} $file = $_FILES[$code]; if (!empty($file['tmp_name']) && $file['size'] > 0 && is_uploaded_file($file['tmp_name'])) { $gd_supported = array('jpg', 'jpeg', 'png', 'gif'); $var = explode(".", $file['name']); $file_ext = strtolower(array_pop($var)); $fcheck = cot_file_check($file['tmp_name'], $file['name'], $file_ext); if (in_array($file_ext, $gd_supported) && $fcheck == 1) { $file['name'] = cot_safename($file['name'], true); $filename_full = $usr['id'] . '-' . strtolower($file['name']); $filepath = $code == 'avatar' ? $cfg['avatars_dir'] . '/' . $filename_full : $cfg['photos_dir'] . '/' . $filename_full; if (file_exists($filepath)) { unlink($filepath); } move_uploaded_file($file['tmp_name'], $filepath); cot_imageresize($filepath, $filepath, $settings['width'], $settings['height'], $settings['crop'], '', 100); @chmod($filepath, $cfg['file_perms']); /* === Hook === */ foreach (cot_getextplugins('profile.update.' . $code) as $pl) { include $pl; } /* ===== */ $sql = $db->update($db_users, array("user_" . $code => $filepath), "user_id='" . $usr['id'] . "'"); } elseif ($fcheck == 2) { cot_error(sprintf($L['pfs_filemimemissing'], $file_ext), $code); } else { cot_error(sprintf($L['userimages_' . $code . 'notvalid'], $file_ext), $code); } } } }
/** * Upload one or more files, return parent folder ID * * @param int $userid User ID * @param int $folderid Folder ID * @return int */ function cot_pfs_upload($userid, $folderid = '') { global $db, $cfg, $sys, $cot_extensions, $gd_supported, $maxfile, $maxtotal, $db_pfs, $db_pfs_folders, $L, $err_msg; if ($folderid === '') { $folderid = cot_import('folderid', 'P', 'INT'); } $ndesc = cot_import('ndesc', 'P', 'ARR'); $npath = cot_pfs_folderpath($folderid); /* === Hook === */ foreach (cot_getextplugins('pfs.upload.first') as $pl) { include $pl; } /* ===== */ cot_die($npath === FALSE); for ($ii = 0; $ii < $cfg['pfs']['pfsmaxuploads']; $ii++) { $disp_errors = ''; $u_tmp_name = $_FILES['userfile']['tmp_name'][$ii]; $u_type = $_FILES['userfile']['type'][$ii]; $u_name = $_FILES['userfile']['name'][$ii]; $u_size = $_FILES['userfile']['size'][$ii]; $u_name = str_replace("\\'", '', $u_name); $u_name = trim(str_replace("\"", '', $u_name)); if (!empty($u_name)) { $disp_errors .= $u_name . ' : '; $u_name = mb_strtolower($u_name); $dotpos = mb_strrpos($u_name, ".") + 1; $f_extension = mb_substr($u_name, $dotpos); $f_extension_ok = 0; $desc = $ndesc[$ii]; if ($cfg['pfs']['pfstimename']) { $u_name = time() . '_' . $u_name; } if (!$cfg['pfs']['pfsuserfolder']) { $u_name = $usr['id'] . '_' . $u_name; } $u_newname = cot_safename($u_name, true); $u_sqlname = $db->prep($u_newname); if ($f_extension != 'php' && $f_extension != 'php3' && $f_extension != 'php4' && $f_extension != 'php5') { foreach ($cot_extensions as $k => $line) { if (mb_strtolower($f_extension) == $line[0]) { $f_extension_ok = 1; } } } if (is_uploaded_file($u_tmp_name) && $u_size > 0 && $u_size < $maxfile && $f_extension_ok && $pfs_totalsize + $u_size < $maxtotal) { $fcheck = cot_file_check($u_tmp_name, $u_name, $f_extension); if ($fcheck == 1) { $pfs_dir_user = cot_pfs_path($userid); $thumbs_dir_user = cot_pfs_thumbpath($userid); if (!file_exists($pfs_dir_user . $npath . $u_newname)) { $is_moved = true; if ($cfg['pfs']['pfsuserfolder']) { if (!is_dir($pfs_dir_user)) { $is_moved &= mkdir($pfs_dir_user, $cfg['dir_perms']); } if (!is_dir($thumbs_dir_user)) { $is_moved &= mkdir($thumbs_dir_user, $cfg['dir_perms']); } } $is_moved &= move_uploaded_file($u_tmp_name, $pfs_dir_user . $npath . $u_newname); $is_moved &= chmod($pfs_dir_user . $npath . $u_newname, $cfg['file_perms']); $u_size = filesize($pfs_dir_user . $npath . $u_newname); if ($is_moved && (int) $u_size > 0) { /* === Hook === */ foreach (cot_getextplugins('pfs.upload.moved') as $pl) { include $pl; } /* ===== */ $db->insert($db_pfs, array('pfs_userid' => (int) $userid, 'pfs_date' => (int) $sys['now'], 'pfs_file' => $u_sqlname, 'pfs_extension' => $f_extension, 'pfs_folderid' => (int) $folderid, 'pfs_desc' => $desc, 'pfs_size' => (int) $u_size, 'pfs_count' => 0)); $db->update($db_pfs_folders, array('pff_updated' => $sys['now']), 'pff_id="' . $folderid . '"'); $disp_errors .= $L['Yes']; $pfs_totalsize += $u_size; /* === Hook === */ foreach (cot_getextplugins('pfs.upload.done') as $pl) { include $pl; } /* ===== */ if (in_array($f_extension, $gd_supported) && $cfg['pfs']['th_amode'] != 'Disabled' && file_exists($pfs_dir_user . $u_newname)) { @unlink($thumbs_dir_user . $npath . $u_newname); $th_colortext = array(hexdec(substr($cfg['pfs']['th_colortext'], 0, 2)), hexdec(substr($cfg['pfs']['th_colortext'], 2, 2)), hexdec(substr($cfg['pfs']['th_colortext'], 4, 2))); $th_colorbg = array(hexdec(substr($cfg['pfs']['th_colorbg'], 0, 2)), hexdec(substr($cfg['pfs']['th_colorbg'], 2, 2)), hexdec(substr($cfg['pfs']['th_colorbg'], 4, 2))); cot_imageresize($pfs_dir_user . $npath . $u_newname, $cfg['pfs']['thumbs_dir_user'] . $npath . $u_newname, $cfg['pfs']['th_x'], $cfg['pfs']['th_y'], '', $th_colorbg, $cfg['pfs']['th_jpeg_quality'], true); } } else { @unlink($pfs_dir_user . $npath . $u_newname); $disp_errors .= $L['pfs_filenotmoved']; } } else { $disp_errors .= $L['pfs_fileexists']; } } elseif ($fcheck == 2) { $disp_errors .= sprintf($L['pfs_filemimemissing'], $f_extension); } else { $disp_errors .= sprintf($L['pfs_filenotvalid'], $f_extension); } } else { $disp_errors .= $L['pfs_filetoobigorext']; } $err_msg[] = $disp_errors; } } return $folderid; }
/** * Process uploaded user images files for certain User * * @param number $uid User ID for uploads to be attached * @return boolean|number Number of uploaded images or false for incorrect $uid */ function cot_userimages_process_uploads($uid = null) { global $cfg, $usr, $m; $files = 0; if ($_FILES) { if (is_null($uid) || empty($uid)) { $uid = $usr['id']; } if (!is_numeric($uid) || $uid != (int) $uid || $uid < 1) { return false; } if ($uid != $usr['id'] || $m == 'edit') { list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('users', 'a'); if (!$usr['isadmin']) { return 0; } $usermode = true; } @clearstatcache(); $userimages = cot_userimages_config_get(); foreach ($userimages as $code => $settings) { $file = $_FILES[$usermode ? $code . ':' . $uid : $code]; if (!$file) { continue; } if (!empty($file['tmp_name']) && $file['size'] > 0 && is_uploaded_file($file['tmp_name'])) { $gd_supported = array('jpg', 'jpeg', 'png', 'gif'); $var = explode(".", $file['name']); $file_ext = strtolower(array_pop($var)); $fcheck = cot_file_check($file['tmp_name'], $file['name'], $file_ext); if (in_array($file_ext, $gd_supported) && $fcheck == 1) { $file['name'] = cot_safename($file['name'], true); $path = $code == 'avatar' ? $cfg['avatars_dir'] : $cfg['photos_dir']; $filename_full = $uid . '-' . strtolower($code != 'avatar' ? $code . '-' . $file['name'] : $file['name']); $filepath = $path . '/' . $filename_full; if (file_exists($filepath)) { unlink($filepath); } move_uploaded_file($file['tmp_name'], $filepath); cot_imageresize($filepath, $filepath, $settings['width'], $settings['height'], $settings['crop'], '', 100); @chmod($filepath, $cfg['file_perms']); /* === Hook === */ foreach (cot_getextplugins('profile.update.' . $code) as $pl) { include $pl; } /* ===== */ $sql = cot::$db->query("SELECT user_" . cot::$db->prep($code) . " FROM " . cot::$db->users . " WHERE user_id=" . $uid); if ($oldimage = $sql->fetchColumn()) { if (file_exists($oldimage)) { unlink($oldimage); } } $sql = cot::$db->update(cot::$db->users, array("user_" . $code => $filepath), "user_id='" . $uid . "'"); $files++; } elseif ($fcheck == 2) { cot_error(sprintf($L['pfs_filemimemissing'], $file_ext), $code); } else { cot_error(sprintf($L['userimages_' . $code . 'notvalid'], $file_ext), $code); } } } } return $files; }
$pfs_fullfile = $pfs_dir_user . $pfs_file; $pfs_filesize = $row['pfs_size']; $pfs_icon = $icon[$pfs_extension]; $dotpos = mb_strrpos($pfs_file, ".") + 1; $pfs_realext = mb_strtolower(mb_substr($pfs_file, $dotpos, 5)); unset($add_thumbnail, $add_image); $add_file = $standalone ? cot_rc('pfs_link_addfile') : ''; if ($pfs_extension != $pfs_realext) { $db->update($db_pfs, array('pfs_extension' => $pfs_realext), "pfs_id={$pfs_id}"); $pfs_extension = $pfs_realext; } if (in_array($pfs_extension, $gd_supported) && $cfg['pfs']['th_amode'] != 'Disabled') { if (!file_exists($thumbs_dir_user . $pfs_file) && file_exists($pfs_dir_user . $pfs_file)) { $th_colortext = array(hexdec(mb_substr($cfg['pfs']['th_colortext'], 0, 2)), hexdec(mb_substr($cfg['pfs']['th_colortext'], 2, 2)), hexdec(mb_substr($cfg['pfs']['th_colortext'], 4, 2))); $th_colorbg = array(hexdec(mb_substr($cfg['pfs']['th_colorbg'], 0, 2)), hexdec(mb_substr($cfg['pfs']['th_colorbg'], 2, 2)), hexdec(mb_substr($cfg['pfs']['th_colorbg'], 4, 2))); cot_imageresize($pfs_dir_user . $pfs_file, $thumbs_dir_user . $pfs_file, $cfg['pfs']['th_x'], $cfg['pfs']['th_y'], '', $th_colorbg, $cfg['pfs']['th_jpeg_quality'], true); } if ($standalone) { $add_thumbnail .= cot_rc('pfs_link_addthumb'); $add_image = cot_rc('pfs_link_addpix'); } if ($opt == 'thumbs') { $pfs_icon = cot_rc('pfs_link_thumbnail', array('thumbpath' => $thumbs_dir_user)); } } $t->assign(array('PFS_ROW_ID' => $pfs_id, 'PFS_ROW_FILE' => $pfs_file, 'PFS_ROW_DATE' => cot_date('datetime_medium', $pfs_date), 'PFS_ROW_DATE_STAMP' => $pfs_date, 'PFS_ROW_EXT' => $pfs_extension, 'PFS_ROW_DESC' => $pfs_desc, 'PFS_ROW_TYPE' => $filedesc[$pfs_extension], 'PFS_ROW_FILE_URL' => $pfs_fullfile, 'PFS_ROW_SIZE' => cot_build_filesize($pfs_filesize, 1), 'PFS_ROW_SIZE_BYTES' => $pfs_filesize, 'PFS_ROW_ICON' => $pfs_icon, 'PFS_ROW_DELETE_URL' => cot_confirm_url(cot_url('pfs', 'a=delete&' . cot_xg() . '&id=' . $pfs_id . '&' . $more . '&opt=' . $opt), 'pfs', 'pfs_confirm_delete_file'), 'PFS_ROW_EDIT_URL' => cot_url('pfs', 'm=edit&id=' . $pfs_id . '&' . $more), 'PFS_ROW_COUNT' => $row['pfs_count'], 'PFS_ROW_INSERT' => $standalone ? $add_thumbnail . $add_image . $add_file : '')); /* === Hook - Part2 : Include === */ foreach ($extp as $pl) { include $pl; } /* ===== */