Esempio n. 1
0
    public function edit($image_id)
    {
        //we cheat a little but we will make good later
        global $phpbb_root_path, $phpEx;
        $image_data = $this->image->get_image_data($image_id);
        $album_id = $image_data['image_album_id'];
        $album_data = $this->album->get_info($album_id);
        $this->user->add_lang_ext('phpbbgallery/core', array('gallery'));
        $this->display->generate_navigation($album_data);
        add_form_key('gallery');
        $submit = $this->request->variable('submit', false);
        $image_backlink = append_sid('./gallery/image/' . $image_id);
        $album_backlink = append_sid('./gallery/album/' . $image_data['image_album_id']);
        $disp_image_data = $image_data;
        $owner_id = $image_data['image_user_id'];
        $album_loginlink = './ucp.php?mode=login';
        $this->gallery_auth->load_user_premissions($this->user->data['user_id']);
        if (!$this->gallery_auth->acl_check('i_edit', $album_id, $owner_id) || $image_data['image_status'] == \phpbbgallery\core\image\image::STATUS_ORPHAN) {
            if (!$this->gallery_auth->acl_check('m_edit', $album_id, $owner_id)) {
                $this->misc->not_authorised($album_backlink, $album_loginlink, 'LOGIN_EXPLAIN_UPLOAD');
            }
        }
        if ($submit) {
            if (!check_form_key('gallery')) {
                trigger_error('FORM_INVALID');
            }
            $image_desc = $this->request->variable('message', array(''), true);
            $image_desc = $image_desc[0];
            $image_name = $this->request->variable('image_name', array(''), true);
            $image_name = $image_name[0];
            if (strlen($image_desc) > $this->gallery_config->get('description_length')) {
                trigger_error($this->user->lang('DESC_TOO_LONG'));
            }
            // Create message parser instance
            include_once $phpbb_root_path . 'includes/message_parser.' . $phpEx;
            $message_parser = new \parse_message();
            $message_parser->message = utf8_normalize_nfc($image_desc);
            if ($message_parser->message) {
                $message_parser->parse(true, true, true, true, false, true, true, true);
            }
            $sql_ary = array('image_name' => $image_name, 'image_name_clean' => utf8_clean_string($image_name), 'image_desc' => $message_parser->message, 'image_desc_uid' => $message_parser->bbcode_uid, 'image_desc_bitfield' => $message_parser->bbcode_bitfield, 'image_allow_comments' => $this->request->variable('allow_comments', 0));
            $errors = array();
            if (empty($sql_ary['image_name_clean'])) {
                $errors[] = $user->lang['MISSING_IMAGE_NAME'];
            }
            if (!$this->gallery_config->get('allow_comments') || !$this->gallery_config->get('comment_user_control')) {
                unset($sql_ary['image_allow_comments']);
            }
            $change_image_count = false;
            if ($this->gallery_auth->acl_check('m_edit', $album_id, $album_data['album_user_id'])) {
                $user_data = $this->image->get_new_author_info($this->request->variable('change_author', '', true));
                if ($user_data) {
                    $sql_ary = array_merge($sql_ary, array('image_user_id' => $user_data['user_id'], 'image_username' => $user_data['username'], 'image_username_clean' => utf8_clean_string($user_data['username']), 'image_user_colour' => $user_data['user_colour']));
                    if ($image_data['image_status'] != $this->image->get_status_unaproved()) {
                        $change_image_count = true;
                    }
                } else {
                    if ($this->request->variable('change_author', '', true)) {
                        $errors[] = $user->lang['INVALID_USERNAME'];
                    }
                }
            }
            $move_to_personal = $this->request->variable('move_to_personal', 0);
            if ($move_to_personal) {
                $personal_album_id = 0;
                if ($user->data['user_id'] != $image_data['image_user_id']) {
                    $image_user = new \phpbbgallery\core\user($db, $image_data['image_user_id']);
                    $personal_album_id = $image_user->get_data('personal_album_id');
                    // The User has no personal album, moderators can created that without the need of permissions
                    if (!$personal_album_id) {
                        $personal_album_id = $this->album->generate_personal_album($image_data['image_username'], $image_data['image_user_id'], $image_data['image_user_colour'], $image_user);
                    }
                } else {
                    $personal_album_id = $this->user->get_data('personal_album_id');
                    if (!$personal_album_id && $this->gallery_auth->acl_check('i_upload', $this->gallery_auth->get_own_album())) {
                        $personal_album_id = $this->album->generate_personal_album($image_data['image_username'], $image_data['image_user_id'], $image_data['image_user_colour'], phpbb_gallery::$user);
                    }
                }
                if ($personal_album_id) {
                    $sql_ary['image_album_id'] = $personal_album_id;
                }
            }
            $rotate = $this->request->variable('rotate', array(0));
            $rotate = isset($rotate[0]) ? $rotate[0] : 0;
            if ($this->gallery_config->get('allow_rotate') && $rotate > 0 && $rotate % 90 == 0) {
                $image_tools = new \phpbbgallery\core\file\file();
                $image_tools->set_image_options($this->gallery_config->get('max_filesize'), $this->gallery_config->get('max_height'), $this->gallery_config->get('max_width'));
                $image_tools->set_image_data($this->url->path('upload') . $image_data['image_filename']);
                // Rotate the image
                $image_tools->rotate_image($rotate, $this->gallery_config->get('allow_rotate'));
                if ($image_tools->rotated) {
                    $image_tools->write_image($image_tools->image_source, $this->gallery_config->get('jpg_quality'), true);
                }
                @unlink($this->url->path('thumbnail') . $image_data['image_filename']);
                @unlink($this->url->path('medium') . $image_data['image_filename']);
            }
            $error = implode('<br />', $errors);
            if (!$error) {
                $sql = 'UPDATE ' . $this->table_images . '
					SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . '
					WHERE image_id = ' . $image_id;
                $this->db->sql_query($sql);
                $this->album->update_info($album_data['album_id']);
                if ($move_to_personal && $personal_album_id) {
                    $this->album->update_info($personal_album_id);
                }
                if ($change_image_count) {
                    $new_user = new phpbb_gallery_user($db, $user_data['user_id'], false);
                    $new_user->update_images(1);
                    $old_user = new phpbb_gallery_user($db, $image_data['image_user_id'], false);
                    $old_user->update_images(-1);
                }
                if ($this->user->data['user_id'] != $image_data['image_user_id']) {
                    $this->gallery_log->add_log('moderator', 'edit', $image_data['image_album_id'], $image_id, array('LOG_GALLERY_EDITED', $image_name));
                }
                $message = $this->user->lang['IMAGES_UPDATED_SUCCESSFULLY'];
                $message .= '<br /><br />' . sprintf($this->user->lang['CLICK_RETURN_IMAGE'], '<a href="' . $image_backlink . '">', '</a>');
                $message .= '<br /><br />' . sprintf($this->user->lang['CLICK_RETURN_ALBUM'], '<a href="' . $album_backlink . '">', '</a>');
                $this->url->meta_refresh(3, $image_backlink);
                trigger_error($message);
            }
            $disp_image_data = array_merge($disp_image_data, $sql_ary);
        }
        if (!class_exists('bbcode')) {
            include $this->phpbb_root_path . 'includes/bbcode.' . $this->php_ext;
        }
        include_once $this->phpbb_root_path . 'includes/message_parser.' . $this->php_ext;
        $message_parser = new \parse_message();
        $message_parser->message = $disp_image_data['image_desc'];
        $message_parser->decode_message($disp_image_data['image_desc_uid']);
        $page_title = $disp_image_data['image_name'];
        $this->template->assign_block_vars('image', array('U_IMAGE' => $this->image->generate_link('thumbnail', 'plugin', $image_id, $image_data['image_name'], $album_id), 'IMAGE_NAME' => $disp_image_data['image_name'], 'IMAGE_DESC' => $message_parser->message));
        $this->template->assign_vars(array('L_DESCRIPTION_LENGTH' => $this->user->lang('DESCRIPTION_LENGTH', $this->gallery_config->get('description_length')), 'S_EDIT' => true, 'S_ALBUM_ACTION' => $this->helper->route('phpbbgallery_image_edit', array('image_id' => $image_id)), 'ERROR' => isset($error) ? $error : '', 'U_VIEW_IMAGE' => $this->helper->route('phpbbgallery_image', array('image_id' => $image_id)), 'IMAGE_NAME' => $image_data['image_name'], 'S_CHANGE_AUTHOR' => $this->gallery_auth->acl_check('m_edit', $album_id, $album_data['album_user_id']), 'U_FIND_USERNAME' => $this->url->append_sid('phpbb', 'memberlist', 'mode=searchuser&amp;form=postform&amp;field=change_author&amp;select_single=true'), 'S_COMMENTS_ENABLED' => $this->gallery_config->get('allow_comments') && $this->gallery_config->get('comment_user_control'), 'S_ALLOW_COMMENTS' => $image_data['image_allow_comments'], 'NUM_IMAGES' => 1, 'S_ALLOW_ROTATE' => $this->gallery_config->get('allow_rotate') && function_exists('imagerotate'), 'S_MOVE_MODERATOR' => $this->user->data['user_id'] != $image_data['image_user_id'] ? true : false));
        return $this->helper->render('gallery/posting_body.html', $page_title);
    }
Esempio n. 2
0
    function import()
    {
        global $db, $template, $user, $phpbb_dispatcher, $phpbb_container, $gallery_url, $request, $table_prefix, $gallery_config, $gallery_album, $request;
        $import_schema = $request->variable('import_schema', '');
        $images = $request->variable('images', array(''), true);
        $submit = isset($_POST['submit']) ? true : (empty($images) ? false : true);
        if ($import_schema) {
            if ($gallery_url->_file_exists($import_schema, 'import', '')) {
                include $gallery_url->_return_file($import_schema, 'import', '');
                // Replace the md5 with the ' again and remove the space at the end to prevent \' troubles
                $user_data['username'] = utf8_substr(str_replace("{{$import_schema}}", "'", $user_data['username']), 0, -1);
                $image_name = utf8_substr(str_replace("{{$import_schema}}", "'", $image_name), 0, -1);
            } else {
                global $phpEx;
                trigger_error($user->lang('MISSING_IMPORT_SCHEMA', $import_schema . '.' . $phpEx), E_USER_WARNING);
            }
            $images_loop = 0;
            foreach ($images as $image_src) {
                /**
                 * Import the images
                 */
                $image_src = str_replace("{{$import_schema}}", "'", $image_src);
                $image_src_full = $gallery_url->path('import') . utf8_decode($image_src);
                if (file_exists($image_src_full)) {
                    $filetype = getimagesize($image_src_full);
                    $filetype_ext = '';
                    $error_occured = false;
                    switch ($filetype['mime']) {
                        case 'image/jpeg':
                        case 'image/jpg':
                        case 'image/pjpeg':
                            $filetype_ext = '.jpg';
                            $read_function = 'imagecreatefromjpeg';
                            if (substr(strtolower($image_src), -4) != '.jpg' && substr(strtolower($image_src), -5) != '.jpeg') {
                                $this->log_import_error($import_schema, sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']));
                                $error_occured = true;
                            }
                            break;
                        case 'image/png':
                        case 'image/x-png':
                            $filetype_ext = '.png';
                            $read_function = 'imagecreatefrompng';
                            if (substr(strtolower($image_src), -4) != '.png') {
                                $this->log_import_error($import_schema, sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']));
                                $error_occured = true;
                            }
                            break;
                        case 'image/gif':
                        case 'image/giff':
                            $filetype_ext = '.gif';
                            $read_function = 'imagecreatefromgif';
                            if (substr(strtolower($image_src), -4) != '.gif') {
                                $this->log_import_error($import_schema, sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']));
                                $error_occured = true;
                            }
                            break;
                        default:
                            $this->log_import_error($import_schema, $user->lang['NOT_ALLOWED_FILE_TYPE']);
                            $error_occured = true;
                            break;
                    }
                    $image_filename = md5(unique_id()) . $filetype_ext;
                    if (!$error_occured || !@move_uploaded_file($image_src_full, $gallery_url->path('upload') . $image_filename)) {
                        if (!@copy($image_src_full, $gallery_url->path('upload') . $image_filename)) {
                            $user->add_lang('posting');
                            $this->log_import_error($import_schema, sprintf($user->lang['GENERAL_UPLOAD_ERROR'], $gallery_url->path('upload') . $image_filename));
                            $error_occured = true;
                        }
                    }
                    if (!$error_occured) {
                        @chmod($gallery_url->path('upload') . $image_filename, 0777);
                        // The source image is imported, so we delete it.
                        @unlink($image_src_full);
                        $sql_ary = array('image_filename' => $image_filename, 'image_desc' => '', 'image_desc_uid' => '', 'image_desc_bitfield' => '', 'image_user_id' => $user_data['user_id'], 'image_username' => $user_data['username'], 'image_username_clean' => utf8_clean_string($user_data['username']), 'image_user_colour' => $user_data['user_colour'], 'image_user_ip' => $user->ip, 'image_time' => $start_time + $done_images, 'image_album_id' => $album_id, 'image_status' => \phpbbgallery\core\image\image::STATUS_APPROVED);
                        $image_tools = new \phpbbgallery\core\file\file();
                        $image_tools->set_image_options($gallery_config->get('max_filesize'), $gallery_config->get('max_height'), $gallery_config->get('max_width'));
                        $image_tools->set_image_data($gallery_url->path('upload') . $image_filename);
                        $additional_sql_data = array();
                        $file_link = $gallery_url->path('upload') . $image_filename;
                        /**
                         * Event to trigger before mass update
                         *
                         * @event phpbbgallery.acpimport.update_image_before
                         * @var	array	additional_sql_data		array of additional sql_data
                         * @var	string	file_link				String with real file link
                         * @since 1.2.0
                         */
                        $vars = array('additional_sql_data', 'file_link');
                        extract($phpbb_dispatcher->trigger_event('phpbbgallery.acpimport.update_image_before', compact($vars)));
                        if ($filetype[0] > $gallery_config->get('max_width') || $filetype[1] > $gallery_config->get('max_height')) {
                            /**
                             * Resize overside images
                             */
                            if ($gallery_config->get('allow_resize')) {
                                $image_tools->resize_image($gallery_config->get('max_width'), $gallery_config->get('max_height'));
                                if ($image_tools->resized) {
                                    $image_tools->write_image($gallery_url->path('upload') . $image_filename, $gallery_config->get('jpg_quality'), true);
                                }
                            }
                        }
                        $file_updated = (bool) $image_tools->resized;
                        /**
                         * Event to trigger before mass update
                         *
                         * @event phpbbgallery.acpimport.update_image
                         * @var	array	additional_sql_data		array of additional sql_data
                         * @var	bool	file_updated			is file resized
                         * @since 1.2.0
                         */
                        $vars = array('additional_sql_data', 'file_updated');
                        extract($phpbb_dispatcher->trigger_event('phpbbgallery.acpimport.update_image', compact($vars)));
                        $sql_ary = array_merge($sql_ary, $additional_sql_data);
                        // Try to get real filesize from temporary folder (not always working) ;)
                        $sql_ary['filesize_upload'] = @filesize($gallery_url->path('upload') . $image_filename) ? @filesize($gallery_url->path('upload') . $image_filename) : 0;
                        if ($filename || $image_name == '') {
                            $sql_ary['image_name'] = str_replace("_", " ", utf8_substr($image_src, 0, utf8_strrpos($image_src, '.')));
                        } else {
                            $sql_ary['image_name'] = str_replace('{NUM}', $num_offset + $done_images, $image_name);
                        }
                        $sql_ary['image_name_clean'] = utf8_clean_string($sql_ary['image_name']);
                        // Put the images into the database
                        $db->sql_query('INSERT INTO ' . $table_prefix . 'gallery_images ' . $db->sql_build_array('INSERT', $sql_ary));
                    }
                    $done_images++;
                }
                // Remove the image from the list
                unset($images[$images_loop]);
                $images_loop++;
                if ($images_loop == 10) {
                    // We made 10 images, so we end for this turn
                    break;
                }
            }
            if ($images_loop) {
                $image_user = $phpbb_container->get('phpbbgallery.core.user');
                $image_user->set_user_id($user_data['user_id']);
                $image_user->update_images($images_loop);
                $gallery_config->inc('num_images', $images_loop);
                $todo_images = $todo_images - $images_loop;
            }
            \phpbbgallery\core\album\album::update_info($album_id);
            if (!$todo_images) {
                unlink($gallery_url->_return_file($import_schema, 'import', ''));
                $errors = @file_get_contents($gallery_url->_return_file($import_schema . '_errors', 'import', ''));
                @unlink($gallery_url->_return_file($import_schema . '_errors', 'import', ''));
                if (!$errors) {
                    trigger_error(sprintf($user->lang['IMPORT_FINISHED'], $done_images) . adm_back_link($this->u_action));
                } else {
                    $errors = explode("\n", $errors);
                    trigger_error(sprintf($user->lang['IMPORT_FINISHED_ERRORS'], $done_images - sizeof($errors)) . implode('<br />', $errors) . adm_back_link($this->u_action), E_USER_WARNING);
                }
            } else {
                // Write the new list
                $this->create_import_schema($import_schema, $album_id, $user_data, $start_time, $num_offset, $done_images, $todo_images, $image_name, $filename, $images);
                // Redirect
                $forward_url = $this->u_action . "&amp;import_schema={$import_schema}";
                meta_refresh(1, $forward_url);
                trigger_error(sprintf($user->lang['IMPORT_DEBUG_MES'], $done_images, $todo_images));
            }
        } else {
            if ($submit) {
                if (!check_form_key('acp_gallery')) {
                    trigger_error('FORM_INVALID', E_USER_WARNING);
                }
                if (!$images) {
                    trigger_error('NO_FILE_SELECTED', E_USER_WARNING);
                }
                // Who is the uploader?
                $username = $request->variable('username', '', true);
                $user_id = 0;
                if ($username) {
                    if (!function_exists('user_get_id_name')) {
                        $gallery_url->_include('functions_user', 'phpbb');
                    }
                    user_get_id_name($user_id, $username);
                }
                if (is_array($user_id)) {
                    $user_id = $user_id[0];
                }
                if (!$user_id) {
                    $user_id = $user->data['user_id'];
                }
                $sql = 'SELECT username, user_colour, user_id
				FROM ' . USERS_TABLE . '
				WHERE user_id = ' . $user_id;
                $result = $db->sql_query($sql);
                $user_row = $db->sql_fetchrow($result);
                $db->sql_freeresult($result);
                if (!$user_row) {
                    trigger_error('HACKING_ATTEMPT', E_USER_WARNING);
                }
                $album_id = $request->variable('album_id', 0);
                if (isset($_POST['users_pega'])) {
                    $image_user = $phpbb_container->get('phpbbgallery.core.user');
                    $image_user->set_user_id($user_row['user_id']);
                    if ($user->data['user_id'] != $user_row['user_id']) {
                        $album_id = $image_user->get_data('personal_album_id');
                        if (!$album_id) {
                            // The User has no personal album
                            $album_id = $gallery_album->generate_personal_album($user_row['username'], $user_row['user_id'], $user_row['user_colour'], $image_user);
                        }
                        unset($image_user);
                    } else {
                        $album_id = $image_user->get_data('personal_album_id');
                        if (!$album_id) {
                            $album_id = $gallery_album->generate_personal_album($user_row['username'], $user_row['user_id'], $user_row['user_colour'], $image_user);
                        }
                    }
                }
                // Where do we put them to?
                $sql = 'SELECT album_id, album_name
				FROM ' . $table_prefix . 'gallery_albums
				WHERE album_id = ' . $album_id;
                $result = $db->sql_query($sql);
                $album_row = $db->sql_fetchrow($result);
                $db->sql_freeresult($result);
                if (!$album_row) {
                    trigger_error('HACKING_ATTEMPT', E_USER_WARNING);
                }
                $start_time = time();
                $import_schema = md5($start_time);
                $filename = $request->variable('filename', '') == 'filename' ? true : false;
                $image_name = $request->variable('image_name', '', true);
                $num_offset = $request->variable('image_num', 0);
                $this->create_import_schema($import_schema, $album_row['album_id'], $user_row, $start_time, $num_offset, 0, sizeof($images), $image_name, $filename, $images);
                $forward_url = $this->u_action . "&amp;import_schema={$import_schema}";
                meta_refresh(2, $forward_url);
                trigger_error('IMPORT_SCHEMA_CREATED');
            }
        }
        $handle = opendir($gallery_url->path('import'));
        $files = array();
        while ($file = readdir($handle)) {
            if (!is_dir($gallery_url->path('import') . $file) && (substr(strtolower($file), -4) == '.png' && $gallery_config->get('allow_png') || substr(strtolower($file), -4) == '.gif' && $gallery_config->get('allow_gif') || substr(strtolower($file), -4) == '.jpg' && $gallery_config->get('allow_jpg') || substr(strtolower($file), -5) == '.jpeg' && $gallery_config->get('allow_jpg'))) {
                $files[utf8_strtolower($file)] = $file;
            }
        }
        closedir($handle);
        // Sort the files by name again
        ksort($files);
        foreach ($files as $file) {
            $template->assign_block_vars('imagerow', array('FILE_NAME' => utf8_encode($file)));
        }
        $template->assign_vars(array('S_IMPORT_IMAGES' => true, 'ACP_GALLERY_TITLE' => $user->lang['ACP_IMPORT_ALBUMS'], 'ACP_GALLERY_TITLE_EXPLAIN' => $user->lang['ACP_IMPORT_ALBUMS_EXPLAIN'], 'L_IMPORT_DIR_EMPTY' => sprintf($user->lang['IMPORT_DIR_EMPTY'], $gallery_url->path('import')), 'S_ALBUM_IMPORT_ACTION' => $this->u_action, 'S_SELECT_IMPORT' => $gallery_album->get_albumbox(false, 'album_id', false, false, false, \phpbbgallery\core\album\album::PUBLIC_ALBUM, \phpbbgallery\core\album\album::TYPE_UPLOAD), 'U_FIND_USERNAME' => $gallery_url->append_sid('phpbb', 'memberlist', 'mode=searchuser&amp;form=acp_gallery&amp;field=username&amp;select_single=true')));
    }