (is_classic_user() ? $user['username'] : '');
47	$date_creation = !empty($_POST['date_creation']) ? $_POST['date_creation'] : '';
48	$comment = !empty($_POST['comment']) ? $_POST['comment'] : '';
49
50	//------------------------------------------------------------------- functions
51	// The validate_upload function checks if the image of the given path is valid.
52	// A picture is valid when :
53	// - width, height and filesize are not higher than the maximum
54	// filesize authorized by the administrator
55	// - the type of the picture is among jpg, gif and png
56	// The function returns an array containing :
57	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
58	// - $result['error'] contains an array with the different errors
59	// found with the picture
60	function validate_upload( $temp_name, $my_max_file_size,
61	$image_max_width, $image_max_height )
62	{
63	global $conf, $lang, $page, $mail_address;
64
65	$result = array();
66	$result['error'] = array();
67	//echo $_FILES['picture']['name']."<br />".$temp_name;
68	$extension = get_extension( $_FILES['picture']['name'] );
69	if (!in_array($extension, $conf['picture_ext']))
70	{
71	array_push( $result['error'], l10n('upload_advise_filetype') );
72	return $result;
73	}
74	if ( !isset( $_FILES['picture'] ) )
75	{
76	// do we even have a file?
77	array_push( $result['error'], "You did not upload anything!" );
78	}
79	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
80	{
81	array_push( $result['error'],
82	l10n('upload_advise_filesize').$my_max_file_size.' KB' );
83	}
84	else
85	{
86	// check if we are allowed to upload this file_type
87	// upload de la photo sous un nom temporaire
88	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
89	{
90	array_push( $result['error'], l10n('upload_cannot_upload') );
91	}
92	else
93	{
94	$size = getimagesize( $temp_name );
95	if ( isset( $image_max_width )
96	and $image_max_width != ""
97	and $size[0] > $image_max_width )
98	{
99	array_push( $result['error'],
100	l10n('upload_advise_width').$image_max_width.' px' );
101	}
102	if ( isset( $image_max_height )
103	and $image_max_height != ""
104	and $size[1] > $image_max_height )
105	{
106	array_push( $result['error'],
107	l10n('upload_advise_height').$image_max_height.' px' );
108	}
109	// $size[2] == 1 means GIF
110	// $size[2] == 2 means JPG
111	// $size[2] == 3 means PNG
112	switch ( $size[2] )
113	{
114	case 1 : $result['type'] = 'gif'; break;
115	case 2 : $result['type'] = 'jpg'; break;
116	case 3 : $result['type'] = 'png'; break;
117	default :
118	array_push( $result['error'], l10n('upload_advise_filetype') );
119	}
120	}
121	}
122	if ( sizeof( $result['error'] ) > 0 )
123	{
124	// destruction de l'image avec le nom temporaire
125	@unlink( $temp_name );
126	}
127	else
128	{
129	@chmod( $temp_name, 0644);
130	}
131
132	//------------------------------------------------------------ log informations
133	pwg_log();
134
135	return $result;
136	}
137
138	//-------------------------------------------------- access authorization check
139	if (isset($_POST['category']) and is_numeric($_POST['category']))
140	{
141	$page['category'] = $_POST['category'];
142	}
143	else
144	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
145	{
146	$page['category'] = $_GET['cat'];
147	}
148	else
149	{
150	$page['category'] = null;
151	}
152
153	if (! empty($page['category']))
154	{
155	check_restrictions($page['category']);
156	$category = get_cat_info($page['category']);
157	$category['cat_dir'] = get_complete_dir($page['category']);
158
159	if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
160	{
161	page_forbidden('upload not allowed');
162	}
163	}
164	else
165	{
166	if (isset($_POST['submit']))
167	{
168	// $page['category'] may be set by a futur plugin but without it
169	bad_request('invalid parameters');
170	}
171	else
172	{
173	$category = null;
174	}
175	}
176
177	$error = array();
178	$page['upload_successful'] = false;
179	if ( isset( $_GET['waiting_id'] ) )
180	{
181	$page['waiting_id'] = $_GET['waiting_id'];
182	}
183
184	//-------------------------------------------------------------- picture upload
185	// verfying fields
186	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
187	{
188	$path = $category['cat_dir'].$_FILES['picture']['name'];
189	if ( @is_file( $path ) )
190	{
191	array_push( $error, l10n('upload_file_exists') );
192	}
193	// test de la présence des champs obligatoires
194	if ( empty($_FILES['picture']['name']))
195	{
196	array_push( $error, l10n('upload_filenotfound') );
197	}
198	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
199	$_POST['mail_address'] ) )
200	{
201	array_push( $error, l10n('reg_err_mail_address') );
202	}
203	if ( empty($_POST['username']) )
204	{
205	array_push( $error, l10n('upload_err_username') );
206	}
207
208	$date_creation = '';
209	if ( !empty($_POST['date_creation']) )
210	{
211	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
212	// int checkdate ( int month, int day, int year)
213	if (checkdate($month, $day, $year))
214	{
215	$date_creation = $year.'-'.$month.'-'.$day;
216	}
217	else
218	{
219	array_push( $error, l10n('err_date') );
220	}
221	}
222	// creation of the "infos" field :
223	// <infos author="Pierrick LE GALL" comment="my comment"
224	// date_creation="2004-08-14" name="" />
225	$xml_infos = '<infos';
226	$xml_infos.= encodeAttribute('author', $_POST['author']);
227	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
228	$xml_infos.= encodeAttribute('date_creation', $date_creation);
229	$xml_infos.= encodeAttribute('name', $_POST['name']);
230	$xml_infos.= ' />';
231
232	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
233	{
234	array_push( $error, l10n('update_wrong_dirname') );
235	}
236
237	if ( sizeof( $error ) == 0 )
238	{
239	$result = validate_upload( $path, $conf['upload_maxfilesize'],
240	$conf['upload_maxwidth'],
241	$conf['upload_maxheight'] );
242	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
243	{
244	array_push( $error, $result['error'][$j] );
245	}
246	}
247
248	if ( sizeof( $error ) == 0 )
249	{
250	$query = 'insert into '.WAITING_TABLE;
251	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
252	$query.= ' values ';
253	$query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
254	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
255	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
256	$query.= ';';
257	pwg_query( $query );
258	$page['waiting_id'] = mysql_insert_id();
259
260	if ($conf['email_admin_on_picture_uploaded'])
261	{
262	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
263
264	$waiting_url = get_absolute_root_url().'admin.php?page=upload';
265
266	$keyargs_content = array
267	(
268	get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
269	get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
270	get_l10n_args('User: %s', $_POST['username']),
271	get_l10n_args('Email: %s', $_POST['mail_address']),
272	get_l10n_args('Picture name: %s', $_POST['name']),
273	get_l10n_args('Author: %s', $_POST['author']),
274	get_l10n_args('Creation date: %s', $_POST['date_creation']),
275	get_l10n_args('Comment: %s', $_POST['comment']),
276	get_l10n_args('', ''),
277	get_l10n_args('Waiting page: %s', $waiting_url)
278	);
279
280	pwg_mail_notification_admins
281	(
282	get_l10n_args('Picture uploaded by %s', $_POST['username']),
283	$keyargs_content
284	);
285	}
286	}
287	}
288
289	//------------------------------------------------------------ thumbnail upload
290	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
291	{
292	// upload of the thumbnail
293	$query = 'select file';
294	$query.= ' from '.WAITING_TABLE;
295	$query.= ' where id = '.$_GET['waiting_id'];
296	$query.= ';';
297	$result= pwg_query( $query );
298	$row = mysql_fetch_array( $result );
299	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
300	$extension = get_extension( $_FILES['picture']['name'] );
301
302	if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
303	{
304	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
305	$result = validate_upload( $path, $conf['upload_maxfilesize'],
306	$conf['upload_maxwidth_thumbnail'],
307	$conf['upload_maxheight_thumbnail'] );
308	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
309	{
310	array_push( $error, $result['error'][$j] );
311	}
312	}
313
314	if ( sizeof( $error ) == 0 )
315	{
316	$query = 'update '.WAITING_TABLE;
317	$query.= " set tn_ext = '".$extension."'";
318	$query.= ' where id = '.$_GET['waiting_id'];
319	$query.= ';';
320	pwg_query( $query );
321	$page['upload_successful'] = true;
322	}
323	}
324
325	//
326	// Start output of page
327	//
328	$title= l10n('upload_title');
329	$page['body_id'] = 'theUploadPage';
330	include(PHPWG_ROOT_PATH.'include/page_header.php');
331	$template->set_filenames(array('upload'=>'upload.tpl'));
332
333	// Load category list
334	$query = '
335	SELECT
336	id, name, uppercats, global_rank
337	FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_CACHE_CATEGORIES_TABLE.'
338	ON id = cat_id and user_id = '.$user['id'].'
339	WHERE
340	uploadable = \'true\'
341	'.get_sql_condition_FandF
342	(
343	array
344	(
345	'visible_categories' => 'id',
346	),
347	'AND'
348	).'
349	;';
350	display_select_cat_wrapper($query, array($page['category']), 'categories');
351
352	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
353	if ( isset( $page['waiting_id'] ) )
354	{
355	$u_form.= '&waiting_id='.$page['waiting_id'];
356	}
357
358	if ( isset( $page['waiting_id'] ) )
359	{
360	$advise_title = l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
361	}
362	else
363	{
364	$advise_title = l10n('Choose an image');
365	}
366
367	$template->assign(
368	array(
369	'ADVISE_TITLE' => $advise_title,
370	'NAME' => $username,
371	'EMAIL' => $mail_address,
372	'NAME_IMG' => $name,
373	'AUTHOR_IMG' => $author,
374	'DATE_IMG' => $date_creation,
375	'COMMENT_IMG' => $comment,
376
377	'F_ACTION' => $u_form,
378
379	'U_RETURN' => make_index_url(array('category' => $category)),
380	)
381	);
382
383	$template->assign('errors', $error);
384	$template->assign('UPLOAD_SUCCESSFUL', $page['upload_successful'] );
385
386	if ( !$page['upload_successful'] )
387	{
388	//--------------------------------------------------------------------- advises
389	if ( !empty($conf['upload_maxfilesize']) )
390	{
391	$content = l10n('upload_advise_filesize');
392	$content.= $conf['upload_maxfilesize'].' KB';
393	$template->append('advises', $content);
394	}
395
396	if ( isset( $page['waiting_id'] ) )
397	{
398	if ( $conf['upload_maxwidth_thumbnail'] != '' )
399	{
400	$content = l10n('upload_advise_width');
401	$content.= $conf['upload_maxwidth_thumbnail'].' px';
402	$template->append('advises', $content);
403	}
404	if ( $conf['upload_maxheight_thumbnail'] != '' )
405	{
406	$content = l10n('upload_advise_height');
407	$content.= $conf['upload_maxheight_thumbnail'].' px';
408	$template->append('advises', $content);
409	}
410	}
411	else
412	{
413	if ( $conf['upload_maxwidth'] != '' )
414	{
415	$content = l10n('upload_advise_width');
416	$content.= $conf['upload_maxwidth'].' px';
417	$template->append('advises', $content);
418	}
419	if ( $conf['upload_maxheight'] != '' )
420	{
421	$content = l10n('upload_advise_height');
422	$content.= $conf['upload_maxheight'].' px';
423	$template->append('advises', $content);
424	}
425	}
426	$template->append('advises', l10n('upload_advise_filetype'));
427
428	//----------------------------------------- optionnal username and mail address
429	if ( !isset( $page['waiting_id'] ) )
430	{
431	$template->assign('SHOW_FORM_FIELDS', true);
432	}
433	}
434
435	//----------------------------------------------------------- html code display
436	$template->parse('upload');
437	include(PHPWG_ROOT_PATH.'include/page_tail.php');
438	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/upload.php @ 2342

Download in other formats: