function upload_image($source_image, $target_name = "", $target_folder = IMAGES, $target_width = "1800", $target_height = "1600", $max_size = "150000", $delete_original = false, $thumb1 = true, $thumb2 = true, $thumb1_ratio = 0, $thumb1_folder = IMAGES, $thumb1_suffix = "_t1", $thumb1_width = "100", $thumb1_height = "100", $thumb2_ratio = 0, $thumb2_folder = IMAGES, $thumb2_suffix = "_t2", $thumb2_width = "400", $thumb2_height = "300", $query = "")
{
if (is_uploaded_file($_FILES[$source_image]['tmp_name'])) {
$image = $_FILES[$source_image];
if ($target_name != "" && !preg_match("/[^a-zA-Z0-9_-]/", $target_name)) {
$image_name = $target_name;
} else {
$image_name = stripfilename(substr($image['name'], 0, strrpos($image['name'], ".")));
}
$image_ext = strtolower(strrchr($image['name'], "."));
$image_res = @getimagesize($image['tmp_name']);
$image_info = array("image" => false, "image_name" => $image_name . $image_ext, "image_ext" => $image_ext, "image_size" => $image['size'], "image_width" => $image_res[0], "image_height" => $image_res[1], "thumb1" => false, "thumb1_name" => "", "thumb2" => false, "thumb2_name" => "", "error" => 0, "query" => $query);
if ($image_ext == ".gif") {
$filetype = 1;
} elseif ($image_ext == ".jpg") {
$filetype = 2;
} elseif ($image_ext == ".png") {
$filetype = 3;
} else {
$filetype = false;
}
if ($image['size'] > $max_size) {
// Invalid file size
$image_info['error'] = 1;
} elseif (!$filetype) {
// Unsupported image type
$image_info['error'] = 2;
} elseif ($image_res[0] > $target_width || $image_res[1] > $target_height) {
// Invalid image resolution
$image_info['error'] = 3;
} else {
$image_name_full = filename_exists($target_folder, $image_name . $image_ext);
$image_name = substr($image_name_full, 0, strrpos($image_name_full, "."));
$image_info['image_name'] = $image_name_full;
$image_info['image'] = true;
move_uploaded_file($image['tmp_name'], $target_folder . $image_name_full);
if (function_exists("chmod")) {
chmod($target_folder . $image_name_full, 0644);
}
if ($query && !dbquery($query)) {
// Invalid query string
$image_info['error'] = 4;
unlink($target_folder . $image_name_full);
} elseif ($thumb1 || $thumb2) {
require_once INCLUDES . "photo_functions_include.php";
$noThumb = false;
if ($thumb1) {
if ($image_res[0] < $thumb1_width && $image_res[1] < $thumb1_height) {
$noThumb = true;
$image_info['thumb1_name'] = $image_info['image_name'];
$image_info['thumb1'] = true;
} else {
$image_name_t1 = filename_exists($thumb1_folder, $image_name . $thumb1_suffix . $image_ext);
$image_info['thumb1_name'] = $image_name_t1;
$image_info['thumb1'] = true;
if ($thumb1_ratio == 0) {
createthumbnail($filetype, $target_folder . $image_name_full, $thumb1_folder . $image_name_t1, $thumb1_width, $thumb1_height);
} else {
createsquarethumbnail($filetype, $target_folder . $image_name_full, $thumb1_folder . $image_name_t1, $thumb1_width);
}
}
}
if ($thumb2) {
if ($image_res[0] < $thumb2_width && $image_res[1] < $thumb2_height) {
$noThumb = true;
$image_info['thumb2_name'] = $image_info['image_name'];
$image_info['thumb2'] = true;
} else {
$image_name_t2 = filename_exists($thumb2_folder, $image_name . $thumb2_suffix . $image_ext);
$image_info['thumb2_name'] = $image_name_t2;
$image_info['thumb2'] = true;
if ($thumb2_ratio == 0) {
createthumbnail($filetype, $target_folder . $image_name_full, $thumb2_folder . $image_name_t2, $thumb2_width, $thumb2_height);
} else {
createsquarethumbnail($filetype, $target_folder . $image_name_full, $thumb2_folder . $image_name_t2, $thumb2_width);
}
}
}
if ($delete_original && !$noThumb) {
unlink($target_folder . $image_name_full);
$image_info['image'] = false;
}
}
}
} else {
// Image not uploaded
$image_info = array("error" => 5);
}
return $image_info;
}
protected function verify_image_upload()
{
$locale = fusion_get_locale();
require_once INCLUDES . "infusions_include.php";
if ($this->field_config['multiple']) {
$target_folder = $this->field_config['path'];
$target_width = $this->field_config['max_width'];
$target_height = $this->field_config['max_height'];
$max_size = $this->field_config['max_byte'];
$delete_original = $this->field_config['delete_original'];
$thumb1 = $this->field_config['thumbnail'];
$thumb2 = $this->field_config['thumbnail2'];
$thumb1_ratio = 1;
$thumb1_folder = $this->field_config['path'] . $this->field_config['thumbnail_folder'] . "/";
$thumb1_suffix = $this->field_config['thumbnail_suffix'];
$thumb1_width = $this->field_config['thumbnail_w'];
$thumb1_height = $this->field_config['thumbnail_h'];
$thumb2_ratio = 0;
$thumb2_folder = $this->field_config['path'] . $this->field_config['thumbnail_folder'] . "/";
$thumb2_suffix = $this->field_config['thumbnail2_suffix'];
$thumb2_width = $this->field_config['thumbnail2_w'];
$thumb2_height = $this->field_config['thumbnail2_h'];
$query = '';
if (!empty($_FILES[$this->field_config['input_name']]['name']) && is_uploaded_file($_FILES[$this->field_config['input_name']]['tmp_name'][0]) && $this->safe()) {
$result = array();
for ($i = 0; $i <= count($_FILES[$this->field_config['input_name']]['name']) - 1; $i++) {
if (is_uploaded_file($_FILES[$this->field_config['input_name']]['tmp_name'][$i])) {
$image = $_FILES[$this->field_config['input_name']];
$target_name = $_FILES[$this->field_config['input_name']]['name'][$i];
if ($target_name != "" && !preg_match("/[^a-zA-Z0-9_-]/", $target_name)) {
$image_name = $target_name;
} else {
$image_name = stripfilename(substr($image['name'][$i], 0, strrpos($image['name'][$i], ".")));
}
$image_ext = strtolower(strrchr($image['name'][$i], "."));
$image_res = array();
if (filesize($image['tmp_name'][$i]) > 10 && @getimagesize($image['tmp_name'][$i])) {
$image_res = @getimagesize($image['tmp_name'][$i]);
}
$image_info = array("image" => FALSE, "image_name" => $image_name . $image_ext, "image_ext" => $image_ext, "image_size" => $image['size'], "image_width" => $image_res[0], "image_height" => $image_res[1], "thumb1" => FALSE, "thumb1_name" => "", "thumb2" => FALSE, "thumb2_name" => "", "error" => 0);
if ($image_ext == ".gif") {
$filetype = 1;
} elseif ($image_ext == ".jpg") {
$filetype = 2;
} elseif ($image_ext == ".png") {
$filetype = 3;
} else {
$filetype = FALSE;
}
if ($image['size'][$i] > $max_size) {
// Invalid file size
$image_info['error'] = 1;
} elseif (!$filetype || !verify_image($image['tmp_name'][$i])) {
// Unsupported image type
$image_info['error'] = 2;
} elseif ($image_res[0] > $target_width || $image_res[1] > $target_height) {
// Invalid image resolution
$image_info['error'] = 3;
} else {
if (!file_exists($target_folder)) {
mkdir($target_folder, 0755);
}
$image_name_full = filename_exists($target_folder, $image_name . $image_ext);
$image_name = substr($image_name_full, 0, strrpos($image_name_full, "."));
$image_info['image_name'] = $image_name_full;
$image_info['image'] = TRUE;
move_uploaded_file($image['tmp_name'][$i], $target_folder . $image_name_full);
if (function_exists("chmod")) {
chmod($target_folder . $image_name_full, 0755);
}
if ($query && !dbquery($query)) {
// Invalid query string
$image_info['error'] = 4;
if (file_exists($target_folder . $image_name_full)) {
@unlink($target_folder . $image_name_full);
}
} elseif ($thumb1 || $thumb2) {
require_once INCLUDES . "photo_functions_include.php";
$noThumb = FALSE;
if ($thumb1) {
if ($image_res[0] <= $thumb1_width && $image_res[1] <= $thumb1_height) {
$noThumb = TRUE;
$image_info['thumb1_name'] = $image_info['image_name'];
$image_info['thumb1'] = TRUE;
} else {
if (!file_exists($thumb1_folder)) {
mkdir($thumb1_folder, 0755, TRUE);
}
$image_name_t1 = filename_exists($thumb1_folder, $image_name . $thumb1_suffix . $image_ext);
$image_info['thumb1_name'] = $image_name_t1;
$image_info['thumb1'] = TRUE;
if ($thumb1_ratio == 0) {
createthumbnail($filetype, $target_folder . $image_name_full, $thumb1_folder . $image_name_t1, $thumb1_width, $thumb1_height);
} else {
createsquarethumbnail($filetype, $target_folder . $image_name_full, $thumb1_folder . $image_name_t1, $thumb1_width);
}
}
}
if ($thumb2) {
if ($image_res[0] < $thumb2_width && $image_res[1] < $thumb2_height) {
$noThumb = TRUE;
$image_info['thumb2_name'] = $image_info['image_name'];
$image_info['thumb2'] = TRUE;
} else {
if (!file_exists($thumb2_folder)) {
mkdir($thumb2_folder, 0755, TRUE);
}
$image_name_t2 = filename_exists($thumb2_folder, $image_name . $thumb2_suffix . $image_ext);
$image_info['thumb2_name'] = $image_name_t2;
$image_info['thumb2'] = TRUE;
if ($thumb2_ratio == 0) {
createthumbnail($filetype, $target_folder . $image_name_full, $thumb2_folder . $image_name_t2, $thumb2_width, $thumb2_height);
} else {
createsquarethumbnail($filetype, $target_folder . $image_name_full, $thumb2_folder . $image_name_t2, $thumb2_width);
}
}
}
if ($delete_original && !$noThumb) {
unlink($target_folder . $image_name_full);
$image_info['image'] = FALSE;
}
}
}
} else {
$image_info = array("error" => 5);
}
if ($image_info['error'] != 0) {
$this->stop();
// return FALSE if possible
switch ($image_info['error']) {
case 1:
// Invalid file size
addNotice('danger', sprintf($locale['df_416'], parsebytesize($this->field_config['max_byte'])));
self::setInputError($this->field_name);
break;
case 2:
// Unsupported image type
addNotice('danger', sprintf($locale['df_417'], ".gif .jpg .png"));
self::setInputError($this->field_name);
break;
case 3:
// Invalid image resolution
addNotice('danger', sprintf($locale['df_421'], $this->field_config['max_width'], $this->field_config['max_height']));
self::setInputError($this->field_name);
break;
case 4:
// Invalid query string
addNotice('danger', $locale['df_422']);
self::setInputError($this->field_name);
break;
case 5:
// Image not uploaded
addNotice('danger', $locale['df_423']);
self::setInputError($this->field_name);
break;
}
$result[$i] = $image_info;
} else {
$result[$i] = $image_info;
}
}
// end for
return $result;
} else {
return array();
}
} else {
if (!empty($_FILES[$this->field_config['input_name']]['name']) && is_uploaded_file($_FILES[$this->field_config['input_name']]['tmp_name']) && $this->safe()) {
$upload = upload_image($this->field_config['input_name'], $_FILES[$this->field_config['input_name']]['name'], $this->field_config['path'], $this->field_config['max_width'], $this->field_config['max_height'], $this->field_config['max_byte'], $this->field_config['delete_original'], $this->field_config['thumbnail'], $this->field_config['thumbnail2'], 1, $this->field_config['path'] . $this->field_config['thumbnail_folder'] . "/", $this->field_config['thumbnail_suffix'], $this->field_config['thumbnail_w'], $this->field_config['thumbnail_h'], 0, $this->field_config['path'] . $this->field_config['thumbnail_folder'] . "/", $this->field_config['thumbnail2_suffix'], $this->field_config['thumbnail2_w'], $this->field_config['thumbnail2_h']);
if ($upload['error'] != 0) {
$this->stop();
switch ($upload['error']) {
case 1:
// Invalid file size
addNotice('danger', sprintf($locale['df_416'], parsebytesize($this->field_config['max_byte'])));
self::setInputError($this->field_name);
break;
case 2:
// Unsupported image type
addNotice('danger', sprintf($locale['df_417'], ".gif .jpg .png"));
self::setInputError($this->field_name);
break;
case 3:
// Invalid image resolution
addNotice('danger', sprintf($locale['df_421'], $this->field_config['max_width'], $this->field_config['max_height']));
self::setInputError($this->field_name);
break;
case 4:
// Invalid query string
addNotice('danger', $locale['df_422']);
self::setInputError($this->field_name);
break;
case 5:
// Image not uploaded
addNotice('danger', $locale['df_423']);
self::setInputError($this->field_name);
break;
}
return $upload;
} else {
return $upload;
}
} else {
return array();
}
}
}
$image_count = count($image_list);
} else {
$image_count = 0;
}
if (isset($_GET['del']) && in_array($_GET['del'], $image_list)) {
unlink($afolder . stripinput($_GET['del']));
if ($settings['tinymce_enabled'] == 1) {
include INCLUDES . "buildlist.php";
}
addNotice('warning', $locale['400']);
redirect(FUSION_SELF . $aidlink . "&ifolder=" . $_GET['ifolder']);
} elseif (isset($_POST['uploadimage'])) {
$error = "";
$image_types = array(".gif", ".GIF", ".jpeg", ".JPEG", ".jpg", ".JPG", ".png", ".PNG");
$imgext = strrchr(strtolower($_FILES['myfile']['name']), ".");
$imgname = stripfilename(strtolower(substr($_FILES['myfile']['name'], 0, strrpos($_FILES['myfile']['name'], "."))));
$imgsize = $_FILES['myfile']['size'];
$imgtemp = $_FILES['myfile']['tmp_name'];
if (!in_array($imgext, $image_types)) {
addNotice('success', $locale['420']);
redirect(FUSION_SELF . $aidlink . "&ifolder=" . $_GET['ifolder']);
} elseif (is_uploaded_file($imgtemp)) {
move_uploaded_file($imgtemp, $afolder . $imgname . $imgext);
@chmod($afolder . $imgname . $imgext, 0644);
if ($settings['tinymce_enabled'] == 1) {
include INCLUDES . "buildlist.php";
}
addNotice('success', $locale['420']);
redirect(FUSION_SELF . $aidlink . "&ifolder=" . $_GET['ifolder'] . "&img=" . $imgname . $imgext);
}
} else {
//Photo-Mass Upload End
} elseif (isset($_POST['save_photo'])) {
$error = "";
$photo_title = stripinput($_POST['photo_title']);
$photo_description = stripinput($_POST['photo_description']);
$photo_order = isnum($_POST['photo_order']) ? $_POST['photo_order'] : "";
$photo_comments = isset($_POST['photo_comments']) ? "1" : "0";
$photo_ratings = isset($_POST['photo_ratings']) ? "1" : "0";
$photo_file = "";
$photo_thumb1 = "";
$photo_thumb2 = "";
if (!empty($_FILES['photo_pic_file']['name'])) {
if (is_uploaded_file($_FILES['photo_pic_file']['tmp_name'])) {
$photo_types = array(".gif", ".jpg", ".jpeg", ".png");
$photo_pic = $_FILES['photo_pic_file'];
$photo_name = stripfilename(str_replace(" ", "_", strtolower(substr($photo_pic['name'], 0, strrpos($photo_pic['name'], ".")))));
$photo_ext = strtolower(strrchr($photo_pic['name'], "."));
$photo_dest = PHOTODIR;
if (!preg_match("/^[-0-9A-Z_\\.\\[\\]]+\$/i", $photo_name)) {
$error = 1;
} elseif ($photo_pic['size'] > $settings['photo_max_b']) {
$error = 2;
} elseif (!in_array($photo_ext, $photo_types)) {
$error = 3;
} else {
$photo_file = image_exists($photo_dest, $photo_name . $photo_ext);
move_uploaded_file($photo_pic['tmp_name'], $photo_dest . $photo_file);
chmod($photo_dest . $photo_file, 0666);
$imagefile = @getimagesize($photo_dest . $photo_file);
if ($imagefile[0] > $settings['photo_max_w'] || $imagefile[1] > $settings['photo_max_h']) {
$error = 4;
$poll_title = trim(stripinput(censorwords($_POST['poll_title'])));
if ($poll_title && (isset($poll_opts) && is_array($poll_opts))) {
$result = dbquery("INSERT INTO " . DB_FORUM_POLLS . " (thread_id, forum_poll_title, forum_poll_start, forum_poll_length, forum_poll_votes) VALUES('" . $thread_id . "', '" . $poll_title . "', '" . time() . "', '0', '0')");
$forum_poll_id = mysql_insert_id();
$i = 1;
foreach ($poll_opts as $poll_option) {
$result = dbquery("INSERT INTO " . DB_FORUM_POLL_OPTIONS . " (thread_id, forum_poll_option_id, forum_poll_option_text, forum_poll_option_votes) VALUES('" . $thread_id . "', '" . $i . "', '" . $poll_option . "', '0')");
$i++;
}
}
}
if ($fdata['forum_attach'] && checkgroup($fdata['forum_attach'])) {
// $attach = $_FILES['attach'];
foreach ($_FILES as $attach) {
if ($attach['name'] != "" && !empty($attach['name']) && is_uploaded_file($attach['tmp_name'])) {
$attachname = stripfilename(substr($attach['name'], 0, strrpos($attach['name'], ".")));
$attachext = strtolower(strrchr($attach['name'], "."));
if (preg_match("/^[-0-9A-Z_\\[\\]]+\$/i", $attachname) && $attach['size'] <= $settings['attachmax']) {
$attachtypes = explode(",", $settings['attachtypes']);
if (in_array($attachext, $attachtypes)) {
$attachname .= $attachext;
$attachname = attach_exists(strtolower($attachname));
move_uploaded_file($attach['tmp_name'], FORUM . "attachments/" . $attachname);
chmod(FORUM . "attachments/" . $attachname, 0644);
if (in_array($attachext, $imagetypes) && (!@getimagesize(FORUM . "attachments/" . $attachname) || !@verify_image(FORUM . "attachments/" . $attachname))) {
unlink(FORUM . "attachments/" . $attachname);
$error = 1;
}
if (!$error) {
$result = dbquery("INSERT INTO " . DB_FORUM_ATTACHMENTS . " (thread_id, post_id, attach_name, attach_ext, attach_size) VALUES ('" . $thread_id . "', '" . $post_id . "', '" . $attachname . "', '" . $attachext . "', '" . $attach['size'] . "')");
}
$message = $locale['411'];
} elseif ($_GET['status'] == "del") {
$message = $locale['412'];
}
if ($message) {
echo "<div id='close-message'><div class='admin-message'>" . $message . "</div></div>\n";
}
}
if (isset($_POST['save'])) {
$error = "";
$news_subject = stripinput($_POST['news_subject']);
$news_cat = isnum($_POST['news_cat']) ? $_POST['news_cat'] : "0";
if (isset($_FILES['news_image']) && is_uploaded_file($_FILES['news_image']['tmp_name'])) {
require_once INCLUDES . "photo_functions_include.php";
$image = $_FILES['news_image'];
$image_name = stripfilename(str_replace(" ", "_", strtolower(substr($image['name'], 0, strrpos($image['name'], ".")))));
$image_ext = strtolower(strrchr($image['name'], "."));
if ($image_ext == ".gif") {
$filetype = 1;
} elseif ($image_ext == ".jpg") {
$filetype = 2;
} elseif ($image_ext == ".png") {
$filetype = 3;
} else {
$filetype = false;
}
if (!preg_match("/^[-0-9A-Z_\\.\\[\\]]+\$/i", $image_name)) {
$error = 1;
} elseif ($image['size'] > $settings['news_photo_max_b']) {
$error = 2;
} elseif (!$filetype) {
} else {
echo "<div style='text-align:center'><br />\n" . $locale['551'] . "<br /><br />\n</div>\n";
}
closetable();
}
} elseif ($_GET['stype'] == "p") {
if (isset($_POST['submit_photo'])) {
require_once INCLUDES . "photo_functions_include.php";
$error = "";
$submit_info['photo_title'] = stripinput($_POST['photo_title']);
$submit_info['photo_description'] = stripinput($_POST['photo_description']);
$submit_info['album_id'] = isnum($_POST['album_id']) ? $_POST['album_id'] : "0";
if (is_uploaded_file($_FILES['photo_pic_file']['tmp_name'])) {
$photo_types = array(".gif", ".jpg", ".jpeg", ".png");
$photo_pic = $_FILES['photo_pic_file'];
$photo_name = stripfilename(strtolower(substr($photo_pic['name'], 0, strrpos($photo_pic['name'], "."))));
$photo_ext = strtolower(strrchr($photo_pic['name'], "."));
$photo_dest = PHOTOS . "submissions/";
if (!preg_match("/^[-0-9A-Z_\\[\\]]+\$/i", $photo_name)) {
$error = 1;
} elseif ($photo_pic['size'] > $settings['photo_max_b']) {
$error = 2;
} elseif (!in_array($photo_ext, $photo_types)) {
$error = 3;
} else {
$photo_file = image_exists($photo_dest, $photo_name . $photo_ext);
move_uploaded_file($photo_pic['tmp_name'], $photo_dest . $photo_file);
chmod($photo_dest . $photo_file, 0644);
$imagefile = @getimagesize($photo_dest . $photo_file);
if (!verify_image($photo_dest . $photo_file)) {
$error = 3;