} echo ' preview_window.document.close(); //--> </script>'; } break; case 'update': if (!XoopsMultiTokenHandler::quickValidate('tplsets_update')) { redirect_header('admin.php?fct=tplsets', 3, 'Ticket Error'); } $tplset = isset($_POST['tplset']) ? $myts->stripslashesGPC(trim($_POST['tplset'])) : ''; $moddir = $_POST['moddir']; include_once XOOPS_ROOT_PATH . '/class/uploader.php'; $uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH, array('text/html', 'application/x-cdf'), 200000); $uploader->setAllowedExtensions(array('html', 'htm')); $uploader->setPrefix('tmp'); $msg = array(); foreach ($_POST['xoops_upload_file'] as $upload_file) { // '.' is converted to '_' when upload $upload_file2 = str_replace('.', '_', $upload_file); if ($uploader->fetchMedia($upload_file2)) { if (!$uploader->upload()) { $msg[] = $uploader->getErrors(); } else { $tpltpl_handler =& xoops_gethandler('tplfile'); if (empty($_POST['old_template'][$upload_file])) { $tplfile =& $tpltpl_handler->find('default', null, null, $moddir, $upload_file); if (count($tplfile) > 0) { $tpl =& $tplfile[0]->xoopsClone(); $tpl->setVar('tpl_id', 0);
$form2->addElement(new XoopsFormHidden('op', 'avatarchoose')); $xoopsGTicket->addTicketXoopsFormElement($form2, __LINE__, 1800, 'avatarchoose'); $form2->addElement(new XoopsFormButton('', 'submit2', _SUBMIT, 'submit')); $form2->display(); include XOOPS_ROOT_PATH . '/footer.php'; exit; } if ($op == 'avatarupload') { if (!$xoopsGTicket->check(true, 'avatarupload', false)) { redirect_header(XOOPS_URL . '/', 3, $xoopsGTiket->getErrors()); exit; } if ($myxoopsConfigUser['avatar_allow_upload'] == 1 && $u_obj->getVar('posts', 's') >= $myxoopsConfigUser['avatar_minposts']) { include_once XOOPS_ROOT_PATH . '/class/uploader.php'; $uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png'), $myxoopsConfigUser['avatar_maxsize'], $myxoopsConfigUser['avatar_width'], $myxoopsConfigUser['avatar_height']); $uploader->setAllowedExtensions(array('gif', 'jpeg', 'jpg', 'png')); $xoops_upload_file = $formdata->getValueArray('post', 'xoops_upload_file', 's', true); if ($uploader->fetchMedia($xoops_upload_file[0])) { $uploader->setPrefix('cavt'); if ($uploader->upload()) { $avt_handler =& xoops_gethandler('avatar'); $avatar =& $avt_handler->create(); $avatar->setVar('avatar_file', $uploader->getSavedFileName()); $avatar->setVar('avatar_name', $u_obj->getVar('uname', 'n'), true); // not gpc $avatar->setVar('avatar_mimetype', $uploader->getMediaType()); $avatar->setVar('avatar_display', 1); $avatar->setVar('avatar_type', 'C'); if (!$avt_handler->insert($avatar)) { @unlink($uploader->getSavedDestination()); } else {
function dispatch() { if($this->isGuest()){ redirect_header(XOOPS_URL, 2, _NOPERM); } require XSNS_FRAMEWORK_DIR.'/global.php'; require_once XOOPS_ROOT_PATH.'/class/xoopsformloader.php'; require_once XOOPS_ROOT_PATH.'/language/'.$xoopsConfig['language'].'/user.php'; if (!$this->validateToken('upload')) { redirect_header(XSNS_URL_MYPAGE_PROFILE, 3, _US_NOEDITRIGHT); } $config_handler =& xoops_gethandler('config'); if(defined('XOOPS_CUBE_LEGACY')){ $xoopsConfigUser =& $config_handler->getConfigsByDirname('user'); } else{ $xoopsConfigUser =& $config_handler->getConfigsByCat(XOOPS_CONF_USER); } $xoops_upload_file = array(); $uid = 0; if (!empty($_POST['xoops_upload_file']) && is_array($_POST['xoops_upload_file'])){ $xoops_upload_file = $_POST['xoops_upload_file']; } if (!empty($_POST['uid'])) { $uid = intval($_POST['uid']); } if (empty($uid) || $xoopsUser->getVar('uid') != $uid ) { redirect_header(XSNS_URL_MYPAGE_PROFILE, 3, _US_NOEDITRIGHT); } if ($xoopsConfigUser['avatar_allow_upload'] == 1 && $xoopsUser->getVar('posts') >= $xoopsConfigUser['avatar_minposts']) { require_once XOOPS_ROOT_PATH.'/class/uploader.php'; $uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png'), $xoopsConfigUser['avatar_maxsize'], $xoopsConfigUser['avatar_width'], $xoopsConfigUser['avatar_height']); $uploader->setAllowedExtensions(array('gif', 'jpeg', 'jpg', 'png')); if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) { $uploader->setPrefix('cavt'); if ($uploader->upload()) { $avt_handler =& xoops_gethandler('avatar'); $avatar =& $avt_handler->create(); $avatar->setVar('avatar_file', $uploader->getSavedFileName()); $avatar->setVar('avatar_name', $xoopsUser->getVar('uname')); $avatar->setVar('avatar_mimetype', $uploader->getMediaType()); $avatar->setVar('avatar_display', 1); $avatar->setVar('avatar_type', 'C'); if (!$avt_handler->insert($avatar)) { @unlink($uploader->getSavedDestination()); } else { $oldavatar = $xoopsUser->getVar('user_avatar'); if (!empty($oldavatar) && $oldavatar != 'blank.gif' && !preg_match("/^savt/", strtolower($oldavatar))) { $avatars =& $avt_handler->getObjects(new Criteria('avatar_file', $oldavatar)); $avt_handler->delete($avatars[0]); $oldavatar_path = str_replace("\\", "/", realpath(XOOPS_UPLOAD_PATH.'/'.$oldavatar)); if (0 === strpos($oldavatar_path, XOOPS_UPLOAD_PATH) && is_file($oldavatar_path)) { unlink($oldavatar_path); } } $sql = sprintf("UPDATE %s SET user_avatar = %s WHERE uid = %u", $this->db->prefix('users'), $this->db->quoteString($uploader->getSavedFileName()), $xoopsUser->getVar('uid')); $this->db->query($sql); $avt_handler->addUser($avatar->getVar('avatar_id'), $xoopsUser->getVar('uid')); redirect_header(XSNS_URL_MYPAGE_PROFILE, 2, _US_PROFUPDATED); } } } redirect_header(XSNS_URL_MYPAGE_PROFILE, 2, _MD_XSNS_PROFILE_AVATAR_UPLOAD_NG); } redirect_header(XSNS_URL_MYPAGE_PROFILE, 2, _MD_XSNS_PROFILE_AVATAR_UPLOAD_NG); }