Example #1
0
/**
* Main driver to handle the uploaded autotag
*
* Determines if a new style (supports automated installer) or
* an old style.
*
* @return   string              Formatted HTML containing the page body
*
*/
function processAutotagUpload()
{
    global $_CONF, $_PLUGINS, $_TABLES, $autotagData, $LANG32, $_DB_dbms, $_DB_table_prefix;
    $retval = '';
    $upgrade = false;
    $errors = '';
    if (count($_FILES) > 0 && $_FILES['autotagfile']['error'] != UPLOAD_ERR_NO_FILE) {
        require_once $_CONF['path_system'] . 'classes/upload.class.php';
        $upload = new upload();
        if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
            $upload->setLogFile($_CONF['path'] . 'logs/error.log');
            $upload->setDebug(true);
        }
        $upload->setMaxFileUploads(1);
        $upload->setMaxFileSize(4194304);
        $upload->setAllowedMimeTypes(array('application/x-gzip' => '.gz,.gzip,tgz', 'application/zip' => '.zip'));
        $upload->setFieldName('autotagfile');
        if (!$upload->setPath($_CONF['path_data'] . 'temp')) {
            return _at_errorBox($upload->printErrors(false));
            exit;
        }
        $filename = COM_sanitizeFilename($_FILES['autotagfile']['name'], true);
        $upload->setFileNames($filename);
        $upload->uploadFiles();
        if ($upload->areErrors()) {
            return _at_errorBox($upload->printErrors(false));
            exit;
        }
        $Finalfilename = $_CONF['path_data'] . 'temp/' . $filename;
    } else {
        return _at_errorBox($LANG32[46]);
    }
    // decompress into temp directory
    if (function_exists('set_time_limit')) {
        @set_time_limit(60);
    }
    if (!($tmp = _io_mktmpdir())) {
        return _at_errorBox($LANG32[47]);
    }
    if (!COM_decompress($Finalfilename, $_CONF['path_data'] . $tmp)) {
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _at_errorBox($LANG32[48]);
    }
    @unlink($Finalfilename);
    // read XML data file, places in $autotagData;
    $autotagData = array();
    $rc = _at_parseXML($_CONF['path_data'] . $tmp);
    if ($rc == -1) {
        // no xml file found
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion']));
    }
    if (!isset($autotagData['id']) || !isset($autotagData['version'])) {
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion']));
    }
    // proper glfusion version
    if (!COM_checkVersion(GVERSION, $autotagData['glfusionversion'])) {
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion']));
    }
    if (!COM_checkVersion(phpversion(), $autotagData['phpversion'])) {
        $retval .= sprintf($LANG32[50], $autotagData['phpversion']);
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _at_errorBox(sprintf($LANG32[50], $autotagData['phpversion']));
    }
    if ($errors != '') {
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _at_errorBox($errors);
    }
    // check to see if an auto tag already exists...
    // removed so we can update existing auto tags
    /*
        $result = DB_query("SELECT * FROM {$_TABLES['autotags']} WHERE tag='".DB_escapeString($autotagData['id'])."'");
        if ( DB_numRows($result) > 0 ) {
            _pi_deleteDir($_CONF['path_data'].$tmp);
            return _at_errorBox(sprintf($LANG32[52],$autotagData['id']));
        }
    */
    $permError = 0;
    $permErrorList = '';
    if (function_exists('set_time_limit')) {
        @set_time_limit(30);
    }
    // test copy to proper directories
    $autotagData['id'] = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', $autotagData['id']);
    list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $autotagData['id'] . '/', $_CONF['path_system'] . 'autotags/');
    if ($rc > 0) {
        $permError = 1;
        foreach ($failed as $filename) {
            $permErrorList .= sprintf($LANG32[41], $filename);
        }
    }
    if ($permError != 0) {
        $errorMessage = '<h2>' . $LANG32[42] . '</h2>' . $LANG32[43] . $permErrorList . '<br />' . $LANG32[44];
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _at_errorBox($errorMessage);
    }
    $T = new Template($_CONF['path_layout'] . 'admin/autotag');
    $T->set_file('form', 'autotag_upload_confirm.thtml');
    $T->set_var(array('form_action_url' => $_CONF['site_admin_url'] . '/autotag_upload.php', 'action' => 'processupload', 'pi_name' => $autotagData['id'], 'pi_version' => $autotagData['version'], 'pi_url' => $autotagData['url'], 'pi_gl_version' => $autotagData['glfusionversion'], 'pi_desc' => $autotagData['description'], 'pi_author' => $autotagData['author'], 'upgrade' => $upgrade, 'temp_dir' => $tmp));
    $retval .= $T->parse('output', 'form');
    return $retval;
}
Example #2
0
/**
* Upload new photo, delete old photo
*
* @param    string  $delete_photo   'on': delete old photo
* @return   string                  filename of new photo (empty = no new photo)
*
*/
function USER_handlePhotoUpload($uid, $delete_photo = '')
{
    global $_CONF, $_TABLES, $LANG24;
    USES_class_upload();
    $upload = new upload();
    if (!empty($_CONF['image_lib'])) {
        $upload->setAutomaticResize(true);
        if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
            $upload->setLogFile($_CONF['path'] . 'logs/error.log');
            $upload->setDebug(true);
        }
    }
    $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
    if (!$upload->setPath($_CONF['path_images'] . 'userphotos')) {
        return '';
    }
    $filename = '';
    if (!empty($delete_photo) && $delete_photo == 1) {
        $delete_photo = true;
    } else {
        $delete_photo = false;
    }
    $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = " . (int) $uid);
    if (empty($curphoto)) {
        $delete_photo = false;
    }
    // see if user wants to upload a (new) photo
    $newphoto = $_FILES['photo'];
    if (!empty($newphoto['name'])) {
        $pos = strrpos($newphoto['name'], '.') + 1;
        $fextension = substr($newphoto['name'], $pos);
        $filename = $uid . '.' . $fextension;
        if (!empty($curphoto) && $filename != $curphoto) {
            $delete_photo = true;
        } else {
            $delete_photo = false;
        }
    }
    // delete old photo first
    if ($delete_photo) {
        USER_deletePhoto($curphoto);
    }
    // now do the upload
    if (!empty($filename)) {
        $upload->setFileNames($filename);
        $upload->setFieldName('photo');
        $upload->setPerms('0644');
        $upload->setMaxDimensions(1024000, 1024000);
        $upload->uploadFiles();
        if ($upload->areErrors()) {
            return '';
        }
        IMG_resizeImage($_CONF['path_images'] . 'userphotos/' . $filename, $_CONF['path_images'] . 'userphotos/' . $filename, $_CONF['max_photo_height'], $_CONF['max_photo_width']);
    } else {
        if (!$delete_photo && !empty($curphoto)) {
            $filename = $curphoto;
        }
    }
    return $filename;
}
Example #3
0
function addDownload()
{
    global $_CONF, $_USER, $_TABLES, $filemgmt_FileStoreURL, $filemgmt_FileSnapURL, $filemgmt_FileStore, $filemgmt_SnapStore;
    global $myts, $eh, $_FMDOWNLOAD, $filemgmtFilePermissions;
    if (defined('DEMO_MODE')) {
        redirect_header($_CONF['site_url'] . "/index.php", 10, 'Uploads are disabled in demo mode');
        exit;
    }
    $title = $myts->makeTboxData4Save($_POST['title']);
    $homepage = $myts->makeTboxData4Save($_POST['homepage']);
    $version = $myts->makeTboxData4Save($_POST['version']);
    $description = $myts->makeTareaData4Save($_POST['description']);
    $commentoption = $_POST['commentoption'];
    $fileurl = COM_applyFilter($_POST['fileurl']);
    $submitter = $_USER['uid'];
    $errormsg = "";
    // Check if Title blank
    if ($title == "") {
        $eh->show("1104");
    }
    // Check if Description blank
    if ($description == "") {
        $eh->show("1105");
    }
    // Check if a file was uploaded
    if ($_FILES['newfile']['size'] == 0 && empty($fileurl)) {
        $eh->show("1017");
    }
    if (!empty($_POST['cid'])) {
        $cid = $_POST['cid'];
    } else {
        $cid = 0;
        $eh->show("1110");
    }
    $filename = '';
    //$myts->makeTboxData4Save($_FILES['newfile']['name']);
    $url = '';
    //$myts->makeTboxData4Save(rawurlencode($filename));
    $snapfilename = '';
    // = $myts->makeTboxData4Save($_FILES['newfileshot']['name']);
    $logourl = '';
    //$myts->makeTboxData4Save(rawurlencode($snapfilename));
    require_once $_CONF['path_system'] . 'classes/upload.class.php';
    $upload = new upload();
    $upload->setFieldName('newfile');
    $upload->setPath($filemgmt_FileStore);
    $upload->setAllowAnyMimeType(true);
    // allow any file type
    $upload->setMaxFileSize(100000000);
    if ($upload->numFiles() > 0) {
        $upload->uploadFiles();
        if ($upload->areErrors()) {
            $errmsg = "Upload Error: " . $upload->printErrors(false);
            COM_errorLog($errmsg);
            $eh->show("1106");
        } else {
            $size = $myts->makeTboxData4Save(intval($upload->_currentFile['size']));
            $filename = $myts->makeTboxData4Save($upload->_currentFile['name']);
            $url = $myts->makeTboxData4Save(rawurlencode($filename));
            $pos = strrpos($filename, '.') + 1;
            $fileExtension = strtolower(substr($filename, $pos));
            if (array_key_exists($fileExtension, $_FMDOWNLOAD)) {
                if ($_FMDOWNLOAD[$fileExtension] == 'reject') {
                    COM_errorLOG("AddNewFile - New Upload file is rejected by config rule:{$uploadfilename}");
                    $eh->show("1109");
                } else {
                    $fileExtension = $_FMDOWNLOAD[$fileExtension];
                    $pos = strrpos($url, '.') + 1;
                    $url = strtolower(substr($url, 0, $pos)) . $fileExtension;
                    $pos2 = strrpos($filename, '.') + 1;
                    $filename = substr($filename, 0, $pos2) . $fileExtension;
                }
            }
            $AddNewFile = true;
        }
    }
    if ($upload->numFiles() == 0 && !$upload->areErrors() && !empty($fileurl)) {
        $url = $fileurl;
        $size = 0;
        $AddNewFile = true;
    }
    $upload = new upload();
    $upload->setFieldName('newfileshot');
    $upload->setPath($filemgmt_SnapStore);
    $upload->setAllowAnyMimeType(false);
    $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
    $upload->setAutomaticResize(true);
    if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
        $upload->setLogFile($_CONF['path'] . 'logs/error.log');
        $upload->setDebug(true);
    }
    $upload->setMaxDimensions(640, 480);
    $upload->setAutomaticResize(true);
    $upload->setMaxFileSize(100000000);
    $upload->uploadFiles();
    if ($upload->numFiles() > 0) {
        if ($upload->areErrors()) {
            $errmsg = "Upload Error: " . $upload->printErrors(false);
            COM_errorLog($errmsg);
            $eh->show("1106");
        } else {
            $snapfilename = $myts->makeTboxData4Save($upload->_currentFile['name']);
            $logourl = $myts->makeTboxData4Save(rawurlencode($snapfilename));
            $AddNewFile = true;
        }
    }
    if ($AddNewFile) {
        $chown = @chmod($filemgmt_FileStore . $filename, $filemgmtFilePermissions);
        if (strlen($version) > 9) {
            $version = substr($version, 0, 8);
        }
        $fields = 'cid, title, url, homepage, version, size, logourl, submitter, status, date, hits, rating, votes, comments';
        $sql = "INSERT INTO {$_TABLES['filemgmt_filedetail']} ({$fields}) VALUES ";
        $sql .= "('" . DB_escapeString($cid) . "','" . $title . "','" . $url . "','" . $homepage . "','" . $version . "','" . $size . "','" . $logourl . "','" . DB_escapeString($submitter) . "',1,UNIX_TIMESTAMP(),0,0,0,'" . DB_escapeString($commentoption) . "')";
        DB_query($sql);
        $newid = DB_insertID();
        DB_query("INSERT INTO {$_TABLES['filemgmt_filedesc']} (lid, description) VALUES ({$newid}, '" . $description . "')");
        PLG_itemSaved($newid, 'filemgmt');
        CACHE_remove_instance('whatsnew');
        if (isset($duplicatefile) && $duplicatefile) {
            redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php", 2, _MD_NEWDLADDED_DUPFILE);
        } elseif (isset($duplicatesnap) && $duplicatesnap) {
            redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php", 2, _MD_NEWDLADDED_DUPSNAP);
        } else {
            redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php", 2, _MD_NEWDLADDED);
        }
        exit;
    } else {
        redirect_header("index.php", 2, _MD_ERRUPLOAD . "");
        exit;
    }
}
Example #4
0
/**
*   Import events from a CSV file into the database.
*
*   @return string      Completion message
*/
function EVLIST_importEvents()
{
    global $_CONF, $_TABLES, $LANG_EVLIST, $_USER;
    // Setting this to true will cause import to print processing status to
    // webpage and to the error.log file
    $verbose_import = true;
    $retval = '';
    // First, upload the file
    USES_class_upload();
    $upload = new upload();
    $upload->setPath($_CONF['path_data']);
    $upload->setAllowedMimeTypes(array('text/plain' => '.txt, .csv', 'application/octet-stream' => '.txt, .csv'));
    $upload->setFileNames('evlist_import_file.txt');
    $upload->setFieldName('importfile');
    if ($upload->uploadFiles()) {
        // Good, file got uploaded, now install everything
        $filename = $_CONF['path_data'] . 'evlist_import_file.txt';
        if (!file_exists($filename)) {
            // empty upload form
            $retval = $LANG_EVLIST['err_invalid_import'];
            return $retval;
        }
    } else {
        // A problem occurred, print debug information
        $retval .= $upload->printErrors(false);
        return $retval;
    }
    $fp = fopen($filename, 'r');
    if (!$fp) {
        $retval = $LANG_EVLIST['err_invalid_import'];
        return $retval;
    }
    USES_evlist_class_event();
    $success = 0;
    $failures = 0;
    // Set owner_id to the current user and group_id to the default
    $owner_id = (int) $_USER['uid'];
    if ($owner_id < 2) {
        $owner_id = 2;
    }
    // last resort, use Admin
    $group_id = (int) DB_getItem($_TABLES['groups'], 'grp_id', 'grp_name="evList Admin"');
    if ($group_id < 2) {
        $group_id = 2;
    }
    // last resort, use Root
    while (($event = fgetcsv($fp)) !== false) {
        $Ev = new evEvent();
        $Ev->isNew = true;
        $i = 0;
        $A = array('date_start1' => $event[$i++], 'date_end1' => $event[$i++], 'time_start1' => $event[$i++], 'time_end1' => $event[$i++], 'title' => $event[$i++], 'summary' => $event[$i++], 'full_description' => $event[$i++], 'url' => $event[$i++], 'location' => $event[$i++], 'street' => $event[$i++], 'city' => $event[$i++], 'province' => $event[$i++], 'country' => $event[$i++], 'postal' => $event[$i++], 'contact' => $event[$i++], 'email' => $event[$i++], 'phone' => $event[$i++], 'cal_id' => 1, 'status' => 1, 'hits' => 0, 'recurring' => 0, 'split' => 0, 'time_start2' => '00:00:00', 'time_end2' => '00:00:00', 'owner_id' => $owner_id, 'group_id' => $group_id);
        if ($_CONF['hour_mode'] == 12) {
            list($hour, $minute, $second) = explode(':', $A['time_start1']);
            if ($hour > 12) {
                $hour -= 12;
                $am = 'pm';
            } elseif ($hour == 0) {
                $hour = 12;
                $am = 'am';
            } else {
                $am = 'am';
            }
            $A['start1_ampm'] = $am;
            $A['starthour1'] = $hour;
            $A['startminute1'] = $minute;
            list($hour, $minute, $second) = explode(':', $A['time_end1']);
            if ($hour > 12) {
                $hour -= 12;
                $am = 'pm';
            } elseif ($hour == 0) {
                $hour = 12;
                $am = 'am';
            } else {
                $am = 'am';
            }
            $A['end1_ampm'] = $am;
            $A['endhour1'] = $hour;
            $A['endminute1'] = $minute;
        }
        if ($A['time_start1'] == '00:00:00' && $A['time_end1'] == '00:00:00') {
            $A['allday'] = 1;
        } else {
            $A['allday'] = 0;
        }
        $msg = $Ev->Save($A);
        if (empty($msg)) {
            $successes++;
        } else {
            $failures++;
        }
    }
    return "{$successes} Succeeded<br />{$failures} Failed";
}
Example #5
0
/**
* Upload new photo, delete old photo
*
* @param    string  $delete_photo   'on': delete old photo
* @return   string                  filename of new photo (empty = no new photo)
*
*/
function handlePhotoUpload($delete_photo = '')
{
    global $_CONF, $_TABLES, $_USER, $LANG24;
    require_once $_CONF['path_system'] . 'classes/upload.class.php';
    $upload = new upload();
    if (!empty($_CONF['image_lib'])) {
        $upload->setAutomaticResize(true);
        if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
            $upload->setLogFile($_CONF['path'] . 'logs/error.log');
            $upload->setDebug(true);
        }
    }
    $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
    if (!$upload->setPath($_CONF['path_images'] . 'userphotos')) {
        $display = COM_siteHeader('menu', $LANG24[30]);
        $display .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
        $display .= COM_siteFooter();
        echo $display;
        exit;
        // don't return
    }
    $filename = '';
    if (!empty($delete_photo) && $delete_photo == 'on') {
        $delete_photo = true;
    } else {
        $delete_photo = false;
    }
    $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
    if (empty($curphoto)) {
        $delete_photo = false;
    }
    // see if user wants to upload a (new) photo
    $newphoto = $_FILES['photo'];
    if (!empty($newphoto['name'])) {
        $pos = strrpos($newphoto['name'], '.') + 1;
        $fextension = substr($newphoto['name'], $pos);
        $filename = $_USER['uid'] . '.' . $fextension;
        if (!empty($curphoto) && $filename != $curphoto) {
            $delete_photo = true;
        } else {
            $delete_photo = false;
        }
    }
    // delete old photo first
    if ($delete_photo) {
        USER_deletePhoto($curphoto);
    }
    // now do the upload
    if (!empty($filename)) {
        $upload->setFileNames($filename);
        $upload->setFieldName('photo');
        $upload->setPerms('0644');
        if ($_CONF['max_photo_width'] > 0 && $_CONF['max_photo_height'] > 0) {
            $upload->setMaxDimensions($_CONF['max_photo_width'], $_CONF['max_photo_height']);
        } else {
            $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
        }
        if ($_CONF['max_photo_size'] > 0) {
            $upload->setMaxFileSize($_CONF['max_photo_size']);
        } else {
            $upload->setMaxFileSize($_CONF['max_image_size']);
        }
        $upload->uploadFiles();
        if ($upload->areErrors()) {
            $display = COM_siteHeader('menu', $LANG24[30]);
            $display .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
            $display .= COM_siteFooter();
            echo $display;
            exit;
            // don't return
        }
    } else {
        if (!$delete_photo && !empty($curphoto)) {
            $filename = $curphoto;
        }
    }
    return $filename;
}
Example #6
0
/**
* Upload new topic icon, replaces previous icon if one exists
*
* @param    string  tid     ID of topic to prepend to filename
* @return   string          filename of new photo (empty = no new photo)
*
*/
function TOPIC_iconUpload($tid)
{
    global $_CONF, $_TABLES, $LANG27;
    require_once $_CONF['path_system'] . 'classes/upload.class.php';
    $upload = new upload();
    if (!empty($_CONF['image_lib'])) {
        $upload->setAutomaticResize(true);
        if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
            $upload->setLogFile($_CONF['path'] . 'logs/error.log');
            $upload->setDebug(true);
        }
    }
    $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
    if (!$upload->setPath($_CONF['path_images'] . 'topics')) {
        $display = COM_siteHeader('menu', $LANG27[29]);
        $display .= COM_showMessageText($upload->printErrors(false), $LANG27[29], true);
        $display .= COM_siteFooter();
        echo $display;
        exit;
        // don't return
    }
    $upload->setFieldName('newicon');
    $filename = '';
    // see if user wants to upload a (new) icon
    $newicon = $_FILES['newicon'];
    if (!empty($newicon['name'])) {
        $pos = strrpos($newicon['name'], '.') + 1;
        $fextension = substr($newicon['name'], $pos);
        $filename = 'topic_' . $tid . '.' . $fextension;
    }
    // do the upload
    if (!empty($filename)) {
        $upload->setFileNames($filename);
        $upload->setPerms('0644');
        if ($_CONF['max_topicicon_width'] > 0 && $_CONF['max_topicicon_height'] > 0) {
            $upload->setMaxDimensions($_CONF['max_topicicon_width'], $_CONF['max_topicicon_height']);
        } else {
            $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
        }
        if ($_CONF['max_topicicon_size'] > 0) {
            $upload->setMaxFileSize($_CONF['max_topicicon_size']);
        } else {
            $upload->setMaxFileSize($_CONF['max_image_size']);
        }
        $upload->uploadFiles();
        if ($upload->areErrors()) {
            $display = COM_siteHeader('menu', $LANG27[29]);
            $display .= COM_showMessageText($upload->printErrors(false), $LANG27[29], true);
            $display .= COM_siteFooter();
            echo $display;
            exit;
            // don't return
        }
        $filename = '/images/topics/' . $filename;
    }
    return $filename;
}
Example #7
0
/**
* Main driver to handle the uploaded plugin
*
* Determines if a new style (supports automated installer) or
* an old style.
*
* @return   string              Formatted HTML containing the page body
*
*/
function processPluginUpload()
{
    global $_CONF, $_PLUGINS, $_PLUGIN_INFO, $_TABLES, $pluginData, $LANG_ADMIN, $LANG32, $_DB_dbms, $_DB_table_prefix, $_IMAGE_TYPE;
    $retval = '';
    $upgrade = false;
    if (count($_FILES) > 0 && $_FILES['pluginfile']['error'] != UPLOAD_ERR_NO_FILE) {
        require_once $_CONF['path_system'] . 'classes/upload.class.php';
        $upload = new upload();
        if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
            $upload->setLogFile($_CONF['path'] . 'logs/error.log');
            $upload->setDebug(true);
        }
        $upload->setMaxFileUploads(1);
        $upload->setMaxFileSize(25165824);
        $upload->setAllowedMimeTypes(array('application/x-gzip' => '.gz,.gzip,tgz', 'application/zip' => '.zip', 'application/x-tar' => '.tar,.tar.gz,.gz', 'application/x-gzip-compressed' => '.tar.gz,.tgz,.gz'));
        $upload->setFieldName('pluginfile');
        if (!$upload->setPath($_CONF['path_data'] . 'temp')) {
            return _pi_errorBox($upload->printErrors(false));
            exit;
        }
        $filename = $_FILES['pluginfile']['name'];
        $upload->setFileNames($filename);
        $upload->uploadFiles();
        if ($upload->areErrors()) {
            return _pi_errorBox($upload->printErrors(false));
            exit;
        }
        $Finalfilename = $_CONF['path_data'] . 'temp/' . $filename;
    } else {
        return _pi_errorBox($LANG32[46]);
    }
    // decompress into temp directory
    if (function_exists('set_time_limit')) {
        @set_time_limit(60);
    }
    if (!($tmp = _io_mktmpdir())) {
        return _pi_errorBox($LANG32[47]);
    }
    if (!COM_decompress($Finalfilename, $_CONF['path_data'] . $tmp)) {
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _pi_errorBox($LANG32[48]);
    }
    @unlink($Finalfilename);
    // read XML data file, places in $pluginData;
    $pluginData = array();
    $rc = _pi_parseXML($_CONF['path_data'] . $tmp);
    if ($rc == -1) {
        // no xml file found
        return processOldPlugin($tmp);
    }
    if (!isset($pluginData['id']) || !isset($pluginData['version'])) {
        return processOldPlugin($tmp);
    }
    // proper glfusion version
    if (!COM_checkVersion(GVERSION, $pluginData['glfusionversion'])) {
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _pi_errorBox(sprintf($LANG32[49], $pluginData['glfusionversion']));
    }
    if (!COM_checkVersion(phpversion(), $pluginData['phpversion'])) {
        $retval .= sprintf($LANG32[50], $pluginData['phpversion']);
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _pi_errorBox(sprintf($LANG32[50], $pluginData['phpversion']));
    }
    // check prerequisites
    $errors = '';
    if (isset($pluginData['requires']) && is_array($pluginData['requires'])) {
        foreach ($pluginData['requires'] as $reqPlugin) {
            list($reqPlugin, $required_ver) = explode(',', $reqPlugin);
            if (!isset($_PLUGIN_INFO[$reqPlugin])) {
                // required plugin not installed
                $errors .= sprintf($LANG32[51], $pluginData['id'], $reqPlugin, $reqPlugin);
            } elseif (!empty($required_ver)) {
                $installed_ver = $_PLUGIN_INFO[$reqPlugin];
                if (!COM_checkVersion($installed_ver, $required_ver)) {
                    // required plugin installed, but wrong version
                    $errors .= sprintf($LANG32[90], $required_ver, $reqPlugin, $installed_ver, $reqPlugin);
                }
            }
        }
    }
    if ($errors != '') {
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _pi_errorBox($errors);
    }
    // check if plugin already exists
    // if it does, check that this is an upgrade
    // if not, error
    // else validate we really want to upgrade
    $result = DB_query("SELECT * FROM {$_TABLES['plugins']} WHERE pi_name='" . DB_escapeString($pluginData['id']) . "'");
    if (DB_numRows($result) > 0) {
        $P = DB_fetchArray($result);
        if ($P['pi_version'] == $pluginData['version']) {
            _pi_deleteDir($_CONF['path_data'] . $tmp);
            return _pi_errorBox(sprintf($LANG32[52], $pluginData['id']));
        }
        // if we are here, it must be an upgrade or disabled plugin....
        $rc = COM_checkVersion($pluginData['version'], $P['pi_version']);
        if ($rc < 1) {
            _pi_deleteDir($_CONF['path_data'] . $tmp);
            return _pi_errorBox(sprintf($LANG32[53], $pluginData['id'], $pluginData['version'], $P['pi_version']));
        }
        if ($P['pi_enabled'] != 1) {
            _pi_deleteDir($_CONF['path_data'] . $tmp);
            return _pi_errorBox($LANG32[72]);
        }
        $upgrade = true;
    }
    $permError = 0;
    $permErrorList = '';
    if (function_exists('set_time_limit')) {
        @set_time_limit(30);
    }
    // test copy to proper directories
    list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $pluginData['id'] . '/', $_CONF['path'] . 'plugins/' . $pluginData['id']);
    if ($rc > 0) {
        $permError = 1;
        foreach ($failed as $filename) {
            $permErrorList .= sprintf($LANG32[41], $filename);
        }
    }
    list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $pluginData['id'] . '/admin/', $_CONF['path_html'] . 'admin/plugins/' . $pluginData['id']);
    if ($rc > 0) {
        $permError = 1;
        foreach ($failed as $filename) {
            $permErrorList .= sprintf($LANG32[41], $filename);
        }
    }
    list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $pluginData['id'] . '/public_html/', $_CONF['path_html'] . $pluginData['id']);
    if ($rc > 0) {
        $permError = 1;
        foreach ($failed as $filename) {
            $permErrorList .= sprintf($LANG32[41], $filename);
        }
    }
    if ($permError != 0) {
        $errorMessage = '<h2>' . $LANG32[42] . '</h2>' . $LANG32[43] . $permErrorList . '<br />' . $LANG32[44];
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _pi_errorBox($errorMessage);
    }
    USES_lib_admin();
    $menu_arr = array(array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
    $T = new Template($_CONF['path_layout'] . 'admin/plugins');
    $T->set_file('form', 'plugin_upload_confirm.thtml');
    $T->set_var('admin_menu', ADMIN_createMenu($menu_arr, $pluginData['id'] . ' ' . $LANG32[62], $_CONF['layout_url'] . '/images/icons/plugins.' . $_IMAGE_TYPE));
    $T->set_var(array('form_action_url' => $_CONF['site_admin_url'] . '/plugin_upload.php', 'action' => 'processupload', 'pi_name' => $pluginData['id'], 'pi_version' => $pluginData['version'], 'pi_url' => $pluginData['url'], 'pi_gl_version' => $pluginData['glfusionversion'], 'pi_desc' => $pluginData['description'], 'pi_author' => $pluginData['author'], 'plugin_old_version' => $P['pi_version'], 'upgrade' => $upgrade, 'temp_dir' => $tmp));
    $retval .= $T->parse('output', 'form');
    return $retval;
}
Example #8
0
/**
 * Submit a new or updated story. The story is updated if it exists, or a new one is created
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @return  int		    Response code as defined in lib-plugins.php
 */
function service_submit_story($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
    if (!SEC_hasRights('story.edit')) {
        $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true);
        return PLG_RET_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        /* This is EDIT mode, so there should be an old sid */
        if (empty($args['old_sid'])) {
            if (!empty($args['id'])) {
                $args['old_sid'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sid'])) {
                $args['sid'] = $args['old_sid'];
            }
        }
    } else {
        if (empty($args['sid']) && !empty($args['id'])) {
            $args['sid'] = $args['id'];
        }
    }
    /* Store the first CATEGORY as the Topic ID */
    if (!empty($args['category'][0])) {
        $args['tid'] = $args['category'][0];
    }
    $content = '';
    if (!empty($args['content'])) {
        $content = $args['content'];
    } else {
        if (!empty($args['summary'])) {
            $content = $args['summary'];
        }
    }
    if (!empty($content)) {
        $parts = explode('[page_break]', $content);
        if (count($parts) == 1) {
            $args['introtext'] = $content;
            $args['bodytext'] = '';
        } else {
            $args['introtext'] = array_shift($parts);
            $args['bodytext'] = implode('[page_break]', $parts);
        }
    }
    /* Apply filters to the parameters passed by the webservice */
    if ($args['gl_svc']) {
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (isset($args['editopt'])) {
            $args['editopt'] = COM_applyBasicFilter($args['editopt']);
        }
    }
    /* - START: Set all the defaults - */
    if (empty($args['tid'])) {
        // see if we have a default topic
        $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND'));
        if (!empty($topic)) {
            $args['tid'] = $topic;
        } else {
            // otherwise, just use the first one
            $o = array();
            $s = array();
            if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
                $args['tid'] = $o[0];
            } else {
                $svc_msg['error_desc'] = 'No topics available';
                return PLG_RET_ERROR;
            }
        }
    }
    if (empty($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
    }
    if (isset($args['alternate_id']) && $args['tid'] == $args['alternate_id']) {
        $args['alternate_id'] = NULL;
    }
    if (empty($args['postmode'])) {
        $args['postmode'] = $_CONF['postmode'];
        if (!empty($args['content_type'])) {
            if ($args['content_type'] == 'text') {
                $args['postmode'] = 'text';
            } else {
                if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
                    $args['postmode'] = 'html';
                }
            }
        }
    }
    if ($args['gl_svc']) {
        /* Permissions */
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_CONF['default_permissions_story'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_CONF['default_permissions_story'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_CONF['default_permissions_story'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_CONF['default_permissions_story'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['draft_flag'])) {
            $args['draft_flag'] = $_CONF['draft_flag'];
        }
        if (empty($args['frontpage'])) {
            $args['frontpage'] = $_CONF['frontpage'];
        }
        if (empty($args['show_topic_icon'])) {
            $args['show_topic_icon'] = $_CONF['show_topic_icon'];
        }
    }
    /* - END: Set all the defaults - */
    if (!isset($args['sid'])) {
        $args['sid'] = '';
    }
    $args['sid'] = COM_sanitizeID($args['sid']);
    if (!$gl_edit) {
        if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
            $args['sid'] = WS_makeId($args['slug'], STORY_MAX_ID_LENGTH);
        }
    }
    $story = new Story();
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit && !empty($args['gl_etag'])) {
        /* First load the original story to check if it has been modified */
        $result = $story->loadFromDatabase($args['sid']);
        if ($result == STORY_LOADED_OK) {
            if ($args['gl_etag'] != date('c', $story->_date)) {
                $svc_msg['error_desc'] = 'A more recent version of the story is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'Error loading story';
            return PLG_RET_ERROR;
        }
    }
    /* This function is also doing the security checks */
    $result = $story->loadFromArgsArray($args);
    $sid = $story->getSid();
    switch ($result) {
        case STORY_DUPLICATE_SID:
            if (!$args['gl_svc']) {
                if (isset($args['type']) && $args['type'] == 'submission') {
                    $output .= STORY_edit($sid, 'moderate');
                } else {
                    $output .= STORY_edit($sid, 'error');
                }
            }
            return PLG_RET_ERROR;
        case STORY_EXISTING_NO_EDIT_PERMISSION:
            $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]);
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
        case STORY_NO_ACCESS_PARAMS:
            $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]);
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
        case STORY_EMPTY_REQUIRED_FIELDS:
            if (!$args['gl_svc']) {
                $output .= STORY_edit($sid, 'error');
            }
            return PLG_RET_ERROR;
        default:
            break;
    }
    /* Image upload is not supported by the web-service at present */
    if (!$args['gl_svc']) {
        // Delete any images if needed
        if (array_key_exists('delete', $args)) {
            $delete = count($args['delete']);
            for ($i = 1; $i <= $delete; $i++) {
                $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = " . intval(key($args['delete'])));
                STORY_deleteImage($ai_filename);
                DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = '" . intval(key($args['delete'])) . "'");
                next($args['delete']);
            }
        }
        // OK, let's upload any pictures with the article
        if (DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid)) > 0) {
            $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '" . DB_escapeString($sid) . "'") + 1;
        } else {
            $index_start = 1;
        }
        if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) {
            require_once $_CONF['path_system'] . 'classes/upload.class.php';
            $upload = new upload();
            if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
                $upload->setLogFile($_CONF['path'] . 'logs/error.log');
                $upload->setDebug(true);
            }
            $upload->setMaxFileUploads($_CONF['maximagesperarticle']);
            $upload->setAutomaticResize(true);
            if ($_CONF['keep_unscaled_image'] == 1) {
                $upload->keepOriginalImage(true);
            } else {
                $upload->keepOriginalImage(false);
            }
            $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
            $upload->setFieldName('file');
            //@TODO - better error handling...
            if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
                $output = COM_siteHeader('menu', $LANG24[30]);
                $output .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
                $output .= COM_siteFooter();
                echo $output;
                exit;
            }
            // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
            // force any images bigger than the passed dimensions to be resized.
            // If mogrify is not set, any images larger than these dimensions
            // will get validation errors
            $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
            $upload->setMaxFileSize($_CONF['max_image_size']);
            // size in bytes, 1048576 = 1MB
            // Set file permissions on file after it gets uploaded (number is in octal)
            $upload->setPerms('0644');
            $filenames = array();
            $sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
            $result = DB_query($sql, 1);
            $row = DB_fetchArray($result);
            $ai_img_num = $row['ai_img_num'];
            if ($ai_img_num < 1) {
                $ai_img_num = 1;
            }
            for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
                $curfile['name'] = '';
                if (isset($_FILES['file']['name'][$z])) {
                    $curfile['name'] = $_FILES['file']['name'][$z];
                }
                if (!empty($curfile['name'])) {
                    $pos = strrpos($curfile['name'], '.') + 1;
                    $fextension = substr($curfile['name'], $pos);
                    $filenames[] = $sid . '_' . $ai_img_num . '.' . $fextension;
                    $ai_img_num++;
                } else {
                    $filenames[] = '';
                }
            }
            $upload->setFileNames($filenames);
            $upload->uploadFiles();
            //@TODO - better error handling
            if ($upload->areErrors()) {
                $retval = COM_siteHeader('menu', $LANG24[30]);
                $retval .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
                $retval .= STORY_edit($sid, 'error');
                $retval .= COM_siteFooter();
                echo $retval;
                exit;
            }
            for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
                if ($filenames[$z] != '') {
                    $sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
                    $result = DB_query($sql, 1);
                    $row = DB_fetchArray($result);
                    $ai_img_num = $row['ai_img_num'];
                    if ($ai_img_num < 1) {
                        $ai_img_num = 1;
                    }
                    DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('" . DB_escapeString($sid) . "', {$ai_img_num}, '" . DB_escapeString($filenames[$z]) . "')");
                }
            }
        }
        if ($_CONF['maximagesperarticle'] > 0) {
            $errors = $story->checkImages();
            if (count($errors) > 0) {
                $output = COM_siteHeader('menu', $LANG24[54]);
                $eMsg = $LANG24[55] . '<p>';
                for ($i = 1; $i <= count($errors); $i++) {
                    $eMsg .= current($errors) . '<br />';
                    next($errors);
                }
                //@TODO - use return here...
                $output .= COM_showMessageText($eMsg, $LANG24[54], true);
                $output .= STORY_edit($sid, 'error');
                $output .= COM_siteFooter();
                echo $output;
                exit;
            }
        }
    }
    $result = $story->saveToDatabase();
    if ($result == STORY_SAVED) {
        // see if any plugins want to act on that story
        if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
            PLG_itemSaved($sid, 'article', $args['old_sid']);
        } else {
            PLG_itemSaved($sid, 'article');
        }
        // update feed(s) and Older Stories block
        COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
        COM_olderStuff();
        if ($story->type == 'submission') {
            COM_setMessage(9);
            echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
            exit;
        } else {
            $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
        }
        /* @TODO Set the object id here */
        $svc_msg['id'] = $sid;
        return PLG_RET_OK;
    }
}