/**
* Main driver to handle the uploaded autotag
*
* Determines if a new style (supports automated installer) or
* an old style.
*
* @return string Formatted HTML containing the page body
*
*/
function processAutotagUpload()
{
global $_CONF, $_PLUGINS, $_TABLES, $autotagData, $LANG32, $_DB_dbms, $_DB_table_prefix;
$retval = '';
$upgrade = false;
$errors = '';
if (count($_FILES) > 0 && $_FILES['autotagfile']['error'] != UPLOAD_ERR_NO_FILE) {
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads(1);
$upload->setMaxFileSize(4194304);
$upload->setAllowedMimeTypes(array('application/x-gzip' => '.gz,.gzip,tgz', 'application/zip' => '.zip'));
$upload->setFieldName('autotagfile');
if (!$upload->setPath($_CONF['path_data'] . 'temp')) {
return _at_errorBox($upload->printErrors(false));
exit;
}
$filename = COM_sanitizeFilename($_FILES['autotagfile']['name'], true);
$upload->setFileNames($filename);
$upload->uploadFiles();
if ($upload->areErrors()) {
return _at_errorBox($upload->printErrors(false));
exit;
}
$Finalfilename = $_CONF['path_data'] . 'temp/' . $filename;
} else {
return _at_errorBox($LANG32[46]);
}
// decompress into temp directory
if (function_exists('set_time_limit')) {
@set_time_limit(60);
}
if (!($tmp = _io_mktmpdir())) {
return _at_errorBox($LANG32[47]);
}
if (!COM_decompress($Finalfilename, $_CONF['path_data'] . $tmp)) {
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _at_errorBox($LANG32[48]);
}
@unlink($Finalfilename);
// read XML data file, places in $autotagData;
$autotagData = array();
$rc = _at_parseXML($_CONF['path_data'] . $tmp);
if ($rc == -1) {
// no xml file found
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion']));
}
if (!isset($autotagData['id']) || !isset($autotagData['version'])) {
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion']));
}
// proper glfusion version
if (!COM_checkVersion(GVERSION, $autotagData['glfusionversion'])) {
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion']));
}
if (!COM_checkVersion(phpversion(), $autotagData['phpversion'])) {
$retval .= sprintf($LANG32[50], $autotagData['phpversion']);
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _at_errorBox(sprintf($LANG32[50], $autotagData['phpversion']));
}
if ($errors != '') {
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _at_errorBox($errors);
}
// check to see if an auto tag already exists...
// removed so we can update existing auto tags
/*
$result = DB_query("SELECT * FROM {$_TABLES['autotags']} WHERE tag='".DB_escapeString($autotagData['id'])."'");
if ( DB_numRows($result) > 0 ) {
_pi_deleteDir($_CONF['path_data'].$tmp);
return _at_errorBox(sprintf($LANG32[52],$autotagData['id']));
}
*/
$permError = 0;
$permErrorList = '';
if (function_exists('set_time_limit')) {
@set_time_limit(30);
}
// test copy to proper directories
$autotagData['id'] = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', $autotagData['id']);
list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $autotagData['id'] . '/', $_CONF['path_system'] . 'autotags/');
if ($rc > 0) {
$permError = 1;
foreach ($failed as $filename) {
$permErrorList .= sprintf($LANG32[41], $filename);
}
}
if ($permError != 0) {
$errorMessage = '<h2>' . $LANG32[42] . '</h2>' . $LANG32[43] . $permErrorList . '<br />' . $LANG32[44];
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _at_errorBox($errorMessage);
}
$T = new Template($_CONF['path_layout'] . 'admin/autotag');
$T->set_file('form', 'autotag_upload_confirm.thtml');
$T->set_var(array('form_action_url' => $_CONF['site_admin_url'] . '/autotag_upload.php', 'action' => 'processupload', 'pi_name' => $autotagData['id'], 'pi_version' => $autotagData['version'], 'pi_url' => $autotagData['url'], 'pi_gl_version' => $autotagData['glfusionversion'], 'pi_desc' => $autotagData['description'], 'pi_author' => $autotagData['author'], 'upgrade' => $upgrade, 'temp_dir' => $tmp));
$retval .= $T->parse('output', 'form');
return $retval;
}
/**
* Upload new photo, delete old photo
*
* @param string $delete_photo 'on': delete old photo
* @return string filename of new photo (empty = no new photo)
*
*/
function USER_handlePhotoUpload($uid, $delete_photo = '')
{
global $_CONF, $_TABLES, $LANG24;
USES_class_upload();
$upload = new upload();
if (!empty($_CONF['image_lib'])) {
$upload->setAutomaticResize(true);
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CONF['path_images'] . 'userphotos')) {
return '';
}
$filename = '';
if (!empty($delete_photo) && $delete_photo == 1) {
$delete_photo = true;
} else {
$delete_photo = false;
}
$curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = " . (int) $uid);
if (empty($curphoto)) {
$delete_photo = false;
}
// see if user wants to upload a (new) photo
$newphoto = $_FILES['photo'];
if (!empty($newphoto['name'])) {
$pos = strrpos($newphoto['name'], '.') + 1;
$fextension = substr($newphoto['name'], $pos);
$filename = $uid . '.' . $fextension;
if (!empty($curphoto) && $filename != $curphoto) {
$delete_photo = true;
} else {
$delete_photo = false;
}
}
// delete old photo first
if ($delete_photo) {
USER_deletePhoto($curphoto);
}
// now do the upload
if (!empty($filename)) {
$upload->setFileNames($filename);
$upload->setFieldName('photo');
$upload->setPerms('0644');
$upload->setMaxDimensions(1024000, 1024000);
$upload->uploadFiles();
if ($upload->areErrors()) {
return '';
}
IMG_resizeImage($_CONF['path_images'] . 'userphotos/' . $filename, $_CONF['path_images'] . 'userphotos/' . $filename, $_CONF['max_photo_height'], $_CONF['max_photo_width']);
} else {
if (!$delete_photo && !empty($curphoto)) {
$filename = $curphoto;
}
}
return $filename;
}
function addDownload()
{
global $_CONF, $_USER, $_TABLES, $filemgmt_FileStoreURL, $filemgmt_FileSnapURL, $filemgmt_FileStore, $filemgmt_SnapStore;
global $myts, $eh, $_FMDOWNLOAD, $filemgmtFilePermissions;
if (defined('DEMO_MODE')) {
redirect_header($_CONF['site_url'] . "/index.php", 10, 'Uploads are disabled in demo mode');
exit;
}
$title = $myts->makeTboxData4Save($_POST['title']);
$homepage = $myts->makeTboxData4Save($_POST['homepage']);
$version = $myts->makeTboxData4Save($_POST['version']);
$description = $myts->makeTareaData4Save($_POST['description']);
$commentoption = $_POST['commentoption'];
$fileurl = COM_applyFilter($_POST['fileurl']);
$submitter = $_USER['uid'];
$errormsg = "";
// Check if Title blank
if ($title == "") {
$eh->show("1104");
}
// Check if Description blank
if ($description == "") {
$eh->show("1105");
}
// Check if a file was uploaded
if ($_FILES['newfile']['size'] == 0 && empty($fileurl)) {
$eh->show("1017");
}
if (!empty($_POST['cid'])) {
$cid = $_POST['cid'];
} else {
$cid = 0;
$eh->show("1110");
}
$filename = '';
//$myts->makeTboxData4Save($_FILES['newfile']['name']);
$url = '';
//$myts->makeTboxData4Save(rawurlencode($filename));
$snapfilename = '';
// = $myts->makeTboxData4Save($_FILES['newfileshot']['name']);
$logourl = '';
//$myts->makeTboxData4Save(rawurlencode($snapfilename));
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
$upload->setFieldName('newfile');
$upload->setPath($filemgmt_FileStore);
$upload->setAllowAnyMimeType(true);
// allow any file type
$upload->setMaxFileSize(100000000);
if ($upload->numFiles() > 0) {
$upload->uploadFiles();
if ($upload->areErrors()) {
$errmsg = "Upload Error: " . $upload->printErrors(false);
COM_errorLog($errmsg);
$eh->show("1106");
} else {
$size = $myts->makeTboxData4Save(intval($upload->_currentFile['size']));
$filename = $myts->makeTboxData4Save($upload->_currentFile['name']);
$url = $myts->makeTboxData4Save(rawurlencode($filename));
$pos = strrpos($filename, '.') + 1;
$fileExtension = strtolower(substr($filename, $pos));
if (array_key_exists($fileExtension, $_FMDOWNLOAD)) {
if ($_FMDOWNLOAD[$fileExtension] == 'reject') {
COM_errorLOG("AddNewFile - New Upload file is rejected by config rule:{$uploadfilename}");
$eh->show("1109");
} else {
$fileExtension = $_FMDOWNLOAD[$fileExtension];
$pos = strrpos($url, '.') + 1;
$url = strtolower(substr($url, 0, $pos)) . $fileExtension;
$pos2 = strrpos($filename, '.') + 1;
$filename = substr($filename, 0, $pos2) . $fileExtension;
}
}
$AddNewFile = true;
}
}
if ($upload->numFiles() == 0 && !$upload->areErrors() && !empty($fileurl)) {
$url = $fileurl;
$size = 0;
$AddNewFile = true;
}
$upload = new upload();
$upload->setFieldName('newfileshot');
$upload->setPath($filemgmt_SnapStore);
$upload->setAllowAnyMimeType(false);
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
$upload->setAutomaticResize(true);
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxDimensions(640, 480);
$upload->setAutomaticResize(true);
$upload->setMaxFileSize(100000000);
$upload->uploadFiles();
if ($upload->numFiles() > 0) {
if ($upload->areErrors()) {
$errmsg = "Upload Error: " . $upload->printErrors(false);
COM_errorLog($errmsg);
$eh->show("1106");
} else {
$snapfilename = $myts->makeTboxData4Save($upload->_currentFile['name']);
$logourl = $myts->makeTboxData4Save(rawurlencode($snapfilename));
$AddNewFile = true;
}
}
if ($AddNewFile) {
$chown = @chmod($filemgmt_FileStore . $filename, $filemgmtFilePermissions);
if (strlen($version) > 9) {
$version = substr($version, 0, 8);
}
$fields = 'cid, title, url, homepage, version, size, logourl, submitter, status, date, hits, rating, votes, comments';
$sql = "INSERT INTO {$_TABLES['filemgmt_filedetail']} ({$fields}) VALUES ";
$sql .= "('" . DB_escapeString($cid) . "','" . $title . "','" . $url . "','" . $homepage . "','" . $version . "','" . $size . "','" . $logourl . "','" . DB_escapeString($submitter) . "',1,UNIX_TIMESTAMP(),0,0,0,'" . DB_escapeString($commentoption) . "')";
DB_query($sql);
$newid = DB_insertID();
DB_query("INSERT INTO {$_TABLES['filemgmt_filedesc']} (lid, description) VALUES ({$newid}, '" . $description . "')");
PLG_itemSaved($newid, 'filemgmt');
CACHE_remove_instance('whatsnew');
if (isset($duplicatefile) && $duplicatefile) {
redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php", 2, _MD_NEWDLADDED_DUPFILE);
} elseif (isset($duplicatesnap) && $duplicatesnap) {
redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php", 2, _MD_NEWDLADDED_DUPSNAP);
} else {
redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php", 2, _MD_NEWDLADDED);
}
exit;
} else {
redirect_header("index.php", 2, _MD_ERRUPLOAD . "");
exit;
}
}
/**
* Import events from a CSV file into the database.
*
* @return string Completion message
*/
function EVLIST_importEvents()
{
global $_CONF, $_TABLES, $LANG_EVLIST, $_USER;
// Setting this to true will cause import to print processing status to
// webpage and to the error.log file
$verbose_import = true;
$retval = '';
// First, upload the file
USES_class_upload();
$upload = new upload();
$upload->setPath($_CONF['path_data']);
$upload->setAllowedMimeTypes(array('text/plain' => '.txt, .csv', 'application/octet-stream' => '.txt, .csv'));
$upload->setFileNames('evlist_import_file.txt');
$upload->setFieldName('importfile');
if ($upload->uploadFiles()) {
// Good, file got uploaded, now install everything
$filename = $_CONF['path_data'] . 'evlist_import_file.txt';
if (!file_exists($filename)) {
// empty upload form
$retval = $LANG_EVLIST['err_invalid_import'];
return $retval;
}
} else {
// A problem occurred, print debug information
$retval .= $upload->printErrors(false);
return $retval;
}
$fp = fopen($filename, 'r');
if (!$fp) {
$retval = $LANG_EVLIST['err_invalid_import'];
return $retval;
}
USES_evlist_class_event();
$success = 0;
$failures = 0;
// Set owner_id to the current user and group_id to the default
$owner_id = (int) $_USER['uid'];
if ($owner_id < 2) {
$owner_id = 2;
}
// last resort, use Admin
$group_id = (int) DB_getItem($_TABLES['groups'], 'grp_id', 'grp_name="evList Admin"');
if ($group_id < 2) {
$group_id = 2;
}
// last resort, use Root
while (($event = fgetcsv($fp)) !== false) {
$Ev = new evEvent();
$Ev->isNew = true;
$i = 0;
$A = array('date_start1' => $event[$i++], 'date_end1' => $event[$i++], 'time_start1' => $event[$i++], 'time_end1' => $event[$i++], 'title' => $event[$i++], 'summary' => $event[$i++], 'full_description' => $event[$i++], 'url' => $event[$i++], 'location' => $event[$i++], 'street' => $event[$i++], 'city' => $event[$i++], 'province' => $event[$i++], 'country' => $event[$i++], 'postal' => $event[$i++], 'contact' => $event[$i++], 'email' => $event[$i++], 'phone' => $event[$i++], 'cal_id' => 1, 'status' => 1, 'hits' => 0, 'recurring' => 0, 'split' => 0, 'time_start2' => '00:00:00', 'time_end2' => '00:00:00', 'owner_id' => $owner_id, 'group_id' => $group_id);
if ($_CONF['hour_mode'] == 12) {
list($hour, $minute, $second) = explode(':', $A['time_start1']);
if ($hour > 12) {
$hour -= 12;
$am = 'pm';
} elseif ($hour == 0) {
$hour = 12;
$am = 'am';
} else {
$am = 'am';
}
$A['start1_ampm'] = $am;
$A['starthour1'] = $hour;
$A['startminute1'] = $minute;
list($hour, $minute, $second) = explode(':', $A['time_end1']);
if ($hour > 12) {
$hour -= 12;
$am = 'pm';
} elseif ($hour == 0) {
$hour = 12;
$am = 'am';
} else {
$am = 'am';
}
$A['end1_ampm'] = $am;
$A['endhour1'] = $hour;
$A['endminute1'] = $minute;
}
if ($A['time_start1'] == '00:00:00' && $A['time_end1'] == '00:00:00') {
$A['allday'] = 1;
} else {
$A['allday'] = 0;
}
$msg = $Ev->Save($A);
if (empty($msg)) {
$successes++;
} else {
$failures++;
}
}
return "{$successes} Succeeded<br />{$failures} Failed";
}
/**
* Upload new photo, delete old photo
*
* @param string $delete_photo 'on': delete old photo
* @return string filename of new photo (empty = no new photo)
*
*/
function handlePhotoUpload($delete_photo = '')
{
global $_CONF, $_TABLES, $_USER, $LANG24;
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
if (!empty($_CONF['image_lib'])) {
$upload->setAutomaticResize(true);
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CONF['path_images'] . 'userphotos')) {
$display = COM_siteHeader('menu', $LANG24[30]);
$display .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
$display .= COM_siteFooter();
echo $display;
exit;
// don't return
}
$filename = '';
if (!empty($delete_photo) && $delete_photo == 'on') {
$delete_photo = true;
} else {
$delete_photo = false;
}
$curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (empty($curphoto)) {
$delete_photo = false;
}
// see if user wants to upload a (new) photo
$newphoto = $_FILES['photo'];
if (!empty($newphoto['name'])) {
$pos = strrpos($newphoto['name'], '.') + 1;
$fextension = substr($newphoto['name'], $pos);
$filename = $_USER['uid'] . '.' . $fextension;
if (!empty($curphoto) && $filename != $curphoto) {
$delete_photo = true;
} else {
$delete_photo = false;
}
}
// delete old photo first
if ($delete_photo) {
USER_deletePhoto($curphoto);
}
// now do the upload
if (!empty($filename)) {
$upload->setFileNames($filename);
$upload->setFieldName('photo');
$upload->setPerms('0644');
if ($_CONF['max_photo_width'] > 0 && $_CONF['max_photo_height'] > 0) {
$upload->setMaxDimensions($_CONF['max_photo_width'], $_CONF['max_photo_height']);
} else {
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
}
if ($_CONF['max_photo_size'] > 0) {
$upload->setMaxFileSize($_CONF['max_photo_size']);
} else {
$upload->setMaxFileSize($_CONF['max_image_size']);
}
$upload->uploadFiles();
if ($upload->areErrors()) {
$display = COM_siteHeader('menu', $LANG24[30]);
$display .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
$display .= COM_siteFooter();
echo $display;
exit;
// don't return
}
} else {
if (!$delete_photo && !empty($curphoto)) {
$filename = $curphoto;
}
}
return $filename;
}
/**
* Upload new topic icon, replaces previous icon if one exists
*
* @param string tid ID of topic to prepend to filename
* @return string filename of new photo (empty = no new photo)
*
*/
function TOPIC_iconUpload($tid)
{
global $_CONF, $_TABLES, $LANG27;
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
if (!empty($_CONF['image_lib'])) {
$upload->setAutomaticResize(true);
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CONF['path_images'] . 'topics')) {
$display = COM_siteHeader('menu', $LANG27[29]);
$display .= COM_showMessageText($upload->printErrors(false), $LANG27[29], true);
$display .= COM_siteFooter();
echo $display;
exit;
// don't return
}
$upload->setFieldName('newicon');
$filename = '';
// see if user wants to upload a (new) icon
$newicon = $_FILES['newicon'];
if (!empty($newicon['name'])) {
$pos = strrpos($newicon['name'], '.') + 1;
$fextension = substr($newicon['name'], $pos);
$filename = 'topic_' . $tid . '.' . $fextension;
}
// do the upload
if (!empty($filename)) {
$upload->setFileNames($filename);
$upload->setPerms('0644');
if ($_CONF['max_topicicon_width'] > 0 && $_CONF['max_topicicon_height'] > 0) {
$upload->setMaxDimensions($_CONF['max_topicicon_width'], $_CONF['max_topicicon_height']);
} else {
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
}
if ($_CONF['max_topicicon_size'] > 0) {
$upload->setMaxFileSize($_CONF['max_topicicon_size']);
} else {
$upload->setMaxFileSize($_CONF['max_image_size']);
}
$upload->uploadFiles();
if ($upload->areErrors()) {
$display = COM_siteHeader('menu', $LANG27[29]);
$display .= COM_showMessageText($upload->printErrors(false), $LANG27[29], true);
$display .= COM_siteFooter();
echo $display;
exit;
// don't return
}
$filename = '/images/topics/' . $filename;
}
return $filename;
}
/**
* Main driver to handle the uploaded plugin
*
* Determines if a new style (supports automated installer) or
* an old style.
*
* @return string Formatted HTML containing the page body
*
*/
function processPluginUpload()
{
global $_CONF, $_PLUGINS, $_PLUGIN_INFO, $_TABLES, $pluginData, $LANG_ADMIN, $LANG32, $_DB_dbms, $_DB_table_prefix, $_IMAGE_TYPE;
$retval = '';
$upgrade = false;
if (count($_FILES) > 0 && $_FILES['pluginfile']['error'] != UPLOAD_ERR_NO_FILE) {
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads(1);
$upload->setMaxFileSize(25165824);
$upload->setAllowedMimeTypes(array('application/x-gzip' => '.gz,.gzip,tgz', 'application/zip' => '.zip', 'application/x-tar' => '.tar,.tar.gz,.gz', 'application/x-gzip-compressed' => '.tar.gz,.tgz,.gz'));
$upload->setFieldName('pluginfile');
if (!$upload->setPath($_CONF['path_data'] . 'temp')) {
return _pi_errorBox($upload->printErrors(false));
exit;
}
$filename = $_FILES['pluginfile']['name'];
$upload->setFileNames($filename);
$upload->uploadFiles();
if ($upload->areErrors()) {
return _pi_errorBox($upload->printErrors(false));
exit;
}
$Finalfilename = $_CONF['path_data'] . 'temp/' . $filename;
} else {
return _pi_errorBox($LANG32[46]);
}
// decompress into temp directory
if (function_exists('set_time_limit')) {
@set_time_limit(60);
}
if (!($tmp = _io_mktmpdir())) {
return _pi_errorBox($LANG32[47]);
}
if (!COM_decompress($Finalfilename, $_CONF['path_data'] . $tmp)) {
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _pi_errorBox($LANG32[48]);
}
@unlink($Finalfilename);
// read XML data file, places in $pluginData;
$pluginData = array();
$rc = _pi_parseXML($_CONF['path_data'] . $tmp);
if ($rc == -1) {
// no xml file found
return processOldPlugin($tmp);
}
if (!isset($pluginData['id']) || !isset($pluginData['version'])) {
return processOldPlugin($tmp);
}
// proper glfusion version
if (!COM_checkVersion(GVERSION, $pluginData['glfusionversion'])) {
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _pi_errorBox(sprintf($LANG32[49], $pluginData['glfusionversion']));
}
if (!COM_checkVersion(phpversion(), $pluginData['phpversion'])) {
$retval .= sprintf($LANG32[50], $pluginData['phpversion']);
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _pi_errorBox(sprintf($LANG32[50], $pluginData['phpversion']));
}
// check prerequisites
$errors = '';
if (isset($pluginData['requires']) && is_array($pluginData['requires'])) {
foreach ($pluginData['requires'] as $reqPlugin) {
list($reqPlugin, $required_ver) = explode(',', $reqPlugin);
if (!isset($_PLUGIN_INFO[$reqPlugin])) {
// required plugin not installed
$errors .= sprintf($LANG32[51], $pluginData['id'], $reqPlugin, $reqPlugin);
} elseif (!empty($required_ver)) {
$installed_ver = $_PLUGIN_INFO[$reqPlugin];
if (!COM_checkVersion($installed_ver, $required_ver)) {
// required plugin installed, but wrong version
$errors .= sprintf($LANG32[90], $required_ver, $reqPlugin, $installed_ver, $reqPlugin);
}
}
}
}
if ($errors != '') {
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _pi_errorBox($errors);
}
// check if plugin already exists
// if it does, check that this is an upgrade
// if not, error
// else validate we really want to upgrade
$result = DB_query("SELECT * FROM {$_TABLES['plugins']} WHERE pi_name='" . DB_escapeString($pluginData['id']) . "'");
if (DB_numRows($result) > 0) {
$P = DB_fetchArray($result);
if ($P['pi_version'] == $pluginData['version']) {
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _pi_errorBox(sprintf($LANG32[52], $pluginData['id']));
}
// if we are here, it must be an upgrade or disabled plugin....
$rc = COM_checkVersion($pluginData['version'], $P['pi_version']);
if ($rc < 1) {
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _pi_errorBox(sprintf($LANG32[53], $pluginData['id'], $pluginData['version'], $P['pi_version']));
}
if ($P['pi_enabled'] != 1) {
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _pi_errorBox($LANG32[72]);
}
$upgrade = true;
}
$permError = 0;
$permErrorList = '';
if (function_exists('set_time_limit')) {
@set_time_limit(30);
}
// test copy to proper directories
list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $pluginData['id'] . '/', $_CONF['path'] . 'plugins/' . $pluginData['id']);
if ($rc > 0) {
$permError = 1;
foreach ($failed as $filename) {
$permErrorList .= sprintf($LANG32[41], $filename);
}
}
list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $pluginData['id'] . '/admin/', $_CONF['path_html'] . 'admin/plugins/' . $pluginData['id']);
if ($rc > 0) {
$permError = 1;
foreach ($failed as $filename) {
$permErrorList .= sprintf($LANG32[41], $filename);
}
}
list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $pluginData['id'] . '/public_html/', $_CONF['path_html'] . $pluginData['id']);
if ($rc > 0) {
$permError = 1;
foreach ($failed as $filename) {
$permErrorList .= sprintf($LANG32[41], $filename);
}
}
if ($permError != 0) {
$errorMessage = '<h2>' . $LANG32[42] . '</h2>' . $LANG32[43] . $permErrorList . '<br />' . $LANG32[44];
_pi_deleteDir($_CONF['path_data'] . $tmp);
return _pi_errorBox($errorMessage);
}
USES_lib_admin();
$menu_arr = array(array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$T = new Template($_CONF['path_layout'] . 'admin/plugins');
$T->set_file('form', 'plugin_upload_confirm.thtml');
$T->set_var('admin_menu', ADMIN_createMenu($menu_arr, $pluginData['id'] . ' ' . $LANG32[62], $_CONF['layout_url'] . '/images/icons/plugins.' . $_IMAGE_TYPE));
$T->set_var(array('form_action_url' => $_CONF['site_admin_url'] . '/plugin_upload.php', 'action' => 'processupload', 'pi_name' => $pluginData['id'], 'pi_version' => $pluginData['version'], 'pi_url' => $pluginData['url'], 'pi_gl_version' => $pluginData['glfusionversion'], 'pi_desc' => $pluginData['description'], 'pi_author' => $pluginData['author'], 'plugin_old_version' => $P['pi_version'], 'upgrade' => $upgrade, 'temp_dir' => $tmp));
$retval .= $T->parse('output', 'form');
return $retval;
}
/**
* Submit a new or updated story. The story is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
if (!SEC_hasRights('story.edit')) {
$output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true);
return PLG_RET_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
/* This is EDIT mode, so there should be an old sid */
if (empty($args['old_sid'])) {
if (!empty($args['id'])) {
$args['old_sid'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sid'])) {
$args['sid'] = $args['old_sid'];
}
}
} else {
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
}
/* Store the first CATEGORY as the Topic ID */
if (!empty($args['category'][0])) {
$args['tid'] = $args['category'][0];
}
$content = '';
if (!empty($args['content'])) {
$content = $args['content'];
} else {
if (!empty($args['summary'])) {
$content = $args['summary'];
}
}
if (!empty($content)) {
$parts = explode('[page_break]', $content);
if (count($parts) == 1) {
$args['introtext'] = $content;
$args['bodytext'] = '';
} else {
$args['introtext'] = array_shift($parts);
$args['bodytext'] = implode('[page_break]', $parts);
}
}
/* Apply filters to the parameters passed by the webservice */
if ($args['gl_svc']) {
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (isset($args['editopt'])) {
$args['editopt'] = COM_applyBasicFilter($args['editopt']);
}
}
/* - START: Set all the defaults - */
if (empty($args['tid'])) {
// see if we have a default topic
$topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND'));
if (!empty($topic)) {
$args['tid'] = $topic;
} else {
// otherwise, just use the first one
$o = array();
$s = array();
if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
$args['tid'] = $o[0];
} else {
$svc_msg['error_desc'] = 'No topics available';
return PLG_RET_ERROR;
}
}
}
if (empty($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
}
if (isset($args['alternate_id']) && $args['tid'] == $args['alternate_id']) {
$args['alternate_id'] = NULL;
}
if (empty($args['postmode'])) {
$args['postmode'] = $_CONF['postmode'];
if (!empty($args['content_type'])) {
if ($args['content_type'] == 'text') {
$args['postmode'] = 'text';
} else {
if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
$args['postmode'] = 'html';
}
}
}
}
if ($args['gl_svc']) {
/* Permissions */
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_CONF['default_permissions_story'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_CONF['default_permissions_story'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_CONF['default_permissions_story'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_CONF['default_permissions_story'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['draft_flag'])) {
$args['draft_flag'] = $_CONF['draft_flag'];
}
if (empty($args['frontpage'])) {
$args['frontpage'] = $_CONF['frontpage'];
}
if (empty($args['show_topic_icon'])) {
$args['show_topic_icon'] = $_CONF['show_topic_icon'];
}
}
/* - END: Set all the defaults - */
if (!isset($args['sid'])) {
$args['sid'] = '';
}
$args['sid'] = COM_sanitizeID($args['sid']);
if (!$gl_edit) {
if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
$args['sid'] = WS_makeId($args['slug'], STORY_MAX_ID_LENGTH);
}
}
$story = new Story();
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit && !empty($args['gl_etag'])) {
/* First load the original story to check if it has been modified */
$result = $story->loadFromDatabase($args['sid']);
if ($result == STORY_LOADED_OK) {
if ($args['gl_etag'] != date('c', $story->_date)) {
$svc_msg['error_desc'] = 'A more recent version of the story is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'Error loading story';
return PLG_RET_ERROR;
}
}
/* This function is also doing the security checks */
$result = $story->loadFromArgsArray($args);
$sid = $story->getSid();
switch ($result) {
case STORY_DUPLICATE_SID:
if (!$args['gl_svc']) {
if (isset($args['type']) && $args['type'] == 'submission') {
$output .= STORY_edit($sid, 'moderate');
} else {
$output .= STORY_edit($sid, 'error');
}
}
return PLG_RET_ERROR;
case STORY_EXISTING_NO_EDIT_PERMISSION:
$output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]);
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
case STORY_NO_ACCESS_PARAMS:
$output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]);
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
case STORY_EMPTY_REQUIRED_FIELDS:
if (!$args['gl_svc']) {
$output .= STORY_edit($sid, 'error');
}
return PLG_RET_ERROR;
default:
break;
}
/* Image upload is not supported by the web-service at present */
if (!$args['gl_svc']) {
// Delete any images if needed
if (array_key_exists('delete', $args)) {
$delete = count($args['delete']);
for ($i = 1; $i <= $delete; $i++) {
$ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = " . intval(key($args['delete'])));
STORY_deleteImage($ai_filename);
DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = '" . intval(key($args['delete'])) . "'");
next($args['delete']);
}
}
// OK, let's upload any pictures with the article
if (DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid)) > 0) {
$index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '" . DB_escapeString($sid) . "'") + 1;
} else {
$index_start = 1;
}
if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) {
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads($_CONF['maximagesperarticle']);
$upload->setAutomaticResize(true);
if ($_CONF['keep_unscaled_image'] == 1) {
$upload->keepOriginalImage(true);
} else {
$upload->keepOriginalImage(false);
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
$upload->setFieldName('file');
//@TODO - better error handling...
if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
$output = COM_siteHeader('menu', $LANG24[30]);
$output .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
$output .= COM_siteFooter();
echo $output;
exit;
}
// NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
// force any images bigger than the passed dimensions to be resized.
// If mogrify is not set, any images larger than these dimensions
// will get validation errors
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
$upload->setMaxFileSize($_CONF['max_image_size']);
// size in bytes, 1048576 = 1MB
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$filenames = array();
$sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
$result = DB_query($sql, 1);
$row = DB_fetchArray($result);
$ai_img_num = $row['ai_img_num'];
if ($ai_img_num < 1) {
$ai_img_num = 1;
}
for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
$curfile['name'] = '';
if (isset($_FILES['file']['name'][$z])) {
$curfile['name'] = $_FILES['file']['name'][$z];
}
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filenames[] = $sid . '_' . $ai_img_num . '.' . $fextension;
$ai_img_num++;
} else {
$filenames[] = '';
}
}
$upload->setFileNames($filenames);
$upload->uploadFiles();
//@TODO - better error handling
if ($upload->areErrors()) {
$retval = COM_siteHeader('menu', $LANG24[30]);
$retval .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
$retval .= STORY_edit($sid, 'error');
$retval .= COM_siteFooter();
echo $retval;
exit;
}
for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
if ($filenames[$z] != '') {
$sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
$result = DB_query($sql, 1);
$row = DB_fetchArray($result);
$ai_img_num = $row['ai_img_num'];
if ($ai_img_num < 1) {
$ai_img_num = 1;
}
DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('" . DB_escapeString($sid) . "', {$ai_img_num}, '" . DB_escapeString($filenames[$z]) . "')");
}
}
}
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkImages();
if (count($errors) > 0) {
$output = COM_siteHeader('menu', $LANG24[54]);
$eMsg = $LANG24[55] . '<p>';
for ($i = 1; $i <= count($errors); $i++) {
$eMsg .= current($errors) . '<br />';
next($errors);
}
//@TODO - use return here...
$output .= COM_showMessageText($eMsg, $LANG24[54], true);
$output .= STORY_edit($sid, 'error');
$output .= COM_siteFooter();
echo $output;
exit;
}
}
}
$result = $story->saveToDatabase();
if ($result == STORY_SAVED) {
// see if any plugins want to act on that story
if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
PLG_itemSaved($sid, 'article', $args['old_sid']);
} else {
PLG_itemSaved($sid, 'article');
}
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
COM_olderStuff();
if ($story->type == 'submission') {
COM_setMessage(9);
echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
exit;
} else {
$output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
}
/* @TODO Set the object id here */
$svc_msg['id'] = $sid;
return PLG_RET_OK;
}
}