function phphoto_upload_image($db) { global $allowed_filetypes; if (isset($_FILES['image'])) { $uploaded_image = $_FILES['image']; if (file_exists($uploaded_image['tmp_name'])) { $temp = explode('.', $uploaded_image['name']); $extension = end($temp); $filesize = filesize($uploaded_image['tmp_name']); $replace_existing = isset($_POST['replace']) && $_POST['replace'] == 'true'; if (!in_array(strtolower($extension), $allowed_filetypes)) { phphoto_popup_message(phphoto_text($db, 'image', 'invalid_filetype', $extension), 'error'); } elseif (!is_numeric($filesize) || $filesize > IMAGE_MAX_FILESIZE) { phphoto_popup_message(phphoto_text($db, 'image', 'invalid_filesize', format_byte($filesize)), 'error'); } else { $db = phphoto_db_connect(); $image_id = phphoto_store_image($db, $uploaded_image, $replace_existing); if ($image_id == INVALID_ID) { phphoto_popup_message(phphoto_text($db, 'image', 'store_error'), 'error'); } elseif ($image_id == -2) { phphoto_popup_message(phphoto_text($db, 'image', 'exists', $uploaded_image['name']), 'warning'); } else { if ($replace_existing) { phphoto_popup_message(phphoto_text($db, 'image', 'uploaded_replace', $uploaded_image['name']), 'info'); } else { phphoto_popup_message(phphoto_text($db, 'image', 'uploaded_normal', $uploaded_image['name']), 'info'); } } } unlink($uploaded_image['tmp_name']); // delete temp file } else { phphoto_popup_message(phphoto_text($db, 'image', 'invalid_temp_file'), 'error'); } } echo "\n<div class='admin'>"; echo "\n <h1>" . phphoto_text($db, 'image', 'upload') . "</h1>"; echo "\n <form method='post' action='" . CURRENT_PAGE . "?" . GET_KEY_ADMIN_QUERY . "=" . GET_VALUE_ADMIN_IMAGE . "' enctype='multipart/form-data'>"; echo "\n " . phphoto_text($db, 'image', 'allowed_extensions', implode(', ', $allowed_filetypes)); echo "\n <br>"; echo "\n " . phphoto_text($db, 'image', 'maximum_filesize', format_byte(IMAGE_MAX_FILESIZE)); echo "\n <br>"; echo "\n <input type='file' name='image'>"; echo "\n <br>"; echo "\n <input type='submit' value='" . phphoto_text($db, 'button', 'upload') . "'>"; echo "\n <input type='checkbox' name='replace' value='true' id='replace'><label for='replace'>" . phphoto_text($db, 'image', 'replace_existing') . "</label>"; echo "\n </form>"; echo "\n</div>"; }
function phphoto_main($authorized = false) { global $settings; $db = phphoto_db_connect(); $admin = isset($_GET[GET_KEY_ADMIN_QUERY]) ? $_GET[GET_KEY_ADMIN_QUERY] : ''; if ($authorized) { phphoto_admin_links($db); } if ($authorized && strlen($admin) > 0) { phphoto_admin($db, $settings, $admin); } else { phphoto_gallery($db); } phphoto_db_disconnect($db); }
$type = $result[0]['type']; if ($thumbnail) { header('Content-type: image/png'); } else { header('Content-type: ' . image_type_to_mime_type($type)); } echo $image; exit; } elseif (isset($_GET[GET_KEY_GALLERY_ID])) { $id = $_GET[GET_KEY_GALLERY_ID]; if (!is_numeric($id)) { not_valid_id($id, 'the id is not numeric'); } $db = phphoto_db_connect(); $result = phphoto_db_query($db, "SELECT thumbnail AS image FROM galleries WHERE id = {$id};"); phphoto_db_connect($db); if (empty($result)) { not_valid_id($id, 'there is no gallery in the database with that id'); } if ($result[0]['image'] == null) { $image = phphoto_generate_null_image(); } else { $image = $result[0]['image']; } header('Content-type: image/png'); echo $image; exit; } else { not_valid_id('', 'no image requested'); } function not_valid_id($id, $message)