Esempio n. 1
0
 function handleUpload($type, $edit, $owner)
 {
     // deals with incoming uploads
     global $config, $conn, $lang;
     require_once $config['basepath'] . '/include/misc.inc.php';
     $misc = new misc();
     $display = '';
     $file_x = 0;
     $edit = intval($edit);
     $owner = intval($owner);
     if ($type == 'user') {
         $sql = "SELECT count(" . $type . "images_id) as num_images FROM " . $config['table_prefix'] . "" . $type . "images WHERE (userdb_id = {$owner})";
     } else {
         $sql = "SELECT count(" . $type . "images_id) as num_images FROM " . $config['table_prefix'] . "" . $type . "images WHERE (listingsdb_id = {$edit})";
     }
     $recordSet = $conn->Execute($sql);
     if ($recordSet === false) {
         $misc->log_error($sql);
     }
     $num_images = $recordSet->fields['num_images'];
     $avaliable_images = $config['max_' . $type . '_uploads'] - $num_images;
     while ($file_x < $avaliable_images) {
         if (is_uploaded_file($_FILES['userfile']['tmp_name'][$file_x])) {
             $realname = $misc->clean_filename($_FILES['userfile']['name'][$file_x]);
             $filename = $_FILES['userfile']['tmp_name'][$file_x];
             $extension = substr(strrchr($realname, "."), 1);
             $filetype = $_FILES['userfile']['type'][$file_x];
             // checking the filetype to make sure it's what we had in mind
             $pass_the_upload = "true";
             if (!in_array($_FILES['userfile']['type'][$file_x], explode(',', $config['allowed_upload_types']))) {
                 $pass_the_upload = "{$realname} {$lang['upload_is_an_invalid_file_type']}: {$filetype}";
             }
             // check file extensions
             if (!in_array($extension, explode(',', $config['allowed_upload_extensions']))) {
                 $pass_the_upload = "{$lang['upload_invalid_extension']} ({$extension}).";
             }
             // check size
             $filesize = $_FILES['userfile']['size'][$file_x];
             if ($config['max_' . $type . '_upload_size'] != 0 && $filesize > $config['max_' . $type . '_upload_size']) {
                 $pass_the_upload = $lang['upload_too_large'] . '<br />' . $lang['failed_max_filesize'] . ' ' . $config['max_' . $type . '_upload_size'] . '' . $lang['bytes'];
             }
             // check width & height
             $imagedata = GetImageSize("{$filename}");
             $imagewidth = $imagedata[0];
             $imageheight = $imagedata[1];
             if ($config['resize_img'] == '1' && $type != 'vtour') {
                 $max_width = $config['max_' . $type . '_upload_width'];
                 $max_height = $config['max_' . $type . '_upload_height'];
                 $resize_by = $config['resize_by'];
                 $shrinkage = 1;
                 // Figure out what the sizes are going to be AFTER resizing the images to know if we should allow the upload or not
                 if ($resize_by == 'width') {
                     if ($imagewidth > $max_width) {
                         $shrinkage = $imagewidth / $max_width;
                     }
                     $new_img_width = $max_width;
                     $new_img_height = round($imageheight / $shrinkage);
                     if ($new_img_height > $max_height) {
                         $pass_the_upload = $lang['upload_too_high'] . '<br />' . $lang['failed_max_height'] . ' ' . $max_height . '' . $lang['pixels'];
                     }
                 } elseif ($resize_by == 'height') {
                     if ($imageheight > $max_height) {
                         $shrinkage = $imageheight / $max_height;
                     }
                     $new_img_height = $max_height;
                     $new_img_width = round($imagewidth / $shrinkage);
                     if ($new_img_width > $max_width) {
                         $pass_the_upload = $lang['upload_too_wide'] . '<br />' . $lang['failed_max_width'] . ' ' . $max_width . '' . $lang['pixels'];
                     }
                 } elseif ($resize_by == 'both') {
                 } elseif ($resize_by == 'bestfit') {
                 }
             } else {
                 if ($imagewidth > $config['max_' . $type . '_upload_width']) {
                     $pass_the_upload = $lang['upload_too_wide'] . '<br />' . $lang['failed_max_width'] . ' ' . $max_width . '' . $lang['pixels'];
                 }
                 if ($type != 'vtour') {
                     if ($imageheight > $config['max_' . $type . '_upload_height']) {
                         $pass_the_upload = $lang['upload_too_high'] . '<br />' . $lang['failed_max_height'] . ' ' . $max_height . '' . $lang['pixels'];
                     }
                 }
             }
             // security error
             if (strstr($_FILES['userfile']['name'][$file_x], "..") != "") {
                 $pass_the_upload = "{$lang['upload_security_violation']}!";
             }
             // make sure the file hasn't already been uploaded...
             if ($type == "listings") {
                 $save_name = "{$_POST['edit']}" . "_" . "{$realname}";
                 $sql = "SELECT listingsimages_file_name FROM " . $config['table_prefix'] . "listingsimages WHERE listingsimages_file_name = '{$save_name}'";
             } elseif ($type == "vtour") {
                 $save_name = "{$_POST['edit']}" . "_" . "{$realname}";
                 $sql = "SELECT vtourimages_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE vtourimages_file_name = '{$save_name}'";
             } elseif ($type == "user") {
                 $save_name = "{$owner}" . "_" . "{$realname}";
                 $sql = "SELECT userimages_file_name FROM " . $config['table_prefix'] . "userimages WHERE userimages_file_name = '{$save_name}'";
             }
             $recordSet = $conn->Execute($sql);
             if ($recordSet === false) {
                 $misc->log_error($sql);
             }
             $num = $recordSet->RecordCount();
             if ($num > 0) {
                 $pass_the_upload = "{$lang['file_exists']}!";
             }
             if ($pass_the_upload == "true") {
                 // the upload has passed the tests!
                 if ($type == "listings") {
                     move_uploaded_file($_FILES['userfile']['tmp_name'][$file_x], "{$config['listings_upload_path']}/{$save_name}");
                     $thumb_name = $save_name;
                     // by default -- no difference... unless...
                     if ($config['make_thumbnail'] == '1') {
                         // if the option to make a thumbnail is activated...
                         $make_thumb = 'make_thumb_' . $config['thumbnail_prog'];
                         $thumb_name = image_handler::$make_thumb($save_name, $config['listings_upload_path']);
                     }
                     // end if $config[make_thumbnail] === "1"
                     if ($config['resize_img'] == '1' && ($imagewidth > $config['max_' . $type . '_upload_width'] || $imageheight > $config['max_' . $type . '_upload_height'])) {
                         // if the option to resize the images on upload is activated...
                         $resize_img = 'resize_img_' . $config['thumbnail_prog'];
                         $img_name = image_handler::$resize_img($save_name, $config['listings_upload_path'], $type);
                     }
                     // end if $config[resize_img] === "1"
                     // Get Max Image Rank
                     $sql = "SELECT MAX(listingsimages_rank) AS max_rank FROM " . $config['table_prefix'] . "listingsimages WHERE (listingsdb_id = '{$edit}')";
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     $rank = $recordSet->fields['max_rank'];
                     $rank++;
                     $sql = "INSERT INTO " . $config['table_prefix'] . "listingsimages (listingsdb_id, userdb_id, listingsimages_file_name, listingsimages_thumb_file_name,listingsimages_rank,listingsimages_caption,listingsimages_description,listingsimages_active) VALUES ('{$edit}', '{$owner}', '{$save_name}', '{$thumb_name}',{$rank},'','','yes')";
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     $misc->log_action("{$lang['log_uploaded_listing_image']} {$save_name}");
                     @chmod("{$config['listings_upload_path']}/{$save_name}", 0777);
                 }
                 // end if $type == "listings"
                 if ($type == "vtour") {
                     move_uploaded_file($_FILES['userfile']['tmp_name'][$file_x], "{$config['vtour_upload_path']}/{$save_name}");
                     $thumb_name = $save_name;
                     // by default -- no difference... unless...
                     if ($config['make_thumbnail'] == '1' && $imagedata != false) {
                         // if the option to make a thumbnail is activated...
                         $make_thumb = 'make_thumb_' . $config['thumbnail_prog'];
                         $thumb_name = image_handler::$make_thumb($save_name, $config['vtour_upload_path']);
                     }
                     // end if $config[make_thumbnail] === "1"
                     // Get Max Image Rank
                     $sql = "SELECT MAX(vtourimages_rank) AS max_rank FROM " . $config['table_prefix'] . "vtourimages WHERE (listingsdb_id = '{$edit}')";
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     $rank = $recordSet->fields['max_rank'];
                     $rank++;
                     $sql = "INSERT INTO " . $config['table_prefix'] . "vtourimages (listingsdb_id, userdb_id, vtourimages_file_name, vtourimages_thumb_file_name, vtourimages_rank,vtourimages_caption,vtourimages_description,vtourimages_active) VALUES ('{$edit}', '{$owner}', '{$save_name}', '{$thumb_name}',{$rank},'','','yes')";
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     $misc->log_action("{$lang['log_uploaded_listing_image']} {$save_name}");
                     @chmod("{$config['vtour_upload_path']}/{$save_name}", 0777);
                 }
                 // end if $type == "vtour"
                 if ($type == "user") {
                     if ($this->debug) {
                         $display .= 'Try to make Thumbnail? ' . $config['make_thumbnail'] . '<br />';
                     }
                     move_uploaded_file($_FILES['userfile']['tmp_name'][$file_x], "{$config['user_upload_path']}/{$save_name}");
                     $thumb_name = $save_name;
                     // by default -- no difference... unless...
                     if ($config['make_thumbnail'] == 1) {
                         // if the option to make a thumbnail is activated...
                         // include ("$config[path_to_thumbnailer]");
                         $thumb_name = 'make_thumb_' . $config['thumbnail_prog'];
                         $thumb_name = image_handler::$thumb_name($save_name, $config['user_upload_path']);
                     }
                     // end if $config[make_thumbnail] === "1"
                     if ($config['resize_img'] == '1' && $imagewidth > $config['max_' . $type . '_upload_width']) {
                         // if the option to make a thumbnail is activated...
                         // include ("$config[path_to_thumbnailer]");
                         $resize_img = 'resize_img_' . $config['thumbnail_prog'];
                         image_handler::$resize_img($save_name, $config['user_upload_path'], $type);
                     }
                     // end if $config[resize_img] === "1"
                     // Get Max Image Rank
                     $sql = "SELECT MAX(userimages_rank) AS max_rank FROM " . $config['table_prefix'] . "userimages WHERE (userdb_id = '{$owner}')";
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     $rank = $recordSet->fields['max_rank'];
                     $rank++;
                     $sql = "INSERT INTO " . $config['table_prefix'] . "userimages (userdb_id, userimages_file_name, userimages_thumb_file_name,userimages_rank,userimages_caption,userimages_description,userimages_active) VALUES ('{$owner}', '{$save_name}', '{$thumb_name}',{$rank},'','','yes')";
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     $misc->log_action("{$lang['log_uploaded_user_image']} {$save_name}");
                     @chmod("{$config['user_upload_path']}/{$save_name}", 0777);
                 }
                 // end if $type == "user"
                 $display .= "<p>{$realname} {$lang['upload_success']}.</p>";
             } else {
                 // the upload has failed... here's why...
                 $display .= "<p><strong>{$lang['upload_failed']}</strong> {$pass_the_upload}</p>";
             }
         } else {
             // print_r($_FILES);
             if ($_FILES['userfile']['error'][$file_x] != 4) {
                 $display .= "{$lang['upload_too_large']}: " . $_FILES['userfile']['name'][$file_x] . ".<br />";
             }
         }
         $file_x++;
     }
     return $display;
 }
Esempio n. 2
0
 function uploadfile($type, $edit, $owner)
 {
     // deals with incoming uploads
     global $config, $conn, $lang;
     require_once $config['basepath'] . '/include/misc.inc.php';
     $misc = new misc();
     $display = '';
     $file_x = 0;
     if ($type == 'users') {
         $sql = "SELECT count(" . $type . "files_id) as num_files FROM " . $config['table_prefix'] . "" . $type . "files WHERE (userdb_id = {$owner})";
     } else {
         $sql = "SELECT count(" . $type . "files_id) as num_files FROM " . $config['table_prefix'] . "" . $type . "files WHERE (listingsdb_id = {$edit})";
     }
     $recordSet = $conn->Execute($sql);
     if ($recordSet === false) {
         $misc->log_error($sql);
     }
     $num_files = $recordSet->fields['num_files'];
     $avaliable_files = $config['max_' . $type . '_file_uploads'] - $num_files;
     while ($file_x < $avaliable_files) {
         if (is_uploaded_file($_FILES['userfile']['tmp_name'][$file_x])) {
             $realname = $misc->clean_filename($_FILES['userfile']['name'][$file_x]);
             $filename = $_FILES['userfile']['tmp_name'][$file_x];
             $extension = substr(strrchr($realname, "."), 1);
             $pass_the_upload = "true";
             // check file extensions
             if (!in_array($extension, explode(',', $config['allowed_file_upload_extensions']))) {
                 $pass_the_upload = "{$lang['upload_invalid_extension']}: {$extension}";
             }
             // check size
             $filesize = $_FILES['userfile']['size'][$file_x];
             if ($config['max_' . $type . '_file_upload_size'] != 0 && $filesize > $config['max_' . $type . '_file_upload_size']) {
                 $pass_the_upload = $lang['upload_too_large'] . '<br />' . $lang['failed_max_filesize'] . ' ' . $config['max_' . $type . '_file_upload_size'] . '' . $lang['bytes'];
             }
             // security error
             if (strstr($_FILES['userfile']['name'][$file_x], "..") != "") {
                 $pass_the_upload = "{$lang['upload_security_violation']}!";
             }
             // make sure the file hasn't already been uploaded...
             if ($type == "listings") {
                 $save_name = $realname;
                 $sql = "SELECT listingsfiles_file_name FROM " . $config['table_prefix'] . "listingsfiles WHERE listingsfiles_file_name = '{$save_name}' AND listingsdb_id = {$_POST['edit']}";
             } elseif ($type == "users") {
                 $save_name = $realname;
                 $sql = "SELECT usersfiles_file_name FROM " . $config['table_prefix'] . "usersfiles WHERE usersfiles_file_name = '{$save_name}'";
             }
             $recordSet = $conn->Execute($sql);
             if ($recordSet === false) {
                 $misc->log_error($sql);
             }
             $num = $recordSet->RecordCount();
             if ($num > 0) {
                 $pass_the_upload = "{$lang['file_exists']}!";
             }
             // IF the upload has passed all the tests do:
             if ($pass_the_upload == "true") {
                 if ($type == "listings") {
                     $uploadpath = $config[listings_file_upload_path] . '/' . $edit;
                     if (!file_exists($uploadpath)) {
                         mkdir($uploadpath, 0777);
                     }
                     move_uploaded_file($_FILES['userfile']['tmp_name'][$file_x], "{$uploadpath}/{$save_name}");
                     // Get Max Image Rank
                     $sql = "SELECT MAX(listingsfiles_rank) AS max_rank FROM " . $config['table_prefix'] . "listingsfiles WHERE (listingsdb_id = '{$edit}')";
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     $rank = $recordSet->fields['max_rank'];
                     $rank++;
                     $sql = "INSERT INTO " . $config['table_prefix'] . "listingsfiles (listingsdb_id, userdb_id, listingsfiles_file_name, listingsfiles_rank, listingsfiles_caption, listingsfiles_description, listingsfiles_active) VALUES ('{$edit}', '{$owner}', '{$save_name}', {$rank},'','','yes')";
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     $misc->log_action("{$lang['log_uploaded_listing_file']} {$save_name}");
                     @chmod("{$uploadpath}/{$save_name}", 0777);
                 }
                 // end if $type == "listings"
                 // IF the type of upload is a user file do:
                 if ($type == "users") {
                     $uploadpath = $config[users_file_upload_path] . '/' . $owner;
                     if (!file_exists($uploadpath)) {
                         mkdir($uploadpath, 0777);
                     }
                     move_uploaded_file($_FILES['userfile']['tmp_name'][$file_x], "{$uploadpath}/{$save_name}");
                     // Get Max Image Rank
                     $sql = "SELECT MAX(usersfiles_rank) AS max_rank FROM " . $config['table_prefix'] . "usersfiles WHERE (userdb_id = '{$owner}')";
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     $rank = $recordSet->fields['max_rank'];
                     $rank++;
                     $sql = "INSERT INTO " . $config['table_prefix'] . "usersfiles (userdb_id, usersfiles_file_name,usersfiles_rank,usersfiles_caption,usersfiles_description,usersfiles_active) VALUES ('{$owner}', '{$save_name}', {$rank},'','','yes')";
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     $misc->log_action("{$lang['log_uploaded_user_image']} {$save_name}");
                     @chmod("{$config['user_upload_path']}/{$save_name}", 0777);
                 }
                 // end if $type == "user"
                 $display .= "<p>{$realname} {$lang['upload_success']}.</p>";
                 // end if $pass_the_upload == "true"
             } else {
                 // else the upload has failed... lets tell them why... the suspense is killing me...
                 $display .= "<p><strong>{$lang['upload_failed']}</strong> {$pass_the_upload}</p>";
             }
         } else {
             // print_r($_FILES);
             if ($_FILES['userfile']['error'][$file_x] != 4) {
                 $display .= "{$lang['upload_too_large']}: " . $_FILES['userfile']['name'][$file_x] . ".<br />";
             }
         }
         $file_x++;
     }
     return $display;
 }