Beispiel #1
0
         //cpg_die(ERROR, sprintf($lang_db_input_php['allowed_img_types'], $CONFIG['allowed_img_types']), __FILE__, __LINE__);
         // Check that picture size (in pixels) is lower than the maximum allowed
     } elseif (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) {
         if (USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) {
             //resize_image($uploaded_pic, $uploaded_pic, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $imginfo[0] > $CONFIG['max_upl_width_height'] ? 'wd' : 'ht');
             resize_image($uploaded_pic, $uploaded_pic, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $CONFIG['thumb_use']);
         } else {
             @unlink($uploaded_pic);
             cpg_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__);
         }
     }
     // Image is ok
 }
 // Upload is ok
 // Create thumbnail and internediate image and add the image into the DB
 $result = add_picture($album, $filepath, $picture_name, 0, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category, $raw_ip, $hdr_ip, (int) $_POST['width'], (int) $_POST['height']);
 if (!$result) {
     @unlink($uploaded_pic);
     cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true);
 } elseif ($PIC_NEED_APPROVAL) {
     pageheader($lang_info);
     msg_box($lang_info, $lang_db_input_php['upload_success'], $lang_continue, 'index.php');
     // start: send admin approval mail added by gaugau: 03-11-09
     if ($CONFIG['upl_notify_admin_email']) {
         include_once 'include/mailer.inc.php';
         cpg_mail('admin', sprintf($lang_db_input_php['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_db_input_php['notify_admin_email_body'], USER_NAME, $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . 'editpics.php?mode=upload_approval'));
     }
     // end: send admin approval mail
     ob_end_flush();
 } else {
     $header_location = @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ? 'Refresh: 0; URL=' : 'Location: ';
require 'include/picmgmt.inc.php';
if (!GALLERY_ADMIN_MODE) {
    die('Access denied');
}
$aid = (int) $HTTP_GET_VARS['aid'];
$pic_file = base64_decode($HTTP_GET_VARS['pic_file']);
$dir_name = dirname($pic_file) . "/";
$file_name = basename($pic_file);
// Get the forbidden characters from the Config console string, and do any necessary translation. Return the translated string.
$forbidden_chars = strtr($CONFIG['forbiden_fname_char'], array('&amp;' => '&', '&quot;' => '"', '&lt;' => '<', '&gt;' => '>'));
// Create the holder $picture_name by translating the file name. Translate any forbidden character into an underscore.
$sane_name = strtr($file_name, $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char'])));
$source = "./" . $CONFIG['fullpath'] . $dir_name . $file_name;
rename($source, "./" . $CONFIG['fullpath'] . $dir_name . $sane_name);
$sql = "SELECT pid " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE filepath='" . addslashes($dir_name) . "' AND filename='" . addslashes($file_name) . "' " . "LIMIT 1";
$result = db_query($sql);
if (mysql_num_rows($result)) {
    $file_name = "images/up_dup.gif";
} elseif (add_picture($aid, $dir_name, $file_name)) {
    $file_name = "images/up_ok.gif";
} else {
    $file_name = "images/up_pb.gif";
    echo $ERROR;
}
if (ob_get_length()) {
    ob_end_flush();
    exit;
}
header('Content-type: image/gif');
echo fread(fopen($file_name, 'rb'), filesize($file_name));
ob_end_flush();
Beispiel #3
0
function add_image($album, $filename, $caption)
{
    $filedat = $_FILES['userfile'];
    $albuminfo = get_album_by_name($album);
    $src = $filedat['tmp_name'];
    $result = add_picture($albuminfo['id'], $_FILES['userfile']['tmp_name'], $_FILES['userfile']['name'], $caption);
    global $debug_msgs;
    $debug_msgs .= print_r($result, true);
    // And this is the place where I need the image data
    global $response;
    if ($result['picture_id'] === false) {
        $response->set_key('status', GR_STAT_UPLOAD_PHOTO_FAIL);
        $response->set_key('status_text', 'Add photo failed.');
    } else {
        $response->set_key('status', GR_STAT_SUCCESS);
        // galleryadd.pl looks for this exact status text and fails if it doesn't find it
        $response->set_key('status_text', 'Add photo successful.');
    }
}
Beispiel #4
0
require 'include/init.inc.php';
require 'include/picmgmt.inc.php';
if (!GALLERY_ADMIN_MODE) {
    die('Access denied');
}
$aid = (int) $_GET['aid'];
$pic_file = base64_decode($_GET['pic_file']);
$dir_name = dirname($pic_file) . '/';
$file_name = basename($pic_file);
# Create the holder $picture_name by translating the file name.
# Translate any forbidden character into an underscore.
$sane_name = replace_forbidden($file_name);
$source = './' . $CONFIG['fullpath'] . $dir_name . $file_name;
rename($source, './' . $CONFIG['fullpath'] . $dir_name . $sane_name);
$sql = "SELECT pid FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath='" . addslashes($dir_name) . "' AND filename='" . addslashes($file_name) . "' LIMIT 1";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
    $file_name = 'images/up_dup.gif';
} elseif (add_picture($aid, $dir_name, $sane_name)) {
    $file_name = 'images/up_ok.gif';
} else {
    $file_name = 'images/up_pb.gif';
    echo $ERROR;
}
if (ob_get_length()) {
    ob_end_flush();
    exit;
}
header('Content-type: image/gif');
echo fread(fopen($file_name, 'rb'), filesize($file_name));
ob_end_flush();
                                         $sql = "SELECT `name` FROM " . PLOGGER_TABLE_PREFIX . "collections WHERE id = " . intval($_REQUEST['collections_menu']);
                                         $result = run_query($sql);
                                         $row = mysql_fetch_assoc($result);
                                         $output .= "\n\t" . '<p class="actions">' . sprintf(plog_tr('Album already exists. Uploading file to existing album %s in collection %s'), '<strong>' . $_REQUEST['new_album_name'] . '</strong>', '<strong>' . $row['name'] . '</strong>') . '</p>' . "\n";
                                     } else {
                                         // Error has nothing to do with an existing album, show the returned error
                                         $album_id = '';
                                         $output .= "\n\t" . '<p class="errors">' . $result['errors'] . '</p>' . "\n";
                                     }
                                 }
                             } else {
                                 // Use an existing album
                                 $album_id = $_REQUEST['albums_menu'];
                             }
                             if ($album_id) {
                                 $result = add_picture($album_id, $_FILES['userfile']['tmp_name'], $_FILES['userfile']['name'], $_REQUEST['caption'], $_REQUEST['description']);
                                 if (!$result['errors']) {
                                     // Added uploaded image successfully
                                     $output .= "\n\t" . '<p class="success">' . $result['output'] . '</p>' . "\n";
                                 } else {
                                     // Errors adding the image, show the returned error
                                     $output .= "\n\t" . '<p class="errors">' . $result['errors'] . '</p>' . "\n";
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
 }
}
$aid = $superCage->get->getInt('aid');
/**
 * TODO: $_GET['pic_file'] cannot be cleaned sensibly with current methods available. Refactor.
 */
$matches = $superCage->get->getMatched('pic_file', '/^[0-9A-Za-z=\\+\\/]+$/');
$pic_file = base64_decode($matches[0]);
$dir_name = dirname($pic_file) . '/';
$file_name = basename($pic_file);
// Replace the windows directory separator with /
$dir_name = str_replace('\\\\', '/', $dir_name);
$dir_name = str_replace('\\', '/', $dir_name);
// Create the holder $picture_name by translating the file name.
// Translate any forbidden character into an underscore.
$source = './' . $CONFIG['fullpath'] . $dir_name . $file_name;
$file_name = CPGPluginAPI::filter('upload_file_name', $file_name);
$sane_name = replace_forbidden($file_name);
rename($source, './' . $CONFIG['fullpath'] . $dir_name . $sane_name);
$sql = "SELECT pid FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath='" . addslashes($dir_name) . "' AND filename='" . addslashes($file_name) . "' LIMIT 1";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
    $status = 'DUPE';
} elseif (($result = add_picture($aid, $dir_name, $sane_name)) === true) {
    $status = 'OK';
} else {
    $status = $result['error'];
}
if (ob_get_length()) {
    ob_end_clean();
}
echo $status;
Beispiel #7
0
 }
 if ($album_id) {
     foreach ($files as $file) {
         $file_key = md5($file);
         if (in_array($file_key, $selected)) {
             $file_name = SmartStripSlashes($file);
             // fully qualified file name
             //$fqfn = $config['basedir'].'plog-content/uploads/'.$file_name;
             $fqfn = $file;
             if (is_file($fqfn)) {
                 if (in_array($file_key, $allow_comments)) {
                     $allow_comment = 1;
                 } else {
                     $allow_comment = 0;
                 }
                 $result = add_picture($album_id, $fqfn, basename($file_name), $captions[$file_key], $descriptions[$file_key], $allow_comment);
                 if ($result['picture_id'] !== false) {
                     $imported++;
                     // Delete thumbnail file if it exists
                     $thumbpath = $config['basedir'] . 'plog-content/thumbs/uploads/import-' . substr($file_key, 0, 2) . '-' . basename($file_name);
                     if (file_exists($thumbpath) && is_readable($thumbpath)) {
                         kill_file($thumbpath);
                     }
                 }
             }
             $counter++;
         }
     }
     // Get album name for display
     $sql = "SELECT name FROM " . PLOGGER_TABLE_PREFIX . "albums WHERE id = {$album_id}";
     $result = run_query($sql);
Beispiel #8
0
 }
 // Create path for final location.
 $uploaded_pic = $dest_dir . $picture_name;
 // Form path to temporary image.
 $path_to_image = './' . $CONFIG['fullpath'] . 'edit/' . $file_set[1];
 // prevent moving the edit directory...
 if (is_dir($path_to_image)) {
     cpg_die(CRITICAL_ERROR, $lang_upload_php['failure'] . " - '{$path_to_image}'", __FILE__, __LINE__, true);
 }
 // Move the picture into its final location
 if (rename($path_to_image, $uploaded_pic)) {
     // Change file permission
     @chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
     //silence the output in case chmod is disabled
     // Create thumbnail and intermediate image and add the image into the DB
     $result = add_picture($album, $filepath, $picture_name, 0, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category, $raw_ip, $hdr_ip, $movie_wd, $movie_ht);
     if (!$result) {
         // The file could not be placed.
         $file_placement = 'no';
     } else {
         // The file was placed successfully.
         $file_placement = 'yes';
     }
 } else {
     // The file was not placed successfully.
     $file_placement = 'no';
 }
 // Time for garbage cleanup.
 // First, we delete the preview image.
 if (!strstr($preview_path, 'thumb') and file_exists($preview_path)) {
     unlink($preview_path);
Beispiel #9
0
 // Form path to temporary image.
 $path_to_image = './' . $CONFIG['fullpath'] . 'edit/' . $tempname;
 // prevent moving the edit directory...
 if (is_dir($path_to_image)) {
     echo 'error|' . $lang_upload_php['failure'] . " - '{$path_to_image}'|0";
     exit;
 }
 CPGPluginAPI::action('upload_swf_pre_move', $path_to_image);
 // Move the picture into its final location
 if (rename($path_to_image, $uploaded_pic)) {
     // Change file permission
     @chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
     //silence the output in case chmod is disabled
     $CURRENT_PIC_DATA = array();
     // Create thumbnail and intermediate image and add the image into the DB
     $result = add_picture($album, $filepath, $picture_name, 0, '', '', '', '', '', '', '', $category);
     if ($result !== true) {
         // The file could not be placed.
         $file_placement = 'no';
     } else {
         $CURRENT_PIC_DATA['url_prefix'] = 0;
         // The file was placed successfully.
         $file_placement = 'yes';
         $thumb_url = get_pic_url($CURRENT_PIC_DATA, 'thumb');
     }
 } else {
     // The file was not placed successfully.
     $file_placement = 'no';
 }
 if ($file_placement == 'yes') {
     // The previous picture was placed successfully.
Beispiel #10
0
function process_picture()
{
    global $CONFIG, $IMG_TYPES;
    global $lang_db_input_php, $lang_errors;
    $superCage = Inspekt::makeSuperCage();
    @unlink(LOGFILE);
    if (!USER_ID || !USER_CAN_UPLOAD_PICTURES) {
        simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
    }
    //$album = (int)$_GET['album'];
    $album = $superCage->get->getInt('album');
    $title = '';
    $caption = '';
    $keywords = '';
    $user1 = '';
    $user2 = '';
    $user3 = '';
    $user4 = '';
    $position = 0;
    // Check if the album id provided is valid
    if (!USER_IS_ADMIN) {
        $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}' and category = '" . (USER_ID + FIRST_USER_CAT) . "'");
        if (mysql_num_rows($result) == 0) {
            simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
        }
        $row = mysql_fetch_array($result);
        mysql_free_result($result);
        $category = $row['category'];
    } else {
        $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}'");
        if (mysql_num_rows($result) == 0) {
            simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
        }
        $row = mysql_fetch_array($result);
        mysql_free_result($result);
        $category = $row['category'];
    }
    // Get position
    $result = cpg_db_query("SELECT position FROM {$CONFIG['TABLE_PICTURES']} WHERE aid='{$album}' order by position desc");
    if (mysql_num_rows($result) == 0) {
        $position = 100;
    } else {
        $row = mysql_fetch_array($result);
        mysql_free_result($result);
        if ($row['position']) {
            $position = $row['position'];
            $position++;
        }
    }
    // Test if the filename of the temporary uploaded picture is empty
    //  if ($_FILES['userpicture']['tmp_name'] == '') simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__);
    if ($superCage->files->getRaw('/userpicture/tmp_name') == '') {
        simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__);
    }
    // Create destination directory for pictures
    if (USER_ID && $CONFIG['silly_safe_mode'] != 1) {
        if (USER_IS_ADMIN && $category != USER_ID + FIRST_USER_CAT) {
            $filepath = 'wpw-' . date("Ymd");
        } else {
            $filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT);
        }
        $dest_dir = $CONFIG['fullpath'] . $filepath;
        if (!is_dir($dest_dir)) {
            mkdir($dest_dir, octdec($CONFIG['default_dir_mode']));
            if (!is_dir($dest_dir)) {
                simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true);
            }
            chmod($dest_dir, octdec($CONFIG['default_dir_mode']));
            $fp = fopen($dest_dir . '/index.php', 'w');
            fwrite($fp, ' ');
            fclose($fp);
        }
        $dest_dir .= '/';
        $filepath .= '/';
    } else {
        $filepath = $CONFIG['userpics'];
        $dest_dir = $CONFIG['fullpath'] . $filepath;
    }
    // Check that target dir is writable
    if (!is_writable($dest_dir)) {
        simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true);
    }
    $matches = array();
    //if (get_magic_quotes_gpc()) $_FILES['userpicture']['name'] = stripslashes($_FILES['userpicture']['name']);
    //using getRaw as it will be sanitized in the code below in the preg_match. {SaWey}
    $filename = $superCage->files->getRaw('/userpicture/name');
    if (get_magic_quotes_gpc()) {
        $filename = stripslashes($filename);
    }
    // Replace forbidden chars with underscores
    //$picture_name = replace_forbidden($_FILES['userpicture']['name']);
    $picture_name = replace_forbidden($filename);
    // Check that the file uploaded has a valid extension
    if (!preg_match("/(.+)\\.(.*?)\\Z/", $picture_name, $matches)) {
        $matches[1] = 'invalid_fname';
        $matches[2] = 'xxx';
    }
    if ($matches[2] == '' || !is_known_filetype($matches)) {
        simple_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__);
    }
    // Create a unique name for the uploaded file
    $nr = 0;
    $picture_name = $matches[1] . '.' . $matches[2];
    while (file_exists($dest_dir . $picture_name)) {
        $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
    }
    $uploaded_pic = $dest_dir . $picture_name;
    // Move the picture into its final location
    if (!move_uploaded_file($superCage->files->getRaw('/userpicture/tmp_name'), $uploaded_pic)) {
        simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true);
    }
    // Change file permission
    chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
    // Check file size. Delete if it is excessive.
    if (filesize($uploaded_pic) > $CONFIG['max_upl_size'] << 10) {
        @unlink($uploaded_pic);
        simple_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__);
    } elseif (is_image($picture_name)) {
        // Get picture information
        $imginfo = getimagesize($uploaded_pic);
        // cpg_getimagesize does not recognize the file as a picture
        if ($imginfo == null) {
            @unlink($uploaded_pic);
            simple_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true);
        }
        // JPEG and PNG only are allowed with GD
        //if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) {
        if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && $CONFIG['GIF_support'] == 0) {
            @unlink($uploaded_pic);
            simple_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true);
        }
        // Check that picture size (in pixels) is lower than the maximum allowed
        if (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) {
            if (USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) {
                //resize_image($uploaded_pic, $uploaded_pic, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $imginfo[0] > $CONFIG['max_upl_width_height'] ? 'wd' : 'ht');
                resize_image($uploaded_pic, $uploaded_pic, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $CONFIG['thumb_use']);
            } else {
                @unlink($uploaded_pic);
                simple_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__);
            }
        }
    }
    // Create thumbnail and internediate image and add the image into the DB
    $result = add_picture($album, $filepath, $picture_name, $position, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category);
    if ($result !== true) {
        @unlink($uploaded_pic);
        simple_die(CRITICAL_ERROR, isset($result['error']) ? $result['error'] : sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true);
    } else {
        echo "SUCCESS";
        exit;
    }
}
Beispiel #11
0
            @unlink($path_to_image);
            // The file upload has failed -- the image dimensions exceed the allowed amount.
            $file_failure_array[] = array('failure_ordinal' => $failure_ordinal, 'file_name' => $file_name, 'error_code' => $lang_upload_php['pixel_allowance']);
            $_SESSION['fileUpload'][$counter]['error'] = $lang_upload_php['pixel_allowance'];
            $_SESSION['fileUpload'][$counter]['actualName'] = $file_name;
            // There is no need for further tests or action, so skip the remainder of the iteration.
            continue;
        }
    }
    // Image is ok
}
$aid = (int) $_POST['aid'];
$title = empty($_POST['title']) ? '' : $_POST['title'];
$caption = empty($_POST['description']) ? '' : $_POST['description'];
$keywords = empty($_POST['keywords']) ? '' : $_POST['keywords'];
$user1 = '';
$user2 = '';
$user3 = '';
$user4 = '';
$raw_ip = '';
$hdr_ip = '';
$result = add_picture($aid, $filepath, $uniqueName, 0, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category, $raw_ip, $hdr_ip);
if ($result) {
    print '<?xml version="1.0" encoding="' . $CONFIG['charset'] . '" ?>
<uploader>
  <status>ok</status>
  <pid>' . $result . '</pid>
</uploader>';
} else {
    cpg_die(17);
}
Beispiel #12
0
// Create path for final location.
$uploaded_pic = $dest_dir . $picture_name;
// Form path to temporary image.
$path_to_image = './' . $CONFIG['fullpath'] . 'edit/' . $tempname;
// prevent moving the edit directory...
if (is_dir($path_to_image)) {
    errorOut($lang_upload_php['failure'] . " - '{$path_to_image}'", 0, __FILE__, __LINE__);
}
// Move the picture into its final location
if (rename($path_to_image, $uploaded_pic)) {
    // Change file permission
    @chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
    //silence the output in case chmod is disabled
    $CURRENT_PIC_DATA = array();
    // Create thumbnail and intermediate image and add the image into the DB
    $result = add_picture($album, $filepath, $picture_name, 0, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category);
    if ($result !== true) {
        // The file could not be placed.
        $file_placement = 'no';
    } else {
        $CURRENT_PIC_DATA['url_prefix'] = 0;
        // The file was placed successfully.
        $file_placement = 'yes';
        $thumb_url = get_pic_url($CURRENT_PIC_DATA, 'thumb');
    }
} else {
    // The file was not placed successfully.
    $file_placement = 'no';
}
if ($file_placement == 'yes') {
    // The previous picture was placed successfully.
Beispiel #13
0
                    $output .= '<p class="errors">' . plog_tr('File does not exist!') . '</p>';
                } else {
                    if (!isset($_REQUEST["destination_radio"])) {
                        $output .= '<p class="errors">' . plog_tr('No destination album specified!') . '</p>';
                    } else {
                        if ($_REQUEST["destination_radio"] == "new" && $_REQUEST["new_album_name"] == "") {
                            $output .= '<p class="errors">' . plog_tr('New album name not specified!') . '</p>';
                        } else {
                            if ($_REQUEST["destination_radio"] == "new") {
                                // Create the new album
                                $result = add_album(mysql_escape_string($_REQUEST["new_album_name"]), NULL, $_REQUEST["collections_menu"]);
                                $album_id = $result["id"];
                            } else {
                                $album_id = $_REQUEST["albums_menu"];
                            }
                            $result = add_picture($album_id, $_FILES["userfile"]["tmp_name"], $_FILES["userfile"]["name"], $_REQUEST["caption"], $_REQUEST["description"]);
                            $output .= '<p class="actions">' . $result["output"] . '</p>';
                        }
                    }
                }
            }
        }
    }
}
$output .= '
	<h1>' . plog_tr('Upload Photos') . '</h1>
	<form id="uploadForm" action="' . $_SERVER["PHP_SELF"] . '" method="post" enctype="multipart/form-data">
	<table><tr><td valign="top" style="padding-right: 20px">
	<div class="cssbox">  
		<div class="cssbox_head"><h2>' . plog_tr('Choose an Image or ZIP Archive') . '</h2></div>  
		<div class="cssbox_body"><p>
Beispiel #14
0
            $max = $CONFIG['max_upl_width_height'];
        }
        // Setup a textual watermark ?
        if ($CONFIG['watermark']) {
            $tolocal = L10NTime::tolocal(time(), $userinfo['user_dst'], $userinfo['user_timezone']);
            $watermark = '(c)' . date('Y', $tolocal) . ' ' . CPG_USERNAME . ' & ' . (!empty($MAIN_CFG['server']['domain']) ? $MAIN_CFG['server']['domain'] : $MAIN_CFG['global']['sitename']);
        } else {
            $watermark = false;
        }
        // Create the "big" image
        if (!resize_image($tmpfile, $imginfo, $uploaded_pic, $max, $CONFIG['thumb_method'], '', $watermark)) {
            unlink($tmpfile);
            cpg_die(_ERROR, $ERROR, __FILE__, __LINE__);
        }
        // Create thumbnail and intermediate image and add the image into the DB
        if (!add_picture($album, $dest_dir, basename($uploaded_pic), $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category, $watermark, $tmpfile)) {
            unlink($uploaded_pic);
            unlink($tmpfile);
            cpg_die(_CRITICAL_ERROR, sprintf(ERR_INSERT_PIC, $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true);
        }
        unlink($tmpfile);
        $redirect = $PIC_NEED_APPROVAL ? URL::index() : URL::index("&amp;file=displayimage&amp;pid=" . $db->sql_nextid('pid'));
        pageheader(INFO, $redirect);
        msg_box(INFO, UPLOAD_SUCCESS, CONTINU, $redirect);
        pagefooter();
        break;
        // Unknown event
    // Unknown event
    default:
        cpg_die(_CRITICAL_ERROR, $_GET['event'] . PARAM_MISSING, __FILE__, __LINE__);
}
function process_picture()
{
    global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_POST_FILES, $CONFIG, $IMG_TYPES;
    global $lang_db_input_php, $lang_errors;
    @unlink(LOGFILE);
    if (!USER_ID || !USER_CAN_UPLOAD_PICTURES) {
        simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
    }
    $album = (int) $HTTP_GET_VARS['album'];
    $title = $HTTP_POST_VARS['title'];
    $caption = $HTTP_POST_VARS['caption'];
    $keywords = $HTTP_POST_VARS['keywords'];
    $user1 = '';
    $user2 = '';
    $user3 = '';
    $user4 = '';
    // Check if the album id provided is valid
    if (!USER_IS_ADMIN) {
        $result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}' and category = '" . (USER_ID + FIRST_USER_CAT) . "'");
        if (mysql_num_rows($result) == 0) {
            simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
        }
        $row = mysql_fetch_array($result);
        mysql_free_result($result);
        $category = $row['category'];
    } else {
        $result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}'");
        if (mysql_num_rows($result) == 0) {
            simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
        }
        $row = mysql_fetch_array($result);
        mysql_free_result($result);
        $category = $row['category'];
    }
    // Test if the filename of the temporary uploaded picture is empty
    if ($HTTP_POST_FILES['userpicture']['tmp_name'] == '') {
        simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__);
    }
    // Create destination directory for pictures
    if (USER_ID && !defined('SILLY_SAFE_MODE')) {
        if (USER_IS_ADMIN && $category != USER_ID + FIRST_USER_CAT) {
            $filepath = 'wpw-' . date("Ymd");
        } else {
            $filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT);
        }
        $dest_dir = $CONFIG['fullpath'] . $filepath;
        if (!is_dir($dest_dir)) {
            mkdir($dest_dir, octdec($CONFIG['default_dir_mode']));
            if (!is_dir($dest_dir)) {
                simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true);
            }
            chmod($dest_dir, octdec($CONFIG['default_dir_mode']));
            $fp = fopen($dest_dir . '/index.html', 'w');
            fwrite($fp, ' ');
            fclose($fp);
        }
        $dest_dir .= '/';
        $filepath .= '/';
    } else {
        $filepath = $CONFIG['userpics'];
        $dest_dir = $CONFIG['fullpath'] . $filepath;
    }
    // Check that target dir is writable
    if (!is_writable($dest_dir)) {
        simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true);
    }
    $matches = array();
    if (get_magic_quotes_gpc()) {
        $HTTP_POST_FILES['userpicture']['name'] = stripslashes($HTTP_POST_FILES['userpicture']['name']);
    }
    // Replace forbidden chars with underscores
    $forbidden_chars = strtr($CONFIG['forbiden_fname_char'], array('&amp;' => '&', '&quot;' => '"', '&lt;' => '<', '&gt;' => '>'));
    $picture_name = strtr($HTTP_POST_FILES['userpicture']['name'], $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char'])));
    // Check that the file uploaded has a valid extension
    if (!preg_match("/(.+)\\.(.*?)\\Z/", $picture_name, $matches)) {
        $matches[1] = 'invalid_fname';
        $matches[2] = 'xxx';
    }
    if ($matches[2] == '' || !is_known_filetype($matches)) {
        simple_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__);
    }
    // Create a unique name for the uploaded file
    $nr = 0;
    $picture_name = $matches[1] . '.' . $matches[2];
    while (file_exists($dest_dir . $picture_name)) {
        $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
    }
    $uploaded_pic = $dest_dir . $picture_name;
    // Move the picture into its final location
    if (!move_uploaded_file($HTTP_POST_FILES['userpicture']['tmp_name'], $uploaded_pic)) {
        simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true);
    }
    // Change file permission
    chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
    // Check file size. Delete if it is excessive.
    if (filesize($uploaded_pic) > $CONFIG['max_upl_size'] << 10) {
        @unlink($uploaded_pic);
        simple_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__);
    } elseif (is_image($picture_name)) {
        // Get picture information
        $imginfo = getimagesize($uploaded_pic);
        // getimagesize does not recognize the file as a picture
        if ($imginfo == null) {
            @unlink($uploaded_pic);
            simple_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true);
        }
        // JPEG and PNG only are allowed with GD
        if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) {
            @unlink($uploaded_pic);
            simple_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true);
        }
        // Check that picture size (in pixels) is lower than the maximum allowed
        if (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) {
            @unlink($uploaded_pic);
            simple_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__);
        }
    }
    // Create thumbnail and internediate image and add the image into the DB
    $result = add_picture($album, $filepath, $picture_name, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category);
    if (!$result) {
        @unlink($uploaded_pic);
        simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true);
    } else {
        echo "SUCCESS";
        exit;
    }
}
Beispiel #16
0
     $imginfo = cpg_getimagesize($uploaded_pic);
     if ($imginfo == null) {
         // getimagesize does not recognize the file as a picture
         @unlink($uploaded_pic);
         cpg_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true);
     } elseif ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && $CONFIG['GIF_support'] == 0) {
         // JPEG and PNG only are allowed with GD
         @unlink($uploaded_pic);
         cpg_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true);
         // Check that picture size (in pixels) is lower than the maximum allowed
     }
     // Image is ok
 }
 // Upload is ok
 // Create thumbnail and internediate image and add the image into the DB
 $result = add_picture($album, $filepath, $picture_name, 0, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category, $raw_ip, $hdr_ip, $superCage->post->getInt('width'), $superCage->post->getInt('height'));
 if ($result !== true) {
     @unlink($uploaded_pic);
     cpg_die(CRITICAL_ERROR, isset($result['error']) ? $result['error'] : sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true);
 } elseif ($PIC_NEED_APPROVAL) {
     pageheader($lang_common['information']);
     msg_box($lang_common['information'], $lang_db_input_php['upload_success'], $lang_common['continue'], 'index.php');
     if ($CONFIG['upl_notify_admin_email']) {
         include_once 'include/mailer.inc.php';
         cpg_mail('admin', sprintf($lang_db_input_php['notify_admin_email_subject'], $CONFIG['gallery_name']), make_clickable(sprintf($lang_db_input_php['notify_admin_email_body'], USER_NAME, $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . 'editpics.php?mode=upload_approval')));
     }
     pagefooter();
 } else {
     if (cpg_pw_protected_album_access($CURRENT_PIC_DATA['aid']) === 1) {
         $redirect = "thumbnails.php?album=" . $CURRENT_PIC_DATA['aid'];
     } else {
Beispiel #17
0
function addpic($aid, $pic_file)
{
    global $CONFIG, $db_query_wrapper, $lang_plugin_mass_import, $output_array, $mass_import_icon_array;
    $pic_file = str_replace('./' . $CONFIG['fullpath'], '', $pic_file);
    $dir_name = dirname($pic_file) . "/";
    $dir_name = substr($dir_name, 0, 1) == "/" ? substr($dir_name, 1) : $dir_name;
    $file_name = basename($pic_file);
    $sane_name = str_replace('%20', '_', $file_name);
    $sane_name = preg_replace('/[^a-zA-Z0-9\\.\\-_]/', '_', $sane_name);
    $sane_name = preg_replace('/[^a-zA-Z0-9\\.\\-_]/', '_', $sane_name);
    while (strpos($sane_name, '__') !== FALSE) {
        $sane_name = str_replace('__', '_', $sane_name);
    }
    $c = 0;
    $sane_name2 = $sane_name;
    $sql = "SELECT pid " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE filepath='" . addslashes($dir_name) . "' AND filename='" . addslashes($sane_name) . "' " . "LIMIT 1";
    $result = $db_query_wrapper($sql);
    $extra = strstr($pic_file, $sane_name) ? '' : " (as {$sane_name})";
    if (mysql_num_rows($result)) {
        echo $output_array['row_start'] . $mass_import_icon_array['cancel'] . $lang_plugin_mass_import['file_already_in_database'] . ': ' . $output_array['row_separator'] . $pic_file . $output_array['row_end'];
    } else {
        while ($sane_name != $file_name && file_exists("./" . $CONFIG['fullpath'] . $dir_name . $sane_name)) {
            $c++;
            $sane_name = $c . '_' . $sane_name2;
        }
        $source = "./" . $CONFIG['fullpath'] . $dir_name . $file_name;
        rename($source, "./" . $CONFIG['fullpath'] . $dir_name . $sane_name);
        if (add_picture($aid, $dir_name, $sane_name, $file_name)) {
            echo $output_array['row_start'] . $mass_import_icon_array['ok'] . $lang_plugin_mass_import['file_added_to_database'] . ': ' . $output_array['row_separator'] . $pic_file . $output_array['row_end'];
        } else {
            echo $output_array['row_start'] . $mass_import_icon_array['stop'] . $lang_plugin_mass_import['failed_to_add_file_to_database'] . ': ' . $output_array['row_separator'] . $pic_file . $output_array['row_end'];
        }
    }
    flush();
}
Beispiel #18
0
if (!GALLERY_ADMIN_MODE) {
    die('Access denied');
}
/**
 * TODO: $_GET['pic_file'] cannot be cleaned sensibly with current methods available. Refactor.
 */
$pic_file = base64_decode($_GET['pic_file']);
$dir_name = dirname($pic_file) . '/';
$file_name = basename($pic_file);
# Create the holder $picture_name by translating the file name.
# Translate any forbidden character into an underscore.
$sane_name = replace_forbidden($file_name);
$source = './' . $CONFIG['fullpath'] . $dir_name . $file_name;
rename($source, './' . $CONFIG['fullpath'] . $dir_name . $sane_name);
$sql = "SELECT pid FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath='" . addslashes($dir_name) . "' AND filename='" . addslashes($file_name) . "' LIMIT 1";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
    $file_name = 'images/up_dup.gif';
} elseif (add_picture($CLEAN['aid'], $dir_name, $sane_name)) {
    $file_name = 'images/up_ok.gif';
} else {
    $file_name = 'images/up_pb.gif';
    echo $ERROR;
}
if (ob_get_length()) {
    ob_end_flush();
    exit;
}
header('Content-type: image/gif');
echo fread(fopen($file_name, 'rb'), filesize($file_name));
ob_end_flush();