/** * Upload new photo, delete old photo * * @param string $delete_photo 'on': delete old photo * @return string filename of new photo (empty = no new photo) * */ function handlePhotoUpload($delete_photo = '') { global $_CONF, $_TABLES, $_USER, $LANG24; require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'userphotos')) { $display = COM_siteHeader('menu', $LANG24[30]); $display .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $upload->printErrors(false); $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $display .= COM_siteFooter(); COM_output($display); exit; // don't return } $filename = ''; if (!empty($delete_photo) && $delete_photo == 'on') { $delete_photo = true; } else { $delete_photo = false; } $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}"); if (empty($curphoto)) { $delete_photo = false; } // see if user wants to upload a (new) photo $newphoto = $_FILES['photo']; if (!empty($newphoto['name'])) { $pos = strrpos($newphoto['name'], '.') + 1; $fextension = substr($newphoto['name'], $pos); $filename = $_USER['username'] . '.' . $fextension; if (!empty($curphoto) && $filename != $curphoto) { $delete_photo = true; } else { $delete_photo = false; } } // delete old photo first if ($delete_photo) { USER_deletePhoto($curphoto); } // now do the upload if (!empty($filename)) { $upload->setFileNames($filename); $upload->setPerms('0644'); if ($_CONF['max_photo_width'] > 0 && $_CONF['max_photo_height'] > 0) { $upload->setMaxDimensions($_CONF['max_photo_width'], $_CONF['max_photo_height']); } else { $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); } if ($_CONF['max_photo_size'] > 0) { $upload->setMaxFileSize($_CONF['max_photo_size']); } else { $upload->setMaxFileSize($_CONF['max_image_size']); } $upload->uploadFiles(); if ($upload->areErrors()) { $display = COM_siteHeader('menu', $LANG24[30]); $display .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $upload->printErrors(false); $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $display .= COM_siteFooter(); COM_output($display); exit; // don't return } } else { if (!$delete_photo && !empty($curphoto)) { $filename = $curphoto; } } return $filename; }
function nexform_uploadfile($filename, &$upload_file, $allowablefiletypes) { global $_FILES, $_CONF, $_TABLES, $CONF_FE, $LANG_FE_ERR; include_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); $upload->setPath($CONF_FE['uploadpath']); $upload->setLogging(true); $upload->setAutomaticResize(false); $upload->setAllowedMimeTypes($allowablefiletypes); // Set max dimensions as well in case user is uploading a full size image $upload->setMaxDimensions($CONF_FE['max_uploadimage_width'], $CONF_FE['max_uploadimage_height']); $upload->setMaxFileSize($CONF_FE['max_uploadfile_size']); if (strlen($upload_file['name']) > 0) { $upload->setFileNames($filename); $upload->setPerms(FE_CHMOD_FILES); $upload->_currentFile = $upload_file; // Verify file meets size limitations if (!$upload->_fileSizeOk()) { $upload->_addError('File, ' . $upload->_currentFile['name'] . ', is bigger than the ' . $upload->_maxFileSize . ' byte limit'); } // If all systems check, do the upload if ($upload->checkMimeType() and $upload->_imageSizeOK() and !$upload->areErrors()) { if ($upload->_copyFile()) { $upload->_uploadedFiles[] = $upload->_fileUploadDirectory . '/' . $upload->_getDestinationName(); } } $upload->_currentFile = array(); if ($upload->areErrors() and !$upload->_continueOnError) { $errmsg = "nexform: upload function error:" . $upload->printErrors(false); COM_errorLog($errmsg); $GLOBALS['fe_errmsg'] = $LANG_FE_ERR['upload1'] . ':<BR>' . $upload->printErrors(false); return false; } return true; } else { return false; } return false; }
function addDownload() { global $_CONF, $_USER, $_TABLES, $filemgmt_FileStoreURL, $filemgmt_FileSnapURL, $filemgmt_FileStore, $filemgmt_SnapStore; global $myts, $eh, $_FMDOWNLOAD, $filemgmtFilePermissions; if (defined('DEMO_MODE')) { redirect_header($_CONF['site_url'] . "/index.php", 10, 'Uploads are disabled in demo mode'); exit; } $title = $myts->makeTboxData4Save($_POST['title']); $homepage = $myts->makeTboxData4Save($_POST['homepage']); $version = $myts->makeTboxData4Save($_POST['version']); $description = $myts->makeTareaData4Save($_POST['description']); $commentoption = $_POST['commentoption']; $fileurl = COM_applyFilter($_POST['fileurl']); $submitter = $_USER['uid']; $errormsg = ""; // Check if Title blank if ($title == "") { $eh->show("1104"); } // Check if Description blank if ($description == "") { $eh->show("1105"); } // Check if a file was uploaded if ($_FILES['newfile']['size'] == 0 && empty($fileurl)) { $eh->show("1017"); } if (!empty($_POST['cid'])) { $cid = $_POST['cid']; } else { $cid = 0; $eh->show("1110"); } $filename = ''; //$myts->makeTboxData4Save($_FILES['newfile']['name']); $url = ''; //$myts->makeTboxData4Save(rawurlencode($filename)); $snapfilename = ''; // = $myts->makeTboxData4Save($_FILES['newfileshot']['name']); $logourl = ''; //$myts->makeTboxData4Save(rawurlencode($snapfilename)); require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); $upload->setFieldName('newfile'); $upload->setPath($filemgmt_FileStore); $upload->setAllowAnyMimeType(true); // allow any file type $upload->setMaxFileSize(100000000); if ($upload->numFiles() > 0) { $upload->uploadFiles(); if ($upload->areErrors()) { $errmsg = "Upload Error: " . $upload->printErrors(false); COM_errorLog($errmsg); $eh->show("1106"); } else { $size = $myts->makeTboxData4Save(intval($upload->_currentFile['size'])); $filename = $myts->makeTboxData4Save($upload->_currentFile['name']); $url = $myts->makeTboxData4Save(rawurlencode($filename)); $pos = strrpos($filename, '.') + 1; $fileExtension = strtolower(substr($filename, $pos)); if (array_key_exists($fileExtension, $_FMDOWNLOAD)) { if ($_FMDOWNLOAD[$fileExtension] == 'reject') { COM_errorLOG("AddNewFile - New Upload file is rejected by config rule:{$uploadfilename}"); $eh->show("1109"); } else { $fileExtension = $_FMDOWNLOAD[$fileExtension]; $pos = strrpos($url, '.') + 1; $url = strtolower(substr($url, 0, $pos)) . $fileExtension; $pos2 = strrpos($filename, '.') + 1; $filename = substr($filename, 0, $pos2) . $fileExtension; } } $AddNewFile = true; } } if ($upload->numFiles() == 0 && !$upload->areErrors() && !empty($fileurl)) { $url = $fileurl; $size = 0; $AddNewFile = true; } $upload = new upload(); $upload->setFieldName('newfileshot'); $upload->setPath($filemgmt_SnapStore); $upload->setAllowAnyMimeType(false); $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); $upload->setAutomaticResize(true); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxDimensions(640, 480); $upload->setAutomaticResize(true); $upload->setMaxFileSize(100000000); $upload->uploadFiles(); if ($upload->numFiles() > 0) { if ($upload->areErrors()) { $errmsg = "Upload Error: " . $upload->printErrors(false); COM_errorLog($errmsg); $eh->show("1106"); } else { $snapfilename = $myts->makeTboxData4Save($upload->_currentFile['name']); $logourl = $myts->makeTboxData4Save(rawurlencode($snapfilename)); $AddNewFile = true; } } if ($AddNewFile) { $chown = @chmod($filemgmt_FileStore . $filename, $filemgmtFilePermissions); if (strlen($version) > 9) { $version = substr($version, 0, 8); } $fields = 'cid, title, url, homepage, version, size, logourl, submitter, status, date, hits, rating, votes, comments'; $sql = "INSERT INTO {$_TABLES['filemgmt_filedetail']} ({$fields}) VALUES "; $sql .= "('" . DB_escapeString($cid) . "','" . $title . "','" . $url . "','" . $homepage . "','" . $version . "','" . $size . "','" . $logourl . "','" . DB_escapeString($submitter) . "',1,UNIX_TIMESTAMP(),0,0,0,'" . DB_escapeString($commentoption) . "')"; DB_query($sql); $newid = DB_insertID(); DB_query("INSERT INTO {$_TABLES['filemgmt_filedesc']} (lid, description) VALUES ({$newid}, '" . $description . "')"); PLG_itemSaved($newid, 'filemgmt'); CACHE_remove_instance('whatsnew'); if (isset($duplicatefile) && $duplicatefile) { redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php", 2, _MD_NEWDLADDED_DUPFILE); } elseif (isset($duplicatesnap) && $duplicatesnap) { redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php", 2, _MD_NEWDLADDED_DUPSNAP); } else { redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php", 2, _MD_NEWDLADDED); } exit; } else { redirect_header("index.php", 2, _MD_ERRUPLOAD . ""); exit; } }
function _ff_uploadfile($filename, &$upload_file, $allowablefiletypes, $use_filemgmt = 0) { global $_FILES, $_CONF, $_TABLES, $_FF_CONF, $LANG_GF00, $filemgmt_FileStore; USES_class_upload(); $upload = new upload(); if ($use_filemgmt == 1) { $upload->setPath($filemgmt_FileStore); } else { $upload->setPath($_FF_CONF['uploadpath']); } $upload->setLogging(true); $upload->setAllowedMimeTypes($allowablefiletypes); // Set max dimensions as well in case user is uploading a full size image $upload->setMaxDimensions($_FF_CONF['max_uploadimage_width'], $_FF_CONF['max_uploadimage_height']); if (!isset($_FF_CONF['max_uploadimage_size']) || $_FF_CONF['max_uploadimage_size'] == 0) { $upload->setMaxFileSize(100000000); } else { $upload->setMaxFileSize($_FF_CONF['max_uploadimage_size']); } $upload->setAutomaticResize(true); if (strlen($upload_file['name']) > 0) { $upload->setFileNames($filename); $upload->setPerms($_FF_CONF['fileperms']); $upload->_currentFile = $upload_file; // Verify file meets size limitations if (!$upload->_fileSizeOk()) { $upload->_addError('File, ' . $upload->_currentFile['name'] . ', is bigger than the ' . $upload->_maxFileSize . ' byte limit'); } // If all systems check, do the upload if ($upload->checkMimeType() and $upload->_imageSizeOK() and !$upload->areErrors()) { if ($upload->_copyFile()) { $upload->_uploadedFiles[] = $upload->_fileUploadDirectory . '/' . $upload->_getDestinationName(); } } $upload->_currentFile = array(); if ($upload->areErrors() and !$upload->_continueOnError) { $errmsg = "Forum Upload Attachment Error:" . $upload->printErrors(false); COM_errorlog($errmsg); $GLOBALS['ff_errmsg'] = $LANG_GF00['uploaderr'] . ':<br/>' . $upload->printErrors(false); return false; } return true; } else { return false; } return false; }
/** * Submit a new or updated story. The story is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_submit_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS; if (!SEC_hasRights('story.edit')) { $output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); return PLG_RET_AUTH_FAILED; } require_once $_CONF['path_system'] . 'lib-comment.php'; $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { /* This is EDIT mode, so there should be an old sid */ if (empty($args['old_sid'])) { if (!empty($args['id'])) { $args['old_sid'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sid'])) { $args['sid'] = $args['old_sid']; } } } else { if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } } /* Store the first CATEGORY as the Topic ID */ if (!empty($args['category'][0])) { $args['tid'] = $args['category'][0]; } $content = ''; if (!empty($args['content'])) { $content = $args['content']; } else { if (!empty($args['summary'])) { $content = $args['summary']; } } if (!empty($content)) { $parts = explode('[page_break]', $content); if (count($parts) == 1) { $args['introtext'] = $content; $args['bodytext'] = ''; } else { $args['introtext'] = array_shift($parts); $args['bodytext'] = implode('[page_break]', $parts); } } /* Apply filters to the parameters passed by the webservice */ if ($args['gl_svc']) { if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (isset($args['editopt'])) { $args['editopt'] = COM_applyBasicFilter($args['editopt']); } } /* - START: Set all the defaults - */ if (empty($args['tid'])) { // see if we have a default topic $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')); if (!empty($topic)) { $args['tid'] = $topic; } else { // otherwise, just use the first one $o = array(); $s = array(); if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) { $args['tid'] = $o[0]; } else { $svc_msg['error_desc'] = 'No topics available'; return PLG_RET_ERROR; } } } if (empty($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']); } if (empty($args['postmode'])) { $args['postmode'] = $_CONF['postmode']; if (!empty($args['content_type'])) { if ($args['content_type'] == 'text') { $args['postmode'] = 'text'; } else { if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') { $args['postmode'] = 'html'; } } } } if ($args['gl_svc']) { /* Permissions */ if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_CONF['default_permissions_story'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_CONF['default_permissions_story'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_CONF['default_permissions_story'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_CONF['default_permissions_story'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['draft_flag'])) { $args['draft_flag'] = $_CONF['draft_flag']; } if (empty($args['frontpage'])) { $args['frontpage'] = $_CONF['frontpage']; } if (empty($args['show_topic_icon'])) { $args['show_topic_icon'] = $_CONF['show_topic_icon']; } } /* - END: Set all the defaults - */ // TEST CODE /* foreach ($args as $k => $v) { if (!is_array($v)) { echo "$k => $v\r\n"; } else { echo "$k => $v\r\n"; foreach ($v as $k1 => $v1) { echo " $k1 => $v1\r\n"; } } }*/ // exit (); // END TEST CODE if (!isset($args['sid'])) { $args['sid'] = ''; } $args['sid'] = COM_sanitizeID($args['sid']); if (!$gl_edit) { if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) { $args['sid'] = WS_makeId($args['slug'], STORY_MAX_ID_LENGTH); } } $story = new Story(); $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit && !empty($args['gl_etag'])) { /* First load the original story to check if it has been modified */ $result = $story->loadFromDatabase($args['sid']); if ($result == STORY_LOADED_OK) { if ($args['gl_etag'] != date('c', $story->_date)) { $svc_msg['error_desc'] = 'A more recent version of the story is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'Error loading story'; return PLG_RET_ERROR; } } /* This function is also doing the security checks */ $result = $story->loadFromArgsArray($args); $sid = $story->getSid(); switch ($result) { case STORY_DUPLICATE_SID: $output .= COM_siteHeader('menu', $LANG24[5]); $output .= COM_errorLog($LANG24[24], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output .= COM_siteFooter(); return PLG_RET_ERROR; case STORY_EXISTING_NO_EDIT_PERMISSION: $output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; case STORY_NO_ACCESS_PARAMS: $output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; case STORY_EMPTY_REQUIRED_FIELDS: $output .= COM_siteHeader('menu'); $output .= COM_errorLog($LANG24[31], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output .= COM_siteFooter(); return PLG_RET_ERROR; default: break; } /* Image upload is not supported by the web-service at present */ if (!$args['gl_svc']) { // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); STORY_deleteImage($ai_filename); DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); next($args['delete']); } } // OK, let's upload any pictures with the article if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) { $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1; } else { $index_start = 1; } if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CONF['maximagesperarticle']); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if ($_CONF['keep_unscaled_image'] == 1) { $upload->keepOriginalImage(true); } else { $upload->keepOriginalImage(false); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'articles')) { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $upload->printErrors(false); $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); $upload->setMaxFileSize($_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $end_index = $index_start + $upload->numFiles() - 1; for ($z = $index_start; $z <= $end_index; $z++) { $curfile = current($_FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $sid . '_' . $z . '.' . $fextension; } next($_FILES); } $upload->setFileNames($filenames); reset($_FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $retval = COM_siteHeader('menu', $LANG24[30]); $retval .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $upload->printErrors(false); $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); echo $retval; exit; } reset($filenames); for ($z = $index_start; $z <= $end_index; $z++) { DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')"); next($filenames); } } if ($_CONF['maximagesperarticle'] > 0) { $errors = $story->insertImages(); if (count($errors) > 0) { $output = COM_siteHeader('menu', $LANG24[54]); $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG24[55] . '<p>'; for ($i = 1; $i <= count($errors); $i++) { $output .= current($errors) . '<br' . XHTML . '>'; next($errors); } $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= storyeditor($sid); $output .= COM_siteFooter(); echo $output; exit; } } } $result = $story->saveToDatabase(); if ($result == STORY_SAVED) { // see if any plugins want to act on that story if (!empty($args['old_sid']) && $args['old_sid'] != $sid) { PLG_itemSaved($sid, 'article', $args['old_sid']); } else { PLG_itemSaved($sid, 'article'); } // update feed(s) and Older Stories block COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid); COM_olderStuff(); CMT_updateCommentcodes(); if ($story->type == 'submission') { $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9'); } else { $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9); } /* @TODO Set the object id here */ $svc_msg['id'] = $sid; return PLG_RET_OK; } }
function CLASSIFIEDS_saveImage($ad, $FILES, $clid) { global $_CONF, $_CLASSIFIEDS_CONF, $_TABLES, $LANG24; $args =& $ad; // Handle Magic GPC Garbage: while (list($key, $value) = each($args)) { if (!is_array($value)) { $args[$key] = COM_stripslashes($value); } else { while (list($subkey, $subvalue) = each($value)) { $value[$subkey] = COM_stripslashes($subvalue); } } } // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $pi_filename = DB_getItem($_TABLES['cl_pic'], 'pi_filename', 'pi_pid = ' . $clid . ' AND pi_img_num = ' . key($args['delete'])); CLASSIFIEDS_deleteImage($pi_filename); DB_query("DELETE FROM {$_TABLES['cl_pic']} WHERE pi_pid = " . $clid . " AND pi_img_num = " . key($args['delete'])); next($args['delete']); } } // OK, let's upload any pictures with the ad if (DB_count($_TABLES['cl_pic'], 'pi_pid', $clid) > 0) { $index_start = DB_getItem($_TABLES['cl_pic'], 'max(pi_img_num)', "pi_pid = '" . $clid . "'") + 1; } else { $index_start = 1; } if (count($FILES) > 0 and $_CLASSIFIEDS_CONF['max_images_per_ad'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); //Debug with story debug function if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CLASSIFIEDS_CONF['max_images_per_ad']); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); $upload->keepOriginalImage(false); if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CLASSIFIEDS_CONF['path_images'])) { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $upload->printErrors(false); $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CLASSIFIEDS_CONF['max_image_width'], $_CLASSIFIEDS_CONF['max_image_height']); $upload->setMaxFileSize($_CLASSIFIEDS_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $end_index = $index_start + $upload->numFiles() - 1; for ($z = $index_start; $z <= $end_index; $z++) { $curfile = current($FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $clid . '_' . $z . '.' . $fextension; } next($FILES); } $upload->setFileNames($filenames); reset($FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $retval = COM_siteHeader('menu', $LANG24[30]); $retval .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $upload->printErrors(false); $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); echo $retval; exit; } reset($filenames); for ($z = $index_start; $z <= $end_index; $z++) { DB_query("INSERT INTO {$_TABLES['cl_pic']} (pi_pid, pi_img_num, pi_filename) VALUES ('" . $clid . "', {$z}, '" . current($filenames) . "')"); next($filenames); } } return true; }
function nf_uploadfile($filename, &$upload_file, $allowablefiletypes, $filestore_path) { global $_FILES, $_CONF, $_TABLES, $CONF_NF, $LANG_GF00; include_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); $upload->setPath($filestore_path); $upload->setLogging(true); $upload->setAutomaticResize(false); $upload->setAllowedMimeTypes($allowablefiletypes); $upload->setMaxFileSize($CONF_NF['max_uploadfile_size']); if (strlen($upload_file['name']) > 0) { $upload->setFileNames($filename); $upload->setPerms($CONF_NF['fileperms']); $upload->_currentFile = $upload_file; // Verify file meets size limitations if (!$upload->_fileSizeOk()) { $upload->_addError('File, ' . $upload->_currentFile['name'] . ', is bigger than the ' . $upload->_maxFileSize . ' byte limit'); } // If all systems check, do the upload if ($upload->checkMimeType() and $upload->_imageSizeOK() and !$upload->areErrors()) { if ($upload->_copyFile()) { $upload->_uploadedFiles[] = $upload->_fileUploadDirectory . '/' . $upload->_getDestinationName(); } } $upload->_currentFile = array(); if ($upload->areErrors() and !$upload->_continueOnError) { $errmsg = "Workflow Upload Attachment Error:" . $upload->printErrors(false); COM_errorlog($errmsg); $GLOBALS['nf_errmsg'] = $LANG_GF00['uploaderr'] . ':<BR>' . $upload->printErrors(false); return false; } return true; } else { return false; } return false; }
/** * Upload new topic icon, replaces previous icon if one exists * * @param string tid ID of topic to prepend to filename * @return string filename of new photo (empty = no new photo) * */ function handleIconUpload($tid) { global $_CONF, $_TABLES, $LANG27; require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'topics')) { $display = COM_showMessageText($upload->printErrors(false), $LANG27[29]); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[29])); COM_output($display); exit; // don't return } $filename = ''; // see if user wants to upload a (new) icon $newicon = $_FILES['newicon']; if (!empty($newicon['name'])) { $pos = strrpos($newicon['name'], '.') + 1; $fextension = substr($newicon['name'], $pos); $filename = 'topic_' . $tid . '.' . $fextension; } // do the upload if (!empty($filename)) { $upload->setFileNames($filename); $upload->setPerms('0644'); if ($_CONF['max_topicicon_width'] > 0 && $_CONF['max_topicicon_height'] > 0) { $upload->setMaxDimensions($_CONF['max_topicicon_width'], $_CONF['max_topicicon_height']); } else { $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); } if ($_CONF['max_topicicon_size'] > 0) { $upload->setMaxFileSize($_CONF['max_topicicon_size']); } else { $upload->setMaxFileSize($_CONF['max_image_size']); } $upload->uploadFiles(); if ($upload->areErrors()) { $display = COM_showMessageText($upload->printErrors(false), $LANG27[29]); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[29])); COM_output($display); exit; // don't return } if (strpos($_CONF['path_images'], $_CONF['path_html']) === 0) { $filename = substr($_CONF['path_images'], strlen($_CONF['path_html']) - 1) . 'topics/' . $filename; } else { /** * Not really used when the 'path_images' is outside of the webroot. * Let's at least extract the name of the images directory then. */ $images = 'images'; $parts = explode('/', $_CONF['path_images']); if (count($parts) > 1) { $cnt = count($parts); // e.g. from /path/to/myimages/ would extract "myimages" if (empty($parts[$cnt - 1]) && !empty($parts[$cnt - 2])) { $images = $parts[$cnt - 2]; } $filename = '/' . $images . '/topics/' . $filename; } } } return $filename; }
/** * Upload new topic icon, replaces previous icon if one exists * * @param string tid ID of topic to prepend to filename * @return string filename of new photo (empty = no new photo) * */ function TOPIC_iconUpload($tid) { global $_CONF, $_TABLES, $LANG27; require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (!empty($_CONF['image_lib'])) { $upload->setAutomaticResize(true); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'topics')) { $display = COM_siteHeader('menu', $LANG27[29]); $display .= COM_showMessageText($upload->printErrors(false), $LANG27[29], true); $display .= COM_siteFooter(); echo $display; exit; // don't return } $upload->setFieldName('newicon'); $filename = ''; // see if user wants to upload a (new) icon $newicon = $_FILES['newicon']; if (!empty($newicon['name'])) { $pos = strrpos($newicon['name'], '.') + 1; $fextension = substr($newicon['name'], $pos); $filename = 'topic_' . $tid . '.' . $fextension; } // do the upload if (!empty($filename)) { $upload->setFileNames($filename); $upload->setPerms('0644'); if ($_CONF['max_topicicon_width'] > 0 && $_CONF['max_topicicon_height'] > 0) { $upload->setMaxDimensions($_CONF['max_topicicon_width'], $_CONF['max_topicicon_height']); } else { $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); } if ($_CONF['max_topicicon_size'] > 0) { $upload->setMaxFileSize($_CONF['max_topicicon_size']); } else { $upload->setMaxFileSize($_CONF['max_image_size']); } $upload->uploadFiles(); if ($upload->areErrors()) { $display = COM_siteHeader('menu', $LANG27[29]); $display .= COM_showMessageText($upload->printErrors(false), $LANG27[29], true); $display .= COM_siteFooter(); echo $display; exit; // don't return } $filename = '/images/topics/' . $filename; } return $filename; }
/** * Main driver to handle the uploaded plugin * * Determines if a new style (supports automated installer) or * an old style. * * @return string Formatted HTML containing the page body * */ function processPluginUpload() { global $_CONF, $_PLUGINS, $_PLUGIN_INFO, $_TABLES, $pluginData, $LANG_ADMIN, $LANG32, $_DB_dbms, $_DB_table_prefix, $_IMAGE_TYPE; $retval = ''; $upgrade = false; if (count($_FILES) > 0 && $_FILES['pluginfile']['error'] != UPLOAD_ERR_NO_FILE) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads(1); $upload->setMaxFileSize(25165824); $upload->setAllowedMimeTypes(array('application/x-gzip' => '.gz,.gzip,tgz', 'application/zip' => '.zip', 'application/x-tar' => '.tar,.tar.gz,.gz', 'application/x-gzip-compressed' => '.tar.gz,.tgz,.gz')); $upload->setFieldName('pluginfile'); if (!$upload->setPath($_CONF['path_data'] . 'temp')) { return _pi_errorBox($upload->printErrors(false)); exit; } $filename = $_FILES['pluginfile']['name']; $upload->setFileNames($filename); $upload->uploadFiles(); if ($upload->areErrors()) { return _pi_errorBox($upload->printErrors(false)); exit; } $Finalfilename = $_CONF['path_data'] . 'temp/' . $filename; } else { return _pi_errorBox($LANG32[46]); } // decompress into temp directory if (function_exists('set_time_limit')) { @set_time_limit(60); } if (!($tmp = _io_mktmpdir())) { return _pi_errorBox($LANG32[47]); } if (!COM_decompress($Finalfilename, $_CONF['path_data'] . $tmp)) { _pi_deleteDir($_CONF['path_data'] . $tmp); return _pi_errorBox($LANG32[48]); } @unlink($Finalfilename); // read XML data file, places in $pluginData; $pluginData = array(); $rc = _pi_parseXML($_CONF['path_data'] . $tmp); if ($rc == -1) { // no xml file found return processOldPlugin($tmp); } if (!isset($pluginData['id']) || !isset($pluginData['version'])) { return processOldPlugin($tmp); } // proper glfusion version if (!COM_checkVersion(GVERSION, $pluginData['glfusionversion'])) { _pi_deleteDir($_CONF['path_data'] . $tmp); return _pi_errorBox(sprintf($LANG32[49], $pluginData['glfusionversion'])); } if (!COM_checkVersion(phpversion(), $pluginData['phpversion'])) { $retval .= sprintf($LANG32[50], $pluginData['phpversion']); _pi_deleteDir($_CONF['path_data'] . $tmp); return _pi_errorBox(sprintf($LANG32[50], $pluginData['phpversion'])); } // check prerequisites $errors = ''; if (isset($pluginData['requires']) && is_array($pluginData['requires'])) { foreach ($pluginData['requires'] as $reqPlugin) { list($reqPlugin, $required_ver) = explode(',', $reqPlugin); if (!isset($_PLUGIN_INFO[$reqPlugin])) { // required plugin not installed $errors .= sprintf($LANG32[51], $pluginData['id'], $reqPlugin, $reqPlugin); } elseif (!empty($required_ver)) { $installed_ver = $_PLUGIN_INFO[$reqPlugin]; if (!COM_checkVersion($installed_ver, $required_ver)) { // required plugin installed, but wrong version $errors .= sprintf($LANG32[90], $required_ver, $reqPlugin, $installed_ver, $reqPlugin); } } } } if ($errors != '') { _pi_deleteDir($_CONF['path_data'] . $tmp); return _pi_errorBox($errors); } // check if plugin already exists // if it does, check that this is an upgrade // if not, error // else validate we really want to upgrade $result = DB_query("SELECT * FROM {$_TABLES['plugins']} WHERE pi_name='" . DB_escapeString($pluginData['id']) . "'"); if (DB_numRows($result) > 0) { $P = DB_fetchArray($result); if ($P['pi_version'] == $pluginData['version']) { _pi_deleteDir($_CONF['path_data'] . $tmp); return _pi_errorBox(sprintf($LANG32[52], $pluginData['id'])); } // if we are here, it must be an upgrade or disabled plugin.... $rc = COM_checkVersion($pluginData['version'], $P['pi_version']); if ($rc < 1) { _pi_deleteDir($_CONF['path_data'] . $tmp); return _pi_errorBox(sprintf($LANG32[53], $pluginData['id'], $pluginData['version'], $P['pi_version'])); } if ($P['pi_enabled'] != 1) { _pi_deleteDir($_CONF['path_data'] . $tmp); return _pi_errorBox($LANG32[72]); } $upgrade = true; } $permError = 0; $permErrorList = ''; if (function_exists('set_time_limit')) { @set_time_limit(30); } // test copy to proper directories list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $pluginData['id'] . '/', $_CONF['path'] . 'plugins/' . $pluginData['id']); if ($rc > 0) { $permError = 1; foreach ($failed as $filename) { $permErrorList .= sprintf($LANG32[41], $filename); } } list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $pluginData['id'] . '/admin/', $_CONF['path_html'] . 'admin/plugins/' . $pluginData['id']); if ($rc > 0) { $permError = 1; foreach ($failed as $filename) { $permErrorList .= sprintf($LANG32[41], $filename); } } list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $pluginData['id'] . '/public_html/', $_CONF['path_html'] . $pluginData['id']); if ($rc > 0) { $permError = 1; foreach ($failed as $filename) { $permErrorList .= sprintf($LANG32[41], $filename); } } if ($permError != 0) { $errorMessage = '<h2>' . $LANG32[42] . '</h2>' . $LANG32[43] . $permErrorList . '<br />' . $LANG32[44]; _pi_deleteDir($_CONF['path_data'] . $tmp); return _pi_errorBox($errorMessage); } USES_lib_admin(); $menu_arr = array(array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $T = new Template($_CONF['path_layout'] . 'admin/plugins'); $T->set_file('form', 'plugin_upload_confirm.thtml'); $T->set_var('admin_menu', ADMIN_createMenu($menu_arr, $pluginData['id'] . ' ' . $LANG32[62], $_CONF['layout_url'] . '/images/icons/plugins.' . $_IMAGE_TYPE)); $T->set_var(array('form_action_url' => $_CONF['site_admin_url'] . '/plugin_upload.php', 'action' => 'processupload', 'pi_name' => $pluginData['id'], 'pi_version' => $pluginData['version'], 'pi_url' => $pluginData['url'], 'pi_gl_version' => $pluginData['glfusionversion'], 'pi_desc' => $pluginData['description'], 'pi_author' => $pluginData['author'], 'plugin_old_version' => $P['pi_version'], 'upgrade' => $upgrade, 'temp_dir' => $tmp)); $retval .= $T->parse('output', 'form'); return $retval; }
protected function _handleImageResize($to_path) { global $_CONF; require_once $_CONF['path_system'] . 'classes/upload.class.php'; // Figure out file name $path_parts = pathinfo($to_path); $filename = $path_parts['basename']; $upload = new upload(); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); // Set new path and image name if (!$upload->setPath($_CONF['path_images'] . 'userphotos')) { return; } // Current path of image to resize $path = $_CONF['path_images'] . 'userphotos/' . $filename; $path_parts = pathinfo($path); $_FILES['imagefile']['name'] = $path_parts['basename']; $_FILES['imagefile']['tmp_name'] = $path; $_FILES['imagefile']['type'] = ''; switch ($path_parts['extension']) { case 'gif': $_FILES['imagefile']['type'] = 'image/gif'; break; case 'jpg': case 'jpeg': $_FILES['imagefile']['type'] = 'image/jpeg'; break; case 'png': $_FILES['imagefile']['type'] = 'image/png'; break; } $_FILES['imagefile']['size'] = filesize($_FILES['imagefile']['tmp_name']); $_FILES['imagefile']['error'] = ''; $_FILES['imagefile']['non_upload'] = true; // Flag to bypass upload process via browser file form // do the upload if (!empty($filename)) { $upload->setFileNames($filename); $upload->setPerms('0644'); if ($_CONF['max_photo_width'] > 0 && $_CONF['max_photo_height'] > 0) { $upload->setMaxDimensions($_CONF['max_photo_width'], $_CONF['max_photo_height']); } else { $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); } if ($_CONF['max_photo_size'] > 0) { $upload->setMaxFileSize($_CONF['max_photo_size']); } else { $upload->setMaxFileSize($_CONF['max_image_size']); } $upload->uploadFiles(); if ($upload->areErrors()) { return; } } return $path; // return new path and filename }
function PAYPAL_saveCatImage($category, $files, $cat_id) { global $_CONF, $_PAY_CONF, $_TABLES, $LANG24; $args = $category; // Handle Magic GPC Garbage: while (list($key, $value) = each($args)) { if (!is_array($value)) { $args[$key] = COM_stripslashes($value); } else { while (list($subkey, $subvalue) = each($value)) { $value[$subkey] = COM_stripslashes($subvalue); } } } // OK, let's upload any pictures with the product require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); //Debug with story debug function if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads(1); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); $upload->keepOriginalImage(false); if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_PAY_CONF['path_cat_images'])) { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $upload->printErrors(false); $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_PAY_CONF['max_image_width'], $_PAY_CONF['max_image_height']); $upload->setMaxFileSize($_PAY_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $curfile = current($files); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames = 'cat_' . $cat_id . '.' . $fextension; } if ($filenames != '') { $upload->setFileNames($filenames); reset($files); $upload->uploadFiles(); if ($upload->areErrors()) { $retval = COM_siteHeader('menu', $LANG24[30]); $retval .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $upload->printErrors(false); $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); echo $retval; exit; } DB_query("UPDATE {$_TABLES['paypal_categories']} SET image = '" . $filenames . "' WHERE cat_id=" . $cat_id); } return true; }
public function testLimitByIP() { $up2 = new upload(); $this->assertTrue($up2->limitByIP(array('213.5.71.85', '213.5.71.86'))); $this->assertFalse($up2->areErrors()); }
function updatePage($mode, $type) { global $_CONF, $_TABLES, $_FILES, $_POST, $CONF_SE, $LANG_SE_ERR; global $_DB_name, $catid, $pageid; include_once $_CONF['path_system'] . 'classes/upload.class.php'; $name = substr(htmlentities($_POST['name']), 0, 32); $pid = ppPrepareForDB($_POST['category']); $old_sid = ppPrepareForDB($_POST['old_sid']); $sid = ppPrepareForDB($_POST['sid'], true, 40); $pageorder = COM_applyFilter($_POST['pageorder'], true); if ($type == 'link') { $menutype = 3; } else { $menutype = COM_applyFilter($_POST['menu_type'], true); } $blkformat = ppPrepareForDB($_POST['blk_format']); $heading = substr(htmlentities($_POST['heading']), 0, 255); $grp_access = ppPrepareForDB($_POST['grp_access']); $imgdelete = $_POST['imgdelete']; $chkscale = $_POST['chkscale']; $submenutype = COM_applyFilter($_POST['rad_submenu'], true); $blockmenutype = COM_applyFilter($_POST['rad_blockmenu'], true); $is_menu_newpage = $_POST['chknewwindow'] == 1 ? 1 : 0; $is_draft = $_POST['chkdraft'] == 1 ? 1 : 0; $show_breadcrumbs = $_POST['chkbreadcrumbs'] == 1 ? 1 : 0; $owner_id = ppPrepareForDB($_POST['owner_id']); $group_id = ppPrepareForDB($_POST['group_id']); $perm_owner = $_POST['perm_owner']; $perm_group = $_POST['perm_group']; $perm_members = $_POST['perm_members']; $perm_anon = $_POST['perm_anon']; $pagetitle = substr(htmlentities($_POST['pagetitle']), 0, 255); $metadesc = ppPrepareForDB($_POST['metadesc']); $metakeywords = ppPrepareForDB($_POST['metakeywords']); // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); // Allow full HTML in the introtext field if (!get_magic_quotes_gpc()) { $content = addslashes($_POST['sitecontent']); $help = addslashes($_POST['help']); } else { $content = $_POST['sitecontent']; $help = $_POST['help']; } if ($sid != '') { $sid = COM_sanitizeID($sid); } if ($sid != '' and DB_count($_TABLES['nexcontent_pages'], 'sid', $sid) > 0) { if ($sid != $old_sid) { $duplicate_sid = true; if ($old_sid == '') { $sid = "{$sid}_{$pid}"; $dupmsg = ' - Duplicate Page ID'; } else { $sid = $old_sid; $dupmsg = ' - Duplicate Page ID, Page ID not changed.'; } } } else { $duplicate_sid = false; } if ($mode == 'add') { $gid = uniqid($_DB_name, FALSE); $category = COM_applyFilter($category, true); if ($type == 'category') { // Create a new record - set the category value to 0 DB_query("INSERT INTO {$_TABLES['nexcontent_pages']} (pid,gid,type) values ({$category},'{$gid}','category')"); $pageid = DB_insertID(); $GLOBALS['statusmsg'] = 'New Category Added'; $query = DB_query("SELECT max(pageorder) FROM {$_TABLES['nexcontent_pages']} WHERE type='category'"); list($maxorder) = DB_fetchArray($query); $order = $maxorder + 10; DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder='{$order}' WHERE id='{$pageid}'"); } else { // Create a new record - need to get the record id for the category DB_query("INSERT INTO {$_TABLES['nexcontent_pages']} (pid,gid,type) values ('{$category}','{$gid}','{$type}')"); $pageid = DB_insertID(); $GLOBALS['statusmsg'] = 'New Page Added'; $query = DB_query("SELECT max(pageorder) FROM {$_TABLES['nexcontent_pages']} WHERE pid='category'"); list($maxorder) = DB_fetchArray($query); $order = $maxorder + 10; DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder='{$order}' WHERE id='{$pageid}'"); } } else { if ($type == 'category') { $GLOBALS['statusmsg'] = "{$name} Updated"; } else { $GLOBALS['statusmsg'] = "{$name} Updated"; } if ($duplicate_sid) { $GLOBALS['statusmsg'] .= $dupmsg; } } DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET name='{$name}', blockformat='{$blkformat}', pid='{$pid}', sid='{$sid}', heading='{$heading}',content='{$content}', menutype='{$menutype}', is_menu_newpage='{$is_menu_newpage}', show_submenu='{$submenutype}', show_blockmenu='{$blockmenutype}', show_breadcrumbs='{$show_breadcrumbs}', is_draft='{$is_draft}', owner_id='{$owner_id}', group_id='{$group_id}', perm_owner='{$perm_owner}', perm_group='{$perm_group}', perm_members='{$perm_members}', perm_anon='{$perm_anon}' , pagetitle='{$pagetitle}', meta_description='{$metadesc}', meta_keywords='{$metakeywords}' WHERE id='{$pageid}'"); DB_query("UPDATE {$_TABLES['nexcontent']} SET help='{$help}'"); //update the page order if ($pageorder != '' and $pageid != '') { DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder={$pageorder} WHERE id={$pageid};"); $porder = DB_query("SELECT id FROM {$_TABLES['nexcontent_pages']} WHERE pid={$pid} ORDER BY pageorder ASC;"); $i = 0; while ($ORDER = DB_fetchArray($porder)) { $i += 10; DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder={$i} WHERE id={$ORDER['id']};"); } } $pageImageDir = $CONF_SE['uploadpath'] . "/{$pageid}/"; // Check and see if directories exist if (!file_exists($pageImageDir)) { $mkdir = @mkdir($pageImageDir); $chmod = @chmod($pageImageDir, $CONF_SE['imagedir_perms']); } // Delete any images if needed for ($i = 0; $i < count($imgdelete); $i++) { $curimage = DB_getitem($_TABLES['nexcontent_images'], "imagefile", "page_id='{$pageid}' AND imagenum='{$imgdelete[$i]}'"); $fullimage = $pageImageDir . $curimage; if (!is_dir($fullimage) and file_exists($fullimage)) { if (!unlink($fullimage)) { echo COM_errorLog("Unable to delete image {$fullimage}. Please check file permissions"); $GLOBALS['statusmsg'] = "Unable to delete image {$fullimage}. Please check file permissions"; } } $pos = strrpos($curimage, '.'); $origimage = strtolower(substr($curimage, 0, $pos)); $ext = strtolower(substr($curimage, $pos)); $origimage .= "_original{$ext}"; $fullimage = $pageImageDir . $origimage; if (!is_dir($fullimage) and file_exists($fullimage)) { if (!unlink($fullimage)) { echo COM_errorLog("Unable to delete image {$fullimage}. Please check file permissions"); $GLOBALS['statusmsg'] = "Unable to delete image {$fullimage}. Please check file permissions"; } } $curthumbnail = $pageImageDir . 'tn' . $curimage; if (!is_dir($curthumbnail) and file_exists($curthumbnail)) { if (!unlink($curthumbnail)) { echo COM_errorLog("Unable to delete thumbnail for {$curthumbnail}. Please check file permissions"); $GLOBALS['statusmsg'] = "Unable to delete thumbnail for {$curthumbnail}. Please check file permissions"; } } DB_query("DELETE FROM {$_TABLES['nexcontent_images']} WHERE page_id='{$pageid}' and imagenum='{$imgdelete[$i]}'"); next($imgdelete); } $upload = new upload(); $upload->setLogging(false); $upload->setDebug(false); $upload->setLogFile($_CONF['path_log'] . 'error.log'); $upload->setMaxFileUploads($CONF_SE['max_num_images']); if ($_CONF['image_lib'] == 'imagemagick') { $upload->setMogrifyPath($_CONF['path_to_mogrify']); } else { $upload->setGDLib(); } $upload->setAllowedMimeTypes($CONF_SE['allowableImageTypes']); $upload->setMaxDimensions($CONF_SE['max_upload_width'], $CONF_SE['max_upload_height']); $upload->setMaxFileSize($CONF_SE['max_uploadfile_size']); $upload->setAutomaticResize(true); $upload->keepOriginalImage(true); $upload->setPerms($CONF_SE['image_perms']); if (!$upload->setPath($pageImageDir)) { $GLOBALS['statusmsg'] = $LANG_SE_ERR['upload1'] . ': ' . $upload->printErrors(false); } // OK, let's upload any pictures with this page if (DB_count($_TABLES['nexcontent_images'], 'page_id', $pageid) > 0) { $index_start = DB_getItem($_TABLES['nexcontent_images'], 'max(imagenum)', "page_id = '{$pageid}'") + 1; } else { $index_start = 1; } $index_start = 1; $uniquename = time(); $filenames = array(); $imagenum = array(); for ($z = 1; $z <= $CONF_SE['max_num_images']; $z++) { $curfile = current($_FILES); if (!empty($curfile['name'])) { $filenames[] = $uniquename . $z . '.jpg'; $imagenum[] = substr(key($_FILES), 9, 1); } next($_FILES); } $upload->setFileNames($filenames); reset($_FILES); $upload->setDebug(false); $upload->uploadFiles(); if ($upload->areErrors()) { $GLOBALS['statusmsg'] = $LANG_SE_ERR['upload1'] . ': ' . $upload->printErrors(false); return false; } reset($filenames); reset($imagenum); if (DB_count($_TABLES['nexcontent_pages'], "id", $pageid) > 0) { foreach ($filenames as $pageImage) { $index = current($imagenum); if (file_exists($pageImageDir . $pageImage)) { $src = $pageImageDir . $pageImage; $dest = $pageImageDir . 'tn' . $pageImage; makethumbnail($pageImage, $src, $dest); $iquery = DB_query("SELECT imagefile from {$_TABLES['nexcontent_images']} WHERE page_id='{$pageid}' AND imagenum='{$index}'"); if (DB_numRows($iquery) == 0) { DB_query("INSERT INTO {$_TABLES['nexcontent_images']} (page_id,imagenum,imagefile) values ('{$pageid}', '{$index}','{$pageImage}')"); } elseif (DB_numRows($iquery) == 1) { DB_query("UPDATE {$_TABLES['nexcontent_images']} SET imagefile='{$pageImage}' WHERE page_id='{$pageid}' and imagenum='{$index}'"); } } next($imagenum); } } else { $GLOBALS['statusmsg'] = 'Error saving category'; } // Update the image autoscale option for any images $query = DB_query("SELECT id,imagenum from {$_TABLES['nexcontent_images']} WHERE page_id='{$pageid}'"); while (list($imageid, $imagenum) = DB_fetchArray($query)) { if ($chkscale[$imagenum] == '1') { DB_query("UPDATE {$_TABLES['nexcontent_images']} SET autoscale = '1' WHERE id='{$imageid}' AND imagenum='{$imagenum}'"); } else { DB_query("UPDATE {$_TABLES['nexcontent_images']} SET autoscale = '0' WHERE id='{$imageid}' AND imagenum='{$imagenum}'"); } } }
$p->set_var('navbar', $navbar->generate()); $p->set_var('helpmsg', 'Upload the exported nexflow template that you want to import.'); $action_url = $_CONF['site_admin_url'] . '/plugins/nexflow/import.php'; $p->set_var('action_url', $action_url); $p->parse('output', 'page'); echo $p->finish($p->get_var('output')); echo COM_endBlock(); echo COM_siteFooter(); } else { if (strlen($_FILES['sqlfile']['name']) > 0) { include_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); $upload->setPath($_CONF['path_html'] . 'admin/plugins/nexflow/export'); $upload->setPerms($CONF_NF['fileperms']); $upload->setAllowedMimeTypes(array('text/plain' => '.phps,.php,.txt,.sql')); $upload->setFileNames('nexflow_export.sql'); $upload->uploadFiles(); if ($upload->areErrors()) { $message = 'Upload Error: ' . $upload->printErrors(false); COM_errorLog($message); } else { // Successfully uploaded file that has the import form SQL // The first SQL record is for the new form defintion doImport(); echo COM_refresh($_CONF['site_admin_url'] . '/plugins/nexflow/templates.php'); exit; } } else { echo "<br>Error - no file"; } }
function MAPS_importCSV($FILES = '', $map_id, $separator = ';', $fields, $valid = false, $filename = '') { global $_CONF, $_TABLES, $LANG24, $LANG_MAPS_1, $_USER; if ($map_id == '') { return MAPS_message('Map ID is missing'); } if (!in_array($separator, array(',', 'tab', ';'))) { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/maps/import_export.php'); exit; } if ($valid == false) { // OK, let's upload csv file require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); //Debug with story debug function if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads(1); $upload->setAllowedMimeTypes(array('text/csv' => '.csv', 'text/comma-separated-values' => '.csv', 'application/vnd.ms-excel' => '.csv')); if (!$upload->setPath($_CONF['path_data'])) { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $upload->printErrors(false); $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); echo $output; exit; } // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $curfile = current($FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filename = 'import_markers_' . COM_makesid() . '.' . $fextension; } if ($filename == '') { return MAPS_message('Houston, we have a problem.'); } $upload->setFileNames($filename); reset($FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $msg = $upload->printErrors(false); return MAPS_message($msg, $LANG24[30]); } $retval = '<p>' . $LANG_MAPS_1['markers_to_add'] . ' ' . DB_getItem($_TABLES['maps_maps'], 'name', "mid={$map_id}") . '</p><ul>'; } else { $retval = '<p>' . $LANG_MAPS_1['markers_added'] . ' ' . DB_getItem($_TABLES['maps_maps'], 'name', "mid={$map_id}") . '</p><ul>'; } //open file and record markers $row = 1; $marker = array(); $valid_fields = MAPS_getFieldsImportExport(); if (($handle = fopen($_CONF['path_data'] . $filename, "r")) !== FALSE) { if ($separator == 'tab') { $separator = "\t"; } $iteration = 0; while (($field_read = fgetcsv($handle, 0, $separator)) !== FALSE) { $iteration++; for ($i = 27; $i > -1; $i = $i - 1) { if ($fields[$i] == $valid_fields[$i]) { $marker[$i] = $field_read[$i]; } else { if (!isset($marker[$i])) { $marker[$i] = ''; } while ($position = current($valid_fields)) { if ($position == $fields[$i]) { $key = key($valid_fields); $marker[$key] = $field_read[$i]; } next($valid_fields); } reset($valid_fields); } } if ($marker[3] == '') { ksort($marker); $retval = '<table style="margin:20px;" border="1">'; foreach ($marker as $key => $val) { $retval .= "<tr><td><font size=2>" . $key . "</td><td><font size=2>" . $val . "</td></tr>"; } $retval .= "</table>"; return MAPS_message($LANG_MAPS_1['name_missing'] . ' | Line: ' . $iteration . $retval); } if ($marker[0] == '' && $marker[1] == '') { return MAPS_message($LANG_MAPS_1['need_address']); } if ($valid == false) { $retval .= '<li>#' . $iteration . ' Name: ' . $marker[3] . '<br' . XHTML . '>Address: ' . $marker[0] . '<br' . XHTML . '>Lat: ' . $marker[1] . ' | Lng: ' . $marker[2] . '<br' . XHTML . '>Description: ' . $marker[4] . '<br' . XHTML . '>mk_default: ' . $marker[5] . ' | mk_pcolor: ' . $marker[6] . ' | mk_scolor: ' . $marker[7] . ' | mk_label: ' . $marker[8] . ' | mk_label_color: ' . $marker[9] . '<br' . XHTML . '>street: ' . $marker[10] . '<br' . XHTML . '>code: ' . $marker[11] . ' | city: ' . $marker[12] . '<br' . XHTML . '>state: ' . $marker[13] . ' | country: ' . $marker[14] . '<br' . XHTML . '>tel: ' . $marker[15] . ' | fax: ' . $marker[16] . '<br' . XHTML . '>web: ' . $marker[17] . '<br' . XHTML . '>item_1: ' . $marker[18] . ' | item_2: ' . $marker[19] . ' | item_3: ' . $marker[20] . ' | item_4: ' . $marker[21] . ' | item_5: ' . $marker[22] . ' | item_6: ' . $marker[23] . ' | item_7: ' . $marker[24] . ' | item_8: ' . $marker[25] . ' | item_9: ' . $marker[26] . ' | item_10: |' . $marker[27] . '<br' . XHTML . '>Map id: ' . $map_id . ' | ' . 'Owner id: ' . $_USER['uid'] . '<br' . XHTML . '> '; } else { ksort($marker); $markers = ''; foreach ($marker as $key => $value) { if ($key != 0) { $markers .= ","; } // prepare strings for insertion switch ($key) { case '0': //address $val[0] = $value; $type = array(0 => 'text'); MAPS_filterVars($type, $val); //MAPS_convert_to ( $val[0], $_CONF['default_charset'] ); $address = $val[0]; break; case '1': //lat if ($value == '') { $lat = $lng = ''; $coords = MAPS_getCoords($address, $lat, $lng); $value = $lat; } break; case '2': //lng if ($value == '') { $value = $lng; } break; default: $val[0] = $value; $type = array(0 => 'text'); MAPS_filterVars($type, $val); //MAPS_convert_to ( $val[0], $_CONF['default_charset'] ); $value = $val[0]; break; } $markers .= " '" . $value . "'"; } //pause 1/10 second to avoid $nano = time_nanosleep(0, 100000); if ($nano === true) { $mkid = date('YmdHis') . $iteration; } $created = $modified = date("Ymd"); $sql = "INSERT INTO {$_TABLES['maps_markers']} (\n\t\t\t\t mkid,\n\t\t\t\t mid,\n\t\t\t\t owner_id,\n\t\t\t\t created, modified,\n\t\t\t\t address, lat, lng, name, description, mk_default, mk_pcolor, mk_scolor, mk_label, mk_label_color,\n\t\t\t\t street, code, city, state, country, tel, fax, web, item_1, item_2, item_3, item_4, item_5, item_6,\n\t\t\t\t item_7, item_8, item_9, item_10) VALUES (\n\t\t\t\t {$mkid},\n\t\t\t\t {$map_id},\n\t\t\t\t {$_USER['uid']},\n\t\t\t\t {$created}, {$modified},\n\t\t\t\t {$markers})"; $mkid_exists = DB_getItem($_TABLES['maps_markers'], 'mkid', "mkid={$mkid}"); DB_query("SET character_set_results = 'utf8', character_set_client = 'utf8', character_set_connection = 'utf8', character_set_database = 'utf8', character_set_server = 'utf8'"); if ($mkid_exists == '' and $mkid != '') { DB_query($sql, 0); } else { COM_errorLog('MAPS - Duplicate mkid during import from ' . $filename); } $mkid = ''; $retval .= '<li>' . stripslashes($marker[3]) . ' | ' . stripslashes($marker[0]); } } fclose($handle); } $retval .= '</ul>'; if ($valid == false) { $validation = '<p><form name="import" action="' . $_CONF['site_url'] . '/admin/plugins/maps/import_export.php?mode=valid" method="POST">'; $validation .= '<input type="hidden" name="filename" value="' . $filename . '">'; $validation .= '<input type="hidden" name="mid" value="' . $map_id . '">'; $validation .= '<input type="hidden" name="separator_in" value="' . $separator . '">'; $validation .= '<input type="submit" name="submit" value="' . $LANG_MAPS_1['yes'] . '"> '; foreach ($fields as $value) { $validation .= '<input type="hidden" name="import_export[]" value="' . $value . '">'; } $validation .= '<input type="submit" name="submit" value="' . $LANG_MAPS_1['no'] . '">'; $validation .= '</form></p>'; return MAPS_message($retval) . $validation; } else { return $retval; } }
public function testAreErrorsDefault() { $this->assertFalse($this->up->areErrors()); }
/** * Upload new photo, delete old photo * * @param string $delete_photo 'on': delete old photo * @return string filename of new photo (empty = no new photo) * */ function handlePhotoUpload($delete_photo = '') { global $_CONF, $_TABLES, $_USER, $LANG24; require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (!empty($_CONF['image_lib'])) { $upload->setAutomaticResize(true); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'userphotos')) { $display = COM_siteHeader('menu', $LANG24[30]); $display .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true); $display .= COM_siteFooter(); echo $display; exit; // don't return } $filename = ''; if (!empty($delete_photo) && $delete_photo == 'on') { $delete_photo = true; } else { $delete_photo = false; } $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}"); if (empty($curphoto)) { $delete_photo = false; } // see if user wants to upload a (new) photo $newphoto = $_FILES['photo']; if (!empty($newphoto['name'])) { $pos = strrpos($newphoto['name'], '.') + 1; $fextension = substr($newphoto['name'], $pos); $filename = $_USER['uid'] . '.' . $fextension; if (!empty($curphoto) && $filename != $curphoto) { $delete_photo = true; } else { $delete_photo = false; } } // delete old photo first if ($delete_photo) { USER_deletePhoto($curphoto); } // now do the upload if (!empty($filename)) { $upload->setFileNames($filename); $upload->setFieldName('photo'); $upload->setPerms('0644'); if ($_CONF['max_photo_width'] > 0 && $_CONF['max_photo_height'] > 0) { $upload->setMaxDimensions($_CONF['max_photo_width'], $_CONF['max_photo_height']); } else { $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); } if ($_CONF['max_photo_size'] > 0) { $upload->setMaxFileSize($_CONF['max_photo_size']); } else { $upload->setMaxFileSize($_CONF['max_image_size']); } $upload->uploadFiles(); if ($upload->areErrors()) { $display = COM_siteHeader('menu', $LANG24[30]); $display .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true); $display .= COM_siteFooter(); echo $display; exit; // don't return } } else { if (!$delete_photo && !empty($curphoto)) { $filename = $curphoto; } } return $filename; }
/** * Upload new topic icon, replaces previous icon if one exists * * @param string tid ID of topic to prepend to filename * @return string filename of new photo (empty = no new photo) * */ function handleIconUpload($tid) { global $_CONF, $_TABLES, $LANG27; require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'topics')) { $display = COM_siteHeader('menu', $LANG27[29]); $display .= COM_startBlock($LANG27[29], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $upload->printErrors(false); $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $display .= COM_siteFooter(); COM_output($display); exit; // don't return } $filename = ''; // see if user wants to upload a (new) icon $newicon = $_FILES['newicon']; if (!empty($newicon['name'])) { $pos = strrpos($newicon['name'], '.') + 1; $fextension = substr($newicon['name'], $pos); $filename = 'topic_' . $tid . '.' . $fextension; } // do the upload if (!empty($filename)) { $upload->setFileNames($filename); $upload->setPerms('0644'); if ($_CONF['max_topicicon_width'] > 0 && $_CONF['max_topicicon_height'] > 0) { $upload->setMaxDimensions($_CONF['max_topicicon_width'], $_CONF['max_topicicon_height']); } else { $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); } if ($_CONF['max_topicicon_size'] > 0) { $upload->setMaxFileSize($_CONF['max_topicicon_size']); } else { $upload->setMaxFileSize($_CONF['max_image_size']); } $upload->uploadFiles(); if ($upload->areErrors()) { $display = COM_siteHeader('menu', $LANG27[29]); $display .= COM_startBlock($LANG27[29], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $upload->printErrors(false); $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $display .= COM_siteFooter(); COM_output($display); exit; // don't return } $filename = '/images/topics/' . $filename; } return $filename; }
/** * Upload new photo, delete old photo * * @param string $delete_photo 'on': delete old photo * @return string filename of new photo (empty = no new photo) * */ function USER_handlePhotoUpload($uid, $delete_photo = '') { global $_CONF, $_TABLES, $LANG24; USES_class_upload(); $upload = new upload(); if (!empty($_CONF['image_lib'])) { $upload->setAutomaticResize(true); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'userphotos')) { return ''; } $filename = ''; if (!empty($delete_photo) && $delete_photo == 1) { $delete_photo = true; } else { $delete_photo = false; } $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = " . (int) $uid); if (empty($curphoto)) { $delete_photo = false; } // see if user wants to upload a (new) photo $newphoto = $_FILES['photo']; if (!empty($newphoto['name'])) { $pos = strrpos($newphoto['name'], '.') + 1; $fextension = substr($newphoto['name'], $pos); $filename = $uid . '.' . $fextension; if (!empty($curphoto) && $filename != $curphoto) { $delete_photo = true; } else { $delete_photo = false; } } // delete old photo first if ($delete_photo) { USER_deletePhoto($curphoto); } // now do the upload if (!empty($filename)) { $upload->setFileNames($filename); $upload->setFieldName('photo'); $upload->setPerms('0644'); $upload->setMaxDimensions(1024000, 1024000); $upload->uploadFiles(); if ($upload->areErrors()) { return ''; } IMG_resizeImage($_CONF['path_images'] . 'userphotos/' . $filename, $_CONF['path_images'] . 'userphotos/' . $filename, $_CONF['max_photo_height'], $_CONF['max_photo_width']); } else { if (!$delete_photo && !empty($curphoto)) { $filename = $curphoto; } } return $filename; }
/** * Main driver to handle the uploaded autotag * * Determines if a new style (supports automated installer) or * an old style. * * @return string Formatted HTML containing the page body * */ function processAutotagUpload() { global $_CONF, $_PLUGINS, $_TABLES, $autotagData, $LANG32, $_DB_dbms, $_DB_table_prefix; $retval = ''; $upgrade = false; $errors = ''; if (count($_FILES) > 0 && $_FILES['autotagfile']['error'] != UPLOAD_ERR_NO_FILE) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads(1); $upload->setMaxFileSize(4194304); $upload->setAllowedMimeTypes(array('application/x-gzip' => '.gz,.gzip,tgz', 'application/zip' => '.zip')); $upload->setFieldName('autotagfile'); if (!$upload->setPath($_CONF['path_data'] . 'temp')) { return _at_errorBox($upload->printErrors(false)); exit; } $filename = COM_sanitizeFilename($_FILES['autotagfile']['name'], true); $upload->setFileNames($filename); $upload->uploadFiles(); if ($upload->areErrors()) { return _at_errorBox($upload->printErrors(false)); exit; } $Finalfilename = $_CONF['path_data'] . 'temp/' . $filename; } else { return _at_errorBox($LANG32[46]); } // decompress into temp directory if (function_exists('set_time_limit')) { @set_time_limit(60); } if (!($tmp = _io_mktmpdir())) { return _at_errorBox($LANG32[47]); } if (!COM_decompress($Finalfilename, $_CONF['path_data'] . $tmp)) { _pi_deleteDir($_CONF['path_data'] . $tmp); return _at_errorBox($LANG32[48]); } @unlink($Finalfilename); // read XML data file, places in $autotagData; $autotagData = array(); $rc = _at_parseXML($_CONF['path_data'] . $tmp); if ($rc == -1) { // no xml file found _pi_deleteDir($_CONF['path_data'] . $tmp); return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion'])); } if (!isset($autotagData['id']) || !isset($autotagData['version'])) { _pi_deleteDir($_CONF['path_data'] . $tmp); return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion'])); } // proper glfusion version if (!COM_checkVersion(GVERSION, $autotagData['glfusionversion'])) { _pi_deleteDir($_CONF['path_data'] . $tmp); return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion'])); } if (!COM_checkVersion(phpversion(), $autotagData['phpversion'])) { $retval .= sprintf($LANG32[50], $autotagData['phpversion']); _pi_deleteDir($_CONF['path_data'] . $tmp); return _at_errorBox(sprintf($LANG32[50], $autotagData['phpversion'])); } if ($errors != '') { _pi_deleteDir($_CONF['path_data'] . $tmp); return _at_errorBox($errors); } // check to see if an auto tag already exists... // removed so we can update existing auto tags /* $result = DB_query("SELECT * FROM {$_TABLES['autotags']} WHERE tag='".DB_escapeString($autotagData['id'])."'"); if ( DB_numRows($result) > 0 ) { _pi_deleteDir($_CONF['path_data'].$tmp); return _at_errorBox(sprintf($LANG32[52],$autotagData['id'])); } */ $permError = 0; $permErrorList = ''; if (function_exists('set_time_limit')) { @set_time_limit(30); } // test copy to proper directories $autotagData['id'] = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', $autotagData['id']); list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $autotagData['id'] . '/', $_CONF['path_system'] . 'autotags/'); if ($rc > 0) { $permError = 1; foreach ($failed as $filename) { $permErrorList .= sprintf($LANG32[41], $filename); } } if ($permError != 0) { $errorMessage = '<h2>' . $LANG32[42] . '</h2>' . $LANG32[43] . $permErrorList . '<br />' . $LANG32[44]; _pi_deleteDir($_CONF['path_data'] . $tmp); return _at_errorBox($errorMessage); } $T = new Template($_CONF['path_layout'] . 'admin/autotag'); $T->set_file('form', 'autotag_upload_confirm.thtml'); $T->set_var(array('form_action_url' => $_CONF['site_admin_url'] . '/autotag_upload.php', 'action' => 'processupload', 'pi_name' => $autotagData['id'], 'pi_version' => $autotagData['version'], 'pi_url' => $autotagData['url'], 'pi_gl_version' => $autotagData['glfusionversion'], 'pi_desc' => $autotagData['description'], 'pi_author' => $autotagData['author'], 'upgrade' => $upgrade, 'temp_dir' => $tmp)); $retval .= $T->parse('output', 'form'); return $retval; }
/** * This function record in the hello queue the message to send to the specified group or to csv list * * @param array $vars Same as $_POST, holds all the email info * @return string HTML with success or error message * */ function send_messages($vars) { global $_CONF, $_TABLES, $LANG31, $LANG_HELLO01; require_once $_CONF['path_system'] . 'lib-user.php'; $retval = ''; if (empty($vars['fra']) or empty($vars['fraepost']) or empty($vars['subject']) or empty($vars['content'])) { $retval .= COM_startBlock($LANG31[1], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $LANG31[26]; $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= $display .= display_mailform($vars); return $retval; } // Urgent message! if (isset($vars['priority'])) { $priority = 1; } else { $priority = 0; } if (!empty($vars['to_group'])) { $groupList = implode(',', USER_getChildGroups($vars['to_group'])); //Group name $group_name = DB_query("SELECT grp_name FROM {$_TABLES['groups']} WHERE grp_id =" . $vars['to_group'] . " "); $group_name = DB_fetchArray($group_name); $email_group = $group_name[0]; if (isset($vars['overstyr'])) { $sql = "SELECT DISTINCT username,fullname,email FROM {$_TABLES['users']},{$_TABLES['group_assignments']} WHERE uid > 1"; $sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))"; $sql .= " AND {$_TABLES['users']}.uid = ug_uid AND ug_main_grp_id IN ({$groupList})"; } else { $sql = "SELECT DISTINCT username,fullname,email,emailfromadmin FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['group_assignments']} WHERE {$_TABLES['users']}.uid > 1"; $sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))"; $sql .= " AND {$_TABLES['users']}.uid = {$_TABLES['userprefs']}.uid AND emailfromadmin = 1"; $sql .= " AND ug_uid = {$_TABLES['users']}.uid AND ug_main_grp_id IN ({$groupList})"; } $result = DB_query($sql); $nrows = DB_numRows($result); $quantity = $nrows; } else { // OK, let's upload csv file require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); //Debug with story debug function if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads(1); $upload->setAllowedMimeTypes(array('text/csv' => '.csv', 'text/comma-separated-values' => '.csv', 'application/vnd.ms-excel' => '.csv', 'application/x-csv' => '.csv')); if (!$upload->setPath($_CONF['path_data'])) { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $upload->printErrors(false); $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); echo $output; exit; } // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $curfile = current($_FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filename = 'import_hello_' . COM_makesid() . '.' . $fextension; } if ($filename == '') { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= 'Upload error: csv file name is empty. Please try again...'; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); echo $output; exit; } $upload->setFileNames($filename); reset($_FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $msg = $upload->printErrors(false); return $LANG24[30]; } //email group $email_group = $LANG_HELLO01['csv_file']; $destinataires = array(); $separator = $vars['separator']; if (!in_array($separator, array(',', 'tab', ';'))) { $separator = ','; } if ($separator == 'tab') { $separator = "\t"; } if (($handle = fopen($_CONF['path_data'] . $filename, "r")) !== FALSE) { $quantity = 0; while (($data = fgetcsv($handle, 0, $separator)) !== FALSE) { //todo check if email is valid if ($data[0] != '' and COM_isEmail($data[0])) { $quantity++; $destinataires[] = $data[0]; } } fclose($handle); } } $retval .= COM_startBlock($LANG31[1]); // register hello $creation = date('YmdHi', time()); $subject = addslashes($vars['subject']); $content = addslashes($vars['content']); $from = COM_formatEmailAddress($vars['fra'], $vars['fraepost']); $sql_ajout_hello = "INSERT INTO {$_TABLES['hello']} (subject, creation, email_group, quantity, content) VALUES ('{$subject}', '{$creation}', '{$email_group}', '{$quantity}','{$content}')"; DB_query($sql_ajout_hello); $new_hello_id = DB_insertId(); // Loop through and send the messages in the DB! $successes = 0; $failures = 0; if (!empty($vars['to_group'])) { for ($i = 0; $i < $quantity; $i++) { $A = DB_fetchArray($result); $destinataire = $A['email']; $expediteur = $from; $date = date('YmdHi', time()); $sql_ajout_hello = "INSERT INTO {$_TABLES['hello_queue']} (expediteur, destinataire, date, hello_id, subject, content, priority) VALUES ('{$expediteur}', '{$destinataire}', '{$date}', '{$new_hello_id}', '{$subject}', '{$content}', '{$priority}')"; if ($destinataire != '') { if (DB_query($sql_ajout_hello)) { $successes = $successes + 1; } else { $failures = $failures + 1; } } else { $failures = $failures + 1; } } } else { //csv file for ($i = 0; $i < $quantity; $i++) { $destinataire = $destinataires[$i]; $expediteur = $from; $date = date('YmdHi', time()); $sql_ajout_hello = "INSERT INTO {$_TABLES['hello_queue']} (expediteur, destinataire, date, hello_id, subject, content, priority) VALUES ('{$expediteur}', '{$destinataire}', '{$date}', '{$new_hello_id}', '{$subject}', '{$content}', '{$priority}')"; if (DB_query($sql_ajout_hello)) { $successes = $successes + 1; } else { $failures = $failures + 1; } } } if ($successes >= 0) { $retval .= $i . ' ' . $LANG_HELLO01['email_schedule'] . '<br />' . $vars['priority']; } if ($failures > 0) { $retval .= 'Oups... There was ' . $failures . ' failure(s)'; } if (empty($vars['to_group'])) { //list emails from csv reset($destinataires); $retval .= COM_makeList($destinataires); } $retval .= COM_endBlock(); return $retval; }