Context Navigation

source: trunk/upload.php @ 494

Last change on this file since 494 was 488, checked in by z0rglub, 20 years ago
date in ISO standard
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 13.4 KB

Rev	Line
[2]	1	<?php
[354]	2	// +-----------------------------------------------------------------------+
[362]	3	// \| upload.php \|
[354]	4	// +-----------------------------------------------------------------------+
	5	// \| application : PhpWebGallery <http://phpwebgallery.net> \|
[362]	6	// \| branch : BSF (Best So Far) \|
[354]	7	// +-----------------------------------------------------------------------+
	8	// \| file : $RCSfile$
	9	// \| last update : $Date: 2004-08-21 13:03:49 +0000 (Sat, 21 Aug 2004) $
	10	// \| last modifier : $Author: z0rglub $
	11	// \| revision : $Revision: 488 $
	12	// +-----------------------------------------------------------------------+
	13	// \| This program is free software; you can redistribute it and/or modify \|
	14	// \| it under the terms of the GNU General Public License as published by \|
	15	// \| the Free Software Foundation \|
	16	// \| \|
	17	// \| This program is distributed in the hope that it will be useful, but \|
	18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	20	// \| General Public License for more details. \|
	21	// \| \|
	22	// \| You should have received a copy of the GNU General Public License \|
	23	// \| along with this program; if not, write to the Free Software \|
	24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	25	// \| USA. \|
	26	// +-----------------------------------------------------------------------+
[364]	27	define('PHPWG_ROOT_PATH','./');
	28	include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
[345]	29
[10]	30	//------------------------------------------------------------------- functions
[2]	31	// The validate_upload function checks if the image of the given path is valid.
	32	// A picture is valid when :
	33	// - width, height and filesize are not higher than the maximum
	34	// filesize authorized by the administrator
	35	// - the type of the picture is among jpg, gif and png
	36	// The function returns an array containing :
	37	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
	38	// - $result['error'] contains an array with the different errors
	39	// found with the picture
	40	function validate_upload( $temp_name, $my_max_file_size,
	41	$image_max_width, $image_max_height )
	42	{
	43	global $lang;
	44
	45	$result = array();
	46	$result['error'] = array();
	47	//echo $_FILES['picture']['name']."<br />".$temp_name;
	48	$extension = get_extension( $_FILES['picture']['name'] );
[10]	49	if ( $extension != 'gif' and $extension != 'jpg' and $extension != 'png' )
[2]	50	{
[19]	51	array_push( $result['error'], $lang['upload_advise_filetype'] );
[2]	52	return $result;
	53	}
	54	if ( !isset( $_FILES['picture'] ) )
	55	{
	56	// do we even have a file?
[19]	57	array_push( $result['error'], "You did not upload anything!" );
[2]	58	}
	59	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
	60	{
[19]	61	array_push( $result['error'],
	62	$lang['upload_advise_width'].$my_max_file_size.' KB' );
[2]	63	}
	64	else
	65	{
	66	// check if we are allowed to upload this file_type
	67	// upload de la photo sous un nom temporaire
	68	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
	69	{
[19]	70	array_push( $result['error'], $lang['upload_cannot_upload'] );
[2]	71	}
	72	else
	73	{
	74	$size = getimagesize( $temp_name );
	75	if ( isset( $image_max_width )
[10]	76	and $image_max_width != ""
	77	and $size[0] > $image_max_width )
[2]	78	{
[19]	79	array_push( $result['error'],
	80	$lang['upload_advise_width'].$image_max_width.' px' );
[2]	81	}
	82	if ( isset( $image_max_height )
[10]	83	and $image_max_height != ""
	84	and $size[1] > $image_max_height )
[2]	85	{
[19]	86	array_push( $result['error'],
	87	$lang['upload_advise_height'].$image_max_height.' px' );
[2]	88	}
	89	// $size[2] == 1 means GIF
	90	// $size[2] == 2 means JPG
	91	// $size[2] == 3 means PNG
[19]	92	switch ( $size[2] )
[2]	93	{
[19]	94	case 1 : $result['type'] = 'gif'; break;
	95	case 2 : $result['type'] = 'jpg'; break;
	96	case 3 : $result['type'] = 'png'; break;
	97	default :
	98	array_push( $result['error'], $lang['upload_advise_filetype'] );
[2]	99	}
	100	}
	101	}
	102	if ( sizeof( $result['error'] ) > 0 )
	103	{
	104	// destruction de l'image avec le nom temporaire
	105	@unlink( $temp_name );
	106	}
[345]	107	else
	108	{
	109	@chmod( $temp_name, 0644);
	110	}
[2]	111	return $result;
	112	}
[345]	113
[2]	114	//-------------------------------------------------- access authorization check
	115	check_login_authorization();
	116	check_cat_id( $_GET['cat'] );
[10]	117	if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
[2]	118	{
	119	check_restrictions( $page['cat'] );
	120	$result = get_cat_info( $page['cat'] );
[82]	121	$page['cat_dir'] = get_complete_dir( $page['cat'] );
[38]	122	$page['cat_site_id'] = $result['site_id'];
	123	$page['cat_name'] = $result['name'];
	124	$page['cat_uploadable'] = $result['uploadable'];
[345]	125	if ( $page['cat_site_id'] != 1
[38]	126	or !$conf['upload_available']
	127	or !$page['cat_uploadable'] )
[2]	128	{
[10]	129	echo '<div style="text-align:center;">'.$lang['upload_forbidden'].'<br />';
[26]	130	echo '<a href="'.add_session_id( './category.php' ).'">';
[10]	131	echo $lang['thumbnails'].'</a></div>';
[2]	132	exit();
	133	}
[345]	134	}
[10]	135
[2]	136	$error = array();
	137	$page['upload_successful'] = false;
	138	if ( isset( $_GET['waiting_id'] ) )
	139	{
	140	$page['waiting_id'] = $_GET['waiting_id'];
	141	}
	142	//-------------------------------------------------------------- picture upload
[26]	143	// verfying fields
[10]	144	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
[2]	145	{
	146	$path = $page['cat_dir'].$_FILES['picture']['name'];
	147	if ( @is_file( $path ) )
	148	{
[26]	149	array_push( $error, $lang['upload_file_exists'] );
[2]	150	}
	151	// test de la présence des champs obligatoires
[369]	152	if ( empty($_FILES['picture']['name']))
[2]	153	{
[26]	154	array_push( $error, $lang['upload_filenotfound'] );
[2]	155	}
	156	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
	157	$_POST['mail_address'] ) )
	158	{
[26]	159	array_push( $error, $lang['reg_err_mail_address'] );
[2]	160	}
[369]	161	if ( empty($_POST['username']) )
[2]	162	{
[26]	163	array_push( $error, $lang['upload_err_username'] );
[2]	164	}
[345]	165
	166	$date_creation = '';
[369]	167	if ( !empty($_POST['date_creation']) )
[26]	168	{
	169	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
	170	// int checkdate ( int month, int day, int year)
[488]	171	if (checkdate($month, $day, $year))
[26]	172	{
[488]	173	$date_creation = $year.'-'.$month.'-'.$day;
[26]	174	}
	175	else
	176	{
	177	array_push( $error, $lang['err_date'] );
	178	}
	179	}
	180	// creation of the "infos" field :
	181	// <infos author="Pierrick LE GALL" comment="my comment"
[488]	182	// date_creation="2004-08-14" name="" />
[26]	183	$xml_infos = '<infos';
	184	$xml_infos.= ' author="'.htmlspecialchars($_POST['author'],ENT_QUOTES).'"';
	185	$xml_infos.= ' comment="'.htmlspecialchars($_POST['comment'],ENT_QUOTES).'"';
	186	$xml_infos.= ' date_creation="'.$date_creation.'"';
	187	$xml_infos.= ' name="'.htmlspecialchars( $_POST['name'], ENT_QUOTES).'"';
	188	$xml_infos.= ' />';
[345]	189
	190	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
	191	{
	192	array_push( $error, $lang['update_wrong_dirname'] );
	193	}
[26]	194
[2]	195	if ( sizeof( $error ) == 0 )
	196	{
	197	$result = validate_upload( $path, $conf['upload_maxfilesize'],
	198	$conf['upload_maxwidth'],
	199	$conf['upload_maxheight'] );
	200	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
	201	{
[26]	202	array_push( $error, $result['error'][$j] );
[2]	203	}
	204	}
	205
	206	if ( sizeof( $error ) == 0 )
	207	{
[369]	208	$query = 'insert into '.WAITING_TABLE;
[61]	209	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
	210	$query.= ' values ';
	211	$query.= '('.$page['cat'].",'".$_FILES['picture']['name']."'";
[2]	212	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
[26]	213	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
[2]	214	$query.= ';';
	215	mysql_query( $query );
	216	$page['waiting_id'] = mysql_insert_id();
[85]	217	// mail notification for administrators
	218	if ( $conf['mail_notification'] )
	219	{
[150]	220	notify( 'upload' );
[85]	221	}
[2]	222	}
	223	}
[369]	224
[2]	225	//------------------------------------------------------------ thumbnail upload
[10]	226	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
[2]	227	{
	228	// upload of the thumbnail
	229	$query = 'select file';
[369]	230	$query.= ' from '.WAITING_TABLE;
[2]	231	$query.= ' where id = '.$_GET['waiting_id'];
	232	$query.= ';';
	233	$result= mysql_query( $query );
	234	$row = mysql_fetch_array( $result );
	235	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
	236	$extension = get_extension( $_FILES['picture']['name'] );
	237	$path = $page['cat_dir'].'thumbnail/';
[20]	238	$path.= $conf['prefix_thumbnail'].$file.'.'.$extension;
[2]	239	$result = validate_upload( $path, $conf['upload_maxfilesize'],
	240	$conf['upload_maxwidth_thumbnail'],
	241	$conf['upload_maxheight_thumbnail'] );
	242	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
	243	{
[26]	244	array_push( $error, $result['error'][$j] );
[2]	245	}
	246	if ( sizeof( $error ) == 0 )
	247	{
[369]	248	$query = 'update '.WAITING_TABLE;
[2]	249	$query.= " set tn_ext = '".$extension."'";
	250	$query.= ' where id = '.$_GET['waiting_id'];
	251	$query.= ';';
	252	mysql_query( $query );
	253	$page['upload_successful'] = true;
	254	}
	255	}
	256
[369]	257	//
	258	// Start output of page
	259	//
	260	$title= $lang['upload_title'];
	261	include(PHPWG_ROOT_PATH.'include/page_header.php');
	262	$template->set_filenames(array('upload'=>'upload.tpl'));
	263	initialize_template();
	264
	265	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['cat'].'&expand='.$_GET['expand'];
	266	if ( isset( $page['waiting_id'] ) )
	267	{
	268	$u_form.= '&waiting_id='.$page['waiting_id'];
	269	}
	270
	271	if ( isset( $page['waiting_id'] ) )
	272	{
	273	$advise_title=$lang['upload_advise_thumbnail'].$_FILES['picture']['name'];
	274	}
	275	else
	276	{
	277	$advise_title = $lang['upload_advise'];
[394]	278	$advise_title.= get_cat_display_name( $page['cat_name'], ' - ' );
[369]	279	}
	280
	281	$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
	282	$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:$user['mail_address'];
	283	$name = !empty($_POST['name'])?$_POST['name']:'';
	284	$author = !empty($_POST['author'])?$_POST['author']:'';
	285	$date_creation = !empty($_POST['date_creation'])?$_POST['date_creation']:'';
	286	$comment = !empty($_POST['comment'])?$_POST['comment']:'';
	287
	288	$template->assign_vars(array(
	289	'ADVISE_TITLE' => $advise_title,
	290	'NAME' => $username,
	291	'EMAIL' => $mail_address,
	292	'NAME_IMG' => $name,
	293	'AUTHOR_IMG' => $author,
	294	'DATE_IMG' => $date_creation,
	295	'COMMENT_IMG' => $comment,
	296
	297	'L_TITLE' => $lang['upload_title'],
	298	'L_USERNAME' => $lang['upload_username'],
	299	'L_EMAIL' => $lang['mail_address'],
	300	'L_NAME_IMG' => $lang['upload_name'],
	301	'L_SUBMIT' => $lang['submit'],
	302	'L_AUTHOR' => $lang['upload_author'],
	303	'L_CREATION_DATE' => $lang['upload_creation_date'],
	304	'L_COMMENT' => $lang['upload_comment'],
	305	'L_RETURN' => $lang['search_return_main_page'],
	306	'L_UPLOAD_DONE' => $lang['upload_successful'],
	307	'L_MANDATORY' => $lang['mandatory'],
	308
	309	'F_ACTION' => add_session_id( $u_form ),
	310
	311	'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'])
	312	));
	313
[2]	314	if ( !$page['upload_successful'] )
	315	{
[369]	316	$template->assign_block_vars('upload_not_successful',array());
[2]	317	//-------------------------------------------------------------- errors display
[369]	318	if ( sizeof( $error ) != 0 )
	319	{
	320	$template->assign_block_vars('upload_not_successful.errors',array());
	321	for ( $i = 0; $i < sizeof( $error ); $i++ )
[2]	322	{
[369]	323	$template->assign_block_vars('upload_not_successful.errors.error',array('ERROR'=>$error[$i]));
[2]	324	}
[369]	325	}
	326
[2]	327	//--------------------------------------------------------------------- advises
[369]	328	if ( !empty($conf['upload_maxfilesize']) )
[2]	329	{
	330	$content = $lang['upload_advise_filesize'];
	331	$content.= $conf['upload_maxfilesize'].' KB';
[369]	332	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	333	}
[369]	334
[2]	335	if ( isset( $page['waiting_id'] ) )
	336	{
	337	if ( $conf['upload_maxwidth_thumbnail'] != '' )
	338	{
[369]	339	$content = $lang['upload_advise_width'];
[2]	340	$content.= $conf['upload_maxwidth_thumbnail'].' px';
[369]	341	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	342	}
	343	if ( $conf['upload_maxheight_thumbnail'] != '' )
	344	{
	345	$content = $lang['upload_advise_height'];
	346	$content.= $conf['upload_maxheight_thumbnail'].' px';
[369]	347	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	348	}
	349	}
	350	else
	351	{
	352	if ( $conf['upload_maxwidth'] != '' )
	353	{
	354	$content = $lang['upload_advise_width'];
	355	$content.= $conf['upload_maxwidth'].' px';
[369]	356	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	357	}
	358	if ( $conf['upload_maxheight'] != '' )
	359	{
	360	$content = $lang['upload_advise_height'];
	361	$content.= $conf['upload_maxheight'].' px';
[369]	362	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
[2]	363	}
	364	}
[369]	365	$template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$lang['upload_advise_filetype']));
	366
[2]	367	//----------------------------------------- optionnal username and mail address
	368	if ( !isset( $page['waiting_id'] ) )
	369	{
[369]	370	$template->assign_block_vars('upload_not_successful.fields',array());
	371	$template->assign_block_vars('note',array());
[2]	372	}
	373	}
	374	else
	375	{
[369]	376	$template->assign_block_vars('upload_successful',array());
[2]	377	}
	378	//----------------------------------------------------------- html code display
[369]	379	$template->pparse('upload');
	380	include(PHPWG_ROOT_PATH.'include/page_tail.php');
[362]	381	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: