//get the action
$op = $superCage->get->getAlpha('op');
//get the position
$position = $superCage->get->getInt('position');
//get the album name
$get_album_name = trim($superCage->get->getEscaped('name'));
//add the new album name to database
if ($op == 'add') {
jsCheckFormToken();
$user_id = USER_ID;
if (!empty($get_album_name)) {
//add the album to database
$query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos, description, owner) VALUES ('{$category}', '{$get_album_name}', '{$CONFIG['album_uploads_default']}', '{$position}', '', '{$user_id}')";
cpg_db_query($query);
//get the aid of added the albums
$getAid = cpg_db_last_insert_id();
$dataArray = array('message' => 'true', 'newAid' => $getAid, 'album_name' => $get_album_name);
} else {
$dataArray = array('message' => 'false', 'title' => $lang_errors['error'], 'description' => $lang_albmgr_php['alb_need_name']);
}
header("Content-Type: text/plain");
echo json_encode($dataArray);
}
//get the updated album name
$get_updated_album_name = $superCage->get->getEscaped('updatedname');
//get the aid which user edited
$aid_updated = $superCage->get->getInt('aid');
//update album name when user save changes
if ($op == 'update') {
jsCheckFormToken();
if (!empty($get_updated_album_name)) {
if (!$superCage->post->keyExists('parent') || !$superCage->post->keyExists('name') || !$superCage->post->keyExists('description')) {
cpg_die(CRITICAL_ERROR, sprintf($lang_catmgr_php['miss_param'], 'createcat'), __FILE__, __LINE__);
}
if ($superCage->post->keyExists('name')) {
$name = $superCage->post->getEscaped('name');
$name = trim($name);
}
if (empty($name)) {
$name = '<???>';
break;
}
$parent = $superCage->post->getInt('parent');
$description = $superCage->post->getEscaped('description');
cpg_db_query("INSERT INTO {$CONFIG['TABLE_CATEGORIES']} (pos, parent, name, description) VALUES (10000, {$parent}, '{$name}', '{$description}')");
//insert in categorymap
$cid = cpg_db_last_insert_id();
if ($superCage->post->keyExists('user_groups')) {
foreach ($superCage->post->getInt('user_groups') as $key) {
cpg_db_query("INSERT INTO {$CONFIG['TABLE_CATMAP']} (cid, group_id) VALUES ({$cid}, {$key})");
}
}
break;
case 'deletecat':
if (!$superCage->get->keyExists('cid')) {
cpg_die(CRITICAL_ERROR, sprintf($lang_catmgr_php['miss_param'], 'deletecat'), __FILE__, __LINE__);
}
$cid = $superCage->get->getInt('cid');
if ($cid == 1) {
cpg_die(ERROR, $lang_catmgr_php['usergal_cat_ro'], __FILE__, __LINE__);
}
$result = cpg_db_query("SELECT parent FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = {$cid}");
cpgRedirectPage($redirect, $lang_db_input_php['info'], $lang_display_comments['comment_rejected'], 5);
} else {
$redirect = "displayimage.php?pid={$pid}";
cpgRedirectPage($redirect, $lang_db_input_php['info'], $lang_db_input_php['com_added'], 1);
}
}
}
if ($CONFIG['comment_approval'] == 1 && !USER_IS_ADMIN || $akismet_approval_needed == 1) {
// comments need approval, set approval status to "no"
$app = 'NO';
} else {
//comments do not need approval, we can set approval status to "yes"
$app = 'YES';
}
cpg_db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg_author, msg_body, msg_date, author_md5_id, author_id, msg_raw_ip, msg_hdr_ip, approval, spam) VALUES ('{$pid}', '" . addslashes(USER_NAME) . "', '{$msg_body}', NOW(), '', '" . USER_ID . "', '{$raw_ip}', '{$hdr_ip}', '{$app}', '{$spam}')");
CPGPluginAPI::action('comment_add', array('msg_id' => cpg_db_last_insert_id(), 'pid' => $pid, 'msg_author' => $msg_author, 'author_id' => USER_ID, 'msg_body' => $msg_body, 'approval' => $app));
$redirect = "displayimage.php?pid={$pid}";
if ($CONFIG['email_comment_notification'] && !USER_IS_ADMIN) {
$mail_body = "<p>" . bb_decode(process_smilies($msg_body, $CONFIG['ecards_more_pic_target'])) . '</p>' . $LINEBREAK . $lang_db_input_php['email_comment_body'] . ' ' . $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . $redirect;
cpg_mail('admin', $lang_db_input_php['email_comment_subject'], make_clickable($mail_body));
}
cpgRedirectPage($redirect, $lang_db_input_php['info'], $lang_db_input_php['com_added'], 1);
}
break;
case 'album_update':
if (!(user_is_allowed() || GALLERY_ADMIN_MODE)) {
if ($CONFIG['log_mode'] != 0) {
log_write('Denied privileged access to db_input.php (album update) for user ' . $USER_DATA['user_name'] . ' at ' . $hdr_ip, CPG_SECURITY_LOG);
}
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
function check_user_info(&$error)
{
global $CONFIG;
global $lang_register_php, $lang_common, $lang_register_approve_email;
global $lang_register_user_login, $lang_errors;
$superCage = Inspekt::makeSuperCage();
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$agree_disclaimer = $superCage->post->getEscaped('agree');
$captcha_confirmation = $superCage->post->getEscaped('confirmCode');
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'";
$result = cpg_db_query($sql);
if ($result->numRows(free)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>';
return false;
}
if (utf_strlen($user_name) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>';
}
if (!empty($CONFIG['global_registration_pw'])) {
$global_registration_pw = get_post_var('global_registration_pw');
if ($global_registration_pw != $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>';
} elseif ($password == $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>';
}
}
if (utf_strlen($password) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>';
}
if ($password == $user_name) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>';
}
if ($password != $password_again) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>';
}
if (!Inspekt::isEmail($email)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>';
}
if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>';
}
// Perform the ban check against email address and username
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1");
if ($result->numRows(true)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>';
}
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1");
if ($result->numRows(true)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>';
}
// check captcha
if ($CONFIG['registration_captcha'] != 0) {
if (!captcha_plugin_enabled('register')) {
require "include/captcha.inc.php";
if (!PhpCaptcha::Validate($captcha_confirmation)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>';
}
} else {
$error = CPGPluginAPI::filter('captcha_register_validate', $error);
}
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'";
$result = cpg_db_query($sql);
if ($result->numRows(true)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>';
}
}
$error = CPGPluginAPI::filter('register_form_validate', $error);
if ($error != '') {
return false;
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
require 'include/passwordhash.inc.php';
$password_params = explode(':', cpg_password_create_hash($password));
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_password_salt, user_password_hash_algorithm, user_password_iterations, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$password_params[HASH_PBKDF2_INDEX]}', '{$password_params[HASH_SALT_INDEX]}', '{$password_params[HASH_ALGORITHM_INDEX]}', '{$password_params[HASH_ITERATION_INDEX]}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$CONFIG['lang']}')";
$result = cpg_db_query($sql);
$user_array = array();
$user_array['user_id'] = cpg_db_last_insert_id();
$user_array['user_name'] = $user_name;
$user_array['user_email'] = $email;
$user_array['user_active'] = $active;
CPGPluginAPI::action('register_form_submit', $user_array);
if ($CONFIG['log_mode']) {
log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG);
}
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
$user_id = cpg_db_last_insert_id();
$catid = $user_id + FIRST_USER_CAT;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})");
}
// Registrations must be activated/verified by the user clicking a link in an email
if ($CONFIG['reg_requires_valid_email']) {
// Mail the user the activation/verification link
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php');
} else {
if ($CONFIG['admin_activation']) {
// We need admin activation only
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
} else {
// No activation required, account is ready for login
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
}
}
// email notification or actication link to admin
if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
if (UDB_INTEGRATION == 'coppermine') {
// get default language in which to inform the admins
$result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1");
while ($row = $result->fetchAssoc()) {
if (!empty($row['user_email'])) {
$admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']);
}
}
$result->free();
} else {
//@todo: is it possible to get the language from bridged installs?
$admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english');
}
foreach ($admins as $admin) {
//check if the admin language is available
if (file_exists("lang/{$admin['lang']}.php")) {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']);
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']);
} else {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
}
// if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address
if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} elseif ($CONFIG['reg_notify_admin_email']) {
// otherwise, email is for information only
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
}
return true;
}
function update_user($user_id)
{
global $CONFIG;
global $lang_usermgr_php, $lang_register_php, $icon_array;
$superCage = Inspekt::makeSuperCage();
$user_name = $superCage->post->getEscaped('user_name');
$user_password = $superCage->post->getEscaped('user_password');
$user_email = $superCage->post->getEscaped('user_email');
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$user_active = $superCage->post->getAlpha('user_active');
$user_group = $superCage->post->getInt('user_group');
$group_list = $superCage->post->keyExists('group_list') ? $superCage->post->getInt('group_list') : '';
if ($user_id == 'new_user') {
cpg_db_query("INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_profile6) VALUES (NOW(), '')");
$user_id = cpg_db_last_insert_id();
log_write('New user "' . $user_name . '" created', CPG_ACCESS_LOG);
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
$catid = $user_id + FIRST_USER_CAT;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})");
}
}
$sql = "SELECT user_id FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}' AND user_id != {$user_id}";
$result = cpg_db_query($sql);
if ($result->numRows()) {
cpg_die(ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__);
return false;
}
$result->free();
if (utf_strlen($user_name) < 2) {
cpg_die(ERROR, $lang_register_php['username_warning2'], __FILE__, __LINE__);
}
if ($user_password && utf_strlen($user_password) < 2) {
cpg_die(ERROR, $lang_register_php['password_warning1'], __FILE__, __LINE__);
}
// Save old user data (we need it later to determine if we need to send the activation confirmation email)
$user_data = cpg_db_query("SELECT user_name, user_active, user_email, user_actkey FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '{$user_id}'")->fetchAssoc(true);
if (is_array($group_list)) {
$user_group_list = '';
foreach ($group_list as $group) {
$user_group_list .= $group != $user_group ? $group . ',' : '';
}
$user_group_list = substr($user_group_list, 0, -1);
} else {
$user_group_list = '';
}
$sql_update = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_name = '{$user_name}', " . "user_email = '{$user_email}', " . "user_active = '{$user_active}', " . "user_group = '{$user_group}', " . "user_profile1 = '{$profile1}', " . "user_profile2 = '{$profile2}', " . "user_profile3 = '{$profile3}', " . "user_profile4 = '{$profile4}', " . "user_profile5 = '{$profile5}', " . "user_profile6 = '{$profile6}', " . "user_group_list = '{$user_group_list}'";
if (!empty($user_password)) {
require 'include/passwordhash.inc.php';
$sql_update .= ', ' . cpg_password_create_update_string($user_password);
}
if ($user_active == 'YES') {
$sql_update .= ", user_actkey = ''";
}
$sql_update .= " WHERE user_id = '{$user_id}'";
cpg_db_query($sql_update);
// Update comments' author name
cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_author = '{$user_name}' WHERE author_id = {$user_id}");
// If send login data checkbox is checked then send the username and password to the user in an email
if ($superCage->post->keyExists('send_login_data') && trim($user_email)) {
require 'include/mailer.inc.php';
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => trim($user_name), '{USER_PASS}' => trim($user_password));
if (!cpg_mail(trim($user_email), $lang_usermgr_php['send_login_email_subject'], nl2br(strtr($lang_usermgr_php['send_login_data_email'], $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_usermgr_php['failed_sending_email'], __FILE__, __LINE__);
}
} elseif ($user_data['user_actkey'] && $user_data['user_active'] == 'NO' && $user_active == 'YES') {
// send activation confirmation email (only once)
require 'include/mailer.inc.php';
$template_vars = array('{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => $user_data['user_name'], '{SITE_NAME}' => $CONFIG['gallery_name']);
cpg_mail($user_data['user_email'], sprintf($lang_register_php['notify_user_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['activated_email'], $template_vars)));
}
}
function create_album()
{
global $CONFIG;
global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS;
global $template_create_album;
global $lang_errors, $lang_xp_publish_php;
$superCage = Inspekt::makeSuperCage();
if (!(USER_CAN_CREATE_ALBUMS || USER_IS_ADMIN)) {
simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
if (USER_IS_ADMIN) {
// $category = (int)$_POST['cat'];
$category = $superCage->post->getInt('cat');
} else {
$category = FIRST_USER_CAT + USER_ID;
}
// $query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos) VALUES ('$category', '" . addslashes($_POST['new_alb_name']) . "', 'NO', '0')";
$query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos, description) VALUES ('{$category}', '" . $superCage->post->getEscaped('new_alb_name') . "', 'NO', '0', '')";
cpg_db_query($query);
$new_alb_name = $superCage->post->getMatched('new_alb_name', '/^[0-9A-Za-z\\/_]+$/');
$new_alb_name = $new_alb_name[1];
// $params = array('{NEW_ALB_CREATED}' => sprintf($lang_xp_publish_php['new_alb_created'], $_POST['new_alb_name']),
$params = array('{NEW_ALB_CREATED}' => sprintf($lang_xp_publish_php['new_alb_created'], $new_alb_name), '{CONTINUE}' => $lang_xp_publish_php['continue'], '{ALBUM_ID}' => cpg_db_last_insert_id());
echo template_eval($template_create_album, $params);
$ONNEXT_SCRIPT = 'startUpload();';
$ONBACK_SCRIPT = 'window.external.FinalBack();';
$WIZARD_BUTTONS = 'true,true,true';
}
function add_picture($aid, $filepath, $filename, $position = 0, $title = '', $caption = '', $keywords = '', $user1 = '', $user2 = '', $user3 = '', $user4 = '', $category = 0, $raw_ip = '', $hdr_ip = '', $iwidth = 0, $iheight = 0)
{
global $CONFIG, $USER_DATA, $PIC_NEED_APPROVAL, $CURRENT_PIC_DATA;
global $lang_errors, $lang_db_input_php;
$image = $CONFIG['fullpath'] . $filepath . $filename;
$normal = $CONFIG['fullpath'] . $filepath . $CONFIG['normal_pfx'] . $filename;
$thumb = $CONFIG['fullpath'] . $filepath . $CONFIG['thumb_pfx'] . $filename;
$orig = $CONFIG['fullpath'] . $filepath . $CONFIG['orig_pfx'] . $filename;
// $mini = $CONFIG['fullpath'] . $filepath . $CONFIG['mini_pfx'] . $filename;
$work_image = $image;
if (!is_known_filetype($image)) {
return array('error' => $lang_db_input_php['err_invalid_fext'] . ' ' . $CONFIG['allowed_file_extensions'], 'halt_upload' => 0);
} elseif (is_image($filename)) {
$imagesize = cpg_getimagesize($image);
if ($CONFIG['read_iptc_data']) {
// read IPTC data
$iptc = get_IPTC($image);
if (is_array($iptc) && !$title && !$caption && !$keywords) {
//if any of those 3 are filled out we don't want to override them, they may be blank on purpose.
$title = isset($iptc['Headline']) ? trim($iptc['Headline']) : $title;
$caption = isset($iptc['Caption']) ? trim($iptc['Caption']) : $caption;
$keywords = isset($iptc['Keywords']) ? implode($CONFIG['keyword_separator'], $iptc['Keywords']) : $keywords;
}
}
// resize picture if it's bigger than the max width or height for uploaded pictures
if (max($imagesize[0], $imagesize[1]) > $CONFIG['max_upl_width_height']) {
if (USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) {
$resize_method = $CONFIG['picture_use'] == "thumb" ? $CONFIG['thumb_use'] == "ex" ? "any" : $CONFIG['thumb_use'] : $CONFIG['picture_use'];
resize_image($image, $image, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $resize_method, 'false');
$imagesize = cpg_getimagesize($image);
} elseif (USER_IS_ADMIN) {
// skip resizing for admin
$picture_original_size = true;
} else {
@unlink($uploaded_pic);
$msg = sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']);
return array('error' => $msg, 'halt_upload' => 1);
}
}
// create backup of full sized picture if watermark is enabled for full sized pictures
if (!file_exists($orig) && $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
if (!copy($image, $orig)) {
return false;
} else {
$work_image = $orig;
}
}
if (!file_exists($thumb)) {
// create thumbnail
if (($result = resize_image($work_image, $thumb, $CONFIG['thumb_width'], $CONFIG['thumb_method'], $CONFIG['thumb_use'], "false", 1)) !== true) {
return $result;
}
}
if ($CONFIG['make_intermediate'] && cpg_picture_dimension_exceeds_intermediate_limit($imagesize[0], $imagesize[1]) && !file_exists($normal)) {
// create intermediate sized picture
$resize_method = $CONFIG['picture_use'] == "thumb" ? $CONFIG['thumb_use'] == "ex" ? "any" : $CONFIG['thumb_use'] : $CONFIG['picture_use'];
$watermark = $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'resized') ? 'true' : 'false';
if (($result = resize_image($work_image, $normal, $CONFIG['picture_width'], $CONFIG['thumb_method'], $resize_method, $watermark)) !== true) {
return $result;
}
}
// watermark full sized picture
if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
$wm_max_upl_width_height = $picture_original_size ? max($imagesize[0], $imagesize[1]) : $CONFIG['max_upl_width_height'];
// use max aspect of original image if it hasn't been resized earlier
if (($result = resize_image($work_image, $image, $wm_max_upl_width_height, $CONFIG['thumb_method'], 'any', 'true')) !== true) {
return $result;
}
}
} else {
$imagesize[0] = $iwidth;
$imagesize[1] = $iheight;
}
clearstatcache();
$image_filesize = filesize($image);
$total_filesize = is_image($filename) ? $image_filesize + (file_exists($normal) ? filesize($normal) : 0) + filesize($thumb) : $image_filesize;
// Test if disk quota exceeded
if (!GALLERY_ADMIN_MODE && $USER_DATA['group_quota'] && $category == FIRST_USER_CAT + USER_ID) {
$result = cpg_db_query("SELECT sum(total_filesize) FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND category = '" . (FIRST_USER_CAT + USER_ID) . "'");
$record = $result->fetchArray(true);
$total_space_used = $record[0];
if ($total_space_used + $total_filesize >> 10 > $USER_DATA['group_quota']) {
@unlink($image);
if (is_image($image)) {
@unlink($normal);
@unlink($thumb);
}
$msg = $lang_errors['quota_exceeded'] . '<br /> <br />' . strtr($lang_errors['quota_exceeded_details'], array('[quota]' => $USER_DATA['group_quota'], '[space]' => $total_space_used >> 10));
return array('error' => $msg, 'halt_upload' => 1);
}
}
// Test if picture requires approval
if (GALLERY_ADMIN_MODE) {
$approved = 'YES';
} elseif (!$USER_DATA['priv_upl_need_approval'] && $category == FIRST_USER_CAT + USER_ID) {
$approved = 'YES';
} elseif (!$USER_DATA['pub_upl_need_approval'] && $category < FIRST_USER_CAT) {
$approved = 'YES';
} else {
$approved = 'NO';
}
$PIC_NEED_APPROVAL = $approved == 'NO';
// User ID is recorded when in admin mode
$user_id = USER_ID;
// Populate Array to pass to plugins, then to SQL
$CURRENT_PIC_DATA['aid'] = $aid;
$CURRENT_PIC_DATA['filepath'] = $filepath;
$CURRENT_PIC_DATA['filename'] = $filename;
$CURRENT_PIC_DATA['filesize'] = $image_filesize;
$CURRENT_PIC_DATA['total_filesize'] = $total_filesize;
$CURRENT_PIC_DATA['pwidth'] = $imagesize[0];
$CURRENT_PIC_DATA['pheight'] = $imagesize[1];
$CURRENT_PIC_DATA['owner_id'] = $user_id;
$CURRENT_PIC_DATA['title'] = $title;
$CURRENT_PIC_DATA['caption'] = $caption;
$CURRENT_PIC_DATA['keywords'] = $keywords;
$CURRENT_PIC_DATA['approved'] = $approved;
$CURRENT_PIC_DATA['user1'] = $user1;
$CURRENT_PIC_DATA['user2'] = $user2;
$CURRENT_PIC_DATA['user3'] = $user3;
$CURRENT_PIC_DATA['user4'] = $user4;
$CURRENT_PIC_DATA['pic_raw_ip'] = $raw_ip;
$CURRENT_PIC_DATA['pic_hdr_ip'] = $hdr_ip;
$CURRENT_PIC_DATA['position'] = $position;
$CURRENT_PIC_DATA['guest_token'] = USER_ID == 0 ? cpg_get_guest_token() : '';
$CURRENT_PIC_DATA = CPGPluginAPI::filter('add_file_data', $CURRENT_PIC_DATA);
if (USER_ID > 0 || $CONFIG['allow_guests_enter_file_details'] == 1) {
$query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position, guest_token) VALUES ('{$CURRENT_PIC_DATA['aid']}', '" . addslashes($CURRENT_PIC_DATA['filepath']) . "', '" . addslashes($CURRENT_PIC_DATA['filename']) . "', '{$CURRENT_PIC_DATA['filesize']}', '{$CURRENT_PIC_DATA['total_filesize']}', '{$CURRENT_PIC_DATA['pwidth']}', '{$CURRENT_PIC_DATA['pheight']}', '" . time() . "', '{$CURRENT_PIC_DATA['owner_id']}', '{$CURRENT_PIC_DATA['title']}', '{$CURRENT_PIC_DATA['caption']}', '{$CURRENT_PIC_DATA['keywords']}', '{$CURRENT_PIC_DATA['approved']}', '{$CURRENT_PIC_DATA['user1']}', '{$CURRENT_PIC_DATA['user2']}', '{$CURRENT_PIC_DATA['user3']}', '{$CURRENT_PIC_DATA['user4']}', '{$CURRENT_PIC_DATA['pic_raw_ip']}', '{$CURRENT_PIC_DATA['pic_hdr_ip']}', '{$CURRENT_PIC_DATA['position']}', '{$CURRENT_PIC_DATA['guest_token']}')";
} else {
$query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position, guest_token) VALUES ('{$CURRENT_PIC_DATA['aid']}', '" . addslashes($CURRENT_PIC_DATA['filepath']) . "', '" . addslashes($CURRENT_PIC_DATA['filename']) . "', '{$CURRENT_PIC_DATA['filesize']}', '{$CURRENT_PIC_DATA['total_filesize']}', '{$CURRENT_PIC_DATA['pwidth']}', '{$CURRENT_PIC_DATA['pheight']}', '" . time() . "', '{$CURRENT_PIC_DATA['owner_id']}', '', '', '', '{$CURRENT_PIC_DATA['approved']}', '{$CURRENT_PIC_DATA['user1']}', '{$CURRENT_PIC_DATA['user2']}', '{$CURRENT_PIC_DATA['user3']}', '{$CURRENT_PIC_DATA['user4']}', '{$CURRENT_PIC_DATA['pic_raw_ip']}', '{$CURRENT_PIC_DATA['pic_hdr_ip']}', '{$CURRENT_PIC_DATA['position']}', '{$CURRENT_PIC_DATA['guest_token']}')";
}
$result = cpg_db_query($query);
// Put the pid in current_pic_data and call the plugin filter for file data success
$CURRENT_PIC_DATA['pid'] = cpg_db_last_insert_id();
CPGPluginAPI::action('add_file_data_success', $CURRENT_PIC_DATA);
//return $result;
return true;
}
