function _loadData() { global $mainframe; $user =& JFactory::getUser(); // Lets load the content if it doesn't already exist if (empty($this->_data)) { $query = 'SELECT p.*' . ' FROM #__phocagallery AS p' . ' WHERE p.id = ' . (int) $this->_id; $this->_db->setQuery($query); $items = $this->_db->loadObject(); // Access check - don't display the image if you have no access to this image (if user add own url) if (isset($items->catid)) { $query = 'SELECT cc.access as access, cc.params as params' . ' FROM #__phocagallery_categories AS cc' . ' WHERE cc.id = ' . (int) $items->catid; $this->_db->setQuery($query); $catid = $this->_db->loadObject(); // USER RIGHT - ACCESS ======================================= $rightDisplay = 0; if (isset($catid->params)) { $rightDisplay = PhocaGalleryHelper::getUserRight($catid->params, 'accessuserid', $catid->access, $user->get('aid', 0), $user->get('id', 0), 0); } if ($rightDisplay == 0) { $mainframe->redirect('index.php?option=com_user&view=login', JText::_("ALERTNOTAUTH")); exit; } // ============================================================ } //Select category if (!$this->_loadCategory()) { $this->_loadCategory(); } //Slugs - possible //$items->slugid = (int) $items->id . "-" . $items->alias; //$items->slugcatid = $this->_category->slug; // SLUG CATID /* $query = 'SELECT c.alias'. ' FROM #__phocagallery_categories AS c' . ' WHERE c.id = '. (int) $this->_category->id; $this->_db->setQuery($query); $catid_alias = $this->_db->loadObject(); */ if (isset($this->_category->slug) && $this->_category->slug != '') { $catid_slug = $this->_category->slug; } else { $catid_slug = (int) $this->_category->id; } // ---------- // SLUG ID /* $query = 'SELECT a.alias'. ' FROM #__phocagallery AS a' . ' WHERE a.id = '. (int) $this->_id; $this->_db->setQuery($query); $id_alias = $this->_db->loadObject(); */ if (isset($items->alias) && $items->alias != '') { $id_slug = (int) $this->_id . ':' . $items->alias; } else { $id_slug = (int) $this->_id . ':'; // Because of possible SEF problem } // ---------- //Javascript Slideshow buttons $reload_button = PhocaGalleryHelperFront::getGalleryReload((int) $this->_category->id, (int) $this->_id, $id_slug, $catid_slug); $close_button = PhocaGalleryHelperFront::getGalleryClose((int) $this->_category->id, (int) $this->_id, $id_slug, $catid_slug); $close_text = PhocaGalleryHelperFront::getGalleryCloseText((int) $this->_category->id, (int) $this->_id, $id_slug, $catid_slug); $next_button = PhocaGalleryHelperFront::getGalleryNext((int) $this->_category->id, (int) $this->_id); $prev_button = PhocaGalleryHelperFront::getGalleryPrevious((int) $this->_category->id, (int) $this->_id); $js_slideshow_data = PhocaGalleryHelperFront::getGalleryJsSlideshow((int) $this->_category->id, (int) $this->_id, (int) $this->_slideshow, $id_slug, $catid_slug); // Get file thumbnail or No Image $file_name_no = $items->filename; $file_name = PhocaGalleryHelperFront::getTitleFromFilenameWithExt($items->filename); $image_size = PhocaGalleryHelperFront::getImageSizePhoca($items->filename); $file_size = PhocaGalleryHelperFront::getFileSizePhoca($items->filename); $file_thumbnail = PhocaGalleryHelperFront::displayFileOrNoImage($items->filename, 'large'); $link_thumbnail_path = $file_thumbnail['rel']; $file = new JObject(); //slideshow $file->set('closebutton', $close_button); $file->set('reloadbutton', $reload_button); $file->set('nextbutton', $next_button); $file->set('prevbutton', $prev_button); $file->set('slideshowbutton', $js_slideshow_data['icons']); $file->set('slideshowfiles', $js_slideshow_data['files']); $file->set('slideshow', $this->_slideshow); //download $file->set('closetext', $close_text); $file->set('filenameno', $file_name_no); $file->set('filename', $file_name); $file->set('download', $this->_download); $file->set('filesize', $file_size); $file->set('imagesize', $image_size[0] . ' x ' . $image_size[1]); //all $file->set('linkthumbnailpath', $link_thumbnail_path); //description $file->set('description', $items->description); $file->set('params', $items->params); $file->set('title', $items->title); if (isset($file)) { $this->_data = $file; } else { $this->_data = ''; } return (bool) $this->_data; } return true; }
function upload() { global $mainframe; // Check for request forgeries JRequest::checkToken('request') or jexit('Invalid Token'); // Set FTP credentials, if given jimport('joomla.client.helper'); $ftp =& JClientHelper::setCredentialsFromRequest('ftp'); $user =& JFactory::getUser(); $path = PhocaGalleryHelper::getPathSet(); $file = JRequest::getVar('Filedata', '', 'files', 'array'); $folder = JRequest::getVar('folder', '', '', 'path'); $tab = JRequest::getVar('tab', 0, '', 'int'); $format = JRequest::getVar('format', 'html', '', 'cmd'); $return = JRequest::getVar('return-url', null, 'post', 'base64'); $viewBack = JRequest::getVar('viewback', '', '', ''); $err = null; $view = JRequest::getVar('view', '', 'get', '', JREQUEST_NOTRIM); $catid = JRequest::getVar('id', '', 'get', 'string', JREQUEST_NOTRIM); //$catid = JRequest::getVar( 'catid', '', 'post', 'string', JREQUEST_NOTRIM ); $Itemid = JRequest::getVar('Itemid', 0, '', 'int'); $limitStart = JRequest::getVar('limitstart', 0, '', 'int'); $paramsC = JComponentHelper::getParams('com_phocagallery'); $catidAlias = $catid; // for return // Set the limistart (TODO) if ($limitStart > 0) { $limitStartUrl = '&limitstart=' . $limitStart; } else { $limitStartUrl = ''; } // From which view the image is uploaded switch ($view) { case 'user': // UCP is disabled (security reasons) $enable_user_cp = $paramsC->get('enable_user_cp', 0); if ($enable_user_cp == 0) { $mainframe->redirect(JURI::base(true), JText::_("User Control Panel is disabled")); exit; } $return = JRoute::_('index.php?option=com_phocagallery&view=user&tab=' . $tab . '&Itemid=' . $Itemid, false); // Get user catid, we are not in the category, so we must find the catid $modelUser = $this->getModel('user'); $userCatId = $modelUser->getUserCategory($user->id); // User has no category, he (she) can create one if (!empty($userCatId->categoryid)) { $catid = $userCatId->categoryid; } else { $mainframe->redirect($return, JText::_('Error Uploading Phoca Gallery User Control Image')); exit; } break; case 'category': default: $return = JRoute::_('index.php?option=com_phocagallery&view=category&id=' . $catidAlias . '&tab=' . $tab . '&Itemid=' . $Itemid . $limitStartUrl, false); break; } $model = $this->getModel('category'); // USER RIGHT - UPLOAD ======================================== // 2, 2 means that user access will be ignored in function getUserRight for display Delete button $rightDisplayUpload = 0; $catParams = $model->getCategoryParams((int) $catid); if (isset($catParams->params)) { $rightDisplayUpload = PhocaGalleryHelper::getUserRight($catParams->params, 'uploaduserid', 2, 2, $user->get('id', 0), 0); } // ============================================================ // USER RIGHT - FOLDER ======================================== $rightFolder[0] = ''; if (isset($catParams->params)) { $rightFolder = PhocaGalleryHelper::getParamsArray($catParams->params, 'userfolder'); } // ============================================================ if ($rightDisplayUpload == 1) { if ($rightFolder[0] == '') { $mainframe->redirect($return, JText::_('User Folder Not Defined')); } if (!JFolder::exists($path['orig_abs_ds'] . $rightFolder[0] . DS)) { $mainframe->redirect($return, JText::_('Defined User Folder Does Not Exist')); } // Check if the size will be not over the category folder size jimport('joomla.filesystem.folder'); $path = PhocaGalleryHelper::getPathset(); $catPath = $path['orig_abs_ds'] . $rightFolder[0] . DS; $files = JFolder::files($catPath); // Get size of all images in the folder $allFileSize = 0; foreach ($files as $fileInFolder) { $fileSize = PhocaGalleryHelperFront::getFileSizePhoca($rightFolder[0] . DS . $fileInFolder, 0); $allFileSize = $allFileSize + (int) $fileSize; } // Get the size of all images include new uploaded image in Bytes if (isset($file['size'])) { $allFileSize = $allFileSize + (int) $file['size']; } $maxFolderSize = (int) $paramsC->get('cat_folder_maxsize', 20000000); if ($maxFolderSize > 0 && (int) $allFileSize > $maxFolderSize) { $mainframe->redirect($return, JText::_('WARNFILETOOLARGEFOLDER')); } // Make the filename safe if (isset($file['name'])) { $file['name'] = JFile::makeSafe($file['name']); } if (isset($file['name'])) { $filepath = JPath::clean($path['orig_abs_ds'] . $rightFolder[0] . DS . $file['name']); if (!PhocaGalleryHelperUpload::canUpload($file, $err)) { $mainframe->redirect($return, JText::_($err)); exit; } if (JFile::exists($filepath)) { $mainframe->redirect($return, JText::_('File already exists')); exit; } if (!JFile::upload($file['tmp_name'], $filepath)) { $mainframe->redirect($return, JText::_('Unable to upload file')); exit; } else { // Saving file name into database with relative path $file['name'] = $rightFolder[0] . '/' . $file['name']; PhocaGalleryController::save((int) $catid, $file['name'], $return); //$mainframe->redirect($return,JText::_('Upload complete')); //exit; } } else { $mainframe->redirect($return, JText::_('WARNFILETYPE')); exit; } } else { $mainframe->redirect(JRoute::_('index.php?option=com_user&view=login', false), JText::_("NOT AUTHORISED TO DO ACTION")); exit; } }