function flag_ajax_operation() { global $wpdb; // if nonce is not correct it returns -1 check_ajax_referer("flag-ajax"); // check for correct capability if (!is_user_logged_in()) { die('-1'); } // check for correct FlAG capability if (!current_user_can('FlAG Upload images') || !current_user_can('FlAG Manage gallery')) { die('-1'); } // include the flag function include_once dirname(__FILE__) . '/functions.php'; // Get the image id if (isset($_POST['image'])) { $id = (int) $_POST['image']; // let's get the image data $picture = flagdb::find_image($id); // what do you want to do ? switch ($_POST['operation']) { case 'create_thumbnail': $result = flagAdmin::create_thumbnail($picture); break; case 'resize_image': $result = flagAdmin::resize_image($picture); break; case 'webview_image': $result = flagAdmin::webview_image($picture); break; case 'import_metadata': $result = flagAdmin::import_MetaData($id); break; case 'copy_metadata': $result = flagAdmin::copy_MetaData($id); break; case 'get_image_ids': $result = flagAdmin::get_image_ids($id); break; default: do_action('flag_ajax_' . sanitize_key($_POST['operation'])); die('-1'); break; } // A success should return a '1' die($result); } // The script should never stop here die('0'); }
// Open temp file if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $file)) { $alttext = esc_sql($account->alttext); $description = esc_sql($account->description); $exclude = intval($account->exclude); $location = esc_sql($account->location); $wpdb->query("INSERT INTO {$wpdb->flagpictures} (galleryid, filename, alttext, description, exclude, location) VALUES ('{$gid}', '{$filename}', '{$alttext}', '{$description}', '{$exclude}', '{$location}')"); // and give me the new id $pic_id = (int) $wpdb->insert_id; @(require_once dirname(dirname(__FILE__)) . '/admin/functions.php'); // add the metadata flagAdmin::import_MetaData($pic_id); // action hook for post process after the image is added to the database $image = array('id' => $pic_id, 'filename' => $filename, 'galleryID' => $gid); do_action('flag_added_new_image', $image); $thumb = flagAdmin::create_thumbnail($pic_id); if ($thumb != '1') { die('{"status":"thumb_error: ' . $thumb . '"}'); } } else { @unlink($_FILES['userfile']['tmp_name']); die('{"status":"fwrite_error"}'); } } $r['data'] = $wpdb->get_results("SELECT pid, galleryid, filename, description, alttext, link, UNIX_TIMESTAMP(imagedate) AS imagedate, UNIX_TIMESTAMP(modified) AS modified, sortorder, exclude, location, hitcounter, total_value, total_votes, meta_data FROM {$wpdb->flagpictures} WHERE galleryid = '{$gid}' ORDER BY pid DESC"); $r['data'] = stripslashes_deep($r['data']); $i = 0; foreach ($r['data'] as $image_data) { $meta = maybe_unserialize($image_data->meta_data); if (isset($meta['webview']) && !empty($meta['webview'])) { $r['data'][$i]->webviewfilename = '/webview/' . $image_data->filename;
/** * Upload function will be called via the Flash uploader * * @class flagAdmin * @param integer $galleryID * @return string $result */ static function swfupload_image($galleryID = 0) { global $wpdb; if ($galleryID == 0) { //@unlink($temp_file); return __('No gallery selected!', 'flag'); } // WPMU action if (flagAdmin::check_quota()) { return '0'; } // Check the upload if (!isset($_FILES['file']) || !is_uploaded_file($_FILES["file"]["tmp_name"]) || $_FILES["file"]["error"] === UPLOAD_ERR_OK) { flagAdmin::file_upload_error_message($_FILES['file']['error']); } // get the filename and extension $temp_file = $_FILES["file"]['tmp_name']; $filepart = flagGallery::fileinfo($_FILES['file']['name']); $filename = $filepart['basename']; // check for allowed extension $ext = array('jpeg', 'jpg', 'png', 'gif'); if (!in_array($filepart['extension'], $ext)) { return $filename . ' ' . __('is no valid image file!', 'flag'); } // get the path to the gallery $gallerypath = $wpdb->get_var($wpdb->prepare("SELECT path FROM {$wpdb->flaggallery} WHERE gid = %d ", $galleryID)); if (!$gallerypath) { @unlink($temp_file); return __('Failure in database, no gallery path set !', 'flag'); } // read list of images $imageslist = flagAdmin::scandir(WINABSPATH . $gallerypath); // check if this filename already exist $i = 0; while (in_array($filename, $imageslist)) { $filename = sanitize_title($filepart['filename']) . '_' . $i++ . '.' . $filepart['extension']; } $dest_file = WINABSPATH . $gallerypath . '/' . $filename; // save temp file to gallery if (!@move_uploaded_file($temp_file, $dest_file)) { flagAdmin::check_safemode(WINABSPATH . $gallerypath); return __('Error, the file could not moved to : ', 'flag') . $dest_file; } if (!flagAdmin::chmod($dest_file)) { return __('Error, the file permissions could not set', 'flag'); } // add images to database $image_ids = flagAdmin::add_Images($galleryID, array($filename)); $return = ''; //create thumbnails foreach ($image_ids as $picture) { $return = flagAdmin::create_thumbnail($picture); } //add the preview image if needed if (intval($_POST['last']) == 1) { flagAdmin::set_gallery_preview($galleryID); } return intval($return) == 1 ? '' : $return; }