source: trunk/upload.php @ 2455

Last change on this file since 2455 was 2325, checked in by rub, 17 years ago

Resolved issue 0000823: Enhance upload functionalities

First commit, others will be follow.
Not hesitate to change my translations.

Add upload configuration tabsheet (move and add configuration)
Change and add define for access level
Can show upload link every time
Can restrict access upload.class.php
Can choice category on upload page
Add upload class not use for the moment
Review quickly and temporary style of upload.tpl

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 14.4 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008      Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24define('PHPWG_ROOT_PATH','./');
25
26// +-----------------------------------------------------------------------+
27// | Includes                                                              |
28// +-----------------------------------------------------------------------+
29include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
30include_once(PHPWG_ROOT_PATH.'include/upload.class.php');
31
32// +-----------------------------------------------------------------------+
33// | Check Access and exit when user status is not ok                      |
34// +-----------------------------------------------------------------------+
35check_status($conf['upload_user_access']);
36
37// +-----------------------------------------------------------------------+
38// | Create upload object                                                  |
39// +-----------------------------------------------------------------------+
40$upload = new Upload();
41
42
43$username = !empty($_POST['username']) ? $_POST['username']:(is_classic_user() ? $user['username'] : '');
44$mail_address = !empty($_POST['mail_address']) ? $_POST['mail_address'] : (is_classic_user() ? $user['email'] : '');
45$name = !empty($_POST['name']) ? $_POST['name'] : '';
46$author = !empty($_POST['author']) ? $_POST['author'] : (is_classic_user() ? $user['username'] : '');
47$date_creation = !empty($_POST['date_creation']) ? $_POST['date_creation'] : '';
48$comment = !empty($_POST['comment']) ? $_POST['comment'] : '';
49
50//------------------------------------------------------------------- functions
51// The validate_upload function checks if the image of the given path is valid.
52// A picture is valid when :
53//     - width, height and filesize are not higher than the maximum
54//       filesize authorized by the administrator
55//     - the type of the picture is among jpg, gif and png
56// The function returns an array containing :
57//     - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
58//     - $result['error'] contains an array with the different errors
59//       found with the picture
60function validate_upload( $temp_name, $my_max_file_size,
61                          $image_max_width, $image_max_height )
62{
63  global $conf, $lang, $page, $mail_address;
64
65  $result = array();
66  $result['error'] = array();
67  //echo $_FILES['picture']['name']."<br />".$temp_name;
68  $extension = get_extension( $_FILES['picture']['name'] );
69  if (!in_array($extension, $conf['picture_ext']))
70  {
71    array_push( $result['error'], l10n('upload_advise_filetype') );
72    return $result;
73  }
74  if ( !isset( $_FILES['picture'] ) )
75  {
76    // do we even have a file?
77    array_push( $result['error'], "You did not upload anything!" );
78  }
79  else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
80  {
81    array_push( $result['error'],
82                l10n('upload_advise_filesize').$my_max_file_size.' KB' );
83  }
84  else
85  {
86    // check if we are allowed to upload this file_type
87    // upload de la photo sous un nom temporaire
88    if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
89    {
90      array_push( $result['error'], l10n('upload_cannot_upload') );
91    }
92    else
93    {
94      $size = getimagesize( $temp_name );
95      if ( isset( $image_max_width )
96           and $image_max_width != ""
97           and $size[0] > $image_max_width )
98      {
99        array_push( $result['error'],
100                    l10n('upload_advise_width').$image_max_width.' px' );
101      }
102      if ( isset( $image_max_height )
103           and $image_max_height != ""
104           and $size[1] > $image_max_height )
105      {
106        array_push( $result['error'],
107                    l10n('upload_advise_height').$image_max_height.' px' );
108      }
109      // $size[2] == 1 means GIF
110      // $size[2] == 2 means JPG
111      // $size[2] == 3 means PNG
112      switch ( $size[2] )
113      {
114      case 1 : $result['type'] = 'gif'; break;
115      case 2 : $result['type'] = 'jpg'; break;
116      case 3 : $result['type'] = 'png'; break;
117      default :
118        array_push( $result['error'], l10n('upload_advise_filetype') );
119      }
120    }
121  }
122  if ( sizeof( $result['error'] ) > 0 )
123  {
124    // destruction de l'image avec le nom temporaire
125    @unlink( $temp_name );
126  }
127  else
128  {
129    @chmod( $temp_name, 0644);
130  }
131
132  //------------------------------------------------------------ log informations
133  pwg_log();
134
135  return $result;
136}
137
138//-------------------------------------------------- access authorization check
139if (isset($_POST['category']) and is_numeric($_POST['category']))
140{
141  $page['category'] = $_POST['category'];
142}
143else
144if (isset($_GET['cat']) and is_numeric($_GET['cat']))
145{
146  $page['category'] = $_GET['cat'];
147}
148else
149{
150  $page['category'] = null;
151}
152
153if (! empty($page['category']))
154{
155  check_restrictions($page['category']);
156  $category = get_cat_info($page['category']);
157  $category['cat_dir'] = get_complete_dir($page['category']);
158
159  if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
160  {
161    page_forbidden('upload not allowed');
162  }
163}
164else
165{
166  if (isset($_POST['submit']))
167  {
168    // $page['category'] may be set by a futur plugin but without it
169    bad_request('invalid parameters');
170  }
171  else
172  {
173    $category = null;
174  }
175}
176
177$error = array();
178$page['upload_successful'] = false;
179if ( isset( $_GET['waiting_id'] ) )
180{
181  $page['waiting_id'] = $_GET['waiting_id'];
182}
183
184//-------------------------------------------------------------- picture upload
185// verfying fields
186if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
187{
188  $path = $category['cat_dir'].$_FILES['picture']['name'];
189  if ( @is_file( $path ) )
190  {
191    array_push( $error, l10n('upload_file_exists') );
192  }
193  // test de la présence des champs obligatoires
194  if ( empty($_FILES['picture']['name']))
195  {
196    array_push( $error, l10n('upload_filenotfound') );
197  }
198  if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
199             $_POST['mail_address'] ) )
200  {
201    array_push( $error, l10n('reg_err_mail_address') );
202  }
203  if ( empty($_POST['username']) )
204  {
205    array_push( $error, l10n('upload_err_username') );
206  }
207
208  $date_creation = '';
209  if ( !empty($_POST['date_creation']) )
210  {
211    list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
212    // int checkdate ( int month, int day, int year)
213    if (checkdate($month, $day, $year))
214    {
215      $date_creation = $year.'-'.$month.'-'.$day;
216    }
217    else
218    {
219      array_push( $error, l10n('err_date') );
220    }
221  }
222  // creation of the "infos" field :
223  // <infos author="Pierrick LE GALL" comment="my comment"
224  //        date_creation="2004-08-14" name="" />
225  $xml_infos = '<infos';
226  $xml_infos.= encodeAttribute('author', $_POST['author']);
227  $xml_infos.= encodeAttribute('comment', $_POST['comment']);
228  $xml_infos.= encodeAttribute('date_creation', $date_creation);
229  $xml_infos.= encodeAttribute('name', $_POST['name']);
230  $xml_infos.= ' />';
231
232  if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
233  {
234    array_push( $error, l10n('update_wrong_dirname') );
235  }
236
237  if ( sizeof( $error ) == 0 )
238  {
239    $result = validate_upload( $path, $conf['upload_maxfilesize'],
240                               $conf['upload_maxwidth'],
241                               $conf['upload_maxheight']  );
242    for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
243    {
244      array_push( $error, $result['error'][$j] );
245    }
246  }
247
248  if ( sizeof( $error ) == 0 )
249  {
250    $query = 'insert into '.WAITING_TABLE;
251    $query.= ' (storage_category_id,file,username,mail_address,date,infos)';
252    $query.= ' values ';
253    $query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
254    $query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
255    $query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
256    $query.= ';';
257    pwg_query( $query );
258    $page['waiting_id'] = mysql_insert_id();
259
260    if ($conf['email_admin_on_picture_uploaded'])
261    {
262      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
263
264      $waiting_url = get_absolute_root_url().'admin.php?page=upload';
265
266      $keyargs_content = array
267      (
268        get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
269        get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
270        get_l10n_args('User: %s', $_POST['username']),
271        get_l10n_args('Email: %s', $_POST['mail_address']),
272        get_l10n_args('Picture name: %s', $_POST['name']),
273        get_l10n_args('Author: %s', $_POST['author']),
274        get_l10n_args('Creation date: %s', $_POST['date_creation']),
275        get_l10n_args('Comment: %s', $_POST['comment']),
276        get_l10n_args('', ''),
277        get_l10n_args('Waiting page: %s', $waiting_url)
278      );
279
280      pwg_mail_notification_admins
281      (
282        get_l10n_args('Picture uploaded by %s', $_POST['username']),
283        $keyargs_content
284      );
285    }
286  }
287}
288
289//------------------------------------------------------------ thumbnail upload
290if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
291{
292  // upload of the thumbnail
293  $query = 'select file';
294  $query.= ' from '.WAITING_TABLE;
295  $query.= ' where id = '.$_GET['waiting_id'];
296  $query.= ';';
297  $result= pwg_query( $query );
298  $row = mysql_fetch_array( $result );
299  $file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
300  $extension = get_extension( $_FILES['picture']['name'] );
301
302  if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
303  {
304    $path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
305    $result = validate_upload( $path, $conf['upload_maxfilesize'],
306                               $conf['upload_maxwidth_thumbnail'],
307                               $conf['upload_maxheight_thumbnail']  );
308    for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
309    {
310      array_push( $error, $result['error'][$j] );
311    }
312  }
313
314  if ( sizeof( $error ) == 0 )
315  {
316    $query = 'update '.WAITING_TABLE;
317    $query.= " set tn_ext = '".$extension."'";
318    $query.= ' where id = '.$_GET['waiting_id'];
319    $query.= ';';
320    pwg_query( $query );
321    $page['upload_successful'] = true;
322  }
323}
324
325//
326// Start output of page
327//
328$title= l10n('upload_title');
329$page['body_id'] = 'theUploadPage';
330include(PHPWG_ROOT_PATH.'include/page_header.php');
331$template->set_filenames(array('upload'=>'upload.tpl'));
332
333// Load category list
334$query = '
335SELECT
336  id, name, uppercats, global_rank
337FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_CACHE_CATEGORIES_TABLE.'
338  ON id = cat_id and user_id = '.$user['id'].'
339WHERE
340  uploadable = \'true\'
341  '.get_sql_condition_FandF
342    (
343      array
344        (
345          'visible_categories' => 'id',
346        ),
347      'AND'
348    ).'
349;';
350display_select_cat_wrapper($query, array($page['category']), 'categories');
351
352$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
353if ( isset( $page['waiting_id'] ) )
354{
355$u_form.= '&amp;waiting_id='.$page['waiting_id'];
356}
357
358if ( isset( $page['waiting_id'] ) )
359{
360  $advise_title = l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
361}
362else
363{
364  $advise_title = l10n('Choose an image');
365}
366
367$template->assign(
368  array(
369    'ADVISE_TITLE' => $advise_title,
370    'NAME' => $username,
371    'EMAIL' => $mail_address,
372    'NAME_IMG' => $name,
373    'AUTHOR_IMG' => $author,
374    'DATE_IMG' => $date_creation,
375    'COMMENT_IMG' => $comment,
376
377    'F_ACTION' => $u_form,
378
379    'U_RETURN' => make_index_url(array('category' => $category)),
380    )
381  );
382
383$template->assign('errors', $error);
384$template->assign('UPLOAD_SUCCESSFUL', $page['upload_successful'] );
385
386if ( !$page['upload_successful'] )
387{
388//--------------------------------------------------------------------- advises
389  if ( !empty($conf['upload_maxfilesize']) )
390  {
391    $content = l10n('upload_advise_filesize');
392    $content.= $conf['upload_maxfilesize'].' KB';
393    $template->append('advises', $content);
394  }
395
396  if ( isset( $page['waiting_id'] ) )
397  {
398    if ( $conf['upload_maxwidth_thumbnail'] != '' )
399    {
400      $content = l10n('upload_advise_width');
401      $content.= $conf['upload_maxwidth_thumbnail'].' px';
402      $template->append('advises', $content);
403    }
404    if ( $conf['upload_maxheight_thumbnail'] != '' )
405    {
406      $content = l10n('upload_advise_height');
407      $content.= $conf['upload_maxheight_thumbnail'].' px';
408      $template->append('advises', $content);
409    }
410  }
411  else
412  {
413    if ( $conf['upload_maxwidth'] != '' )
414    {
415      $content = l10n('upload_advise_width');
416      $content.= $conf['upload_maxwidth'].' px';
417      $template->append('advises', $content);
418    }
419    if ( $conf['upload_maxheight'] != '' )
420    {
421      $content = l10n('upload_advise_height');
422      $content.= $conf['upload_maxheight'].' px';
423      $template->append('advises', $content);
424    }
425  }
426  $template->append('advises', l10n('upload_advise_filetype'));
427
428//----------------------------------------- optionnal username and mail address
429  if ( !isset( $page['waiting_id'] ) )
430  {
431    $template->assign('SHOW_FORM_FIELDS', true);
432  }
433}
434
435//----------------------------------------------------------- html code display
436$template->parse('upload');
437include(PHPWG_ROOT_PATH.'include/page_tail.php');
438?>
Note: See TracBrowser for help on using the repository browser.