Context Navigation

source: trunk/upload.php @ 2297

Last change on this file since 2297 was 2297, checked in by plg, 16 years ago
Modification: new header on PHP files, PhpWebGallery renamed Piwigo.
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 14.5 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23	// +-----------------------------------------------------------------------+
24	// \| PhpWebGallery - a PHP based picture gallery \|
25	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
26	// \| Copyright (C) 2003-2008 PhpWebGallery Team - http://phpwebgallery.net \|
27	// +-----------------------------------------------------------------------+
28	// \| file : $Id: upload.php 2297 2008-04-04 22:57:23Z plg $
29	// \| last update : $Date: 2008-04-04 22:57:23 +0000 (Fri, 04 Apr 2008) $
30	// \| last modifier : $Author: plg $
31	// \| revision : $Revision: 2297 $
32	// +-----------------------------------------------------------------------+
33	// \| This program is free software; you can redistribute it and/or modify \|
34	// \| it under the terms of the GNU General Public License as published by \|
35	// \| the Free Software Foundation \|
36	// \| \|
37	// \| This program is distributed in the hope that it will be useful, but \|
38	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
39	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
40	// \| General Public License for more details. \|
41	// \| \|
42	// \| You should have received a copy of the GNU General Public License \|
43	// \| along with this program; if not, write to the Free Software \|
44	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
45	// \| USA. \|
46	// +-----------------------------------------------------------------------+
47	define('PHPWG_ROOT_PATH','./');
48	include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
49
50	check_status(ACCESS_GUEST);
51
52	$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
53	$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
54	$name = !empty($_POST['name'])?$_POST['name']:'';
55	$author = !empty($_POST['author'])?$_POST['author']:'';
56	$date_creation = !empty($_POST['date_creation'])?$_POST['date_creation']:'';
57	$comment = !empty($_POST['comment'])?$_POST['comment']:'';
58
59	//------------------------------------------------------------------- functions
60	// The validate_upload function checks if the image of the given path is valid.
61	// A picture is valid when :
62	// - width, height and filesize are not higher than the maximum
63	// filesize authorized by the administrator
64	// - the type of the picture is among jpg, gif and png
65	// The function returns an array containing :
66	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
67	// - $result['error'] contains an array with the different errors
68	// found with the picture
69	function validate_upload( $temp_name, $my_max_file_size,
70	$image_max_width, $image_max_height )
71	{
72	global $conf, $lang, $page, $mail_address;
73
74	$result = array();
75	$result['error'] = array();
76	//echo $_FILES['picture']['name']."<br />".$temp_name;
77	$extension = get_extension( $_FILES['picture']['name'] );
78	if (!in_array($extension, $conf['picture_ext']))
79	{
80	array_push( $result['error'], l10n('upload_advise_filetype') );
81	return $result;
82	}
83	if ( !isset( $_FILES['picture'] ) )
84	{
85	// do we even have a file?
86	array_push( $result['error'], "You did not upload anything!" );
87	}
88	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
89	{
90	array_push( $result['error'],
91	l10n('upload_advise_filesize').$my_max_file_size.' KB' );
92	}
93	else
94	{
95	// check if we are allowed to upload this file_type
96	// upload de la photo sous un nom temporaire
97	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
98	{
99	array_push( $result['error'], l10n('upload_cannot_upload') );
100	}
101	else
102	{
103	$size = getimagesize( $temp_name );
104	if ( isset( $image_max_width )
105	and $image_max_width != ""
106	and $size[0] > $image_max_width )
107	{
108	array_push( $result['error'],
109	l10n('upload_advise_width').$image_max_width.' px' );
110	}
111	if ( isset( $image_max_height )
112	and $image_max_height != ""
113	and $size[1] > $image_max_height )
114	{
115	array_push( $result['error'],
116	l10n('upload_advise_height').$image_max_height.' px' );
117	}
118	// $size[2] == 1 means GIF
119	// $size[2] == 2 means JPG
120	// $size[2] == 3 means PNG
121	switch ( $size[2] )
122	{
123	case 1 : $result['type'] = 'gif'; break;
124	case 2 : $result['type'] = 'jpg'; break;
125	case 3 : $result['type'] = 'png'; break;
126	default :
127	array_push( $result['error'], l10n('upload_advise_filetype') );
128	}
129	}
130	}
131	if ( sizeof( $result['error'] ) > 0 )
132	{
133	// destruction de l'image avec le nom temporaire
134	@unlink( $temp_name );
135	}
136	else
137	{
138	@chmod( $temp_name, 0644);
139	}
140
141	//------------------------------------------------------------ log informations
142	pwg_log();
143
144	return $result;
145	}
146
147	//-------------------------------------------------- access authorization check
148	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
149	{
150	$page['category'] = $_GET['cat'];
151	}
152
153	if (isset($page['category']))
154	{
155	check_restrictions( $page['category'] );
156	$category = get_cat_info( $page['category'] );
157	$category['cat_dir'] = get_complete_dir( $page['category'] );
158
159	if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
160	{
161	page_forbidden('upload not allowed');
162	}
163	}
164	else { // $page['category'] may be set by a futur plugin but without it
165	bad_request('invalid parameters');
166	}
167
168	$error = array();
169	$page['upload_successful'] = false;
170	if ( isset( $_GET['waiting_id'] ) )
171	{
172	$page['waiting_id'] = $_GET['waiting_id'];
173	}
174	//-------------------------------------------------------------- picture upload
175	// verfying fields
176	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
177	{
178	$path = $category['cat_dir'].$_FILES['picture']['name'];
179	if ( @is_file( $path ) )
180	{
181	array_push( $error, l10n('upload_file_exists') );
182	}
183	// test de la présence des champs obligatoires
184	if ( empty($_FILES['picture']['name']))
185	{
186	array_push( $error, l10n('upload_filenotfound') );
187	}
188	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
189	$_POST['mail_address'] ) )
190	{
191	array_push( $error, l10n('reg_err_mail_address') );
192	}
193	if ( empty($_POST['username']) )
194	{
195	array_push( $error, l10n('upload_err_username') );
196	}
197
198	$date_creation = '';
199	if ( !empty($_POST['date_creation']) )
200	{
201	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
202	// int checkdate ( int month, int day, int year)
203	if (checkdate($month, $day, $year))
204	{
205	$date_creation = $year.'-'.$month.'-'.$day;
206	}
207	else
208	{
209	array_push( $error, l10n('err_date') );
210	}
211	}
212	// creation of the "infos" field :
213	// <infos author="Pierrick LE GALL" comment="my comment"
214	// date_creation="2004-08-14" name="" />
215	$xml_infos = '<infos';
216	$xml_infos.= encodeAttribute('author', $_POST['author']);
217	$xml_infos.= encodeAttribute('comment', $_POST['comment']);
218	$xml_infos.= encodeAttribute('date_creation', $date_creation);
219	$xml_infos.= encodeAttribute('name', $_POST['name']);
220	$xml_infos.= ' />';
221
222	if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
223	{
224	array_push( $error, l10n('update_wrong_dirname') );
225	}
226
227	if ( sizeof( $error ) == 0 )
228	{
229	$result = validate_upload( $path, $conf['upload_maxfilesize'],
230	$conf['upload_maxwidth'],
231	$conf['upload_maxheight'] );
232	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
233	{
234	array_push( $error, $result['error'][$j] );
235	}
236	}
237
238	if ( sizeof( $error ) == 0 )
239	{
240	$query = 'insert into '.WAITING_TABLE;
241	$query.= ' (storage_category_id,file,username,mail_address,date,infos)';
242	$query.= ' values ';
243	$query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
244	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
245	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
246	$query.= ';';
247	pwg_query( $query );
248	$page['waiting_id'] = mysql_insert_id();
249
250	if ($conf['email_admin_on_picture_uploaded'])
251	{
252	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
253
254	$waiting_url = get_absolute_root_url().'admin.php?page=upload';
255
256	$keyargs_content = array
257	(
258	get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
259	get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
260	get_l10n_args('User: %s', $_POST['username']),
261	get_l10n_args('Email: %s', $_POST['mail_address']),
262	get_l10n_args('Picture name: %s', $_POST['name']),
263	get_l10n_args('Author: %s', $_POST['author']),
264	get_l10n_args('Creation date: %s', $_POST['date_creation']),
265	get_l10n_args('Comment: %s', $_POST['comment']),
266	get_l10n_args('', ''),
267	get_l10n_args('Waiting page: %s', $waiting_url)
268	);
269
270	pwg_mail_notification_admins
271	(
272	get_l10n_args('Picture uploaded by %s', $_POST['username']),
273	$keyargs_content
274	);
275	}
276	}
277	}
278
279	//------------------------------------------------------------ thumbnail upload
280	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
281	{
282	// upload of the thumbnail
283	$query = 'select file';
284	$query.= ' from '.WAITING_TABLE;
285	$query.= ' where id = '.$_GET['waiting_id'];
286	$query.= ';';
287	$result= pwg_query( $query );
288	$row = mysql_fetch_array( $result );
289	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
290	$extension = get_extension( $_FILES['picture']['name'] );
291
292	if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
293	{
294	$path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
295	$result = validate_upload( $path, $conf['upload_maxfilesize'],
296	$conf['upload_maxwidth_thumbnail'],
297	$conf['upload_maxheight_thumbnail'] );
298	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
299	{
300	array_push( $error, $result['error'][$j] );
301	}
302	}
303
304	if ( sizeof( $error ) == 0 )
305	{
306	$query = 'update '.WAITING_TABLE;
307	$query.= " set tn_ext = '".$extension."'";
308	$query.= ' where id = '.$_GET['waiting_id'];
309	$query.= ';';
310	pwg_query( $query );
311	$page['upload_successful'] = true;
312	}
313	}
314
315	//
316	// Start output of page
317	//
318	$title= l10n('upload_title');
319	$page['body_id'] = 'theUploadPage';
320	include(PHPWG_ROOT_PATH.'include/page_header.php');
321	$template->set_filenames(array('upload'=>'upload.tpl'));
322
323	$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
324	if ( isset( $page['waiting_id'] ) )
325	{
326	$u_form.= '&waiting_id='.$page['waiting_id'];
327	}
328
329	if ( isset( $page['waiting_id'] ) )
330	{
331	$advise_title=l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
332	}
333	else
334	{
335	$advise_title = l10n('upload_advise');
336	$advise_title.= get_cat_display_name($category['upper_names']);
337	}
338
339	$template->assign(
340	array(
341	'ADVISE_TITLE' => $advise_title,
342	'NAME' => $username,
343	'EMAIL' => $mail_address,
344	'NAME_IMG' => $name,
345	'AUTHOR_IMG' => $author,
346	'DATE_IMG' => $date_creation,
347	'COMMENT_IMG' => $comment,
348
349	'F_ACTION' => $u_form,
350
351	'U_RETURN' => make_index_url(array('category' => $category)),
352	)
353	);
354
355	$template->assign('errors', $error);
356	$template->assign('UPLOAD_SUCCESSFUL', $page['upload_successful'] );
357
358	if ( !$page['upload_successful'] )
359	{
360	//--------------------------------------------------------------------- advises
361	if ( !empty($conf['upload_maxfilesize']) )
362	{
363	$content = l10n('upload_advise_filesize');
364	$content.= $conf['upload_maxfilesize'].' KB';
365	$template->append('advises', $content);
366	}
367
368	if ( isset( $page['waiting_id'] ) )
369	{
370	if ( $conf['upload_maxwidth_thumbnail'] != '' )
371	{
372	$content = l10n('upload_advise_width');
373	$content.= $conf['upload_maxwidth_thumbnail'].' px';
374	$template->append('advises', $content);
375	}
376	if ( $conf['upload_maxheight_thumbnail'] != '' )
377	{
378	$content = l10n('upload_advise_height');
379	$content.= $conf['upload_maxheight_thumbnail'].' px';
380	$template->append('advises', $content);
381	}
382	}
383	else
384	{
385	if ( $conf['upload_maxwidth'] != '' )
386	{
387	$content = l10n('upload_advise_width');
388	$content.= $conf['upload_maxwidth'].' px';
389	$template->append('advises', $content);
390	}
391	if ( $conf['upload_maxheight'] != '' )
392	{
393	$content = l10n('upload_advise_height');
394	$content.= $conf['upload_maxheight'].' px';
395	$template->append('advises', $content);
396	}
397	}
398	$template->append('advises', l10n('upload_advise_filetype'));
399
400	//----------------------------------------- optionnal username and mail address
401	if ( !isset( $page['waiting_id'] ) )
402	{
403	$template->assign('SHOW_FORM_FIELDS', true);
404	}
405	}
406
407	//----------------------------------------------------------- html code display
408	$template->parse('upload');
409	include(PHPWG_ROOT_PATH.'include/page_tail.php');
410	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: