Context Navigation

source: trunk/upload.php @ 2590

Last change on this file since 2590 was 2485, checked in by rvelices, 16 years ago

Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 14.4 KB

Rev	Line
[2]	1	<?php
[354]	2	// +-----------------------------------------------------------------------+
[2297]	3	// \| Piwigo - a PHP based picture gallery \|
	4	// +-----------------------------------------------------------------------+
	5	// \| Copyright(C) 2008 Piwigo Team http://piwigo.org \|
	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[2325]	23
[364]	24	define('PHPWG_ROOT_PATH','./');
[345]	25
[2325]	26	// +-----------------------------------------------------------------------+
	27	// \| Includes \|
	28	// +-----------------------------------------------------------------------+
	29	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
	30	include_once(PHPWG_ROOT_PATH.'include/upload.class.php');
[1850]	31
[2325]	32	// +-----------------------------------------------------------------------+
	33	// \| Check Access and exit when user status is not ok \|
	34	// +-----------------------------------------------------------------------+
	35	check_status($conf['upload_user_access']);
[1631]	36
[2325]	37	// +-----------------------------------------------------------------------+
	38	// \| Create upload object \|
	39	// +-----------------------------------------------------------------------+
	40	$upload = new Upload();
	41
	42
	43	$username = !empty($_POST['username']) ? $_POST['username']:(is_classic_user() ? $user['username'] : '');
	44	$mail_address = !empty($_POST['mail_address']) ? $_POST['mail_address'] : (is_classic_user() ? $user['email'] : '');
	45	$name = !empty($_POST['name']) ? $_POST['name'] : '';
	46	$author = !empty($_POST['author']) ? $_POST['author'] : (is_classic_user() ? $user['username'] : '');
	47	$date_creation = !empty($_POST['date_creation']) ? $_POST['date_creation'] : '';
	48	$comment = !empty($_POST['comment']) ? $_POST['comment'] : '';
	49
[10]	50	//------------------------------------------------------------------- functions
[2]	51	// The validate_upload function checks if the image of the given path is valid.
	52	// A picture is valid when :
	53	// - width, height and filesize are not higher than the maximum
	54	// filesize authorized by the administrator
	55	// - the type of the picture is among jpg, gif and png
	56	// The function returns an array containing :
	57	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
	58	// - $result['error'] contains an array with the different errors
	59	// found with the picture
	60	function validate_upload( $temp_name, $my_max_file_size,
	61	$image_max_width, $image_max_height )
	62	{
[1631]	63	global $conf, $lang, $page, $mail_address;
	64
[2]	65	$result = array();
	66	$result['error'] = array();
	67	//echo $_FILES['picture']['name']."<br />".$temp_name;
	68	$extension = get_extension( $_FILES['picture']['name'] );
[585]	69	if (!in_array($extension, $conf['picture_ext']))
[2]	70	{
[1631]	71	array_push( $result['error'], l10n('upload_advise_filetype') );
[2]	72	return $result;
	73	}
	74	if ( !isset( $_FILES['picture'] ) )
	75	{
	76	// do we even have a file?
[19]	77	array_push( $result['error'], "You did not upload anything!" );
[2]	78	}
	79	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
	80	{
[19]	81	array_push( $result['error'],
[1631]	82	l10n('upload_advise_filesize').$my_max_file_size.' KB' );
[2]	83	}
	84	else
	85	{
	86	// check if we are allowed to upload this file_type
	87	// upload de la photo sous un nom temporaire
	88	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
	89	{
[1631]	90	array_push( $result['error'], l10n('upload_cannot_upload') );
[2]	91	}
	92	else
	93	{
	94	$size = getimagesize( $temp_name );
	95	if ( isset( $image_max_width )
[10]	96	and $image_max_width != ""
	97	and $size[0] > $image_max_width )
[2]	98	{
[19]	99	array_push( $result['error'],
[1631]	100	l10n('upload_advise_width').$image_max_width.' px' );
[2]	101	}
	102	if ( isset( $image_max_height )
[10]	103	and $image_max_height != ""
	104	and $size[1] > $image_max_height )
[2]	105	{
[19]	106	array_push( $result['error'],
[1631]	107	l10n('upload_advise_height').$image_max_height.' px' );
[2]	108	}
	109	// $size[2] == 1 means GIF
	110	// $size[2] == 2 means JPG
	111	// $size[2] == 3 means PNG
[19]	112	switch ( $size[2] )
[2]	113	{
[19]	114	case 1 : $result['type'] = 'gif'; break;
	115	case 2 : $result['type'] = 'jpg'; break;
	116	case 3 : $result['type'] = 'png'; break;
	117	default :
[2265]	118	array_push( $result['error'], l10n('upload_advise_filetype') );
[2]	119	}
	120	}
	121	}
	122	if ( sizeof( $result['error'] ) > 0 )
	123	{
	124	// destruction de l'image avec le nom temporaire
	125	@unlink( $temp_name );
	126	}
[345]	127	else
	128	{
[587]	129	@chmod( $temp_name, 0644);
[345]	130	}
[1631]	131
	132	//------------------------------------------------------------ log informations
[1843]	133	pwg_log();
[1631]	134
[2]	135	return $result;
[1631]	136	}
[345]	137
[2]	138	//-------------------------------------------------- access authorization check
[2325]	139	if (isset($_POST['category']) and is_numeric($_POST['category']))
	140	{
	141	$page['category'] = $_POST['category'];
	142	}
	143	else
[2033]	144	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
[2]	145	{
[1843]	146	$page['category'] = $_GET['cat'];
[1036]	147	}
[2325]	148	else
	149	{
	150	$page['category'] = null;
	151	}
[1036]	152
[2325]	153	if (! empty($page['category']))
[1036]	154	{
[2325]	155	check_restrictions($page['category']);
	156	$category = get_cat_info($page['category']);
	157	$category['cat_dir'] = get_complete_dir($page['category']);
[2265]	158
[1861]	159	if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
[667]	160	{
[2265]	161	page_forbidden('upload not allowed');
[667]	162	}
[2]	163	}
[2325]	164	else
	165	{
	166	if (isset($_POST['submit']))
	167	{
	168	// $page['category'] may be set by a futur plugin but without it
	169	bad_request('invalid parameters');
	170	}
	171	else
	172	{
	173	$category = null;
	174	}
[2033]	175	}
[10]	176
[2]	177	$error = array();
	178	$page['upload_successful'] = false;
	179	if ( isset( $_GET['waiting_id'] ) )
	180	{
	181	$page['waiting_id'] = $_GET['waiting_id'];
	182	}
[2325]	183
[2]	184	//-------------------------------------------------------------- picture upload
[26]	185	// verfying fields
[10]	186	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
[2]	187	{
[1861]	188	$path = $category['cat_dir'].$_FILES['picture']['name'];
[2]	189	if ( @is_file( $path ) )
	190	{
[1631]	191	array_push( $error, l10n('upload_file_exists') );
[2]	192	}
	193	// test de la présence des champs obligatoires
[369]	194	if ( empty($_FILES['picture']['name']))
[2]	195	{
[1631]	196	array_push( $error, l10n('upload_filenotfound') );
[2]	197	}
	198	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
	199	$_POST['mail_address'] ) )
	200	{
[1631]	201	array_push( $error, l10n('reg_err_mail_address') );
[2]	202	}
[369]	203	if ( empty($_POST['username']) )
[2]	204	{
[1631]	205	array_push( $error, l10n('upload_err_username') );
[2]	206	}
[2265]	207
[345]	208	$date_creation = '';
[369]	209	if ( !empty($_POST['date_creation']) )
[26]	210	{
	211	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
	212	// int checkdate ( int month, int day, int year)
[488]	213	if (checkdate($month, $day, $year))
[26]	214	{
[488]	215	$date_creation = $year.'-'.$month.'-'.$day;
[26]	216	}
	217	else
	218	{
[1631]	219	array_push( $error, l10n('err_date') );
[26]	220	}
	221	}
	222	// creation of the "infos" field :
	223	// <infos author="Pierrick LE GALL" comment="my comment"
[488]	224	// date_creation="2004-08-14" name="" />
[2485]	225	$xml_infos = '<infos ';
[1058]	226	$xml_infos.= encodeAttribute('author', $_POST['author']);
	227	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
	228	$xml_infos.= encodeAttribute('date_creation', $date_creation);
	229	$xml_infos.= encodeAttribute('name', $_POST['name']);
[26]	230	$xml_infos.= ' />';
[345]	231
	232	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
	233	{
[1631]	234	array_push( $error, l10n('update_wrong_dirname') );
[345]	235	}
[2265]	236
[2]	237	if ( sizeof( $error ) == 0 )
	238	{
	239	$result = validate_upload( $path, $conf['upload_maxfilesize'],
	240	$conf['upload_maxwidth'],
	241	$conf['upload_maxheight'] );
	242	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
	243	{
[26]	244	array_push( $error, $result['error'][$j] );
[2]	245	}
	246	}
	247
	248	if ( sizeof( $error ) == 0 )
	249	{
[369]	250	$query = 'insert into '.WAITING_TABLE;
[61]	251	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
	252	$query.= ' values ';
[1843]	253	$query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
[2]	254	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
[26]	255	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
[2]	256	$query.= ';';
[587]	257	pwg_query( $query );
[2]	258	$page['waiting_id'] = mysql_insert_id();
[1901]	259
	260	if ($conf['email_admin_on_picture_uploaded'])
	261	{
	262	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
	263
[1915]	264	$waiting_url = get_absolute_root_url().'admin.php?page=upload';
[1901]	265
[1908]	266	$keyargs_content = array
	267	(
	268	get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
	269	get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
	270	get_l10n_args('User: %s', $_POST['username']),
	271	get_l10n_args('Email: %s', $_POST['mail_address']),
	272	get_l10n_args('Picture name: %s', $_POST['name']),
	273	get_l10n_args('Author: %s', $_POST['author']),
	274	get_l10n_args('Creation date: %s', $_POST['date_creation']),
	275	get_l10n_args('Comment: %s', $_POST['comment']),
	276	get_l10n_args('', ''),
	277	get_l10n_args('Waiting page: %s', $waiting_url)
	278	);
[1901]	279
[1908]	280	pwg_mail_notification_admins
[1901]	281	(
[1908]	282	get_l10n_args('Picture uploaded by %s', $_POST['username']),
	283	$keyargs_content
[1901]	284	);
	285	}
[2]	286	}
	287	}
[369]	288
[2]	289	//------------------------------------------------------------ thumbnail upload
[10]	290	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
[2]	291	{
	292	// upload of the thumbnail
	293	$query = 'select file';
[369]	294	$query.= ' from '.WAITING_TABLE;
[2]	295	$query.= ' where id = '.$_GET['waiting_id'];
	296	$query.= ';';
[587]	297	$result= pwg_query( $query );
[2]	298	$row = mysql_fetch_array( $result );
	299	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
	300	$extension = get_extension( $_FILES['picture']['name'] );
[1631]	301
[1861]	302	if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
[2]	303	{
[1631]	304	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
	305	$result = validate_upload( $path, $conf['upload_maxfilesize'],
	306	$conf['upload_maxwidth_thumbnail'],
	307	$conf['upload_maxheight_thumbnail'] );
	308	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
	309	{
	310	array_push( $error, $result['error'][$j] );
	311	}
[2]	312	}
[1631]	313
[2]	314	if ( sizeof( $error ) == 0 )
	315	{
[369]	316	$query = 'update '.WAITING_TABLE;
[2]	317	$query.= " set tn_ext = '".$extension."'";
	318	$query.= ' where id = '.$_GET['waiting_id'];
	319	$query.= ';';
[587]	320	pwg_query( $query );
[2]	321	$page['upload_successful'] = true;
	322	}
	323	}
	324
[369]	325	//
	326	// Start output of page
	327	//
[1631]	328	$title= l10n('upload_title');
	329	$page['body_id'] = 'theUploadPage';
[369]	330	include(PHPWG_ROOT_PATH.'include/page_header.php');
	331	$template->set_filenames(array('upload'=>'upload.tpl'));
	332
[2325]	333	// Load category list
	334	$query = '
	335	SELECT
	336	id, name, uppercats, global_rank
	337	FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_CACHE_CATEGORIES_TABLE.'
	338	ON id = cat_id and user_id = '.$user['id'].'
	339	WHERE
	340	uploadable = \'true\'
	341	'.get_sql_condition_FandF
	342	(
	343	array
	344	(
	345	'visible_categories' => 'id',
	346	),
	347	'AND'
	348	).'
	349	;';
	350	display_select_cat_wrapper($query, array($page['category']), 'categories');
	351
[1843]	352	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
[369]	353	if ( isset( $page['waiting_id'] ) )
	354	{
	355	$u_form.= '&waiting_id='.$page['waiting_id'];
	356	}
	357
	358	if ( isset( $page['waiting_id'] ) )
	359	{
[2325]	360	$advise_title = l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
[369]	361	}
	362	else
	363	{
[2325]	364	$advise_title = l10n('Choose an image');
[369]	365	}
	366
[2265]	367	$template->assign(
[1082]	368	array(
	369	'ADVISE_TITLE' => $advise_title,
	370	'NAME' => $username,
	371	'EMAIL' => $mail_address,
	372	'NAME_IMG' => $name,
	373	'AUTHOR_IMG' => $author,
	374	'DATE_IMG' => $date_creation,
	375	'COMMENT_IMG' => $comment,
[1631]	376
[1082]	377	'F_ACTION' => $u_form,
[369]	378
[1861]	379	'U_RETURN' => make_index_url(array('category' => $category)),
[1082]	380	)
	381	);
[2265]	382
	383	$template->assign('errors', $error);
	384	$template->assign('UPLOAD_SUCCESSFUL', $page['upload_successful'] );
	385
[2]	386	if ( !$page['upload_successful'] )
	387	{
	388	//--------------------------------------------------------------------- advises
[369]	389	if ( !empty($conf['upload_maxfilesize']) )
[2]	390	{
[1631]	391	$content = l10n('upload_advise_filesize');
[2]	392	$content.= $conf['upload_maxfilesize'].' KB';
[2265]	393	$template->append('advises', $content);
[2]	394	}
[369]	395
[2]	396	if ( isset( $page['waiting_id'] ) )
	397	{
	398	if ( $conf['upload_maxwidth_thumbnail'] != '' )
	399	{
[1631]	400	$content = l10n('upload_advise_width');
[2]	401	$content.= $conf['upload_maxwidth_thumbnail'].' px';
[2265]	402	$template->append('advises', $content);
[2]	403	}
	404	if ( $conf['upload_maxheight_thumbnail'] != '' )
	405	{
[1631]	406	$content = l10n('upload_advise_height');
[2]	407	$content.= $conf['upload_maxheight_thumbnail'].' px';
[2265]	408	$template->append('advises', $content);
[2]	409	}
	410	}
	411	else
	412	{
	413	if ( $conf['upload_maxwidth'] != '' )
	414	{
[1631]	415	$content = l10n('upload_advise_width');
[2]	416	$content.= $conf['upload_maxwidth'].' px';
[2265]	417	$template->append('advises', $content);
[2]	418	}
	419	if ( $conf['upload_maxheight'] != '' )
	420	{
[1631]	421	$content = l10n('upload_advise_height');
[2]	422	$content.= $conf['upload_maxheight'].' px';
[2265]	423	$template->append('advises', $content);
[2]	424	}
	425	}
[2265]	426	$template->append('advises', l10n('upload_advise_filetype'));
	427
[2]	428	//----------------------------------------- optionnal username and mail address
	429	if ( !isset( $page['waiting_id'] ) )
	430	{
[2265]	431	$template->assign('SHOW_FORM_FIELDS', true);
[2]	432	}
	433	}
[1631]	434
[2]	435	//----------------------------------------------------------- html code display
[688]	436	$template->parse('upload');
[369]	437	include(PHPWG_ROOT_PATH.'include/page_tail.php');
[362]	438	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: