//get the action $op = $superCage->get->getAlpha('op'); //get the position $position = $superCage->get->getInt('position'); //get the album name $get_album_name = trim($superCage->get->getEscaped('name')); //add the new album name to database if ($op == 'add') { jsCheckFormToken(); $user_id = USER_ID; if (!empty($get_album_name)) { //add the album to database $query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos, description, owner) VALUES ('{$category}', '{$get_album_name}', '{$CONFIG['album_uploads_default']}', '{$position}', '', '{$user_id}')"; cpg_db_query($query); //get the aid of added the albums $getAid = cpg_db_last_insert_id(); $dataArray = array('message' => 'true', 'newAid' => $getAid, 'album_name' => $get_album_name); } else { $dataArray = array('message' => 'false', 'title' => $lang_errors['error'], 'description' => $lang_albmgr_php['alb_need_name']); } header("Content-Type: text/plain"); echo json_encode($dataArray); } //get the updated album name $get_updated_album_name = $superCage->get->getEscaped('updatedname'); //get the aid which user edited $aid_updated = $superCage->get->getInt('aid'); //update album name when user save changes if ($op == 'update') { jsCheckFormToken(); if (!empty($get_updated_album_name)) {
if (!$superCage->post->keyExists('parent') || !$superCage->post->keyExists('name') || !$superCage->post->keyExists('description')) { cpg_die(CRITICAL_ERROR, sprintf($lang_catmgr_php['miss_param'], 'createcat'), __FILE__, __LINE__); } if ($superCage->post->keyExists('name')) { $name = $superCage->post->getEscaped('name'); $name = trim($name); } if (empty($name)) { $name = '<???>'; break; } $parent = $superCage->post->getInt('parent'); $description = $superCage->post->getEscaped('description'); cpg_db_query("INSERT INTO {$CONFIG['TABLE_CATEGORIES']} (pos, parent, name, description) VALUES (10000, {$parent}, '{$name}', '{$description}')"); //insert in categorymap $cid = cpg_db_last_insert_id(); if ($superCage->post->keyExists('user_groups')) { foreach ($superCage->post->getInt('user_groups') as $key) { cpg_db_query("INSERT INTO {$CONFIG['TABLE_CATMAP']} (cid, group_id) VALUES ({$cid}, {$key})"); } } break; case 'deletecat': if (!$superCage->get->keyExists('cid')) { cpg_die(CRITICAL_ERROR, sprintf($lang_catmgr_php['miss_param'], 'deletecat'), __FILE__, __LINE__); } $cid = $superCage->get->getInt('cid'); if ($cid == 1) { cpg_die(ERROR, $lang_catmgr_php['usergal_cat_ro'], __FILE__, __LINE__); } $result = cpg_db_query("SELECT parent FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = {$cid}");
cpgRedirectPage($redirect, $lang_db_input_php['info'], $lang_display_comments['comment_rejected'], 5); } else { $redirect = "displayimage.php?pid={$pid}"; cpgRedirectPage($redirect, $lang_db_input_php['info'], $lang_db_input_php['com_added'], 1); } } } if ($CONFIG['comment_approval'] == 1 && !USER_IS_ADMIN || $akismet_approval_needed == 1) { // comments need approval, set approval status to "no" $app = 'NO'; } else { //comments do not need approval, we can set approval status to "yes" $app = 'YES'; } cpg_db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg_author, msg_body, msg_date, author_md5_id, author_id, msg_raw_ip, msg_hdr_ip, approval, spam) VALUES ('{$pid}', '" . addslashes(USER_NAME) . "', '{$msg_body}', NOW(), '', '" . USER_ID . "', '{$raw_ip}', '{$hdr_ip}', '{$app}', '{$spam}')"); CPGPluginAPI::action('comment_add', array('msg_id' => cpg_db_last_insert_id(), 'pid' => $pid, 'msg_author' => $msg_author, 'author_id' => USER_ID, 'msg_body' => $msg_body, 'approval' => $app)); $redirect = "displayimage.php?pid={$pid}"; if ($CONFIG['email_comment_notification'] && !USER_IS_ADMIN) { $mail_body = "<p>" . bb_decode(process_smilies($msg_body, $CONFIG['ecards_more_pic_target'])) . '</p>' . $LINEBREAK . $lang_db_input_php['email_comment_body'] . ' ' . $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . $redirect; cpg_mail('admin', $lang_db_input_php['email_comment_subject'], make_clickable($mail_body)); } cpgRedirectPage($redirect, $lang_db_input_php['info'], $lang_db_input_php['com_added'], 1); } break; case 'album_update': if (!(user_is_allowed() || GALLERY_ADMIN_MODE)) { if ($CONFIG['log_mode'] != 0) { log_write('Denied privileged access to db_input.php (album update) for user ' . $USER_DATA['user_name'] . ' at ' . $hdr_ip, CPG_SECURITY_LOG); } cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); }
function check_user_info(&$error) { global $CONFIG; global $lang_register_php, $lang_common, $lang_register_approve_email; global $lang_register_user_login, $lang_errors; $superCage = Inspekt::makeSuperCage(); $user_name = trim(get_post_var('username')); $password = trim(get_post_var('password')); $password_again = trim(get_post_var('password_verification')); $email = trim(get_post_var('email')); $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $agree_disclaimer = $superCage->post->getEscaped('agree'); $captcha_confirmation = $superCage->post->getEscaped('confirmCode'); $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'"; $result = cpg_db_query($sql); if ($result->numRows(free)) { $error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>'; return false; } if (utf_strlen($user_name) < 2) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>'; } if (!empty($CONFIG['global_registration_pw'])) { $global_registration_pw = get_post_var('global_registration_pw'); if ($global_registration_pw != $CONFIG['global_registration_pw']) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>'; } elseif ($password == $CONFIG['global_registration_pw']) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>'; } } if (utf_strlen($password) < 2) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>'; } if ($password == $user_name) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>'; } if ($password != $password_again) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>'; } if (!Inspekt::isEmail($email)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>'; } if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>'; } // Perform the ban check against email address and username $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1"); if ($result->numRows(true)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>'; } $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1"); if ($result->numRows(true)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>'; } // check captcha if ($CONFIG['registration_captcha'] != 0) { if (!captcha_plugin_enabled('register')) { require "include/captcha.inc.php"; if (!PhpCaptcha::Validate($captcha_confirmation)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>'; } } else { $error = CPGPluginAPI::filter('captcha_register_validate', $error); } } if (!$CONFIG['allow_duplicate_emails_addr']) { $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'"; $result = cpg_db_query($sql); if ($result->numRows(true)) { $error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>'; } } $error = CPGPluginAPI::filter('register_form_validate', $error); if ($error != '') { return false; } if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) { $active = 'NO'; list($usec, $sec) = explode(' ', microtime()); $seed = (double) $sec + (double) $usec * 100000; srand($seed); $act_key = md5(uniqid(rand(), 1)); } else { $active = 'YES'; $act_key = ''; } require 'include/passwordhash.inc.php'; $password_params = explode(':', cpg_password_create_hash($password)); $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_password_salt, user_password_hash_algorithm, user_password_iterations, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$password_params[HASH_PBKDF2_INDEX]}', '{$password_params[HASH_SALT_INDEX]}', '{$password_params[HASH_ALGORITHM_INDEX]}', '{$password_params[HASH_ITERATION_INDEX]}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$CONFIG['lang']}')"; $result = cpg_db_query($sql); $user_array = array(); $user_array['user_id'] = cpg_db_last_insert_id(); $user_array['user_name'] = $user_name; $user_array['user_email'] = $email; $user_array['user_active'] = $active; CPGPluginAPI::action('register_form_submit', $user_array); if ($CONFIG['log_mode']) { log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG); } // Create a personal album if corresponding option is enabled if ($CONFIG['personal_album_on_registration'] == 1) { $user_id = cpg_db_last_insert_id(); $catid = $user_id + FIRST_USER_CAT; cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})"); } // Registrations must be activated/verified by the user clicking a link in an email if ($CONFIG['reg_requires_valid_email']) { // Mail the user the activation/verification link $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__); } msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php'); } else { if ($CONFIG['admin_activation']) { // We need admin activation only msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php'); } else { // No activation required, account is ready for login msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php'); } } // email notification or actication link to admin if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) { if (UDB_INTEGRATION == 'coppermine') { // get default language in which to inform the admins $result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1"); while ($row = $result->fetchAssoc()) { if (!empty($row['user_email'])) { $admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']); } } $result->free(); } else { //@todo: is it possible to get the language from bridged installs? $admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english'); } foreach ($admins as $admin) { //check if the admin language is available if (file_exists("lang/{$admin['lang']}.php")) { $lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']); } else { $lang_register_php_def = cpg_get_default_lang_var('lang_register_php'); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email'); } // if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) { $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars))); } elseif ($CONFIG['reg_notify_admin_email']) { // otherwise, email is for information only cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name)); } } } return true; }
function update_user($user_id) { global $CONFIG; global $lang_usermgr_php, $lang_register_php, $icon_array; $superCage = Inspekt::makeSuperCage(); $user_name = $superCage->post->getEscaped('user_name'); $user_password = $superCage->post->getEscaped('user_password'); $user_email = $superCage->post->getEscaped('user_email'); $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $user_active = $superCage->post->getAlpha('user_active'); $user_group = $superCage->post->getInt('user_group'); $group_list = $superCage->post->keyExists('group_list') ? $superCage->post->getInt('group_list') : ''; if ($user_id == 'new_user') { cpg_db_query("INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_profile6) VALUES (NOW(), '')"); $user_id = cpg_db_last_insert_id(); log_write('New user "' . $user_name . '" created', CPG_ACCESS_LOG); // Create a personal album if corresponding option is enabled if ($CONFIG['personal_album_on_registration'] == 1) { $catid = $user_id + FIRST_USER_CAT; cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})"); } } $sql = "SELECT user_id FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}' AND user_id != {$user_id}"; $result = cpg_db_query($sql); if ($result->numRows()) { cpg_die(ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__); return false; } $result->free(); if (utf_strlen($user_name) < 2) { cpg_die(ERROR, $lang_register_php['username_warning2'], __FILE__, __LINE__); } if ($user_password && utf_strlen($user_password) < 2) { cpg_die(ERROR, $lang_register_php['password_warning1'], __FILE__, __LINE__); } // Save old user data (we need it later to determine if we need to send the activation confirmation email) $user_data = cpg_db_query("SELECT user_name, user_active, user_email, user_actkey FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '{$user_id}'")->fetchAssoc(true); if (is_array($group_list)) { $user_group_list = ''; foreach ($group_list as $group) { $user_group_list .= $group != $user_group ? $group . ',' : ''; } $user_group_list = substr($user_group_list, 0, -1); } else { $user_group_list = ''; } $sql_update = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_name = '{$user_name}', " . "user_email = '{$user_email}', " . "user_active = '{$user_active}', " . "user_group = '{$user_group}', " . "user_profile1 = '{$profile1}', " . "user_profile2 = '{$profile2}', " . "user_profile3 = '{$profile3}', " . "user_profile4 = '{$profile4}', " . "user_profile5 = '{$profile5}', " . "user_profile6 = '{$profile6}', " . "user_group_list = '{$user_group_list}'"; if (!empty($user_password)) { require 'include/passwordhash.inc.php'; $sql_update .= ', ' . cpg_password_create_update_string($user_password); } if ($user_active == 'YES') { $sql_update .= ", user_actkey = ''"; } $sql_update .= " WHERE user_id = '{$user_id}'"; cpg_db_query($sql_update); // Update comments' author name cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_author = '{$user_name}' WHERE author_id = {$user_id}"); // If send login data checkbox is checked then send the username and password to the user in an email if ($superCage->post->keyExists('send_login_data') && trim($user_email)) { require 'include/mailer.inc.php'; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => trim($user_name), '{USER_PASS}' => trim($user_password)); if (!cpg_mail(trim($user_email), $lang_usermgr_php['send_login_email_subject'], nl2br(strtr($lang_usermgr_php['send_login_data_email'], $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_usermgr_php['failed_sending_email'], __FILE__, __LINE__); } } elseif ($user_data['user_actkey'] && $user_data['user_active'] == 'NO' && $user_active == 'YES') { // send activation confirmation email (only once) require 'include/mailer.inc.php'; $template_vars = array('{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => $user_data['user_name'], '{SITE_NAME}' => $CONFIG['gallery_name']); cpg_mail($user_data['user_email'], sprintf($lang_register_php['notify_user_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['activated_email'], $template_vars))); } }
function create_album() { global $CONFIG; global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS; global $template_create_album; global $lang_errors, $lang_xp_publish_php; $superCage = Inspekt::makeSuperCage(); if (!(USER_CAN_CREATE_ALBUMS || USER_IS_ADMIN)) { simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } if (USER_IS_ADMIN) { // $category = (int)$_POST['cat']; $category = $superCage->post->getInt('cat'); } else { $category = FIRST_USER_CAT + USER_ID; } // $query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos) VALUES ('$category', '" . addslashes($_POST['new_alb_name']) . "', 'NO', '0')"; $query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos, description) VALUES ('{$category}', '" . $superCage->post->getEscaped('new_alb_name') . "', 'NO', '0', '')"; cpg_db_query($query); $new_alb_name = $superCage->post->getMatched('new_alb_name', '/^[0-9A-Za-z\\/_]+$/'); $new_alb_name = $new_alb_name[1]; // $params = array('{NEW_ALB_CREATED}' => sprintf($lang_xp_publish_php['new_alb_created'], $_POST['new_alb_name']), $params = array('{NEW_ALB_CREATED}' => sprintf($lang_xp_publish_php['new_alb_created'], $new_alb_name), '{CONTINUE}' => $lang_xp_publish_php['continue'], '{ALBUM_ID}' => cpg_db_last_insert_id()); echo template_eval($template_create_album, $params); $ONNEXT_SCRIPT = 'startUpload();'; $ONBACK_SCRIPT = 'window.external.FinalBack();'; $WIZARD_BUTTONS = 'true,true,true'; }
function add_picture($aid, $filepath, $filename, $position = 0, $title = '', $caption = '', $keywords = '', $user1 = '', $user2 = '', $user3 = '', $user4 = '', $category = 0, $raw_ip = '', $hdr_ip = '', $iwidth = 0, $iheight = 0) { global $CONFIG, $USER_DATA, $PIC_NEED_APPROVAL, $CURRENT_PIC_DATA; global $lang_errors, $lang_db_input_php; $image = $CONFIG['fullpath'] . $filepath . $filename; $normal = $CONFIG['fullpath'] . $filepath . $CONFIG['normal_pfx'] . $filename; $thumb = $CONFIG['fullpath'] . $filepath . $CONFIG['thumb_pfx'] . $filename; $orig = $CONFIG['fullpath'] . $filepath . $CONFIG['orig_pfx'] . $filename; // $mini = $CONFIG['fullpath'] . $filepath . $CONFIG['mini_pfx'] . $filename; $work_image = $image; if (!is_known_filetype($image)) { return array('error' => $lang_db_input_php['err_invalid_fext'] . ' ' . $CONFIG['allowed_file_extensions'], 'halt_upload' => 0); } elseif (is_image($filename)) { $imagesize = cpg_getimagesize($image); if ($CONFIG['read_iptc_data']) { // read IPTC data $iptc = get_IPTC($image); if (is_array($iptc) && !$title && !$caption && !$keywords) { //if any of those 3 are filled out we don't want to override them, they may be blank on purpose. $title = isset($iptc['Headline']) ? trim($iptc['Headline']) : $title; $caption = isset($iptc['Caption']) ? trim($iptc['Caption']) : $caption; $keywords = isset($iptc['Keywords']) ? implode($CONFIG['keyword_separator'], $iptc['Keywords']) : $keywords; } } // resize picture if it's bigger than the max width or height for uploaded pictures if (max($imagesize[0], $imagesize[1]) > $CONFIG['max_upl_width_height']) { if (USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) { $resize_method = $CONFIG['picture_use'] == "thumb" ? $CONFIG['thumb_use'] == "ex" ? "any" : $CONFIG['thumb_use'] : $CONFIG['picture_use']; resize_image($image, $image, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $resize_method, 'false'); $imagesize = cpg_getimagesize($image); } elseif (USER_IS_ADMIN) { // skip resizing for admin $picture_original_size = true; } else { @unlink($uploaded_pic); $msg = sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']); return array('error' => $msg, 'halt_upload' => 1); } } // create backup of full sized picture if watermark is enabled for full sized pictures if (!file_exists($orig) && $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) { if (!copy($image, $orig)) { return false; } else { $work_image = $orig; } } if (!file_exists($thumb)) { // create thumbnail if (($result = resize_image($work_image, $thumb, $CONFIG['thumb_width'], $CONFIG['thumb_method'], $CONFIG['thumb_use'], "false", 1)) !== true) { return $result; } } if ($CONFIG['make_intermediate'] && cpg_picture_dimension_exceeds_intermediate_limit($imagesize[0], $imagesize[1]) && !file_exists($normal)) { // create intermediate sized picture $resize_method = $CONFIG['picture_use'] == "thumb" ? $CONFIG['thumb_use'] == "ex" ? "any" : $CONFIG['thumb_use'] : $CONFIG['picture_use']; $watermark = $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'resized') ? 'true' : 'false'; if (($result = resize_image($work_image, $normal, $CONFIG['picture_width'], $CONFIG['thumb_method'], $resize_method, $watermark)) !== true) { return $result; } } // watermark full sized picture if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) { $wm_max_upl_width_height = $picture_original_size ? max($imagesize[0], $imagesize[1]) : $CONFIG['max_upl_width_height']; // use max aspect of original image if it hasn't been resized earlier if (($result = resize_image($work_image, $image, $wm_max_upl_width_height, $CONFIG['thumb_method'], 'any', 'true')) !== true) { return $result; } } } else { $imagesize[0] = $iwidth; $imagesize[1] = $iheight; } clearstatcache(); $image_filesize = filesize($image); $total_filesize = is_image($filename) ? $image_filesize + (file_exists($normal) ? filesize($normal) : 0) + filesize($thumb) : $image_filesize; // Test if disk quota exceeded if (!GALLERY_ADMIN_MODE && $USER_DATA['group_quota'] && $category == FIRST_USER_CAT + USER_ID) { $result = cpg_db_query("SELECT sum(total_filesize) FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND category = '" . (FIRST_USER_CAT + USER_ID) . "'"); $record = $result->fetchArray(true); $total_space_used = $record[0]; if ($total_space_used + $total_filesize >> 10 > $USER_DATA['group_quota']) { @unlink($image); if (is_image($image)) { @unlink($normal); @unlink($thumb); } $msg = $lang_errors['quota_exceeded'] . '<br /> <br />' . strtr($lang_errors['quota_exceeded_details'], array('[quota]' => $USER_DATA['group_quota'], '[space]' => $total_space_used >> 10)); return array('error' => $msg, 'halt_upload' => 1); } } // Test if picture requires approval if (GALLERY_ADMIN_MODE) { $approved = 'YES'; } elseif (!$USER_DATA['priv_upl_need_approval'] && $category == FIRST_USER_CAT + USER_ID) { $approved = 'YES'; } elseif (!$USER_DATA['pub_upl_need_approval'] && $category < FIRST_USER_CAT) { $approved = 'YES'; } else { $approved = 'NO'; } $PIC_NEED_APPROVAL = $approved == 'NO'; // User ID is recorded when in admin mode $user_id = USER_ID; // Populate Array to pass to plugins, then to SQL $CURRENT_PIC_DATA['aid'] = $aid; $CURRENT_PIC_DATA['filepath'] = $filepath; $CURRENT_PIC_DATA['filename'] = $filename; $CURRENT_PIC_DATA['filesize'] = $image_filesize; $CURRENT_PIC_DATA['total_filesize'] = $total_filesize; $CURRENT_PIC_DATA['pwidth'] = $imagesize[0]; $CURRENT_PIC_DATA['pheight'] = $imagesize[1]; $CURRENT_PIC_DATA['owner_id'] = $user_id; $CURRENT_PIC_DATA['title'] = $title; $CURRENT_PIC_DATA['caption'] = $caption; $CURRENT_PIC_DATA['keywords'] = $keywords; $CURRENT_PIC_DATA['approved'] = $approved; $CURRENT_PIC_DATA['user1'] = $user1; $CURRENT_PIC_DATA['user2'] = $user2; $CURRENT_PIC_DATA['user3'] = $user3; $CURRENT_PIC_DATA['user4'] = $user4; $CURRENT_PIC_DATA['pic_raw_ip'] = $raw_ip; $CURRENT_PIC_DATA['pic_hdr_ip'] = $hdr_ip; $CURRENT_PIC_DATA['position'] = $position; $CURRENT_PIC_DATA['guest_token'] = USER_ID == 0 ? cpg_get_guest_token() : ''; $CURRENT_PIC_DATA = CPGPluginAPI::filter('add_file_data', $CURRENT_PIC_DATA); if (USER_ID > 0 || $CONFIG['allow_guests_enter_file_details'] == 1) { $query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position, guest_token) VALUES ('{$CURRENT_PIC_DATA['aid']}', '" . addslashes($CURRENT_PIC_DATA['filepath']) . "', '" . addslashes($CURRENT_PIC_DATA['filename']) . "', '{$CURRENT_PIC_DATA['filesize']}', '{$CURRENT_PIC_DATA['total_filesize']}', '{$CURRENT_PIC_DATA['pwidth']}', '{$CURRENT_PIC_DATA['pheight']}', '" . time() . "', '{$CURRENT_PIC_DATA['owner_id']}', '{$CURRENT_PIC_DATA['title']}', '{$CURRENT_PIC_DATA['caption']}', '{$CURRENT_PIC_DATA['keywords']}', '{$CURRENT_PIC_DATA['approved']}', '{$CURRENT_PIC_DATA['user1']}', '{$CURRENT_PIC_DATA['user2']}', '{$CURRENT_PIC_DATA['user3']}', '{$CURRENT_PIC_DATA['user4']}', '{$CURRENT_PIC_DATA['pic_raw_ip']}', '{$CURRENT_PIC_DATA['pic_hdr_ip']}', '{$CURRENT_PIC_DATA['position']}', '{$CURRENT_PIC_DATA['guest_token']}')"; } else { $query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position, guest_token) VALUES ('{$CURRENT_PIC_DATA['aid']}', '" . addslashes($CURRENT_PIC_DATA['filepath']) . "', '" . addslashes($CURRENT_PIC_DATA['filename']) . "', '{$CURRENT_PIC_DATA['filesize']}', '{$CURRENT_PIC_DATA['total_filesize']}', '{$CURRENT_PIC_DATA['pwidth']}', '{$CURRENT_PIC_DATA['pheight']}', '" . time() . "', '{$CURRENT_PIC_DATA['owner_id']}', '', '', '', '{$CURRENT_PIC_DATA['approved']}', '{$CURRENT_PIC_DATA['user1']}', '{$CURRENT_PIC_DATA['user2']}', '{$CURRENT_PIC_DATA['user3']}', '{$CURRENT_PIC_DATA['user4']}', '{$CURRENT_PIC_DATA['pic_raw_ip']}', '{$CURRENT_PIC_DATA['pic_hdr_ip']}', '{$CURRENT_PIC_DATA['position']}', '{$CURRENT_PIC_DATA['guest_token']}')"; } $result = cpg_db_query($query); // Put the pid in current_pic_data and call the plugin filter for file data success $CURRENT_PIC_DATA['pid'] = cpg_db_last_insert_id(); CPGPluginAPI::action('add_file_data_success', $CURRENT_PIC_DATA); //return $result; return true; }