source: branches/2.0/upload.php @ 26704

Last change on this file since 26704 was 4036, checked in by patdenice, 15 years ago

Replace another depreciated functions.
Depreciated functions were removed in trunk in commit 3747 by Eric.

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 14.1 KB
RevLine 
[2]1<?php
[354]2// +-----------------------------------------------------------------------+
[2297]3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
[3046]5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
[2297]6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
[2325]23
[364]24define('PHPWG_ROOT_PATH','./');
[345]25
[2325]26// +-----------------------------------------------------------------------+
27// | Includes                                                              |
28// +-----------------------------------------------------------------------+
29include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
[1850]30
[2325]31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status($conf['upload_user_access']);
[1631]35
[2325]36$username = !empty($_POST['username']) ? $_POST['username']:(is_classic_user() ? $user['username'] : '');
37$mail_address = !empty($_POST['mail_address']) ? $_POST['mail_address'] : (is_classic_user() ? $user['email'] : '');
38$name = !empty($_POST['name']) ? $_POST['name'] : '';
39$author = !empty($_POST['author']) ? $_POST['author'] : (is_classic_user() ? $user['username'] : '');
40$date_creation = !empty($_POST['date_creation']) ? $_POST['date_creation'] : '';
41$comment = !empty($_POST['comment']) ? $_POST['comment'] : '';
42
[10]43//------------------------------------------------------------------- functions
[2]44// The validate_upload function checks if the image of the given path is valid.
45// A picture is valid when :
46//     - width, height and filesize are not higher than the maximum
47//       filesize authorized by the administrator
48//     - the type of the picture is among jpg, gif and png
49// The function returns an array containing :
50//     - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
51//     - $result['error'] contains an array with the different errors
52//       found with the picture
53function validate_upload( $temp_name, $my_max_file_size,
54                          $image_max_width, $image_max_height )
55{
[1631]56  global $conf, $lang, $page, $mail_address;
57
[2]58  $result = array();
59  $result['error'] = array();
60  //echo $_FILES['picture']['name']."<br />".$temp_name;
61  $extension = get_extension( $_FILES['picture']['name'] );
[585]62  if (!in_array($extension, $conf['picture_ext']))
[2]63  {
[1631]64    array_push( $result['error'], l10n('upload_advise_filetype') );
[2]65    return $result;
66  }
67  if ( !isset( $_FILES['picture'] ) )
68  {
69    // do we even have a file?
[19]70    array_push( $result['error'], "You did not upload anything!" );
[2]71  }
72  else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
73  {
[19]74    array_push( $result['error'],
[1631]75                l10n('upload_advise_filesize').$my_max_file_size.' KB' );
[2]76  }
77  else
78  {
79    // check if we are allowed to upload this file_type
80    // upload de la photo sous un nom temporaire
81    if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
82    {
[1631]83      array_push( $result['error'], l10n('upload_cannot_upload') );
[2]84    }
85    else
86    {
87      $size = getimagesize( $temp_name );
88      if ( isset( $image_max_width )
[10]89           and $image_max_width != ""
90           and $size[0] > $image_max_width )
[2]91      {
[19]92        array_push( $result['error'],
[1631]93                    l10n('upload_advise_width').$image_max_width.' px' );
[2]94      }
95      if ( isset( $image_max_height )
[10]96           and $image_max_height != ""
97           and $size[1] > $image_max_height )
[2]98      {
[19]99        array_push( $result['error'],
[1631]100                    l10n('upload_advise_height').$image_max_height.' px' );
[2]101      }
102      // $size[2] == 1 means GIF
103      // $size[2] == 2 means JPG
104      // $size[2] == 3 means PNG
[19]105      switch ( $size[2] )
[2]106      {
[19]107      case 1 : $result['type'] = 'gif'; break;
108      case 2 : $result['type'] = 'jpg'; break;
109      case 3 : $result['type'] = 'png'; break;
110      default :
[2265]111        array_push( $result['error'], l10n('upload_advise_filetype') );
[2]112      }
113    }
114  }
115  if ( sizeof( $result['error'] ) > 0 )
116  {
117    // destruction de l'image avec le nom temporaire
118    @unlink( $temp_name );
119  }
[345]120  else
121  {
[587]122    @chmod( $temp_name, 0644);
[345]123  }
[1631]124
125  //------------------------------------------------------------ log informations
[1843]126  pwg_log();
[1631]127
[2]128  return $result;
[1631]129}
[345]130
[2]131//-------------------------------------------------- access authorization check
[2325]132if (isset($_POST['category']) and is_numeric($_POST['category']))
133{
134  $page['category'] = $_POST['category'];
135}
136else
[2033]137if (isset($_GET['cat']) and is_numeric($_GET['cat']))
[2]138{
[1843]139  $page['category'] = $_GET['cat'];
[1036]140}
[2325]141else
142{
143  $page['category'] = null;
144}
[1036]145
[2325]146if (! empty($page['category']))
[1036]147{
[2325]148  check_restrictions($page['category']);
149  $category = get_cat_info($page['category']);
150  $category['cat_dir'] = get_complete_dir($page['category']);
[2265]151
[1861]152  if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
[667]153  {
[2265]154    page_forbidden('upload not allowed');
[667]155  }
[2]156}
[2325]157else
158{
159  if (isset($_POST['submit']))
160  {
161    // $page['category'] may be set by a futur plugin but without it
162    bad_request('invalid parameters');
163  }
164  else
165  {
166    $category = null;
167  }
[2033]168}
[10]169
[2]170$error = array();
171$page['upload_successful'] = false;
172if ( isset( $_GET['waiting_id'] ) )
173{
174  $page['waiting_id'] = $_GET['waiting_id'];
175}
[2325]176
[2]177//-------------------------------------------------------------- picture upload
[26]178// verfying fields
[10]179if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
[2]180{
[1861]181  $path = $category['cat_dir'].$_FILES['picture']['name'];
[2]182  if ( @is_file( $path ) )
183  {
[1631]184    array_push( $error, l10n('upload_file_exists') );
[2]185  }
186  // test de la présence des champs obligatoires
[369]187  if ( empty($_FILES['picture']['name']))
[2]188  {
[1631]189    array_push( $error, l10n('upload_filenotfound') );
[2]190  }
[4036]191  if ( !preg_match( '/([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)/',
[2]192             $_POST['mail_address'] ) )
193  {
[1631]194    array_push( $error, l10n('reg_err_mail_address') );
[2]195  }
[369]196  if ( empty($_POST['username']) )
[2]197  {
[1631]198    array_push( $error, l10n('upload_err_username') );
[2]199  }
[2265]200
[345]201  $date_creation = '';
[369]202  if ( !empty($_POST['date_creation']) )
[26]203  {
204    list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
205    // int checkdate ( int month, int day, int year)
[488]206    if (checkdate($month, $day, $year))
[26]207    {
[488]208      $date_creation = $year.'-'.$month.'-'.$day;
[26]209    }
210    else
211    {
[1631]212      array_push( $error, l10n('err_date') );
[26]213    }
214  }
215  // creation of the "infos" field :
216  // <infos author="Pierrick LE GALL" comment="my comment"
[488]217  //        date_creation="2004-08-14" name="" />
[2485]218  $xml_infos = '<infos ';
[1058]219  $xml_infos.= encodeAttribute('author', $_POST['author']);
220  $xml_infos.= encodeAttribute('comment', $_POST['comment']);
221  $xml_infos.= encodeAttribute('date_creation', $date_creation);
222  $xml_infos.= encodeAttribute('name', $_POST['name']);
[26]223  $xml_infos.= ' />';
[345]224
225  if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
226  {
[1631]227    array_push( $error, l10n('update_wrong_dirname') );
[345]228  }
[2265]229
[2]230  if ( sizeof( $error ) == 0 )
231  {
232    $result = validate_upload( $path, $conf['upload_maxfilesize'],
233                               $conf['upload_maxwidth'],
234                               $conf['upload_maxheight']  );
235    for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
236    {
[26]237      array_push( $error, $result['error'][$j] );
[2]238    }
239  }
240
241  if ( sizeof( $error ) == 0 )
242  {
[369]243    $query = 'insert into '.WAITING_TABLE;
[61]244    $query.= ' (storage_category_id,file,username,mail_address,date,infos)';
245    $query.= ' values ';
[1843]246    $query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
[2]247    $query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
[26]248    $query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
[2]249    $query.= ';';
[587]250    pwg_query( $query );
[2]251    $page['waiting_id'] = mysql_insert_id();
[1901]252
253    if ($conf['email_admin_on_picture_uploaded'])
254    {
255      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
256
[1915]257      $waiting_url = get_absolute_root_url().'admin.php?page=upload';
[1901]258
[1908]259      $keyargs_content = array
260      (
261        get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
262        get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
263        get_l10n_args('User: %s', $_POST['username']),
264        get_l10n_args('Email: %s', $_POST['mail_address']),
265        get_l10n_args('Picture name: %s', $_POST['name']),
266        get_l10n_args('Author: %s', $_POST['author']),
267        get_l10n_args('Creation date: %s', $_POST['date_creation']),
268        get_l10n_args('Comment: %s', $_POST['comment']),
269        get_l10n_args('', ''),
270        get_l10n_args('Waiting page: %s', $waiting_url)
271      );
[1901]272
[1908]273      pwg_mail_notification_admins
[1901]274      (
[1908]275        get_l10n_args('Picture uploaded by %s', $_POST['username']),
276        $keyargs_content
[1901]277      );
278    }
[2]279  }
280}
[369]281
[2]282//------------------------------------------------------------ thumbnail upload
[10]283if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
[2]284{
285  // upload of the thumbnail
286  $query = 'select file';
[369]287  $query.= ' from '.WAITING_TABLE;
[2]288  $query.= ' where id = '.$_GET['waiting_id'];
289  $query.= ';';
[587]290  $result= pwg_query( $query );
[2]291  $row = mysql_fetch_array( $result );
292  $file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
293  $extension = get_extension( $_FILES['picture']['name'] );
[1631]294
[1861]295  if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
[2]296  {
[1631]297    $path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
298    $result = validate_upload( $path, $conf['upload_maxfilesize'],
299                               $conf['upload_maxwidth_thumbnail'],
300                               $conf['upload_maxheight_thumbnail']  );
301    for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
302    {
303      array_push( $error, $result['error'][$j] );
304    }
[2]305  }
[1631]306
[2]307  if ( sizeof( $error ) == 0 )
308  {
[369]309    $query = 'update '.WAITING_TABLE;
[2]310    $query.= " set tn_ext = '".$extension."'";
311    $query.= ' where id = '.$_GET['waiting_id'];
312    $query.= ';';
[587]313    pwg_query( $query );
[2]314    $page['upload_successful'] = true;
315  }
316}
317
[369]318//
319// Start output of page
320//
[1631]321$title= l10n('upload_title');
322$page['body_id'] = 'theUploadPage';
[369]323include(PHPWG_ROOT_PATH.'include/page_header.php');
324$template->set_filenames(array('upload'=>'upload.tpl'));
325
[2325]326// Load category list
327$query = '
328SELECT
329  id, name, uppercats, global_rank
330FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_CACHE_CATEGORIES_TABLE.'
331  ON id = cat_id and user_id = '.$user['id'].'
332WHERE
333  uploadable = \'true\'
334  '.get_sql_condition_FandF
335    (
336      array
337        (
338          'visible_categories' => 'id',
339        ),
340      'AND'
341    ).'
342;';
343display_select_cat_wrapper($query, array($page['category']), 'categories');
344
[1843]345$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
[369]346if ( isset( $page['waiting_id'] ) )
347{
348$u_form.= '&amp;waiting_id='.$page['waiting_id'];
349}
350
351if ( isset( $page['waiting_id'] ) )
352{
[2325]353  $advise_title = l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
[369]354}
355else
356{
[2325]357  $advise_title = l10n('Choose an image');
[369]358}
359
[2265]360$template->assign(
[1082]361  array(
362    'ADVISE_TITLE' => $advise_title,
363    'NAME' => $username,
364    'EMAIL' => $mail_address,
365    'NAME_IMG' => $name,
366    'AUTHOR_IMG' => $author,
367    'DATE_IMG' => $date_creation,
368    'COMMENT_IMG' => $comment,
[1631]369
[1082]370    'F_ACTION' => $u_form,
[369]371
[1861]372    'U_RETURN' => make_index_url(array('category' => $category)),
[1082]373    )
374  );
[2265]375
376$template->assign('errors', $error);
377$template->assign('UPLOAD_SUCCESSFUL', $page['upload_successful'] );
378
[2]379if ( !$page['upload_successful'] )
380{
381//--------------------------------------------------------------------- advises
[369]382  if ( !empty($conf['upload_maxfilesize']) )
[2]383  {
[1631]384    $content = l10n('upload_advise_filesize');
[2]385    $content.= $conf['upload_maxfilesize'].' KB';
[2265]386    $template->append('advises', $content);
[2]387  }
[369]388
[2]389  if ( isset( $page['waiting_id'] ) )
390  {
391    if ( $conf['upload_maxwidth_thumbnail'] != '' )
392    {
[1631]393      $content = l10n('upload_advise_width');
[2]394      $content.= $conf['upload_maxwidth_thumbnail'].' px';
[2265]395      $template->append('advises', $content);
[2]396    }
397    if ( $conf['upload_maxheight_thumbnail'] != '' )
398    {
[1631]399      $content = l10n('upload_advise_height');
[2]400      $content.= $conf['upload_maxheight_thumbnail'].' px';
[2265]401      $template->append('advises', $content);
[2]402    }
403  }
404  else
405  {
406    if ( $conf['upload_maxwidth'] != '' )
407    {
[1631]408      $content = l10n('upload_advise_width');
[2]409      $content.= $conf['upload_maxwidth'].' px';
[2265]410      $template->append('advises', $content);
[2]411    }
412    if ( $conf['upload_maxheight'] != '' )
413    {
[1631]414      $content = l10n('upload_advise_height');
[2]415      $content.= $conf['upload_maxheight'].' px';
[2265]416      $template->append('advises', $content);
[2]417    }
418  }
[2265]419  $template->append('advises', l10n('upload_advise_filetype'));
420
[2]421//----------------------------------------- optionnal username and mail address
422  if ( !isset( $page['waiting_id'] ) )
423  {
[2265]424    $template->assign('SHOW_FORM_FIELDS', true);
[2]425  }
426}
[1631]427
[2]428//----------------------------------------------------------- html code display
[688]429$template->parse('upload');
[369]430include(PHPWG_ROOT_PATH.'include/page_tail.php');
[362]431?>
Note: See TracBrowser for help on using the repository browser.