Context Navigation

source: trunk/upload.php @ 1710

Last change on this file since 1710 was 1631, checked in by rub, 17 years ago
Fixed Issue ID 0000494: Stats do not currently include Uploads Fixed: Error when thumbnail directory not exists Fixed: Apply current translation norme Fixed: Improvement style sheet (like other PWG sheet)
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 12.9 KB

Rev	Line
[2]	1	<?php
[354]	2	// +-----------------------------------------------------------------------+
[593]	3	// \| PhpWebGallery - a PHP based picture gallery \|
	4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
[1058]	5	// \| Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net \|
[354]	6	// +-----------------------------------------------------------------------+
[593]	7	// \| branch : BSF (Best So Far)
[354]	8	// \| file : $RCSfile$
	9	// \| last update : $Date: 2006-12-03 22:32:02 +0000 (Sun, 03 Dec 2006) $
	10	// \| last modifier : $Author: rub $
	11	// \| revision : $Revision: 1631 $
	12	// +-----------------------------------------------------------------------+
	13	// \| This program is free software; you can redistribute it and/or modify \|
	14	// \| it under the terms of the GNU General Public License as published by \|
	15	// \| the Free Software Foundation \|
	16	// \| \|
	17	// \| This program is distributed in the hope that it will be useful, but \|
	18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	20	// \| General Public License for more details. \|
	21	// \| \|
	22	// \| You should have received a copy of the GNU General Public License \|
	23	// \| along with this program; if not, write to the Free Software \|
	24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	25	// \| USA. \|
	26	// +-----------------------------------------------------------------------+
[364]	27	define('PHPWG_ROOT_PATH','./');
	28	include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
[345]	29
[1631]	30	$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
	31	$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
	32	$name = !empty($_POST['name'])?$_POST['name']:'';
	33	$author = !empty($_POST['author'])?$_POST['author']:'';
	34	$date_creation = !empty($_POST['date_creation'])?$_POST['date_creation']:'';
	35	$comment = !empty($_POST['comment'])?$_POST['comment']:'';
	36
[10]	37	//------------------------------------------------------------------- functions
[2]	38	// The validate_upload function checks if the image of the given path is valid.
	39	// A picture is valid when :
	40	// - width, height and filesize are not higher than the maximum
	41	// filesize authorized by the administrator
	42	// - the type of the picture is among jpg, gif and png
	43	// The function returns an array containing :
	44	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
	45	// - $result['error'] contains an array with the different errors
	46	// found with the picture
	47	function validate_upload( $temp_name, $my_max_file_size,
	48	$image_max_width, $image_max_height )
	49	{
[1631]	50	global $conf, $lang, $page, $mail_address;
	51
[2]	52	$result = array();
	53	$result['error'] = array();
	54	//echo $_FILES['picture']['name']."<br />".$temp_name;
	55	$extension = get_extension( $_FILES['picture']['name'] );
[585]	56	if (!in_array($extension, $conf['picture_ext']))
[2]	57	{
[1631]	58	array_push( $result['error'], l10n('upload_advise_filetype') );
[2]	59	return $result;
	60	}
	61	if ( !isset( $_FILES['picture'] ) )
	62	{
	63	// do we even have a file?
[19]	64	array_push( $result['error'], "You did not upload anything!" );
[2]	65	}
	66	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
	67	{
[19]	68	array_push( $result['error'],
[1631]	69	l10n('upload_advise_filesize').$my_max_file_size.' KB' );
[2]	70	}
	71	else
	72	{
	73	// check if we are allowed to upload this file_type
	74	// upload de la photo sous un nom temporaire
	75	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
	76	{
[1631]	77	array_push( $result['error'], l10n('upload_cannot_upload') );
[2]	78	}
	79	else
	80	{
	81	$size = getimagesize( $temp_name );
	82	if ( isset( $image_max_width )
[10]	83	and $image_max_width != ""
	84	and $size[0] > $image_max_width )
[2]	85	{
[19]	86	array_push( $result['error'],
[1631]	87	l10n('upload_advise_width').$image_max_width.' px' );
[2]	88	}
	89	if ( isset( $image_max_height )
[10]	90	and $image_max_height != ""
	91	and $size[1] > $image_max_height )
[2]	92	{
[19]	93	array_push( $result['error'],
[1631]	94	l10n('upload_advise_height').$image_max_height.' px' );
[2]	95	}
	96	// $size[2] == 1 means GIF
	97	// $size[2] == 2 means JPG
	98	// $size[2] == 3 means PNG
[19]	99	switch ( $size[2] )
[2]	100	{
[19]	101	case 1 : $result['type'] = 'gif'; break;
	102	case 2 : $result['type'] = 'jpg'; break;
	103	case 3 : $result['type'] = 'png'; break;
	104	default :
[1631]	105	array_push( $result['error'], l10n('upload_advise_filetype') );
[2]	106	}
	107	}
	108	}
	109	if ( sizeof( $result['error'] ) > 0 )
	110	{
	111	// destruction de l'image avec le nom temporaire
	112	@unlink( $temp_name );
	113	}
[345]	114	else
	115	{
[587]	116	@chmod( $temp_name, 0644);
[345]	117	}
[1631]	118
	119	//------------------------------------------------------------ log informations
	120	pwg_log('upload',
	121	get_cat_display_name($page['cat_name']),
	122	$_FILES['picture']['name'].
	123	' ['.$mail_address.'] '.'['.($result ? 'OK' : 'KO').']');
	124
[2]	125	return $result;
[1631]	126	}
[345]	127
[2]	128	//-------------------------------------------------- access authorization check
[1036]	129	if (is_numeric($_GET['cat']))
[2]	130	{
[1036]	131	$page['cat'] = $_GET['cat'];
	132	}
	133
	134	if (isset($page['cat']))
	135	{
[2]	136	check_restrictions( $page['cat'] );
	137	$result = get_cat_info( $page['cat'] );
[82]	138	$page['cat_dir'] = get_complete_dir( $page['cat'] );
[38]	139	$page['cat_site_id'] = $result['site_id'];
	140	$page['cat_name'] = $result['name'];
	141	$page['cat_uploadable'] = $result['uploadable'];
[1082]	142
	143	if (url_is_remote($page['cat_dir']) or !$page['cat_uploadable'])
[667]	144	{
[1082]	145	die('Fatal: you take a wrong way, bye bye');
[667]	146	}
[2]	147	}
[10]	148
[2]	149	$error = array();
	150	$page['upload_successful'] = false;
	151	if ( isset( $_GET['waiting_id'] ) )
	152	{
	153	$page['waiting_id'] = $_GET['waiting_id'];
	154	}
	155	//-------------------------------------------------------------- picture upload
[26]	156	// verfying fields
[10]	157	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
[2]	158	{
	159	$path = $page['cat_dir'].$_FILES['picture']['name'];
	160	if ( @is_file( $path ) )
	161	{
[1631]	162	array_push( $error, l10n('upload_file_exists') );
[2]	163	}
	164	// test de la présence des champs obligatoires
[369]	165	if ( empty($_FILES['picture']['name']))
[2]	166	{
[1631]	167	array_push( $error, l10n('upload_filenotfound') );
[2]	168	}
	169	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
	170	$_POST['mail_address'] ) )
	171	{
[1631]	172	array_push( $error, l10n('reg_err_mail_address') );
[2]	173	}
[369]	174	if ( empty($_POST['username']) )
[2]	175	{
[1631]	176	array_push( $error, l10n('upload_err_username') );
[2]	177	}
[345]	178
	179	$date_creation = '';
[369]	180	if ( !empty($_POST['date_creation']) )
[26]	181	{
	182	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
	183	// int checkdate ( int month, int day, int year)
[488]	184	if (checkdate($month, $day, $year))
[26]	185	{
[488]	186	$date_creation = $year.'-'.$month.'-'.$day;
[26]	187	}
	188	else
	189	{
[1631]	190	array_push( $error, l10n('err_date') );
[26]	191	}
	192	}
	193	// creation of the "infos" field :
	194	// <infos author="Pierrick LE GALL" comment="my comment"
[488]	195	// date_creation="2004-08-14" name="" />
[26]	196	$xml_infos = '<infos';
[1058]	197	$xml_infos.= encodeAttribute('author', $_POST['author']);
	198	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
	199	$xml_infos.= encodeAttribute('date_creation', $date_creation);
	200	$xml_infos.= encodeAttribute('name', $_POST['name']);
[26]	201	$xml_infos.= ' />';
[345]	202
	203	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
	204	{
[1631]	205	array_push( $error, l10n('update_wrong_dirname') );
[345]	206	}
[26]	207
[2]	208	if ( sizeof( $error ) == 0 )
	209	{
	210	$result = validate_upload( $path, $conf['upload_maxfilesize'],
	211	$conf['upload_maxwidth'],
	212	$conf['upload_maxheight'] );
	213	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
	214	{
[26]	215	array_push( $error, $result['error'][$j] );
[2]	216	}
	217	}
	218
	219	if ( sizeof( $error ) == 0 )
	220	{
[369]	221	$query = 'insert into '.WAITING_TABLE;
[61]	222	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
	223	$query.= ' values ';
	224	$query.= '('.$page['cat'].",'".$_FILES['picture']['name']."'";
[2]	225	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
[26]	226	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
[2]	227	$query.= ';';
[587]	228	pwg_query( $query );
[2]	229	$page['waiting_id'] = mysql_insert_id();
	230	}
	231	}
[369]	232
[2]	233	//------------------------------------------------------------ thumbnail upload
[10]	234	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
[2]	235	{
	236	// upload of the thumbnail
	237	$query = 'select file';
[369]	238	$query.= ' from '.WAITING_TABLE;
[2]	239	$query.= ' where id = '.$_GET['waiting_id'];
	240	$query.= ';';
[587]	241	$result= pwg_query( $query );
[2]	242	$row = mysql_fetch_array( $result );
	243	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
	244	$extension = get_extension( $_FILES['picture']['name'] );
[1631]	245
	246	if (($path = mkget_thumbnail_dir($page['cat_dir'], $error)) != false)
[2]	247	{
[1631]	248	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
	249	$result = validate_upload( $path, $conf['upload_maxfilesize'],
	250	$conf['upload_maxwidth_thumbnail'],
	251	$conf['upload_maxheight_thumbnail'] );
	252	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
	253	{
	254	array_push( $error, $result['error'][$j] );
	255	}
[2]	256	}
[1631]	257
[2]	258	if ( sizeof( $error ) == 0 )
	259	{
[369]	260	$query = 'update '.WAITING_TABLE;
[2]	261	$query.= " set tn_ext = '".$extension."'";
	262	$query.= ' where id = '.$_GET['waiting_id'];
	263	$query.= ';';
[587]	264	pwg_query( $query );
[2]	265	$page['upload_successful'] = true;
	266	}
	267	}
	268
[369]	269	//
	270	// Start output of page
	271	//
[1631]	272	$title= l10n('upload_title');
	273	$page['body_id'] = 'theUploadPage';
[369]	274	include(PHPWG_ROOT_PATH.'include/page_header.php');
	275	$template->set_filenames(array('upload'=>'upload.tpl'));
	276
[520]	277	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['cat'];
[369]	278	if ( isset( $page['waiting_id'] ) )
	279	{
	280	$u_form.= '&waiting_id='.$page['waiting_id'];
	281	}
	282
	283	if ( isset( $page['waiting_id'] ) )
	284	{
[1631]	285	$advise_title=l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
[369]	286	}
	287	else
	288	{
[1631]	289	$advise_title = l10n('upload_advise');
[642]	290	$advise_title.= get_cat_display_name($page['cat_name']);
[369]	291	}
	292
[1082]	293	$template->assign_vars(
	294	array(
[1631]	295	'U_HOME' => make_index_url(),
	296
[1082]	297	'ADVISE_TITLE' => $advise_title,
	298	'NAME' => $username,
	299	'EMAIL' => $mail_address,
	300	'NAME_IMG' => $name,
	301	'AUTHOR_IMG' => $author,
	302	'DATE_IMG' => $date_creation,
	303	'COMMENT_IMG' => $comment,
[1631]	304
[1082]	305	'F_ACTION' => $u_form,
[369]	306
[1082]	307	'U_RETURN' => make_index_url(array('category' => $page['cat'])),
	308	)
	309	);
[369]	310
[2]	311	if ( !$page['upload_successful'] )
	312	{
[369]	313	$template->assign_block_vars('upload_not_successful',array());
[2]	314	//-------------------------------------------------------------- errors display
[369]	315	if ( sizeof( $error ) != 0 )
	316	{
	317	$template->assign_block_vars('upload_not_successful.errors',array());
	318	for ( $i = 0; $i < sizeof( $error ); $i++ )
[2]	319	{
[369]	320	$template->assign_block_vars('upload_not_successful.errors.error',array('ERROR'=>$error[$i]));
[2]	321	}
[369]	322	}
	323
[2]	324	//--------------------------------------------------------------------- advises
[369]	325	if ( !empty($conf['upload_maxfilesize']) )
[2]	326	{
[1631]	327	$content = l10n('upload_advise_filesize');
[2]	328	$content.= $conf['upload_maxfilesize'].' KB';
[369]	329	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	330	}
[369]	331
[2]	332	if ( isset( $page['waiting_id'] ) )
	333	{
	334	if ( $conf['upload_maxwidth_thumbnail'] != '' )
	335	{
[1631]	336	$content = l10n('upload_advise_width');
[2]	337	$content.= $conf['upload_maxwidth_thumbnail'].' px';
[1631]	338	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	339	}
	340	if ( $conf['upload_maxheight_thumbnail'] != '' )
	341	{
[1631]	342	$content = l10n('upload_advise_height');
[2]	343	$content.= $conf['upload_maxheight_thumbnail'].' px';
[1631]	344	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	345	}
	346	}
	347	else
	348	{
	349	if ( $conf['upload_maxwidth'] != '' )
	350	{
[1631]	351	$content = l10n('upload_advise_width');
[2]	352	$content.= $conf['upload_maxwidth'].' px';
[1631]	353	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	354	}
	355	if ( $conf['upload_maxheight'] != '' )
	356	{
[1631]	357	$content = l10n('upload_advise_height');
[2]	358	$content.= $conf['upload_maxheight'].' px';
[1631]	359	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	360	}
	361	}
[1631]	362	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>l10n('upload_advise_filetype')));
[369]	363
[2]	364	//----------------------------------------- optionnal username and mail address
	365	if ( !isset( $page['waiting_id'] ) )
	366	{
[369]	367	$template->assign_block_vars('upload_not_successful.fields',array());
[1631]	368	$template->assign_block_vars('note',array());
[2]	369	}
	370	}
	371	else
	372	{
[369]	373	$template->assign_block_vars('upload_successful',array());
[2]	374	}
[1631]	375
[2]	376	//----------------------------------------------------------- html code display
[688]	377	$template->parse('upload');
[369]	378	include(PHPWG_ROOT_PATH.'include/page_tail.php');
[362]	379	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: