function add_picture($aid, $filepath, $filename, $position = 0, $title = '', $caption = '', $keywords = '', $user1 = '', $user2 = '', $user3 = '', $user4 = '', $category = 0, $raw_ip = '', $hdr_ip = '', $iwidth = 0, $iheight = 0)
    global $lang_errors, $lang_db_input_php;
    $image = $CONFIG['fullpath'] . $filepath . $filename;
    $normal = $CONFIG['fullpath'] . $filepath . $CONFIG['normal_pfx'] . $filename;
    $thumb = $CONFIG['fullpath'] . $filepath . $CONFIG['thumb_pfx'] . $filename;
    $orig = $CONFIG['fullpath'] . $filepath . $CONFIG['orig_pfx'] . $filename;
    // $mini = $CONFIG['fullpath'] . $filepath . $CONFIG['mini_pfx'] . $filename;
    $work_image = $image;
    if (!is_known_filetype($image)) {
        return array('error' => $lang_db_input_php['err_invalid_fext'] . ' ' . $CONFIG['allowed_file_extensions'], 'halt_upload' => 0);
    } elseif (is_image($filename)) {
        $imagesize = cpg_getimagesize($image);
        if ($CONFIG['read_iptc_data']) {
            // read IPTC data
            $iptc = get_IPTC($image);
            if (is_array($iptc) && !$title && !$caption && !$keywords) {
                //if any of those 3 are filled out we don't want to override them, they may be blank on purpose.
                $title = isset($iptc['Headline']) ? trim($iptc['Headline']) : $title;
                $caption = isset($iptc['Caption']) ? trim($iptc['Caption']) : $caption;
                $keywords = isset($iptc['Keywords']) ? implode($CONFIG['keyword_separator'], $iptc['Keywords']) : $keywords;
        // resize picture if it's bigger than the max width or height for uploaded pictures
        if (max($imagesize[0], $imagesize[1]) > $CONFIG['max_upl_width_height']) {
            if (USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) {
                $resize_method = $CONFIG['picture_use'] == "thumb" ? $CONFIG['thumb_use'] == "ex" ? "any" : $CONFIG['thumb_use'] : $CONFIG['picture_use'];
                resize_image($image, $image, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $resize_method, 'false');
                $imagesize = cpg_getimagesize($image);
            } elseif (USER_IS_ADMIN) {
                // skip resizing for admin
                $picture_original_size = true;
            } else {
                $msg = sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']);
                return array('error' => $msg, 'halt_upload' => 1);
        // create backup of full sized picture if watermark is enabled for full sized pictures
        if (!file_exists($orig) && $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
            if (!copy($image, $orig)) {
                return false;
            } else {
                $work_image = $orig;
        if (!file_exists($thumb)) {
            // create thumbnail
            if (($result = resize_image($work_image, $thumb, $CONFIG['thumb_width'], $CONFIG['thumb_method'], $CONFIG['thumb_use'], "false", 1)) !== true) {
                return $result;
        if ($CONFIG['make_intermediate'] && cpg_picture_dimension_exceeds_intermediate_limit($imagesize[0], $imagesize[1]) && !file_exists($normal)) {
            // create intermediate sized picture
            $resize_method = $CONFIG['picture_use'] == "thumb" ? $CONFIG['thumb_use'] == "ex" ? "any" : $CONFIG['thumb_use'] : $CONFIG['picture_use'];
            $watermark = $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'resized') ? 'true' : 'false';
            if (($result = resize_image($work_image, $normal, $CONFIG['picture_width'], $CONFIG['thumb_method'], $resize_method, $watermark)) !== true) {
                return $result;
        // watermark full sized picture
        if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
            $wm_max_upl_width_height = $picture_original_size ? max($imagesize[0], $imagesize[1]) : $CONFIG['max_upl_width_height'];
            // use max aspect of original image if it hasn't been resized earlier
            if (($result = resize_image($work_image, $image, $wm_max_upl_width_height, $CONFIG['thumb_method'], 'any', 'true')) !== true) {
                return $result;
    } else {
        $imagesize[0] = $iwidth;
        $imagesize[1] = $iheight;
    $image_filesize = filesize($image);
    $total_filesize = is_image($filename) ? $image_filesize + (file_exists($normal) ? filesize($normal) : 0) + filesize($thumb) : $image_filesize;
    // Test if disk quota exceeded
    if (!GALLERY_ADMIN_MODE && $USER_DATA['group_quota'] && $category == FIRST_USER_CAT + USER_ID) {
        $result = cpg_db_query("SELECT sum(total_filesize) FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE  {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND category = '" . (FIRST_USER_CAT + USER_ID) . "'");
        $record = mysql_fetch_array($result);
        $total_space_used = $record[0];
        if ($total_space_used + $total_filesize >> 10 > $USER_DATA['group_quota']) {
            if (is_image($image)) {
            $msg = $lang_errors['quota_exceeded'] . '<br />&nbsp;<br />' . strtr($lang_errors['quota_exceeded_details'], array('[quota]' => $USER_DATA['group_quota'], '[space]' => $total_space_used >> 10));
            return array('error' => $msg, 'halt_upload' => 1);
    // Test if picture requires approval
        $approved = 'YES';
    } elseif (!$USER_DATA['priv_upl_need_approval'] && $category == FIRST_USER_CAT + USER_ID) {
        $approved = 'YES';
    } elseif (!$USER_DATA['pub_upl_need_approval'] && $category < FIRST_USER_CAT) {
        $approved = 'YES';
    } else {
        $approved = 'NO';
    $PIC_NEED_APPROVAL = $approved == 'NO';
    // User ID is recorded when in admin mode
    $user_id = USER_ID;
    // Populate Array to pass to plugins, then to SQL
    $CURRENT_PIC_DATA['aid'] = $aid;
    $CURRENT_PIC_DATA['filepath'] = $filepath;
    $CURRENT_PIC_DATA['filename'] = $filename;
    $CURRENT_PIC_DATA['filesize'] = $image_filesize;
    $CURRENT_PIC_DATA['total_filesize'] = $total_filesize;
    $CURRENT_PIC_DATA['pwidth'] = $imagesize[0];
    $CURRENT_PIC_DATA['pheight'] = $imagesize[1];
    $CURRENT_PIC_DATA['owner_id'] = $user_id;
    $CURRENT_PIC_DATA['title'] = $title;
    $CURRENT_PIC_DATA['caption'] = $caption;
    $CURRENT_PIC_DATA['keywords'] = $keywords;
    $CURRENT_PIC_DATA['approved'] = $approved;
    $CURRENT_PIC_DATA['user1'] = $user1;
    $CURRENT_PIC_DATA['user2'] = $user2;
    $CURRENT_PIC_DATA['user3'] = $user3;
    $CURRENT_PIC_DATA['user4'] = $user4;
    $CURRENT_PIC_DATA['pic_raw_ip'] = $raw_ip;
    $CURRENT_PIC_DATA['pic_hdr_ip'] = $hdr_ip;
    $CURRENT_PIC_DATA['position'] = $position;
    $CURRENT_PIC_DATA['guest_token'] = USER_ID == 0 ? cpg_get_guest_token() : '';
    $CURRENT_PIC_DATA = CPGPluginAPI::filter('add_file_data', $CURRENT_PIC_DATA);
    if (USER_ID > 0 || $CONFIG['allow_guests_enter_file_details'] == 1) {
        $query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position, guest_token) VALUES ('{$CURRENT_PIC_DATA['aid']}', '" . addslashes($CURRENT_PIC_DATA['filepath']) . "', '" . addslashes($CURRENT_PIC_DATA['filename']) . "', '{$CURRENT_PIC_DATA['filesize']}', '{$CURRENT_PIC_DATA['total_filesize']}', '{$CURRENT_PIC_DATA['pwidth']}', '{$CURRENT_PIC_DATA['pheight']}', '" . time() . "', '{$CURRENT_PIC_DATA['owner_id']}', '{$CURRENT_PIC_DATA['title']}', '{$CURRENT_PIC_DATA['caption']}', '{$CURRENT_PIC_DATA['keywords']}', '{$CURRENT_PIC_DATA['approved']}', '{$CURRENT_PIC_DATA['user1']}', '{$CURRENT_PIC_DATA['user2']}', '{$CURRENT_PIC_DATA['user3']}', '{$CURRENT_PIC_DATA['user4']}', '{$CURRENT_PIC_DATA['pic_raw_ip']}', '{$CURRENT_PIC_DATA['pic_hdr_ip']}', '{$CURRENT_PIC_DATA['position']}', '{$CURRENT_PIC_DATA['guest_token']}')";
    } else {
        $query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position, guest_token) VALUES ('{$CURRENT_PIC_DATA['aid']}', '" . addslashes($CURRENT_PIC_DATA['filepath']) . "', '" . addslashes($CURRENT_PIC_DATA['filename']) . "', '{$CURRENT_PIC_DATA['filesize']}', '{$CURRENT_PIC_DATA['total_filesize']}', '{$CURRENT_PIC_DATA['pwidth']}', '{$CURRENT_PIC_DATA['pheight']}', '" . time() . "', '{$CURRENT_PIC_DATA['owner_id']}', '', '', '', '{$CURRENT_PIC_DATA['approved']}', '{$CURRENT_PIC_DATA['user1']}', '{$CURRENT_PIC_DATA['user2']}', '{$CURRENT_PIC_DATA['user3']}', '{$CURRENT_PIC_DATA['user4']}', '{$CURRENT_PIC_DATA['pic_raw_ip']}', '{$CURRENT_PIC_DATA['pic_hdr_ip']}', '{$CURRENT_PIC_DATA['position']}', '{$CURRENT_PIC_DATA['guest_token']}')";
    $result = cpg_db_query($query);
    // Put the pid in current_pic_data and call the plugin filter for file data success
    $CURRENT_PIC_DATA['pid'] = mysql_insert_id($CONFIG['LINK_ID']);
    CPGPluginAPI::action('add_file_data_success', $CURRENT_PIC_DATA);
    //return $result;
    return true;
Esempio n. 2
        $sql = "SELECT * " . " FROM {$CONFIG['TABLE_PICTURES']} " . " WHERE approved = 'NO' AND aid IN {$albStr} " . " ORDER BY pid " . " LIMIT {$start}, {$count}";
    } else {
        $sql = "SELECT * " . " FROM {$CONFIG['TABLE_PICTURES']} " . " WHERE approved = 'NO' " . " ORDER BY pid " . " LIMIT {$start}, {$count}";
    $result = cpg_db_query($sql);
    $form_target = $CPG_PHP_SELF . '?mode=upload_approval&amp;start=' . $start . '&amp;count=' . $count;
    $title = $lang_editpics_php['upl_approval'];
    $help = '';
} else {
    $sql = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE aid = '{$album_id}'";
    // If non-admin user but allowed to upload in this album, then we need to fetch only the photos uploaded by that user
    if (defined('USER_UPLOAD_ALLOWED')) {
        $owner_str = " AND owner_id = " . USER_ID;
        // If user is a guest, check if it's the same guest
        if (USER_ID == 0) {
            $owner_str .= " AND guest_token = '" . cpg_get_guest_token() . "'";
        // If users don't retain control over their pics in public galleries, show only the most recent uploads
        if ($CONFIG['users_can_edit_pics'] == 0) {
            $user_edit_pics_lifetime = $CONFIG['form_token_lifetime'] * 5;
            $owner_str .= " AND ctime > '" . (time() - $user_edit_pics_lifetime) . "'";
    } else {
        $owner_str = '';
    // Display only the uploaded files from the last queue after flash upload
    if ($superCage->get->keyExists('newer_than') && $CONFIG['editpics_ignore_newer_than'] != 1) {
        $owner_str .= " AND ctime > '" . $superCage->get->getInt('newer_than') . "'";
    $result = cpg_db_query($sql . $owner_str);
    list($pic_count) = $result->fetchRow(true);