public static function handle_upload($itemid, $fieldname, &$error) { $config = cmsms()->GetConfig(); $mod = cms_utils::get_module('News'); $p = cms_join_path($config['uploads_path'], 'news'); if (!is_dir($p)) { $res = @mkdir($p); if ($res === FALSE) { $error = $mod->Lang('error_mkdir', $p); return FALSE; } } $p = cms_join_path($config['uploads_path'], 'news', 'id' . $itemid); if (!is_dir($p)) { if (@mkdir($p) === FALSE) { $error = $mod->Lang('error_mkdir', $p); return FALSE; } } if ($_FILES[$fieldname]['size'] > $config['max_upload_size']) { $error = $mod->Lang('error_filesize'); return FALSE; } $filename = basename($_FILES[$fieldname]['name']); $dest = cms_join_path($config['uploads_path'], 'news', 'id' . $itemid, $filename); // Get the files extension $ext = substr(strrchr($filename, '.'), 1); // compare it against the 'allowed extentions' $exts = explode(',', $mod->GetPreference('allowed_upload_types', '')); if (!in_array($ext, $exts)) { $error = $mod->Lang('error_invalidfiletype'); return FALSE; } if (@cms_move_uploaded_file($_FILES[$fieldname]['tmp_name'], $dest) === FALSE) { $error = $mod->Lang('error_movefile', $dest); return FALSE; } return $filename; }
$tiny->smarty->assign('messagefail', $tiny->Lang("filetoobig")); } else { $filename = $tiny->Slash($thisdir, $_FILES["uploadformnewfile"]["name"]); if ($tiny->GetPreference("makethumbnail", 0) == 1) { $thumbname = $tiny->Slash($thisdir, "thumb_" . $_FILES["uploadformnewfile"]["name"]); $tiny->HandleFileResizing($_FILES["uploadformnewfile"]["tmp_name"], $thumbname, 96, 96); } //print_r($_POST); if (isset($_POST["uploadformresize_on"]) && is_numeric($_POST["uploadformresize_x"]) && is_numeric($_POST["uploadformresize_y"])) { if ($tiny->HandleFileResizing($_FILES["uploadformnewfile"]["tmp_name"], $filename, $_POST["uploadformresize_x"], $_POST["uploadformresize_y"])) { $tiny->smarty->assign('messagesuccess', $tiny->Lang("fileuploaded")); } else { $tiny->smarty->assign('messagefail', $tiny->Lang("uploadfailed")); } } else { if (cms_move_uploaded_file($_FILES["uploadformnewfile"]["tmp_name"], $filename)) { $tiny->smarty->assign('messagesuccess', $tiny->Lang("fileuploaded")); } else { $tiny->smarty->assign('messagefail', $tiny->Lang("uploadfailed")); } } } } } else { $tiny->smarty->assign('messagefail', $tiny->Lang("nofile")); } } else { //This shouldn't happen $tiny->smarty->assign('messagefail', $tiny->Lang("nofile")); } }
$message = "newuploadsuccess"; $messagecount++; //$messages.="<li>".$_FILES[$id."file_".$i]["name"]." ".$this->Lang("unpacksuccess")."</li>\n"; } break; default: //$errors.=$this->Lang("unsupportedarchive")." ($extension)"; $error = "newunsupportedarchive"; $errorcount = $extension; break; } } else { if (trim($_FILES[$id . "file_" . $i]["name"]) == "") { continue; } $thispath = $this->Slash($fullpath, $_FILES[$id . "file_" . $i]["name"]); if (cms_move_uploaded_file($_FILES[$id . "file_" . $i]["tmp_name"], $thispath)) { //$messages.="<span class='fm-messages'>".$_FILES[$id."file_".$i]["name"]." ".$this->Lang("uploadsuccess")."</span>\n"; $message = "newuploadsuccess"; $messagecount++; } else { //$errors.="<span class='fm-messages'>".$_FILES[$id."file_".$i]["name"]." ".$this->Lang("uploadfail")."</span>\n"; $error = "newuploadfailed"; $errorcount++; } } } /* if ($messages!="") $messages="<ul>".$messages."</ul>"; if ($errors!="") $errors="<ul>".$errors."</ul>"; */ $this->Redirect($id, "defaultadmin", $returnid, array("path" => $params["path"], "fmmessage" => $message, "fmmessagecount" => $messagecount, "fmerror" => $error, "fmerrorcount" => $errorcount));
//echo "hi"; $thumbname = $this->Slash($thisdir, "thumb_" . $newfile["name"]); //echo $thumbname; $thumbnail_width = get_site_preference('thumbnail_width', 96); $thumbnail_height = get_site_preference('thumbnail_height', 96); $this->HandleFileResizing($newfile["tmp_name"], $thumbname, $thumbnail_width, $thumbnail_height); } //print_r($_POST); if (isset($params["resize_on"]) && (is_numeric($params["resize_x"]) || is_numeric($params["resize_y"]))) { if ($this->HandleFileResizing($newfile["tmp_name"], $filename, $params["resize_x"], $params["resize_y"])) { $this->smarty->assign('messagesuccess', $this->Lang("fileuploaded")); } else { $this->smarty->assign('messagefail', $this->Lang("uploadfailed")); } } else { if (cms_move_uploaded_file($newfile["tmp_name"], $filename)) { //echo $filename; $this->smarty->assign('messagesuccess', $this->Lang("fileuploaded")); } else { $this->smarty->assign('messagefail', $this->Lang("uploadfailed")); } } } else { $this->smarty->assign('messagefail', $this->Lang("notanimage")); } } } } else { $this->smarty->assign('messagefail', $this->Lang("nofile")); } } else {
$img = getimagesize($tmpname) ? TRUE : FALSE; } elseif (function_exists('exif_imagetype')) { $img = exif_imagetype($tmpname) !== FALSE; } elseif (function_exists('mime_content_type')) { $mtype = mime_content_type($tmpname); $img = strpos($mtype, 'image/') === 0; } if (!$img) { $message = $this->Lang('err_file'); } } if (empty($message)) { $fp = StripeGate\Utils::GetUploadsPath($this); if ($fp) { $fp = cms_join_path($fp, $file_data['name']); if (!chmod($file_data['tmp_name'], 0644) || !cms_move_uploaded_file($file_data['tmp_name'], $fp)) { $message = $this->Lang('err_upload'); } else { //all good $sql = 'UPDATE ' . $pref . 'module_sgt_account SET iconfile=? WHERE account_id=?'; $db->Execute($sql, array($file_data['name'], $params['account_id'])); } } else { $message = $this->Lang('err_upload'); } } if (empty($message)) { $message = FALSE; } $this->Redirect($id, 'update', $returnid, array('account_id' => $params['account_id'], 'message' => $message)); }
function ManageImageUpload($id, $fldprefix, $fldname, $uid) { $gCms = cmsms(); if (!isset($_FILES[$id . $fldprefix . $fldname]) || !isset($_FILES)) { return array(false, $this->Lang('error_missing_upload')); } //$destname = $_FILES[$id.$fldname]['name']; $file =& $_FILES[$id . $fldprefix . $fldname]; if (!isset($file['name']) || !isset($file['size']) || $file['size'] == 0) { return array(false, $this->Lang('error_problem_upload')); } if (!isset($file['type'])) { $file['type'] = ''; } if (!isset($file['size'])) { $file['size'] = ''; } if (!isset($file['tmp_name'])) { $file['tmp_name'] = ''; } $file['name'] = preg_replace('/[^a-zA-Z0-9\\.\\$\\%\'\\`\\-\\@\\{\\}\\~\\!\\#\\(\\)\\&\\_\\^]/', '', str_replace(array(' ', '%20'), array('_', '_'), $file['name'])); // check the filename $allowed_extensions = $this->GetPreference('allowed_image_extensions', '.gif,.png,.jpg'); $tmp = explode(',', $allowed_extensions); if (!is_array($tmp)) { return array(false, $this->Lang('error_invalidfileextension')); } $found = false; foreach ($tmp as $ext) { if (endswith($file['name'], $ext)) { $found = true; break; } } if (!$found) { return array(false, $this->Lang('error_invalidfileextension')); } // set the destination name $ext = strchr($file['name'], '.'); $destname = $uid . '_' . $fldname . $ext; // Create the destination directory if necessary $destDir = $this->get_upload_dirname($uid); @mkdir($destDir); if (!is_writable($destDir)) { return array(false, $this->Lang('error_destinationnotwritable')); } @cms_move_uploaded_file($file['tmp_name'], cms_join_path($destDir, $destname)); return array(true, $destname); }
exit; } $errors = ''; $curdir = isset($params['curdir']) ? $params['curdir'] . '/' : ''; $dir = str_replace('//', '/', $gCms->config["uploads_path"] . '/attachments/' . $curdir); echo $dir; $fieldname = $id . 'uploadfile'; if (isset($_FILES) && isset($_FILES[$fieldname]) && isset($_FILES[$fieldname]['name']) && $_FILES[$fieldname]['name'] != "") { $tmpfilename = str_replace(' ', '_', $_FILES[$fieldname]['name']); $extension = substr(strrchr($tmpfilename, "."), 1); $cleanfilename = str_replace('.' . $extension, '', $tmpfilename); $destdir = $dir . $tmpfilename; $i = 1; while (file_exists($destdir)) { $tmpfilename = $cleanfilename . '_' . $i . '.' . $extension; $destdir = $dir . $tmpfilename; $i++; } if (!cms_move_uploaded_file($_FILES[$fieldname]['tmp_name'], $destdir)) { $errors .= "<li>" . lang('filenotuploaded') . "</li>"; } else { //chmod('../uploads/'.$startdir.$curdir.$tmpfilename, 0755); //audit(-1, $tmpfilename, 'Uploaded File'); } } if ($errors != '') { echo '<div class="pageerrorcontainer"><ul>' . $errors . '</ul></div>'; } else { $params['filepath'] = $curdir . $tmpfilename; } // natural redirect to assign function
# allow new thumbnail to be uploaded $tmp = $id . 'input_newthumbnail'; if (isset($_FILES[$tmp]) && !empty($_FILES[$tmp]['name']) && $_FILES[$tmp]['size'] > 0 && $_FILES[$tmp]['error'] == 0) { $name = $row['upload_name']; $thumb_ext = strrchr($_FILES[$tmp]['name'], '.'); $file_ext = strrchr($name, '.'); $fname = substr($name, 0, strlen($name) - strlen($file_ext)); $thumb_name = 'thumb_' . $fname . $thumb_ext; $tn_oldfile = $this->_categoryPath($catpath . DIRECTORY_SEPARATOR . $row['upload_thumbnail']); if (file_exists($tn_oldfile)) { @unlink($tn_oldfile); } $tn_newfile = $this->_categoryPath($catpath . DIRECTORY_SEPARATOR . $thumb_name); if (file_exists($tn_newfile)) { @unlink($tn_newfile); } cms_move_uploaded_file($_FILES[$tmp]['tmp_name'], $tn_newfile); $query = 'UPDATE ' . cms_db_prefix() . 'module_uploads SET upload_thumbnail = ? WHERE upload_id = ?'; $db->Execute($query, array($thumb_name, $row['upload_id'])); } // update search words. $search = $this->GetModuleInstance('Search'); if ($search) { $str = $newname . ' ' . $newauthor . ' ' . $newsummary . ' ' . $newdesc; $search->AddWords($this->Getname(), $row['upload_id'], 'upload', $str); } // done. $this->RedirectToTab($id, 'files', array('curcategory' => $params['category_id'])); // EOF