$user_hide_email = isnum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1"; if ($error == "") { if (!$user_data['user_avatar'] && !empty($_FILES['user_avatar']['name']) && is_uploaded_file($_FILES['user_avatar']['tmp_name'])) { $newavatar = $_FILES['user_avatar']; $avatarext = strrchr($newavatar['name'], "."); $avatarname = substr($newavatar['name'], 0, strrpos($newavatar['name'], ".")); if (preg_check("/^[-0-9A-Z_\\[\\]]+\$/i", $avatarname) && preg_check("/(\\.gif|\\.GIF|\\.jpg|\\.JPG|\\.jpeg|\\.JPEG|\\.png|\\.PNG)\$/", $avatarext) && $newavatar['size'] <= 30720) { $avatarname = $avatarname . "[" . $userdata['user_id'] . "]" . $avatarext; move_uploaded_file($newavatar['tmp_name'], IMAGES . "avatars/" . $avatarname); chmod(IMAGES . "avatars/" . $avatarname, 0644); $set_avatar = ", user_avatar='" . $avatarname . "'"; if ($size = @getimagesize(IMAGES . "avatars/" . $avatarname)) { if ($size['0'] > 100 || $size['1'] > 100) { @unlink(IMAGES . "avatars/" . $avatarname); $set_avatar = ""; } elseif (!verify_image(IMAGES . "avatars/" . $avatarname)) { @unlink(IMAGES . "avatars/" . $avatarname); $set_avatar = ""; } } else { @unlink(IMAGES . "avatars/" . $avatarname); $set_avatar = ""; } } else { $set_avatar = ""; } } if (isset($_POST['del_avatar'])) { @unlink(IMAGES . "avatars/" . $user_data['user_avatar']); $set_avatar = ", user_avatar=''"; }
protected function verify_image_upload() { $locale = fusion_get_locale(); require_once INCLUDES . "infusions_include.php"; if ($this->field_config['multiple']) { $target_folder = $this->field_config['path']; $target_width = $this->field_config['max_width']; $target_height = $this->field_config['max_height']; $max_size = $this->field_config['max_byte']; $delete_original = $this->field_config['delete_original']; $thumb1 = $this->field_config['thumbnail']; $thumb2 = $this->field_config['thumbnail2']; $thumb1_ratio = 1; $thumb1_folder = $this->field_config['path'] . $this->field_config['thumbnail_folder'] . "/"; $thumb1_suffix = $this->field_config['thumbnail_suffix']; $thumb1_width = $this->field_config['thumbnail_w']; $thumb1_height = $this->field_config['thumbnail_h']; $thumb2_ratio = 0; $thumb2_folder = $this->field_config['path'] . $this->field_config['thumbnail_folder'] . "/"; $thumb2_suffix = $this->field_config['thumbnail2_suffix']; $thumb2_width = $this->field_config['thumbnail2_w']; $thumb2_height = $this->field_config['thumbnail2_h']; $query = ''; if (!empty($_FILES[$this->field_config['input_name']]['name']) && is_uploaded_file($_FILES[$this->field_config['input_name']]['tmp_name'][0]) && $this->safe()) { $result = array(); for ($i = 0; $i <= count($_FILES[$this->field_config['input_name']]['name']) - 1; $i++) { if (is_uploaded_file($_FILES[$this->field_config['input_name']]['tmp_name'][$i])) { $image = $_FILES[$this->field_config['input_name']]; $target_name = $_FILES[$this->field_config['input_name']]['name'][$i]; if ($target_name != "" && !preg_match("/[^a-zA-Z0-9_-]/", $target_name)) { $image_name = $target_name; } else { $image_name = stripfilename(substr($image['name'][$i], 0, strrpos($image['name'][$i], "."))); } $image_ext = strtolower(strrchr($image['name'][$i], ".")); $image_res = array(); if (filesize($image['tmp_name'][$i]) > 10 && @getimagesize($image['tmp_name'][$i])) { $image_res = @getimagesize($image['tmp_name'][$i]); } $image_info = array("image" => FALSE, "image_name" => $image_name . $image_ext, "image_ext" => $image_ext, "image_size" => $image['size'], "image_width" => $image_res[0], "image_height" => $image_res[1], "thumb1" => FALSE, "thumb1_name" => "", "thumb2" => FALSE, "thumb2_name" => "", "error" => 0); if ($image_ext == ".gif") { $filetype = 1; } elseif ($image_ext == ".jpg") { $filetype = 2; } elseif ($image_ext == ".png") { $filetype = 3; } else { $filetype = FALSE; } if ($image['size'][$i] > $max_size) { // Invalid file size $image_info['error'] = 1; } elseif (!$filetype || !verify_image($image['tmp_name'][$i])) { // Unsupported image type $image_info['error'] = 2; } elseif ($image_res[0] > $target_width || $image_res[1] > $target_height) { // Invalid image resolution $image_info['error'] = 3; } else { if (!file_exists($target_folder)) { mkdir($target_folder, 0755); } $image_name_full = filename_exists($target_folder, $image_name . $image_ext); $image_name = substr($image_name_full, 0, strrpos($image_name_full, ".")); $image_info['image_name'] = $image_name_full; $image_info['image'] = TRUE; move_uploaded_file($image['tmp_name'][$i], $target_folder . $image_name_full); if (function_exists("chmod")) { chmod($target_folder . $image_name_full, 0755); } if ($query && !dbquery($query)) { // Invalid query string $image_info['error'] = 4; if (file_exists($target_folder . $image_name_full)) { @unlink($target_folder . $image_name_full); } } elseif ($thumb1 || $thumb2) { require_once INCLUDES . "photo_functions_include.php"; $noThumb = FALSE; if ($thumb1) { if ($image_res[0] <= $thumb1_width && $image_res[1] <= $thumb1_height) { $noThumb = TRUE; $image_info['thumb1_name'] = $image_info['image_name']; $image_info['thumb1'] = TRUE; } else { if (!file_exists($thumb1_folder)) { mkdir($thumb1_folder, 0755, TRUE); } $image_name_t1 = filename_exists($thumb1_folder, $image_name . $thumb1_suffix . $image_ext); $image_info['thumb1_name'] = $image_name_t1; $image_info['thumb1'] = TRUE; if ($thumb1_ratio == 0) { createthumbnail($filetype, $target_folder . $image_name_full, $thumb1_folder . $image_name_t1, $thumb1_width, $thumb1_height); } else { createsquarethumbnail($filetype, $target_folder . $image_name_full, $thumb1_folder . $image_name_t1, $thumb1_width); } } } if ($thumb2) { if ($image_res[0] < $thumb2_width && $image_res[1] < $thumb2_height) { $noThumb = TRUE; $image_info['thumb2_name'] = $image_info['image_name']; $image_info['thumb2'] = TRUE; } else { if (!file_exists($thumb2_folder)) { mkdir($thumb2_folder, 0755, TRUE); } $image_name_t2 = filename_exists($thumb2_folder, $image_name . $thumb2_suffix . $image_ext); $image_info['thumb2_name'] = $image_name_t2; $image_info['thumb2'] = TRUE; if ($thumb2_ratio == 0) { createthumbnail($filetype, $target_folder . $image_name_full, $thumb2_folder . $image_name_t2, $thumb2_width, $thumb2_height); } else { createsquarethumbnail($filetype, $target_folder . $image_name_full, $thumb2_folder . $image_name_t2, $thumb2_width); } } } if ($delete_original && !$noThumb) { unlink($target_folder . $image_name_full); $image_info['image'] = FALSE; } } } } else { $image_info = array("error" => 5); } if ($image_info['error'] != 0) { $this->stop(); // return FALSE if possible switch ($image_info['error']) { case 1: // Invalid file size addNotice('danger', sprintf($locale['df_416'], parsebytesize($this->field_config['max_byte']))); self::setInputError($this->field_name); break; case 2: // Unsupported image type addNotice('danger', sprintf($locale['df_417'], ".gif .jpg .png")); self::setInputError($this->field_name); break; case 3: // Invalid image resolution addNotice('danger', sprintf($locale['df_421'], $this->field_config['max_width'], $this->field_config['max_height'])); self::setInputError($this->field_name); break; case 4: // Invalid query string addNotice('danger', $locale['df_422']); self::setInputError($this->field_name); break; case 5: // Image not uploaded addNotice('danger', $locale['df_423']); self::setInputError($this->field_name); break; } $result[$i] = $image_info; } else { $result[$i] = $image_info; } } // end for return $result; } else { return array(); } } else { if (!empty($_FILES[$this->field_config['input_name']]['name']) && is_uploaded_file($_FILES[$this->field_config['input_name']]['tmp_name']) && $this->safe()) { $upload = upload_image($this->field_config['input_name'], $_FILES[$this->field_config['input_name']]['name'], $this->field_config['path'], $this->field_config['max_width'], $this->field_config['max_height'], $this->field_config['max_byte'], $this->field_config['delete_original'], $this->field_config['thumbnail'], $this->field_config['thumbnail2'], 1, $this->field_config['path'] . $this->field_config['thumbnail_folder'] . "/", $this->field_config['thumbnail_suffix'], $this->field_config['thumbnail_w'], $this->field_config['thumbnail_h'], 0, $this->field_config['path'] . $this->field_config['thumbnail_folder'] . "/", $this->field_config['thumbnail2_suffix'], $this->field_config['thumbnail2_w'], $this->field_config['thumbnail2_h']); if ($upload['error'] != 0) { $this->stop(); switch ($upload['error']) { case 1: // Invalid file size addNotice('danger', sprintf($locale['df_416'], parsebytesize($this->field_config['max_byte']))); self::setInputError($this->field_name); break; case 2: // Unsupported image type addNotice('danger', sprintf($locale['df_417'], ".gif .jpg .png")); self::setInputError($this->field_name); break; case 3: // Invalid image resolution addNotice('danger', sprintf($locale['df_421'], $this->field_config['max_width'], $this->field_config['max_height'])); self::setInputError($this->field_name); break; case 4: // Invalid query string addNotice('danger', $locale['df_422']); self::setInputError($this->field_name); break; case 5: // Image not uploaded addNotice('danger', $locale['df_423']); self::setInputError($this->field_name); break; } return $upload; } else { return $upload; } } else { return array(); } } }
} if (!isset($_FILES['upload'])) { $download->log_event($log_event, PDP_EUPLOAD); fallback(FUSION_SELF . "?did=" . $download->id . '&errno=' . PDP_EUPLOAD); } $ext = explode(',', $pdp->settings['image_ext']); foreach ($ext as $key => $val) { $ext[$key] = '.' . $val; } $errno = pdp_upload_file($_FILES['upload'], $pdp->settings['upload_image'], $pdp->settings['image_max'], $ext, $screen_fn); if ($errno) { $download->log_event($log_event, $errno); fallback(FUSION_SELF . '?did=' . $download->id . '&errno=' . $errno); } $file = $pdp->settings['upload_image'] . $screen_fn; if (!verify_image($file)) { $download->log_event($log_event, PDP_EIMGVERIFY); unlink($file); fallback(FUSION_SELF . "?did=" . $download->id . "&errno=" . PDP_EIMGVERIFY); } // check size if ($pdp->settings['image_max_w']) { $size = getimagesize($file); if ($size === false) { $log_event = PDP_EV_PICUPLOAD; $errno = PDP_EFILE; $download->log_event($log_event, $errno); fallback(FUSION_SELF . "?did=" . $download->id . "&errno={$errno}"); } if ($size[0] > $pdp->settings['image_max_w'] || $size[1] > $pdp->settings['image_max_h']) { // scale
$i++; } } } if ($fdata['forum_attach'] && checkgroup($fdata['forum_attach'])) { $attach = $_FILES['attach']; if ($attach['name'] != "" && !empty($attach['name']) && is_uploaded_file($attach['tmp_name'])) { $attachname = substr($attach['name'], 0, strrpos($attach['name'], ".")); $attachext = strtolower(strrchr($attach['name'], ".")); if (preg_match("/^[-0-9A-Z_\\[\\]]+\$/i", $attachname) && $attach['size'] <= $settings['attachmax']) { $attachtypes = explode(",", $settings['attachtypes']); if (in_array($attachext, $attachtypes)) { $attachname = attach_exists(strtolower($attach['name'])); move_uploaded_file($attach['tmp_name'], FORUM . "attachments/" . $attachname); chmod(FORUM . "attachments/" . $attachname, 0644); if (in_array($attachext, $imagetypes) && (!@getimagesize(FORUM . "attachments/" . $attachname) || !@verify_image(FORUM . "attachments/" . $attachname))) { unlink(FORUM . "attachments/" . $attachname); $error = 1; } if (!$error) { $result = dbquery("INSERT INTO " . DB_FORUM_ATTACHMENTS . " (thread_id, post_id, attach_name, attach_ext, attach_size) VALUES ('" . $thread_id . "', '" . $post_id . "', '{$attachname}', '{$attachext}', '" . $attach['size'] . "')"); } } else { @unlink($attach['tmp_name']); $error = 1; } } else { @unlink($attach['tmp_name']); $error = 2; } }
$user_hide_email = isnum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1"; if ($error == "") { if (!$user_data['user_avatar'] && !empty($_FILES['user_avatar']['name']) && is_uploaded_file($_FILES['user_avatar']['tmp_name'])) { $newavatar = $_FILES['user_avatar']; $avatarext = strrchr($newavatar['name'], "."); $avatarname = substr($newavatar['name'], 0, strrpos($newavatar['name'], ".")); if (preg_check("/^[-0-9A-Z_\\[\\]]+\$/i", $avatarname) && preg_check("/(\\.gif|\\.GIF|\\.jpg|\\.JPG|\\.jpeg|\\.JPEG|\\.png|\\.PNG)\$/", $avatarext) && $newavatar['size'] <= 30720) { $avatarname = $avatarname . "[" . $userdata['user_id'] . "]" . $avatarext; move_uploaded_file($newavatar['tmp_name'], IMAGES_AVA . $avatarname); chmod(IMAGES_AVA . $avatarname, 0644); $set_avatar = ", user_avatar='" . $avatarname . "'"; if ($size = @getimagesize(IMAGES_AVA . $avatarname)) { if ($size['0'] > 100 || $size['1'] > 100) { @unlink(IMAGES_AVA . $avatarname); $set_avatar = ""; } elseif (!verify_image(IMAGES_AVA . $avatarname)) { @unlink(IMAGES_AVA . $avatarname); $set_avatar = ""; } } else { @unlink(IMAGES_AVA . $avatarname); $set_avatar = ""; } } else { $set_avatar = ""; } } if (isset($_POST['del_avatar'])) { @unlink(IMAGES_AVA . $user_data['user_avatar']); $set_avatar = ", user_avatar=''"; }
function upload_image($source_image, $target_name = "", $target_folder = IMAGES, $target_width = "1800", $target_height = "1600", $max_size = "150000", $delete_original = false, $thumb1 = true, $thumb2 = true, $thumb1_ratio = 0, $thumb1_folder = IMAGES, $thumb1_suffix = "_t1", $thumb1_width = "100", $thumb1_height = "100", $thumb2_ratio = 0, $thumb2_folder = IMAGES, $thumb2_suffix = "_t2", $thumb2_width = "400", $thumb2_height = "300", $query = "") { if (is_uploaded_file($_FILES[$source_image]['tmp_name'])) { $image = $_FILES[$source_image]; if ($target_name != "" && !preg_match("/[^a-zA-Z0-9_-]/", $target_name)) { $image_name = $target_name; } else { $image_name = stripfilename(substr($image['name'], 0, strrpos($image['name'], "."))); } $image_ext = strtolower(strrchr($image['name'], ".")); if (filesize($image['tmp_name']) > 10 && @getimagesize($image['tmp_name'])) { $image_res = @getimagesize($image['tmp_name']); $image_info = array("image" => false, "image_name" => $image_name . $image_ext, "image_ext" => $image_ext, "image_size" => $image['size'], "image_width" => $image_res[0], "image_height" => $image_res[1], "thumb1" => false, "thumb1_name" => "", "thumb2" => false, "thumb2_name" => "", "error" => 0, "query" => $query); if ($image_ext == ".gif") { $filetype = 1; } elseif ($image_ext == ".jpg") { $filetype = 2; } elseif ($image_ext == ".png") { $filetype = 3; } else { $filetype = false; } if ($image['size'] > $max_size) { // Invalid file size $image_info['error'] = 1; } elseif (!$filetype || !verify_image($image['tmp_name'])) { // Unsupported image type $image_info['error'] = 2; } elseif ($image_res[0] > $target_width || $image_res[1] > $target_height) { // Invalid image resolution $image_info['error'] = 3; } else { $image_name_full = filename_exists($target_folder, $image_name . $image_ext); $image_name = substr($image_name_full, 0, strrpos($image_name_full, ".")); $image_info['image_name'] = $image_name_full; $image_info['image'] = true; move_uploaded_file($image['tmp_name'], $target_folder . $image_name_full); if (function_exists("chmod")) { chmod($target_folder . $image_name_full, 0644); } if ($query && !dbquery($query)) { // Invalid query string $image_info['error'] = 4; unlink($target_folder . $image_name_full); } elseif ($thumb1 || $thumb2) { require_once INCLUDES . "photo_functions_include.php"; $noThumb = false; if ($thumb1) { if ($image_res[0] <= $thumb1_width && $image_res[1] <= $thumb1_height) { $noThumb = true; $image_info['thumb1_name'] = $image_info['image_name']; $image_info['thumb1'] = true; } else { $image_name_t1 = filename_exists($thumb1_folder, $image_name . $thumb1_suffix . $image_ext); $image_info['thumb1_name'] = $image_name_t1; $image_info['thumb1'] = true; if ($thumb1_ratio == 0) { createthumbnail($filetype, $target_folder . $image_name_full, $thumb1_folder . $image_name_t1, $thumb1_width, $thumb1_height); } else { createsquarethumbnail($filetype, $target_folder . $image_name_full, $thumb1_folder . $image_name_t1, $thumb1_width); } } } if ($thumb2) { if ($image_res[0] < $thumb2_width && $image_res[1] < $thumb2_height) { $noThumb = true; $image_info['thumb2_name'] = $image_info['image_name']; $image_info['thumb2'] = true; } else { $image_name_t2 = filename_exists($thumb2_folder, $image_name . $thumb2_suffix . $image_ext); $image_info['thumb2_name'] = $image_name_t2; $image_info['thumb2'] = true; if ($thumb2_ratio == 0) { createthumbnail($filetype, $target_folder . $image_name_full, $thumb2_folder . $image_name_t2, $thumb2_width, $thumb2_height); } else { createsquarethumbnail($filetype, $target_folder . $image_name_full, $thumb2_folder . $image_name_t2, $thumb2_width); } } } if ($delete_original && !$noThumb) { unlink($target_folder . $image_name_full); $image_info['image'] = false; } } } } else { // The image is invalid $image_info = array("error" => 2); } } else { // Image not uploaded $image_info = array("error" => 5); } return $image_info; }
} } } if (!$error && !$submit_info['download_url'] && !$submit_info['download_file']) { $error = 3; } elseif (!$error && !empty($_FILES['download_image']['name']) && is_uploaded_file($_FILES['download_image']['tmp_name'])) { require_once INCLUDES . "infusions_include.php"; $image = "download_image"; $name = $_FILES['download_image']['name']; $folder = DOWNLOADS . "submissions/images/"; $width = $settings['download_screen_max_w']; $height = $settings['download_screen_max_h']; $size = $settings['download_screen_max_b']; $upload = upload_image($image, $name, $folder, $width, $height, $size, false, true, false, 1, $folder); if (!$upload['error']) { if (!@getimagesize($folder . $upload['image_name']) || !@verify_image($folder . $upload['image_name'])) { unlink($folder . $upload['image_name']); unlink($folder . $upload['thumb1_name']); $error = 11; } else { $submit_info['download_image'] = $upload['image_name']; $submit_info['download_image_thumb'] = $upload['thumb1_name']; } } else { switch ($upload['error']) { case 1: $error = 7; break; case 2: $error = 8; break;
$attach['tmp_name'] = $_FILES['attach']['tmp_name'][$a]; // Pimped $attach['size'] = $_FILES['attach']['size'][$a]; // Pimped $attach['name'] = attach_replace_space($attach['name']); // Pimped if ($attach['name'] != "" && !empty($attach['name']) && is_uploaded_file($attach['tmp_name'])) { $attachname = attach_name($attach['name'], true); $attachext = attach_name($attach['name'], false, true); if (preg_match("/^[-0-9A-Z_\\[\\]]+\$/i", $attachname) && $attach['size'] <= $settings['attachmax']) { $attachtypes = explode(",", $settings['attachtypes']); if (in_array($attachext, $attachtypes)) { $fullattachname = attach_name($attach['name']); move_uploaded_file($attach['tmp_name'], FORUM_ATT . $fullattachname); chmod(FORUM_ATT . $fullattachname, 0644); if (in_array($attachext, $imagetypes) && (!@getimagesize(FORUM_ATT . $fullattachname) || !@verify_image(FORUM_ATT . $fullattachname))) { unlink(FORUM_ATT . $fullattachname); $error = 1; } if (!$error) { $result = dbquery("INSERT INTO " . DB_FORUM_ATTACHMENTS . " (thread_id, post_id, attach_name, attach_ext, attach_size) VALUES ('" . $_GET['thread_id'] . "', '" . $_GET['post_id'] . "', '{$fullattachname}', '{$attachext}', '" . $attach['size'] . "')"); $result = dbquery("UPDATE " . DB_POSTS . " SET post_attachments=post_attachments+1 WHERE post_id='" . $_GET['post_id'] . "'"); } } else { @unlink($attach['tmp_name']); $error = 1; } } else { @unlink($attach['tmp_name']); $error = 2; }
unlink(IMAGES . "avatars/" . $avatarname); $set_avatar = "user_avatar=''"; } } else { unlink(IMAGES . "avatars/" . $avatarname); $set_avatar = "user_avatar=''"; } } else { $set_avatar = "user_avatar=''"; } $result = dbquery("update " . DB_USERS . " set {$set_avatar} where user_id='" . $userdata['user_id'] . "'"); if ($result) { redirect(FUSION_SELF . "?section=avatar&status=updated"); } } elseif (isset($_POST['avatarWeb']) && $_POST['avatarWeb'] !== "http://www.") { if (verify_image(stripinput($_POST['avatarWeb']))) { $avatarname = strrchr(stripinput($_POST['avatarWeb']), "/"); $avatarname = str_replace("/", "", $avatarname); $avatarext = strrchr($avatarname, "."); $avatarname = substr($avatarname, 0, strrpos($avatarname, ".")); if (preg_match("/^[-0-9A-Z_\\[\\]]+\$/i", $avatarname) && preg_match("/(\\.gif|\\.GIF|\\.jpg|\\.JPG|\\.jpeg|\\.JPEG|\\.png|\\.PNG)\$/", $avatarext)) { $avatarname = $avatarname . "[" . $userdata['user_id'] . "]" . $avatarext; $image = stripinput($_POST['avatarWeb']); copy($image, INFUSIONS . "fusionboard4/images/avatarst/" . $avatarname); createthumb(INFUSIONS . "fusionboard4/images/avatarst/" . $avatarname, IMAGES . "avatars/" . $avatarname, $fb4['avatar_max_w'], $fb4['avatar_max_h']); unlink(INFUSIONS . "fusionboard4/images/avatarst/" . $avatarname); $result = dbquery("update " . DB_USERS . " set user_avatar='{$avatarname}' where user_id='" . $userdata['user_id'] . "'"); redirect(FUSION_SELF . "?section=avatar&status=updated"); } else { redirect(FUSION_SELF . "?section=avatar"); }
$photo_pic = $_FILES['photo_pic_file']; $photo_name = strtolower(substr($photo_pic['name'], 0, strrpos($photo_pic['name'], "."))); $photo_ext = strtolower(strrchr($photo_pic['name'], ".")); $photo_dest = PHOTOS . "submissions/"; if (!preg_match("/^[-0-9A-Z_\\[\\]]+\$/i", $photo_name)) { $error = 1; } elseif ($photo_pic['size'] > $settings['photo_max_b']) { $error = 2; } elseif (!in_array($photo_ext, $photo_types)) { $error = 3; } else { $photo_file = image_exists($photo_dest, $photo_name . $photo_ext); move_uploaded_file($photo_pic['tmp_name'], $photo_dest . $photo_file); chmod($photo_dest . $photo_file, 0644); $imagefile = @getimagesize($photo_dest . $photo_file); if (!verify_image($photo_dest . $photo_file)) { $error = 3; unlink($photo_dest . $photo_file); } elseif ($imagefile[0] > $settings['photo_max_w'] || $imagefile[1] > $settings['photo_max_h']) { $error = 4; unlink($photo_dest . $photo_file); } else { $submit_info['photo_file'] = $photo_file; } } } add_to_title($locale['global_200'] . $locale['570']); opentable($locale['570']); if (!$error) { $result = dbquery("INSERT INTO " . DB_SUBMISSIONS . " (submit_type, submit_user, submit_datestamp, submit_criteria) VALUES ('p', '" . $userdata['user_id'] . "', '" . time() . "', '" . addslashes(serialize($submit_info)) . "')"); echo "<div style='text-align:center'><br />\n" . $locale['580'] . "<br /><br />\n";
private function validate_file($value, $type, $path, $maxsize, $default, $name, $id, $required = FALSE, $safemode = FALSE, $error_text = FALSE) { global $settings; if ($required && $value['name']) { if (isset($value['name'])) { require_once BASEDIR . 'includes/mimetypes_include.php'; if ($type == 'image') { $mimetypes = array('jpg' => 'image/jpg', 'jpeg' => 'image/jpeg', 'gif' => 'image/gif', 'png' => 'image/png', 'tiff' => 'image/tiff', 'tif' => 'image/tif', 'bmp' => 'image/x-ms-bmp', 'ico' => 'image/x-icon'); // all } elseif ($type == 'file') { $mimetypes = mimeTypes(); // all } $acceptable = explode(',', $settings['attachtypes']); //jpg. foreach ($acceptable as $types_of_files_mime) { $files_ext = $mimetypes[ltrim($types_of_files_mime, '.')]; if ($files_ext) { $acceptable_files[] = $files_ext; } } $errors = array(); $maxsize = $settings['attachmax']; $file_max_size = parsebytesize($maxsize); if ($value['size'] >= $maxsize || $value['size'] == 0) { $errors[] = 1; $error_text = "File too large. File must be less than " . $file_max_size . "."; $this->stop(); $this->addError($id); $this->addHelperText($id, $error_text); $this->addNotice("<b>{$name}</b> is not a valid file type."); } if (!in_array($value['type'], $acceptable_files) && !empty($value['type'])) { $errors[] = 1; $error_text = "Invalid file type. Only " . implode(", ", $acceptable) . " is allowed."; $this->stop(); $this->addError($id); $this->addHelperText($id, $error_text); $this->addNotice("<b>{$name}</b> is not a valid file type."); } if (count($errors) === 0) { $ext = strrchr($value['name'], "."); $secret_rand = rand(1000000, 9999999); $hash = substr(md5($secret_rand), 8, 8); $return_value = isset($value['name']) && $value['name'] !== "" ? $location . $hash . $ext : $default; if (!defined('FUSION_NULL')) { if (is_uploaded_file($value['tmp_name'])) { if (verify_image($value['tmp_name'])) { //if (!file_exists($location)) { // mkdir($location, 0644, true); //} move_uploaded_file($value['tmp_name'], $location . $hash . $ext); } else { $this->addNotice("<b>{$name}</b> is failed verification check."); } } else { $this->addNotice("<b>{$name}</b> is not uploaded."); } } return $return_value; } return $default; } else { $this->stop(); $this->addError($id); $this->addHelperText($id, $error_text); $this->addNotice("<b>{$name}</b> is not a valid file."); } } else { return $default; } }