| 6 |
kaklik |
1 |
<?php
|
|
|
2 |
/*************************
|
|
|
3 |
Coppermine Photo Gallery
|
|
|
4 |
************************
|
|
|
5 |
Copyright (c) 2003-2005 Coppermine Dev Team
|
|
|
6 |
v1.1 originaly written by Gregory DEMAR
|
|
|
7 |
|
|
|
8 |
This program is free software; you can redistribute it and/or modify
|
|
|
9 |
it under the terms of the GNU General Public License as published by
|
|
|
10 |
the Free Software Foundation; either version 2 of the License, or
|
|
|
11 |
(at your option) any later version.
|
|
|
12 |
********************************************
|
|
|
13 |
Coppermine version: 1.3.3
|
|
|
14 |
$Source: /cvsroot/coppermine/stable/upload.php,v $
|
|
|
15 |
$Revision: 1.14 $
|
|
|
16 |
$Author: gaugau $
|
|
|
17 |
$Date: 2005/04/19 03:17:11 $
|
|
|
18 |
**********************************************/
|
|
|
19 |
|
|
|
20 |
// Confirm we are in Coppermine and set the language blocks.
|
|
|
21 |
define('IN_COPPERMINE', true);
|
|
|
22 |
define('UPLOAD_PHP', true);
|
|
|
23 |
define('DB_INPUT_PHP', true);
|
|
|
24 |
define('CONFIG_PHP', true);
|
|
|
25 |
|
|
|
26 |
// Call basic functions, etc.
|
|
|
27 |
require('include/init.inc.php');
|
|
|
28 |
require('include/picmgmt.inc.php');
|
|
|
29 |
|
|
|
30 |
// Some placeholders.
|
|
|
31 |
$customize = CUSTOMIZE_UPLOAD_FORM;
|
|
|
32 |
$user_form = USER_UPLOAD_FORM;
|
|
|
33 |
$allowed_URI_boxes = NUM_URI_BOXES;
|
|
|
34 |
$allowed_file_boxes = NUM_FILE_BOXES;
|
|
|
35 |
|
|
|
36 |
// Check to see if user can upload pictures. Quit with an error if he cannot.
|
|
|
37 |
if (!USER_CAN_UPLOAD_PICTURES) {
|
|
|
38 |
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
|
|
|
39 |
}
|
|
|
40 |
|
|
|
41 |
// Globalize $CONFIG.
|
|
|
42 |
global $CONFIG, $lang_upload_php, $user_form, $max_file_size;
|
|
|
43 |
|
|
|
44 |
//___________________________________Function Block_______________________________________
|
|
|
45 |
|
|
|
46 |
|
|
|
47 |
// The form label creation function. Takes a non-array element form $data as its argument.
|
|
|
48 |
function form_label($text) {
|
|
|
49 |
echo <<<EOT
|
|
|
50 |
<tr>
|
|
|
51 |
<td class="tableh2" colspan="2">
|
|
|
52 |
<b>$text</b>
|
|
|
53 |
</td>
|
|
|
54 |
</tr>
|
|
|
55 |
|
|
|
56 |
EOT;
|
|
|
57 |
}
|
|
|
58 |
|
|
|
59 |
// The form statement creation function. Takes a non-array element form $data as its argument.
|
|
|
60 |
function form_statement($text) {
|
|
|
61 |
echo <<<EOT
|
|
|
62 |
<tr>
|
|
|
63 |
<td class="tableb" colspan="2">
|
|
|
64 |
$text
|
|
|
65 |
</td>
|
|
|
66 |
</tr>
|
|
|
67 |
|
|
|
68 |
EOT;
|
|
|
69 |
}
|
|
|
70 |
|
|
|
71 |
// The hidden form input function. Takes the hidden input field name and value.
|
|
|
72 |
function hidden_input($name, $value) {
|
|
|
73 |
echo " <input type=\"hidden\" name=\"$name\" value=\"$value\">\n";
|
|
|
74 |
}
|
|
|
75 |
|
|
|
76 |
// The text box form input function. Takes the text label for the box, the input name, the maximum length for text boxes,
|
|
|
77 |
// and the number of iterations.
|
|
|
78 |
function text_box_input($text, $name, $max_length, $iterations) {
|
|
|
79 |
|
|
|
80 |
global $CONFIG;
|
|
|
81 |
|
|
|
82 |
$ordinal = '';
|
|
|
83 |
|
|
|
84 |
if (($text == '') and ($iterations == '')) {
|
|
|
85 |
echo " <input type=\"hidden\" name=\"$name\" value=\"\">\n";
|
|
|
86 |
return;
|
|
|
87 |
}
|
|
|
88 |
|
|
|
89 |
// Begin loop
|
|
|
90 |
for ($counter=0; $counter<$iterations; $counter++) {
|
|
|
91 |
|
|
|
92 |
// Create a numbering system when necessary.
|
|
|
93 |
if ($text == '') {
|
|
|
94 |
$cardinal = $counter + 1;
|
|
|
95 |
$ordinal = "".$cardinal.". ";
|
|
|
96 |
}
|
|
|
97 |
|
|
|
98 |
// Create a text box.
|
|
|
99 |
echo <<<EOT
|
|
|
100 |
<tr>
|
|
|
101 |
<td width="40%" class="tableb">
|
|
|
102 |
$text $ordinal
|
|
|
103 |
</td>
|
|
|
104 |
<td width="60%" class="tableb" valign="top">
|
|
|
105 |
<input type="text" style="width: 100%" name="$name" maxlength="$max_length" value="" class="textinput">
|
|
|
106 |
</td>
|
|
|
107 |
</tr>
|
|
|
108 |
|
|
|
109 |
EOT;
|
|
|
110 |
}
|
|
|
111 |
}
|
|
|
112 |
|
|
|
113 |
// The file input function. Takes the label, field name, and number of iterations as arguments.
|
|
|
114 |
function file_input($text, $name, $iterations) {
|
|
|
115 |
|
|
|
116 |
$ordinal = '';
|
|
|
117 |
|
|
|
118 |
// Begin loop
|
|
|
119 |
for ($counter=0; $counter<$iterations; $counter++) {
|
|
|
120 |
|
|
|
121 |
// Create a numbering system when necessary.
|
|
|
122 |
if ($text == '') {
|
|
|
123 |
$cardinal = $counter + 1;
|
|
|
124 |
$ordinal = "".$cardinal.". ";
|
|
|
125 |
}
|
|
|
126 |
|
|
|
127 |
// Create the file input box.
|
|
|
128 |
echo <<<EOT
|
|
|
129 |
<tr>
|
|
|
130 |
<td class="tableb">
|
|
|
131 |
$text $ordinal
|
|
|
132 |
</td>
|
|
|
133 |
<td class="tableb" valign="top">
|
|
|
134 |
<input type="file" name="$name" size="40" class="listbox">
|
|
|
135 |
</td>
|
|
|
136 |
</tr>
|
|
|
137 |
|
|
|
138 |
EOT;
|
|
|
139 |
}
|
|
|
140 |
}
|
|
|
141 |
|
|
|
142 |
// The function for text areas on forms. Takes the label, field name, and maximum length as arguments.
|
|
|
143 |
function text_area_input($text, $name, $max_length) {
|
|
|
144 |
|
|
|
145 |
// Create the text area.
|
|
|
146 |
echo <<<EOT
|
|
|
147 |
<tr>
|
|
|
148 |
<td class="tableb" valign="top">
|
|
|
149 |
$text
|
|
|
150 |
</td>
|
|
|
151 |
<td class="tableb" valign="top">
|
|
|
152 |
<textarea name="$name" rows="5" cols="40" wrap="virtual" class="textinput" style="width: 100%;" onKeyDown="textCounter(this, $max_length);" onKeyUp="textCounter(this, $max_length);"></textarea>
|
|
|
153 |
</td>
|
|
|
154 |
</tr>
|
|
|
155 |
EOT;
|
|
|
156 |
}
|
|
|
157 |
|
|
|
158 |
// The function to create the album list drop down.
|
|
|
159 |
function form_alb_list_box($text, $name) {
|
|
|
160 |
//Vodovnik.com modified this code to allow display of Categories besides album names
|
|
|
161 |
|
|
|
162 |
// Pull the $CONFIG array and the GET array into the function.
|
|
|
163 |
global $CONFIG, $HTTP_GET_VARS;
|
|
|
164 |
|
|
|
165 |
// Also pull the album lists into the function.
|
|
|
166 |
global $user_albums_list, $public_albums_list;
|
|
|
167 |
|
|
|
168 |
// Check to see if an album has been preselected by URL addition. If so, make $sel_album the album number. Otherwise, make $sel_album 0.
|
|
|
169 |
$sel_album = isset($HTTP_GET_VARS['album']) ? $HTTP_GET_VARS['album'] : 0;
|
|
|
170 |
|
|
|
171 |
// Create the opening of the drop down box.
|
|
|
172 |
echo <<<EOT
|
|
|
173 |
<tr>
|
|
|
174 |
<td class="tableb">
|
|
|
175 |
$text
|
|
|
176 |
</td>
|
|
|
177 |
<td class="tableb" valign="top">
|
|
|
178 |
<select name="$name" class="listbox">
|
|
|
179 |
|
|
|
180 |
EOT;
|
|
|
181 |
|
|
|
182 |
//Cylce through the User albums.
|
|
|
183 |
foreach($user_albums_list as $album) {
|
|
|
184 |
|
|
|
185 |
// Set $album_id to the actual album ID.
|
|
|
186 |
$album_id = $album['aid'];
|
|
|
187 |
|
|
|
188 |
//Query the database to determine the category the album belongs to.
|
|
|
189 |
$vQuery = "SELECT category FROM " . $CONFIG['TABLE_ALBUMS'] . " WHERE aid='" . $album_id . "'";
|
|
|
190 |
$vRes = db_query($vQuery);
|
|
|
191 |
$vRes = mysql_fetch_array($vRes);
|
|
|
192 |
|
|
|
193 |
// Query the database to get the category name.
|
|
|
194 |
$vQuery = "SELECT name FROM " . $CONFIG['TABLE_CATEGORIES'] . " WHERE cid='" . $vRes['category'] . "'";
|
|
|
195 |
$vRes = db_query($vQuery);
|
|
|
196 |
$vRes = mysql_fetch_array($vRes);
|
|
|
197 |
|
|
|
198 |
// Create the option for the drop down list.
|
|
|
199 |
echo ' <option value="' . $album['aid'] . '"' . ($album['aid'] == $sel_album ? ' selected' : '') . '>' . (($vRes['name']) ? '(' . $vRes['name'] . ') ' : '') . $album['title'] . "</option>\n";
|
|
|
200 |
}
|
|
|
201 |
|
|
|
202 |
//Cycle through the public albums.
|
|
|
203 |
foreach($public_albums_list as $album) {
|
|
|
204 |
|
|
|
205 |
// Set $album_id to the actual album ID.
|
|
|
206 |
$album_id = $album['aid'];
|
|
|
207 |
|
|
|
208 |
//Query the database to determine the category the album belongs to.
|
|
|
209 |
$vQuery = "SELECT category FROM " . $CONFIG['TABLE_ALBUMS'] . " WHERE aid='" . $album_id . "'";
|
|
|
210 |
$vRes = db_query($vQuery);
|
|
|
211 |
$vRes = mysql_fetch_array($vRes);
|
|
|
212 |
|
|
|
213 |
// Query the database to get the category name.
|
|
|
214 |
$vQuery = "SELECT name FROM " . $CONFIG['TABLE_CATEGORIES'] . " WHERE cid='" . $vRes['category'] . "'";
|
|
|
215 |
$vRes = db_query($vQuery);
|
|
|
216 |
$vRes = mysql_fetch_array($vRes);
|
|
|
217 |
|
|
|
218 |
// Create the option for the drop down list.
|
|
|
219 |
echo ' <option value="' . $album['aid'] . '"' . ($album['aid'] == $sel_album ? ' selected' : '') . '>' . (($vRes['name']) ? '(' . $vRes['name'] . ') ' : '') . $album['title'] . "</option>\n";
|
|
|
220 |
}
|
|
|
221 |
|
|
|
222 |
// Close the drop down.
|
|
|
223 |
echo <<<EOT
|
|
|
224 |
</select>
|
|
|
225 |
</td>
|
|
|
226 |
</tr>
|
|
|
227 |
|
|
|
228 |
EOT;
|
|
|
229 |
}
|
|
|
230 |
|
|
|
231 |
// The create form function. Takes the $data array as its object.
|
|
|
232 |
//
|
|
|
233 |
// Type:
|
|
|
234 |
// 0 => text box input
|
|
|
235 |
// 1 => file input
|
|
|
236 |
// 2 => album list
|
|
|
237 |
// 3 => text area input
|
|
|
238 |
// 4 => hidden input
|
|
|
239 |
function create_form(&$data) {
|
|
|
240 |
|
|
|
241 |
global $CONFIG;
|
|
|
242 |
|
|
|
243 |
// Cycle through the elements in the data array.
|
|
|
244 |
foreach($data as $element) {
|
|
|
245 |
|
|
|
246 |
// If the element is another array, parse the definition contained within the array.
|
|
|
247 |
if ((is_array($element))) {
|
|
|
248 |
|
|
|
249 |
// Based on the type declared in the data array's third position, create a different form input.
|
|
|
250 |
switch ($element[2]) {
|
|
|
251 |
|
|
|
252 |
// If the type is a text box input
|
|
|
253 |
case 0 :
|
|
|
254 |
|
|
|
255 |
//Call the form input function.
|
|
|
256 |
text_box_input($element[0], $element[1], $element[3], $element[4]);
|
|
|
257 |
break;
|
|
|
258 |
|
|
|
259 |
// If the type is a file input.
|
|
|
260 |
case 1 :
|
|
|
261 |
|
|
|
262 |
// Call the file input function.
|
|
|
263 |
file_input($element[0], $element[1], $element[3]);
|
|
|
264 |
break;
|
|
|
265 |
|
|
|
266 |
// If the type is an album list dropdown.
|
|
|
267 |
case 2 :
|
|
|
268 |
|
|
|
269 |
// Call the album list function.
|
|
|
270 |
form_alb_list_box($element[0], $element[1]);
|
|
|
271 |
break;
|
|
|
272 |
|
|
|
273 |
// If the type is a text area
|
|
|
274 |
case 3 :
|
|
|
275 |
|
|
|
276 |
// Call the text area function.
|
|
|
277 |
text_area_input($element[0], $element[1], $element[3]);
|
|
|
278 |
break;
|
|
|
279 |
|
|
|
280 |
// If the type is a hidden form
|
|
|
281 |
case 4 :
|
|
|
282 |
|
|
|
283 |
// Call the hidden input funtion.
|
|
|
284 |
hidden_input($element[0], $element[1]);
|
|
|
285 |
break;
|
|
|
286 |
|
|
|
287 |
// If the type is not present, kill the script.
|
|
|
288 |
default:
|
|
|
289 |
cpg_die(ERROR, $lang_upload_php['reg_instr_1'], __FILE__, __LINE__);
|
|
|
290 |
} // switch
|
|
|
291 |
} else {
|
|
|
292 |
|
|
|
293 |
// If the element is not an array, it is a label, so call the label function.
|
|
|
294 |
form_label($element);
|
|
|
295 |
}
|
|
|
296 |
}
|
|
|
297 |
}
|
|
|
298 |
|
|
|
299 |
// The open_form function creates the Javascript verification code and the opening form tags.
|
|
|
300 |
// $path hold the form action path.
|
|
|
301 |
function open_form($path) {
|
|
|
302 |
|
|
|
303 |
echo <<<EOT
|
|
|
304 |
<script language="JavaScript">
|
|
|
305 |
function textCounter(field, maxlimit) {
|
|
|
306 |
if (field.value.length > maxlimit) // if too long...trim it!
|
|
|
307 |
field.value = field.value.substring(0, maxlimit);
|
|
|
308 |
}
|
|
|
309 |
</script>
|
|
|
310 |
<form method="post" action="$path" ENCTYPE="multipart/form-data">
|
|
|
311 |
</td>
|
|
|
312 |
EOT;
|
|
|
313 |
}
|
|
|
314 |
|
|
|
315 |
// The close form function creates the submit button and the closing tags.
|
|
|
316 |
function close_form($button_value) {
|
|
|
317 |
|
|
|
318 |
// Pull the language array into the function.
|
|
|
319 |
global $lang_upload_php;
|
|
|
320 |
|
|
|
321 |
// Create the submit button and close the form.
|
|
|
322 |
echo <<<EOT
|
|
|
323 |
<tr>
|
|
|
324 |
<td colspan="2" align="center" class="tablef">
|
|
|
325 |
<input type="submit" value="{$button_value}" class="button">
|
|
|
326 |
</td>
|
|
|
327 |
</form>
|
|
|
328 |
</tr>
|
|
|
329 |
|
|
|
330 |
EOT;
|
|
|
331 |
}
|
|
|
332 |
|
|
|
333 |
function form_instructions() {
|
|
|
334 |
|
|
|
335 |
global $CONFIG, $lang_upload_php, $user_form, $max_file_size;
|
|
|
336 |
|
|
|
337 |
echo "<tr><td colspan=\"2\">";
|
|
|
338 |
|
|
|
339 |
printf ($lang_upload_php['reg_instr_2'], $CONFIG['max_upl_size']);
|
|
|
340 |
|
|
|
341 |
if ($user_form > '3') {
|
|
|
342 |
|
|
|
343 |
echo "<br /><br />{$lang_upload_php['reg_instr_3']}";
|
|
|
344 |
|
|
|
345 |
}
|
|
|
346 |
|
|
|
347 |
if (($user_form == '2') or ($user_form == '3') or ($user_form == '5') or ($user_form == '6')) {
|
|
|
348 |
|
|
|
349 |
echo "<br /><br />{$lang_upload_php['reg_instr_4']}";
|
|
|
350 |
|
|
|
351 |
}
|
|
|
352 |
|
|
|
353 |
echo "<br /><br />{$lang_upload_php['reg_instr_5']}";
|
|
|
354 |
|
|
|
355 |
echo "</td></tr>";
|
|
|
356 |
|
|
|
357 |
}
|
|
|
358 |
|
|
|
359 |
|
|
|
360 |
// The get_and_convert_to_bytes function retrieves a limitng value from php.ini and converts the shorthand to bytes.
|
|
|
361 |
function get_and_convert_to_bytes ($ini_variable_name) {
|
|
|
362 |
|
|
|
363 |
// Get the variable from php.ini
|
|
|
364 |
$ini_string = ini_get($ini_variable_name);
|
|
|
365 |
|
|
|
366 |
// Declare an array to store regex matches in.
|
|
|
367 |
$parsed_ini_size = array();
|
|
|
368 |
|
|
|
369 |
// Make sure the returned value is a string, then split the number and the unit in two.
|
|
|
370 |
if ((is_string($ini_string)) and (eregi('^([[:digit:]])+([[:alpha:]])*$', $ini_string, $parsed_ini_size))) {
|
|
|
371 |
|
|
|
372 |
// Store the numerical component in $ini_limit cast as an integer
|
|
|
373 |
$ini_limit = (int) $parsed_ini_size[1];
|
|
|
374 |
|
|
|
375 |
// Convert the unit to lower case for analysis and store in $ini_limit_unit.
|
|
|
376 |
$ini_limit_unit = strtolower($parsed_ini_size[2]);
|
|
|
377 |
|
|
|
378 |
|
|
|
379 |
// Check the unit to see if any conversion is necessary.
|
|
|
380 |
if ($ini_limit_unit == 'm') {
|
|
|
381 |
|
|
|
382 |
// The units indicate megabytes. Shift to bytes.
|
|
|
383 |
$ini_limit = $ini_limit << 20;
|
|
|
384 |
|
|
|
385 |
} elseif ($ini_limit_unit == 'k') {
|
|
|
386 |
|
|
|
387 |
// The units indicate kilobytes. Shift to bytes.
|
|
|
388 |
$ini_limit = $ini_limit << 10;
|
|
|
389 |
}
|
|
|
390 |
|
|
|
391 |
// Return the modified value from php.ini
|
|
|
392 |
return $ini_limit;
|
|
|
393 |
|
|
|
394 |
} else {
|
|
|
395 |
|
|
|
396 |
// The returned value is not a string or no pattern match was found. Return false.
|
|
|
397 |
return false;
|
|
|
398 |
|
|
|
399 |
}
|
|
|
400 |
}
|
|
|
401 |
|
|
|
402 |
// The function spring_cleaning is a garbage collection routine used to purge a directory of old files.
|
|
|
403 |
function& spring_cleaning($directory_path, $cache_time = 86400, $exclusion_list = array('index.html')) {
|
|
|
404 |
|
|
|
405 |
//Storage the deleted files
|
|
|
406 |
$deleted_list = array();
|
|
|
407 |
|
|
|
408 |
//First we get the transitory directory handle.
|
|
|
409 |
$directory_handle = opendir($directory_path);
|
|
|
410 |
|
|
|
411 |
// Exit if the directory cannot be opened.
|
|
|
412 |
if(!$directory_handle) {
|
|
|
413 |
|
|
|
414 |
// Return.
|
|
|
415 |
return;
|
|
|
416 |
|
|
|
417 |
}
|
|
|
418 |
|
|
|
419 |
// Now let's read through the directory contents.
|
|
|
420 |
while (!(($file = readdir($directory_handle)) === false)) {
|
|
|
421 |
|
|
|
422 |
// Avoid deleting the index page of the directory.
|
|
|
423 |
if (in_array($file,$exclusion_list)) {
|
|
|
424 |
|
|
|
425 |
// This is the index file, so we move on.
|
|
|
426 |
continue;
|
|
|
427 |
|
|
|
428 |
}
|
|
|
429 |
|
|
|
430 |
$dir_path = $directory_path."/".$file;
|
|
|
431 |
|
|
|
432 |
if (is_dir($dir_path)) {
|
|
|
433 |
|
|
|
434 |
// This is a directory, so we move on.
|
|
|
435 |
continue;
|
|
|
436 |
|
|
|
437 |
}
|
|
|
438 |
|
|
|
439 |
// We find out when the file was last accessed.
|
|
|
440 |
$access_time = filemtime($dir_path); // fileatime() returned incorrect value on Windows
|
|
|
441 |
|
|
|
442 |
// We find out the current time.
|
|
|
443 |
$current_time = time();
|
|
|
444 |
|
|
|
445 |
// We calculate the the delete time. We will delete anything older than $cache_time.
|
|
|
446 |
$delete_time = $current_time - $access_time;
|
|
|
447 |
|
|
|
448 |
// Now we compare the two.
|
|
|
449 |
if ($delete_time >= $cache_time) {
|
|
|
450 |
|
|
|
451 |
// The file is old. We delete it.
|
|
|
452 |
$deleted_list[] = $dir_path; // Store the name of the file getting deleted
|
|
|
453 |
unlink($dir_path);
|
|
|
454 |
}
|
|
|
455 |
|
|
|
456 |
}
|
|
|
457 |
|
|
|
458 |
// Don't forget to close the directory.
|
|
|
459 |
closedir($directory_handle);
|
|
|
460 |
return $deleted_list;
|
|
|
461 |
}
|
|
|
462 |
|
|
|
463 |
// The create_record function. Takes the encoded string. Returns the unique record ID.
|
|
|
464 |
function create_record($encoded_string) {
|
|
|
465 |
|
|
|
466 |
// Globalize $CONFIG
|
|
|
467 |
global $CONFIG;
|
|
|
468 |
|
|
|
469 |
// Declare and initialize variables.
|
|
|
470 |
$unique_ID_array = array();
|
|
|
471 |
$generic_array = array();
|
|
|
472 |
|
|
|
473 |
// Get all IDs from the table.
|
|
|
474 |
$result = db_query("SELECT unique_ID FROM {$CONFIG['TABLE_TEMPDATA']}");
|
|
|
475 |
|
|
|
476 |
// Create unique ID array.
|
|
|
477 |
if (mysql_num_rows($result)) {
|
|
|
478 |
|
|
|
479 |
// Move all values into $unique_ID_array.
|
|
|
480 |
while ($generic_array = mysql_fetch_array($result)) {
|
|
|
481 |
|
|
|
482 |
// Store the values.
|
|
|
483 |
$unique_ID_array[] = $generic_array['unique_ID'];
|
|
|
484 |
|
|
|
485 |
}
|
|
|
486 |
|
|
|
487 |
} else {
|
|
|
488 |
|
|
|
489 |
// The table may be empty. Give it a value.
|
|
|
490 |
$unique_ID_array[] = 0;
|
|
|
491 |
|
|
|
492 |
}
|
|
|
493 |
|
|
|
494 |
// Free resources.
|
|
|
495 |
mysql_free_result($result);
|
|
|
496 |
|
|
|
497 |
// Generate the unique ID. Keep generating new IDs until one that is not in use is found.
|
|
|
498 |
do {
|
|
|
499 |
|
|
|
500 |
// Create a random string by taking the first 8 characters of an MD5 hash of a concatenation of the current UNIX epoch time and the current server process ID.
|
|
|
501 |
$unique_ID = substr(md5(microtime().getmypid()), 0, 8);
|
|
|
502 |
|
|
|
503 |
} while (in_array($unique_ID, $unique_ID_array));
|
|
|
504 |
|
|
|
505 |
// Create a timestamp to track the record.
|
|
|
506 |
$timestamp = time();
|
|
|
507 |
|
|
|
508 |
// Insert the new record.
|
|
|
509 |
$result = db_query("INSERT INTO {$CONFIG['TABLE_TEMPDATA']} VALUES ('$unique_ID', '$encoded_string', '$timestamp')");
|
|
|
510 |
|
|
|
511 |
// Return the unique ID if insertion was successful. Otherwise, return false.
|
|
|
512 |
if ($result) {
|
|
|
513 |
|
|
|
514 |
return $unique_ID;
|
|
|
515 |
|
|
|
516 |
} else {
|
|
|
517 |
|
|
|
518 |
return FALSE;
|
|
|
519 |
|
|
|
520 |
}
|
|
|
521 |
|
|
|
522 |
}
|
|
|
523 |
|
|
|
524 |
// The update_record function. Takes the $unique_ID and $encoded_string.
|
|
|
525 |
function update_record($unique_ID, $encoded_string) {
|
|
|
526 |
|
|
|
527 |
// Globalize $CONFIG
|
|
|
528 |
global $CONFIG;
|
|
|
529 |
|
|
|
530 |
// Update record.
|
|
|
531 |
$result = db_query("UPDATE {$CONFIG['TABLE_TEMPDATA']} SET encoded_string = '$encoded_string' WHERE unique_ID = '$unique_ID'");
|
|
|
532 |
|
|
|
533 |
// Return true if successful.
|
|
|
534 |
if ($result) {
|
|
|
535 |
|
|
|
536 |
return TRUE;
|
|
|
537 |
|
|
|
538 |
} else {
|
|
|
539 |
|
|
|
540 |
return FALSE;
|
|
|
541 |
|
|
|
542 |
}
|
|
|
543 |
|
|
|
544 |
}
|
|
|
545 |
|
|
|
546 |
// The delete_record function. Takes the $unique_ID.
|
|
|
547 |
function delete_record($unique_ID) {
|
|
|
548 |
|
|
|
549 |
// Globalize $CONFIG
|
|
|
550 |
global $CONFIG;
|
|
|
551 |
|
|
|
552 |
// Delete record.
|
|
|
553 |
$result = db_query("DELETE FROM {$CONFIG['TABLE_TEMPDATA']} WHERE unique_ID = '$unique_ID'");
|
|
|
554 |
|
|
|
555 |
// Return true if successful.
|
|
|
556 |
if ($result) {
|
|
|
557 |
|
|
|
558 |
return TRUE;
|
|
|
559 |
|
|
|
560 |
} else {
|
|
|
561 |
|
|
|
562 |
return FALSE;
|
|
|
563 |
|
|
|
564 |
}
|
|
|
565 |
|
|
|
566 |
}
|
|
|
567 |
|
|
|
568 |
// The retrieve_record function. Takes the $unique_ID.
|
|
|
569 |
function retrieve_record($unique_ID) {
|
|
|
570 |
|
|
|
571 |
// Globalize $CONFIG
|
|
|
572 |
global $CONFIG;
|
|
|
573 |
|
|
|
574 |
// Retrieve record.
|
|
|
575 |
$result = db_query("SELECT encoded_string FROM {$CONFIG['TABLE_TEMPDATA']} WHERE unique_ID = '$unique_ID'");
|
|
|
576 |
|
|
|
577 |
// Return string if successful.
|
|
|
578 |
if (mysql_num_rows($result)) {
|
|
|
579 |
|
|
|
580 |
// Move value into $encoded_string.
|
|
|
581 |
while ($generic_array = mysql_fetch_array($result)) {
|
|
|
582 |
|
|
|
583 |
// Store the value.
|
|
|
584 |
$encoded_string = $generic_array['encoded_string'];
|
|
|
585 |
|
|
|
586 |
}
|
|
|
587 |
|
|
|
588 |
// Free resources.
|
|
|
589 |
mysql_free_result($result);
|
|
|
590 |
|
|
|
591 |
return $encoded_string;
|
|
|
592 |
|
|
|
593 |
} else {
|
|
|
594 |
|
|
|
595 |
// Free resources.
|
|
|
596 |
mysql_free_result($result);
|
|
|
597 |
|
|
|
598 |
return FALSE;
|
|
|
599 |
|
|
|
600 |
}
|
|
|
601 |
|
|
|
602 |
}
|
|
|
603 |
|
|
|
604 |
// The clean_table function.
|
|
|
605 |
function clean_table() {
|
|
|
606 |
|
|
|
607 |
// Globalize $CONFIG
|
|
|
608 |
global $CONFIG;
|
|
|
609 |
|
|
|
610 |
// Create a timestamp from an hour ago.
|
|
|
611 |
$comparative_timestamp = time() - 3600;
|
|
|
612 |
|
|
|
613 |
// Delete record.
|
|
|
614 |
$result = db_query("DELETE FROM {$CONFIG['TABLE_TEMPDATA']} WHERE timestamp < $comparative_timestamp");
|
|
|
615 |
|
|
|
616 |
// Return true if successful.
|
|
|
617 |
if ($result) {
|
|
|
618 |
|
|
|
619 |
return TRUE;
|
|
|
620 |
|
|
|
621 |
} else {
|
|
|
622 |
|
|
|
623 |
return FALSE;
|
|
|
624 |
|
|
|
625 |
}
|
|
|
626 |
|
|
|
627 |
}
|
|
|
628 |
|
|
|
629 |
//The function check_status determines the status of a URI resource.
|
|
|
630 |
//It takes the URI as its argument and serves to give more specific error
|
|
|
631 |
//messages about unavailable resources.
|
|
|
632 |
function check_status($URI) {
|
|
|
633 |
|
|
|
634 |
// Parse the URI into it's requisite parts.
|
|
|
635 |
$parts = @parse_url($URI);
|
|
|
636 |
|
|
|
637 |
// If there is no detectable host, return FALSE.
|
|
|
638 |
if (empty($parts["host"])) {
|
|
|
639 |
|
|
|
640 |
return FALSE;
|
|
|
641 |
|
|
|
642 |
} else {
|
|
|
643 |
|
|
|
644 |
$host = $parts["host"];
|
|
|
645 |
|
|
|
646 |
}
|
|
|
647 |
|
|
|
648 |
// If a path is detected, make it $path. Otherwise, assume it is a directory.
|
|
|
649 |
if (!empty($parts["path"])) {
|
|
|
650 |
|
|
|
651 |
$path = $parts["path"];
|
|
|
652 |
|
|
|
653 |
} else {
|
|
|
654 |
|
|
|
655 |
$path = "/";
|
|
|
656 |
|
|
|
657 |
}
|
|
|
658 |
|
|
|
659 |
// Append any queries that might be attached.
|
|
|
660 |
if (!empty($parts["query"])) {
|
|
|
661 |
|
|
|
662 |
$path .= "?" . $parts["query"];
|
|
|
663 |
|
|
|
664 |
}
|
|
|
665 |
|
|
|
666 |
// Set the port if supplied. Default to port 80.
|
|
|
667 |
if (!empty($parts["port"])) {
|
|
|
668 |
|
|
|
669 |
$port = $parts["port"];
|
|
|
670 |
|
|
|
671 |
} else {
|
|
|
672 |
|
|
|
673 |
$port = "80";
|
|
|
674 |
|
|
|
675 |
}
|
|
|
676 |
|
|
|
677 |
// Attempt to open a socket to the host.
|
|
|
678 |
$socket = @fsockopen( $host, $port, $errno, $errstr, 30 );
|
|
|
679 |
|
|
|
680 |
// Verify that the socket opened. Return false if it fails.
|
|
|
681 |
if (!$socket) {
|
|
|
682 |
|
|
|
683 |
return FALSE;
|
|
|
684 |
|
|
|
685 |
} else {
|
|
|
686 |
|
|
|
687 |
// Craft HTTP request.
|
|
|
688 |
$request = "HEAD $path HTTP/1.0\r\nUser-Agent: PHP/".phpversion()."\r\nHost: $host\r\nAccept: */*\r\n\r\n";
|
|
|
689 |
|
|
|
690 |
// Get request length.
|
|
|
691 |
$length = strlen($request);
|
|
|
692 |
|
|
|
693 |
// Send request data to host. Return false if there is an error.
|
|
|
694 |
if(!(fwrite($socket, $request, $length))) {
|
|
|
695 |
|
|
|
696 |
return FALSE;
|
|
|
697 |
|
|
|
698 |
}
|
|
|
699 |
|
|
|
700 |
// Collect the host's response.
|
|
|
701 |
$response = fgets($socket, 22);
|
|
|
702 |
|
|
|
703 |
// Close the socket.
|
|
|
704 |
fclose($socket);
|
|
|
705 |
|
|
|
706 |
// Return the response.
|
|
|
707 |
return $response;
|
|
|
708 |
|
|
|
709 |
}
|
|
|
710 |
|
|
|
711 |
}
|
|
|
712 |
//################################# MAIN CODE BLOCK ##################################################
|
|
|
713 |
|
|
|
714 |
// Check to see if user customizations are allowed and if one the request has been made yet.
|
|
|
715 |
|
|
|
716 |
if ((CUSTOMIZE_UPLOAD_FORM) and (!isset($_REQUEST['file_upload_request'])) and (!isset($_REQUEST['URI_upload_request'])) and (!isset($_POST['control']))) {
|
|
|
717 |
|
|
|
718 |
// Check to see if the form type is configurable. If it is, produce the configuration form. Otherwise, generate a warning.
|
|
|
719 |
|
|
|
720 |
if(!(USER_UPLOAD_FORM == 0) and !(USER_UPLOAD_FORM == 7)) {
|
|
|
721 |
|
|
|
722 |
// Create the box request page.
|
|
|
723 |
pageheader($lang_upload_php['custom_title']);
|
|
|
724 |
starttable("100%", $lang_upload_php['custom_title'], 2);
|
|
|
725 |
echo "<tr><td colspan=\"2\">";
|
|
|
726 |
echo "{$lang_upload_php['cust_instr_1']}<br /><br />";
|
|
|
727 |
|
|
|
728 |
$data = array();
|
|
|
729 |
$data[] = $lang_upload_php['cust_instr_2'];
|
|
|
730 |
|
|
|
731 |
// If the file upload type is only file uploads or is a dual mode, ask for the requisite number of file upload boxes.
|
|
|
732 |
if ((USER_UPLOAD_FORM == '1') or (USER_UPLOAD_FORM == '3') or (USER_UPLOAD_FORM == '4') or (USER_UPLOAD_FORM == '6')) {
|
|
|
733 |
|
|
|
734 |
// Add the file upload array element to the form array.
|
|
|
735 |
$data[] = array($lang_upload_php['cust_instr_6'],'file_upload_request', '0', '4', '1');
|
|
|
736 |
|
|
|
737 |
// Print number of allowed file upload boxes.
|
|
|
738 |
printf ($lang_upload_php['cust_instr_3'], $allowed_file_boxes);
|
|
|
739 |
|
|
|
740 |
echo "<br /><br />";
|
|
|
741 |
|
|
|
742 |
}
|
|
|
743 |
|
|
|
744 |
// If the file upload type is only URI uploads or is a dual mode, ask for the requisite number of URI upload boxes.
|
|
|
745 |
if ((USER_UPLOAD_FORM == '2') or (USER_UPLOAD_FORM == '3') or (USER_UPLOAD_FORM == '5') or (USER_UPLOAD_FORM == '6')) {
|
|
|
746 |
|
|
|
747 |
// Add the URI upload array element to the form array.
|
|
|
748 |
$data[] = array($lang_upload_php['cust_instr_5'], 'URI_upload_request', '0', '4', '1');
|
|
|
749 |
|
|
|
750 |
// Print number of allowed URI upload boxes.
|
|
|
751 |
printf ($lang_upload_php['cust_instr_4'], $allowed_URI_boxes);
|
|
|
752 |
|
|
|
753 |
echo "<br /><br />";
|
|
|
754 |
|
|
|
755 |
}
|
|
|
756 |
|
|
|
757 |
echo "{$lang_upload_php['cust_instr_7']}<br /><br />";
|
|
|
758 |
echo "</td></tr>";
|
|
|
759 |
open_form($_SERVER['PHP_SELF']);
|
|
|
760 |
create_form($data);
|
|
|
761 |
close_form($lang_continue);
|
|
|
762 |
endtable();
|
|
|
763 |
pagefooter();
|
|
|
764 |
|
|
|
765 |
// Exit the script.
|
|
|
766 |
exit;
|
|
|
767 |
|
|
|
768 |
} else {
|
|
|
769 |
|
|
|
770 |
//Use the default settings for the number of boxes.
|
|
|
771 |
|
|
|
772 |
$num_URI_boxes = NUM_URI_BOXES;
|
|
|
773 |
$num_file_boxes = NUM_FILE_BOXES;
|
|
|
774 |
|
|
|
775 |
}
|
|
|
776 |
|
|
|
777 |
} elseif (CUSTOMIZE_UPLOAD_FORM) {
|
|
|
778 |
|
|
|
779 |
// If the user is allowed to customize the form, check the incoming data for the number of requested boxes.
|
|
|
780 |
|
|
|
781 |
//Check for the number of file upload boxes.
|
|
|
782 |
|
|
|
783 |
if (isset($_REQUEST['file_upload_request'])) {
|
|
|
784 |
|
|
|
785 |
// Do some validation.
|
|
|
786 |
$filtered_request = max(0, intval($_REQUEST['file_upload_request']));
|
|
|
787 |
|
|
|
788 |
if ($filtered_request > NUM_FILE_BOXES) {
|
|
|
789 |
$num_file_boxes = NUM_FILE_BOXES;
|
|
|
790 |
} else {
|
|
|
791 |
$num_file_boxes = $filtered_request;
|
|
|
792 |
}
|
|
|
793 |
|
|
|
794 |
}
|
|
|
795 |
|
|
|
796 |
//Check for the number of requested URI upload boxes.
|
|
|
797 |
|
|
|
798 |
if (isset($_REQUEST['URI_upload_request'])) {
|
|
|
799 |
|
|
|
800 |
// Do some validation.
|
|
|
801 |
$filtered_request = max(0, intval($_REQUEST['URI_upload_request']));
|
|
|
802 |
|
|
|
803 |
if ($filtered_request > NUM_URI_BOXES) {
|
|
|
804 |
$num_URI_boxes = NUM_URI_BOXES;
|
|
|
805 |
} else {
|
|
|
806 |
$num_URI_boxes = $filtered_request;
|
|
|
807 |
}
|
|
|
808 |
|
|
|
809 |
}
|
|
|
810 |
|
|
|
811 |
} else {
|
|
|
812 |
|
|
|
813 |
//Use the default settings for the number of boxes.
|
|
|
814 |
|
|
|
815 |
$num_URI_boxes = NUM_URI_BOXES;
|
|
|
816 |
$num_file_boxes = NUM_FILE_BOXES;
|
|
|
817 |
|
|
|
818 |
}
|
|
|
819 |
|
|
|
820 |
// Get public and private albums, and set maximum individual file size.
|
|
|
821 |
|
|
|
822 |
if (GALLERY_ADMIN_MODE) {
|
|
|
823 |
$public_albums = db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " ORDER BY title");
|
|
|
824 |
} else {
|
|
|
825 |
$public_albums = db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " AND uploads='YES' ORDER BY title");
|
|
|
826 |
}
|
|
|
827 |
if (mysql_num_rows($public_albums)) {
|
|
|
828 |
$public_albums_list = db_fetch_rowset($public_albums);
|
|
|
829 |
} else {
|
|
|
830 |
$public_albums_list = array();
|
|
|
831 |
}
|
|
|
832 |
|
|
|
833 |
if (USER_ID) {
|
|
|
834 |
$user_albums = db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY title");
|
|
|
835 |
if (mysql_num_rows($user_albums)) {
|
|
|
836 |
$user_albums_list = db_fetch_rowset($user_albums);
|
|
|
837 |
} else {
|
|
|
838 |
$user_albums_list = array();
|
|
|
839 |
}
|
|
|
840 |
} else {
|
|
|
841 |
$user_albums_list = array();
|
|
|
842 |
}
|
|
|
843 |
|
|
|
844 |
if (!count($public_albums_list) && !count($user_albums_list)) {
|
|
|
845 |
cpg_die (ERROR, $lang_upload_php['err_no_alb_uploadables'], __FILE__, __LINE__);
|
|
|
846 |
}
|
|
|
847 |
|
|
|
848 |
// Assign maximum file size for browser crontrols.
|
|
|
849 |
$max_file_size = $CONFIG['max_upl_size'] << 10;
|
|
|
850 |
|
|
|
851 |
// Create the upload forms using the upload congfiguration.
|
|
|
852 |
|
|
|
853 |
if (!isset($_REQUEST['control'])) {
|
|
|
854 |
|
|
|
855 |
// Do some cleanup in the edit directory.
|
|
|
856 |
spring_cleaning("./{$CONFIG['fullpath']}edit",3600);
|
|
|
857 |
|
|
|
858 |
// Do some cleaning in the temp data table.
|
|
|
859 |
clean_table();
|
|
|
860 |
|
|
|
861 |
// Create upload form headers.
|
|
|
862 |
pageheader($lang_upload_php['title']);
|
|
|
863 |
|
|
|
864 |
// Open the form table.
|
|
|
865 |
starttable("100%", $lang_upload_php['title'], 2);
|
|
|
866 |
|
|
|
867 |
// Select the form action.
|
|
|
868 |
if (USER_UPLOAD_FORM == '0') {
|
|
|
869 |
|
|
|
870 |
// The user has the single upload only form. Send the request to db_input.php.
|
|
|
871 |
open_form('db_input.php');
|
|
|
872 |
|
|
|
873 |
} else {
|
|
|
874 |
|
|
|
875 |
// Direct the request to this script and print the form instructions.
|
|
|
876 |
open_form($_SERVER['PHP_SELF']);
|
|
|
877 |
form_instructions();
|
|
|
878 |
|
|
|
879 |
}
|
|
|
880 |
|
|
|
881 |
// Use a if-then-else construct to create the upload form for the user based on the setting in the
|
|
|
882 |
// groups panel.
|
|
|
883 |
if(USER_UPLOAD_FORM == '0') {
|
|
|
884 |
|
|
|
885 |
// The user should have the 'single upload only' form.
|
|
|
886 |
|
|
|
887 |
// Declare an array containing the various upload form box definitions.
|
|
|
888 |
$captionLabel = $lang_upload_php['description'];
|
|
|
889 |
if ($CONFIG['show_bbcode_help']) {$captionLabel .= '<hr />'.$lang_bbcode_help;}
|
|
|
890 |
$form_array = array(
|
|
|
891 |
sprintf($lang_upload_php['max_fsize'], $CONFIG['max_upl_size']),
|
|
|
892 |
array($lang_upload_php['album'], 'album', 2),
|
|
|
893 |
array('MAX_FILE_SIZE', $max_file_size, 4),
|
|
|
894 |
array($lang_upload_php['picture'], 'userpicture', 1, 1),
|
|
|
895 |
array($lang_upload_php['pic_title'], 'title', 0, 255, 1),
|
|
|
896 |
array($captionLabel, 'caption', 3, $CONFIG['max_img_desc_length']),
|
|
|
897 |
array($lang_upload_php['keywords'], 'keywords', 0, 255, 1),
|
|
|
898 |
array('event', 'picture', 4)
|
|
|
899 |
);
|
|
|
900 |
|
|
|
901 |
if(!empty($CONFIG['user_field1_name'])) {
|
|
|
902 |
$form_array[] = array($CONFIG['user_field1_name'], 'user1', 0, 255, 1);
|
|
|
903 |
}
|
|
|
904 |
|
|
|
905 |
if(!empty($CONFIG['user_field2_name'])) {
|
|
|
906 |
$form_array[] = array($CONFIG['user_field2_name'], 'user2', 0, 255, 1);
|
|
|
907 |
}
|
|
|
908 |
|
|
|
909 |
if(!empty($CONFIG['user_field3_name'])) {
|
|
|
910 |
$form_array[] = array($CONFIG['user_field3_name'], 'user3', 0, 255, 1);
|
|
|
911 |
}
|
|
|
912 |
|
|
|
913 |
if(!empty($CONFIG['user_field4_name'])) {
|
|
|
914 |
$form_array[] = array($CONFIG['user_field4_name'], 'user4', 0, 255, 1);
|
|
|
915 |
}
|
|
|
916 |
|
|
|
917 |
} else {
|
|
|
918 |
|
|
|
919 |
// Check for valid form number.
|
|
|
920 |
if ((USER_UPLOAD_FORM >= '0') and (USER_UPLOAD_FORM <= '7')) {
|
|
|
921 |
|
|
|
922 |
// Create form array, and insert MAX_FILE_SIZE control.
|
|
|
923 |
$form_array[] = array('MAX_FILE_SIZE', $max_file_size);
|
|
|
924 |
|
|
|
925 |
// Add each upload type depending on the form number,
|
|
|
926 |
if((USER_UPLOAD_FORM == '1') or (USER_UPLOAD_FORM == '3') or (USER_UPLOAD_FORM == '4') or (USER_UPLOAD_FORM == '6')) {
|
|
|
927 |
|
|
|
928 |
if($num_file_boxes > 0) {
|
|
|
929 |
|
|
|
930 |
$form_array[] = $lang_upload_php['reg_instr_7'];
|
|
|
931 |
|
|
|
932 |
$form_array[] = array('', 'file_upload_array[]', 1, $num_file_boxes);
|
|
|
933 |
|
|
|
934 |
}
|
|
|
935 |
|
|
|
936 |
}
|
|
|
937 |
|
|
|
938 |
if((USER_UPLOAD_FORM == '2') or (USER_UPLOAD_FORM == '3') or (USER_UPLOAD_FORM == '5') or (USER_UPLOAD_FORM == '6')) {
|
|
|
939 |
|
|
|
940 |
if($num_URI_boxes > 0) {
|
|
|
941 |
|
|
|
942 |
$form_array[] = $lang_upload_php['reg_instr_8'];
|
|
|
943 |
|
|
|
944 |
$form_array[] = array('', 'URI_array[]', 0, 256, $num_URI_boxes);
|
|
|
945 |
|
|
|
946 |
}
|
|
|
947 |
|
|
|
948 |
}
|
|
|
949 |
|
|
|
950 |
if((USER_UPLOAD_FORM == '4') or (USER_UPLOAD_FORM == '5') or (USER_UPLOAD_FORM == '6') or (USER_UPLOAD_FORM == '7')) {
|
|
|
951 |
|
|
|
952 |
$form_array[] = $lang_upload_php['reg_instr_6'];
|
|
|
953 |
$form_array[] = array('', 'ZIP_array[]', 1, 1);
|
|
|
954 |
|
|
|
955 |
}
|
|
|
956 |
|
|
|
957 |
// Add the control device.
|
|
|
958 |
$form_array[] = array('control', 'phase_1', 4);
|
|
|
959 |
|
|
|
960 |
} else {
|
|
|
961 |
|
|
|
962 |
// Unknown form number.
|
|
|
963 |
cpg_die(ERROR, $lang_upload_php['reg_instr_1'], __FILE__, __LINE__);
|
|
|
964 |
|
|
|
965 |
}
|
|
|
966 |
|
|
|
967 |
}
|
|
|
968 |
|
|
|
969 |
// Create the form.
|
|
|
970 |
create_form($form_array);
|
|
|
971 |
|
|
|
972 |
// Close the form.
|
|
|
973 |
if (USER_UPLOAD_FORM == '0') {
|
|
|
974 |
|
|
|
975 |
// The user has the single upload only form. Select proper language for button.
|
|
|
976 |
close_form($lang_upload_php['title']);
|
|
|
977 |
|
|
|
978 |
} else {
|
|
|
979 |
|
|
|
980 |
// Make button say 'Continue.'
|
|
|
981 |
close_form($lang_continue);
|
|
|
982 |
|
|
|
983 |
}
|
|
|
984 |
|
|
|
985 |
// Close the table, create footers, and flush the output buffer.
|
|
|
986 |
|
|
|
987 |
endtable();
|
|
|
988 |
pagefooter();
|
|
|
989 |
ob_end_flush();
|
|
|
990 |
|
|
|
991 |
// Exit the script.
|
|
|
992 |
|
|
|
993 |
exit;
|
|
|
994 |
|
|
|
995 |
}
|
|
|
996 |
|
|
|
997 |
// Recieve incoming file uploads for phase I.
|
|
|
998 |
|
|
|
999 |
if ((isset($_POST['control'])) and ($_POST['control'] == 'phase_1')) {
|
|
|
1000 |
|
|
|
1001 |
// $_FILES['file_upload_array']['name'][$counter]
|
|
|
1002 |
// $_FILES['file_upload_array']['size'][$counter]
|
|
|
1003 |
// $_FILES['file_upload_array']['tmp_name'][$counter]
|
|
|
1004 |
// $_FILES['file_upload_array']['type'][$counter]
|
|
|
1005 |
// $_FILES['file_upload_array']['error'][$counter]
|
|
|
1006 |
//
|
|
|
1007 |
// Error values:
|
|
|
1008 |
// 0 - No error
|
|
|
1009 |
// 1 - Exceeded filesize allowed in php.ini
|
|
|
1010 |
// 2 - Exceeded filesize allowed by HTML MAX_FILE_SIZE
|
|
|
1011 |
// 3 - Only a partial upload
|
|
|
1012 |
// 4 - No upload occurred.
|
|
|
1013 |
|
|
|
1014 |
$file_upload_count = count($_FILES['file_upload_array']['name']);
|
|
|
1015 |
|
|
|
1016 |
if ($file_upload_count > 0) {
|
|
|
1017 |
|
|
|
1018 |
|
|
|
1019 |
// Check for error code support. Set the error code.
|
|
|
1020 |
|
|
|
1021 |
if (count($_FILES['file_upload_array']['error']) == 0) {
|
|
|
1022 |
|
|
|
1023 |
// This version of PHP does not support error codes (PHP < 4.2.0). Create our own error code.
|
|
|
1024 |
|
|
|
1025 |
$error_code = 'default';
|
|
|
1026 |
|
|
|
1027 |
} else {
|
|
|
1028 |
|
|
|
1029 |
// We have error support.
|
|
|
1030 |
$error_support = 'TRUE';
|
|
|
1031 |
|
|
|
1032 |
}
|
|
|
1033 |
|
|
|
1034 |
for ($counter = 0; $counter < $file_upload_count; $counter++) {
|
|
|
1035 |
|
|
|
1036 |
// Check for error code support. Set the error code.
|
|
|
1037 |
|
|
|
1038 |
if ($error_support) {
|
|
|
1039 |
|
|
|
1040 |
$error_code = $_FILES['file_upload_array']['error'][$counter];
|
|
|
1041 |
|
|
|
1042 |
}
|
|
|
1043 |
|
|
|
1044 |
// Create the failure ordinal for ordering the report of failed uploads.
|
|
|
1045 |
|
|
|
1046 |
$failure_cardinal = $counter + 1;
|
|
|
1047 |
|
|
|
1048 |
$failure_ordinal = ''.$failure_cardinal.'. ';
|
|
|
1049 |
|
|
|
1050 |
// If there is no file name, make a dummy name for the error reporting system.
|
|
|
1051 |
|
|
|
1052 |
if (($_FILES['file_upload_array']['name'][$counter] == '')) {
|
|
|
1053 |
|
|
|
1054 |
$file_name = 'filename_unavailable';
|
|
|
1055 |
|
|
|
1056 |
} else {
|
|
|
1057 |
|
|
|
1058 |
$file_name = $_FILES['file_upload_array']['name'][$counter];
|
|
|
1059 |
|
|
|
1060 |
}
|
|
|
1061 |
|
|
|
1062 |
// Test for a blank file upload box.
|
|
|
1063 |
if (empty($_FILES['file_upload_array']['tmp_name'][$counter])) {
|
|
|
1064 |
|
|
|
1065 |
// There is no need for further tests or action as there was no uploaded file, so skip the remainder of the iteration.
|
|
|
1066 |
continue;
|
|
|
1067 |
|
|
|
1068 |
}
|
|
|
1069 |
|
|
|
1070 |
// Check to make sure the file was uploaded via POST.
|
|
|
1071 |
|
|
|
1072 |
if (!is_uploaded_file($_FILES['file_upload_array']['tmp_name'][$counter])) {
|
|
|
1073 |
|
|
|
1074 |
// We reject the file, and make a note of the error.
|
|
|
1075 |
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['no_post']);
|
|
|
1076 |
|
|
|
1077 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1078 |
continue;
|
|
|
1079 |
}
|
|
|
1080 |
|
|
|
1081 |
// Check filename and extension:
|
|
|
1082 |
|
|
|
1083 |
// Check that the file uploaded has a valid name and extension, and replace forbidden chars with underscores.
|
|
|
1084 |
|
|
|
1085 |
// Initialise the $matches array.
|
|
|
1086 |
$matches = array();
|
|
|
1087 |
|
|
|
1088 |
// Get the forbidden characters from the Config console string, and do any necessary translation. Return the translated string.
|
|
|
1089 |
$forbidden_chars = strtr($CONFIG['forbiden_fname_char'], array('&' => '&', '"' => '"', '<' => '<', '>' => '>'));
|
|
|
1090 |
|
|
|
1091 |
// If magic quotes is on, remove the slashes it added to the file name.
|
|
|
1092 |
if (get_magic_quotes_gpc()) $_FILES['file_upload_array']['name'][$counter] = stripslashes($_FILES['file_upload_array']['name'][$counter]);
|
|
|
1093 |
|
|
|
1094 |
// Create the holder $picture_name by translating the file name. Translate any forbidden character into an underscore.
|
|
|
1095 |
$picture_name = strtr($_FILES['file_upload_array']['name'][$counter], $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char'])));
|
|
|
1096 |
|
|
|
1097 |
// Analyze the file extension using regular expressions.
|
|
|
1098 |
if (!preg_match("/(.+)\.(.*?)\Z/", $picture_name, $matches)) {
|
|
|
1099 |
|
|
|
1100 |
// The file name is invalid.
|
|
|
1101 |
$matches[1] = 'invalid_fname';
|
|
|
1102 |
|
|
|
1103 |
// Make a bogus file extension to trigger Coppermine's defenses.
|
|
|
1104 |
$matches[2] = 'xxx';
|
|
|
1105 |
}
|
|
|
1106 |
|
|
|
1107 |
// If there is no extension, or if the extension is unknown/not permitted by Coppermine, zap the intruder.
|
|
|
1108 |
if ($matches[2] == '' || !is_known_filetype($matches)) {
|
|
|
1109 |
|
|
|
1110 |
// We reject the file, and make a note of the error.
|
|
|
1111 |
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['forb_ext']);
|
|
|
1112 |
|
|
|
1113 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1114 |
continue;
|
|
|
1115 |
|
|
|
1116 |
}
|
|
|
1117 |
|
|
|
1118 |
// Check for upload errors.
|
|
|
1119 |
|
|
|
1120 |
if (!($error_code == '0') and !($error_code == 'default')) {
|
|
|
1121 |
|
|
|
1122 |
// PHP has detected a file upload error.
|
|
|
1123 |
if ($error_code == '1') {
|
|
|
1124 |
$error_message = $lang_upload_php['exc_php_ini'];
|
|
|
1125 |
} elseif ($error_code == '2') {
|
|
|
1126 |
$error_message = $lang_upload_php['exc_file_size'];
|
|
|
1127 |
} elseif ($error_code == '3') {
|
|
|
1128 |
$error_message = $lang_upload_php['partial_upload'];
|
|
|
1129 |
} elseif ($error_code == '4') {
|
|
|
1130 |
$error_message = $lang_upload_php['no_upload'];
|
|
|
1131 |
} else {
|
|
|
1132 |
$error_message = $lang_upload_php['unknown_code'];
|
|
|
1133 |
}
|
|
|
1134 |
|
|
|
1135 |
//Make a note in the error array.
|
|
|
1136 |
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$error_message);
|
|
|
1137 |
|
|
|
1138 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1139 |
continue;
|
|
|
1140 |
|
|
|
1141 |
} elseif ($_FILES['file_upload_array']['tmp_name'][$counter] == '') {
|
|
|
1142 |
|
|
|
1143 |
// There is no temporary file, so the file did not upload. Make a note of it in the file_failure_arrray and flip the failure switch to generate the ordinal. .
|
|
|
1144 |
|
|
|
1145 |
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['no_temp_name']);
|
|
|
1146 |
|
|
|
1147 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1148 |
continue;
|
|
|
1149 |
|
|
|
1150 |
} elseif ($_FILES['file_upload_array']['size'][$counter] <= 0) {
|
|
|
1151 |
|
|
|
1152 |
// The file contains no data or was corrupted. Make a note of it in the error array.
|
|
|
1153 |
|
|
|
1154 |
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['no_file_size']);
|
|
|
1155 |
|
|
|
1156 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1157 |
continue;
|
|
|
1158 |
|
|
|
1159 |
} elseif ($_FILES['file_upload_array']['size'][$counter] > $max_file_size) {
|
|
|
1160 |
|
|
|
1161 |
// The file exceeds the amount specified by the max upload directive. Either the browser is stupid, or somebody isn't playing nice. (Ancient browser - MAX_UPLOAD forgery)
|
|
|
1162 |
|
|
|
1163 |
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['exc_file_size']);
|
|
|
1164 |
|
|
|
1165 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1166 |
continue;
|
|
|
1167 |
|
|
|
1168 |
}
|
|
|
1169 |
|
|
|
1170 |
// Now we need to move the file into the /edit directory.
|
|
|
1171 |
|
|
|
1172 |
// We need specify the path for the transitory file.
|
|
|
1173 |
|
|
|
1174 |
// Create a prefix for easier human recognition.
|
|
|
1175 |
$prefix = "mHTTP_temp_";
|
|
|
1176 |
|
|
|
1177 |
//Set the correct file extension.
|
|
|
1178 |
|
|
|
1179 |
$suffix = $matches[2];
|
|
|
1180 |
|
|
|
1181 |
// Generate the unique name. Keep generating new names until one that is not in use is found.
|
|
|
1182 |
|
|
|
1183 |
do {
|
|
|
1184 |
|
|
|
1185 |
// Create a random seed by taking the first 8 characters of an MD5 hash of a concatenation of the current UNIX epoch time and the current server process ID.
|
|
|
1186 |
$seed = substr(md5(microtime().getmypid()), 0, 8);
|
|
|
1187 |
|
|
|
1188 |
// Assemble the file path.
|
|
|
1189 |
$path_to_image = "./{$CONFIG['fullpath']}edit/". $prefix . $seed . '.' . $suffix;
|
|
|
1190 |
|
|
|
1191 |
} while (file_exists($path_to_image));
|
|
|
1192 |
|
|
|
1193 |
// Create a holder called $tempname.
|
|
|
1194 |
$tempname = $prefix . $seed . '.' . $suffix;
|
|
|
1195 |
|
|
|
1196 |
//Now we upload the file.
|
|
|
1197 |
if (!(move_uploaded_file($_FILES['file_upload_array']['tmp_name'][$counter], $path_to_image))) {
|
|
|
1198 |
|
|
|
1199 |
// The file upload has failed.
|
|
|
1200 |
|
|
|
1201 |
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['impossible']);
|
|
|
1202 |
|
|
|
1203 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1204 |
continue;
|
|
|
1205 |
|
|
|
1206 |
}
|
|
|
1207 |
|
|
|
1208 |
// Change file permission
|
|
|
1209 |
chmod($path_to_image, octdec($CONFIG['default_file_mode']));
|
|
|
1210 |
|
|
|
1211 |
// Create a testing alias.
|
|
|
1212 |
$picture_alias = $matches[1].".".$matches[2];
|
|
|
1213 |
|
|
|
1214 |
// Check to see if the filename is consistent with that of a picture.
|
|
|
1215 |
if (is_image($picture_alias)) {
|
|
|
1216 |
|
|
|
1217 |
// If it is, get the picture information
|
|
|
1218 |
$imginfo = getimagesize($path_to_image);
|
|
|
1219 |
|
|
|
1220 |
// If getimagesize does not recognize the file as a picture, delete the picture.
|
|
|
1221 |
if ($imginfo === 'FALSE') {
|
|
|
1222 |
@unlink($path_to_image);
|
|
|
1223 |
|
|
|
1224 |
// The file upload has failed -- the image is not an image or it is corrupt.
|
|
|
1225 |
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['not_image']);
|
|
|
1226 |
|
|
|
1227 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1228 |
continue;
|
|
|
1229 |
|
|
|
1230 |
// JPEG and PNG only are allowed with GD. If the image is not allowed for GD,delete it.
|
|
|
1231 |
} elseif ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) {
|
|
|
1232 |
@unlink($path_to_image);
|
|
|
1233 |
|
|
|
1234 |
// The file upload has failed -- the image is not allowed with GD.
|
|
|
1235 |
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['not_GD']);
|
|
|
1236 |
|
|
|
1237 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1238 |
continue;
|
|
|
1239 |
|
|
|
1240 |
// Check that picture size (in pixels) is lower than the maximum allowed. If not, delete it.
|
|
|
1241 |
} elseif (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) {
|
|
|
1242 |
@unlink($path_to_image);
|
|
|
1243 |
|
|
|
1244 |
// The file upload has failed -- the image dimensions exceed the allowed amount.
|
|
|
1245 |
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['pixel_allowance']);
|
|
|
1246 |
|
|
|
1247 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1248 |
continue;
|
|
|
1249 |
}
|
|
|
1250 |
|
|
|
1251 |
// Image is ok
|
|
|
1252 |
}
|
|
|
1253 |
|
|
|
1254 |
// Put array info for a successful upload in $escrow_array. Hold the actual file name and the name of the temporary image. We do not use the path for security reasons.
|
|
|
1255 |
$escrow_array[] = array('actual_name'=>$picture_alias, 'temporary_name'=>$tempname);
|
|
|
1256 |
|
|
|
1257 |
} // end for loop
|
|
|
1258 |
} // end if statement
|
|
|
1259 |
|
|
|
1260 |
// Count the number of items in the URI array.
|
|
|
1261 |
$URI_upload_count = count($_POST['URI_array']);
|
|
|
1262 |
|
|
|
1263 |
if ($URI_upload_count > 0) {
|
|
|
1264 |
|
|
|
1265 |
for ($counter = 0; $counter < $URI_upload_count; $counter++) {
|
|
|
1266 |
|
|
|
1267 |
// Create the failure ordinal for ordering the report of failed uploads.
|
|
|
1268 |
|
|
|
1269 |
$failure_cardinal = $counter + 1;
|
|
|
1270 |
|
|
|
1271 |
$failure_ordinal = ''.$failure_cardinal.'. ';
|
|
|
1272 |
|
|
|
1273 |
// Initialize the $URI_MIME_type variable.
|
|
|
1274 |
$URI_MIME_type = "0";
|
|
|
1275 |
|
|
|
1276 |
// Check to make sure the URI box was not blank.
|
|
|
1277 |
if (empty($_POST['URI_array'][$counter])) {
|
|
|
1278 |
|
|
|
1279 |
// The box was empty.
|
|
|
1280 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1281 |
continue;
|
|
|
1282 |
|
|
|
1283 |
}
|
|
|
1284 |
|
|
|
1285 |
// Check for magic quotes and remove slashes if necessary.
|
|
|
1286 |
if (get_magic_quotes_gpc()) {
|
|
|
1287 |
|
|
|
1288 |
$_POST['URI_array'][$counter] = stripslashes($_POST['URI_array'][$counter]);
|
|
|
1289 |
|
|
|
1290 |
}
|
|
|
1291 |
|
|
|
1292 |
// Remove excess whitespace.
|
|
|
1293 |
$_POST['URI_array'][$counter] = trim($_POST['URI_array'][$counter]);
|
|
|
1294 |
|
|
|
1295 |
// Translate any interior spaces into hex replacements.
|
|
|
1296 |
$_POST['URI_array'][$counter] = strtr($_POST['URI_array'][$counter], array(" "=>"%20"));
|
|
|
1297 |
|
|
|
1298 |
// We do some validation for the URI. First we check for http:// or ftp:// at the start of the URI.
|
|
|
1299 |
if(!ereg('^http://|^ftp://',$_POST['URI_array'][$counter])) {
|
|
|
1300 |
|
|
|
1301 |
// The URL is malformed or not allowed in Coppermine. Note an error.
|
|
|
1302 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['incorrect_prefix']);
|
|
|
1303 |
|
|
|
1304 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1305 |
continue;
|
|
|
1306 |
|
|
|
1307 |
}
|
|
|
1308 |
|
|
|
1309 |
// To obtain the file name, we explode the URI into $pieces.
|
|
|
1310 |
$pieces = explode('/',$_POST['URI_array'][$counter]);
|
|
|
1311 |
|
|
|
1312 |
// We pop off the end of the $pieces array to obtain the possible file name.
|
|
|
1313 |
$possible_file_name = array_pop($pieces);
|
|
|
1314 |
|
|
|
1315 |
// Strip the hex equivalent for spaces from the possible file name and restore the spaces.
|
|
|
1316 |
$possible_file_name = strtr($possible_file_name, array("%20"=>" "));
|
|
|
1317 |
|
|
|
1318 |
// Check possible filename and extension:
|
|
|
1319 |
|
|
|
1320 |
// Check that the possible file name has a valid name and extension, and replace forbidden chars with underscores.
|
|
|
1321 |
|
|
|
1322 |
// Initialise the $matches array.
|
|
|
1323 |
$matches = array();
|
|
|
1324 |
|
|
|
1325 |
// Get the forbidden characters from the Config console string, and do any necessary translation. Return the translated string.
|
|
|
1326 |
$forbidden_chars = strtr($CONFIG['forbiden_fname_char'], array('&' => '&', '"' => '"', '<' => '<', '>' => '>'));
|
|
|
1327 |
|
|
|
1328 |
// Create the holder $picture_name by translating the possible file name. Translate any forbidden character into an underscore.
|
|
|
1329 |
$picture_name = strtr($possible_file_name, $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char'])));
|
|
|
1330 |
|
|
|
1331 |
// Analyze the file extension using regular expressions.
|
|
|
1332 |
if (!preg_match("/(.+)\.(.*?)\Z/", $picture_name, $matches)) {
|
|
|
1333 |
|
|
|
1334 |
// The file name is invalid.
|
|
|
1335 |
$matches[1] = 'invalid_fname';
|
|
|
1336 |
|
|
|
1337 |
// Make a bogus file extension to tell Coppermine to use a different name.
|
|
|
1338 |
$matches[2] = 'xxx';
|
|
|
1339 |
}
|
|
|
1340 |
|
|
|
1341 |
// Set the variable $extension equal to $matches[2].
|
|
|
1342 |
$extension = $matches[2];
|
|
|
1343 |
|
|
|
1344 |
// If there is no extension, or if the extension is unknown/not permitted by Coppermine, attenpt to detect a MIME type.
|
|
|
1345 |
if ($matches[2] == '' || !is_known_filetype($matches)) {
|
|
|
1346 |
|
|
|
1347 |
// Check for stream_get_meta_data support.
|
|
|
1348 |
if (!function_exists(stream_get_meta_data)) {
|
|
|
1349 |
|
|
|
1350 |
// We cannot get the header information for the file, so we reject the URI as unsafe.
|
|
|
1351 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['unsafe_URI']);
|
|
|
1352 |
|
|
|
1353 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1354 |
continue;
|
|
|
1355 |
|
|
|
1356 |
}
|
|
|
1357 |
|
|
|
1358 |
// Open a stream to the resource.
|
|
|
1359 |
$fp = fopen($_POST['URI_array'][$counter],"rb");
|
|
|
1360 |
|
|
|
1361 |
// Check to see if the resource was opened.
|
|
|
1362 |
if (!$fp) {
|
|
|
1363 |
|
|
|
1364 |
// Attempt to get the status of the resource.
|
|
|
1365 |
$response = check_status($_POST['URI_array'][$counter]);
|
|
|
1366 |
|
|
|
1367 |
// Try to parse header if we were able to get a response.
|
|
|
1368 |
if ($response) {
|
|
|
1369 |
|
|
|
1370 |
if(strstr($response, '401')) {
|
|
|
1371 |
|
|
|
1372 |
// 401 Unauthorized - Authorization needed to obtain resource. Note an error.
|
|
|
1373 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_401']);
|
|
|
1374 |
|
|
|
1375 |
} elseif(strstr($response, '402')) {
|
|
|
1376 |
|
|
|
1377 |
// 402 Payment Required - Where's the cash? :-) Note an error.
|
|
|
1378 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_402']);
|
|
|
1379 |
|
|
|
1380 |
} elseif(strstr($response, '403')) {
|
|
|
1381 |
|
|
|
1382 |
// 403 Forbidden - No permission to access the resource. Note an error.
|
|
|
1383 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_403']);
|
|
|
1384 |
|
|
|
1385 |
} elseif(strstr($response, '404')) {
|
|
|
1386 |
|
|
|
1387 |
// 404 Not Found - The resource is missing. Note an error.
|
|
|
1388 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_404']);
|
|
|
1389 |
|
|
|
1390 |
} elseif(strstr($response, '500')) {
|
|
|
1391 |
|
|
|
1392 |
// 500 Internal Server Error - The server has failed. Note an error.
|
|
|
1393 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_500']);
|
|
|
1394 |
|
|
|
1395 |
} elseif(strstr($response, '503')) {
|
|
|
1396 |
|
|
|
1397 |
// 503 Service Unavailable - The server is busy. Note an error.
|
|
|
1398 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_503']);
|
|
|
1399 |
|
|
|
1400 |
} else {
|
|
|
1401 |
|
|
|
1402 |
// Undocumented error. Note an error. Return status code.
|
|
|
1403 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$response);
|
|
|
1404 |
|
|
|
1405 |
}
|
|
|
1406 |
|
|
|
1407 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1408 |
continue;
|
|
|
1409 |
|
|
|
1410 |
} else {
|
|
|
1411 |
|
|
|
1412 |
|
|
|
1413 |
// The resource could not be opened.
|
|
|
1414 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['could_not_open_URI']);
|
|
|
1415 |
|
|
|
1416 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1417 |
continue;
|
|
|
1418 |
|
|
|
1419 |
}
|
|
|
1420 |
|
|
|
1421 |
} else {
|
|
|
1422 |
|
|
|
1423 |
$header = stream_get_meta_data($fp);
|
|
|
1424 |
|
|
|
1425 |
if($header === 'FALSE') {
|
|
|
1426 |
|
|
|
1427 |
// We could not get the meta data from the header. We must reject the URI as unsafe.
|
|
|
1428 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['meta_data_failure']);
|
|
|
1429 |
|
|
|
1430 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1431 |
continue;
|
|
|
1432 |
|
|
|
1433 |
}
|
|
|
1434 |
|
|
|
1435 |
//Look for server response. Proceed if status code 200 is returned.
|
|
|
1436 |
if(!(strstr($header['wrapper_data'][0], '200'))) {
|
|
|
1437 |
|
|
|
1438 |
// The resource is not available. Attempt to determine why, and
|
|
|
1439 |
// generate the appropriate error.
|
|
|
1440 |
|
|
|
1441 |
if(strstr($header['wrapper_data'][0], '401')) {
|
|
|
1442 |
|
|
|
1443 |
// 401 Unauthorized - Authorization needed to obtain resource. Note an error.
|
|
|
1444 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_401']);
|
|
|
1445 |
|
|
|
1446 |
} elseif(strstr($header['wrapper_data'][0], '402')) {
|
|
|
1447 |
|
|
|
1448 |
// 402 Payment Required - Where's the cash? :-) Note an error.
|
|
|
1449 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_402']);
|
|
|
1450 |
|
|
|
1451 |
} elseif(strstr($header['wrapper_data'][0], '403')) {
|
|
|
1452 |
|
|
|
1453 |
// 403 Forbidden - No permission to access the resource. Note an error.
|
|
|
1454 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_403']);
|
|
|
1455 |
|
|
|
1456 |
} elseif(strstr($header['wrapper_data'][0], '404')) {
|
|
|
1457 |
|
|
|
1458 |
// 404 Not Found - The resource is missing. Note an error.
|
|
|
1459 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_404']);
|
|
|
1460 |
|
|
|
1461 |
} elseif(strstr($header['wrapper_data'][0], '500')) {
|
|
|
1462 |
|
|
|
1463 |
// 500 Internal Server Error - The server has failed. Note an error.
|
|
|
1464 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_500']);
|
|
|
1465 |
|
|
|
1466 |
} elseif(strstr($header['wrapper_data'][0], '503')) {
|
|
|
1467 |
|
|
|
1468 |
// 503 Service Unavailable - The server is busy. Note an error.
|
|
|
1469 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_503']);
|
|
|
1470 |
|
|
|
1471 |
} else {
|
|
|
1472 |
|
|
|
1473 |
// Undocumented error. Note an error. Return status code.
|
|
|
1474 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$header['wrapper_data'][0]);
|
|
|
1475 |
|
|
|
1476 |
}
|
|
|
1477 |
|
|
|
1478 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1479 |
continue;
|
|
|
1480 |
|
|
|
1481 |
}
|
|
|
1482 |
|
|
|
1483 |
// Cycle through returned HTTP header. Look for the MIME type, which we will use to create a proper file extension.
|
|
|
1484 |
|
|
|
1485 |
if (count($header['wrapper_data']) < 2) {
|
|
|
1486 |
|
|
|
1487 |
// We could not get the meta data from the header. We must reject the URI as unsafe.
|
|
|
1488 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['meta_data_failure']);
|
|
|
1489 |
|
|
|
1490 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1491 |
continue;
|
|
|
1492 |
|
|
|
1493 |
} else {
|
|
|
1494 |
|
|
|
1495 |
// Now we loop through each item returned in the wrapper data.
|
|
|
1496 |
for ($i=1; isset($header['wrapper_data'][$i]); $i++) {
|
|
|
1497 |
|
|
|
1498 |
// We test each array element to see if it contains the content-type header.
|
|
|
1499 |
if (strstr(strtolower($header['wrapper_data'][$i]), 'content-type')) {
|
|
|
1500 |
|
|
|
1501 |
// If we find it, we have found the MIME type. Use regular expressions to extract it.
|
|
|
1502 |
if(!(eregi('^content-type: ([[:graph:]]+)', $header['wrapper_data'][$i], $MIME_extraction_array))) {
|
|
|
1503 |
|
|
|
1504 |
// We could not find a MIME type. Note an error and reject the URI as unsafe.
|
|
|
1505 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['MIME_extraction_failure']);
|
|
|
1506 |
|
|
|
1507 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1508 |
continue 2;
|
|
|
1509 |
|
|
|
1510 |
} else {
|
|
|
1511 |
|
|
|
1512 |
// We have found the MIME type, which we will store in $URI_MIME_type.
|
|
|
1513 |
$URI_MIME_type = $MIME_extraction_array[1];
|
|
|
1514 |
}
|
|
|
1515 |
|
|
|
1516 |
// While we are at it, let's see if we can get a content length from the server.
|
|
|
1517 |
} elseif (strstr(strtolower($header['wrapper_data'][$i]), 'content-length')) {
|
|
|
1518 |
|
|
|
1519 |
// We have found the Content-Length header. Use regular expressions to extract it.
|
|
|
1520 |
if(eregi('^content-length: ([[:digit:]]+)', $header['wrapper_data'][$i], $length_extraction_array)) {
|
|
|
1521 |
|
|
|
1522 |
// The content length should be available in bytes. Cross compare with the maximum file size allowed in an upload.
|
|
|
1523 |
// Reject the file with an error if it is too large.
|
|
|
1524 |
if ($length_extraction_array[1] > $max_file_size) {
|
|
|
1525 |
|
|
|
1526 |
// The content is too large. Reject it with an error.
|
|
|
1527 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['exc_file_size']);
|
|
|
1528 |
|
|
|
1529 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1530 |
continue 2;
|
|
|
1531 |
|
|
|
1532 |
}
|
|
|
1533 |
|
|
|
1534 |
}
|
|
|
1535 |
|
|
|
1536 |
}
|
|
|
1537 |
|
|
|
1538 |
}
|
|
|
1539 |
|
|
|
1540 |
}
|
|
|
1541 |
|
|
|
1542 |
// Close the file pointer if we were able to open it.
|
|
|
1543 |
fclose($fp);
|
|
|
1544 |
|
|
|
1545 |
}
|
|
|
1546 |
|
|
|
1547 |
}
|
|
|
1548 |
|
|
|
1549 |
// Check to see if MIME type was detected.
|
|
|
1550 |
if($URI_MIME_type) {
|
|
|
1551 |
|
|
|
1552 |
// A mime type was detected. Determine the appropriate file extension for the MIME type.
|
|
|
1553 |
// We will hard code the most common GD compatible image MIME types to reduce calls to the DB.
|
|
|
1554 |
if(($URI_MIME_type == 'image/jpeg') or ($URI_MIME_type == 'image/jpg')) {
|
|
|
1555 |
|
|
|
1556 |
//The file will need a .jpg extension.
|
|
|
1557 |
$extension = 'jpg';
|
|
|
1558 |
|
|
|
1559 |
} elseif ($URI_MIME_type == 'image/png') {
|
|
|
1560 |
|
|
|
1561 |
//The file will need a .png extension.
|
|
|
1562 |
$extension = 'png';
|
|
|
1563 |
|
|
|
1564 |
} elseif ($URI_MIME_type == 'image/gif') {
|
|
|
1565 |
|
|
|
1566 |
//The file will need a .gif extension.
|
|
|
1567 |
$extension = 'gif';
|
|
|
1568 |
|
|
|
1569 |
} else {
|
|
|
1570 |
// We will try to get the extension from the database.
|
|
|
1571 |
$MIME_result = db_query("SELECT extension FROM {$CONFIG['TABLE_FILETYPES']} WHERE mime='$URI_MIME_type'");
|
|
|
1572 |
|
|
|
1573 |
// Check to see if any results were returned.
|
|
|
1574 |
if (!mysql_num_rows($MIME_result)) {
|
|
|
1575 |
|
|
|
1576 |
// No results, so free up the resources.
|
|
|
1577 |
mysql_free_result($MIME_result);
|
|
|
1578 |
|
|
|
1579 |
// We cannot determine an extension from the MIME type provided, so note an error. Reject the file as unsafe.
|
|
|
1580 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['MIME_type_unknown']);
|
|
|
1581 |
|
|
|
1582 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1583 |
continue;
|
|
|
1584 |
|
|
|
1585 |
} else {
|
|
|
1586 |
|
|
|
1587 |
// The was a result. Fetch it.
|
|
|
1588 |
$extension_data = mysql_fetch_array($MIME_result);
|
|
|
1589 |
|
|
|
1590 |
// Release the resources.
|
|
|
1591 |
mysql_free_result($MIME_result);
|
|
|
1592 |
|
|
|
1593 |
// Store the extension in $extension.
|
|
|
1594 |
$extension = $extension_data['extension'];
|
|
|
1595 |
}
|
|
|
1596 |
|
|
|
1597 |
}
|
|
|
1598 |
|
|
|
1599 |
}
|
|
|
1600 |
|
|
|
1601 |
//Now we must create the temporary file name. This will be the permanent file name if MIME type detection was used to establish the extension.
|
|
|
1602 |
|
|
|
1603 |
// First, we create a prefix for easier human recognition.
|
|
|
1604 |
$prefix = "mURI_temp_";
|
|
|
1605 |
|
|
|
1606 |
//Set the correct file extension.
|
|
|
1607 |
|
|
|
1608 |
$suffix = $extension;
|
|
|
1609 |
|
|
|
1610 |
// Generate the unique name. Keep generating new names until one that is not in use is found.
|
|
|
1611 |
|
|
|
1612 |
do {
|
|
|
1613 |
|
|
|
1614 |
// Create a random seed by taking the first 8 characters of an MD5 hash of a concatenation of the current UNIX epoch time and the current server process ID.
|
|
|
1615 |
$seed = substr(md5(microtime().getmypid()), 0, 8);
|
|
|
1616 |
|
|
|
1617 |
// Assemble the file path.
|
|
|
1618 |
$path_to_image = "./{$CONFIG['fullpath']}/edit/". $prefix . $seed . '.' . $suffix;
|
|
|
1619 |
|
|
|
1620 |
} while (file_exists($path_to_image));
|
|
|
1621 |
|
|
|
1622 |
// Create a holder called $tempname.
|
|
|
1623 |
$tempname = $prefix . $seed . '.' . $suffix;
|
|
|
1624 |
|
|
|
1625 |
// The file name $path_to_image has been created. We must prepare to download the resource. First, we will attemt to detect the status code for the resource.
|
|
|
1626 |
|
|
|
1627 |
// Open a stream to the resource.
|
|
|
1628 |
$fp = fopen($_POST['URI_array'][$counter],"rb");
|
|
|
1629 |
|
|
|
1630 |
// Check to see if the resource was opened.
|
|
|
1631 |
if (!$fp) {
|
|
|
1632 |
|
|
|
1633 |
// Attempt to get the status of the resource.
|
|
|
1634 |
$response = check_status($_POST['URI_array'][$counter]);
|
|
|
1635 |
|
|
|
1636 |
// Try to parse header if we were able to get a response.
|
|
|
1637 |
if ($response) {
|
|
|
1638 |
|
|
|
1639 |
if(strstr($response, '401')) {
|
|
|
1640 |
|
|
|
1641 |
// 401 Unauthorized - Authorization needed to obtain resource. Note an error.
|
|
|
1642 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_401']);
|
|
|
1643 |
|
|
|
1644 |
} elseif(strstr($response, '402')) {
|
|
|
1645 |
|
|
|
1646 |
// 402 Payment Required - Where's the cash? :-) Note an error.
|
|
|
1647 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_402']);
|
|
|
1648 |
|
|
|
1649 |
} elseif(strstr($response, '403')) {
|
|
|
1650 |
|
|
|
1651 |
// 403 Forbidden - No permission to access the resource. Note an error.
|
|
|
1652 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_403']);
|
|
|
1653 |
|
|
|
1654 |
} elseif(strstr($response, '404')) {
|
|
|
1655 |
|
|
|
1656 |
// 404 Not Found - The resource is missing. Note an error.
|
|
|
1657 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_404']);
|
|
|
1658 |
|
|
|
1659 |
} elseif(strstr($response, '500')) {
|
|
|
1660 |
|
|
|
1661 |
// 500 Internal Server Error - The server has failed. Note an error.
|
|
|
1662 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_500']);
|
|
|
1663 |
|
|
|
1664 |
} elseif(strstr($response, '503')) {
|
|
|
1665 |
|
|
|
1666 |
// 503 Service Unavailable - The server is busy. Note an error.
|
|
|
1667 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_503']);
|
|
|
1668 |
|
|
|
1669 |
} else {
|
|
|
1670 |
|
|
|
1671 |
// Undocumented error. Note an error. Return status code.
|
|
|
1672 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$response);
|
|
|
1673 |
|
|
|
1674 |
}
|
|
|
1675 |
|
|
|
1676 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1677 |
continue;
|
|
|
1678 |
|
|
|
1679 |
} else {
|
|
|
1680 |
|
|
|
1681 |
|
|
|
1682 |
// The resource could not be opened.
|
|
|
1683 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['could_not_open_URI']);
|
|
|
1684 |
|
|
|
1685 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1686 |
continue;
|
|
|
1687 |
|
|
|
1688 |
}
|
|
|
1689 |
|
|
|
1690 |
} else {
|
|
|
1691 |
|
|
|
1692 |
// Obtain header info if possible.
|
|
|
1693 |
if (function_exists(stream_get_meta_data)) {
|
|
|
1694 |
|
|
|
1695 |
// Store header data in $header.
|
|
|
1696 |
$header = stream_get_meta_data($fp);
|
|
|
1697 |
|
|
|
1698 |
// If data was returned, test it.
|
|
|
1699 |
if($header) {
|
|
|
1700 |
|
|
|
1701 |
//Look for server response. Proceed if status code 200 is returned.
|
|
|
1702 |
if(!(strstr($header['wrapper_data'][0], '200'))) {
|
|
|
1703 |
|
|
|
1704 |
// The resource is not available. Attempt to determine why, and
|
|
|
1705 |
// generate the appropriate error.
|
|
|
1706 |
|
|
|
1707 |
if(strstr($header['wrapper_data'][0], '401')) {
|
|
|
1708 |
|
|
|
1709 |
// 401 Unauthorized - Authorization needed to obtain resource. Note an error.
|
|
|
1710 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_401']);
|
|
|
1711 |
|
|
|
1712 |
} elseif(strstr($header['wrapper_data'][0], '402')) {
|
|
|
1713 |
|
|
|
1714 |
// 402 Payment Required - Where's the cash? :-) Note an error.
|
|
|
1715 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_402']);
|
|
|
1716 |
|
|
|
1717 |
} elseif(strstr($header['wrapper_data'][0], '403')) {
|
|
|
1718 |
|
|
|
1719 |
// 403 Forbidden - No permission to access the resource. Note an error.
|
|
|
1720 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_403']);
|
|
|
1721 |
|
|
|
1722 |
} elseif(strstr($header['wrapper_data'][0], '404')) {
|
|
|
1723 |
|
|
|
1724 |
// 404 Not Found - The resource is missing. Note an error.
|
|
|
1725 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_404']);
|
|
|
1726 |
|
|
|
1727 |
} elseif(strstr($header['wrapper_data'][0], '500')) {
|
|
|
1728 |
|
|
|
1729 |
// 500 Internal Server Error - The server has failed. Note an error.
|
|
|
1730 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_500']);
|
|
|
1731 |
|
|
|
1732 |
} elseif(strstr($header['wrapper_data'][0], '503')) {
|
|
|
1733 |
|
|
|
1734 |
// 503 Service Unavailable - The server is busy. Note an error.
|
|
|
1735 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_503']);
|
|
|
1736 |
|
|
|
1737 |
} else {
|
|
|
1738 |
|
|
|
1739 |
// Undocumented error. Note an error. Return status code.
|
|
|
1740 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$header['wrapper_data'][0]);
|
|
|
1741 |
|
|
|
1742 |
}
|
|
|
1743 |
|
|
|
1744 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1745 |
continue;
|
|
|
1746 |
|
|
|
1747 |
}
|
|
|
1748 |
|
|
|
1749 |
// Cycle through returned HTTP header.
|
|
|
1750 |
if (count($header['wrapper_data']) > 1) {
|
|
|
1751 |
|
|
|
1752 |
// Now we loop through each item returned in the wrapper data.
|
|
|
1753 |
for ($i=1; isset($header['wrapper_data'][$i]); $i++) {
|
|
|
1754 |
|
|
|
1755 |
// Let's see if we can get a content length from the server.
|
|
|
1756 |
if (strstr(strtolower($header['wrapper_data'][$i]), 'content-length')) {
|
|
|
1757 |
|
|
|
1758 |
// We have found the Content-Length header. Use regular expressions to extract it.
|
|
|
1759 |
if(eregi('^content-length: ([[:digit:]]+)', $header['wrapper_data'][$i], $length_extraction_array)) {
|
|
|
1760 |
|
|
|
1761 |
// The content length should be available in bytes. Cross compare with the maximum file size allowed in an upload.
|
|
|
1762 |
// Reject the file with an error if it is too large.
|
|
|
1763 |
if ($length_extraction_array[1] > $max_file_size) {
|
|
|
1764 |
|
|
|
1765 |
// The content is too large. Reject it with an error.
|
|
|
1766 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['exc_file_size']);
|
|
|
1767 |
|
|
|
1768 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1769 |
continue 2;
|
|
|
1770 |
|
|
|
1771 |
}
|
|
|
1772 |
|
|
|
1773 |
}
|
|
|
1774 |
|
|
|
1775 |
}
|
|
|
1776 |
|
|
|
1777 |
}
|
|
|
1778 |
|
|
|
1779 |
}
|
|
|
1780 |
|
|
|
1781 |
}
|
|
|
1782 |
|
|
|
1783 |
}
|
|
|
1784 |
|
|
|
1785 |
// Cannot get headers from meta data, or we have completed the metadata check and have found a 200 status code and appropriate content length.
|
|
|
1786 |
|
|
|
1787 |
// Now we must create a file to write the data to.
|
|
|
1788 |
touch($path_to_image);
|
|
|
1789 |
|
|
|
1790 |
// Conduct tests on write file.
|
|
|
1791 |
if (!is_file($path_to_image)) {
|
|
|
1792 |
|
|
|
1793 |
// The file was not created. Note an error.
|
|
|
1794 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['cant_create_write']);
|
|
|
1795 |
|
|
|
1796 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1797 |
continue;
|
|
|
1798 |
|
|
|
1799 |
// Check for writability,
|
|
|
1800 |
} elseif (!is_writable($path_to_image)) {
|
|
|
1801 |
|
|
|
1802 |
// The file is not writeable. Note an error.
|
|
|
1803 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['not_writable']);
|
|
|
1804 |
|
|
|
1805 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1806 |
continue;
|
|
|
1807 |
|
|
|
1808 |
} else {
|
|
|
1809 |
|
|
|
1810 |
// Initialize the $content variable.
|
|
|
1811 |
$content = '';
|
|
|
1812 |
|
|
|
1813 |
// The write file has been created and is writeable. Let's get the content from the URI.
|
|
|
1814 |
while (!feof($fp)) {
|
|
|
1815 |
|
|
|
1816 |
// Read the data into $content in 8KB chunks.
|
|
|
1817 |
$content .= fread($fp,8192);
|
|
|
1818 |
|
|
|
1819 |
}
|
|
|
1820 |
|
|
|
1821 |
// Close the file pointer now that we are done reading it.
|
|
|
1822 |
fclose($fp);
|
|
|
1823 |
|
|
|
1824 |
// Open the temp file for writing.
|
|
|
1825 |
$fpw = fopen($path_to_image, "wb");
|
|
|
1826 |
|
|
|
1827 |
// Verify the file has opened.
|
|
|
1828 |
if (!$fpw) {
|
|
|
1829 |
|
|
|
1830 |
// The file did not open. Make a note of the error.
|
|
|
1831 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['cant_open_write_file']);
|
|
|
1832 |
|
|
|
1833 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1834 |
continue;
|
|
|
1835 |
|
|
|
1836 |
}
|
|
|
1837 |
|
|
|
1838 |
// Write the data to the file.
|
|
|
1839 |
if (fwrite($fpw, $content, strlen($content)) === 'FALSE') {
|
|
|
1840 |
|
|
|
1841 |
// We could not write the data to the file. Note an error.
|
|
|
1842 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['cant_write_write_file']);
|
|
|
1843 |
|
|
|
1844 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1845 |
continue;
|
|
|
1846 |
|
|
|
1847 |
}
|
|
|
1848 |
|
|
|
1849 |
// The file now resides on the server. Let's close the write file.
|
|
|
1850 |
fclose($fpw);
|
|
|
1851 |
|
|
|
1852 |
}
|
|
|
1853 |
|
|
|
1854 |
}
|
|
|
1855 |
|
|
|
1856 |
// The file is located at $path_to_image. We now need to continue with on server testing.
|
|
|
1857 |
|
|
|
1858 |
// Change file permission
|
|
|
1859 |
chmod($path_to_image, octdec($CONFIG['default_file_mode']));
|
|
|
1860 |
|
|
|
1861 |
// Create a testing alias. Use the temp name if a MIME type eas discovered.
|
|
|
1862 |
if ($URI_MIME_type) {
|
|
|
1863 |
|
|
|
1864 |
// The MIME type eas detected, so we use the temp name.
|
|
|
1865 |
$picture_alias = $tempname;
|
|
|
1866 |
|
|
|
1867 |
} else {
|
|
|
1868 |
|
|
|
1869 |
$picture_alias = $matches[1].".".$matches[2];
|
|
|
1870 |
|
|
|
1871 |
}
|
|
|
1872 |
|
|
|
1873 |
// Test file size. Delete if too large.
|
|
|
1874 |
if (filesize($path_to_image) > $max_file_size) {
|
|
|
1875 |
|
|
|
1876 |
// The file size is too large, delete it.
|
|
|
1877 |
@unlink($uploaded_pic);
|
|
|
1878 |
|
|
|
1879 |
// The file upload has failed -- the file is too large. make a note of the error.
|
|
|
1880 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['exc_file_size']);
|
|
|
1881 |
|
|
|
1882 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1883 |
continue;
|
|
|
1884 |
}
|
|
|
1885 |
|
|
|
1886 |
// Check to see if the filename is consistent with that of a picture.
|
|
|
1887 |
if (is_image($picture_alias)) {
|
|
|
1888 |
|
|
|
1889 |
// If it is, get the picture information
|
|
|
1890 |
$imginfo = getimagesize($path_to_image);
|
|
|
1891 |
|
|
|
1892 |
// If getimagesize does not recognize the file as a picture, delete the picture.
|
|
|
1893 |
if ($imginfo === 'FALSE') {
|
|
|
1894 |
@unlink($path_to_image);
|
|
|
1895 |
|
|
|
1896 |
// The file upload has failed -- the image is not an image or it is corrupt.
|
|
|
1897 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['not_image']);
|
|
|
1898 |
|
|
|
1899 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1900 |
continue;
|
|
|
1901 |
|
|
|
1902 |
// JPEG and PNG only are allowed with GD. If the image is not allowed for GD,delete it.
|
|
|
1903 |
} elseif ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) {
|
|
|
1904 |
@unlink($path_to_image);
|
|
|
1905 |
|
|
|
1906 |
// The file upload has failed -- the image is not allowed with GD.
|
|
|
1907 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['not_GD']);
|
|
|
1908 |
|
|
|
1909 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1910 |
continue;
|
|
|
1911 |
|
|
|
1912 |
// Check that picture size (in pixels) is lower than the maximum allowed. If not, delete it.
|
|
|
1913 |
} elseif (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) {
|
|
|
1914 |
@unlink($path_to_image);
|
|
|
1915 |
|
|
|
1916 |
// The file upload has failed -- the image dimensions exceed the allowed amount.
|
|
|
1917 |
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['pixel_allowance']);
|
|
|
1918 |
|
|
|
1919 |
// There is no need for further tests or action, so skip the remainder of the iteration.
|
|
|
1920 |
continue;
|
|
|
1921 |
}
|
|
|
1922 |
|
|
|
1923 |
// Image is ok
|
|
|
1924 |
}
|
|
|
1925 |
|
|
|
1926 |
// Put array info for a successful upload in $escrow_array. Array hold the actual file name and the name of the temporary image. We do not use the path for security reasons.
|
|
|
1927 |
$escrow_array[] = array('actual_name'=>$picture_alias, 'temporary_name'=>$tempname);
|
|
|
1928 |
|
|
|
1929 |
}
|
|
|
1930 |
|
|
|
1931 |
}
|
|
|
1932 |
|
|
|
1933 |
// Decompressive ZIP uploading is disabled.
|
|
|
1934 |
// $zip_upload_count = count($_FILES['ZIP_array']['name']);
|
|
|
1935 |
|
|
|
1936 |
//Now we must prepare the inital form for adding the pictures to the database, and we must move them to their final location.
|
|
|
1937 |
|
|
|
1938 |
// Count errors in each error array and the escrow array.
|
|
|
1939 |
$escrow_array_count = count($escrow_array);
|
|
|
1940 |
$file_error_count = count($file_failure_array);
|
|
|
1941 |
$URI_error_count = count($URI_failure_array);
|
|
|
1942 |
$zip_error_count = count($zip_failure_array);
|
|
|
1943 |
|
|
|
1944 |
// Create page header.
|
|
|
1945 |
pageheader($lang_upload_php['title']);
|
|
|
1946 |
|
|
|
1947 |
// Check for successful uploads.
|
|
|
1948 |
if ($escrow_array_count > '0') {
|
|
|
1949 |
|
|
|
1950 |
// Serialize and base64_encode the array.
|
|
|
1951 |
$cayman_escrow = base64_encode(serialize($escrow_array));
|
|
|
1952 |
|
|
|
1953 |
// Add temp data record to database.
|
|
|
1954 |
$unique_ID = create_record($cayman_escrow);
|
|
|
1955 |
|
|
|
1956 |
// Verify record was created.
|
|
|
1957 |
if (!$unique_ID) {
|
|
|
1958 |
|
|
|
1959 |
cpg_die(CRITICAL_ERROR, $lang_upload_php['cant_create_write'], __FILE__, __LINE__);
|
|
|
1960 |
|
|
|
1961 |
}
|
|
|
1962 |
|
|
|
1963 |
// Prepare success data for user.
|
|
|
1964 |
starttable("100%", $lang_upload_php['succ'], 2);
|
|
|
1965 |
echo "<tr><td colspan=\"2\">";
|
|
|
1966 |
printf ($lang_upload_php['success'], $escrow_array_count);
|
|
|
1967 |
echo "<br /><br />";
|
|
|
1968 |
echo $lang_upload_php['add'];
|
|
|
1969 |
echo "</td></tr>";
|
|
|
1970 |
|
|
|
1971 |
// Set the form action to this script.
|
|
|
1972 |
open_form($_SERVER['PHP_SELF']);
|
|
|
1973 |
|
|
|
1974 |
$form_array = array(
|
|
|
1975 |
array('unique_ID', $unique_ID, 4),
|
|
|
1976 |
array('control', 'phase_2', 4)
|
|
|
1977 |
);
|
|
|
1978 |
|
|
|
1979 |
create_form($form_array);
|
|
|
1980 |
close_form($lang_continue);
|
|
|
1981 |
endtable();
|
|
|
1982 |
|
|
|
1983 |
// Throw in an HTML break for aesthetics.
|
|
|
1984 |
echo "<br />";
|
|
|
1985 |
|
|
|
1986 |
} else {
|
|
|
1987 |
|
|
|
1988 |
// we had no successful uploads. We create a redirect box.
|
|
|
1989 |
msg_box($lang_info, sprintf($lang_upload_php['success'], $escrow_array_count), $lang_continue, 'index.php', "100%");
|
|
|
1990 |
|
|
|
1991 |
// Throw in an HTML break for aesthetics.
|
|
|
1992 |
echo "<br />";
|
|
|
1993 |
|
|
|
1994 |
}
|
|
|
1995 |
|
|
|
1996 |
// Create error report if we have errors.
|
|
|
1997 |
if (($file_error_count + $URI_error_count + $zip_error_count) > 0) {
|
|
|
1998 |
|
|
|
1999 |
// Prepare error data for user.
|
|
|
2000 |
starttable("100%", $lang_upload_php['error_report'], 2);
|
|
|
2001 |
form_statement($lang_upload_php['error_instr']);
|
|
|
2002 |
|
|
|
2003 |
// Look for file upload errors.
|
|
|
2004 |
if ($file_error_count > 0) {
|
|
|
2005 |
|
|
|
2006 |
// There are file upload errors. Generate the section label.
|
|
|
2007 |
form_label($lang_upload_php['reg_instr_7']);
|
|
|
2008 |
echo "<tr><td>{$lang_upload_php['file_name_url']}</td><td>{$lang_upload_php['error_message']}</td></tr>";
|
|
|
2009 |
|
|
|
2010 |
// Cycle through the file upload errors.
|
|
|
2011 |
for ($i=0; $i < $file_error_count; $i++) {
|
|
|
2012 |
|
|
|
2013 |
// Print the error ordinal, file name, and error code.
|
|
|
2014 |
echo "<tr><td>{$file_failure_array[$i]['failure_ordinal']} {$file_failure_array[$i]['file_name']}</td><td>{$file_failure_array[$i]['error_code']}</td></tr>";
|
|
|
2015 |
|
|
|
2016 |
}
|
|
|
2017 |
|
|
|
2018 |
}
|
|
|
2019 |
|
|
|
2020 |
// Look for URI upload errors.
|
|
|
2021 |
if ($URI_error_count > 0) {
|
|
|
2022 |
|
|
|
2023 |
// There are URI upload errors. Generate the section label.
|
|
|
2024 |
form_label($lang_upload_php['reg_instr_8']);
|
|
|
2025 |
echo "<tr><td>{$lang_upload_php['file_name_url']}</td><td>{$lang_upload_php['error_message']}</td></tr>";
|
|
|
2026 |
|
|
|
2027 |
// Cycle through the file upload errors.
|
|
|
2028 |
for ($i=0; $i < $URI_error_count; $i++) {
|
|
|
2029 |
|
|
|
2030 |
// Print the error ordinal, file name, and error code.
|
|
|
2031 |
echo "<tr><td>{$URI_failure_array[$i]['failure_ordinal']} {$URI_failure_array[$i]['URI_name']}</td><td>{$URI_failure_array[$i]['error_code']}</td></tr>";
|
|
|
2032 |
|
|
|
2033 |
}
|
|
|
2034 |
|
|
|
2035 |
}
|
|
|
2036 |
|
|
|
2037 |
// Look for zip upload errors.
|
|
|
2038 |
if ($zip_error_count > 0) {
|
|
|
2039 |
|
|
|
2040 |
// There are file upload errors. Generate the section label.
|
|
|
2041 |
form_label($lang_upload_php['reg_instr_6']);
|
|
|
2042 |
echo "<tr><td>{$lang_upload_php['file_name_url']}</td><td>{$lang_upload_php['error_message']}</td></tr>";
|
|
|
2043 |
|
|
|
2044 |
// Cycle through the file upload errors.
|
|
|
2045 |
for ($i=0; $i < $zip_error_count; $i++) {
|
|
|
2046 |
|
|
|
2047 |
// Print the error ordinal, file name, and error code.
|
|
|
2048 |
echo "<tr><td>{$file_failure_array[$i]['failure_ordinal']} {$file_failure_array[$i]['file_name']}</td><td>{$file_failure_array[$i]['error_code']}</td></tr>";
|
|
|
2049 |
|
|
|
2050 |
}
|
|
|
2051 |
|
|
|
2052 |
}
|
|
|
2053 |
|
|
|
2054 |
// Close the error report table.
|
|
|
2055 |
endtable();
|
|
|
2056 |
|
|
|
2057 |
}
|
|
|
2058 |
|
|
|
2059 |
// Create the footer and flush the output buffer.
|
|
|
2060 |
pagefooter();
|
|
|
2061 |
ob_end_flush();
|
|
|
2062 |
|
|
|
2063 |
// Exit the script.
|
|
|
2064 |
|
|
|
2065 |
exit;
|
|
|
2066 |
}
|
|
|
2067 |
|
|
|
2068 |
// Recieve incoming post information for phase II.
|
|
|
2069 |
if ((isset($_POST['control'])) and ($_POST['control'] == 'phase_2')) {
|
|
|
2070 |
|
|
|
2071 |
// Check for incoming album placement data.
|
|
|
2072 |
if ((isset($_POST['album'])) and (isset($_POST['unique_ID']))) {
|
|
|
2073 |
|
|
|
2074 |
if (isset($_POST['unique_ID'])) {
|
|
|
2075 |
|
|
|
2076 |
// The unique ID is set, so let us retrieve the record.
|
|
|
2077 |
$cayman_string = retrieve_record($_POST['unique_ID']);
|
|
|
2078 |
|
|
|
2079 |
// Verify record was retrieved.
|
|
|
2080 |
if (!$cayman_string) {
|
|
|
2081 |
|
|
|
2082 |
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
|
|
|
2083 |
|
|
|
2084 |
}
|
|
|
2085 |
|
|
|
2086 |
} else {
|
|
|
2087 |
|
|
|
2088 |
// The $_POST['unique_ID'] value is not present. Die with an error.
|
|
|
2089 |
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
|
|
|
2090 |
|
|
|
2091 |
}
|
|
|
2092 |
|
|
|
2093 |
// Now we decode the string.
|
|
|
2094 |
$escrow_array = unserialize(base64_decode($cayman_string));
|
|
|
2095 |
|
|
|
2096 |
// Now we need to pop a file set off $escrow_array.
|
|
|
2097 |
// The returned element will take the form: array('actual_name', 'temporary_name')
|
|
|
2098 |
|
|
|
2099 |
// First, we test to make sure $escrow_array is an array.
|
|
|
2100 |
if (!(is_array($escrow_array))) {
|
|
|
2101 |
|
|
|
2102 |
// The decoded information is not an array. Die with an error.
|
|
|
2103 |
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
|
|
|
2104 |
|
|
|
2105 |
}
|
|
|
2106 |
|
|
|
2107 |
// Initialize $file_set as an array.
|
|
|
2108 |
$file_set = array();
|
|
|
2109 |
|
|
|
2110 |
// Create array index.
|
|
|
2111 |
$index = count($escrow_array) - 1;
|
|
|
2112 |
|
|
|
2113 |
// Read the end of the $escrow_array array into $file_set.
|
|
|
2114 |
$file_set[0] = $escrow_array[$index]['actual_name'];
|
|
|
2115 |
$file_set[1] = $escrow_array[$index]['temporary_name'];
|
|
|
2116 |
|
|
|
2117 |
// Get the image preview path.
|
|
|
2118 |
$preview_path = $escrow_array[$index]['preview_path'];
|
|
|
2119 |
|
|
|
2120 |
// Remove end of $escrow_array.
|
|
|
2121 |
unset($escrow_array[$index]['preview_path']);
|
|
|
2122 |
unset($escrow_array[$index]['actual_name']);
|
|
|
2123 |
unset($escrow_array[$index]['temporary_name']);
|
|
|
2124 |
unset($escrow_array[$index]);
|
|
|
2125 |
|
|
|
2126 |
// Re-encode the $escrow_array.
|
|
|
2127 |
$cayman_escrow = base64_encode(serialize($escrow_array));
|
|
|
2128 |
|
|
|
2129 |
// Update the record.
|
|
|
2130 |
$update = update_record($_POST['unique_ID'], $cayman_escrow);
|
|
|
2131 |
|
|
|
2132 |
// Verify that the update occurred.
|
|
|
2133 |
if (!$update) {
|
|
|
2134 |
|
|
|
2135 |
// We cannot write to the temporary data file. Note a fatal error.
|
|
|
2136 |
cpg_die(CRITICAL_ERROR, $lang_upload_php['not_writable'], __FILE__, __LINE__);
|
|
|
2137 |
|
|
|
2138 |
}
|
|
|
2139 |
|
|
|
2140 |
// We have incoming placement data. Let's capture it.
|
|
|
2141 |
|
|
|
2142 |
$album = (int)$HTTP_POST_VARS['album'];
|
|
|
2143 |
$title = addslashes($HTTP_POST_VARS['title']);
|
|
|
2144 |
$caption = addslashes($HTTP_POST_VARS['caption']);
|
|
|
2145 |
$keywords = addslashes($HTTP_POST_VARS['keywords']);
|
|
|
2146 |
$user1 = addslashes($HTTP_POST_VARS['user1']);
|
|
|
2147 |
$user2 = addslashes($HTTP_POST_VARS['user2']);
|
|
|
2148 |
$user3 = addslashes($HTTP_POST_VARS['user3']);
|
|
|
2149 |
$user4 = addslashes($HTTP_POST_VARS['user4']);
|
|
|
2150 |
|
|
|
2151 |
// Capture movie or audio width and height if sent.
|
|
|
2152 |
if(isset($HTTP_POST_VARS['movie_wd'])) {
|
|
|
2153 |
|
|
|
2154 |
$movie_wd = (int)$HTTP_POST_VARS['movie_wd'];
|
|
|
2155 |
|
|
|
2156 |
} else {
|
|
|
2157 |
|
|
|
2158 |
$movie_wd = 0;
|
|
|
2159 |
|
|
|
2160 |
}
|
|
|
2161 |
|
|
|
2162 |
if(isset($HTTP_POST_VARS['movie_ht'])) {
|
|
|
2163 |
|
|
|
2164 |
$movie_ht = (int)$HTTP_POST_VARS['movie_ht'];
|
|
|
2165 |
|
|
|
2166 |
} else {
|
|
|
2167 |
|
|
|
2168 |
$movie_ht = 0;
|
|
|
2169 |
|
|
|
2170 |
}
|
|
|
2171 |
|
|
|
2172 |
// Check if the album id provided is valid
|
|
|
2173 |
if (!GALLERY_ADMIN_MODE) {
|
|
|
2174 |
$result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album' and (uploads = 'YES' OR category = '" . (USER_ID + FIRST_USER_CAT) . "')");
|
|
|
2175 |
if (mysql_num_rows($result) == 0)cpg_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
|
|
|
2176 |
$row = mysql_fetch_array($result);
|
|
|
2177 |
mysql_free_result($result);
|
|
|
2178 |
$category = $row['category'];
|
|
|
2179 |
} else {
|
|
|
2180 |
$result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album'");
|
|
|
2181 |
if (mysql_num_rows($result) == 0)cpg_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
|
|
|
2182 |
$row = mysql_fetch_array($result);
|
|
|
2183 |
mysql_free_result($result);
|
|
|
2184 |
$category = $row['category'];
|
|
|
2185 |
}
|
|
|
2186 |
|
|
|
2187 |
// Pictures are moved in a directory named 10000 + USER_ID
|
|
|
2188 |
if (USER_ID && !defined('SILLY_SAFE_MODE')) {
|
|
|
2189 |
$filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT);
|
|
|
2190 |
$dest_dir = $CONFIG['fullpath'] . $filepath;
|
|
|
2191 |
if (!is_dir($dest_dir)) {
|
|
|
2192 |
mkdir($dest_dir, octdec($CONFIG['default_dir_mode']));
|
|
|
2193 |
if (!is_dir($dest_dir)) cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true);
|
|
|
2194 |
chmod($dest_dir, octdec($CONFIG['default_dir_mode']));
|
|
|
2195 |
$fp = fopen($dest_dir . '/index.html', 'w');
|
|
|
2196 |
fwrite($fp, ' ');
|
|
|
2197 |
fclose($fp);
|
|
|
2198 |
}
|
|
|
2199 |
$dest_dir .= '/';
|
|
|
2200 |
$filepath .= '/';
|
|
|
2201 |
} else {
|
|
|
2202 |
$filepath = $CONFIG['userpics'];
|
|
|
2203 |
$dest_dir = $CONFIG['fullpath'] . $filepath;
|
|
|
2204 |
}
|
|
|
2205 |
|
|
|
2206 |
// Check that target dir is writable
|
|
|
2207 |
if (!is_writable($dest_dir)) cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true);
|
|
|
2208 |
|
|
|
2209 |
//Add the Perl regex to break the actual name.
|
|
|
2210 |
preg_match("/(.+)\.(.*?)\Z/", $file_set[0], $matches);
|
|
|
2211 |
|
|
|
2212 |
// Create a unique name for the uploaded file
|
|
|
2213 |
$nr = 0;
|
|
|
2214 |
$picture_name = $matches[1] . '.' . $matches[2];
|
|
|
2215 |
while (file_exists($dest_dir . $picture_name)) {
|
|
|
2216 |
$picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
|
|
|
2217 |
}
|
|
|
2218 |
|
|
|
2219 |
// Create path for final location.
|
|
|
2220 |
$uploaded_pic = $dest_dir . $picture_name;
|
|
|
2221 |
|
|
|
2222 |
// Form path to temporary image.
|
|
|
2223 |
$path_to_image = "./{$CONFIG['fullpath']}edit/".$file_set[1];
|
|
|
2224 |
|
|
|
2225 |
// prevent moving the edit directory...
|
|
|
2226 |
if (is_dir($path_to_image)) cpg_die(CRITICAL_ERROR, $lang_upload_php['failure'] . " - '$path_to_image'", __FILE__, __LINE__, true);
|
|
|
2227 |
|
|
|
2228 |
// Move the picture into its final location
|
|
|
2229 |
if (rename($path_to_image, $uploaded_pic)) {
|
|
|
2230 |
|
|
|
2231 |
// Change file permission
|
|
|
2232 |
chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
|
|
|
2233 |
|
|
|
2234 |
// Create thumbnail and internediate image and add the image into the DB
|
|
|
2235 |
$result = add_picture($album, $filepath, $picture_name, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category, $raw_ip, $hdr_ip, $movie_wd, $movie_ht);
|
|
|
2236 |
|
|
|
2237 |
if (!$result) {
|
|
|
2238 |
|
|
|
2239 |
// The file could not be placed.
|
|
|
2240 |
$file_placement = 'no';
|
|
|
2241 |
|
|
|
2242 |
} else {
|
|
|
2243 |
|
|
|
2244 |
// The file was placed successfully.
|
|
|
2245 |
$file_placement = 'yes';
|
|
|
2246 |
|
|
|
2247 |
}
|
|
|
2248 |
|
|
|
2249 |
} else {
|
|
|
2250 |
|
|
|
2251 |
// The file was not placed successfully.
|
|
|
2252 |
$file_placement = 'no';
|
|
|
2253 |
|
|
|
2254 |
}
|
|
|
2255 |
|
|
|
2256 |
// Time for garbage cleanup.
|
|
|
2257 |
|
|
|
2258 |
// First, we delete the preview image.
|
|
|
2259 |
if ((!strstr($preview_path, 'thumb')) and (file_exists($preview_path))) {
|
|
|
2260 |
|
|
|
2261 |
unlink($preview_path);
|
|
|
2262 |
|
|
|
2263 |
}
|
|
|
2264 |
|
|
|
2265 |
// Check to see if this is the last one.
|
|
|
2266 |
if(count($escrow_array) == '0') {
|
|
|
2267 |
|
|
|
2268 |
// Create the final message.
|
|
|
2269 |
if ($PIC_NEED_APPROVAL) {
|
|
|
2270 |
|
|
|
2271 |
if ($file_placement == 'no') {
|
|
|
2272 |
|
|
|
2273 |
$final_message = ''.$lang_upload_php['no_place'].'<br /><br />'.$lang_db_input_php['upload_success'];
|
|
|
2274 |
|
|
|
2275 |
} else {
|
|
|
2276 |
|
|
|
2277 |
$final_message = ''.$lang_upload_php['yes_place'].'<br /><br />'.$lang_db_input_php['upload_success'];
|
|
|
2278 |
|
|
|
2279 |
}
|
|
|
2280 |
|
|
|
2281 |
} else {
|
|
|
2282 |
|
|
|
2283 |
if ($file_placement == 'no') {
|
|
|
2284 |
|
|
|
2285 |
$final_message = ''.$lang_upload_php['no_place'].'<br /><br />'.$lang_upload_php['process_complete'];
|
|
|
2286 |
|
|
|
2287 |
} else {
|
|
|
2288 |
|
|
|
2289 |
$final_message = ''.$lang_upload_php['yes_place'].'<br /><br />'.$lang_upload_php['process_complete'];
|
|
|
2290 |
|
|
|
2291 |
}
|
|
|
2292 |
|
|
|
2293 |
}
|
|
|
2294 |
|
|
|
2295 |
// Delete the temporary data file.
|
|
|
2296 |
delete_record($_POST['unique_ID']);
|
|
|
2297 |
|
|
|
2298 |
// Send e-mail notification to the admin if requested (added by gaugau: 03-11-09).
|
|
|
2299 |
if (($CONFIG['upl_notify_admin_email']) and ($PIC_NEED_APPROVAL)) {
|
|
|
2300 |
// Encapsulate so included lang file doesn't interfere with global one
|
|
|
2301 |
function cpg_send_upload_notification() {
|
|
|
2302 |
global $CONFIG;
|
|
|
2303 |
$lang_db_input_php = cpg_get_default_lang_var('lang_db_input_php');
|
|
|
2304 |
// Get the mail files.
|
|
|
2305 |
include_once('include/mailer.inc.php');
|
|
|
2306 |
|
|
|
2307 |
// Send the message.
|
|
|
2308 |
cpg_mail($CONFIG['gallery_admin_email'], sprintf($lang_db_input_php['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_db_input_php['notify_admin_email_body'], USER_NAME, $CONFIG['ecards_more_pic_target'].'editpics.php?mode=upload_approval' ));
|
|
|
2309 |
}
|
|
|
2310 |
cpg_send_upload_notification();
|
|
|
2311 |
}
|
|
|
2312 |
|
|
|
2313 |
// That was the last one. Create a redirect box.
|
|
|
2314 |
pageheader($lang_info);
|
|
|
2315 |
msg_box($lang_info, $final_message, $lang_continue, 'index.php', "100%");
|
|
|
2316 |
pagefooter();
|
|
|
2317 |
|
|
|
2318 |
// Exit the script.
|
|
|
2319 |
exit;
|
|
|
2320 |
|
|
|
2321 |
}
|
|
|
2322 |
|
|
|
2323 |
}
|
|
|
2324 |
|
|
|
2325 |
// The user has files that need to be processed and placed in albums.
|
|
|
2326 |
// We must pull that information from the temporary data file
|
|
|
2327 |
// whose ID is in $_POST['unique_ID'].
|
|
|
2328 |
|
|
|
2329 |
if (isset($_POST['unique_ID'])) {
|
|
|
2330 |
|
|
|
2331 |
// The unique ID is set, so let us retrieve the record.
|
|
|
2332 |
$cayman_string = retrieve_record($_POST['unique_ID']);
|
|
|
2333 |
|
|
|
2334 |
// Verify record was retrieved.
|
|
|
2335 |
if (!$cayman_string) {
|
|
|
2336 |
|
|
|
2337 |
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
|
|
|
2338 |
|
|
|
2339 |
}
|
|
|
2340 |
|
|
|
2341 |
} else {
|
|
|
2342 |
|
|
|
2343 |
// The $_POST['cayman'] path is not present. Die with an error.
|
|
|
2344 |
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
|
|
|
2345 |
|
|
|
2346 |
}
|
|
|
2347 |
|
|
|
2348 |
// Now we decode the string.
|
|
|
2349 |
$escrow_array = unserialize(base64_decode($cayman_string));
|
|
|
2350 |
|
|
|
2351 |
// Now we need to detect the end file set of $escrow_array.
|
|
|
2352 |
// The returned element will take the form: array('actual_name', 'temporary_name')
|
|
|
2353 |
|
|
|
2354 |
// First, we test to make sure $escrow_array is an array.
|
|
|
2355 |
if (!(is_array($escrow_array))) {
|
|
|
2356 |
|
|
|
2357 |
// The decoded information is not an array. Die with an error.
|
|
|
2358 |
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
|
|
|
2359 |
|
|
|
2360 |
}
|
|
|
2361 |
|
|
|
2362 |
// Initialize $file_set as an array.
|
|
|
2363 |
$file_set = array();
|
|
|
2364 |
|
|
|
2365 |
// Create array index.
|
|
|
2366 |
$index = count($escrow_array) - 1;
|
|
|
2367 |
|
|
|
2368 |
// Read the end of the $escrow_array array into $file_set.
|
|
|
2369 |
$file_set[0] = $escrow_array[$index]['actual_name'];
|
|
|
2370 |
$file_set[1] = $escrow_array[$index]['temporary_name'];
|
|
|
2371 |
|
|
|
2372 |
// Create preview image.
|
|
|
2373 |
|
|
|
2374 |
// Create path to image.
|
|
|
2375 |
$path_to_image = "./{$CONFIG['fullpath']}edit/".$file_set[1];
|
|
|
2376 |
|
|
|
2377 |
// Create the preview function.
|
|
|
2378 |
|
|
|
2379 |
// Get the extension for the preview.
|
|
|
2380 |
|
|
|
2381 |
// First we parse the file name to determine the file type.
|
|
|
2382 |
$pieces = explode('.',$file_set[1]);
|
|
|
2383 |
|
|
|
2384 |
// We pop off the end of the $pieces array to obtain the possible file name.
|
|
|
2385 |
$extension = array_pop($pieces);
|
|
|
2386 |
|
|
|
2387 |
// Detect if the file is an image.
|
|
|
2388 |
if(is_image($file_set[1])) {
|
|
|
2389 |
|
|
|
2390 |
// Create preview image file name.
|
|
|
2391 |
|
|
|
2392 |
do {
|
|
|
2393 |
|
|
|
2394 |
// Create a random seed by taking the first 8 characters of an MD5 hash of a concatenation of the current UNIX epoch time and the current server process ID.
|
|
|
2395 |
$seed = substr(md5(microtime().getmypid()), 0, 8);
|
|
|
2396 |
|
|
|
2397 |
// Assemble the file path.
|
|
|
2398 |
$path_to_preview = "./{$CONFIG['fullpath']}edit/preview_" . $seed . '.' . $extension;
|
|
|
2399 |
|
|
|
2400 |
} while (file_exists($path_to_preview));
|
|
|
2401 |
|
|
|
2402 |
// Create secure preview path.
|
|
|
2403 |
$s_preview_path = 'preview_' . $seed . '.' . $extension;
|
|
|
2404 |
|
|
|
2405 |
// The file is an image, we must resize it for a preview image.
|
|
|
2406 |
resize_image($path_to_image, $path_to_preview, '150', $CONFIG['thumb_method'], 'wd');
|
|
|
2407 |
|
|
|
2408 |
} else {
|
|
|
2409 |
|
|
|
2410 |
// The file is not an image, so we will use the non-image thumbs
|
|
|
2411 |
// for preview images.
|
|
|
2412 |
|
|
|
2413 |
// We create the path to the preview image.
|
|
|
2414 |
$path_to_preview = "images/thumb_{$extension}.jpg";
|
|
|
2415 |
|
|
|
2416 |
}
|
|
|
2417 |
|
|
|
2418 |
// Add preview image path to $escrow_array.
|
|
|
2419 |
$escrow_array[$index]['preview_path'] = $path_to_preview;
|
|
|
2420 |
|
|
|
2421 |
// Re-encode the $escrow_array.
|
|
|
2422 |
$cayman_escrow = base64_encode(serialize($escrow_array));
|
|
|
2423 |
|
|
|
2424 |
// Update the record.
|
|
|
2425 |
$update = update_record($_POST['unique_ID'], $cayman_escrow);
|
|
|
2426 |
|
|
|
2427 |
// Verify that the update occurred.
|
|
|
2428 |
if (!$update) {
|
|
|
2429 |
|
|
|
2430 |
// We cannot write to the temporary data file. Note a fatal error.
|
|
|
2431 |
cpg_die(CRITICAL_ERROR, $lang_upload_php['not_writable'], __FILE__, __LINE__);
|
|
|
2432 |
|
|
|
2433 |
}
|
|
|
2434 |
|
|
|
2435 |
// Create upload form headers.
|
|
|
2436 |
pageheader($lang_upload_php['title']);
|
|
|
2437 |
|
|
|
2438 |
// Open the form table.
|
|
|
2439 |
starttable("100%", $lang_upload_php['title'], 2);
|
|
|
2440 |
|
|
|
2441 |
// Direct the request to this script.
|
|
|
2442 |
open_form($_SERVER['PHP_SELF']);
|
|
|
2443 |
|
|
|
2444 |
// Create image tag and echo it to the output buffer.
|
|
|
2445 |
echo "<tr><td class=\"tableh2\"><img class=\"image\" src=\"".$path_to_preview."\" ></td>";
|
|
|
2446 |
|
|
|
2447 |
// Echo instructions.
|
|
|
2448 |
echo "<td class=\"tableh2\">{$lang_upload_php['picture']} - {$file_set[0]}<br /><br />{$lang_upload_php['place_instr_1']}<br /><br />";
|
|
|
2449 |
|
|
|
2450 |
// If we have previously placed a picture, give a brief message about its success or failure.
|
|
|
2451 |
if (isset($file_placement)) {
|
|
|
2452 |
|
|
|
2453 |
if ($file_placement == 'yes') {
|
|
|
2454 |
|
|
|
2455 |
// The previous picture was placed successfully.
|
|
|
2456 |
echo "{$lang_upload_php['yes_place']}";
|
|
|
2457 |
|
|
|
2458 |
} elseif ($file_placement == 'no') {
|
|
|
2459 |
|
|
|
2460 |
// The previous image placement failed.
|
|
|
2461 |
echo "{$lang_upload_php['no_place']}";
|
|
|
2462 |
|
|
|
2463 |
}
|
|
|
2464 |
|
|
|
2465 |
}
|
|
|
2466 |
|
|
|
2467 |
echo "</td></tr>";
|
|
|
2468 |
|
|
|
2469 |
// Declare an array containing the various upload form box definitions.
|
|
|
2470 |
$captionLabel = $lang_upload_php['description'];
|
|
|
2471 |
if ($CONFIG['show_bbcode_help']) {$captionLabel .= '<hr />'.$lang_bbcode_help;}
|
|
|
2472 |
//$printed_file_name = "{$lang_upload_php['picture']} - {$file_set[0]}";
|
|
|
2473 |
|
|
|
2474 |
$form_array = array(
|
|
|
2475 |
array($lang_upload_php['album'], 'album', 2),
|
|
|
2476 |
array($lang_upload_php['pic_title'], 'title', 0, 255, 1),
|
|
|
2477 |
array($captionLabel, 'caption', 3, $CONFIG['max_img_desc_length']),
|
|
|
2478 |
array($lang_upload_php['keywords'], 'keywords', 0, 255, 1),
|
|
|
2479 |
array('control', 'phase_2', 4),
|
|
|
2480 |
array('unique_ID', $_POST['unique_ID'], 4),
|
|
|
2481 |
);
|
|
|
2482 |
|
|
|
2483 |
// Check for user defined fields.
|
|
|
2484 |
if(!empty($CONFIG['user_field1_name'])) {
|
|
|
2485 |
$form_array[] = array($CONFIG['user_field1_name'], 'user1', 0, 255, 1);
|
|
|
2486 |
}
|
|
|
2487 |
|
|
|
2488 |
if(!empty($CONFIG['user_field2_name'])) {
|
|
|
2489 |
$form_array[] = array($CONFIG['user_field2_name'], 'user2', 0, 255, 1);
|
|
|
2490 |
}
|
|
|
2491 |
|
|
|
2492 |
if(!empty($CONFIG['user_field3_name'])) {
|
|
|
2493 |
$form_array[] = array($CONFIG['user_field3_name'], 'user3', 0, 255, 1);
|
|
|
2494 |
}
|
|
|
2495 |
|
|
|
2496 |
if(!empty($CONFIG['user_field4_name'])) {
|
|
|
2497 |
$form_array[] = array($CONFIG['user_field4_name'], 'user4', 0, 255, 1);
|
|
|
2498 |
}
|
|
|
2499 |
|
|
|
2500 |
|
|
|
2501 |
// Check for movies and audio, and create width and height boxes if true.
|
|
|
2502 |
if((is_movie($file_set[1])) or (is_audio($file_set[1]))) {
|
|
|
2503 |
|
|
|
2504 |
//Add width and height boxes to the form.
|
|
|
2505 |
$form_array[] = array($lang_config_php['th_wd'],'movie_wd', 0, 4, 1);
|
|
|
2506 |
$form_array[] = array($lang_config_php['th_ht'],'movie_ht', 0, 4, 1);
|
|
|
2507 |
|
|
|
2508 |
}
|
|
|
2509 |
|
|
|
2510 |
// Create the form and echo more instructions.
|
|
|
2511 |
create_form($form_array);
|
|
|
2512 |
|
|
|
2513 |
// More instructions.
|
|
|
2514 |
if(count($escrow_array) > '1') {
|
|
|
2515 |
|
|
|
2516 |
form_statement($lang_upload_php['place_instr_2']);
|
|
|
2517 |
|
|
|
2518 |
}
|
|
|
2519 |
|
|
|
2520 |
// Make button say 'Continue.'
|
|
|
2521 |
close_form($lang_continue);
|
|
|
2522 |
|
|
|
2523 |
// Close the table, create footers, and flush the output buffer.
|
|
|
2524 |
endtable();
|
|
|
2525 |
pagefooter();
|
|
|
2526 |
ob_end_flush();
|
|
|
2527 |
|
|
|
2528 |
// Exit the script.
|
|
|
2529 |
exit;
|
|
|
2530 |
|
|
|
2531 |
|
|
|
2532 |
}
|
|
|
2533 |
?>
|