source: trunk/upload.php @ 2497

Last change on this file since 2497 was 2485, checked in by rvelices, 16 years ago
  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 14.4 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008      Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24define('PHPWG_ROOT_PATH','./');
25
26// +-----------------------------------------------------------------------+
27// | Includes                                                              |
28// +-----------------------------------------------------------------------+
29include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
30include_once(PHPWG_ROOT_PATH.'include/upload.class.php');
31
32// +-----------------------------------------------------------------------+
33// | Check Access and exit when user status is not ok                      |
34// +-----------------------------------------------------------------------+
35check_status($conf['upload_user_access']);
36
37// +-----------------------------------------------------------------------+
38// | Create upload object                                                  |
39// +-----------------------------------------------------------------------+
40$upload = new Upload();
41
42
43$username = !empty($_POST['username']) ? $_POST['username']:(is_classic_user() ? $user['username'] : '');
44$mail_address = !empty($_POST['mail_address']) ? $_POST['mail_address'] : (is_classic_user() ? $user['email'] : '');
45$name = !empty($_POST['name']) ? $_POST['name'] : '';
46$author = !empty($_POST['author']) ? $_POST['author'] : (is_classic_user() ? $user['username'] : '');
47$date_creation = !empty($_POST['date_creation']) ? $_POST['date_creation'] : '';
48$comment = !empty($_POST['comment']) ? $_POST['comment'] : '';
49
50//------------------------------------------------------------------- functions
51// The validate_upload function checks if the image of the given path is valid.
52// A picture is valid when :
53//     - width, height and filesize are not higher than the maximum
54//       filesize authorized by the administrator
55//     - the type of the picture is among jpg, gif and png
56// The function returns an array containing :
57//     - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
58//     - $result['error'] contains an array with the different errors
59//       found with the picture
60function validate_upload( $temp_name, $my_max_file_size,
61                          $image_max_width, $image_max_height )
62{
63  global $conf, $lang, $page, $mail_address;
64
65  $result = array();
66  $result['error'] = array();
67  //echo $_FILES['picture']['name']."<br />".$temp_name;
68  $extension = get_extension( $_FILES['picture']['name'] );
69  if (!in_array($extension, $conf['picture_ext']))
70  {
71    array_push( $result['error'], l10n('upload_advise_filetype') );
72    return $result;
73  }
74  if ( !isset( $_FILES['picture'] ) )
75  {
76    // do we even have a file?
77    array_push( $result['error'], "You did not upload anything!" );
78  }
79  else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
80  {
81    array_push( $result['error'],
82                l10n('upload_advise_filesize').$my_max_file_size.' KB' );
83  }
84  else
85  {
86    // check if we are allowed to upload this file_type
87    // upload de la photo sous un nom temporaire
88    if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
89    {
90      array_push( $result['error'], l10n('upload_cannot_upload') );
91    }
92    else
93    {
94      $size = getimagesize( $temp_name );
95      if ( isset( $image_max_width )
96           and $image_max_width != ""
97           and $size[0] > $image_max_width )
98      {
99        array_push( $result['error'],
100                    l10n('upload_advise_width').$image_max_width.' px' );
101      }
102      if ( isset( $image_max_height )
103           and $image_max_height != ""
104           and $size[1] > $image_max_height )
105      {
106        array_push( $result['error'],
107                    l10n('upload_advise_height').$image_max_height.' px' );
108      }
109      // $size[2] == 1 means GIF
110      // $size[2] == 2 means JPG
111      // $size[2] == 3 means PNG
112      switch ( $size[2] )
113      {
114      case 1 : $result['type'] = 'gif'; break;
115      case 2 : $result['type'] = 'jpg'; break;
116      case 3 : $result['type'] = 'png'; break;
117      default :
118        array_push( $result['error'], l10n('upload_advise_filetype') );
119      }
120    }
121  }
122  if ( sizeof( $result['error'] ) > 0 )
123  {
124    // destruction de l'image avec le nom temporaire
125    @unlink( $temp_name );
126  }
127  else
128  {
129    @chmod( $temp_name, 0644);
130  }
131
132  //------------------------------------------------------------ log informations
133  pwg_log();
134
135  return $result;
136}
137
138//-------------------------------------------------- access authorization check
139if (isset($_POST['category']) and is_numeric($_POST['category']))
140{
141  $page['category'] = $_POST['category'];
142}
143else
144if (isset($_GET['cat']) and is_numeric($_GET['cat']))
145{
146  $page['category'] = $_GET['cat'];
147}
148else
149{
150  $page['category'] = null;
151}
152
153if (! empty($page['category']))
154{
155  check_restrictions($page['category']);
156  $category = get_cat_info($page['category']);
157  $category['cat_dir'] = get_complete_dir($page['category']);
158
159  if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
160  {
161    page_forbidden('upload not allowed');
162  }
163}
164else
165{
166  if (isset($_POST['submit']))
167  {
168    // $page['category'] may be set by a futur plugin but without it
169    bad_request('invalid parameters');
170  }
171  else
172  {
173    $category = null;
174  }
175}
176
177$error = array();
178$page['upload_successful'] = false;
179if ( isset( $_GET['waiting_id'] ) )
180{
181  $page['waiting_id'] = $_GET['waiting_id'];
182}
183
184//-------------------------------------------------------------- picture upload
185// verfying fields
186if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
187{
188  $path = $category['cat_dir'].$_FILES['picture']['name'];
189  if ( @is_file( $path ) )
190  {
191    array_push( $error, l10n('upload_file_exists') );
192  }
193  // test de la présence des champs obligatoires
194  if ( empty($_FILES['picture']['name']))
195  {
196    array_push( $error, l10n('upload_filenotfound') );
197  }
198  if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
199             $_POST['mail_address'] ) )
200  {
201    array_push( $error, l10n('reg_err_mail_address') );
202  }
203  if ( empty($_POST['username']) )
204  {
205    array_push( $error, l10n('upload_err_username') );
206  }
207
208  $date_creation = '';
209  if ( !empty($_POST['date_creation']) )
210  {
211    list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
212    // int checkdate ( int month, int day, int year)
213    if (checkdate($month, $day, $year))
214    {
215      $date_creation = $year.'-'.$month.'-'.$day;
216    }
217    else
218    {
219      array_push( $error, l10n('err_date') );
220    }
221  }
222  // creation of the "infos" field :
223  // <infos author="Pierrick LE GALL" comment="my comment"
224  //        date_creation="2004-08-14" name="" />
225  $xml_infos = '<infos ';
226  $xml_infos.= encodeAttribute('author', $_POST['author']);
227  $xml_infos.= encodeAttribute('comment', $_POST['comment']);
228  $xml_infos.= encodeAttribute('date_creation', $date_creation);
229  $xml_infos.= encodeAttribute('name', $_POST['name']);
230  $xml_infos.= ' />';
231
232  if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
233  {
234    array_push( $error, l10n('update_wrong_dirname') );
235  }
236
237  if ( sizeof( $error ) == 0 )
238  {
239    $result = validate_upload( $path, $conf['upload_maxfilesize'],
240                               $conf['upload_maxwidth'],
241                               $conf['upload_maxheight']  );
242    for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
243    {
244      array_push( $error, $result['error'][$j] );
245    }
246  }
247
248  if ( sizeof( $error ) == 0 )
249  {
250    $query = 'insert into '.WAITING_TABLE;
251    $query.= ' (storage_category_id,file,username,mail_address,date,infos)';
252    $query.= ' values ';
253    $query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
254    $query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
255    $query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
256    $query.= ';';
257    pwg_query( $query );
258    $page['waiting_id'] = mysql_insert_id();
259
260    if ($conf['email_admin_on_picture_uploaded'])
261    {
262      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
263
264      $waiting_url = get_absolute_root_url().'admin.php?page=upload';
265
266      $keyargs_content = array
267      (
268        get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
269        get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
270        get_l10n_args('User: %s', $_POST['username']),
271        get_l10n_args('Email: %s', $_POST['mail_address']),
272        get_l10n_args('Picture name: %s', $_POST['name']),
273        get_l10n_args('Author: %s', $_POST['author']),
274        get_l10n_args('Creation date: %s', $_POST['date_creation']),
275        get_l10n_args('Comment: %s', $_POST['comment']),
276        get_l10n_args('', ''),
277        get_l10n_args('Waiting page: %s', $waiting_url)
278      );
279
280      pwg_mail_notification_admins
281      (
282        get_l10n_args('Picture uploaded by %s', $_POST['username']),
283        $keyargs_content
284      );
285    }
286  }
287}
288
289//------------------------------------------------------------ thumbnail upload
290if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
291{
292  // upload of the thumbnail
293  $query = 'select file';
294  $query.= ' from '.WAITING_TABLE;
295  $query.= ' where id = '.$_GET['waiting_id'];
296  $query.= ';';
297  $result= pwg_query( $query );
298  $row = mysql_fetch_array( $result );
299  $file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
300  $extension = get_extension( $_FILES['picture']['name'] );
301
302  if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
303  {
304    $path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
305    $result = validate_upload( $path, $conf['upload_maxfilesize'],
306                               $conf['upload_maxwidth_thumbnail'],
307                               $conf['upload_maxheight_thumbnail']  );
308    for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
309    {
310      array_push( $error, $result['error'][$j] );
311    }
312  }
313
314  if ( sizeof( $error ) == 0 )
315  {
316    $query = 'update '.WAITING_TABLE;
317    $query.= " set tn_ext = '".$extension."'";
318    $query.= ' where id = '.$_GET['waiting_id'];
319    $query.= ';';
320    pwg_query( $query );
321    $page['upload_successful'] = true;
322  }
323}
324
325//
326// Start output of page
327//
328$title= l10n('upload_title');
329$page['body_id'] = 'theUploadPage';
330include(PHPWG_ROOT_PATH.'include/page_header.php');
331$template->set_filenames(array('upload'=>'upload.tpl'));
332
333// Load category list
334$query = '
335SELECT
336  id, name, uppercats, global_rank
337FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_CACHE_CATEGORIES_TABLE.'
338  ON id = cat_id and user_id = '.$user['id'].'
339WHERE
340  uploadable = \'true\'
341  '.get_sql_condition_FandF
342    (
343      array
344        (
345          'visible_categories' => 'id',
346        ),
347      'AND'
348    ).'
349;';
350display_select_cat_wrapper($query, array($page['category']), 'categories');
351
352$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
353if ( isset( $page['waiting_id'] ) )
354{
355$u_form.= '&amp;waiting_id='.$page['waiting_id'];
356}
357
358if ( isset( $page['waiting_id'] ) )
359{
360  $advise_title = l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
361}
362else
363{
364  $advise_title = l10n('Choose an image');
365}
366
367$template->assign(
368  array(
369    'ADVISE_TITLE' => $advise_title,
370    'NAME' => $username,
371    'EMAIL' => $mail_address,
372    'NAME_IMG' => $name,
373    'AUTHOR_IMG' => $author,
374    'DATE_IMG' => $date_creation,
375    'COMMENT_IMG' => $comment,
376
377    'F_ACTION' => $u_form,
378
379    'U_RETURN' => make_index_url(array('category' => $category)),
380    )
381  );
382
383$template->assign('errors', $error);
384$template->assign('UPLOAD_SUCCESSFUL', $page['upload_successful'] );
385
386if ( !$page['upload_successful'] )
387{
388//--------------------------------------------------------------------- advises
389  if ( !empty($conf['upload_maxfilesize']) )
390  {
391    $content = l10n('upload_advise_filesize');
392    $content.= $conf['upload_maxfilesize'].' KB';
393    $template->append('advises', $content);
394  }
395
396  if ( isset( $page['waiting_id'] ) )
397  {
398    if ( $conf['upload_maxwidth_thumbnail'] != '' )
399    {
400      $content = l10n('upload_advise_width');
401      $content.= $conf['upload_maxwidth_thumbnail'].' px';
402      $template->append('advises', $content);
403    }
404    if ( $conf['upload_maxheight_thumbnail'] != '' )
405    {
406      $content = l10n('upload_advise_height');
407      $content.= $conf['upload_maxheight_thumbnail'].' px';
408      $template->append('advises', $content);
409    }
410  }
411  else
412  {
413    if ( $conf['upload_maxwidth'] != '' )
414    {
415      $content = l10n('upload_advise_width');
416      $content.= $conf['upload_maxwidth'].' px';
417      $template->append('advises', $content);
418    }
419    if ( $conf['upload_maxheight'] != '' )
420    {
421      $content = l10n('upload_advise_height');
422      $content.= $conf['upload_maxheight'].' px';
423      $template->append('advises', $content);
424    }
425  }
426  $template->append('advises', l10n('upload_advise_filetype'));
427
428//----------------------------------------- optionnal username and mail address
429  if ( !isset( $page['waiting_id'] ) )
430  {
431    $template->assign('SHOW_FORM_FIELDS', true);
432  }
433}
434
435//----------------------------------------------------------- html code display
436$template->parse('upload');
437include(PHPWG_ROOT_PATH.'include/page_tail.php');
438?>
Note: See TracBrowser for help on using the repository browser.