function handleUpload($type, $edit, $owner)
{
// deals with incoming uploads
global $config, $conn, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$display = '';
$file_x = 0;
$edit = intval($edit);
$owner = intval($owner);
if ($type == 'user') {
$sql = "SELECT count(" . $type . "images_id) as num_images FROM " . $config['table_prefix'] . "" . $type . "images WHERE (userdb_id = {$owner})";
} else {
$sql = "SELECT count(" . $type . "images_id) as num_images FROM " . $config['table_prefix'] . "" . $type . "images WHERE (listingsdb_id = {$edit})";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$num_images = $recordSet->fields['num_images'];
$avaliable_images = $config['max_' . $type . '_uploads'] - $num_images;
while ($file_x < $avaliable_images) {
if (is_uploaded_file($_FILES['userfile']['tmp_name'][$file_x])) {
$realname = $misc->clean_filename($_FILES['userfile']['name'][$file_x]);
$filename = $_FILES['userfile']['tmp_name'][$file_x];
$extension = substr(strrchr($realname, "."), 1);
$filetype = $_FILES['userfile']['type'][$file_x];
// checking the filetype to make sure it's what we had in mind
$pass_the_upload = "true";
if (!in_array($_FILES['userfile']['type'][$file_x], explode(',', $config['allowed_upload_types']))) {
$pass_the_upload = "{$realname} {$lang['upload_is_an_invalid_file_type']}: {$filetype}";
}
// check file extensions
if (!in_array($extension, explode(',', $config['allowed_upload_extensions']))) {
$pass_the_upload = "{$lang['upload_invalid_extension']} ({$extension}).";
}
// check size
$filesize = $_FILES['userfile']['size'][$file_x];
if ($config['max_' . $type . '_upload_size'] != 0 && $filesize > $config['max_' . $type . '_upload_size']) {
$pass_the_upload = $lang['upload_too_large'] . '<br />' . $lang['failed_max_filesize'] . ' ' . $config['max_' . $type . '_upload_size'] . '' . $lang['bytes'];
}
// check width & height
$imagedata = GetImageSize("{$filename}");
$imagewidth = $imagedata[0];
$imageheight = $imagedata[1];
if ($config['resize_img'] == '1' && $type != 'vtour') {
$max_width = $config['max_' . $type . '_upload_width'];
$max_height = $config['max_' . $type . '_upload_height'];
$resize_by = $config['resize_by'];
$shrinkage = 1;
// Figure out what the sizes are going to be AFTER resizing the images to know if we should allow the upload or not
if ($resize_by == 'width') {
if ($imagewidth > $max_width) {
$shrinkage = $imagewidth / $max_width;
}
$new_img_width = $max_width;
$new_img_height = round($imageheight / $shrinkage);
if ($new_img_height > $max_height) {
$pass_the_upload = $lang['upload_too_high'] . '<br />' . $lang['failed_max_height'] . ' ' . $max_height . '' . $lang['pixels'];
}
} elseif ($resize_by == 'height') {
if ($imageheight > $max_height) {
$shrinkage = $imageheight / $max_height;
}
$new_img_height = $max_height;
$new_img_width = round($imagewidth / $shrinkage);
if ($new_img_width > $max_width) {
$pass_the_upload = $lang['upload_too_wide'] . '<br />' . $lang['failed_max_width'] . ' ' . $max_width . '' . $lang['pixels'];
}
} elseif ($resize_by == 'both') {
} elseif ($resize_by == 'bestfit') {
}
} else {
if ($imagewidth > $config['max_' . $type . '_upload_width']) {
$pass_the_upload = $lang['upload_too_wide'] . '<br />' . $lang['failed_max_width'] . ' ' . $max_width . '' . $lang['pixels'];
}
if ($type != 'vtour') {
if ($imageheight > $config['max_' . $type . '_upload_height']) {
$pass_the_upload = $lang['upload_too_high'] . '<br />' . $lang['failed_max_height'] . ' ' . $max_height . '' . $lang['pixels'];
}
}
}
// security error
if (strstr($_FILES['userfile']['name'][$file_x], "..") != "") {
$pass_the_upload = "{$lang['upload_security_violation']}!";
}
// make sure the file hasn't already been uploaded...
if ($type == "listings") {
$save_name = "{$_POST['edit']}" . "_" . "{$realname}";
$sql = "SELECT listingsimages_file_name FROM " . $config['table_prefix'] . "listingsimages WHERE listingsimages_file_name = '{$save_name}'";
} elseif ($type == "vtour") {
$save_name = "{$_POST['edit']}" . "_" . "{$realname}";
$sql = "SELECT vtourimages_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE vtourimages_file_name = '{$save_name}'";
} elseif ($type == "user") {
$save_name = "{$owner}" . "_" . "{$realname}";
$sql = "SELECT userimages_file_name FROM " . $config['table_prefix'] . "userimages WHERE userimages_file_name = '{$save_name}'";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$num = $recordSet->RecordCount();
if ($num > 0) {
$pass_the_upload = "{$lang['file_exists']}!";
}
if ($pass_the_upload == "true") {
// the upload has passed the tests!
if ($type == "listings") {
move_uploaded_file($_FILES['userfile']['tmp_name'][$file_x], "{$config['listings_upload_path']}/{$save_name}");
$thumb_name = $save_name;
// by default -- no difference... unless...
if ($config['make_thumbnail'] == '1') {
// if the option to make a thumbnail is activated...
$make_thumb = 'make_thumb_' . $config['thumbnail_prog'];
$thumb_name = image_handler::$make_thumb($save_name, $config['listings_upload_path']);
}
// end if $config[make_thumbnail] === "1"
if ($config['resize_img'] == '1' && ($imagewidth > $config['max_' . $type . '_upload_width'] || $imageheight > $config['max_' . $type . '_upload_height'])) {
// if the option to resize the images on upload is activated...
$resize_img = 'resize_img_' . $config['thumbnail_prog'];
$img_name = image_handler::$resize_img($save_name, $config['listings_upload_path'], $type);
}
// end if $config[resize_img] === "1"
// Get Max Image Rank
$sql = "SELECT MAX(listingsimages_rank) AS max_rank FROM " . $config['table_prefix'] . "listingsimages WHERE (listingsdb_id = '{$edit}')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$rank = $recordSet->fields['max_rank'];
$rank++;
$sql = "INSERT INTO " . $config['table_prefix'] . "listingsimages (listingsdb_id, userdb_id, listingsimages_file_name, listingsimages_thumb_file_name,listingsimages_rank,listingsimages_caption,listingsimages_description,listingsimages_active) VALUES ('{$edit}', '{$owner}', '{$save_name}', '{$thumb_name}',{$rank},'','','yes')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$misc->log_action("{$lang['log_uploaded_listing_image']} {$save_name}");
@chmod("{$config['listings_upload_path']}/{$save_name}", 0777);
}
// end if $type == "listings"
if ($type == "vtour") {
move_uploaded_file($_FILES['userfile']['tmp_name'][$file_x], "{$config['vtour_upload_path']}/{$save_name}");
$thumb_name = $save_name;
// by default -- no difference... unless...
if ($config['make_thumbnail'] == '1' && $imagedata != false) {
// if the option to make a thumbnail is activated...
$make_thumb = 'make_thumb_' . $config['thumbnail_prog'];
$thumb_name = image_handler::$make_thumb($save_name, $config['vtour_upload_path']);
}
// end if $config[make_thumbnail] === "1"
// Get Max Image Rank
$sql = "SELECT MAX(vtourimages_rank) AS max_rank FROM " . $config['table_prefix'] . "vtourimages WHERE (listingsdb_id = '{$edit}')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$rank = $recordSet->fields['max_rank'];
$rank++;
$sql = "INSERT INTO " . $config['table_prefix'] . "vtourimages (listingsdb_id, userdb_id, vtourimages_file_name, vtourimages_thumb_file_name, vtourimages_rank,vtourimages_caption,vtourimages_description,vtourimages_active) VALUES ('{$edit}', '{$owner}', '{$save_name}', '{$thumb_name}',{$rank},'','','yes')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$misc->log_action("{$lang['log_uploaded_listing_image']} {$save_name}");
@chmod("{$config['vtour_upload_path']}/{$save_name}", 0777);
}
// end if $type == "vtour"
if ($type == "user") {
if ($this->debug) {
$display .= 'Try to make Thumbnail? ' . $config['make_thumbnail'] . '<br />';
}
move_uploaded_file($_FILES['userfile']['tmp_name'][$file_x], "{$config['user_upload_path']}/{$save_name}");
$thumb_name = $save_name;
// by default -- no difference... unless...
if ($config['make_thumbnail'] == 1) {
// if the option to make a thumbnail is activated...
// include ("$config[path_to_thumbnailer]");
$thumb_name = 'make_thumb_' . $config['thumbnail_prog'];
$thumb_name = image_handler::$thumb_name($save_name, $config['user_upload_path']);
}
// end if $config[make_thumbnail] === "1"
if ($config['resize_img'] == '1' && $imagewidth > $config['max_' . $type . '_upload_width']) {
// if the option to make a thumbnail is activated...
// include ("$config[path_to_thumbnailer]");
$resize_img = 'resize_img_' . $config['thumbnail_prog'];
image_handler::$resize_img($save_name, $config['user_upload_path'], $type);
}
// end if $config[resize_img] === "1"
// Get Max Image Rank
$sql = "SELECT MAX(userimages_rank) AS max_rank FROM " . $config['table_prefix'] . "userimages WHERE (userdb_id = '{$owner}')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$rank = $recordSet->fields['max_rank'];
$rank++;
$sql = "INSERT INTO " . $config['table_prefix'] . "userimages (userdb_id, userimages_file_name, userimages_thumb_file_name,userimages_rank,userimages_caption,userimages_description,userimages_active) VALUES ('{$owner}', '{$save_name}', '{$thumb_name}',{$rank},'','','yes')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$misc->log_action("{$lang['log_uploaded_user_image']} {$save_name}");
@chmod("{$config['user_upload_path']}/{$save_name}", 0777);
}
// end if $type == "user"
$display .= "<p>{$realname} {$lang['upload_success']}.</p>";
} else {
// the upload has failed... here's why...
$display .= "<p><strong>{$lang['upload_failed']}</strong> {$pass_the_upload}</p>";
}
} else {
// print_r($_FILES);
if ($_FILES['userfile']['error'][$file_x] != 4) {
$display .= "{$lang['upload_too_large']}: " . $_FILES['userfile']['name'][$file_x] . ".<br />";
}
}
$file_x++;
}
return $display;
}
function uploadfile($type, $edit, $owner)
{
// deals with incoming uploads
global $config, $conn, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$display = '';
$file_x = 0;
if ($type == 'users') {
$sql = "SELECT count(" . $type . "files_id) as num_files FROM " . $config['table_prefix'] . "" . $type . "files WHERE (userdb_id = {$owner})";
} else {
$sql = "SELECT count(" . $type . "files_id) as num_files FROM " . $config['table_prefix'] . "" . $type . "files WHERE (listingsdb_id = {$edit})";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$num_files = $recordSet->fields['num_files'];
$avaliable_files = $config['max_' . $type . '_file_uploads'] - $num_files;
while ($file_x < $avaliable_files) {
if (is_uploaded_file($_FILES['userfile']['tmp_name'][$file_x])) {
$realname = $misc->clean_filename($_FILES['userfile']['name'][$file_x]);
$filename = $_FILES['userfile']['tmp_name'][$file_x];
$extension = substr(strrchr($realname, "."), 1);
$pass_the_upload = "true";
// check file extensions
if (!in_array($extension, explode(',', $config['allowed_file_upload_extensions']))) {
$pass_the_upload = "{$lang['upload_invalid_extension']}: {$extension}";
}
// check size
$filesize = $_FILES['userfile']['size'][$file_x];
if ($config['max_' . $type . '_file_upload_size'] != 0 && $filesize > $config['max_' . $type . '_file_upload_size']) {
$pass_the_upload = $lang['upload_too_large'] . '<br />' . $lang['failed_max_filesize'] . ' ' . $config['max_' . $type . '_file_upload_size'] . '' . $lang['bytes'];
}
// security error
if (strstr($_FILES['userfile']['name'][$file_x], "..") != "") {
$pass_the_upload = "{$lang['upload_security_violation']}!";
}
// make sure the file hasn't already been uploaded...
if ($type == "listings") {
$save_name = $realname;
$sql = "SELECT listingsfiles_file_name FROM " . $config['table_prefix'] . "listingsfiles WHERE listingsfiles_file_name = '{$save_name}' AND listingsdb_id = {$_POST['edit']}";
} elseif ($type == "users") {
$save_name = $realname;
$sql = "SELECT usersfiles_file_name FROM " . $config['table_prefix'] . "usersfiles WHERE usersfiles_file_name = '{$save_name}'";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$num = $recordSet->RecordCount();
if ($num > 0) {
$pass_the_upload = "{$lang['file_exists']}!";
}
// IF the upload has passed all the tests do:
if ($pass_the_upload == "true") {
if ($type == "listings") {
$uploadpath = $config[listings_file_upload_path] . '/' . $edit;
if (!file_exists($uploadpath)) {
mkdir($uploadpath, 0777);
}
move_uploaded_file($_FILES['userfile']['tmp_name'][$file_x], "{$uploadpath}/{$save_name}");
// Get Max Image Rank
$sql = "SELECT MAX(listingsfiles_rank) AS max_rank FROM " . $config['table_prefix'] . "listingsfiles WHERE (listingsdb_id = '{$edit}')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$rank = $recordSet->fields['max_rank'];
$rank++;
$sql = "INSERT INTO " . $config['table_prefix'] . "listingsfiles (listingsdb_id, userdb_id, listingsfiles_file_name, listingsfiles_rank, listingsfiles_caption, listingsfiles_description, listingsfiles_active) VALUES ('{$edit}', '{$owner}', '{$save_name}', {$rank},'','','yes')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$misc->log_action("{$lang['log_uploaded_listing_file']} {$save_name}");
@chmod("{$uploadpath}/{$save_name}", 0777);
}
// end if $type == "listings"
// IF the type of upload is a user file do:
if ($type == "users") {
$uploadpath = $config[users_file_upload_path] . '/' . $owner;
if (!file_exists($uploadpath)) {
mkdir($uploadpath, 0777);
}
move_uploaded_file($_FILES['userfile']['tmp_name'][$file_x], "{$uploadpath}/{$save_name}");
// Get Max Image Rank
$sql = "SELECT MAX(usersfiles_rank) AS max_rank FROM " . $config['table_prefix'] . "usersfiles WHERE (userdb_id = '{$owner}')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$rank = $recordSet->fields['max_rank'];
$rank++;
$sql = "INSERT INTO " . $config['table_prefix'] . "usersfiles (userdb_id, usersfiles_file_name,usersfiles_rank,usersfiles_caption,usersfiles_description,usersfiles_active) VALUES ('{$owner}', '{$save_name}', {$rank},'','','yes')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$misc->log_action("{$lang['log_uploaded_user_image']} {$save_name}");
@chmod("{$config['user_upload_path']}/{$save_name}", 0777);
}
// end if $type == "user"
$display .= "<p>{$realname} {$lang['upload_success']}.</p>";
// end if $pass_the_upload == "true"
} else {
// else the upload has failed... lets tell them why... the suspense is killing me...
$display .= "<p><strong>{$lang['upload_failed']}</strong> {$pass_the_upload}</p>";
}
} else {
// print_r($_FILES);
if ($_FILES['userfile']['error'][$file_x] != 4) {
$display .= "{$lang['upload_too_large']}: " . $_FILES['userfile']['name'][$file_x] . ".<br />";
}
}
$file_x++;
}
return $display;
}