/**
* Add a file to the submission queue
*
* Most of the code in this function has been lifted from the File Management
* plugin's submit.php
*
*/
function submit_file($submitter, $filename, $title, $desc, $version, $homepage, $cid = 0)
{
    global $_CONF, $_USER, $_FM_TABLES, $_FMDOWNLOAD, $filemgmt_FileStore;
    $myts = new MyTextSanitizer();
    // MyTextSanitizer object
    $name = basename($filename);
    $url = rawurlencode($name);
    $name = $myts->makeTboxData4Save($name);
    $url = $myts->makeTboxData4Save($url);
    if (DB_count($_FM_TABLES['filemgmt_filedetail'], 'url', $name) > 0) {
        COM_errorLog("FM submit_file: file '" . $name . "' already exists in DB");
        return false;
    }
    $title = $myts->makeTboxData4Save($title);
    $homepage = $myts->makeTboxData4Save($homepage);
    $version = $myts->makeTboxData4Save($version);
    $size = sprintf('%u', filesize($filename));
    $description = $myts->makeTareaData4Save($desc);
    //$comments = ($_CONF['comment_code'] == 0) ? 1 : 0;
    $comments = 0;
    // prefer no comments on Geeklog tarballs
    $date = time();
    $tmpfilename = randomfilename();
    $uploadfilename = basename($filename);
    $pos = strrpos($uploadfilename, '.') + 1;
    $fileExtension = strtolower(substr($uploadfilename, $pos));
    if (array_key_exists($fileExtension, $_FMDOWNLOAD)) {
        if ($_FMDOWNLOAD[$fileExtension] == 'reject') {
            COM_errorLog("FM submit_file: file extension '" . $fileExtension . "' not allowed.");
            return false;
        }
        $fileExtension = $_FMDOWNLOAD[$fileExtension];
        $tmpfilename = $tmpfilename . '.' . $fileExtension;
        $pos = strrpos($url, '.') + 1;
        $url = strtolower(substr($url, 0, $pos)) . $fileExtension;
    } else {
        $tmpfilename = $tmpfilename . '.' . $fileExtension;
    }
    // would have preferred rename (i.e. move), but ran into file permission
    // problems on www.geeklog.net ...
    copy($filename, $filemgmt_FileStore . 'tmp/' . $tmpfilename);
    $logourl = '';
    DB_query("INSERT INTO {$_FM_TABLES['filemgmt_filedetail']} (cid, title, url, homepage, version, size, platform, logourl, submitter, status, date, hits, rating, votes, comments) VALUES ('{$cid}', '{$title}', '{$url}', '{$homepage}', '{$version}', '{$size}', '{$tmpfilename}', '{$logourl}', '{$submitter}', 0, '{$date}', 0, 0, 0, '{$comments}')");
    $newid = DB_insertId();
    DB_query("INSERT INTO {$_FM_TABLES['filemgmt_filedesc']} (lid, description) VALUES ({$newid}, '{$description}')");
    return true;
}
$extension = pathinfo($_FILES['Filedata']['name']);
$extension = strtolower($extension[extension]);
$valid_ext_types = array('jpeg', 'jpg', 'gif', 'png');
if (!in_array($extension, $valid_ext_types)) {
    $error .= "File type does not appear to be a supported image (" . $extension . "). Please try another format.<br>";
}
if (strlen($error) == 0) {
    $uploaddir = 'storage/originals/';
    $newfilename = randomfilename() . "." . $extension;
    $uploadfile = $uploaddir . $newfilename;
    if (!move_uploaded_file($_FILES['Filedata']['tmp_name'], $uploadfile)) {
        $error .= "Could not move file into storage, please try again later.";
        log_data("ERROR: " . $error);
    } else {
        // add to db
        $userip = $_SERVER['REMOTE_ADDR'];
        list($originalwidth, $originalheight, $type, $attr) = getimagesize($uploadfile);
        $tracker = randomfilename();
        $insert_image = "INSERT INTO images (dateadded, mimetype, originalfilename, filename, filesize, description, originalip, originalwidth, originalheight, lastaccessed, tracker, mutracker) VALUES (NOW(), '" . preparedata($contenttype) . "', '" . preparedata($filename) . "', '" . preparedata($newfilename) . "', '" . preparedata($filesize) . "', '', '" . preparedata($userip) . "', '" . $originalwidth . "', '" . $originalheight . "', NOW(), '" . preparedata($tracker) . "', '" . preparedata($mutracker) . "')";
        $do_insert_image = @mysql_query($insert_image);
        $item_id = mysql_insert_id();
        if ($do_insert_image) {
            log_data("SUCCESS: Image successfully uploaded. Ref: " . $item_id);
        } else {
            log_data("ERROR: SQL INSERT FAILED - " . $insert_image);
        }
    }
} else {
    log_data("ERROR: " . $error);
}
log_data("Finished import process for " . $_FILES['Filedata']['name'] . "\n\r");
Beispiel #3
0
         } else {
             COM_errorLOG("Filemgmt submit error: Temporary file could not be created: {$tmp} to {$filemgmt_FileStore}tmp}/{$tmpfilename}");
         }
         $eh->show("1102");
     } else {
         $AddNewFile = true;
     }
 }
 // Upload New file snapshot image  - but only is file was uploaded ok
 $uploadfilename = $myts->makeTboxData4Save($_FILES['newfileshot']['name']);
 if ($uploadfilename != '' and $AddNewFile) {
     $shotname = $uploadfilename;
     $logourl = rawurlencode($shotname);
     $shotname = $myts->makeTboxData4Save($shotname);
     $logourl = $myts->makeTboxData4Save($logourl);
     $tmpshotname = randomfilename();
     $tmp = $_FILES['newfileshot']['tmp_name'];
     // temporary name of file in temporary directory on server
     $pos = strrpos($uploadfilename, '.') + 1;
     $fileExtension = strtolower(substr($uploadfilename, $pos));
     if (array_key_exists($fileExtension, $_FMDOWNLOAD)) {
         if ($_FMDOWNLOAD[$fileExtension] == 'reject') {
             COM_errorLOG("AddNewFile - New Upload file snapshot is rejected by config rule:{$uploadfilename}");
             $eh->show("1109");
         } else {
             $fileExtension = $_FMDOWNLOAD[$fileExtension];
             $tmpshotname = $tmpshotname . ".{$fileExtension}";
             /* Need to also rename the uploaded filename or URL that will be used for the approval name */
             /* Grab the filename without extension and add the mapped extension */
             $pos = strrpos($logourl, '.') + 1;
             $logourl = strtolower(substr($logourl, 0, $pos)) . $fileExtension;