function process_picture() { global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_POST_FILES, $CONFIG, $IMG_TYPES; global $lang_db_input_php, $lang_errors; @unlink(LOGFILE); if (!USER_ID || !USER_CAN_UPLOAD_PICTURES) { simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } $album = (int) $HTTP_GET_VARS['album']; $title = $HTTP_POST_VARS['title']; $caption = $HTTP_POST_VARS['caption']; $keywords = $HTTP_POST_VARS['keywords']; $user1 = ''; $user2 = ''; $user3 = ''; $user4 = ''; // Check if the album id provided is valid if (!USER_IS_ADMIN) { $result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}' and category = '" . (USER_ID + FIRST_USER_CAT) . "'"); if (mysql_num_rows($result) == 0) { simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__); } $row = mysql_fetch_array($result); mysql_free_result($result); $category = $row['category']; } else { $result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}'"); if (mysql_num_rows($result) == 0) { simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__); } $row = mysql_fetch_array($result); mysql_free_result($result); $category = $row['category']; } // Test if the filename of the temporary uploaded picture is empty if ($HTTP_POST_FILES['userpicture']['tmp_name'] == '') { simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__); } // Create destination directory for pictures if (USER_ID && !defined('SILLY_SAFE_MODE')) { if (USER_IS_ADMIN && $category != USER_ID + FIRST_USER_CAT) { $filepath = 'wpw-' . date("Ymd"); } else { $filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT); } $dest_dir = $CONFIG['fullpath'] . $filepath; if (!is_dir($dest_dir)) { mkdir($dest_dir, octdec($CONFIG['default_dir_mode'])); if (!is_dir($dest_dir)) { simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true); } chmod($dest_dir, octdec($CONFIG['default_dir_mode'])); $fp = fopen($dest_dir . '/index.html', 'w'); fwrite($fp, ' '); fclose($fp); } $dest_dir .= '/'; $filepath .= '/'; } else { $filepath = $CONFIG['userpics']; $dest_dir = $CONFIG['fullpath'] . $filepath; } // Check that target dir is writable if (!is_writable($dest_dir)) { simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true); } $matches = array(); if (get_magic_quotes_gpc()) { $HTTP_POST_FILES['userpicture']['name'] = stripslashes($HTTP_POST_FILES['userpicture']['name']); } // Replace forbidden chars with underscores $forbidden_chars = strtr($CONFIG['forbiden_fname_char'], array('&' => '&', '"' => '"', '<' => '<', '>' => '>')); $picture_name = strtr($HTTP_POST_FILES['userpicture']['name'], $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char']))); // Check that the file uploaded has a valid extension if (!preg_match("/(.+)\\.(.*?)\\Z/", $picture_name, $matches)) { $matches[1] = 'invalid_fname'; $matches[2] = 'xxx'; } if ($matches[2] == '' || !is_known_filetype($matches)) { simple_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__); } // Create a unique name for the uploaded file $nr = 0; $picture_name = $matches[1] . '.' . $matches[2]; while (file_exists($dest_dir . $picture_name)) { $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2]; } $uploaded_pic = $dest_dir . $picture_name; // Move the picture into its final location if (!move_uploaded_file($HTTP_POST_FILES['userpicture']['tmp_name'], $uploaded_pic)) { simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true); } // Change file permission chmod($uploaded_pic, octdec($CONFIG['default_file_mode'])); // Check file size. Delete if it is excessive. if (filesize($uploaded_pic) > $CONFIG['max_upl_size'] << 10) { @unlink($uploaded_pic); simple_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__); } elseif (is_image($picture_name)) { // Get picture information $imginfo = getimagesize($uploaded_pic); // getimagesize does not recognize the file as a picture if ($imginfo == null) { @unlink($uploaded_pic); simple_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true); } // JPEG and PNG only are allowed with GD if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) { @unlink($uploaded_pic); simple_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true); } // Check that picture size (in pixels) is lower than the maximum allowed if (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) { @unlink($uploaded_pic); simple_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__); } } // Create thumbnail and internediate image and add the image into the DB $result = add_picture($album, $filepath, $picture_name, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category); if (!$result) { @unlink($uploaded_pic); simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true); } else { echo "SUCCESS"; exit; } }
function process_picture() { global $CONFIG, $IMG_TYPES; global $lang_db_input_php, $lang_errors; $superCage = Inspekt::makeSuperCage(); @unlink(LOGFILE); if (!USER_ID || !USER_CAN_UPLOAD_PICTURES) { simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } //$album = (int)$_GET['album']; $album = $superCage->get->getInt('album'); $title = ''; $caption = ''; $keywords = ''; $user1 = ''; $user2 = ''; $user3 = ''; $user4 = ''; $position = 0; // Check if the album id provided is valid if (!USER_IS_ADMIN) { $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}' and category = '" . (USER_ID + FIRST_USER_CAT) . "'"); if (mysql_num_rows($result) == 0) { simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__); } $row = mysql_fetch_array($result); mysql_free_result($result); $category = $row['category']; } else { $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}'"); if (mysql_num_rows($result) == 0) { simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__); } $row = mysql_fetch_array($result); mysql_free_result($result); $category = $row['category']; } // Get position $result = cpg_db_query("SELECT position FROM {$CONFIG['TABLE_PICTURES']} WHERE aid='{$album}' order by position desc"); if (mysql_num_rows($result) == 0) { $position = 100; } else { $row = mysql_fetch_array($result); mysql_free_result($result); if ($row['position']) { $position = $row['position']; $position++; } } // Test if the filename of the temporary uploaded picture is empty // if ($_FILES['userpicture']['tmp_name'] == '') simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__); if ($superCage->files->getRaw('/userpicture/tmp_name') == '') { simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__); } // Create destination directory for pictures if (USER_ID && $CONFIG['silly_safe_mode'] != 1) { if (USER_IS_ADMIN && $category != USER_ID + FIRST_USER_CAT) { $filepath = 'wpw-' . date("Ymd"); } else { $filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT); } $dest_dir = $CONFIG['fullpath'] . $filepath; if (!is_dir($dest_dir)) { mkdir($dest_dir, octdec($CONFIG['default_dir_mode'])); if (!is_dir($dest_dir)) { simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true); } chmod($dest_dir, octdec($CONFIG['default_dir_mode'])); $fp = fopen($dest_dir . '/index.php', 'w'); fwrite($fp, ' '); fclose($fp); } $dest_dir .= '/'; $filepath .= '/'; } else { $filepath = $CONFIG['userpics']; $dest_dir = $CONFIG['fullpath'] . $filepath; } // Check that target dir is writable if (!is_writable($dest_dir)) { simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true); } $matches = array(); //if (get_magic_quotes_gpc()) $_FILES['userpicture']['name'] = stripslashes($_FILES['userpicture']['name']); //using getRaw as it will be sanitized in the code below in the preg_match. {SaWey} $filename = $superCage->files->getRaw('/userpicture/name'); if (get_magic_quotes_gpc()) { $filename = stripslashes($filename); } // Replace forbidden chars with underscores //$picture_name = replace_forbidden($_FILES['userpicture']['name']); $picture_name = replace_forbidden($filename); // Check that the file uploaded has a valid extension if (!preg_match("/(.+)\\.(.*?)\\Z/", $picture_name, $matches)) { $matches[1] = 'invalid_fname'; $matches[2] = 'xxx'; } if ($matches[2] == '' || !is_known_filetype($matches)) { simple_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__); } // Create a unique name for the uploaded file $nr = 0; $picture_name = $matches[1] . '.' . $matches[2]; while (file_exists($dest_dir . $picture_name)) { $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2]; } $uploaded_pic = $dest_dir . $picture_name; // Move the picture into its final location if (!move_uploaded_file($superCage->files->getRaw('/userpicture/tmp_name'), $uploaded_pic)) { simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true); } // Change file permission chmod($uploaded_pic, octdec($CONFIG['default_file_mode'])); // Check file size. Delete if it is excessive. if (filesize($uploaded_pic) > $CONFIG['max_upl_size'] << 10) { @unlink($uploaded_pic); simple_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__); } elseif (is_image($picture_name)) { // Get picture information $imginfo = getimagesize($uploaded_pic); // cpg_getimagesize does not recognize the file as a picture if ($imginfo == null) { @unlink($uploaded_pic); simple_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true); } // JPEG and PNG only are allowed with GD //if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) { if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && $CONFIG['GIF_support'] == 0) { @unlink($uploaded_pic); simple_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true); } // Check that picture size (in pixels) is lower than the maximum allowed if (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) { if (USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) { //resize_image($uploaded_pic, $uploaded_pic, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $imginfo[0] > $CONFIG['max_upl_width_height'] ? 'wd' : 'ht'); resize_image($uploaded_pic, $uploaded_pic, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $CONFIG['thumb_use']); } else { @unlink($uploaded_pic); simple_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__); } } } // Create thumbnail and internediate image and add the image into the DB $result = add_picture($album, $filepath, $picture_name, $position, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category); if ($result !== true) { @unlink($uploaded_pic); simple_die(CRITICAL_ERROR, isset($result['error']) ? $result['error'] : sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true); } else { echo "SUCCESS"; exit; } }