function ws_images_addFlickr($photo, &$service)
{
if (!is_admin()) {
return new PwgError(403, 'Forbidden');
}
global $conf;
if (empty($conf['flickr2piwigo']['api_key']) or empty($conf['flickr2piwigo']['secret_key'])) {
return new PwgError(null, l10n('Please fill your API keys on the configuration tab'));
}
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
include_once PHPWG_ROOT_PATH . 'admin/include/functions_upload.inc.php';
include_once FLICKR_PATH . 'include/functions.inc.php';
if (test_remote_download() === false) {
return new PwgError(null, l10n('No download method available'));
}
// init flickr API
include_once FLICKR_PATH . 'include/phpFlickr/phpFlickr.php';
$flickr = new phpFlickr($conf['flickr2piwigo']['api_key'], $conf['flickr2piwigo']['secret_key']);
$flickr->enableCache('fs', FLICKR_FS_CACHE);
// user
$u = $flickr->test_login();
if ($u === false or empty($_SESSION['phpFlickr_auth_token'])) {
return new PwgError(403, l10n('API not authenticated'));
}
// photos infos
$photo_f = $flickr->photos_getInfo($photo['id']);
$photo = array_merge($photo, $photo_f['photo']);
$photo['url'] = $flickr->get_biggest_size($photo['id'], 'original');
$photo['path'] = FLICKR_FS_CACHE . 'flickr-' . $u['username'] . '-' . $photo['id'] . '.' . get_extension($photo['url']);
// copy file
if (download_remote_file($photo['url'], $photo['path']) == false) {
return new PwgError(null, l10n('Can\'t download file'));
}
// category
if (!preg_match('#^[0-9]+$#', $photo['category'])) {
$categories_names = explode(',', $photo['category']);
$photo['category'] = array();
foreach ($categories_names as $category_name) {
$query = '
SELECT id FROM ' . CATEGORIES_TABLE . '
WHERE LOWER(name) = "' . strtolower($category_name) . '"
;';
$result = pwg_query($query);
if (pwg_db_num_rows($result)) {
list($cat_id) = pwg_db_fetch_row($result);
$photo['category'][] = $cat_id;
} else {
$cat = create_virtual_category($category_name);
$photo['category'][] = $cat['id'];
}
}
} else {
$photo['category'] = array($photo['category']);
}
// add photo
$photo['image_id'] = add_uploaded_file($photo['path'], basename($photo['path']), $photo['category']);
// do some updates
if (!empty($photo['fills'])) {
$photo['fills'] = rtrim($photo['fills'], ',');
$photo['fills'] = explode(',', $photo['fills']);
$updates = array();
if (in_array('fill_name', $photo['fills'])) {
$updates['name'] = pwg_db_real_escape_string($photo['title']);
}
if (in_array('fill_posted', $photo['fills'])) {
$updates['date_available'] = date('Y-m-d H:i:s', $photo['dates']['posted']);
}
if (in_array('fill_taken', $photo['fills'])) {
$updates['date_creation'] = $photo['dates']['taken'];
}
if (in_array('fill_author', $photo['fills'])) {
$updates['author'] = pwg_db_real_escape_string($photo['owner']['username']);
}
if (in_array('fill_description', $photo['fills'])) {
$updates['comment'] = pwg_db_real_escape_string(@$photo['description']);
}
if (in_array('fill_geotag', $photo['fills']) and !empty($photo['location'])) {
$updates['latitude'] = pwg_db_real_escape_string($photo['location']['latitude']);
$updates['longitude'] = pwg_db_real_escape_string($photo['location']['longitude']);
}
if (in_array('level', $photo['fills']) && !$photo['visibility']['ispublic']) {
$updates['level'] = 8;
if ($photo['visibility']['isfamily']) {
$updates['level'] = 4;
}
if ($photo['visibility']['isfriend']) {
$updates['level'] = 2;
}
}
if (count($updates)) {
single_update(IMAGES_TABLE, $updates, array('id' => $photo['image_id']));
}
if (!empty($photo['tags']['tag']) and in_array('fill_tags', $photo['fills'])) {
$raw_tags = array_map(create_function('$t', 'return $t["_content"];'), $photo['tags']['tag']);
$raw_tags = implode(',', $raw_tags);
set_tags(get_tag_ids($raw_tags), $photo['image_id']);
}
}
return l10n('Photo "%s" imported', $photo['title']);
}
/**
* Returns the number of available tags for the connected user.
*
* @return int
*/
function get_nb_available_tags()
{
global $user;
if (!isset($user['nb_available_tags'])) {
$user['nb_available_tags'] = count(get_available_tags());
single_update(USER_CACHE_TABLE, array('nb_available_tags' => $user['nb_available_tags']), array('user_id' => $user['id']));
}
return $user['nb_available_tags'];
}
function ws_extref_categories_set($params, &$service)
{
// does the category really exist?
$query = '
SELECT COUNT(*)
FROM ' . CATEGORIES_TABLE . '
WHERE id = ' . $params['category_id'] . '
;';
list($count) = pwg_db_fetch_row(pwg_query($query));
if ($count == 0) {
return new PwgError(404, 'category_id not found');
}
single_update(CATEGORIES_TABLE, array('external_reference' => $params['external_reference']), array('id' => $params['category_id']));
return true;
}
function update_user($username, $id)
{
$up = new Ldap();
$up->load_config();
$up->ldap_conn() or error_log("Unable to connect LDAP server : " . $up->getErrorString());
// update user piwigo rights / access according to ldap. Only if it's webmaster / admin, so no normal !
if ($up->ldap_status($username) != 'normal') {
single_update(USER_INFOS_TABLE, array('status' => $up->ldap_status($username)), array('user_id' => $id));
}
// search groups
$group_query = 'SELECT name, id FROM ' . GROUPS_TABLE . ';';
$result = pwg_query($group_query);
$inserts = array();
while ($row = pwg_db_fetch_assoc($result)) {
if ($up->user_membership($username, $up->ldap_group($row['name']))) {
$inserts[] = array('user_id' => $id, 'group_id' => $row['id']);
}
}
if (count($inserts) > 0) {
mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts, array('ignore' => true));
}
}
function ws_pfemail_mailbox_save($params, &$service)
{
$mailbox = array();
if (isset($params['id']) and !empty($params['id'])) {
// we are edition mode
$query = '
SELECT *
FROM ' . PFEMAIL_MAILBOXES_TABLE . '
WHERE id = ' . $params['id'] . '
;';
$mailboxes = query2array($query, 'id');
if (!isset($mailboxes[$params['id']])) {
return new PwgError(404, 'id not found');
}
$mailbox = $mailboxes[$params['id']];
}
$mailbox['path'] = $params['path'];
$mailbox['login'] = $params['login'];
$mailbox['password'] = $params['password'];
$mailbox['category_id'] = $params['category_id'];
$mailbox['moderated'] = $params['moderated'] ? 'true' : 'false';
if (isset($mailbox['id'])) {
single_update(PFEMAIL_MAILBOXES_TABLE, $mailbox, array('id' => $params['id']));
} else {
single_insert(PFEMAIL_MAILBOXES_TABLE, $mailbox);
$mailbox['id'] = pwg_db_insert_id(PFEMAIL_MAILBOXES_TABLE);
}
return $mailbox;
}
/**
* register page
*/
function oauth_begin_register()
{
global $conf, $template, $hybridauth_conf, $page, $user;
if ($hybridauth_conf['enabled'] == 0) {
return;
}
// coming from identification page
if (pwg_get_session_var('oauth_new_user') != null) {
list($provider, $user_identifier) = pwg_get_session_var('oauth_new_user');
try {
if ($provider == 'Persona') {
$template->assign('OAUTH_USER', array('provider' => 'Persona', 'username' => $user_identifier, 'u_profile' => null, 'avatar' => null));
oauth_assign_template_vars();
$template->append('OAUTH', array('persona_email' => $user_identifier), true);
$conf['oauth']['include_common_template'] = true;
} else {
require_once OAUTH_PATH . 'include/hybridauth/Hybrid/Auth.php';
$hybridauth = new Hybrid_Auth($hybridauth_conf);
$adapter = $hybridauth->authenticate($provider);
$remote_user = $adapter->getUserProfile();
// security, check remote identifier
if ($remote_user->identifier != $user_identifier) {
pwg_unset_session_var('oauth_new_user');
throw new Exception('Hacking attempt!', 403);
}
$template->assign('OAUTH_USER', array('provider' => $hybridauth_conf['providers'][$provider]['name'], 'username' => $remote_user->displayName, 'u_profile' => $remote_user->profileURL, 'avatar' => $remote_user->photoURL));
}
$oauth_id = pwg_db_real_escape_string($provider . '---' . $user_identifier);
$page['infos'][] = l10n('Your registration is almost done, please complete the registration form.');
// register form submited
if (isset($_POST['submit'])) {
$user_id = register_user($_POST['login'], hash('sha1', $oauth_id . $conf['secret_key']), $_POST['mail_address'], true, $page['errors'], false);
if ($user_id !== false) {
pwg_unset_session_var('oauth_new_user');
// update oauth field
single_update(USER_INFOS_TABLE, array('oauth_id' => $oauth_id), array('user_id' => $user_id));
// log_user and redirect
log_user($user_id, false);
redirect('profile.php');
}
unset($_POST['submit']);
} else {
if (isset($_POST['login']) && $conf['oauth']['allow_merge_accounts']) {
if ($conf['insensitive_case_logon'] == true) {
$_POST['username'] = search_case_username($_POST['username']);
}
$user_id = get_userid($_POST['username']);
if ($user_id === false) {
$page['errors'][] = l10n('Invalid username or email');
} else {
if ($user_id == $conf['webmaster_id']) {
$page['errors'][] = l10n('For security reason, the main webmaster account can\'t be merged with a remote account, but you can use another webmaster account.');
} else {
if (pwg_login(false, $_POST['username'], $_POST['password'], false)) {
// update oauth field
single_update(USER_INFOS_TABLE, array('oauth_id' => $oauth_id), array('user_id' => $user['id']));
pwg_unset_session_var('oauth_new_user');
redirect('profile.php');
} else {
$page['errors'][] = l10n('Invalid password!');
}
}
}
}
}
// overwrite fields with remote datas
if ($provider == 'Persona') {
$_POST['login'] = '';
$_POST['mail_address'] = $user_identifier;
} else {
$_POST['login'] = $remote_user->displayName;
$_POST['mail_address'] = $remote_user->email;
}
// template
$template->assign('OAUTH_PATH', OAUTH_PATH);
if ($conf['oauth']['allow_merge_accounts']) {
$template->assign('OAUTH_LOGIN_IN_REGISTER', true);
$template->set_prefilter('register', 'oauth_add_login_in_register');
} else {
$template->set_prefilter('register', 'oauth_add_profile_prefilter');
$template->set_prefilter('register', 'oauth_remove_password_fields_prefilter');
}
} catch (Exception $e) {
$page['errors'][] = l10n('An error occured, please contact the gallery owner. <i>Error code : %s</i>', $e->getCode());
}
} else {
if ($conf['oauth']['display_register']) {
oauth_assign_template_vars(get_gallery_home_url());
$template->set_prefilter('register', 'oauth_add_buttons_prefilter');
}
}
}
$data['id'] = $_GET['image_id'];
$data['name'] = $_POST['name'];
$data['author'] = $_POST['author'];
$data['level'] = $_POST['level'];
if ($conf['allow_html_descriptions']) {
$data['comment'] = @$_POST['description'];
} else {
$data['comment'] = strip_tags(@$_POST['description']);
}
if (!empty($_POST['date_creation'])) {
$data['date_creation'] = $_POST['date_creation'];
} else {
$data['date_creation'] = null;
}
$data = trigger_change('picture_modify_before_update', $data);
single_update(IMAGES_TABLE, $data, array('id' => $data['id']));
// time to deal with tags
$tag_ids = array();
if (!empty($_POST['tags'])) {
$tag_ids = get_tag_ids($_POST['tags']);
}
set_tags($tag_ids, $_GET['image_id']);
// association to albums
if (!isset($_POST['associate'])) {
$_POST['associate'] = array();
}
check_input_parameter('associate', $_POST, true, PATTERN_ID);
move_images_to_categories(array($_GET['image_id']), $_POST['associate']);
invalidate_user_cache();
// thumbnail for albums
if (!isset($_POST['represent'])) {
// +-----------------------------------------------------------------------+
// | Check Access and exit when user status is not ok |
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
trigger_notify('loc_begin_cat_modify');
//---------------------------------------------------------------- verification
if (!isset($_GET['cat_id']) || !is_numeric($_GET['cat_id'])) {
trigger_error('missing cat_id param', E_USER_ERROR);
}
//--------------------------------------------------------- form criteria check
if (isset($_POST['submit'])) {
$data = array('id' => $_GET['cat_id'], 'name' => @$_POST['name'], 'comment' => $conf['allow_html_descriptions'] ? @$_POST['comment'] : strip_tags(@$_POST['comment']));
if ($conf['activate_comments']) {
$data['commentable'] = isset($_POST['commentable']) ? $_POST['commentable'] : 'false';
}
single_update(CATEGORIES_TABLE, $data, array('id' => $data['id']));
if (isset($_POST['apply_commentable_on_sub'])) {
$subcats = get_subcat_ids(array('id' => $data['id']));
$query = '
UPDATE ' . CATEGORIES_TABLE . '
SET commentable = \'' . $data['commentable'] . '\'
WHERE id IN (' . implode(',', $subcats) . ')
;';
pwg_query($query);
}
// retrieve cat infos before continuing (following updates are expensive)
$cat_info = get_cat_info($_GET['cat_id']);
if ($_POST['visible'] == 'true_sub') {
set_cat_visible(array($_GET['cat_id']), true, true);
} elseif ($cat_info['visible'] != get_boolean($_POST['visible'])) {
set_cat_visible(array($_GET['cat_id']), $_POST['visible']);
function ws_images_addRemote($params, &$service)
{
global $conf;
if (!is_admin()) {
return new PwgError(401, 'Access denied');
}
load_language('plugin.lang', URLUPLOADER_PATH);
$params = array_map('trim', $params);
$allowed_extensions = array('jpg', 'jpeg', 'png', 'gif');
$allowed_mimes = array('image/jpeg', 'image/png', 'image/gif');
// check empty url
if (empty($params['file_url'])) {
return new PwgError(WS_ERR_INVALID_PARAM, l10n('File URL is empty'));
}
// check remote url
if (!url_is_remote($params['file_url'])) {
return new PwgError(WS_ERR_INVALID_PARAM, l10n('Invalid file URL'));
}
// check file extension
if (!in_array(strtolower(get_extension($params['file_url'])), $allowed_extensions)) {
return new PwgError(WS_ERR_INVALID_PARAM, l10n('Invalid file type'));
}
// download file
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
$temp_filename = $conf['data_location'] . basename($params['file_url']);
$file = fopen($temp_filename, 'w+');
$result = fetchRemote($params['file_url'], $file);
fclose($file);
// download failed ?
if (!$result) {
@unlink($temp_filename);
return new PwgError(WS_ERR_INVALID_PARAM, l10n('Unable to download file'));
}
// check mime-type
if (!in_array(get_mime($temp_filename, $allowed_mimes[0]), $allowed_mimes)) {
@unlink($temp_filename);
return new PwgError(WS_ERR_INVALID_PARAM, l10n('Invalid file type'));
}
// add photo
include_once PHPWG_ROOT_PATH . 'admin/include/functions_upload.inc.php';
$image_id = add_uploaded_file($temp_filename, basename($temp_filename), array($params['category']), $params['level']);
$updates = array();
if (!empty($params['name'])) {
$updates['name'] = $params['name'];
}
if ($params['url_in_comment'] == 'true') {
$url = parse_url($params['file_url']);
$url = $url['scheme'] . '://' . $url['host'];
$updates['comment'] = '<a href="' . $url . '">' . $url . '</a>';
}
single_update(IMAGES_TABLE, $updates, array('id' => $image_id));
// return infos
$query = '
SELECT id, name, permalink
FROM ' . CATEGORIES_TABLE . '
WHERE id = ' . $params['category'] . '
;';
$category = pwg_db_fetch_assoc(pwg_query($query));
$url_params = array('image_id' => $image_id, 'section' => 'categories', 'category' => $category);
$query = '
SELECT id, path, name
FROM ' . IMAGES_TABLE . '
WHERE id = ' . $image_id . '
;';
$image_infos = pwg_db_fetch_assoc(pwg_query($query));
$query = '
SELECT
COUNT(*) AS nb_photos
FROM ' . IMAGE_CATEGORY_TABLE . '
WHERE category_id = ' . $params['category'] . '
;';
$category_infos = pwg_db_fetch_assoc(pwg_query($query));
$category_name = get_cat_display_name_from_id($params['category'], null);
return array('image_id' => $image_id, 'url' => make_picture_url($url_params), 'src' => DerivativeImage::thumb_url($image_infos), 'name' => $image_infos['name'], 'category' => array('id' => $params['category'], 'nb_photos' => $category_infos['nb_photos'], 'label' => $category_name));
}
function ws_pshare_share_expire($params, &$service)
{
global $conf, $user;
$query = '
SELECT *
FROM ' . PSHARE_KEYS_TABLE . '
WHERE pshare_key_id = ' . $params['id'] . '
;';
$shares = query2array($query);
if (count($shares) == 0) {
return new PwgError(404, "not found");
}
$share = $shares[0];
list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW()'));
single_update(PSHARE_KEYS_TABLE, array('expire_on' => $dbnow), array('pshare_key_id' => $params['id']));
return true;
}
/**
* API method
* Sets details of a category
* @param mixed[] $params
* @option int cat_id
* @option string name (optional)
* @option string comment (optional)
*/
function ws_categories_setInfo($params, &$service)
{
$update = array('id' => $params['category_id']);
$info_columns = array('name', 'comment');
$perform_update = false;
foreach ($info_columns as $key) {
if (isset($params[$key])) {
$perform_update = true;
$update[$key] = $params[$key];
}
}
if ($perform_update) {
single_update(CATEGORIES_TABLE, $update, array('id' => $update['id']));
}
}
function add_uploaded_file($source_filepath, $original_filename = null, $categories = null, $level = null, $image_id = null, $original_md5sum = null)
{
// 1) move uploaded file to upload/2010/01/22/20100122003814-449ada00.jpg
//
// 2) keep/resize original
//
// 3) register in database
// TODO
// * check md5sum (already exists?)
global $conf, $user;
if (isset($original_md5sum)) {
$md5sum = $original_md5sum;
} else {
$md5sum = md5_file($source_filepath);
}
$file_path = null;
$is_tiff = false;
if (isset($image_id)) {
// this photo already exists, we update it
$query = '
SELECT
path
FROM ' . IMAGES_TABLE . '
WHERE id = ' . $image_id . '
;';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
$file_path = $row['path'];
}
if (!isset($file_path)) {
die('[' . __FUNCTION__ . '] this photo does not exist in the database');
}
// delete all physical files related to the photo (thumbnail, web site, HD)
delete_element_files(array($image_id));
} else {
// this photo is new
// current date
list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();'));
list($year, $month, $day) = preg_split('/[^\\d]/', $dbnow, 4);
// upload directory hierarchy
$upload_dir = sprintf(PHPWG_ROOT_PATH . $conf['upload_dir'] . '/%s/%s/%s', $year, $month, $day);
// compute file path
$date_string = preg_replace('/[^\\d]/', '', $dbnow);
$random_string = substr($md5sum, 0, 8);
$filename_wo_ext = $date_string . '-' . $random_string;
$file_path = $upload_dir . '/' . $filename_wo_ext . '.';
list($width, $height, $type) = getimagesize($source_filepath);
if (IMAGETYPE_PNG == $type) {
$file_path .= 'png';
} elseif (IMAGETYPE_GIF == $type) {
$file_path .= 'gif';
} elseif (IMAGETYPE_TIFF_MM == $type or IMAGETYPE_TIFF_II == $type) {
$is_tiff = true;
$file_path .= 'tif';
} elseif (IMAGETYPE_JPEG == $type) {
$file_path .= 'jpg';
} elseif (isset($conf['upload_form_all_types']) and $conf['upload_form_all_types']) {
$original_extension = strtolower(get_extension($original_filename));
if (in_array($original_extension, $conf['file_ext'])) {
$file_path .= $original_extension;
} else {
die('unexpected file type');
}
} else {
die('forbidden file type');
}
prepare_directory($upload_dir);
}
if (is_uploaded_file($source_filepath)) {
move_uploaded_file($source_filepath, $file_path);
} else {
rename($source_filepath, $file_path);
}
@chmod($file_path, 0644);
if ($is_tiff and pwg_image::get_library() == 'ext_imagick') {
// move the uploaded file to pwg_representative sub-directory
$representative_file_path = dirname($file_path) . '/pwg_representative/';
$representative_file_path .= get_filename_wo_extension(basename($file_path)) . '.';
$representative_ext = $conf['tiff_representative_ext'];
$representative_file_path .= $representative_ext;
prepare_directory(dirname($representative_file_path));
$exec = $conf['ext_imagick_dir'] . 'convert';
if ('jpg' == $conf['tiff_representative_ext']) {
$exec .= ' -quality 98';
}
$exec .= ' "' . realpath($file_path) . '"';
$dest = pathinfo($representative_file_path);
$exec .= ' "' . realpath($dest['dirname']) . '/' . $dest['basename'] . '"';
$exec .= ' 2>&1';
@exec($exec, $returnarray);
// sometimes ImageMagick creates file-0.jpg (full size) + file-1.jpg
// (thumbnail). I don't know how to avoid it.
$representative_file_abspath = realpath($dest['dirname']) . '/' . $dest['basename'];
if (!file_exists($representative_file_abspath)) {
$first_file_abspath = preg_replace('/\\.' . $representative_ext . '$/', '-0.' . $representative_ext, $representative_file_abspath);
if (file_exists($first_file_abspath)) {
rename($first_file_abspath, $representative_file_abspath);
}
}
}
//
// generate pwg_representative in case of video
//
$ffmpeg_video_exts = array('wmv', 'mov', 'mkv', 'mp4', 'mpg', 'flv', 'asf', 'xvid', 'divx', 'mpeg', 'avi', 'rm');
if (isset($original_extension) and in_array($original_extension, $ffmpeg_video_exts)) {
$representative_file_path = dirname($file_path) . '/pwg_representative/';
$representative_file_path .= get_filename_wo_extension(basename($file_path)) . '.';
$representative_ext = 'jpg';
$representative_file_path .= $representative_ext;
prepare_directory(dirname($representative_file_path));
$second = 1;
$ffmpeg = $conf['ffmpeg_dir'] . 'ffmpeg';
$ffmpeg .= ' -i "' . $file_path . '"';
$ffmpeg .= ' -an -ss ' . $second;
$ffmpeg .= ' -t 1 -r 1 -y -vcodec mjpeg -f mjpeg';
$ffmpeg .= ' "' . $representative_file_path . '"';
// file_put_contents('/tmp/ffmpeg.log', "\n==== ".date('c')."\n".__FUNCTION__.' : '.$ffmpeg."\n", FILE_APPEND);
@exec($ffmpeg);
if (!file_exists($representative_file_path)) {
$representative_ext = null;
}
}
if (isset($original_extension) and 'pdf' == $original_extension and pwg_image::get_library() == 'ext_imagick') {
$representative_file_path = dirname($file_path) . '/pwg_representative/';
$representative_file_path .= get_filename_wo_extension(basename($file_path)) . '.';
$representative_ext = 'jpg';
$representative_file_path .= $representative_ext;
prepare_directory(dirname($representative_file_path));
$exec = $conf['ext_imagick_dir'] . 'convert';
$exec .= ' -quality 98';
$exec .= ' "' . realpath($file_path) . '"[0]';
$dest = pathinfo($representative_file_path);
$exec .= ' "' . realpath($dest['dirname']) . '/' . $dest['basename'] . '"';
$exec .= ' 2>&1';
@exec($exec, $returnarray);
}
if (pwg_image::get_library() != 'gd') {
if ($conf['original_resize']) {
$need_resize = need_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight']);
if ($need_resize) {
$img = new pwg_image($file_path);
$img->pwg_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight'], $conf['original_resize_quality'], $conf['upload_form_automatic_rotation'], false);
$img->destroy();
}
}
}
// we need to save the rotation angle in the database to compute
// width/height of "multisizes"
$rotation_angle = pwg_image::get_rotation_angle($file_path);
$rotation = pwg_image::get_rotation_code_from_angle($rotation_angle);
$file_infos = pwg_image_infos($file_path);
if (isset($image_id)) {
$update = array('file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation);
if (isset($level)) {
$update['level'] = $level;
}
single_update(IMAGES_TABLE, $update, array('id' => $image_id));
} else {
// database registration
$file = pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path));
$insert = array('file' => $file, 'name' => get_name_from_file($file), 'date_available' => $dbnow, 'path' => preg_replace('#^' . preg_quote(PHPWG_ROOT_PATH) . '#', '', $file_path), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation);
if (isset($level)) {
$insert['level'] = $level;
}
if (isset($representative_ext)) {
$insert['representative_ext'] = $representative_ext;
}
single_insert(IMAGES_TABLE, $insert);
$image_id = pwg_db_insert_id(IMAGES_TABLE);
}
if (isset($categories) and count($categories) > 0) {
associate_images_to_categories(array($image_id), $categories);
}
// update metadata from the uploaded file (exif/iptc)
if ($conf['use_exif'] and !function_exists('read_exif_data')) {
$conf['use_exif'] = false;
}
sync_metadata(array($image_id));
invalidate_user_cache();
// cache thumbnail
$query = '
SELECT
id,
path
FROM ' . IMAGES_TABLE . '
WHERE id = ' . $image_id . '
;';
$image_infos = pwg_db_fetch_assoc(pwg_query($query));
set_make_full_url();
// in case we are on uploadify.php, we have to replace the false path
$thumb_url = preg_replace('#admin/include/i#', 'i', DerivativeImage::thumb_url($image_infos));
unset_make_full_url();
fetchRemote($thumb_url, $dest);
return $image_id;
}
/**
* returns the number of available comments for the connected user
*
* @return int
*/
function get_nb_available_comments()
{
global $user;
if (!isset($user['nb_available_comments'])) {
$where = array();
if (!is_admin()) {
$where[] = 'validated=\'true\'';
}
$where[] = get_sql_condition_FandF(array('forbidden_categories' => 'category_id', 'forbidden_images' => 'ic.image_id'), '', true);
$query = '
SELECT COUNT(DISTINCT(com.id))
FROM ' . IMAGE_CATEGORY_TABLE . ' AS ic
INNER JOIN ' . COMMENTS_TABLE . ' AS com
ON ic.image_id = com.image_id
WHERE ' . implode('
AND ', $where);
list($user['nb_available_comments']) = pwg_db_fetch_row(pwg_query($query));
single_update(USER_CACHE_TABLE, array('nb_available_comments' => $user['nb_available_comments']), array('user_id' => $user['id']));
}
return $user['nb_available_comments'];
}
/**
* Create a virtual category.
*
* @param string $category_name
* @param int $parent_id
* @param array $options
* - boolean commentable
* - boolean visible
* - string status
* - string comment
* - boolean inherit
* @return array ('info', 'id') or ('error')
*/
function create_virtual_category($category_name, $parent_id = null, $options = array())
{
global $conf, $user;
// is the given category name only containing blank spaces ?
if (preg_match('/^\\s*$/', $category_name)) {
return array('error' => l10n('The name of an album must not be empty'));
}
$insert = array('name' => $category_name, 'rank' => 0, 'global_rank' => 0);
// is the album commentable?
if (isset($options['commentable']) and is_bool($options['commentable'])) {
$insert['commentable'] = $options['commentable'];
} else {
$insert['commentable'] = $conf['newcat_default_commentable'];
}
$insert['commentable'] = boolean_to_string($insert['commentable']);
// is the album temporarily locked? (only visible by administrators,
// whatever permissions) (may be overwritten if parent album is not
// visible)
if (isset($options['visible']) and is_bool($options['visible'])) {
$insert['visible'] = $options['visible'];
} else {
$insert['visible'] = $conf['newcat_default_visible'];
}
$insert['visible'] = boolean_to_string($insert['visible']);
// is the album private? (may be overwritten if parent album is private)
if (isset($options['status']) and 'private' == $options['status']) {
$insert['status'] = 'private';
} else {
$insert['status'] = $conf['newcat_default_status'];
}
// any description for this album?
if (isset($options['comment'])) {
$insert['comment'] = $conf['allow_html_descriptions'] ? $options['comment'] : strip_tags($options['comment']);
}
if (!empty($parent_id) and is_numeric($parent_id)) {
$query = '
SELECT id, uppercats, global_rank, visible, status
FROM ' . CATEGORIES_TABLE . '
WHERE id = ' . $parent_id . '
;';
$parent = pwg_db_fetch_assoc(pwg_query($query));
$insert['id_uppercat'] = $parent['id'];
$insert['global_rank'] = $parent['global_rank'] . '.' . $insert['rank'];
// at creation, must a category be visible or not ? Warning : if the
// parent category is invisible, the category is automatically create
// invisible. (invisible = locked)
if ('false' == $parent['visible']) {
$insert['visible'] = 'false';
}
// at creation, must a category be public or private ? Warning : if the
// parent category is private, the category is automatically create
// private.
if ('private' == $parent['status']) {
$insert['status'] = 'private';
}
$uppercats_prefix = $parent['uppercats'] . ',';
} else {
$uppercats_prefix = '';
}
// we have then to add the virtual category
single_insert(CATEGORIES_TABLE, $insert);
$inserted_id = pwg_db_insert_id(CATEGORIES_TABLE);
single_update(CATEGORIES_TABLE, array('uppercats' => $uppercats_prefix . $inserted_id), array('id' => $inserted_id));
update_global_rank();
if ('private' == $insert['status'] and !empty($insert['id_uppercat']) and (isset($options['inherit']) and $options['inherit'] or $conf['inheritance_by_default'])) {
$query = '
SELECT group_id
FROM ' . GROUP_ACCESS_TABLE . '
WHERE cat_id = ' . $insert['id_uppercat'] . '
;';
$granted_grps = query2array($query, null, 'group_id');
$inserts = array();
foreach ($granted_grps as $granted_grp) {
$inserts[] = array('group_id' => $granted_grp, 'cat_id' => $inserted_id);
}
mass_inserts(GROUP_ACCESS_TABLE, array('group_id', 'cat_id'), $inserts);
$query = '
SELECT user_id
FROM ' . USER_ACCESS_TABLE . '
WHERE cat_id = ' . $insert['id_uppercat'] . '
;';
$granted_users = query2array($query, null, 'user_id');
add_permission_on_category($inserted_id, array_unique(array_merge(get_admins(), array($user['id']), $granted_users)));
} elseif ('private' == $insert['status']) {
add_permission_on_category($inserted_id, array_unique(array_merge(get_admins(), array($user['id']))));
}
return array('info' => l10n('Virtual album added'), 'id' => $inserted_id);
}
/**
* API method
* Updates users
* @param mixed[] $params
* @option int[] user_id
* @option string username (optional)
* @option string password (optional)
* @option string email (optional)
* @option string status (optional)
* @option int level (optional)
* @option string language (optional)
* @option string theme (optional)
* @option int nb_image_page (optional)
* @option int recent_period (optional)
* @option bool expand (optional)
* @option bool show_nb_comments (optional)
* @option bool show_nb_hits (optional)
* @option bool enabled_high (optional)
*/
function ws_users_setInfo($params, &$service)
{
if (get_pwg_token() != $params['pwg_token']) {
return new PwgError(403, 'Invalid security token');
}
global $conf, $user;
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
$updates = $updates_infos = array();
$update_status = null;
if (count($params['user_id']) == 1) {
if (get_username($params['user_id'][0]) === false) {
return new PwgError(WS_ERR_INVALID_PARAM, 'This user does not exist.');
}
if (!empty($params['username'])) {
$user_id = get_userid($params['username']);
if ($user_id and $user_id != $params['user_id'][0]) {
return new PwgError(WS_ERR_INVALID_PARAM, l10n('this login is already used'));
}
if ($params['username'] != strip_tags($params['username'])) {
return new PwgError(WS_ERR_INVALID_PARAM, l10n('html tags are not allowed in login'));
}
$updates[$conf['user_fields']['username']] = $params['username'];
}
if (!empty($params['email'])) {
if (($error = validate_mail_address($params['user_id'][0], $params['email'])) != '') {
return new PwgError(WS_ERR_INVALID_PARAM, $error);
}
$updates[$conf['user_fields']['email']] = $params['email'];
}
if (!empty($params['password'])) {
$updates[$conf['user_fields']['password']] = $conf['password_hash']($params['password']);
}
}
if (!empty($params['status'])) {
if (in_array($params['status'], array('webmaster', 'admin')) and !is_webmaster()) {
return new PwgError(403, 'Only webmasters can grant "webmaster/admin" status');
}
if (!in_array($params['status'], array('guest', 'generic', 'normal', 'admin', 'webmaster'))) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid status');
}
$protected_users = array($user['id'], $conf['guest_id'], $conf['webmaster_id']);
// an admin can't change status of other admin/webmaster
if ('admin' == $user['status']) {
$query = '
SELECT
user_id
FROM ' . USER_INFOS_TABLE . '
WHERE status IN (\'webmaster\', \'admin\')
;';
$protected_users = array_merge($protected_users, query2array($query, null, 'user_id'));
}
// status update query is separated from the rest as not applying to the same
// set of users (current, guest and webmaster can't be changed)
$params['user_id_for_status'] = array_diff($params['user_id'], $protected_users);
$update_status = $params['status'];
}
if (!empty($params['level']) or @$params['level'] === 0) {
if (!in_array($params['level'], $conf['available_permission_levels'])) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid level');
}
$updates_infos['level'] = $params['level'];
}
if (!empty($params['language'])) {
if (!in_array($params['language'], array_keys(get_languages()))) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid language');
}
$updates_infos['language'] = $params['language'];
}
if (!empty($params['theme'])) {
if (!in_array($params['theme'], array_keys(get_pwg_themes()))) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid theme');
}
$updates_infos['theme'] = $params['theme'];
}
if (!empty($params['nb_image_page'])) {
$updates_infos['nb_image_page'] = $params['nb_image_page'];
}
if (!empty($params['recent_period']) or @$params['recent_period'] === 0) {
$updates_infos['recent_period'] = $params['recent_period'];
}
if (!empty($params['expand']) or @$params['expand'] === false) {
$updates_infos['expand'] = boolean_to_string($params['expand']);
}
if (!empty($params['show_nb_comments']) or @$params['show_nb_comments'] === false) {
$updates_infos['show_nb_comments'] = boolean_to_string($params['show_nb_comments']);
}
if (!empty($params['show_nb_hits']) or @$params['show_nb_hits'] === false) {
$updates_infos['show_nb_hits'] = boolean_to_string($params['show_nb_hits']);
}
if (!empty($params['enabled_high']) or @$params['enabled_high'] === false) {
$updates_infos['enabled_high'] = boolean_to_string($params['enabled_high']);
}
// perform updates
single_update(USERS_TABLE, $updates, array($conf['user_fields']['id'] => $params['user_id'][0]));
if (isset($update_status) and count($params['user_id_for_status']) > 0) {
$query = '
UPDATE ' . USER_INFOS_TABLE . ' SET
status = "' . $update_status . '"
WHERE user_id IN(' . implode(',', $params['user_id_for_status']) . ')
;';
pwg_query($query);
}
if (count($updates_infos) > 0) {
$query = '
UPDATE ' . USER_INFOS_TABLE . ' SET ';
$first = true;
foreach ($updates_infos as $field => $value) {
if (!$first) {
$query .= ', ';
} else {
$first = false;
}
$query .= $field . ' = "' . $value . '"';
}
$query .= '
WHERE user_id IN(' . implode(',', $params['user_id']) . ')
;';
pwg_query($query);
}
// manage association to groups
if (!empty($params['group_id'])) {
$query = '
DELETE
FROM ' . USER_GROUP_TABLE . '
WHERE user_id IN (' . implode(',', $params['user_id']) . ')
;';
pwg_query($query);
// we remove all provided groups that do not really exist
$query = '
SELECT
id
FROM ' . GROUPS_TABLE . '
WHERE id IN (' . implode(',', $params['group_id']) . ')
;';
$group_ids = array_from_query($query, 'id');
// if only -1 (a group id that can't exist) is in the list, then no
// group is associated
if (count($group_ids) > 0) {
$inserts = array();
foreach ($group_ids as $group_id) {
foreach ($params['user_id'] as $user_id) {
$inserts[] = array('user_id' => $user_id, 'group_id' => $group_id);
}
}
mass_inserts(USER_GROUP_TABLE, array_keys($inserts[0]), $inserts);
}
}
invalidate_user_cache();
return $service->invoke('pwg.users.getList', array('user_id' => $params['user_id'], 'display' => 'basics,' . implode(',', array_keys($updates_infos))));
}
/**
* API method
* Updates a group
* @param mixed[] $params
* @option int group_id
* @option string name (optional)
* @option bool is_default (optional)
*/
function ws_groups_setInfo($params, &$service)
{
if (get_pwg_token() != $params['pwg_token']) {
return new PwgError(403, 'Invalid security token');
}
$updates = array();
// does the group exist ?
$query = '
SELECT COUNT(*)
FROM ' . GROUPS_TABLE . '
WHERE id = ' . $params['group_id'] . '
;';
list($count) = pwg_db_fetch_row(pwg_query($query));
if ($count == 0) {
return new PwgError(WS_ERR_INVALID_PARAM, 'This group does not exist.');
}
if (!empty($params['name'])) {
$params['name'] = pwg_db_real_escape_string($params['name']);
// is the name not already used ?
$query = '
SELECT COUNT(*)
FROM ' . GROUPS_TABLE . '
WHERE name = \'' . $params['name'] . '\'
;';
list($count) = pwg_db_fetch_row(pwg_query($query));
if ($count != 0) {
return new PwgError(WS_ERR_INVALID_PARAM, 'This name is already used by another group.');
}
$updates['name'] = $params['name'];
}
if (!empty($params['is_default']) or @$params['is_default'] === false) {
$updates['is_default'] = boolean_to_string($params['is_default']);
}
single_update(GROUPS_TABLE, $updates, array('id' => $params['group_id']));
return $service->invoke('pwg.groups.getList', array('group_id' => $params['group_id']));
}
/**
* API method
* Sets details of an image
* @param mixed[] $params
* @option int image_id
* @option string file (optional)
* @option string name (optional)
* @option string author (optional)
* @option string date_creation (optional)
* @option string comment (optional)
* @option string categories (optional) - "cat_id[,rank];cat_id[,rank]"
* @option string tags_ids (optional) - "tag_id,tag_id"
* @option int level (optional)
* @option string single_value_mode
* @option string multiple_value_mode
*/
function ws_images_setInfo($params, $service)
{
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
$query = '
SELECT *
FROM ' . IMAGES_TABLE . '
WHERE id = ' . $params['image_id'] . '
;';
$result = pwg_query($query);
if (pwg_db_num_rows($result) == 0) {
return new PwgError(404, 'image_id not found');
}
$image_row = pwg_db_fetch_assoc($result);
// database registration
$update = array();
$info_columns = array('name', 'author', 'comment', 'level', 'date_creation');
foreach ($info_columns as $key) {
if (isset($params[$key])) {
if ('fill_if_empty' == $params['single_value_mode']) {
if (empty($image_row[$key])) {
$update[$key] = $params[$key];
}
} elseif ('replace' == $params['single_value_mode']) {
$update[$key] = $params[$key];
} else {
return new PwgError(500, '[ws_images_setInfo]' . ' invalid parameter single_value_mode "' . $params['single_value_mode'] . '"' . ', possible values are {fill_if_empty, replace}.');
}
}
}
if (isset($params['file'])) {
if (!empty($image_row['storage_category_id'])) {
return new PwgError(500, '[ws_images_setInfo] updating "file" is forbidden on photos added by synchronization');
}
$update['file'] = $params['file'];
}
if (count(array_keys($update)) > 0) {
$update['id'] = $params['image_id'];
single_update(IMAGES_TABLE, $update, array('id' => $update['id']));
}
if (isset($params['categories'])) {
ws_add_image_category_relations($params['image_id'], $params['categories'], 'replace' == $params['multiple_value_mode'] ? true : false);
}
// and now, let's create tag associations
if (isset($params['tag_ids'])) {
$tag_ids = array();
foreach (explode(',', $params['tag_ids']) as $candidate) {
$candidate = trim($candidate);
if (preg_match(PATTERN_ID, $candidate)) {
$tag_ids[] = $candidate;
}
}
if ('replace' == $params['multiple_value_mode']) {
set_tags($tag_ids, $params['image_id']);
} elseif ('append' == $params['multiple_value_mode']) {
add_tags($tag_ids, array($params['image_id']));
} else {
return new PwgError(500, '[ws_images_setInfo]' . ' invalid parameter multiple_value_mode "' . $params['multiple_value_mode'] . '"' . ', possible values are {replace, append}.');
}
}
invalidate_user_cache();
}
$page['coi'] = null;
if (strpos($page['src_location'], '/pwg_representative/') === false && strpos($page['src_location'], 'themes/') === false && strpos($page['src_location'], 'plugins/') === false) {
try {
$query = '
SELECT *
FROM ' . $prefixeTable . 'images
WHERE path=\'' . addslashes($page['src_location']) . '\'
;';
if ($row = pwg_db_fetch_assoc(pwg_query($query))) {
if (isset($row['width'])) {
$page['original_size'] = array($row['width'], $row['height']);
}
$page['coi'] = $row['coi'];
if (!isset($row['rotation'])) {
$page['rotation_angle'] = pwg_image::get_rotation_angle($page['src_path']);
single_update($prefixeTable . 'images', array('rotation' => pwg_image::get_rotation_code_from_angle($page['rotation_angle'])), array('id' => $row['id']));
} else {
$page['rotation_angle'] = pwg_image::get_rotation_angle_from_code($row['rotation']);
}
}
if (!$row) {
ierror('Db file path not found', 404);
}
} catch (Exception $e) {
$logger->error($e->getMessage(), 'i.php');
}
} else {
$page['rotation_angle'] = 0;
}
pwg_db_close();
if (!try_switch_source($params, $src_mtime) && $params->type == IMG_CUSTOM) {
/**
* checks the passwords, checks that user is allowed to reset his password,
* update password, fills $page['errors'] and $page['infos'].
*
* @return bool (true if password was reset, false otherwise)
*/
function reset_password()
{
global $page, $conf;
if ($_POST['use_new_pwd'] != $_POST['passwordConf']) {
$page['errors'][] = l10n('The passwords do not match');
return false;
}
if (!isset($_GET['key'])) {
$page['errors'][] = l10n('Invalid key');
}
$user_id = check_password_reset_key($_GET['key']);
if (!is_numeric($user_id)) {
return false;
}
single_update(USERS_TABLE, array($conf['user_fields']['password'] => $conf['password_hash']($_POST['use_new_pwd'])), array($conf['user_fields']['id'] => $user_id));
single_update(USER_INFOS_TABLE, array('activation_key' => null, 'activation_key_expire' => null), array('user_id' => $user_id));
$page['infos'][] = l10n('Your password has been reset');
$page['infos'][] = '<a href="' . get_root_url() . 'identification.php">' . l10n('Login') . '</a>';
return true;
}
}
}
if ($is_plugin_installed) {
$query = '
SELECT
id,
datas
FROM ' . $plugin_table . '
WHERE path LIKE \'%plugins/PWG_Stuffs/modules/Personal%\'
;';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
$content_orig = $row['datas'];
$content_new = serialize(replace_hotlinks(unserialize($content_orig)));
if ($content_orig != $content_new) {
single_update($plugin_table, array('datas' => pwg_db_real_escape_string($content_new)), array('id' => $row['id']));
}
}
$upgrade_description .= ', PWG Stuffs';
}
$upgrade_description .= ')';
echo "\n" . $upgrade_description . "\n";
// +-----------------------------------------------------------------------+
// | Functions |
// +-----------------------------------------------------------------------+
function replace_hotlinks($string)
{
global $conf;
// websize 2.3 = medium 2.4
$string = preg_replace('#(upload/\\d{4}/\\d{2}/\\d{2}/\\d{14}-\\w{8})(\\.(jpg|png))#', 'i.php?/$1-me$2', $string);
// I've tried but I didn't find the way to do it correctly
/**
* Save category form
* @trigger loc_begin_index
*/
function admintools_save_category()
{
global $page, $conf, $MultiView;
if (!$MultiView->is_admin()) {
return;
}
if (@$_POST['action'] == 'quick_edit') {
$data = array('name' => $_POST['name']);
if ($conf['allow_html_descriptions']) {
$data['comment'] = @$_POST['comment'];
} else {
$data['comment'] = strip_tags(@$_POST['comment']);
}
single_update(CATEGORIES_TABLE, $data, array('id' => $page['category']['id']));
redirect(duplicate_index_url());
}
}
/**
* Verifies a password, with the PasswordHash class from phpass security library.
* If the hash is 'old' (assumed MD5) the hash is updated in database, used for
* migration from Piwigo 2.4.
* @since 2.5
*
* @param string $password plain text
* @param string $hash may be md5 or phpass hashed password
* @param integer $user_id only useful to update password hash from md5 to phpass
* @return bool
*/
function pwg_password_verify($password, $hash, $user_id = null)
{
global $conf, $pwg_hasher;
// If the password has not been hashed with the current algorithm.
if (strpos($hash, '$P') !== 0) {
if (!empty($conf['pass_convert'])) {
$check = $hash == $conf['pass_convert']($password);
} else {
$check = $hash == md5($password);
}
if ($check) {
if (!isset($user_id) or $conf['external_authentification']) {
return true;
}
// Rehash using new hash.
$hash = pwg_password_hash($password);
single_update(USERS_TABLE, array('password' => $hash), array('id' => $user_id));
}
}
// If the stored hash is longer than an MD5, presume the
// new style phpass portable hash.
if (empty($pwg_hasher)) {
require_once PHPWG_ROOT_PATH . 'include/passwordhash.class.php';
// We use the portable hash feature
$pwg_hasher = new PasswordHash(13, true);
}
return $pwg_hasher->CheckPassword($password, $hash);
}
function add_uploaded_file($source_filepath, $original_filename = null, $categories = null, $level = null, $image_id = null, $original_md5sum = null)
{
// 1) move uploaded file to upload/2010/01/22/20100122003814-449ada00.jpg
//
// 2) keep/resize original
//
// 3) register in database
// TODO
// * check md5sum (already exists?)
global $conf, $user;
if (isset($original_md5sum)) {
$md5sum = $original_md5sum;
} else {
$md5sum = md5_file($source_filepath);
}
$file_path = null;
$is_tiff = false;
if (isset($image_id)) {
// this photo already exists, we update it
$query = '
SELECT
path
FROM ' . IMAGES_TABLE . '
WHERE id = ' . $image_id . '
;';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
$file_path = $row['path'];
}
if (!isset($file_path)) {
die('[' . __FUNCTION__ . '] this photo does not exist in the database');
}
// delete all physical files related to the photo (thumbnail, web site, HD)
delete_element_files(array($image_id));
} else {
// this photo is new
// current date
list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();'));
list($year, $month, $day) = preg_split('/[^\\d]/', $dbnow, 4);
// upload directory hierarchy
$upload_dir = sprintf(PHPWG_ROOT_PATH . $conf['upload_dir'] . '/%s/%s/%s', $year, $month, $day);
// compute file path
$date_string = preg_replace('/[^\\d]/', '', $dbnow);
$random_string = substr($md5sum, 0, 8);
$filename_wo_ext = $date_string . '-' . $random_string;
$file_path = $upload_dir . '/' . $filename_wo_ext . '.';
list($width, $height, $type) = getimagesize($source_filepath);
if (IMAGETYPE_PNG == $type) {
$file_path .= 'png';
} elseif (IMAGETYPE_GIF == $type) {
$file_path .= 'gif';
} elseif (IMAGETYPE_TIFF_MM == $type or IMAGETYPE_TIFF_II == $type) {
$is_tiff = true;
$file_path .= 'tif';
} elseif (IMAGETYPE_JPEG == $type) {
$file_path .= 'jpg';
} elseif (isset($conf['upload_form_all_types']) and $conf['upload_form_all_types']) {
$original_extension = strtolower(get_extension($original_filename));
if (in_array($original_extension, $conf['file_ext'])) {
$file_path .= $original_extension;
} else {
die('unexpected file type');
}
} else {
die('forbidden file type');
}
prepare_directory($upload_dir);
}
if (is_uploaded_file($source_filepath)) {
move_uploaded_file($source_filepath, $file_path);
} else {
rename($source_filepath, $file_path);
}
@chmod($file_path, 0644);
// handle the uploaded file type by potentially making a
// pwg_representative file.
$representative_ext = trigger_change('upload_file', null, $file_path);
global $logger;
$logger->info("Handling " . (string) $file_path . " got " . (string) $representative_ext);
// If it is set to either true (the file didn't need a
// representative generated) or false (the generation of the
// representative failed), set it to null because we have no
// representative file.
if (is_bool($representative_ext)) {
$representative_ext = null;
}
if (pwg_image::get_library() != 'gd') {
if ($conf['original_resize']) {
$need_resize = need_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight']);
if ($need_resize) {
$img = new pwg_image($file_path);
$img->pwg_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight'], $conf['original_resize_quality'], $conf['upload_form_automatic_rotation'], false);
$img->destroy();
}
}
}
// we need to save the rotation angle in the database to compute
// width/height of "multisizes"
$rotation_angle = pwg_image::get_rotation_angle($file_path);
$rotation = pwg_image::get_rotation_code_from_angle($rotation_angle);
$file_infos = pwg_image_infos($file_path);
if (isset($image_id)) {
$update = array('file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation);
if (isset($level)) {
$update['level'] = $level;
}
single_update(IMAGES_TABLE, $update, array('id' => $image_id));
} else {
// database registration
$file = pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path));
$insert = array('file' => $file, 'name' => get_name_from_file($file), 'date_available' => $dbnow, 'path' => preg_replace('#^' . preg_quote(PHPWG_ROOT_PATH) . '#', '', $file_path), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation);
if (isset($level)) {
$insert['level'] = $level;
}
if (isset($representative_ext)) {
$insert['representative_ext'] = $representative_ext;
}
single_insert(IMAGES_TABLE, $insert);
$image_id = pwg_db_insert_id(IMAGES_TABLE);
}
if (isset($categories) and count($categories) > 0) {
associate_images_to_categories(array($image_id), $categories);
}
// update metadata from the uploaded file (exif/iptc)
if ($conf['use_exif'] and !function_exists('read_exif_data')) {
$conf['use_exif'] = false;
}
sync_metadata(array($image_id));
invalidate_user_cache();
// cache thumbnail
$query = '
SELECT
id,
path
FROM ' . IMAGES_TABLE . '
WHERE id = ' . $image_id . '
;';
$image_infos = pwg_db_fetch_assoc(pwg_query($query));
set_make_full_url();
// in case we are on uploadify.php, we have to replace the false path
$thumb_url = preg_replace('#admin/include/i#', 'i', DerivativeImage::thumb_url($image_infos));
unset_make_full_url();
fetchRemote($thumb_url, $dest);
return $image_id;
}