/** * Uploads and saves file * * @return mixed void, or the new insert id */ public function processUpload() { //----------------------------------------- // INIT //----------------------------------------- $this->error = ''; $this->getUploadFormSettings(); //----------------------------------------- // Check upload dir //----------------------------------------- if (!$this->checkUploadDirectory()) { if ($this->error) { return; } } //----------------------------------------- // Can upload? //----------------------------------------- if (!$this->attach_stats['allow_uploads']) { $this->error = 'upload_failed'; return; } //----------------------------------------- // Got attachment types? //----------------------------------------- if (!$this->registry->cache()->getCache('attachtypes') or !is_array($this->registry->cache()->getCache('attachtypes'))) { $attachtypes = array(); $this->DB->build(array('select' => 'atype_extension,atype_mimetype,atype_post,atype_img', 'from' => 'attachments_type', 'where' => "atype_post=1")); $this->DB->execute(); while ($r = $this->DB->fetch()) { $attachtypes[$r['atype_extension']] = $r; } $this->registry->cache()->updateCacheWithoutSaving('attachtypes', $attachtypes); } //----------------------------------------- // Set up array //----------------------------------------- $attach_data = array('attach_ext' => "", 'attach_file' => "", 'attach_location' => "", 'attach_thumb_location' => "", 'attach_hits' => 0, 'attach_date' => time(), 'attach_post_key' => $this->attach_post_key, 'attach_member_id' => $this->memberData['member_id'], 'attach_rel_id' => $this->attach_rel_id, 'attach_rel_module' => $this->type, 'attach_filesize' => 0); //----------------------------------------- // Load the library //----------------------------------------- require_once IPS_KERNEL_PATH . 'classUpload.php'; /*noLibHook*/ $upload = new classUpload(); //----------------------------------------- // Set up the variables //----------------------------------------- $upload->out_file_name = $this->type . '-' . $this->memberData['member_id'] . '-' . str_replace(array('.', ' '), '-', microtime()); $upload->out_file_dir = $this->upload_path; $upload->max_file_size = $this->attach_stats['max_single_upload'] ? $this->attach_stats['max_single_upload'] : 1000000000; $upload->make_script_safe = 1; $upload->force_data_ext = 'ipb'; //----------------------------------------- // Populate allowed extensions //----------------------------------------- if (is_array($this->registry->cache()->getCache('attachtypes')) and count($this->registry->cache()->getCache('attachtypes'))) { /* SKINNOTE: I had to add [attachtypes] to this cache to make it work, may need fixing? */ //$tmp = $this->registry->cache()->getCache('attachtypes'); foreach ($this->registry->cache()->getCache('attachtypes') as $idx => $data) { if ($data['atype_post']) { $upload->allowed_file_ext[] = $data['atype_extension']; } } } //----------------------------------------- // Upload... //----------------------------------------- $upload->process(); //----------------------------------------- // Error? //----------------------------------------- if ($upload->error_no) { switch ($upload->error_no) { case 1: // No upload $this->error = 'upload_no_file'; return $attach_data; break; case 2: // Invalid file ext $this->error = 'invalid_mime_type'; return $attach_data; break; case 3: // Too big... $this->error = 'upload_too_big'; return $attach_data; break; case 4: // Cannot move uploaded file $this->error = 'upload_failed'; return $attach_data; break; case 5: // Possible XSS attack (image isn't an image) $this->error = 'upload_failed'; return $attach_data; break; } } //----------------------------------------- // Still here? //----------------------------------------- if ($upload->saved_upload_name and @is_file($upload->saved_upload_name)) { //----------------------------------------- // Strip off { } and [ ] //----------------------------------------- $upload->original_file_name = str_replace(array('[', ']', '{', '}'), "", $upload->original_file_name); $attach_data['attach_filesize'] = @filesize($upload->saved_upload_name); $attach_data['attach_location'] = $this->upload_dir . $upload->parsed_file_name; if (IPSText::isUTF8($upload->original_file_name)) { $attach_data['attach_file'] = IPSText::convertCharsets($upload->original_file_name, "UTF-8", IPS_DOC_CHAR_SET); } else { $attach_data['attach_file'] = $upload->original_file_name; } $attach_data['attach_is_image'] = $upload->is_image; $attach_data['attach_ext'] = $upload->real_file_extension; if ($attach_data['attach_is_image'] == 1) { require_once IPS_KERNEL_PATH . 'classImage.php'; /*noLibHook*/ require_once IPS_KERNEL_PATH . 'classImageGd.php'; /*noLibHook*/ /* Main attachment */ if (!empty($this->settings['attach_img_max_w']) and !empty($this->settings['attach_img_max_h'])) { $image = new classImageGd(); $image->init(array('image_path' => $this->upload_path, 'image_file' => $upload->parsed_file_name)); $image->force_resize = false; if ($imgData = $image->resizeImage($this->settings['attach_img_max_w'], $this->settings['attach_img_max_h'], false, true)) { if (!$imgData['noResize']) { $image->writeImage($this->upload_path . '/' . $upload->parsed_file_name); } if (is_array($imgData)) { $attach_data['attach_img_width'] = $imgData['newWidth']; $attach_data['attach_img_height'] = $imgData['newHeight']; } $attach_data['attach_filesize'] = @filesize($this->upload_path . '/' . $upload->parsed_file_name); } } /* Thumb nail */ $image = new classImageGd(); $image->force_resize = true; $image->init(array('image_path' => $this->upload_path, 'image_file' => $upload->parsed_file_name)); if (TRUE) { if ($this->attach_settings['siu_width'] < $attach_data['attach_img_width'] or $this->attach_settings['siu_height'] < $attach_data['attach_img_height']) { $_thumbName = preg_replace('#^(.*)\\.(\\w+?)$#', "\\1_thumb.\\2", $upload->parsed_file_name); if ($thumb_data = $image->resizeImage($this->attach_settings['siu_width'], $this->attach_settings['siu_height'])) { $image->writeImage($this->upload_path . '/' . $_thumbName); if (is_array($thumb_data)) { $thumb_data['thumb_location'] = $_thumbName; } } } else { /* Instead of building a thumb the same size as the main image, just copy the details */ $thumb_data = array('thumb_location' => $upload->parsed_file_name, 'newWidth' => $attach_data['attach_img_width'], 'newHeight' => $attach_data['attach_img_height']); } } if ($thumb_data['thumb_location']) { $attach_data['attach_img_width'] = $thumb_data['originalWidth']; $attach_data['attach_img_height'] = $thumb_data['originalHeight']; $attach_data['attach_thumb_width'] = $thumb_data['newWidth']; $attach_data['attach_thumb_height'] = $thumb_data['newHeight']; $attach_data['attach_thumb_location'] = $this->upload_dir . $thumb_data['thumb_location']; } } //----------------------------------------- // Make sure we send integers // @link http://community.invisionpower.com/tracker/issue-32511-attachments-mysql-strict-mode //----------------------------------------- $attach_data['attach_img_width'] = intval($attach_data['attach_img_width']); $attach_data['attach_img_height'] = intval($attach_data['attach_img_height']); $attach_data['attach_thumb_width'] = intval($attach_data['attach_thumb_width']); $attach_data['attach_thumb_height'] = intval($attach_data['attach_thumb_height']); //----------------------------------------- // Add into Database //----------------------------------------- $this->DB->insert('attachments', $attach_data); $newid = $this->DB->getInsertId(); return $newid; } }
/** * Upload personal photo function * Assumes all security checks have been performed by this point * * @access public * @param integer [Optional] member id instead of current member * @return array [ error (error message), status (status message [ok/fail] ) ] */ public function uploadPhoto($member_id = 0) { //----------------------------------------- // INIT //----------------------------------------- $return = array('error' => '', 'status' => '', 'final_location' => '', 'final_width' => '', 'final_height' => '', 't_final_location' => '', 't_final_width' => '', 't_final_height' => ''); $member_id = $member_id ? intval($member_id) : intval($this->memberData['member_id']); $memberData = IPSMember::load($member_id); $real_name = ''; $upload_dir = ''; $t_real_name = ''; $p_max = $memberData['photoMaxKb']; if (IN_ACP) { $p_max = 10000; } if (!$member_id) { return array('status' => 'cannot_find_member'); } /* Fix up upload directory */ $paths = $this->_getProfileUploadPaths(); $upload_path = $paths['path']; $upload_dir = $paths['dir']; /* Check for an upload */ if ($_FILES['upload_photo']['name'] != "" and $_FILES['upload_photo']['name'] != "none") { if (!IPSMember::canUploadPhoto($memberData)) { $return['status'] = 'fail'; $return['error'] = 'no_photo_upload_permission'; return $return; } $real_name = 'photo-' . $member_id; /* Fetch library */ require_once IPS_KERNEL_PATH . 'classUpload.php'; /*noLibHook*/ $upload = new classUpload(); /* Bit of set up */ $upload->out_file_name = 'photo-' . $member_id; $upload->out_file_dir = $upload_path; $upload->max_file_size = $p_max * 1024; $upload->upload_form_field = 'upload_photo'; /* Set up our allowed types */ $upload->allowed_file_ext = array('gif', 'png', 'jpg', 'jpeg'); /* Remove any current photos - http://community.invisionpower.com/resources/bugs.html/_/ip-board/profile-picture-not-removed-on-replacement-r41405 */ $this->removeUploadedPhotos($member_id, $upload_path); /* Upload */ $upload->process(); /* Oops, what happened? */ if ($upload->error_no) { switch ($upload->error_no) { case 1: // No upload $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; case 2: // Invalid file ext $return['status'] = 'fail'; $return['error'] = 'invalid_file_extension'; break; case 3: // Too big... $return['status'] = 'fail'; $return['error'] = 'upload_to_big'; break; case 4: // Cannot move uploaded file $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; case 5: // Possible XSS attack (image isn't an image) $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; } return $return; } /* We got this far.. */ $real_name = $upload->parsed_file_name; $t_real_name = $upload->parsed_file_name; /* Now build sized copies */ $return = $this->buildSizedPhotos($upload->parsed_file_name, $member_id); } return $return; }
/** * Upload background image * Assumes all security checks have been performed by this point * * @access public * @param integer [Optional] member id instead of current member * @return array [ error (error message), status (status message [ok/fail] ) ] */ public function uploadBackgroundImage($member_id = 0) { /* Init vars */ $member_id = $member_id ? intval($member_id) : intval($this->memberData['member_id']); $p_max = $this->memberData['g_max_bgimg_upload'] ? intval($this->memberData['g_max_bgimg_upload']) : 999999999; $real_name = ''; $upload_dir = ''; $final_location = ''; $return = array('error' => '', 'status' => '', 'final_location' => '', 'maxSize' => $p_max); if (!$member_id) { return array('status' => 'cannot_find_member'); } //----------------------------------------- // Sort out upload dir //----------------------------------------- /* Fix for bug 5075 */ $this->settings['upload_dir'] = str_replace('.', '.', $this->settings['upload_dir']); $upload_path = $this->settings['upload_dir']; # Preserve original path $_upload_path = $this->settings['upload_dir']; //----------------------------------------- // Already a dir? //----------------------------------------- if (!file_exists($upload_path . "/bgimages")) { if (@mkdir($upload_path . "/bgimages", IPS_FOLDER_PERMISSION)) { @file_put_contents($upload_path . '/bgimages/index.html', ''); @chmod($upload_path . "/bgimages", IPS_FOLDER_PERMISSION); # Set path and dir correct $upload_path .= "/bgimages"; $upload_dir = "bgimages/"; } else { # Set path and dir correct $upload_dir = ""; } } else { # Set path and dir correct $upload_path .= "/bgimages"; $upload_dir = "bgimages/"; } //----------------------------------------- // Lets check for an uploaded photo.. //----------------------------------------- if ($_FILES['bg_upload']['name'] != "" and $_FILES['bg_upload']['name'] != "none") { //----------------------------------------- // Are we allowed to upload this photo? //----------------------------------------- if ($p_max < 0) { $return['status'] = 'fail'; $return['error'] = 'no_bgimg_upload_permission'; } //----------------------------------------- // Remove any uploaded photos... //----------------------------------------- $this->removeUploadedBackgroundImages($member_id); $real_name = 'bgimg-' . $member_id; //----------------------------------------- // Load the library //----------------------------------------- require_once IPS_KERNEL_PATH . 'classUpload.php'; /*noLibHook*/ $upload = new classUpload(); //----------------------------------------- // Set up the variables //----------------------------------------- $upload->out_file_name = 'bgimg-' . $member_id; $upload->out_file_dir = $upload_path; $upload->max_file_size = $p_max * 1024; $upload->upload_form_field = 'bg_upload'; //----------------------------------------- // Populate allowed extensions //----------------------------------------- $upload->allowed_file_ext = array('gif', 'png', 'jpg', 'jpeg'); //----------------------------------------- // Upload... //----------------------------------------- $upload->process(); //----------------------------------------- // Error? //----------------------------------------- if ($upload->error_no) { switch ($upload->error_no) { case 1: // No upload $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; case 2: // Invalid file ext $return['status'] = 'fail'; $return['error'] = 'invalid_file_extension'; break; case 3: // Too big... $return['status'] = 'fail'; $return['error'] = 'upload_to_big'; break; case 4: // Cannot move uploaded file $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; case 5: // Possible XSS attack (image isn't an image) $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; } return $return; } //----------------------------------------- // Still here? //----------------------------------------- $real_name = $upload->parsed_file_name; $t_real_name = $upload->parsed_file_name; //----------------------------------------- // Check the file size (after compression) //----------------------------------------- if (filesize($upload_path . "/" . $real_name) > $p_max * 1024) { @unlink($upload_path . "/" . $real_name); // Too big... $return['status'] = 'fail'; $return['error'] = 'upload_to_big'; return $return; } //----------------------------------------- // Main //----------------------------------------- $final_location = $upload_dir . $real_name; } else { $return['status'] = 'ok'; return $return; } //----------------------------------------- // Return... //----------------------------------------- $return['final_location'] = $final_location; $return['status'] = 'ok'; return $return; }
/** * Saves the member's avatar * * @param INT Member's ID to save * @param string Upload field name [Default is "upload_avatar"] * @param string Avatar URL Field [Default is "avatar_url"] * @param string Gallery Avatar Directory Field [Default is "avatar_gallery"] * @param string Gallery Avatar Image Field [Default is "avatar_image"] * @author Brandon Farber, Stolen By Matt 'Haxor' Mecham * <code> * Excepton Codes: * NO_MEMBER_ID: A valid member ID was not passed. * NO_PERMISSION: You do not have permission to change the avatar * UPLOAD_NO_IMAGE: Nothing to upload * UPLOAD_INVALID_FILE_EXT: Incorrect file extension (not an image) * UPLOAD_TOO_LARGE: Upload is larger than allowed * UPLOAD_CANT_BE_MOVED: Upload cannot be moved into the uploads directory * UPLOAD_NOT_IMAGE: Upload is not an image, despite what the file extension says! * NO_AVATAR_TO_SAVE: Nothing to save! * </code> */ public function saveNewAvatar($member_id, $uploadFieldName = 'upload_avatar', $urlFieldName = 'avatar_url', $galleryFieldName = 'avatar_gallery', $avatarGalleryImage = 'avatar_image', $gravatarFieldName = 'gravatar_email') { //----------------------------------------- // INIT //----------------------------------------- $avatar = array(); list($p_width, $p_height) = explode("x", strtolower($this->settings['avatar_dims'])); if (!$member_id) { throw new Exception("NO_MEMBER_ID"); } $member = IPSMember::load($member_id, 'extendedProfile,groups'); if (!$member['member_id']) { throw new Exception("NO_MEMBER_ID"); } //----------------------------------------- // Allowed to upload pics for administrators? //----------------------------------------- if (IPS_AREA != 'public') { if ($member['g_access_cp'] and !$this->registry->getClass('class_permissions')->checkPermission('member_photo_admin', 'members', 'members')) { throw new Exception("NO_PERMISSION"); } } //----------------------------------------- // Upload? //----------------------------------------- if ($_FILES[$uploadFieldName]['name'] != "" and $_FILES[$uploadFieldName]['name'] != "none") { $this->settings['upload_dir'] = str_replace('.', '.', $this->settings['upload_dir']); $real_name = 'av-' . $member_id; require_once IPS_KERNEL_PATH . 'classUpload.php'; $upload = new classUpload(); $upload->out_file_name = $real_name; $upload->out_file_dir = $this->settings['upload_dir']; $upload->max_file_size = $this->settings['avup_size_max'] * 1024 * 8; // Allow xtra for compression $upload->upload_form_field = $uploadFieldName; //----------------------------------------- // Populate allowed extensions //----------------------------------------- if (is_array($this->cache->getCache('attachtypes')) and count($this->cache->getCache('attachtypes'))) { foreach ($this->cache->getCache('attachtypes') as $data) { if ($data['atype_photo']) { if ($data['atype_extension'] == 'swf' and $this->settings['disable_flash']) { continue; } $upload->allowed_file_ext[] = $data['atype_extension']; } } } //----------------------------------------- // Upload... //----------------------------------------- $upload->process(); //----------------------------------------- // Error? //----------------------------------------- if ($upload->error_no) { switch ($upload->error_no) { case 1: // No upload throw new Exception("UPLOAD_NO_IMAGE"); break; case 2: // Invalid file ext throw new Exception("UPLOAD_INVALID_FILE_EXT"); break; case 3: // Too big... throw new Exception("UPLOAD_TOO_LARGE"); break; case 4: // Cannot move uploaded file throw new Exception("UPLOAD_CANT_BE_MOVED"); break; case 5: // Possible XSS attack (image isn't an image) throw new Exception("UPLOAD_NOT_IMAGE"); break; } } $real_name = $upload->parsed_file_name; $im = array(); if (!$this->settings['disable_ipbsize'] and $upload->file_extension != '.swf') { $imageDimensions = getimagesize($this->settings['upload_dir'] . '/' . $real_name); if ($imageDimensions[0] > $p_width or $imageDimensions[1] > $p_height) { require_once IPS_KERNEL_PATH . "classImage.php"; require_once IPS_KERNEL_PATH . "classImageGd.php"; $image = new classImageGd(); $image->init(array('image_path' => $this->settings['upload_dir'], 'image_file' => $real_name)); $return = $image->resizeImage($p_width, $p_height); $image->writeImage($this->settings['upload_dir'] . '/' . $real_name); $im['img_width'] = $return['newWidth'] ? $return['newWidth'] : $image->cur_dimensions['width']; $im['img_height'] = $return['newHeight'] ? $return['newHeight'] : $image->cur_dimensions['height']; } else { $im['img_width'] = $imageDimensions[0]; $im['img_height'] = $imageDimensions[1]; } } else { $w = intval($this->request['man_width']) ? intval($this->request['man_width']) : $p_width; $h = intval($this->request['man_height']) ? intval($this->request['man_height']) : $p_height; $im['img_width'] = $w > $p_width ? $p_width : $w; $im['img_height'] = $h > $p_height ? $p_height : $h; } //----------------------------------------- // Set the "real" avatar.. //----------------------------------------- $avatar['avatar_location'] = $real_name; $avatar['avatar_size'] = $im['img_width'] . 'x' . $im['img_height']; $avatar['avatar_type'] = 'upload'; } else { if ($this->request[$urlFieldName] and IPSText::xssCheckUrl($this->request[$urlFieldName]) === true) { $ext = explode(",", $this->settings['avatar_ext']); $checked = 0; $av_ext = preg_replace("/^.*\\.(\\S+)\$/", "\\1", $this->request[$urlFieldName]); foreach ($ext as $v) { if (strtolower($v) == strtolower($av_ext)) { if ($v == 'swf' and $this->settings['disable_flash']) { throw new Exception("INVALID_FILE_EXT"); } $checked = 1; break; } } if ($checked != 1) { throw new Exception("INVALID_FILE_EXT"); } if (!$this->settings['disable_ipbsize']) { if (!($img_size = @getimagesize($this->request[$urlFieldName]))) { $img_size[0] = $p_width; $img_size[1] = $p_height; } $im = IPSLib::scaleImage(array('max_width' => $p_width, 'max_height' => $p_height, 'cur_width' => $img_size[0], 'cur_height' => $img_size[1])); } else { $w = intval($this->request['man_width']) ? intval($this->request['man_width']) : $p_width; $h = intval($this->request['man_height']) ? intval($this->request['man_height']) : $p_height; $im['img_width'] = $w > $p_width ? $p_width : $w; $im['img_height'] = $h > $p_height ? $p_height : $h; } $avatar['avatar_location'] = trim($this->request[$urlFieldName]); $avatar['avatar_size'] = $im['img_width'] . 'x' . $im['img_height']; $avatar['avatar_type'] = 'url'; } else { if (isset($this->request[$galleryFieldName]) and $this->request[$avatarGalleryImage]) { $directory = ''; if ($this->request[$galleryFieldName]) { $directory = preg_replace("/[^\\s\\w_-]/", "", urldecode($this->request[$galleryFieldName])); if ($directory) { $directory .= '/'; } } $filename = preg_replace("/[^\\s\\w\\._\\-\\[\\]\\(\\)]/", "", urldecode($this->request[$avatarGalleryImage])); if (file_exists(DOC_IPS_ROOT_PATH . PUBLIC_DIRECTORY . '/style_avatars/' . $directory . $filename)) { $avatar['avatar_location'] = $directory . $filename; $avatar['avatar_size'] = ''; $avatar['avatar_type'] = 'local'; } } else { if ($this->request[$gravatarFieldName] && $this->request[$gravatarFieldName] && $this->settings['allow_gravatars']) { $avatar['avatar_location'] = strtolower($this->request[$gravatarFieldName]); $avatar['avatar_type'] = 'gravatar'; } } } } //----------------------------------------- // No avatar image? //----------------------------------------- if (!count($avatar)) { throw new Exception("NO_AVATAR_TO_SAVE"); } else { if ($avatar['avatar_type'] != 'upload') { foreach (array('swf', 'jpg', 'jpeg', 'gif', 'png') as $ext) { if (@file_exists($this->settings['upload_dir'] . "/av-" . $member_id . "." . $ext)) { @unlink($this->settings['upload_dir'] . "/av-" . $member_id . "." . $ext); } } } } //----------------------------------------- // Store and redirect //----------------------------------------- IPSMember::save($member_id, array('extendedProfile' => $avatar)); return TRUE; }
/** * Convert an image * * @access public * @param integer Foreign ID number * @param array Data to insert to table * @param string Path to where images are stores * @param array Custom field data to insert to table * @param boolean If true, loads file data from database, rather than move file * @return boolean Success or fail **/ public function convertImage($id, $info, $path, $custom_fields, $db = false) { // Check we have a path if (!$this->settings['gallery_images_path']) { $this->logError($id, 'Your IP.Gallery uploads path has not been configured'); return false; } //----------------------------------------- // Make sure we have everything we need //----------------------------------------- if (!$id) { $this->logError($id, 'No ID number provided'); return false; } // Need image path if was not stored in database if (!$path and !$db) { $this->logError($id, 'No path provided'); return false; } // Be sure to have member id if (!$info['member_id']) { $this->logError($id, 'No member ID provided'); return false; } // Need to store in either category or album if (!$info['category_id'] and !$info['album_id']) { $this->logError($id, 'No category or album ID provided'); return false; } // Check if a masked name was provided. If not, just use the filename. $info['masked_file_name'] = $info['masked_file_name'] ? $info['masked_file_name'] : $info['file_name']; if (!$db and !$info['masked_file_name']) { $this->logError($id, 'No filename provided'); return false; } // Make sure image data was provided if stored in database. if ($db && !$info['data']) { $this->logError($id, 'No file data provided'); return false; } if (isset($info['directory']) && $info['directory'] != '') { $path = $path . '/' . trim($info['directory'], '/'); } // Check the file actually exists if (!$db && !file_exists($path . '/' . $info['masked_file_name'])) { $this->logError($id, 'Could not locate file ' . $path . '/' . $info['masked_file_name']); return false; } //----------------------------------------- // Set up array //----------------------------------------- $imageArray = array('member_id' => $this->getLink($info['member_id'], 'members', false, $this->useLocalLink), 'category_id' => $info['category_id'] ? $this->getLink($info['category_id'], 'gallery_categories') : 0, 'album_id' => $info['album_id'] ? $this->getLink($info['album_id'], 'gallery_albums') : 0, 'caption' => $info['caption'] ? $info['caption'] : 'No caption', 'file_size' => $info['file_size'] ? $info['file_size'] : 2, 'description' => $info['description'], 'directory' => '', 'file_name' => $info['file_name'], 'approved' => $info['approved'], 'thumbnail' => $info['thumbnail'], 'views' => intval($info['views']), 'comments' => intval($info['comments']), 'idate' => intval($info['idate']), 'ratings_total' => intval($info['ratings_total']), 'ratings_count' => intval($info['ratings_count']), 'caption_seo' => IPSText::makeSeoTitle($info['caption']), 'image_notes' => $info['image_notes'], 'rating' => intval($info['ratings_total']) > 0 ? intval($info['ratings_total']) / intval($info['ratings_count']) : 0); // Fields still required = array( 'file_name', 'file_type', 'masked_file_name', 'medium_file_name'); // Fields optional = array( 'file_size', 'pinned', 'media', 'credit_info', 'metadata', 'media_thumb'); $_file = IPSLib::getAppDir('gallery') . '/app_class_gallery.php'; $_name = 'app_class_gallery'; $galleryLibObject; if (file_exists($_file)) { $classToLoad = IPSLib::loadLibrary($_file, $_name); $galleryLibObject = new $classToLoad($this->registry); } $this->_loadMediaCache(); require_once IPS_KERNEL_PATH . 'classUpload.php'; $upload = new classUpload(); $allowed_ext = array(); foreach ($this->media_thumb_cache as $k => $v) { if (!$v['allowed']) { continue; } if ($v['default_type'] == 0 and !$allow_media) { continue; } $allowed_ext[] = str_replace(".", "", $k); } $dir = ""; if ($this->settings['gallery_dir_images']) { $dir = $this->DB->buildAndFetch(array('select' => 'directory', 'from' => 'gallery_images', 'order' => "id DESC", 'limit' => array(0, 1))); $dir = $dir['directory']; if (!is_dir($this->settings['gallery_images_path'] . '/' . $dir)) { $dir = ''; } $total = $this->DB->buildAndFetch(array('select' => 'COUNT(directory) AS files', 'from' => 'gallery_images', 'where' => "directory='{$dir}'")); if ($total['files'] >= $this->settings['gallery_dir_images'] || !$total['files']) { $dir = time(); @mkdir($this->settings['gallery_images_path'] . '/' . $dir, 0777); @chmod($this->settings['gallery_images_path'] . '/' . $dir, 0777); @touch($this->settings['gallery_images_path'] . '/' . $dir . '/index.html'); } $dir = $dir ? "{$dir}/" : ""; $imageArray['directory'] = str_replace("/", "", $dir); } $ext = $upload->_getFileExtension($info['file_name']); if (!in_array($ext, $allowed_ext)) { $this->logError($id, "Invalid_mime_type for file name: {$info['file_name']}"); return false; } $new_name = "gallery_{$info['member_id']}_" . ($info['album_id'] > 0 ? $info['album_id'] : $info['category_id']) . "_" . time() % $imageArray['file_size'] . '.' . $ext; $imageArray['masked_file_name'] = $new_name; $new_file = $this->settings['gallery_images_path'] . '/' . $dir . $new_name; // Create the file from the db if that's the case if ($db) { $this->createFile($new_name, $info['data'], $info['file_size'], $this->settings['gallery_images_path'] . '/' . substr($dir, 0, -1)); } else { // Copy the file to its end IP.Gallery location if (!@copy($path . '/' . $info['masked_file_name'], $new_file)) { $e = error_get_last(); $this->logError($id, 'Could not move file - attempted to move ' . $path . '/' . $info['masked_file_name'] . ' to ' . $new_file . '<br />' . $e['message'] . '<br /><br />'); return false; } } @chmod($new_file, 0777); if (method_exists($upload, 'check_xss_infile')) { $upload->saved_upload_name = $new_file; $upload->check_xss_infile(); if ($upload->error_no == 5) { $this->logError($id, 'Invalid XSS file: ' . $info['file_name'] . '<br /><br />'); return false; } } //------------------------------------------------------------- // Exif/IPTC support? //------------------------------------------------------------- $meta_data = array(); if ($this->settings['gallery_exif']) { $meta_data = array_merge($meta_data, $this->registry->glib->extractExif($new_file)); } if ($this->settings['gallery_iptc']) { $meta_data = array_merge($meta_data, $this->registry->glib->extractIptc($new_file)); } $imageArray['metadata'] = serialize($meta_data); //------------------------------------------------------------- // Pass to library //------------------------------------------------------------- $media = 0; $ext = '.' . $ext; $imageArray['media'] = $this->media_thumb_cache[$ext]['default_type'] ? 0 : 1; $image = array('media' => $imageArray['media'], 'directory' => $dir, 'masked_file_name' => $new_name); if (!$imageArray['media']) { $this->registry->glib->rebuildImage($image, FALSE, TRUE); } $imageArray['medium_file_name'] = $this->registry->glib->did_medium ? 'med_' . $new_name : ''; $imageArray['file_type'] = $this->registry->glib->getImageType($new_file); $imageArray['thumbnail'] = $this->registry->glib->did_thumb ? $this->registry->glib->did_thumb : 0; //----------------------------------------- // Insert //----------------------------------------- foreach ($custom_fields as $key => $value) { if (preg_match('/field_(.+)/', $key, $matches)) { $newKey = $this->getLink($matches[1], 'gallery_form_fields'); if ($newKey) { $imageArray['field_' . $newKey] = $value; } } } // Go $this->DB->insert('gallery_images', $imageArray); $inserted_id = $this->DB->getInsertId(); //----------------------------------------- // Add link //----------------------------------------- $this->addLink($inserted_id, $id, 'gallery_images'); return true; }
/** * Upload a file * * @access protected * @return void */ protected function _uploadFile() { //----------------------------------------- // Check path //----------------------------------------- $path = urldecode($this->request['in']); $this->_checkPath($path); //----------------------------------------- // Get upload class and do upload //----------------------------------------- require_once IPS_KERNEL_PATH . 'classUpload.php'; $upload = new classUpload(); $upload->upload_form_field = 'FILE_UPLOAD'; $upload->allowed_file_ext = array('gif', 'bmp', 'png', 'jpg', 'jpeg', 'tiff'); $upload->out_file_dir = $path; $upload->max_file_size = '10000000'; $upload->process(); //----------------------------------------- // Successful? //----------------------------------------- if ($upload->error_no) { switch ($upload->error_no) { case 1: $this->registry->output->showError($this->lang->words['upload_error_1']); break; case 2: $this->registry->output->showError($this->lang->words['upload_error_2']); break; case 3: $this->registry->output->showError($this->lang->words['upload_error_3']); break; case 4: $this->registry->output->showError($this->lang->words['upload_error_4']); break; case 5: $this->registry->output->showError($this->lang->words['upload_error_5']); break; } } $this->registry->output->global_message = $this->lang->words['file_uploaded']; $this->registry->output->silentRedirectWithMessage($this->settings['base_url'] . 'module=media§ion=list&do=viewdir&dir=' . $path); }
/** * Uploads and saves file * * @access public * @return mixed void, or an array of new insert ids */ public function processMultipleUploads() { /* INIT */ $this->error = ''; $this->getUploadFormSettings(); /* Check the upload directory */ if (!$this->checkUploadDirectory()) { if ($this->error) { return; } } /* Setup Attachment Types */ if (!$this->registry->cache()->getCache('attachtypes') or !is_array($this->registry->cache()->getCache('attachtypes'))) { $attachtypes = array(); $this->DB->build(array('select' => 'atype_extension,atype_mimetype,atype_post,atype_photo,atype_img', 'from' => 'attachments_type', 'where' => "atype_photo=1 OR atype_post=1")); $this->DB->execute(); while ($r = $this->DB->fetch()) { $attachtypes[$r['atype_extension']] = $r; } $this->registry->cache()->updateCacheWithoutSaving('attachtypes', $attachtypes); } /* Can Upload */ if (!$this->attach_stats['allow_uploads']) { $this->error = 'upload_failed'; return; } /* Attachment Library */ require_once IPS_KERNEL_PATH . 'classUpload.php'; $upload = new classUpload(); /* Set up the library */ $upload->out_file_dir = $this->upload_path; $upload->max_file_size = $this->attach_stats['max_single_upload'] ? $this->attach_stats['max_single_upload'] : 1000000000; $upload->make_script_safe = 1; $upload->force_data_ext = 'ipb'; /* Populate allowed extensions */ if (is_array($this->registry->cache()->getCache('attachtypes')) and count($this->registry->cache()->getCache('attachtypes'))) { /* SKINNOTE: I had to add [attachtypes] to this cache to make it work, may need fixing? */ //$tmp = $this->registry->cache()->getCache('attachtypes'); foreach ($this->registry->cache()->getCache('attachtypes') as $idx => $data) { if ($data['atype_post']) { $upload->allowed_file_ext[] = $data['atype_extension']; } } } /* Attempt to upload everything int he $_FILES array */ $upload_results = array(); if (isset($_FILES) && is_array($_FILES) && count($_FILES)) { foreach ($_FILES as $_field_name => $data) { if (!$_FILES[$_field_name]['size']) { continue; } /* Set File Name */ $upload->out_file_name = $this->type . '-' . $this->memberData['member_id'] . '-' . time() % $_FILES[$_field_name]['size']; /* Set File Name */ $upload->upload_form_field = $_field_name; /* Attachment Data Array */ $attach_data = array('attach_ext' => "", 'attach_file' => "", 'attach_location' => "", 'attach_thumb_location' => "", 'attach_hits' => 0, 'attach_date' => time(), 'attach_temp' => 0, 'attach_post_key' => $this->attach_post_key, 'attach_member_id' => $this->memberData['member_id'], 'attach_rel_id' => $this->attach_rel_id, 'attach_rel_module' => $this->type, 'attach_filesize' => 0); /* Upload... */ $upload->process(); /* Error Check */ if ($upload->error_no) { switch ($upload->error_no) { case 1: // No upload $upload_results[$_field_name] = 'upload_no_file'; break; case 2: // Invalid file ext $upload_results[$_field_name] = 'invalid_mime_type'; break; case 3: // Too big... $upload_results[$_field_name] = 'upload_too_big'; break; case 4: // Cannot move uploaded file $upload_results[$_field_name] = 'upload_failed'; break; case 5: // Possible XSS attack (image isn't an image) $upload_results[$_field_name] = 'upload_failed'; break; } } /* Still Here */ if ($upload->saved_upload_name and @file_exists($upload->saved_upload_name)) { /* Strip off { } and [ ] */ $upload->original_file_name = str_replace(array('[', ']', '{', '}'), "", $upload->original_file_name); $attach_data['attach_filesize'] = @filesize($upload->saved_upload_name); $attach_data['attach_location'] = $this->upload_dir . $upload->parsed_file_name; $attach_data['attach_file'] = $upload->original_file_name; $attach_data['attach_is_image'] = $upload->is_image; $attach_data['attach_ext'] = $upload->real_file_extension; if ($attach_data['attach_is_image'] == 1) { require_once IPS_KERNEL_PATH . "classImage.php"; require_once IPS_KERNEL_PATH . "classImageGd.php"; $image = new classImageGd(); $image->init(array('image_path' => $this->upload_path, 'image_file' => $upload->parsed_file_name)); if ($this->attach_settings['siu_thumb']) { $_thumbName = preg_replace("#^(.*)\\.(\\w+?)\$#", "\\1_thumb.\\2", $upload->parsed_file_name); $thumb_data = $image->resizeImage($this->attach_settings['siu_width'], $this->attach_settings['siu_height']); $image->writeImage($this->upload_path . '/' . $_thumbName); if (is_array($thumb_data)) { $thumb_data['thumb_location'] = $_thumbName; } } if ($thumb_data['thumb_location']) { $attach_data['attach_img_width'] = $thumb_data['originalWidth']; $attach_data['attach_img_height'] = $thumb_data['originalHeight']; $attach_data['attach_thumb_width'] = $thumb_data['newWidth']; $attach_data['attach_thumb_height'] = $thumb_data['newHeight']; $attach_data['attach_thumb_location'] = $this->upload_dir . $thumb_data['thumb_location']; } } /* Add into Database */ $this->DB->insert('attachments', $attach_data); $upload_results[$_field_name] = $this->DB->getInsertId(); } } } return $upload_results; }
/** * Convert an image * * @access public * @param integer Foreign ID number * @param array Data to insert to table * @param string Path to where images are stores * @param boolean If true, loads file data from database, rather than move file * @return boolean Success or fail **/ public function convertImage($id, $info, $path, $db = false, $parent = false) { // First remap for gallery 5 foreach ($info as $k => $v) { if (isset($this->_imageRemap[$k])) { $info[$this->_imageRemap[$k]] = $v; unset($info[$k]); } else { $info[$k] = $v; } } unset($info['image_id']); // Check we have a path //if (!$this->settings['gallery_images_path']) //{ // $this->logError($id, 'Your IP.Gallery uploads path has not been configured'); // return false; //} if (!file_exists($this->settings['gallery_images_path'] . '/gallery')) { if (!mkdir($this->settings['gallery_images_path'] . '/gallery', 0777)) { $this->error('"gallery" folder does not exist in the uploads directory.'); return false; } } if (!is_writable($this->settings['gallery_images_path'])) { $this->error('"gallery" folder is not writable.'); return false; } //----------------------------------------- // Make sure we have everything we need //----------------------------------------- if (!$id) { $this->logError($id, 'No ID number provided'); return false; } // Need image path if was not stored in database if (!$path and !$db) { $this->logError($id, 'No path provided'); return false; } // Be sure to have member id if (!$info['image_member_id']) { $this->logError($id, 'No member ID provided'); return false; } // Need to store in either category or album if (!$info['image_album_id']) { $this->logError($id, 'No album ID provided'); return false; } // Check if a masked name was provided. If not, just use the filename. $info['image_masked_file_name'] = $info['image_masked_file_name'] ? $info['image_masked_file_name'] : $info['image_file_name']; if (!$db and !$info['image_masked_file_name']) { $this->logError($id, 'No filename provided'); return false; } // Make sure image data was provided if stored in database. if ($db && !$info['image_data']) { $this->logError($id, 'No file data provided'); return false; } if (isset($info['image_directory']) && $info['image_directory'] != '') { $oldPath = $path; $path = $path . '/' . trim($info['image_directory'], '/'); } // Check the file actually exists if (!$db && !file_exists($path . '/' . $info['image_masked_file_name'])) { if (!file_exists($oldPath . '/' . $info['image_masked_file_name'])) { $this->logError($id, 'Could not locate file ' . $path . '/' . $info['image_masked_file_name']); return false; } $path = $oldPath; } $albumID = $this->getLink($info['image_album_id'], 'gallery_albums', true); if ($albumID) { if (isset($info['image_category_id'])) { $categoryID = $this->getLink($info['image_category_id'], 'gallery_categories', true); $info['image_category_id'] = $categoryID; } else { $info['image_category_id'] = ipsRegistry::$settings['gallery_members_album']; } $info['image_album_id'] = $albumID; } else { $info['image_category_id'] = $this->getLink($info['image_album_id'], 'gallery_categories'); $info['image_album_id'] = 0; } //----------------------------------------- // Set up array //----------------------------------------- $imageArray = array('image_member_id' => $this->getLink($info['image_member_id'], 'members', false, $this->useLocalLink), 'image_album_id' => $info['image_album_id'], 'image_category_id' => $info['image_category_id'], 'image_caption' => $info['image_caption'] ? $info['image_caption'] : 'No caption', 'image_description' => $info['image_description'], 'image_directory' => '', 'image_file_name' => $info['image_file_name'], 'image_approved' => $info['image_approved'], 'image_thumbnail' => 0, 'image_views' => intval($info['image_views']), 'image_comments' => intval($info['image_comments']), 'image_date' => intval($info['image_date']), 'image_ratings_total' => intval($info['image_ratings_total']), 'image_ratings_count' => intval($info['image_ratings_count']), 'image_caption_seo' => IPSText::makeSeoTitle($info['image_caption']), 'image_notes' => $info['image_notes'], 'image_rating' => intval($info['image_ratings_total']) > 0 ? intval($info['image_ratings_total']) / intval($info['image_ratings_count']) : 0, 'image_privacy' => $info['image_privacy']); if (!isset($info['image_file_size'])) { $imageArray['image_file_size'] = @filesize($path . '/' . $info['image_masked_file_name']); } else { $imageArray['image_file_size'] = $info['image_file_size']; } // Fields still required = array( 'file_name', 'file_type', 'masked_file_name', 'medium_file_name'); // Fields optional = array( 'file_size', 'pinned', 'media', 'credit_info', 'metadata', 'media_thumb'); $_file = IPSLib::getAppDir('gallery') . '/app_class_gallery.php'; $_name = 'app_class_gallery'; $galleryLibObject = null; if (file_exists($_file)) { $classToLoad = IPSLib::loadLibrary($_file, $_name); $galleryLibObject = new $classToLoad($this->registry); } require_once IPS_KERNEL_PATH . 'classUpload.php'; $upload = new classUpload(); $dir = $this->registry->gallery->helper('upload')->createDirectoryName($imageArray['image_album_id'], $imageArray['image_category_id']); if (!is_dir($this->settings['gallery_images_path'] . DIRECTORY_SEPARATOR . $dir)) { $this->error('Could not create directory to store images, please check <b>permissions (0777)</b> and <b>ownership</b> on "' . $this->settings['gallery_images_path'] . '/gallery/"'); } $ext = $upload->_getFileExtension($info['image_file_name']); $container = $imageArray['image_category_id']; if ($imageArray['image_album_id']) { $container = $imageArray['image_album_id']; } $new_name = "gallery_{$info['image_member_id']}_" . $container . "_" . time() . '_' . $id . '.' . $ext; $imageArray['image_masked_file_name'] = $new_name; $new_file = $this->settings['gallery_images_path'] . '/' . $dir . '/' . $new_name; // stop image_directory being category_ and album_ if (($imageArray['image_album_id'] != 0 || isset($imageArray['image_album_id']) || !empty($imageArray['image_album_id'])) && ($imageArray['image_category_id'] != 0 || isset($imageArray['image_category_id']) || !empty($imageArray['image_category_id']))) { // Set directory $imageArray['image_directory'] = $imageArray['image_album_id'] ? 'gallery/album_' . $imageArray['image_album_id'] : 'gallery/category_' . $imageArray['image_category_id']; } else { $imageArray['image_directory'] = ''; } if ($imageArray['image_directory'] == 'gallery/category_' || $imageArray['image_directory'] == 'gallery/album_') { $imageArray['image_directory'] = ''; } // Create the file from the db if that's the case if ($db) { $this->createFile($new_name, $info['image_data'], $info['image_file_size'], $this->settings['gallery_images_path'] . '/' . substr($dir, 0, -1)); } else { // Copy the file to its end IP.Gallery location if (!@copy($path . '/' . $info['image_masked_file_name'], $new_file)) { $e = error_get_last(); $this->logError($id, 'Could not move file - attempted to move ' . $path . '/' . $info['image_masked_file_name'] . ' to ' . $new_file . '<br />' . $e['message'] . '<br /><br />'); return false; } } @chmod($new_file, 0777); if (method_exists($upload, 'check_xss_infile')) { $upload->saved_upload_name = $new_file; $upload->check_xss_infile(); if ($upload->error_no == 5) { $this->logError($id, 'Invalid XSS file: ' . $info['image_file_name'] . '<br /><br />'); return false; } } //------------------------------------------------------------- // Exif/IPTC support? //------------------------------------------------------------- $meta_data = array(); if ($this->settings['gallery_exif']) { $meta_data = array_merge($meta_data, $this->registry->gallery->helper('image')->extractExif($new_file)); } if ($this->settings['gallery_iptc']) { $meta_data = array_merge($meta_data, $this->registry->gallery->helper('image')->extractIptc($new_file)); } $imageArray['image_metadata'] = serialize($meta_data); //------------------------------------------------------------- // Pass to library //------------------------------------------------------------- $media = 0; $imageArray['image_media'] = $this->_isImage($ext) ? 0 : 1; $imageArray['image_medium_file_name'] = 'med_' . $new_name; $imageArray['image_file_type'] = $this->registry->gallery->helper('image')->getImageType($new_file); // Go $this->DB->insert('gallery_images', $imageArray); $inserted_id = $this->DB->getInsertId(); // Permissions $prefix = ipsRegistry::dbFunctions()->getPrefix(); $this->DB->query("UPDATE {$prefix}gallery_images i, {$prefix}permission_index p SET i.image_parent_permission=p.perm_view WHERE p.app='gallery' AND p.perm_type='categories' AND p.perm_type_id=i.image_category_id"); //----------------------------------------- // Add link //----------------------------------------- $this->addLink($inserted_id, $id, 'gallery_images'); return true; }
/** * Rebuild Attachment Data * * @access public * @return void */ public function rebuildAttachdata() { /* Upload Class */ require_once IPS_KERNEL_PATH . 'classUpload.php'; $upload = new classUpload(); //----------------------------------------- // Set up //----------------------------------------- $done = 0; $start = intval($this->request['st']) >= 0 ? intval($this->request['st']) : 0; $end = intval($this->request['pergo']) ? intval($this->request['pergo']) : 100; $dis = $end + $start; $output = array(); //----------------------------------------- // Got any more? //----------------------------------------- $tmp = $this->DB->buildAndFetch(array('select' => 'attach_id', 'from' => 'attachments', 'limit' => array($dis, 1))); $max = intval($tmp['attach_id']); //----------------------------------------- // Avoid limit... //----------------------------------------- $this->DB->build(array('select' => '*', 'from' => 'attachments', 'order' => 'attach_id ASC', 'limit' => array($start, $end))); $outer = $this->DB->execute(); //----------------------------------------- // Process... //----------------------------------------- while ($r = $this->DB->fetch($outer)) { //----------------------------------------- // Get ext //----------------------------------------- $update = array(); $update['attach_ext'] = $upload->_getFileExtension($r['attach_file']); if ($r['attach_location']) { if (file_exists($this->settings['upload_dir'] . '/' . $r['attach_location'])) { $update['attach_filesize'] = @filesize($this->settings['upload_dir'] . '/' . $r['attach_location']); if ($r['attach_is_image']) { $dims = @getimagesize($this->settings['upload_dir'] . '/' . $r['attach_location']); if ($dims[0] and $dims[1]) { $update['attach_img_width'] = $dims[0]; $update['attach_img_height'] = $dims[1]; } } } } if (count($update)) { $this->DB->update('attachments', $update, 'attach_id=' . $r['attach_id']); } $done++; } //----------------------------------------- // Finish - or more?... //----------------------------------------- if (!$done and !$max) { //----------------------------------------- // Done.. //----------------------------------------- $text = $this->lang->words['re_rebuildcomp'] . implode("<br />", $output); $url = "{$this->settings['base_url']}{$this->form_code}"; $time = 2; } else { //----------------------------------------- // More.. //----------------------------------------- $thisgoeshere = sprintf($this->lang->words['re_thisgoeshere'], $dis); $text = $thisgoeshere . implode("<br />", $output); $url = "{$this->settings['base_url']}{$this->form_code}&do={$this->request['do']}&pergo={$this->request['pergo']}&st={$dis}"; $time = 0; } //----------------------------------------- // Bye.... //----------------------------------------- $this->registry->output->redirect($url, $text, $time); }