Context Navigation

source: trunk/upload.php @ 2033

Last change on this file since 2033 was 2033, checked in by vdigital, 17 years ago
Bug 0000705: Upload error with incomplete URL. + Broken link in Admin/intro.php
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 13.7 KB

Rev	Line
[2]	1	<?php
[354]	2	// +-----------------------------------------------------------------------+
[593]	3	// \| PhpWebGallery - a PHP based picture gallery \|
	4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
[1850]	5	// \| Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net \|
[354]	6	// +-----------------------------------------------------------------------+
[1850]	7	// \| file : $Id: upload.php 2033 2007-06-12 21:52:46Z vdigital $
[354]	8	// \| last update : $Date: 2007-06-12 21:52:46 +0000 (Tue, 12 Jun 2007) $
	9	// \| last modifier : $Author: vdigital $
	10	// \| revision : $Revision: 2033 $
	11	// +-----------------------------------------------------------------------+
	12	// \| This program is free software; you can redistribute it and/or modify \|
	13	// \| it under the terms of the GNU General Public License as published by \|
	14	// \| the Free Software Foundation \|
	15	// \| \|
	16	// \| This program is distributed in the hope that it will be useful, but \|
	17	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	18	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	19	// \| General Public License for more details. \|
	20	// \| \|
	21	// \| You should have received a copy of the GNU General Public License \|
	22	// \| along with this program; if not, write to the Free Software \|
	23	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	24	// \| USA. \|
	25	// +-----------------------------------------------------------------------+
[364]	26	define('PHPWG_ROOT_PATH','./');
	27	include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
[345]	28
[1850]	29	check_status(ACCESS_GUEST);
	30
[1631]	31	$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
	32	$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
	33	$name = !empty($_POST['name'])?$_POST['name']:'';
	34	$author = !empty($_POST['author'])?$_POST['author']:'';
	35	$date_creation = !empty($_POST['date_creation'])?$_POST['date_creation']:'';
	36	$comment = !empty($_POST['comment'])?$_POST['comment']:'';
	37
[10]	38	//------------------------------------------------------------------- functions
[2]	39	// The validate_upload function checks if the image of the given path is valid.
	40	// A picture is valid when :
	41	// - width, height and filesize are not higher than the maximum
	42	// filesize authorized by the administrator
	43	// - the type of the picture is among jpg, gif and png
	44	// The function returns an array containing :
	45	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
	46	// - $result['error'] contains an array with the different errors
	47	// found with the picture
	48	function validate_upload( $temp_name, $my_max_file_size,
	49	$image_max_width, $image_max_height )
	50	{
[1631]	51	global $conf, $lang, $page, $mail_address;
	52
[2]	53	$result = array();
	54	$result['error'] = array();
	55	//echo $_FILES['picture']['name']."<br />".$temp_name;
	56	$extension = get_extension( $_FILES['picture']['name'] );
[585]	57	if (!in_array($extension, $conf['picture_ext']))
[2]	58	{
[1631]	59	array_push( $result['error'], l10n('upload_advise_filetype') );
[2]	60	return $result;
	61	}
	62	if ( !isset( $_FILES['picture'] ) )
	63	{
	64	// do we even have a file?
[19]	65	array_push( $result['error'], "You did not upload anything!" );
[2]	66	}
	67	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
	68	{
[19]	69	array_push( $result['error'],
[1631]	70	l10n('upload_advise_filesize').$my_max_file_size.' KB' );
[2]	71	}
	72	else
	73	{
	74	// check if we are allowed to upload this file_type
	75	// upload de la photo sous un nom temporaire
	76	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
	77	{
[1631]	78	array_push( $result['error'], l10n('upload_cannot_upload') );
[2]	79	}
	80	else
	81	{
	82	$size = getimagesize( $temp_name );
	83	if ( isset( $image_max_width )
[10]	84	and $image_max_width != ""
	85	and $size[0] > $image_max_width )
[2]	86	{
[19]	87	array_push( $result['error'],
[1631]	88	l10n('upload_advise_width').$image_max_width.' px' );
[2]	89	}
	90	if ( isset( $image_max_height )
[10]	91	and $image_max_height != ""
	92	and $size[1] > $image_max_height )
[2]	93	{
[19]	94	array_push( $result['error'],
[1631]	95	l10n('upload_advise_height').$image_max_height.' px' );
[2]	96	}
	97	// $size[2] == 1 means GIF
	98	// $size[2] == 2 means JPG
	99	// $size[2] == 3 means PNG
[19]	100	switch ( $size[2] )
[2]	101	{
[19]	102	case 1 : $result['type'] = 'gif'; break;
	103	case 2 : $result['type'] = 'jpg'; break;
	104	case 3 : $result['type'] = 'png'; break;
	105	default :
[1631]	106	array_push( $result['error'], l10n('upload_advise_filetype') );
[2]	107	}
	108	}
	109	}
	110	if ( sizeof( $result['error'] ) > 0 )
	111	{
	112	// destruction de l'image avec le nom temporaire
	113	@unlink( $temp_name );
	114	}
[345]	115	else
	116	{
[587]	117	@chmod( $temp_name, 0644);
[345]	118	}
[1631]	119
	120	//------------------------------------------------------------ log informations
[1843]	121	pwg_log();
[1631]	122
[2]	123	return $result;
[1631]	124	}
[345]	125
[2]	126	//-------------------------------------------------- access authorization check
[2033]	127	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
[2]	128	{
[1843]	129	$page['category'] = $_GET['cat'];
[1036]	130	}
	131
[1843]	132	if (isset($page['category']))
[1036]	133	{
[1843]	134	check_restrictions( $page['category'] );
[1861]	135	$category = get_cat_info( $page['category'] );
	136	$category['cat_dir'] = get_complete_dir( $page['category'] );
[1082]	137
[1861]	138	if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
[667]	139	{
[1082]	140	die('Fatal: you take a wrong way, bye bye');
[667]	141	}
[2]	142	}
[2033]	143	else { // $page['category'] may be set by a futur plugin but without it
	144	die('Fatal: you take a wrong way, bye bye');
	145	}
[10]	146
[2]	147	$error = array();
	148	$page['upload_successful'] = false;
	149	if ( isset( $_GET['waiting_id'] ) )
	150	{
	151	$page['waiting_id'] = $_GET['waiting_id'];
	152	}
	153	//-------------------------------------------------------------- picture upload
[26]	154	// verfying fields
[10]	155	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
[2]	156	{
[1861]	157	$path = $category['cat_dir'].$_FILES['picture']['name'];
[2]	158	if ( @is_file( $path ) )
	159	{
[1631]	160	array_push( $error, l10n('upload_file_exists') );
[2]	161	}
	162	// test de la présence des champs obligatoires
[369]	163	if ( empty($_FILES['picture']['name']))
[2]	164	{
[1631]	165	array_push( $error, l10n('upload_filenotfound') );
[2]	166	}
	167	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
	168	$_POST['mail_address'] ) )
	169	{
[1631]	170	array_push( $error, l10n('reg_err_mail_address') );
[2]	171	}
[369]	172	if ( empty($_POST['username']) )
[2]	173	{
[1631]	174	array_push( $error, l10n('upload_err_username') );
[2]	175	}
[345]	176
	177	$date_creation = '';
[369]	178	if ( !empty($_POST['date_creation']) )
[26]	179	{
	180	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
	181	// int checkdate ( int month, int day, int year)
[488]	182	if (checkdate($month, $day, $year))
[26]	183	{
[488]	184	$date_creation = $year.'-'.$month.'-'.$day;
[26]	185	}
	186	else
	187	{
[1631]	188	array_push( $error, l10n('err_date') );
[26]	189	}
	190	}
	191	// creation of the "infos" field :
	192	// <infos author="Pierrick LE GALL" comment="my comment"
[488]	193	// date_creation="2004-08-14" name="" />
[26]	194	$xml_infos = '<infos';
[1058]	195	$xml_infos.= encodeAttribute('author', $_POST['author']);
	196	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
	197	$xml_infos.= encodeAttribute('date_creation', $date_creation);
	198	$xml_infos.= encodeAttribute('name', $_POST['name']);
[26]	199	$xml_infos.= ' />';
[345]	200
	201	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
	202	{
[1631]	203	array_push( $error, l10n('update_wrong_dirname') );
[345]	204	}
[26]	205
[2]	206	if ( sizeof( $error ) == 0 )
	207	{
	208	$result = validate_upload( $path, $conf['upload_maxfilesize'],
	209	$conf['upload_maxwidth'],
	210	$conf['upload_maxheight'] );
	211	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
	212	{
[26]	213	array_push( $error, $result['error'][$j] );
[2]	214	}
	215	}
	216
	217	if ( sizeof( $error ) == 0 )
	218	{
[369]	219	$query = 'insert into '.WAITING_TABLE;
[61]	220	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
	221	$query.= ' values ';
[1843]	222	$query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
[2]	223	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
[26]	224	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
[2]	225	$query.= ';';
[587]	226	pwg_query( $query );
[2]	227	$page['waiting_id'] = mysql_insert_id();
[1901]	228
	229	if ($conf['email_admin_on_picture_uploaded'])
	230	{
	231	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
	232
[1915]	233	$waiting_url = get_absolute_root_url().'admin.php?page=upload';
[1901]	234
[1908]	235	$keyargs_content = array
	236	(
	237	get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
	238	get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
	239	get_l10n_args('User: %s', $_POST['username']),
	240	get_l10n_args('Email: %s', $_POST['mail_address']),
	241	get_l10n_args('Picture name: %s', $_POST['name']),
	242	get_l10n_args('Author: %s', $_POST['author']),
	243	get_l10n_args('Creation date: %s', $_POST['date_creation']),
	244	get_l10n_args('Comment: %s', $_POST['comment']),
	245	get_l10n_args('', ''),
	246	get_l10n_args('Waiting page: %s', $waiting_url)
	247	);
[1901]	248
[1908]	249	pwg_mail_notification_admins
[1901]	250	(
[1908]	251	get_l10n_args('Picture uploaded by %s', $_POST['username']),
	252	$keyargs_content
[1901]	253	);
	254	}
[2]	255	}
	256	}
[369]	257
[2]	258	//------------------------------------------------------------ thumbnail upload
[10]	259	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
[2]	260	{
	261	// upload of the thumbnail
	262	$query = 'select file';
[369]	263	$query.= ' from '.WAITING_TABLE;
[2]	264	$query.= ' where id = '.$_GET['waiting_id'];
	265	$query.= ';';
[587]	266	$result= pwg_query( $query );
[2]	267	$row = mysql_fetch_array( $result );
	268	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
	269	$extension = get_extension( $_FILES['picture']['name'] );
[1631]	270
[1861]	271	if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
[2]	272	{
[1631]	273	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
	274	$result = validate_upload( $path, $conf['upload_maxfilesize'],
	275	$conf['upload_maxwidth_thumbnail'],
	276	$conf['upload_maxheight_thumbnail'] );
	277	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
	278	{
	279	array_push( $error, $result['error'][$j] );
	280	}
[2]	281	}
[1631]	282
[2]	283	if ( sizeof( $error ) == 0 )
	284	{
[369]	285	$query = 'update '.WAITING_TABLE;
[2]	286	$query.= " set tn_ext = '".$extension."'";
	287	$query.= ' where id = '.$_GET['waiting_id'];
	288	$query.= ';';
[587]	289	pwg_query( $query );
[2]	290	$page['upload_successful'] = true;
	291	}
	292	}
	293
[369]	294	//
	295	// Start output of page
	296	//
[1631]	297	$title= l10n('upload_title');
	298	$page['body_id'] = 'theUploadPage';
[369]	299	include(PHPWG_ROOT_PATH.'include/page_header.php');
	300	$template->set_filenames(array('upload'=>'upload.tpl'));
	301
[1843]	302	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
[369]	303	if ( isset( $page['waiting_id'] ) )
	304	{
	305	$u_form.= '&waiting_id='.$page['waiting_id'];
	306	}
	307
	308	if ( isset( $page['waiting_id'] ) )
	309	{
[1631]	310	$advise_title=l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
[369]	311	}
	312	else
	313	{
[1631]	314	$advise_title = l10n('upload_advise');
[1861]	315	$advise_title.= get_cat_display_name($category['upper_names']);
[369]	316	}
	317
[1082]	318	$template->assign_vars(
	319	array(
[1631]	320	'U_HOME' => make_index_url(),
	321
[1082]	322	'ADVISE_TITLE' => $advise_title,
	323	'NAME' => $username,
	324	'EMAIL' => $mail_address,
	325	'NAME_IMG' => $name,
	326	'AUTHOR_IMG' => $author,
	327	'DATE_IMG' => $date_creation,
	328	'COMMENT_IMG' => $comment,
[1631]	329
[1082]	330	'F_ACTION' => $u_form,
[369]	331
[1861]	332	'U_RETURN' => make_index_url(array('category' => $category)),
[1082]	333	)
	334	);
[369]	335
[2]	336	if ( !$page['upload_successful'] )
	337	{
[369]	338	$template->assign_block_vars('upload_not_successful',array());
[2]	339	//-------------------------------------------------------------- errors display
[369]	340	if ( sizeof( $error ) != 0 )
	341	{
	342	$template->assign_block_vars('upload_not_successful.errors',array());
	343	for ( $i = 0; $i < sizeof( $error ); $i++ )
[2]	344	{
[369]	345	$template->assign_block_vars('upload_not_successful.errors.error',array('ERROR'=>$error[$i]));
[2]	346	}
[369]	347	}
	348
[2]	349	//--------------------------------------------------------------------- advises
[369]	350	if ( !empty($conf['upload_maxfilesize']) )
[2]	351	{
[1631]	352	$content = l10n('upload_advise_filesize');
[2]	353	$content.= $conf['upload_maxfilesize'].' KB';
[369]	354	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	355	}
[369]	356
[2]	357	if ( isset( $page['waiting_id'] ) )
	358	{
	359	if ( $conf['upload_maxwidth_thumbnail'] != '' )
	360	{
[1631]	361	$content = l10n('upload_advise_width');
[2]	362	$content.= $conf['upload_maxwidth_thumbnail'].' px';
[1631]	363	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	364	}
	365	if ( $conf['upload_maxheight_thumbnail'] != '' )
	366	{
[1631]	367	$content = l10n('upload_advise_height');
[2]	368	$content.= $conf['upload_maxheight_thumbnail'].' px';
[1631]	369	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	370	}
	371	}
	372	else
	373	{
	374	if ( $conf['upload_maxwidth'] != '' )
	375	{
[1631]	376	$content = l10n('upload_advise_width');
[2]	377	$content.= $conf['upload_maxwidth'].' px';
[1631]	378	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	379	}
	380	if ( $conf['upload_maxheight'] != '' )
	381	{
[1631]	382	$content = l10n('upload_advise_height');
[2]	383	$content.= $conf['upload_maxheight'].' px';
[1631]	384	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	385	}
	386	}
[1631]	387	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>l10n('upload_advise_filetype')));
[369]	388
[2]	389	//----------------------------------------- optionnal username and mail address
	390	if ( !isset( $page['waiting_id'] ) )
	391	{
[369]	392	$template->assign_block_vars('upload_not_successful.fields',array());
[1631]	393	$template->assign_block_vars('note',array());
[2]	394	}
	395	}
	396	else
	397	{
[369]	398	$template->assign_block_vars('upload_successful',array());
[2]	399	}
[1631]	400
[2]	401	//----------------------------------------------------------- html code display
[688]	402	$template->parse('upload');
[369]	403	include(PHPWG_ROOT_PATH.'include/page_tail.php');
[362]	404	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: