function qa_upload_file($localfilename, $sourcefilename, $maxfilesize = null, $onlyimage = false, $imagemaxwidth = null, $imagemaxheight = null)
{
    if (qa_to_override(__FUNCTION__)) {
        $args = func_get_args();
        return qa_call_override(__FUNCTION__, $args);
    }
    $result = array();
    //	Check per-user upload limits
    require_once QA_INCLUDE_DIR . 'qa-app-users.php';
    require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
    switch (qa_user_permit_error(null, QA_LIMIT_UPLOADS)) {
        case 'limit':
            $result['error'] = qa_lang('main/upload_limit');
            return $result;
        case false:
            qa_limits_increment(qa_get_logged_in_userid(), QA_LIMIT_UPLOADS);
            break;
        default:
            $result['error'] = qa_lang('users/no_permission');
            return $result;
    }
    //	Check the uploaded file is not too large
    $filesize = filesize($localfilename);
    if (isset($maxfilesize)) {
        $maxfilesize = min($maxfilesize, qa_get_max_upload_size());
    } else {
        $maxfilesize = qa_get_max_upload_size();
    }
    if ($filesize <= 0 || $filesize > $maxfilesize) {
        // if file was too big for PHP, $filesize will be zero
        $result['error'] = qa_lang_sub('main/max_upload_size_x', number_format($maxfilesize / 1048576, 1) . 'MB');
        return $result;
    }
    //	Find out what type of source file was uploaded and if appropriate, check it's an image and get preliminary size measure
    $pathinfo = pathinfo($sourcefilename);
    $format = strtolower(@$pathinfo['extension']);
    $isimage = $format == 'png' || $format == 'gif' || $format == 'jpeg' || $format == 'jpg';
    // allowed image extensions
    if ($isimage) {
        $imagesize = @getimagesize($localfilename);
        if (is_array($imagesize)) {
            $result['width'] = $imagesize[0];
            $result['height'] = $imagesize[1];
            switch ($imagesize['2']) {
                // reassign format based on actual content, if we can
                case IMAGETYPE_GIF:
                    $format = 'gif';
                    break;
                case IMAGETYPE_JPEG:
                    $format = 'jpeg';
                    break;
                case IMAGETYPE_PNG:
                    $format = 'png';
                    break;
            }
        }
    }
    $result['format'] = $format;
    if ($onlyimage) {
        if (!$isimage || !is_array($imagesize)) {
            $result['error'] = qa_lang_sub('main/image_not_read', 'GIF, JPG, PNG');
            return $result;
        }
    }
    //	Read in the raw file contents
    $content = file_get_contents($localfilename);
    //	If appropriate, get more accurate image size and apply constraints to it
    require_once QA_INCLUDE_DIR . 'qa-util-image.php';
    if ($isimage && qa_has_gd_image()) {
        $image = @imagecreatefromstring($content);
        if (is_resource($image)) {
            $result['width'] = $width = imagesx($image);
            $result['height'] = $height = imagesy($image);
            if (isset($imagemaxwidth) || isset($imagemaxheight)) {
                if (qa_image_constrain($width, $height, isset($imagemaxwidth) ? $imagemaxwidth : $width, isset($imagemaxheight) ? $imagemaxheight : $height)) {
                    qa_gd_image_resize($image, $width, $height);
                    if (is_resource($image)) {
                        $content = qa_gd_image_jpeg($image);
                        $result['format'] = $format = 'jpeg';
                        $result['width'] = $width;
                        $result['height'] = $height;
                    }
                }
            }
            if (is_resource($image)) {
                // might have been lost
                imagedestroy($image);
            }
        }
    }
    //	Create the blob and return
    require_once QA_INCLUDE_DIR . 'qa-app-blobs.php';
    $userid = qa_get_logged_in_userid();
    $cookieid = isset($userid) ? qa_cookie_get() : qa_cookie_get_create();
    $result['blobid'] = qa_create_blob($content, $format, $sourcefilename, $userid, $cookieid, qa_remote_ip_address());
    if (!isset($result['blobid'])) {
        $result['error'] = qa_lang('main/general_error');
        return $result;
    }
    $result['bloburl'] = qa_get_blob_url($result['blobid'], true);
    return $result;
}
Example #2
0
 function process_request($request)
 {
     $message = '';
     $url = '';
     if (is_array($_FILES) && count($_FILES)) {
         //	Check that we're allowed to upload images (if not, no other uploads are allowed either)
         if (!qa_opt('wysiwyg_editor_upload_images')) {
             $message = qa_lang('users/no_permission');
         }
         //	Check that we haven't reached the upload limit and are not blocked
         if (empty($message)) {
             require_once QA_INCLUDE_DIR . 'qa-app-users.php';
             require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
             switch (qa_user_permit_error(null, QA_LIMIT_UPLOADS)) {
                 case 'limit':
                     $message = qa_lang('main/upload_limit');
                     break;
                 case false:
                     qa_limits_increment(qa_get_logged_in_userid(), QA_LIMIT_UPLOADS);
                     break;
                 default:
                     $message = qa_lang('users/no_permission');
                     break;
             }
         }
         //	Find out some information about the uploaded file and check it's not too large
         if (empty($message)) {
             require_once QA_INCLUDE_DIR . 'qa-app-blobs.php';
             $file = reset($_FILES);
             $pathinfo = pathinfo($file['name']);
             $extension = strtolower(@$pathinfo['extension']);
             $filesize = $file['size'];
             $maxsize = min(qa_opt('wysiwyg_editor_upload_max_size'), qa_get_max_upload_size());
             if ($filesize <= 0 || $filesize > $maxsize) {
                 // if file was too big for PHP, $filesize will be zero
                 $message = qa_lang_sub('main/max_upload_size_x', number_format($maxsize / 1048576, 1) . 'MB');
             }
         }
         //	If it's only allowed to be an image, check it's an image
         if (empty($message)) {
             if (qa_get('qa_only_image') || !qa_opt('wysiwyg_editor_upload_all')) {
                 // check if we need to confirm it's an image
                 switch ($extension) {
                     case 'png':
                         // these are allowed image extensions
                     // these are allowed image extensions
                     case 'gif':
                     case 'jpeg':
                     case 'jpg':
                         if (function_exists('getimagesize')) {
                             // getimagesize() does not require GD library
                             if (!is_array(@getimagesize($file['tmp_name']))) {
                                 $message = qa_lang_sub('main/image_not_read', 'GIF, JPG, PNG');
                             }
                         }
                         break;
                     default:
                         $message = qa_lang_sub('main/image_not_read', 'GIF, JPG, PNG');
                         break;
                 }
             }
         }
         //	If there have been no errors, looks like we're all set...
         if (empty($message)) {
             require_once QA_INCLUDE_DIR . 'qa-db-blobs.php';
             $userid = qa_get_logged_in_userid();
             $cookieid = isset($userid) ? qa_cookie_get() : qa_cookie_get_create();
             $blobid = qa_db_blob_create(file_get_contents($file['tmp_name']), $extension, @$file['name'], $userid, $cookieid, qa_remote_ip_address());
             if (isset($blobid)) {
                 $url = qa_get_blob_url($blobid, true);
             } else {
                 $message = 'Failed to create object in database - please try again';
             }
         }
     }
     echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(" . qa_js(qa_get('CKEditorFuncNum')) . ", " . qa_js($url) . ", " . qa_js($message) . ");</script>";
     return null;
 }