Context Navigation

source: branches/2.0/upload.php @ 3152

Last change on this file since 3152 was 3046, checked in by plg, 16 years ago
Administration: happy new year 2009, all PHP headers updated.
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 14.1 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	define('PHPWG_ROOT_PATH','./');
25
26	// +-----------------------------------------------------------------------+
27	// \| Includes \|
28	// +-----------------------------------------------------------------------+
29	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
30
31	// +-----------------------------------------------------------------------+
32	// \| Check Access and exit when user status is not ok \|
33	// +-----------------------------------------------------------------------+
34	check_status($conf['upload_user_access']);
35
36	$username = !empty($_POST['username']) ? $_POST['username']:(is_classic_user() ? $user['username'] : '');
37	$mail_address = !empty($_POST['mail_address']) ? $_POST['mail_address'] : (is_classic_user() ? $user['email'] : '');
38	$name = !empty($_POST['name']) ? $_POST['name'] : '';
39	$author = !empty($_POST['author']) ? $_POST['author'] : (is_classic_user() ? $user['username'] : '');
40	$date_creation = !empty($_POST['date_creation']) ? $_POST['date_creation'] : '';
41	$comment = !empty($_POST['comment']) ? $_POST['comment'] : '';
42
43	//------------------------------------------------------------------- functions
44	// The validate_upload function checks if the image of the given path is valid.
45	// A picture is valid when :
46	// - width, height and filesize are not higher than the maximum
47	// filesize authorized by the administrator
48	// - the type of the picture is among jpg, gif and png
49	// The function returns an array containing :
50	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
51	// - $result['error'] contains an array with the different errors
52	// found with the picture
53	function validate_upload( $temp_name, $my_max_file_size,
54	$image_max_width, $image_max_height )
55	{
56	global $conf, $lang, $page, $mail_address;
57
58	$result = array();
59	$result['error'] = array();
60	//echo $_FILES['picture']['name']."<br />".$temp_name;
61	$extension = get_extension( $_FILES['picture']['name'] );
62	if (!in_array($extension, $conf['picture_ext']))
63	{
64	array_push( $result['error'], l10n('upload_advise_filetype') );
65	return $result;
66	}
67	if ( !isset( $_FILES['picture'] ) )
68	{
69	// do we even have a file?
70	array_push( $result['error'], "You did not upload anything!" );
71	}
72	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
73	{
74	array_push( $result['error'],
75	l10n('upload_advise_filesize').$my_max_file_size.' KB' );
76	}
77	else
78	{
79	// check if we are allowed to upload this file_type
80	// upload de la photo sous un nom temporaire
81	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
82	{
83	array_push( $result['error'], l10n('upload_cannot_upload') );
84	}
85	else
86	{
87	$size = getimagesize( $temp_name );
88	if ( isset( $image_max_width )
89	and $image_max_width != ""
90	and $size[0] > $image_max_width )
91	{
92	array_push( $result['error'],
93	l10n('upload_advise_width').$image_max_width.' px' );
94	}
95	if ( isset( $image_max_height )
96	and $image_max_height != ""
97	and $size[1] > $image_max_height )
98	{
99	array_push( $result['error'],
100	l10n('upload_advise_height').$image_max_height.' px' );
101	}
102	// $size[2] == 1 means GIF
103	// $size[2] == 2 means JPG
104	// $size[2] == 3 means PNG
105	switch ( $size[2] )
106	{
107	case 1 : $result['type'] = 'gif'; break;
108	case 2 : $result['type'] = 'jpg'; break;
109	case 3 : $result['type'] = 'png'; break;
110	default :
111	array_push( $result['error'], l10n('upload_advise_filetype') );
112	}
113	}
114	}
115	if ( sizeof( $result['error'] ) > 0 )
116	{
117	// destruction de l'image avec le nom temporaire
118	@unlink( $temp_name );
119	}
120	else
121	{
122	@chmod( $temp_name, 0644);
123	}
124
125	//------------------------------------------------------------ log informations
126	pwg_log();
127
128	return $result;
129	}
130
131	//-------------------------------------------------- access authorization check
132	if (isset($_POST['category']) and is_numeric($_POST['category']))
133	{
134	$page['category'] = $_POST['category'];
135	}
136	else
137	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
138	{
139	$page['category'] = $_GET['cat'];
140	}
141	else
142	{
143	$page['category'] = null;
144	}
145
146	if (! empty($page['category']))
147	{
148	check_restrictions($page['category']);
149	$category = get_cat_info($page['category']);
150	$category['cat_dir'] = get_complete_dir($page['category']);
151
152	if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
153	{
154	page_forbidden('upload not allowed');
155	}
156	}
157	else
158	{
159	if (isset($_POST['submit']))
160	{
161	// $page['category'] may be set by a futur plugin but without it
162	bad_request('invalid parameters');
163	}
164	else
165	{
166	$category = null;
167	}
168	}
169
170	$error = array();
171	$page['upload_successful'] = false;
172	if ( isset( $_GET['waiting_id'] ) )
173	{
174	$page['waiting_id'] = $_GET['waiting_id'];
175	}
176
177	//-------------------------------------------------------------- picture upload
178	// verfying fields
179	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
180	{
181	$path = $category['cat_dir'].$_FILES['picture']['name'];
182	if ( @is_file( $path ) )
183	{
184	array_push( $error, l10n('upload_file_exists') );
185	}
186	// test de la présence des champs obligatoires
187	if ( empty($_FILES['picture']['name']))
188	{
189	array_push( $error, l10n('upload_filenotfound') );
190	}
191	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
192	$_POST['mail_address'] ) )
193	{
194	array_push( $error, l10n('reg_err_mail_address') );
195	}
196	if ( empty($_POST['username']) )
197	{
198	array_push( $error, l10n('upload_err_username') );
199	}
200
201	$date_creation = '';
202	if ( !empty($_POST['date_creation']) )
203	{
204	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
205	// int checkdate ( int month, int day, int year)
206	if (checkdate($month, $day, $year))
207	{
208	$date_creation = $year.'-'.$month.'-'.$day;
209	}
210	else
211	{
212	array_push( $error, l10n('err_date') );
213	}
214	}
215	// creation of the "infos" field :
216	// <infos author="Pierrick LE GALL" comment="my comment"
217	// date_creation="2004-08-14" name="" />
218	$xml_infos = '<infos ';
219	$xml_infos.= encodeAttribute('author', $_POST['author']);
220	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
221	$xml_infos.= encodeAttribute('date_creation', $date_creation);
222	$xml_infos.= encodeAttribute('name', $_POST['name']);
223	$xml_infos.= ' />';
224
225	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
226	{
227	array_push( $error, l10n('update_wrong_dirname') );
228	}
229
230	if ( sizeof( $error ) == 0 )
231	{
232	$result = validate_upload( $path, $conf['upload_maxfilesize'],
233	$conf['upload_maxwidth'],
234	$conf['upload_maxheight'] );
235	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
236	{
237	array_push( $error, $result['error'][$j] );
238	}
239	}
240
241	if ( sizeof( $error ) == 0 )
242	{
243	$query = 'insert into '.WAITING_TABLE;
244	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
245	$query.= ' values ';
246	$query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
247	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
248	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
249	$query.= ';';
250	pwg_query( $query );
251	$page['waiting_id'] = mysql_insert_id();
252
253	if ($conf['email_admin_on_picture_uploaded'])
254	{
255	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
256
257	$waiting_url = get_absolute_root_url().'admin.php?page=upload';
258
259	$keyargs_content = array
260	(
261	get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
262	get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
263	get_l10n_args('User: %s', $_POST['username']),
264	get_l10n_args('Email: %s', $_POST['mail_address']),
265	get_l10n_args('Picture name: %s', $_POST['name']),
266	get_l10n_args('Author: %s', $_POST['author']),
267	get_l10n_args('Creation date: %s', $_POST['date_creation']),
268	get_l10n_args('Comment: %s', $_POST['comment']),
269	get_l10n_args('', ''),
270	get_l10n_args('Waiting page: %s', $waiting_url)
271	);
272
273	pwg_mail_notification_admins
274	(
275	get_l10n_args('Picture uploaded by %s', $_POST['username']),
276	$keyargs_content
277	);
278	}
279	}
280	}
281
282	//------------------------------------------------------------ thumbnail upload
283	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
284	{
285	// upload of the thumbnail
286	$query = 'select file';
287	$query.= ' from '.WAITING_TABLE;
288	$query.= ' where id = '.$_GET['waiting_id'];
289	$query.= ';';
290	$result= pwg_query( $query );
291	$row = mysql_fetch_array( $result );
292	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
293	$extension = get_extension( $_FILES['picture']['name'] );
294
295	if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
296	{
297	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
298	$result = validate_upload( $path, $conf['upload_maxfilesize'],
299	$conf['upload_maxwidth_thumbnail'],
300	$conf['upload_maxheight_thumbnail'] );
301	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
302	{
303	array_push( $error, $result['error'][$j] );
304	}
305	}
306
307	if ( sizeof( $error ) == 0 )
308	{
309	$query = 'update '.WAITING_TABLE;
310	$query.= " set tn_ext = '".$extension."'";
311	$query.= ' where id = '.$_GET['waiting_id'];
312	$query.= ';';
313	pwg_query( $query );
314	$page['upload_successful'] = true;
315	}
316	}
317
318	//
319	// Start output of page
320	//
321	$title= l10n('upload_title');
322	$page['body_id'] = 'theUploadPage';
323	include(PHPWG_ROOT_PATH.'include/page_header.php');
324	$template->set_filenames(array('upload'=>'upload.tpl'));
325
326	// Load category list
327	$query = '
328	SELECT
329	id, name, uppercats, global_rank
330	FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_CACHE_CATEGORIES_TABLE.'
331	ON id = cat_id and user_id = '.$user['id'].'
332	WHERE
333	uploadable = \'true\'
334	'.get_sql_condition_FandF
335	(
336	array
337	(
338	'visible_categories' => 'id',
339	),
340	'AND'
341	).'
342	;';
343	display_select_cat_wrapper($query, array($page['category']), 'categories');
344
345	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
346	if ( isset( $page['waiting_id'] ) )
347	{
348	$u_form.= '&waiting_id='.$page['waiting_id'];
349	}
350
351	if ( isset( $page['waiting_id'] ) )
352	{
353	$advise_title = l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
354	}
355	else
356	{
357	$advise_title = l10n('Choose an image');
358	}
359
360	$template->assign(
361	array(
362	'ADVISE_TITLE' => $advise_title,
363	'NAME' => $username,
364	'EMAIL' => $mail_address,
365	'NAME_IMG' => $name,
366	'AUTHOR_IMG' => $author,
367	'DATE_IMG' => $date_creation,
368	'COMMENT_IMG' => $comment,
369
370	'F_ACTION' => $u_form,
371
372	'U_RETURN' => make_index_url(array('category' => $category)),
373	)
374	);
375
376	$template->assign('errors', $error);
377	$template->assign('UPLOAD_SUCCESSFUL', $page['upload_successful'] );
378
379	if ( !$page['upload_successful'] )
380	{
381	//--------------------------------------------------------------------- advises
382	if ( !empty($conf['upload_maxfilesize']) )
383	{
384	$content = l10n('upload_advise_filesize');
385	$content.= $conf['upload_maxfilesize'].' KB';
386	$template->append('advises', $content);
387	}
388
389	if ( isset( $page['waiting_id'] ) )
390	{
391	if ( $conf['upload_maxwidth_thumbnail'] != '' )
392	{
393	$content = l10n('upload_advise_width');
394	$content.= $conf['upload_maxwidth_thumbnail'].' px';
395	$template->append('advises', $content);
396	}
397	if ( $conf['upload_maxheight_thumbnail'] != '' )
398	{
399	$content = l10n('upload_advise_height');
400	$content.= $conf['upload_maxheight_thumbnail'].' px';
401	$template->append('advises', $content);
402	}
403	}
404	else
405	{
406	if ( $conf['upload_maxwidth'] != '' )
407	{
408	$content = l10n('upload_advise_width');
409	$content.= $conf['upload_maxwidth'].' px';
410	$template->append('advises', $content);
411	}
412	if ( $conf['upload_maxheight'] != '' )
413	{
414	$content = l10n('upload_advise_height');
415	$content.= $conf['upload_maxheight'].' px';
416	$template->append('advises', $content);
417	}
418	}
419	$template->append('advises', l10n('upload_advise_filetype'));
420
421	//----------------------------------------- optionnal username and mail address
422	if ( !isset( $page['waiting_id'] ) )
423	{
424	$template->assign('SHOW_FORM_FIELDS', true);
425	}
426	}
427
428	//----------------------------------------------------------- html code display
429	$template->parse('upload');
430	include(PHPWG_ROOT_PATH.'include/page_tail.php');
431	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: