Context Navigation

source: trunk/upload.php @ 2485

Last change on this file since 2485 was 2485, checked in by rvelices, 16 years ago

Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 14.4 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	define('PHPWG_ROOT_PATH','./');
25
26	// +-----------------------------------------------------------------------+
27	// \| Includes \|
28	// +-----------------------------------------------------------------------+
29	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
30	include_once(PHPWG_ROOT_PATH.'include/upload.class.php');
31
32	// +-----------------------------------------------------------------------+
33	// \| Check Access and exit when user status is not ok \|
34	// +-----------------------------------------------------------------------+
35	check_status($conf['upload_user_access']);
36
37	// +-----------------------------------------------------------------------+
38	// \| Create upload object \|
39	// +-----------------------------------------------------------------------+
40	$upload = new Upload();
41
42
43	$username = !empty($_POST['username']) ? $_POST['username']:(is_classic_user() ? $user['username'] : '');
44	$mail_address = !empty($_POST['mail_address']) ? $_POST['mail_address'] : (is_classic_user() ? $user['email'] : '');
45	$name = !empty($_POST['name']) ? $_POST['name'] : '';
46	$author = !empty($_POST['author']) ? $_POST['author'] : (is_classic_user() ? $user['username'] : '');
47	$date_creation = !empty($_POST['date_creation']) ? $_POST['date_creation'] : '';
48	$comment = !empty($_POST['comment']) ? $_POST['comment'] : '';
49
50	//------------------------------------------------------------------- functions
51	// The validate_upload function checks if the image of the given path is valid.
52	// A picture is valid when :
53	// - width, height and filesize are not higher than the maximum
54	// filesize authorized by the administrator
55	// - the type of the picture is among jpg, gif and png
56	// The function returns an array containing :
57	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
58	// - $result['error'] contains an array with the different errors
59	// found with the picture
60	function validate_upload( $temp_name, $my_max_file_size,
61	$image_max_width, $image_max_height )
62	{
63	global $conf, $lang, $page, $mail_address;
64
65	$result = array();
66	$result['error'] = array();
67	//echo $_FILES['picture']['name']."<br />".$temp_name;
68	$extension = get_extension( $_FILES['picture']['name'] );
69	if (!in_array($extension, $conf['picture_ext']))
70	{
71	array_push( $result['error'], l10n('upload_advise_filetype') );
72	return $result;
73	}
74	if ( !isset( $_FILES['picture'] ) )
75	{
76	// do we even have a file?
77	array_push( $result['error'], "You did not upload anything!" );
78	}
79	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
80	{
81	array_push( $result['error'],
82	l10n('upload_advise_filesize').$my_max_file_size.' KB' );
83	}
84	else
85	{
86	// check if we are allowed to upload this file_type
87	// upload de la photo sous un nom temporaire
88	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
89	{
90	array_push( $result['error'], l10n('upload_cannot_upload') );
91	}
92	else
93	{
94	$size = getimagesize( $temp_name );
95	if ( isset( $image_max_width )
96	and $image_max_width != ""
97	and $size[0] > $image_max_width )
98	{
99	array_push( $result['error'],
100	l10n('upload_advise_width').$image_max_width.' px' );
101	}
102	if ( isset( $image_max_height )
103	and $image_max_height != ""
104	and $size[1] > $image_max_height )
105	{
106	array_push( $result['error'],
107	l10n('upload_advise_height').$image_max_height.' px' );
108	}
109	// $size[2] == 1 means GIF
110	// $size[2] == 2 means JPG
111	// $size[2] == 3 means PNG
112	switch ( $size[2] )
113	{
114	case 1 : $result['type'] = 'gif'; break;
115	case 2 : $result['type'] = 'jpg'; break;
116	case 3 : $result['type'] = 'png'; break;
117	default :
118	array_push( $result['error'], l10n('upload_advise_filetype') );
119	}
120	}
121	}
122	if ( sizeof( $result['error'] ) > 0 )
123	{
124	// destruction de l'image avec le nom temporaire
125	@unlink( $temp_name );
126	}
127	else
128	{
129	@chmod( $temp_name, 0644);
130	}
131
132	//------------------------------------------------------------ log informations
133	pwg_log();
134
135	return $result;
136	}
137
138	//-------------------------------------------------- access authorization check
139	if (isset($_POST['category']) and is_numeric($_POST['category']))
140	{
141	$page['category'] = $_POST['category'];
142	}
143	else
144	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
145	{
146	$page['category'] = $_GET['cat'];
147	}
148	else
149	{
150	$page['category'] = null;
151	}
152
153	if (! empty($page['category']))
154	{
155	check_restrictions($page['category']);
156	$category = get_cat_info($page['category']);
157	$category['cat_dir'] = get_complete_dir($page['category']);
158
159	if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
160	{
161	page_forbidden('upload not allowed');
162	}
163	}
164	else
165	{
166	if (isset($_POST['submit']))
167	{
168	// $page['category'] may be set by a futur plugin but without it
169	bad_request('invalid parameters');
170	}
171	else
172	{
173	$category = null;
174	}
175	}
176
177	$error = array();
178	$page['upload_successful'] = false;
179	if ( isset( $_GET['waiting_id'] ) )
180	{
181	$page['waiting_id'] = $_GET['waiting_id'];
182	}
183
184	//-------------------------------------------------------------- picture upload
185	// verfying fields
186	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
187	{
188	$path = $category['cat_dir'].$_FILES['picture']['name'];
189	if ( @is_file( $path ) )
190	{
191	array_push( $error, l10n('upload_file_exists') );
192	}
193	// test de la présence des champs obligatoires
194	if ( empty($_FILES['picture']['name']))
195	{
196	array_push( $error, l10n('upload_filenotfound') );
197	}
198	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
199	$_POST['mail_address'] ) )
200	{
201	array_push( $error, l10n('reg_err_mail_address') );
202	}
203	if ( empty($_POST['username']) )
204	{
205	array_push( $error, l10n('upload_err_username') );
206	}
207
208	$date_creation = '';
209	if ( !empty($_POST['date_creation']) )
210	{
211	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
212	// int checkdate ( int month, int day, int year)
213	if (checkdate($month, $day, $year))
214	{
215	$date_creation = $year.'-'.$month.'-'.$day;
216	}
217	else
218	{
219	array_push( $error, l10n('err_date') );
220	}
221	}
222	// creation of the "infos" field :
223	// <infos author="Pierrick LE GALL" comment="my comment"
224	// date_creation="2004-08-14" name="" />
225	$xml_infos = '<infos ';
226	$xml_infos.= encodeAttribute('author', $_POST['author']);
227	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
228	$xml_infos.= encodeAttribute('date_creation', $date_creation);
229	$xml_infos.= encodeAttribute('name', $_POST['name']);
230	$xml_infos.= ' />';
231
232	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
233	{
234	array_push( $error, l10n('update_wrong_dirname') );
235	}
236
237	if ( sizeof( $error ) == 0 )
238	{
239	$result = validate_upload( $path, $conf['upload_maxfilesize'],
240	$conf['upload_maxwidth'],
241	$conf['upload_maxheight'] );
242	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
243	{
244	array_push( $error, $result['error'][$j] );
245	}
246	}
247
248	if ( sizeof( $error ) == 0 )
249	{
250	$query = 'insert into '.WAITING_TABLE;
251	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
252	$query.= ' values ';
253	$query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
254	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
255	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
256	$query.= ';';
257	pwg_query( $query );
258	$page['waiting_id'] = mysql_insert_id();
259
260	if ($conf['email_admin_on_picture_uploaded'])
261	{
262	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
263
264	$waiting_url = get_absolute_root_url().'admin.php?page=upload';
265
266	$keyargs_content = array
267	(
268	get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
269	get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
270	get_l10n_args('User: %s', $_POST['username']),
271	get_l10n_args('Email: %s', $_POST['mail_address']),
272	get_l10n_args('Picture name: %s', $_POST['name']),
273	get_l10n_args('Author: %s', $_POST['author']),
274	get_l10n_args('Creation date: %s', $_POST['date_creation']),
275	get_l10n_args('Comment: %s', $_POST['comment']),
276	get_l10n_args('', ''),
277	get_l10n_args('Waiting page: %s', $waiting_url)
278	);
279
280	pwg_mail_notification_admins
281	(
282	get_l10n_args('Picture uploaded by %s', $_POST['username']),
283	$keyargs_content
284	);
285	}
286	}
287	}
288
289	//------------------------------------------------------------ thumbnail upload
290	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
291	{
292	// upload of the thumbnail
293	$query = 'select file';
294	$query.= ' from '.WAITING_TABLE;
295	$query.= ' where id = '.$_GET['waiting_id'];
296	$query.= ';';
297	$result= pwg_query( $query );
298	$row = mysql_fetch_array( $result );
299	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
300	$extension = get_extension( $_FILES['picture']['name'] );
301
302	if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
303	{
304	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
305	$result = validate_upload( $path, $conf['upload_maxfilesize'],
306	$conf['upload_maxwidth_thumbnail'],
307	$conf['upload_maxheight_thumbnail'] );
308	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
309	{
310	array_push( $error, $result['error'][$j] );
311	}
312	}
313
314	if ( sizeof( $error ) == 0 )
315	{
316	$query = 'update '.WAITING_TABLE;
317	$query.= " set tn_ext = '".$extension."'";
318	$query.= ' where id = '.$_GET['waiting_id'];
319	$query.= ';';
320	pwg_query( $query );
321	$page['upload_successful'] = true;
322	}
323	}
324
325	//
326	// Start output of page
327	//
328	$title= l10n('upload_title');
329	$page['body_id'] = 'theUploadPage';
330	include(PHPWG_ROOT_PATH.'include/page_header.php');
331	$template->set_filenames(array('upload'=>'upload.tpl'));
332
333	// Load category list
334	$query = '
335	SELECT
336	id, name, uppercats, global_rank
337	FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_CACHE_CATEGORIES_TABLE.'
338	ON id = cat_id and user_id = '.$user['id'].'
339	WHERE
340	uploadable = \'true\'
341	'.get_sql_condition_FandF
342	(
343	array
344	(
345	'visible_categories' => 'id',
346	),
347	'AND'
348	).'
349	;';
350	display_select_cat_wrapper($query, array($page['category']), 'categories');
351
352	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
353	if ( isset( $page['waiting_id'] ) )
354	{
355	$u_form.= '&waiting_id='.$page['waiting_id'];
356	}
357
358	if ( isset( $page['waiting_id'] ) )
359	{
360	$advise_title = l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
361	}
362	else
363	{
364	$advise_title = l10n('Choose an image');
365	}
366
367	$template->assign(
368	array(
369	'ADVISE_TITLE' => $advise_title,
370	'NAME' => $username,
371	'EMAIL' => $mail_address,
372	'NAME_IMG' => $name,
373	'AUTHOR_IMG' => $author,
374	'DATE_IMG' => $date_creation,
375	'COMMENT_IMG' => $comment,
376
377	'F_ACTION' => $u_form,
378
379	'U_RETURN' => make_index_url(array('category' => $category)),
380	)
381	);
382
383	$template->assign('errors', $error);
384	$template->assign('UPLOAD_SUCCESSFUL', $page['upload_successful'] );
385
386	if ( !$page['upload_successful'] )
387	{
388	//--------------------------------------------------------------------- advises
389	if ( !empty($conf['upload_maxfilesize']) )
390	{
391	$content = l10n('upload_advise_filesize');
392	$content.= $conf['upload_maxfilesize'].' KB';
393	$template->append('advises', $content);
394	}
395
396	if ( isset( $page['waiting_id'] ) )
397	{
398	if ( $conf['upload_maxwidth_thumbnail'] != '' )
399	{
400	$content = l10n('upload_advise_width');
401	$content.= $conf['upload_maxwidth_thumbnail'].' px';
402	$template->append('advises', $content);
403	}
404	if ( $conf['upload_maxheight_thumbnail'] != '' )
405	{
406	$content = l10n('upload_advise_height');
407	$content.= $conf['upload_maxheight_thumbnail'].' px';
408	$template->append('advises', $content);
409	}
410	}
411	else
412	{
413	if ( $conf['upload_maxwidth'] != '' )
414	{
415	$content = l10n('upload_advise_width');
416	$content.= $conf['upload_maxwidth'].' px';
417	$template->append('advises', $content);
418	}
419	if ( $conf['upload_maxheight'] != '' )
420	{
421	$content = l10n('upload_advise_height');
422	$content.= $conf['upload_maxheight'].' px';
423	$template->append('advises', $content);
424	}
425	}
426	$template->append('advises', l10n('upload_advise_filetype'));
427
428	//----------------------------------------- optionnal username and mail address
429	if ( !isset( $page['waiting_id'] ) )
430	{
431	$template->assign('SHOW_FORM_FIELDS', true);
432	}
433	}
434
435	//----------------------------------------------------------- html code display
436	$template->parse('upload');
437	include(PHPWG_ROOT_PATH.'include/page_tail.php');
438	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: