function phphoto_upload_image($db)
{
global $allowed_filetypes;
if (isset($_FILES['image'])) {
$uploaded_image = $_FILES['image'];
if (file_exists($uploaded_image['tmp_name'])) {
$temp = explode('.', $uploaded_image['name']);
$extension = end($temp);
$filesize = filesize($uploaded_image['tmp_name']);
$replace_existing = isset($_POST['replace']) && $_POST['replace'] == 'true';
if (!in_array(strtolower($extension), $allowed_filetypes)) {
phphoto_popup_message(phphoto_text($db, 'image', 'invalid_filetype', $extension), 'error');
} elseif (!is_numeric($filesize) || $filesize > IMAGE_MAX_FILESIZE) {
phphoto_popup_message(phphoto_text($db, 'image', 'invalid_filesize', format_byte($filesize)), 'error');
} else {
$db = phphoto_db_connect();
$image_id = phphoto_store_image($db, $uploaded_image, $replace_existing);
if ($image_id == INVALID_ID) {
phphoto_popup_message(phphoto_text($db, 'image', 'store_error'), 'error');
} elseif ($image_id == -2) {
phphoto_popup_message(phphoto_text($db, 'image', 'exists', $uploaded_image['name']), 'warning');
} else {
if ($replace_existing) {
phphoto_popup_message(phphoto_text($db, 'image', 'uploaded_replace', $uploaded_image['name']), 'info');
} else {
phphoto_popup_message(phphoto_text($db, 'image', 'uploaded_normal', $uploaded_image['name']), 'info');
}
}
}
unlink($uploaded_image['tmp_name']);
// delete temp file
} else {
phphoto_popup_message(phphoto_text($db, 'image', 'invalid_temp_file'), 'error');
}
}
echo "\n<div class='admin'>";
echo "\n <h1>" . phphoto_text($db, 'image', 'upload') . "</h1>";
echo "\n <form method='post' action='" . CURRENT_PAGE . "?" . GET_KEY_ADMIN_QUERY . "=" . GET_VALUE_ADMIN_IMAGE . "' enctype='multipart/form-data'>";
echo "\n " . phphoto_text($db, 'image', 'allowed_extensions', implode(', ', $allowed_filetypes));
echo "\n <br>";
echo "\n " . phphoto_text($db, 'image', 'maximum_filesize', format_byte(IMAGE_MAX_FILESIZE));
echo "\n <br>";
echo "\n <input type='file' name='image'>";
echo "\n <br>";
echo "\n <input type='submit' value='" . phphoto_text($db, 'button', 'upload') . "'>";
echo "\n <input type='checkbox' name='replace' value='true' id='replace'><label for='replace'>" . phphoto_text($db, 'image', 'replace_existing') . "</label>";
echo "\n </form>";
echo "\n</div>";
}
function phphoto_main($authorized = false)
{
global $settings;
$db = phphoto_db_connect();
$admin = isset($_GET[GET_KEY_ADMIN_QUERY]) ? $_GET[GET_KEY_ADMIN_QUERY] : '';
if ($authorized) {
phphoto_admin_links($db);
}
if ($authorized && strlen($admin) > 0) {
phphoto_admin($db, $settings, $admin);
} else {
phphoto_gallery($db);
}
phphoto_db_disconnect($db);
}
$type = $result[0]['type'];
if ($thumbnail) {
header('Content-type: image/png');
} else {
header('Content-type: ' . image_type_to_mime_type($type));
}
echo $image;
exit;
} elseif (isset($_GET[GET_KEY_GALLERY_ID])) {
$id = $_GET[GET_KEY_GALLERY_ID];
if (!is_numeric($id)) {
not_valid_id($id, 'the id is not numeric');
}
$db = phphoto_db_connect();
$result = phphoto_db_query($db, "SELECT thumbnail AS image FROM galleries WHERE id = {$id};");
phphoto_db_connect($db);
if (empty($result)) {
not_valid_id($id, 'there is no gallery in the database with that id');
}
if ($result[0]['image'] == null) {
$image = phphoto_generate_null_image();
} else {
$image = $result[0]['image'];
}
header('Content-type: image/png');
echo $image;
exit;
} else {
not_valid_id('', 'no image requested');
}
function not_valid_id($id, $message)
