/**
* Checks the validity of the given attachments.
* Creates a user input error, if validation fails.
* Returns true, if the given attachment is valid.
*
* @param string $tmpName path to attachment
* @param string $fileHash sha1 hash of attachment
* @param string $name original name of attachment
* @param integer $size size of attachment
* @param string $extension file extension of attachment
* @return boolean true, if the given attachment is valid
*/
protected function checkAttachment($tmpName, $fileHash, $name, $size, $extension, $isImage)
{
$i = count($this->errors);
if (isset($this->attachments[$this->messageID]) && count($this->attachments[$this->messageID]) > $this->maxUploads) {
return false;
}
if (!$tmpName) {
// php upload filesize limit reached
$this->errors[$i]['attachmentName'] = $name;
$this->errors[$i]['errorType'] = "fileSizePHP";
return false;
}
if (in_array($fileHash, $this->attachmentHashes)) {
$this->errors[$i]['attachmentName'] = $name;
$this->errors[$i]['errorType'] = "doubleUpload";
return false;
}
if ($size == 0 || $size > $this->maxFileSize) {
$this->errors[$i]['attachmentName'] = $name;
$this->errors[$i]['errorType'] = "fileSize";
return false;
}
if (!preg_match($this->allowedExtensions, $extension)) {
$this->errors[$i]['attachmentName'] = $name;
$this->errors[$i]['errorType'] = "illegalExtension";
return false;
}
if ($isImage && !ImageUtil::checkImageContent($tmpName)) {
$this->errors[$i]['attachmentName'] = $name;
$this->errors[$i]['errorType'] = "badImage";
return false;
}
return true;
}
/**
* Creates a new avatar.
*
* @param string $tmpName
* @param string $name
* @param string $field
* @return integer avatar id
*/
public static function create($tmpName, $name, $field, $userID = 0, $groupID = 0, $neededPoints = 0, $avatarCategoryID = 0)
{
// check avatar content
if (!ImageUtil::checkImageContent($tmpName)) {
throw new UserInputException($field, 'badAvatar');
}
// get file extension
/*$fileExtension = '';
if (!empty($name) && StringUtil::indexOf($name, '.') !== false) {
$fileExtension = StringUtil::toLowerCase(StringUtil::substring($name, StringUtil::lastIndexOf($name, '.') + 1));
}*/
// get image data
if (($imageData = @getImageSize($tmpName)) === false) {
throw new UserInputException($field, 'badAvatar');
}
// get file extension by mime
$fileExtension = ImageUtil::getExtensionByMimeType($imageData['mime']);
// check file extension
if (!in_array($fileExtension, self::getAllowedFileExtensions())) {
throw new UserInputException($field, 'notAllowedExtension');
}
// get avatar size
$width = $imageData[0];
$height = $imageData[1];
if (!$width || !$height) {
throw new UserInputException($field, 'badAvatar');
}
$size = @filesize($tmpName);
// generate thumbnail if necessary
if ($width > WCF::getUser()->getPermission('user.profile.avatar.maxWidth') || $height > WCF::getUser()->getPermission('user.profile.avatar.maxHeight')) {
$thumbnail = new Thumbnail($tmpName, WCF::getUser()->getPermission('user.profile.avatar.maxWidth'), WCF::getUser()->getPermission('user.profile.avatar.maxHeight'));
$thumbnailSrc = $thumbnail->makeThumbnail();
if ($thumbnailSrc) {
$file = new File($tmpName);
$file->write($thumbnailSrc);
$file->close();
// refresh avatar size
list($width, $height, ) = @getImageSize($tmpName);
clearstatcache();
$size = @filesize($tmpName);
// get new file extension
$fileExtension = ImageUtil::getExtensionByMimeType($thumbnail->getMimeType());
}
unset($thumbnail, $thumbnailSrc);
}
// check size again
if ($width > WCF::getUser()->getPermission('user.profile.avatar.maxWidth') || $height > WCF::getUser()->getPermission('user.profile.avatar.maxHeight') || $size > WCF::getUser()->getPermission('user.profile.avatar.maxSize')) {
throw new UserInputException($field, 'tooLarge');
}
// create avatar
$avatarID = self::insert(basename($name), array('avatarExtension' => $fileExtension, 'width' => $width, 'height' => $height, 'userID' => $userID, 'groupID' => $groupID, 'neededPoints' => $neededPoints, 'avatarCategoryID' => $avatarCategoryID));
// copy avatar to avatar folder
if (!@copy($tmpName, WCF_DIR . 'images/avatars/avatar-' . $avatarID . '.' . $fileExtension)) {
// copy failed
// delete avatar
@unlink($tmpName);
$sql = "DELETE FROM\twcf" . WCF_N . "_avatar\n\t\t\t\tWHERE\t\tavatarID = " . $avatarID;
WCF::getDB()->sendQuery($sql);
throw new UserInputException($field, 'copyFailed');
}
// set permissions
@chmod(WCF_DIR . 'images/avatars/avatar-' . $avatarID . '.' . $fileExtension, 0666);
return $avatarID;
}
