* @version 0.3.4 * @link http://sumoam.sourceforge.net SUMO Access Manager * @author Alberto Basso <*****@*****.**> * @copyright Copyright © 2003-2009, Alberto Basso * @package SUMO * @category Console */ $tab = sumo_get_user_info($_GET['id'], 'id', FALSE); if (sumo_verify_permissions(4, $tab['group'])) { if ($SUMO['user']['id'] == $_GET['id'] || $SUMO['user']['user'] == 'sumo') { $validate[0] = ''; // If id not exist if (!$tab['id']) { $tpl['MESSAGE:H'] = sumo_get_message('W00001C', $_GET['id']); } else { sumo_delete_user_image($_GET['id']); } if ($validate[0]) { $tpl['MESSAGE:M'] = $validate[1]; } $tpl['GET:UpdateForm'] = "<form action='?module=users&action=editimg&id=" . $tab['id'] . "' " . "name='UpdateUserImg' method='POST' enctype='multipart/form-data'>"; $tpl['IMG:User'] = "******" . $tab['id'] . "' alt='" . $tab['username'] . "' class='user'>"; $tpl['PUT:UserImage'] = "<input type='hidden' name='MAX_FILE_SIZE' value='30720'>" . "<input type='file' size='20' class='file' name='user_image' >"; $tpl['GET:DeleteForm'] = "<form action='?module=users&action=deleteimg&id=" . $tab['id'] . "' name='DeleteUserImg' method='POST'>\n" . "<input type='submit' class='button' value='" . $language['Delete'] . "'>\n" . "</form>"; // Note: not using sumo_show_window() function // because for this event a window is external $tpl_file = SUMO_PATH_MODULE . '/templates/editimg.tpl'; if (sumo_verify_file($tpl_file)) { $content = implode('', file($tpl_file)); } echo sumo_process_template($content, $tpl);
/** * Update user image */ function sumo_update_user_image($id = 0, $size_limit = 30720) { $id = intval($id); if ($id > 0) { global $SUMO; $file = pathinfo($_FILES['user_image']['name']); if (!in_array($file['extension'], array('jpg', 'jpeg', 'png', 'gif', 'bmp', 'tif'))) { return FALSE; } elseif (is_uploaded_file($_FILES['user_image']['tmp_name'])) { // check the file is less than the maximum file size if ($_FILES['user_image']['size'] <= $size_limit) { // prepare the image for insertion $data = file_get_contents($_FILES['user_image']['tmp_name']); //$image = get_magic_quotes_gpc() ? $data : addslashes($data); $image = $SUMO['server']['db_type'] != 'postgres' ? addslashes($data) : pg_escape_bytea($data); //$image = mysql_real_escape_string($data); // get the image info.. //$size = getimagesize($_FILES['user_image']['tmp_name']); sumo_delete_user_image($id); // put the image in the db... $query = "INSERT INTO " . SUMO_TABLE_USERS_IMAGES . "\n\t\t\t\t\t\t\t(id_user, type, image)\n\t\t\t\t VALUES (\n\t\t\t\t \t\t " . $id . ",\n\t\t\t\t \t\t '" . $_FILES['user_image']['type'] . "',\n\t\t\t\t \t\t '{$image}'\n\t\t\t\t )"; $SUMO['DB']->Execute($query); return TRUE; } } else { return FALSE; } } else { return FALSE; } }