source: trunk/upload.php @ 2299

Last change on this file since 2299 was 2299, checked in by plg, 17 years ago

Bug fixed: as rvelices notified me by email, my header replacement script was
bugged (r2297 was repeating new and old header).

By the way, I've also removed the replacement keywords. We were using them
because it was a common usage with CVS but it is advised not to use them with
Subversion. Personnaly, it is a problem when I search differences between 2
Piwigo installations outside Subversion.

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 12.9 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008      Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23define('PHPWG_ROOT_PATH','./');
24include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
25
26check_status(ACCESS_GUEST);
27
28$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
29$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
30$name = !empty($_POST['name'])?$_POST['name']:'';
31$author = !empty($_POST['author'])?$_POST['author']:'';
32$date_creation = !empty($_POST['date_creation'])?$_POST['date_creation']:'';
33$comment = !empty($_POST['comment'])?$_POST['comment']:'';
34
35//------------------------------------------------------------------- functions
36// The validate_upload function checks if the image of the given path is valid.
37// A picture is valid when :
38//     - width, height and filesize are not higher than the maximum
39//       filesize authorized by the administrator
40//     - the type of the picture is among jpg, gif and png
41// The function returns an array containing :
42//     - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
43//     - $result['error'] contains an array with the different errors
44//       found with the picture
45function validate_upload( $temp_name, $my_max_file_size,
46                          $image_max_width, $image_max_height )
47{
48  global $conf, $lang, $page, $mail_address;
49
50  $result = array();
51  $result['error'] = array();
52  //echo $_FILES['picture']['name']."<br />".$temp_name;
53  $extension = get_extension( $_FILES['picture']['name'] );
54  if (!in_array($extension, $conf['picture_ext']))
55  {
56    array_push( $result['error'], l10n('upload_advise_filetype') );
57    return $result;
58  }
59  if ( !isset( $_FILES['picture'] ) )
60  {
61    // do we even have a file?
62    array_push( $result['error'], "You did not upload anything!" );
63  }
64  else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
65  {
66    array_push( $result['error'],
67                l10n('upload_advise_filesize').$my_max_file_size.' KB' );
68  }
69  else
70  {
71    // check if we are allowed to upload this file_type
72    // upload de la photo sous un nom temporaire
73    if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
74    {
75      array_push( $result['error'], l10n('upload_cannot_upload') );
76    }
77    else
78    {
79      $size = getimagesize( $temp_name );
80      if ( isset( $image_max_width )
81           and $image_max_width != ""
82           and $size[0] > $image_max_width )
83      {
84        array_push( $result['error'],
85                    l10n('upload_advise_width').$image_max_width.' px' );
86      }
87      if ( isset( $image_max_height )
88           and $image_max_height != ""
89           and $size[1] > $image_max_height )
90      {
91        array_push( $result['error'],
92                    l10n('upload_advise_height').$image_max_height.' px' );
93      }
94      // $size[2] == 1 means GIF
95      // $size[2] == 2 means JPG
96      // $size[2] == 3 means PNG
97      switch ( $size[2] )
98      {
99      case 1 : $result['type'] = 'gif'; break;
100      case 2 : $result['type'] = 'jpg'; break;
101      case 3 : $result['type'] = 'png'; break;
102      default :
103        array_push( $result['error'], l10n('upload_advise_filetype') );
104      }
105    }
106  }
107  if ( sizeof( $result['error'] ) > 0 )
108  {
109    // destruction de l'image avec le nom temporaire
110    @unlink( $temp_name );
111  }
112  else
113  {
114    @chmod( $temp_name, 0644);
115  }
116
117  //------------------------------------------------------------ log informations
118  pwg_log();
119
120  return $result;
121}
122
123//-------------------------------------------------- access authorization check
124if (isset($_GET['cat']) and is_numeric($_GET['cat']))
125{
126  $page['category'] = $_GET['cat'];
127}
128
129if (isset($page['category']))
130{
131  check_restrictions( $page['category'] );
132  $category = get_cat_info( $page['category'] );
133  $category['cat_dir'] = get_complete_dir( $page['category'] );
134
135  if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
136  {
137    page_forbidden('upload not allowed');
138  }
139}
140else { // $page['category'] may be set by a futur plugin but without it
141  bad_request('invalid parameters');
142}
143
144$error = array();
145$page['upload_successful'] = false;
146if ( isset( $_GET['waiting_id'] ) )
147{
148  $page['waiting_id'] = $_GET['waiting_id'];
149}
150//-------------------------------------------------------------- picture upload
151// verfying fields
152if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
153{
154  $path = $category['cat_dir'].$_FILES['picture']['name'];
155  if ( @is_file( $path ) )
156  {
157    array_push( $error, l10n('upload_file_exists') );
158  }
159  // test de la présence des champs obligatoires
160  if ( empty($_FILES['picture']['name']))
161  {
162    array_push( $error, l10n('upload_filenotfound') );
163  }
164  if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
165             $_POST['mail_address'] ) )
166  {
167    array_push( $error, l10n('reg_err_mail_address') );
168  }
169  if ( empty($_POST['username']) )
170  {
171    array_push( $error, l10n('upload_err_username') );
172  }
173
174  $date_creation = '';
175  if ( !empty($_POST['date_creation']) )
176  {
177    list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
178    // int checkdate ( int month, int day, int year)
179    if (checkdate($month, $day, $year))
180    {
181      $date_creation = $year.'-'.$month.'-'.$day;
182    }
183    else
184    {
185      array_push( $error, l10n('err_date') );
186    }
187  }
188  // creation of the "infos" field :
189  // <infos author="Pierrick LE GALL" comment="my comment"
190  //        date_creation="2004-08-14" name="" />
191  $xml_infos = '<infos';
192  $xml_infos.= encodeAttribute('author', $_POST['author']);
193  $xml_infos.= encodeAttribute('comment', $_POST['comment']);
194  $xml_infos.= encodeAttribute('date_creation', $date_creation);
195  $xml_infos.= encodeAttribute('name', $_POST['name']);
196  $xml_infos.= ' />';
197
198  if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
199  {
200    array_push( $error, l10n('update_wrong_dirname') );
201  }
202
203  if ( sizeof( $error ) == 0 )
204  {
205    $result = validate_upload( $path, $conf['upload_maxfilesize'],
206                               $conf['upload_maxwidth'],
207                               $conf['upload_maxheight']  );
208    for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
209    {
210      array_push( $error, $result['error'][$j] );
211    }
212  }
213
214  if ( sizeof( $error ) == 0 )
215  {
216    $query = 'insert into '.WAITING_TABLE;
217    $query.= ' (storage_category_id,file,username,mail_address,date,infos)';
218    $query.= ' values ';
219    $query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
220    $query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
221    $query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
222    $query.= ';';
223    pwg_query( $query );
224    $page['waiting_id'] = mysql_insert_id();
225
226    if ($conf['email_admin_on_picture_uploaded'])
227    {
228      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
229
230      $waiting_url = get_absolute_root_url().'admin.php?page=upload';
231
232      $keyargs_content = array
233      (
234        get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
235        get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
236        get_l10n_args('User: %s', $_POST['username']),
237        get_l10n_args('Email: %s', $_POST['mail_address']),
238        get_l10n_args('Picture name: %s', $_POST['name']),
239        get_l10n_args('Author: %s', $_POST['author']),
240        get_l10n_args('Creation date: %s', $_POST['date_creation']),
241        get_l10n_args('Comment: %s', $_POST['comment']),
242        get_l10n_args('', ''),
243        get_l10n_args('Waiting page: %s', $waiting_url)
244      );
245
246      pwg_mail_notification_admins
247      (
248        get_l10n_args('Picture uploaded by %s', $_POST['username']),
249        $keyargs_content
250      );
251    }
252  }
253}
254
255//------------------------------------------------------------ thumbnail upload
256if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
257{
258  // upload of the thumbnail
259  $query = 'select file';
260  $query.= ' from '.WAITING_TABLE;
261  $query.= ' where id = '.$_GET['waiting_id'];
262  $query.= ';';
263  $result= pwg_query( $query );
264  $row = mysql_fetch_array( $result );
265  $file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
266  $extension = get_extension( $_FILES['picture']['name'] );
267
268  if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
269  {
270    $path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
271    $result = validate_upload( $path, $conf['upload_maxfilesize'],
272                               $conf['upload_maxwidth_thumbnail'],
273                               $conf['upload_maxheight_thumbnail']  );
274    for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
275    {
276      array_push( $error, $result['error'][$j] );
277    }
278  }
279
280  if ( sizeof( $error ) == 0 )
281  {
282    $query = 'update '.WAITING_TABLE;
283    $query.= " set tn_ext = '".$extension."'";
284    $query.= ' where id = '.$_GET['waiting_id'];
285    $query.= ';';
286    pwg_query( $query );
287    $page['upload_successful'] = true;
288  }
289}
290
291//
292// Start output of page
293//
294$title= l10n('upload_title');
295$page['body_id'] = 'theUploadPage';
296include(PHPWG_ROOT_PATH.'include/page_header.php');
297$template->set_filenames(array('upload'=>'upload.tpl'));
298
299$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
300if ( isset( $page['waiting_id'] ) )
301{
302$u_form.= '&amp;waiting_id='.$page['waiting_id'];
303}
304
305if ( isset( $page['waiting_id'] ) )
306{
307  $advise_title=l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
308}
309else
310{
311  $advise_title = l10n('upload_advise');
312  $advise_title.= get_cat_display_name($category['upper_names']);
313}
314
315$template->assign(
316  array(
317    'ADVISE_TITLE' => $advise_title,
318    'NAME' => $username,
319    'EMAIL' => $mail_address,
320    'NAME_IMG' => $name,
321    'AUTHOR_IMG' => $author,
322    'DATE_IMG' => $date_creation,
323    'COMMENT_IMG' => $comment,
324
325    'F_ACTION' => $u_form,
326
327    'U_RETURN' => make_index_url(array('category' => $category)),
328    )
329  );
330
331$template->assign('errors', $error);
332$template->assign('UPLOAD_SUCCESSFUL', $page['upload_successful'] );
333
334if ( !$page['upload_successful'] )
335{
336//--------------------------------------------------------------------- advises
337  if ( !empty($conf['upload_maxfilesize']) )
338  {
339    $content = l10n('upload_advise_filesize');
340    $content.= $conf['upload_maxfilesize'].' KB';
341    $template->append('advises', $content);
342  }
343
344  if ( isset( $page['waiting_id'] ) )
345  {
346    if ( $conf['upload_maxwidth_thumbnail'] != '' )
347    {
348      $content = l10n('upload_advise_width');
349      $content.= $conf['upload_maxwidth_thumbnail'].' px';
350      $template->append('advises', $content);
351    }
352    if ( $conf['upload_maxheight_thumbnail'] != '' )
353    {
354      $content = l10n('upload_advise_height');
355      $content.= $conf['upload_maxheight_thumbnail'].' px';
356      $template->append('advises', $content);
357    }
358  }
359  else
360  {
361    if ( $conf['upload_maxwidth'] != '' )
362    {
363      $content = l10n('upload_advise_width');
364      $content.= $conf['upload_maxwidth'].' px';
365      $template->append('advises', $content);
366    }
367    if ( $conf['upload_maxheight'] != '' )
368    {
369      $content = l10n('upload_advise_height');
370      $content.= $conf['upload_maxheight'].' px';
371      $template->append('advises', $content);
372    }
373  }
374  $template->append('advises', l10n('upload_advise_filetype'));
375
376//----------------------------------------- optionnal username and mail address
377  if ( !isset( $page['waiting_id'] ) )
378  {
379    $template->assign('SHOW_FORM_FIELDS', true);
380  }
381}
382
383//----------------------------------------------------------- html code display
384$template->parse('upload');
385include(PHPWG_ROOT_PATH.'include/page_tail.php');
386?>
Note: See TracBrowser for help on using the repository browser.