protected function verify_image_upload() { $locale = fusion_get_locale(); require_once INCLUDES . "infusions_include.php"; if ($this->field_config['multiple']) { $target_folder = $this->field_config['path']; $target_width = $this->field_config['max_width']; $target_height = $this->field_config['max_height']; $max_size = $this->field_config['max_byte']; $delete_original = $this->field_config['delete_original']; $thumb1 = $this->field_config['thumbnail']; $thumb2 = $this->field_config['thumbnail2']; $thumb1_ratio = 1; $thumb1_folder = $this->field_config['path'] . $this->field_config['thumbnail_folder'] . "/"; $thumb1_suffix = $this->field_config['thumbnail_suffix']; $thumb1_width = $this->field_config['thumbnail_w']; $thumb1_height = $this->field_config['thumbnail_h']; $thumb2_ratio = 0; $thumb2_folder = $this->field_config['path'] . $this->field_config['thumbnail_folder'] . "/"; $thumb2_suffix = $this->field_config['thumbnail2_suffix']; $thumb2_width = $this->field_config['thumbnail2_w']; $thumb2_height = $this->field_config['thumbnail2_h']; $query = ''; if (!empty($_FILES[$this->field_config['input_name']]['name']) && is_uploaded_file($_FILES[$this->field_config['input_name']]['tmp_name'][0]) && $this->safe()) { $result = array(); for ($i = 0; $i <= count($_FILES[$this->field_config['input_name']]['name']) - 1; $i++) { if (is_uploaded_file($_FILES[$this->field_config['input_name']]['tmp_name'][$i])) { $image = $_FILES[$this->field_config['input_name']]; $target_name = $_FILES[$this->field_config['input_name']]['name'][$i]; if ($target_name != "" && !preg_match("/[^a-zA-Z0-9_-]/", $target_name)) { $image_name = $target_name; } else { $image_name = stripfilename(substr($image['name'][$i], 0, strrpos($image['name'][$i], "."))); } $image_ext = strtolower(strrchr($image['name'][$i], ".")); $image_res = array(); if (filesize($image['tmp_name'][$i]) > 10 && @getimagesize($image['tmp_name'][$i])) { $image_res = @getimagesize($image['tmp_name'][$i]); } $image_info = array("image" => FALSE, "image_name" => $image_name . $image_ext, "image_ext" => $image_ext, "image_size" => $image['size'], "image_width" => $image_res[0], "image_height" => $image_res[1], "thumb1" => FALSE, "thumb1_name" => "", "thumb2" => FALSE, "thumb2_name" => "", "error" => 0); if ($image_ext == ".gif") { $filetype = 1; } elseif ($image_ext == ".jpg") { $filetype = 2; } elseif ($image_ext == ".png") { $filetype = 3; } else { $filetype = FALSE; } if ($image['size'][$i] > $max_size) { // Invalid file size $image_info['error'] = 1; } elseif (!$filetype || !verify_image($image['tmp_name'][$i])) { // Unsupported image type $image_info['error'] = 2; } elseif ($image_res[0] > $target_width || $image_res[1] > $target_height) { // Invalid image resolution $image_info['error'] = 3; } else { if (!file_exists($target_folder)) { mkdir($target_folder, 0755); } $image_name_full = filename_exists($target_folder, $image_name . $image_ext); $image_name = substr($image_name_full, 0, strrpos($image_name_full, ".")); $image_info['image_name'] = $image_name_full; $image_info['image'] = TRUE; move_uploaded_file($image['tmp_name'][$i], $target_folder . $image_name_full); if (function_exists("chmod")) { chmod($target_folder . $image_name_full, 0755); } if ($query && !dbquery($query)) { // Invalid query string $image_info['error'] = 4; if (file_exists($target_folder . $image_name_full)) { @unlink($target_folder . $image_name_full); } } elseif ($thumb1 || $thumb2) { require_once INCLUDES . "photo_functions_include.php"; $noThumb = FALSE; if ($thumb1) { if ($image_res[0] <= $thumb1_width && $image_res[1] <= $thumb1_height) { $noThumb = TRUE; $image_info['thumb1_name'] = $image_info['image_name']; $image_info['thumb1'] = TRUE; } else { if (!file_exists($thumb1_folder)) { mkdir($thumb1_folder, 0755, TRUE); } $image_name_t1 = filename_exists($thumb1_folder, $image_name . $thumb1_suffix . $image_ext); $image_info['thumb1_name'] = $image_name_t1; $image_info['thumb1'] = TRUE; if ($thumb1_ratio == 0) { createthumbnail($filetype, $target_folder . $image_name_full, $thumb1_folder . $image_name_t1, $thumb1_width, $thumb1_height); } else { createsquarethumbnail($filetype, $target_folder . $image_name_full, $thumb1_folder . $image_name_t1, $thumb1_width); } } } if ($thumb2) { if ($image_res[0] < $thumb2_width && $image_res[1] < $thumb2_height) { $noThumb = TRUE; $image_info['thumb2_name'] = $image_info['image_name']; $image_info['thumb2'] = TRUE; } else { if (!file_exists($thumb2_folder)) { mkdir($thumb2_folder, 0755, TRUE); } $image_name_t2 = filename_exists($thumb2_folder, $image_name . $thumb2_suffix . $image_ext); $image_info['thumb2_name'] = $image_name_t2; $image_info['thumb2'] = TRUE; if ($thumb2_ratio == 0) { createthumbnail($filetype, $target_folder . $image_name_full, $thumb2_folder . $image_name_t2, $thumb2_width, $thumb2_height); } else { createsquarethumbnail($filetype, $target_folder . $image_name_full, $thumb2_folder . $image_name_t2, $thumb2_width); } } } if ($delete_original && !$noThumb) { unlink($target_folder . $image_name_full); $image_info['image'] = FALSE; } } } } else { $image_info = array("error" => 5); } if ($image_info['error'] != 0) { $this->stop(); // return FALSE if possible switch ($image_info['error']) { case 1: // Invalid file size addNotice('danger', sprintf($locale['df_416'], parsebytesize($this->field_config['max_byte']))); self::setInputError($this->field_name); break; case 2: // Unsupported image type addNotice('danger', sprintf($locale['df_417'], ".gif .jpg .png")); self::setInputError($this->field_name); break; case 3: // Invalid image resolution addNotice('danger', sprintf($locale['df_421'], $this->field_config['max_width'], $this->field_config['max_height'])); self::setInputError($this->field_name); break; case 4: // Invalid query string addNotice('danger', $locale['df_422']); self::setInputError($this->field_name); break; case 5: // Image not uploaded addNotice('danger', $locale['df_423']); self::setInputError($this->field_name); break; } $result[$i] = $image_info; } else { $result[$i] = $image_info; } } // end for return $result; } else { return array(); } } else { if (!empty($_FILES[$this->field_config['input_name']]['name']) && is_uploaded_file($_FILES[$this->field_config['input_name']]['tmp_name']) && $this->safe()) { $upload = upload_image($this->field_config['input_name'], $_FILES[$this->field_config['input_name']]['name'], $this->field_config['path'], $this->field_config['max_width'], $this->field_config['max_height'], $this->field_config['max_byte'], $this->field_config['delete_original'], $this->field_config['thumbnail'], $this->field_config['thumbnail2'], 1, $this->field_config['path'] . $this->field_config['thumbnail_folder'] . "/", $this->field_config['thumbnail_suffix'], $this->field_config['thumbnail_w'], $this->field_config['thumbnail_h'], 0, $this->field_config['path'] . $this->field_config['thumbnail_folder'] . "/", $this->field_config['thumbnail2_suffix'], $this->field_config['thumbnail2_w'], $this->field_config['thumbnail2_h']); if ($upload['error'] != 0) { $this->stop(); switch ($upload['error']) { case 1: // Invalid file size addNotice('danger', sprintf($locale['df_416'], parsebytesize($this->field_config['max_byte']))); self::setInputError($this->field_name); break; case 2: // Unsupported image type addNotice('danger', sprintf($locale['df_417'], ".gif .jpg .png")); self::setInputError($this->field_name); break; case 3: // Invalid image resolution addNotice('danger', sprintf($locale['df_421'], $this->field_config['max_width'], $this->field_config['max_height'])); self::setInputError($this->field_name); break; case 4: // Invalid query string addNotice('danger', $locale['df_422']); self::setInputError($this->field_name); break; case 5: // Image not uploaded addNotice('danger', $locale['df_423']); self::setInputError($this->field_name); break; } return $upload; } else { return $upload; } } else { return array(); } } }
$image_t2 = image_exists(IMAGES_N_T, $image_name . "_t2" . $image_ext); $image_full = image_exists(IMAGES_N, $image_name . $image_ext); move_uploaded_file($_FILES['news_image']['tmp_name'], IMAGES_N . $image_full); if (function_exists("chmod")) { @chmod(IMAGES_N . $image_full, 0644); } $imagefile = @getimagesize(IMAGES_N . $image_full); if ($imagefile[0] > $settings['news_photo_max_w'] || $imagefile[1] > $settings['news_photo_max_h']) { $error = 4; unlink(IMAGES_N . $image_full); } else { createthumbnail($filetype, IMAGES_N . $image_full, IMAGES_N_T . $image_t1, $settings['news_photo_w'], $settings['news_photo_h']); if ($settings['news_thumb_ratio'] == 0) { createthumbnail($filetype, IMAGES_N . $image_full, IMAGES_N_T . $image_t2, $settings['news_thumb_w'], $settings['news_thumb_h']); } else { createsquarethumbnail($filetype, IMAGES_N . $image_full, IMAGES_N_T . $image_t2, $settings['news_thumb_w']); } } } if (!$error) { $news_image = $image_full; $news_image_t1 = $image_t1; $news_image_t2 = $image_t2; } else { $news_image = ""; $news_image_t1 = ""; $news_image_t2 = ""; } } else { $news_image = isset($_POST['news_image']) ? $_POST['news_image'] : ""; $news_image_t1 = isset($_POST['news_image_t1']) ? $_POST['news_image_t1'] : "";
function upload_image($source_image, $target_name = "", $target_folder = IMAGES, $target_width = "1800", $target_height = "1600", $max_size = "150000", $delete_original = false, $thumb1 = true, $thumb2 = true, $thumb1_ratio = 0, $thumb1_folder = IMAGES, $thumb1_suffix = "_t1", $thumb1_width = "100", $thumb1_height = "100", $thumb2_ratio = 0, $thumb2_folder = IMAGES, $thumb2_suffix = "_t2", $thumb2_width = "400", $thumb2_height = "300", $query = "") { if (is_uploaded_file($_FILES[$source_image]['tmp_name'])) { $image = $_FILES[$source_image]; if ($target_name != "" && !preg_match("/[^a-zA-Z0-9_-]/", $target_name)) { $image_name = $target_name; } else { $image_name = stripfilename(substr($image['name'], 0, strrpos($image['name'], "."))); } $image_ext = strtolower(strrchr($image['name'], ".")); $image_res = @getimagesize($image['tmp_name']); $image_info = array("image" => false, "image_name" => $image_name . $image_ext, "image_ext" => $image_ext, "image_size" => $image['size'], "image_width" => $image_res[0], "image_height" => $image_res[1], "thumb1" => false, "thumb1_name" => "", "thumb2" => false, "thumb2_name" => "", "error" => 0, "query" => $query); if ($image_ext == ".gif") { $filetype = 1; } elseif ($image_ext == ".jpg") { $filetype = 2; } elseif ($image_ext == ".png") { $filetype = 3; } else { $filetype = false; } if ($image['size'] > $max_size) { // Invalid file size $image_info['error'] = 1; } elseif (!$filetype) { // Unsupported image type $image_info['error'] = 2; } elseif ($image_res[0] > $target_width || $image_res[1] > $target_height) { // Invalid image resolution $image_info['error'] = 3; } else { $image_name_full = filename_exists($target_folder, $image_name . $image_ext); $image_name = substr($image_name_full, 0, strrpos($image_name_full, ".")); $image_info['image_name'] = $image_name_full; $image_info['image'] = true; move_uploaded_file($image['tmp_name'], $target_folder . $image_name_full); if (function_exists("chmod")) { chmod($target_folder . $image_name_full, 0644); } if ($query && !dbquery($query)) { // Invalid query string $image_info['error'] = 4; unlink($target_folder . $image_name_full); } elseif ($thumb1 || $thumb2) { require_once INCLUDES . "photo_functions_include.php"; $noThumb = false; if ($thumb1) { if ($image_res[0] < $thumb1_width && $image_res[1] < $thumb1_height) { $noThumb = true; $image_info['thumb1_name'] = $image_info['image_name']; $image_info['thumb1'] = true; } else { $image_name_t1 = filename_exists($thumb1_folder, $image_name . $thumb1_suffix . $image_ext); $image_info['thumb1_name'] = $image_name_t1; $image_info['thumb1'] = true; if ($thumb1_ratio == 0) { createthumbnail($filetype, $target_folder . $image_name_full, $thumb1_folder . $image_name_t1, $thumb1_width, $thumb1_height); } else { createsquarethumbnail($filetype, $target_folder . $image_name_full, $thumb1_folder . $image_name_t1, $thumb1_width); } } } if ($thumb2) { if ($image_res[0] < $thumb2_width && $image_res[1] < $thumb2_height) { $noThumb = true; $image_info['thumb2_name'] = $image_info['image_name']; $image_info['thumb2'] = true; } else { $image_name_t2 = filename_exists($thumb2_folder, $image_name . $thumb2_suffix . $image_ext); $image_info['thumb2_name'] = $image_name_t2; $image_info['thumb2'] = true; if ($thumb2_ratio == 0) { createthumbnail($filetype, $target_folder . $image_name_full, $thumb2_folder . $image_name_t2, $thumb2_width, $thumb2_height); } else { createsquarethumbnail($filetype, $target_folder . $image_name_full, $thumb2_folder . $image_name_t2, $thumb2_width); } } } if ($delete_original && !$noThumb) { unlink($target_folder . $image_name_full); $image_info['image'] = false; } } } } else { // Image not uploaded $image_info = array("error" => 5); } return $image_info; }
if (preg_match("/^[-0-9A-Z_\\[\\]]+\$/i", $avatarname) && preg_match("/(\\.gif|\\.GIF|\\.jpg|\\.JPG|\\.jpeg|\\.JPEG|\\.png|\\.PNG)\$/", $avatarext)) { $avatarname = $avatarname . "[" . $userdata['user_id'] . "]" . $avatarext; $image = stripinput($_POST['user_avatarnet']); copy($image, IMAGES_AVA . $avatarname); // Some more checks if (!verify_image(IMAGES_AVA . $avatarname)) { @unlink(IMAGES_AVA . $avatarname); $set_avatar = ""; } else { $imagefile = getimagesize(IMAGES_AVA . $avatarname); $avatarname_thumb = image_exists(IMAGES_AVA, $avatarname); if ($imagefile[0] > $settings['avatar_width'] || $imagefile[1] > $settings['avatar_height']) { if ($settings['avatar_ratio'] == 0) { createthumbnail($imagefile[2], IMAGES_AVA . $avatarname, IMAGES_AVA . $avatarname_thumb, $settings['avatar_width'], $settings['avatar_height']); } else { createsquarethumbnail($imagefile[2], IMAGES_AVA . $avatarname, IMAGES_AVA . $avatarname_thumb, $settings['avatar_width']); } @unlink(IMAGES_AVA . $avatarname); $set_avatar = ", user_avatar='" . $avatarname_thumb . "'"; } else { $set_avatar = ", user_avatar='" . $avatarname . "'"; } } } } } /* End code for avatar URL input */ if (!$error) { $result = dbquery("SELECT * FROM " . DB_USER_FIELDS . " tuf\r\n\t\tINNER JOIN " . DB_USER_FIELD_CATS . " tufc ON tuf.field_cat = tufc.field_cat_id\r\n\t\tORDER BY field_cat_order, field_order"); if (dbrows($result)) { $profile_method = "validate_update";