/**
* Save browser upload(s)
*
* @param int album_id album_id save uploaded media
* @return string HTML
*
*/
function MG_saveUserUpload($album_id)
{
global $MG_albums, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG02, $LANG_MG03, $new_media_id;
$retval = '';
$retval .= COM_startBlock($LANG_MG03['upload_results'], '', COM_getBlockTemplate('_admin_block', 'header'));
$T = new Template(MG_getTemplatePath($album_id));
$T->set_file('mupload', 'useruploadstatus.thtml');
$statusMsg = '';
$file = array();
$file = $_FILES['newmedia'];
$thumbs = $_FILES['thumbnail'];
$albums = $album_id;
$successfull_upload = 0;
$upload = 1;
$purge = 0;
foreach ($file['name'] as $key => $name) {
$filename = $file['name'][$key];
$filetype = $file['type'][$key];
$filesize = $file['size'][$key];
$filetmp = $file['tmp_name'][$key];
$upload = isset($file['_data_dir']) ? 0 : 1;
$purge = isset($file['_data_dir']) ? 1 : 0;
$error = $file['error'][$key];
$caption = $_POST['caption'][$key];
$description = $_POST['description'][$key];
$keywords = $_POST['keywords'][$key];
$category = 0;
if (isset($_POST['cat_id'])) {
$category = COM_applyFilter($_POST['cat_id'][$key], true);
}
$attachtn = isset($_POST['attachtn'][$key]) ? $_POST['attachtn'][$key] : '';
$thumbnail = isset($thumbs['tmp_name'][$key]) ? $thumbs['tmp_name'][$key] : '';
if (isset($_POST['dnc'][$key]) && $_POST['dnc'][$key] == 'on') {
$dnc = 1;
} else {
$dnc = 0;
}
if ($filename == '') {
continue;
}
if ($MG_albums[$album_id]->max_filesize != 0 && $filesize > $MG_albums[$album_id]->max_filesize) {
COM_errorLog("MG Upload: File " . $filename . " exceeds maximum allowed filesize for this album");
$tmpmsg = sprintf($LANG_MG02['upload_exceeds_max_filesize'], $filename);
$statusMsg .= $tmpmsg . '<br/>';
continue;
}
if ($attachtn == "on") {
$attach_tn = 1;
} else {
$attach_tn = 0;
}
if ($error != UPLOAD_ERR_OK) {
switch ($error) {
case 1:
$tmpmsg = sprintf($LANG_MG02['upload_too_big'], $filename);
$statusMsg .= $tmpmsg . '<br/>';
COM_errorLog('MediaGallery: Error - ' . $tmpmsg);
break;
case 2:
$tmpmsg = sprintf($LANG_MG02['upload_too_big_html'], $filename);
$statusMsg .= $tmpmsg . '<br/>';
COM_errorLog('MediaGallery: Error - ' . $tmpmsg);
break;
case 3:
$tmpmsg = sprintf($LANG_MG02['partial_upload'], $filename);
$statusMsg .= $tmpmsg . '<br/>';
COM_errorLog('MediaGallery: Error - ' . $tmpmsg);
break;
case 4:
break;
case 6:
$statusMsg .= $LANG_MG02['missing_tmp'] . '<br/>';
break;
case 7:
$statusMsg .= $LANG_MG02['disk_fail'] . '<br/>';
break;
default:
$statusMsg .= $LANG_MG02['unknown_err'] . '<br/>';
break;
}
continue;
}
// check user quota -- do we have one?
$user_quota = MG_getUserQuota($_USER['uid']);
if ($user_quota > 0) {
$disk_used = MG_quotaUsage($_USER['uid']);
if ($disk_used + $filesize > $user_quota) {
COM_errorLog("MG Upload: File " . $filename . " would exceeds the users quota");
$tmpmsg = sprintf($LANG_MG02['upload_exceeds_quota'], $filename);
$statusMsg .= $tmpmsg . '<br/>';
continue;
}
}
// override the determination for some filetypes
$filetype = MG_getFileTypeFromExt($filename, $filetype);
// process the uploaded files
list($rc, $msg) = MG_getFile($filetmp, $filename, $albums, $caption, $description, $upload, $purge, $filetype, $attach_tn, $thumbnail, $keywords, $category, $dnc, 0);
$statusMsg .= $filename . " " . $msg . '<br/>';
if ($rc == true) {
$successfull_upload++;
}
}
if ($successfull_upload) {
MG_notifyModerators($albums);
PLG_sendSubscriptionNotification('mediagallery', '', $albums, $new_media_id, $_USER['uid']);
}
// failsafe check - after all the uploading is done, double check that the database counts
// equal the actual count of items shown in the database, if not, fix the counts and log
// the error
$dbCount = DB_count($_TABLES['mg_media_albums'], 'album_id', (int) $album_id);
$aCount = DB_getItem($_TABLES['mg_albums'], 'media_count', "album_id=" . (int) $album_id);
if ($dbCount != $aCount) {
DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $dbCount . " WHERE album_id=" . (int) $album_id);
COM_errorLog("MediaGallery: Upload processing - Counts don't match - dbCount = " . $dbCount . " aCount = " . $aCount);
}
MG_SortMedia($album_id);
$T->set_var('status_message', $statusMsg);
$tmp = $_MG_CONF['site_url'] . '/album.php?aid=' . $album_id . '&page=1';
$redirect = sprintf($LANG_MG03['album_redirect'], $tmp);
$T->set_var('redirect', $redirect);
$T->parse('output', 'mupload');
$retval .= $T->finish($T->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
/**
* Save a comment
*
* @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net
* @param string $title Title of comment
* @param string $comment Text of comment
* @param string $sid ID of object receiving comment
* @param int $pid ID of parent comment
* @param string $type Type of comment this is (article, polls, etc)
* @param string $postmode Indicates if text is HTML or plain text
* @return int 0 for success, > 0 indicates error
*
*/
function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode)
{
global $_CONF, $_TABLES, $_USER, $LANG03;
$ret = 0;
// Get a valid uid
if (empty($_USER['uid'])) {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
// Sanity check
if (empty($sid) || empty($title) || empty($comment) || empty($type)) {
COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment with one or more missing values.');
if (SESS_isSet('glfusion.commentpresave.error')) {
$msg = SESS_getVar('glfusion.commentpresave.error') . '<br/>' . $LANG03[12];
} else {
$msg = $LANG03[12];
}
SESS_setVar('glfusion.commentpresave.error', $msg);
return $ret = 1;
}
// Check that anonymous comments are allowed
if ($uid == 1 && ($_CONF['loginrequired'] == 1 || $_CONF['commentsloginrequired'] == 1)) {
COM_errorLog("CMT_saveComment: IP address {$_SERVER['REMOTE_ADDR']} " . 'attempted to save a comment with anonymous comments disabled for site.');
return $ret = 2;
}
// Check for people breaking the speed limit
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'comment');
$last = COM_checkSpeedlimit('comment');
if ($last > 0) {
COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment before the speed limit expired');
return $ret = 3;
}
// Let plugins have a chance to check for spam
$spamcheck = '<h1>' . $title . '</h1><p>' . $comment . '</p>';
$result = PLG_checkforSpam($spamcheck, $_CONF['spamx']);
// Now check the result and display message if spam action was taken
if ($result > 0) {
// update speed limit nonetheless
COM_updateSpeedlimit('comment');
// then tell them to get lost ...
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
// Let plugins have a chance to decide what to do before saving the comment, return errors.
if ($someError = PLG_commentPreSave($uid, $title, $comment, $sid, $pid, $type, $postmode)) {
return $someError;
}
$title = COM_checkWords(strip_tags($title));
$comment = CMT_prepareText($comment, $postmode);
// check for non-int pid's
// this should just create a top level comment that is a reply to the original item
if (!is_numeric($pid) || $pid < 0) {
$pid = 0;
}
if (!empty($title) && !empty($comment)) {
COM_updateSpeedlimit('comment');
$title = DB_escapeString($title);
$comment = DB_escapeString($comment);
$type = DB_escapeString($type);
// Insert the comment into the comment table
DB_lockTable($_TABLES['comments']);
if ($pid > 0) {
$result = DB_query("SELECT rht, indent FROM {$_TABLES['comments']} WHERE cid = " . (int) $pid . " AND sid = '" . DB_escapeString($sid) . "'");
list($rht, $indent) = DB_fetchArray($result);
if (!DB_error()) {
DB_query("UPDATE {$_TABLES['comments']} SET lft = lft + 2 " . "WHERE sid = '" . DB_escapeString($sid) . "' AND type = '{$type}' AND lft >= {$rht}");
DB_query("UPDATE {$_TABLES['comments']} SET rht = rht + 2 " . "WHERE sid = '" . DB_escapeString($sid) . "' AND type = '{$type}' AND rht >= {$rht}");
DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'" . DB_escapeString($sid) . "',{$uid},'{$comment}',now(),'{$title}'," . (int) $pid . ",{$rht},{$rht}+1,{$indent}+1,'{$type}','" . DB_escapeString($_SERVER['REMOTE_ADDR']) . "'");
} else {
//replying to non-existent comment or comment in wrong article
COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to reply to a non-existent comment or the pid/sid did not match');
$ret = 4;
// Cannot return here, tables locked!
}
} else {
$rht = DB_getItem($_TABLES['comments'], 'MAX(rht)', "sid = '" . DB_escapeString($sid) . "'");
if (DB_error()) {
$rht = 0;
}
DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'" . DB_escapeString($sid) . "'," . (int) $uid . ",'{$comment}',now(),'{$title}'," . (int) $pid . ",{$rht}+1,{$rht}+2,0,'{$type}','" . DB_escapeString($_SERVER['REMOTE_ADDR']) . "'");
}
$cid = DB_insertId();
//set Anonymous user name if present
if (isset($_POST['username'])) {
$name = strip_tags(USER_sanitizeName($_POST['username']));
DB_change($_TABLES['comments'], 'name', DB_escapeString($name), 'cid', (int) $cid);
}
DB_unlockTable($_TABLES['comments']);
CACHE_remove_instance('whatsnew');
if ($type == 'article') {
CACHE_remove_instance('story_' . $sid);
}
// check to see if user has subscribed....
if (!COM_isAnonUser()) {
if (isset($_POST['subscribe']) && $_POST['subscribe'] == 1) {
$itemInfo = PLG_getItemInfo($type, $sid, 'url,title');
if (isset($itemInfo['title'])) {
$id_desc = $itemInfo['title'];
} else {
$id_desc = 'not defined';
}
$rc = PLG_subscribe('comment', $type, $sid, $uid, $type, $id_desc);
} else {
PLG_unsubscribe('comment', $type, $sid);
}
}
// Send notification of comment if no errors and notications enabled for comments
if ($ret == 0 && isset($_CONF['notification']) && in_array('comment', $_CONF['notification'])) {
CMT_sendNotification($title, $comment, $uid, $_SERVER['REMOTE_ADDR'], $type, $cid);
}
if ($ret == 0) {
PLG_sendSubscriptionNotification('comment', $type, $sid, $cid, $uid);
}
} else {
COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment with invalid $title and/or $comment.');
return $ret = 5;
}
return $ret;
}
