Context Navigation

source: trunk/upload.php @ 38

Last change on this file since 38 was 38, checked in by z0rglub, 21 years ago
Adding support of independant uploadable categories
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 13.6 KB

Line
1	<?php
2	/***************************************************************************
3	* upload.php *
4	* ------------------- *
5	* application : PhpWebGallery 1.3 *
6	* author : Pierrick LE GALL <pierrick@z0rglub.com> *
7	* *
8	***************************************************************************/
9
10	/***************************************************************************
11	* *
12	* This program is free software; you can redistribute it and/or modify *
13	* it under the terms of the GNU General Public License as published by *
14	* the Free Software Foundation; *
15	* *
16	***************************************************************************/
17
18	//------------------------------------------------------------------- functions
19	// The validate_upload function checks if the image of the given path is valid.
20	// A picture is valid when :
21	// - width, height and filesize are not higher than the maximum
22	// filesize authorized by the administrator
23	// - the type of the picture is among jpg, gif and png
24	// The function returns an array containing :
25	// - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
26	// - $result['error'] contains an array with the different errors
27	// found with the picture
28	function validate_upload( $temp_name, $my_max_file_size,
29	$image_max_width, $image_max_height )
30	{
31	global $lang;
32
33	$result = array();
34	$result['error'] = array();
35	//echo $_FILES['picture']['name']."<br />".$temp_name;
36	$extension = get_extension( $_FILES['picture']['name'] );
37	if ( $extension != 'gif' and $extension != 'jpg' and $extension != 'png' )
38	{
39	array_push( $result['error'], $lang['upload_advise_filetype'] );
40	return $result;
41	}
42	if ( !isset( $_FILES['picture'] ) )
43	{
44	// do we even have a file?
45	array_push( $result['error'], "You did not upload anything!" );
46	}
47	else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
48	{
49	array_push( $result['error'],
50	$lang['upload_advise_width'].$my_max_file_size.' KB' );
51	}
52	else
53	{
54	// check if we are allowed to upload this file_type
55	// upload de la photo sous un nom temporaire
56	if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
57	{
58	array_push( $result['error'], $lang['upload_cannot_upload'] );
59	}
60	else
61	{
62	$size = getimagesize( $temp_name );
63	if ( isset( $image_max_width )
64	and $image_max_width != ""
65	and $size[0] > $image_max_width )
66	{
67	array_push( $result['error'],
68	$lang['upload_advise_width'].$image_max_width.' px' );
69	}
70	if ( isset( $image_max_height )
71	and $image_max_height != ""
72	and $size[1] > $image_max_height )
73	{
74	array_push( $result['error'],
75	$lang['upload_advise_height'].$image_max_height.' px' );
76	}
77	// $size[2] == 1 means GIF
78	// $size[2] == 2 means JPG
79	// $size[2] == 3 means PNG
80	switch ( $size[2] )
81	{
82	case 1 : $result['type'] = 'gif'; break;
83	case 2 : $result['type'] = 'jpg'; break;
84	case 3 : $result['type'] = 'png'; break;
85	default :
86	array_push( $result['error'], $lang['upload_advise_filetype'] );
87	}
88	}
89	}
90	if ( sizeof( $result['error'] ) > 0 )
91	{
92	// destruction de l'image avec le nom temporaire
93	@unlink( $temp_name );
94	}
95	return $result;
96	}
97	//----------------------------------------------------------- personnal include
98	include_once( './include/init.inc.php' );
99	//-------------------------------------------------- access authorization check
100	check_login_authorization();
101	check_cat_id( $_GET['cat'] );
102	if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
103	{
104	check_restrictions( $page['cat'] );
105	$result = get_cat_info( $page['cat'] );
106	$page['cat_dir'] = $result['dir'];
107	$page['cat_site_id'] = $result['site_id'];
108	$page['cat_name'] = $result['name'];
109	$page['cat_uploadable'] = $result['uploadable'];
110	}
111	else
112	{
113	$access_forbidden = true;
114	}
115	if ( $access_forbidden == true
116	or $page['cat_site_id'] != 1
117	or !$conf['upload_available']
118	or !$page['cat_uploadable'] )
119	{
120	echo '<div style="text-align:center;">'.$lang['upload_forbidden'].'<br />';
121	echo '<a href="'.add_session_id( './category.php' ).'">';
122	echo $lang['thumbnails'].'</a></div>';
123	exit();
124	}
125	//----------------------------------------------------- template initialization
126	$vtp = new VTemplate;
127	$handle = $vtp->Open( './template/'.$user['template'].'/upload.vtp' );
128	initialize_template();
129
130	$tpl = array( 'upload_title', 'upload_username', 'mail_address', 'submit',
131	'upload_successful', 'search_return_main_page','upload_author',
132	'upload_name','upload_creation_date','upload_comment',
133	'mandatory' );
134	templatize_array( $tpl, 'lang', $handle );
135
136	$error = array();
137	$page['upload_successful'] = false;
138	if ( isset( $_GET['waiting_id'] ) )
139	{
140	$page['waiting_id'] = $_GET['waiting_id'];
141	}
142	//-------------------------------------------------------------- picture upload
143	// verfying fields
144	if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
145	{
146	$path = $page['cat_dir'].$_FILES['picture']['name'];
147	if ( @is_file( $path ) )
148	{
149	array_push( $error, $lang['upload_file_exists'] );
150	}
151	// test de la présence des champs obligatoires
152	if ( $_FILES['picture']['name'] == '' )
153	{
154	array_push( $error, $lang['upload_filenotfound'] );
155	}
156	if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
157	$_POST['mail_address'] ) )
158	{
159	array_push( $error, $lang['reg_err_mail_address'] );
160	}
161	if ( $_POST['username'] == '' )
162	{
163	array_push( $error, $lang['upload_err_username'] );
164	}
165
166	if ( $_POST['date_creation'] != '' )
167	{
168	list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
169	// int checkdate ( int month, int day, int year)
170	if ( checkdate( $month, $day, $year ) )
171	{
172	// int mktime ( int hour, int minute, int second,
173	// int month, int day, int year [, int is_dst])
174	$date_creation = mktime( 0, 0, 0, $month, $day, $year );
175	}
176	else
177	{
178	array_push( $error, $lang['err_date'] );
179	}
180	}
181	// creation of the "infos" field :
182	// <infos author="Pierrick LE GALL" comment="my comment"
183	// date_creation="1056891767" name="" />
184	$xml_infos = '<infos';
185	$xml_infos.= ' author="'.htmlspecialchars($_POST['author'],ENT_QUOTES).'"';
186	$xml_infos.= ' comment="'.htmlspecialchars($_POST['comment'],ENT_QUOTES).'"';
187	$xml_infos.= ' date_creation="'.$date_creation.'"';
188	$xml_infos.= ' name="'.htmlspecialchars( $_POST['name'], ENT_QUOTES).'"';
189	$xml_infos.= ' />';
190
191	if ( sizeof( $error ) == 0 )
192	{
193	$result = validate_upload( $path, $conf['upload_maxfilesize'],
194	$conf['upload_maxwidth'],
195	$conf['upload_maxheight'] );
196	$upload_type = $result['type'];
197	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
198	{
199	array_push( $error, $result['error'][$j] );
200	}
201	}
202
203	if ( sizeof( $error ) == 0 )
204	{
205	$query = 'insert into '.PREFIX_TABLE.'waiting';
206	$query.= ' (cat_id,file,username,mail_address,date,infos) values';
207	$query.= " (".$page['cat'].",'".$_FILES['picture']['name']."'";
208	$query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
209	$query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
210	$query.= ';';
211	mysql_query( $query );
212	$page['waiting_id'] = mysql_insert_id();
213	}
214	}
215	//------------------------------------------------------------ thumbnail upload
216	if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
217	{
218	// upload of the thumbnail
219	$query = 'select file';
220	$query.= ' from '.PREFIX_TABLE.'waiting';
221	$query.= ' where id = '.$_GET['waiting_id'];
222	$query.= ';';
223	$result= mysql_query( $query );
224	$row = mysql_fetch_array( $result );
225	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
226	$extension = get_extension( $_FILES['picture']['name'] );
227	$path = $page['cat_dir'].'thumbnail/';
228	$path.= $conf['prefix_thumbnail'].$file.'.'.$extension;
229	$result = validate_upload( $path, $conf['upload_maxfilesize'],
230	$conf['upload_maxwidth_thumbnail'],
231	$conf['upload_maxheight_thumbnail'] );
232	$upload_type = $result['type'];
233	for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
234	{
235	array_push( $error, $result['error'][$j] );
236	}
237	if ( sizeof( $error ) == 0 )
238	{
239	$query = 'update '.PREFIX_TABLE.'waiting';
240	$query.= " set tn_ext = '".$extension."'";
241	$query.= ' where id = '.$_GET['waiting_id'];
242	$query.= ';';
243	mysql_query( $query );
244	$page['upload_successful'] = true;
245	}
246	}
247
248	if ( !$page['upload_successful'] )
249	{
250	$vtp->addSession( $handle, 'upload_not_successful' );
251	//-------------------------------------------------------------- errors display
252	if ( sizeof( $error ) != 0 )
253	{
254	$vtp->addSession( $handle, 'errors' );
255	for ( $i = 0; $i < sizeof( $error ); $i++ )
256	{
257	$vtp->addSession( $handle, 'li' );
258	$vtp->setVar( $handle, 'li.li', $error[$i] );
259	$vtp->closeSession( $handle, 'li' );
260	}
261	$vtp->closeSession( $handle, 'errors' );
262	}
263	//----------------------------------------------------------------- form action
264	$url = './upload.php?cat='.$page['cat'].'&expand='.$_GET['expand'];
265	if ( isset( $page['waiting_id'] ) )
266	{
267	$url.= '&waiting_id='.$page['waiting_id'];
268	}
269	$vtp->setGlobalVar( $handle, 'form_action', add_session_id( $url ) );
270	//--------------------------------------------------------------------- advises
271	if ( $conf['upload_maxfilesize'] != '' )
272	{
273	$vtp->addSession( $handle, 'advise' );
274	$content = $lang['upload_advise_filesize'];
275	$content.= $conf['upload_maxfilesize'].' KB';
276	$vtp->setVar( $handle, 'advise.content', $content );
277	$vtp->closeSession( $handle, 'advise' );
278	}
279	if ( isset( $page['waiting_id'] ) )
280	{
281	$advise_title=$lang['upload_advise_thumbnail'].$_FILES['picture']['name'];
282	$vtp->setGlobalVar( $handle, 'advise_title', $advise_title );
283
284	if ( $conf['upload_maxwidth_thumbnail'] != '' )
285	{
286	$vtp->addSession( $handle, 'advise' );
287	$content = $lang['upload_advise_width'];
288	$content.= $conf['upload_maxwidth_thumbnail'].' px';
289	$vtp->setVar( $handle, 'advise.content', $content );
290	$vtp->closeSession( $handle, 'advise' );
291	}
292	if ( $conf['upload_maxheight_thumbnail'] != '' )
293	{
294	$vtp->addSession( $handle, 'advise' );
295	$content = $lang['upload_advise_height'];
296	$content.= $conf['upload_maxheight_thumbnail'].' px';
297	$vtp->setVar( $handle, 'advise.content', $content );
298	$vtp->closeSession( $handle, 'advise' );
299	}
300	}
301	else
302	{
303	$advise_title = $lang['upload_advise'];
304	$advise_title.= get_cat_display_name( $page['cat_name'], ' - ',
305	'font-style:italic;' );
306	$vtp->setGlobalVar( $handle, 'advise_title', $advise_title );
307
308	if ( $conf['upload_maxwidth'] != '' )
309	{
310	$vtp->addSession( $handle, 'advise' );
311	$content = $lang['upload_advise_width'];
312	$content.= $conf['upload_maxwidth'].' px';
313	$vtp->setVar( $handle, 'advise.content', $content );
314	$vtp->closeSession( $handle, 'advise' );
315	}
316	if ( $conf['upload_maxheight'] != '' )
317	{
318	$vtp->addSession( $handle, 'advise' );
319	$content = $lang['upload_advise_height'];
320	$content.= $conf['upload_maxheight'].' px';
321	$vtp->setVar( $handle, 'advise.content', $content );
322	$vtp->closeSession( $handle, 'advise' );
323	}
324	}
325	$vtp->addSession( $handle, 'advise' );
326	$content = $lang['upload_advise_filetype'];
327	$vtp->setVar( $handle, 'advise.content', $content );
328	$vtp->closeSession( $handle, 'advise' );
329	//----------------------------------------- optionnal username and mail address
330	if ( !isset( $page['waiting_id'] ) )
331	{
332	$vtp->addSession( $handle, 'fields' );
333	// username
334	if ( isset( $_POST['username'] ) ) $username = $_POST['username'];
335	else $username = $user['username'];
336	$vtp->setVar( $handle, 'fields.username', $username );
337	// mail address
338	if ( isset( $_POST['mail_address'] ) )$mail_address=$_POST['mail_address'];
339	else $mail_address=$user['mail_address'];
340	$vtp->setGlobalVar( $handle, 'user_mail_address',$user['mail_address'] );
341	// name of the picture
342	$vtp->setVar( $handle, 'fields.name', $_POST['name'] );
343	// author
344	$vtp->setVar( $handle, 'fields.author', $_POST['author'] );
345	// date of creation
346	$vtp->setVar( $handle, 'fields.date_creation', $_POST['date_creation'] );
347	// comment
348	$vtp->setVar( $handle, 'fields.comment', $_POST['comment'] );
349
350	$vtp->closeSession( $handle, 'fields' );
351
352	$vtp->addSession( $handle, 'note' );
353	$vtp->closeSession( $handle, 'note' );
354	}
355	$vtp->closeSession( $handle, 'upload_not_successful' );
356	}
357	else
358	{
359	$vtp->addSession( $handle, 'upload_successful' );
360	$vtp->closeSession( $handle, 'upload_successful' );
361	}
362	//----------------------------------------------------- return to main page url
363	$url = './category.php?cat='.$page['cat'].'&expand='.$_GET['expand'];
364	$vtp->setGlobalVar( $handle, 'return_url', add_session_id( $url ) );
365	//----------------------------------------------------------- html code display
366	$code = $vtp->Display( $handle, 0 );
367	echo $code;
368	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: