}
$file = $_FILES[$code];
if (!empty($file['tmp_name']) && $file['size'] > 0 && is_uploaded_file($file['tmp_name'])) {
$gd_supported = array('jpg', 'jpeg', 'png', 'gif');
$var = explode(".", $file['name']);
$file_ext = strtolower(array_pop($var));
$fcheck = cot_file_check($file['tmp_name'], $file['name'], $file_ext);
if (in_array($file_ext, $gd_supported) && $fcheck == 1) {
$file['name'] = cot_safename($file['name'], true);
$filename_full = $usr['id'] . '-' . strtolower($file['name']);
$filepath = $code == 'avatar' ? $cfg['avatars_dir'] . '/' . $filename_full : $cfg['photos_dir'] . '/' . $filename_full;
if (file_exists($filepath)) {
unlink($filepath);
}
move_uploaded_file($file['tmp_name'], $filepath);
cot_imageresize($filepath, $filepath, $settings['width'], $settings['height'], $settings['crop'], '', 100);
@chmod($filepath, $cfg['file_perms']);
/* === Hook === */
foreach (cot_getextplugins('profile.update.' . $code) as $pl) {
include $pl;
}
/* ===== */
$sql = $db->update($db_users, array("user_" . $code => $filepath), "user_id='" . $usr['id'] . "'");
} elseif ($fcheck == 2) {
cot_error(sprintf($L['pfs_filemimemissing'], $file_ext), $code);
} else {
cot_error(sprintf($L['userimages_' . $code . 'notvalid'], $file_ext), $code);
}
}
}
}
/**
* Upload one or more files, return parent folder ID
*
* @param int $userid User ID
* @param int $folderid Folder ID
* @return int
*/
function cot_pfs_upload($userid, $folderid = '')
{
global $db, $cfg, $sys, $cot_extensions, $gd_supported, $maxfile, $maxtotal, $db_pfs, $db_pfs_folders, $L, $err_msg;
if ($folderid === '') {
$folderid = cot_import('folderid', 'P', 'INT');
}
$ndesc = cot_import('ndesc', 'P', 'ARR');
$npath = cot_pfs_folderpath($folderid);
/* === Hook === */
foreach (cot_getextplugins('pfs.upload.first') as $pl) {
include $pl;
}
/* ===== */
cot_die($npath === FALSE);
for ($ii = 0; $ii < $cfg['pfs']['pfsmaxuploads']; $ii++) {
$disp_errors = '';
$u_tmp_name = $_FILES['userfile']['tmp_name'][$ii];
$u_type = $_FILES['userfile']['type'][$ii];
$u_name = $_FILES['userfile']['name'][$ii];
$u_size = $_FILES['userfile']['size'][$ii];
$u_name = str_replace("\\'", '', $u_name);
$u_name = trim(str_replace("\"", '', $u_name));
if (!empty($u_name)) {
$disp_errors .= $u_name . ' : ';
$u_name = mb_strtolower($u_name);
$dotpos = mb_strrpos($u_name, ".") + 1;
$f_extension = mb_substr($u_name, $dotpos);
$f_extension_ok = 0;
$desc = $ndesc[$ii];
if ($cfg['pfs']['pfstimename']) {
$u_name = time() . '_' . $u_name;
}
if (!$cfg['pfs']['pfsuserfolder']) {
$u_name = $usr['id'] . '_' . $u_name;
}
$u_newname = cot_safename($u_name, true);
$u_sqlname = $db->prep($u_newname);
if ($f_extension != 'php' && $f_extension != 'php3' && $f_extension != 'php4' && $f_extension != 'php5') {
foreach ($cot_extensions as $k => $line) {
if (mb_strtolower($f_extension) == $line[0]) {
$f_extension_ok = 1;
}
}
}
if (is_uploaded_file($u_tmp_name) && $u_size > 0 && $u_size < $maxfile && $f_extension_ok && $pfs_totalsize + $u_size < $maxtotal) {
$fcheck = cot_file_check($u_tmp_name, $u_name, $f_extension);
if ($fcheck == 1) {
$pfs_dir_user = cot_pfs_path($userid);
$thumbs_dir_user = cot_pfs_thumbpath($userid);
if (!file_exists($pfs_dir_user . $npath . $u_newname)) {
$is_moved = true;
if ($cfg['pfs']['pfsuserfolder']) {
if (!is_dir($pfs_dir_user)) {
$is_moved &= mkdir($pfs_dir_user, $cfg['dir_perms']);
}
if (!is_dir($thumbs_dir_user)) {
$is_moved &= mkdir($thumbs_dir_user, $cfg['dir_perms']);
}
}
$is_moved &= move_uploaded_file($u_tmp_name, $pfs_dir_user . $npath . $u_newname);
$is_moved &= chmod($pfs_dir_user . $npath . $u_newname, $cfg['file_perms']);
$u_size = filesize($pfs_dir_user . $npath . $u_newname);
if ($is_moved && (int) $u_size > 0) {
/* === Hook === */
foreach (cot_getextplugins('pfs.upload.moved') as $pl) {
include $pl;
}
/* ===== */
$db->insert($db_pfs, array('pfs_userid' => (int) $userid, 'pfs_date' => (int) $sys['now'], 'pfs_file' => $u_sqlname, 'pfs_extension' => $f_extension, 'pfs_folderid' => (int) $folderid, 'pfs_desc' => $desc, 'pfs_size' => (int) $u_size, 'pfs_count' => 0));
$db->update($db_pfs_folders, array('pff_updated' => $sys['now']), 'pff_id="' . $folderid . '"');
$disp_errors .= $L['Yes'];
$pfs_totalsize += $u_size;
/* === Hook === */
foreach (cot_getextplugins('pfs.upload.done') as $pl) {
include $pl;
}
/* ===== */
if (in_array($f_extension, $gd_supported) && $cfg['pfs']['th_amode'] != 'Disabled' && file_exists($pfs_dir_user . $u_newname)) {
@unlink($thumbs_dir_user . $npath . $u_newname);
$th_colortext = array(hexdec(substr($cfg['pfs']['th_colortext'], 0, 2)), hexdec(substr($cfg['pfs']['th_colortext'], 2, 2)), hexdec(substr($cfg['pfs']['th_colortext'], 4, 2)));
$th_colorbg = array(hexdec(substr($cfg['pfs']['th_colorbg'], 0, 2)), hexdec(substr($cfg['pfs']['th_colorbg'], 2, 2)), hexdec(substr($cfg['pfs']['th_colorbg'], 4, 2)));
cot_imageresize($pfs_dir_user . $npath . $u_newname, $cfg['pfs']['thumbs_dir_user'] . $npath . $u_newname, $cfg['pfs']['th_x'], $cfg['pfs']['th_y'], '', $th_colorbg, $cfg['pfs']['th_jpeg_quality'], true);
}
} else {
@unlink($pfs_dir_user . $npath . $u_newname);
$disp_errors .= $L['pfs_filenotmoved'];
}
} else {
$disp_errors .= $L['pfs_fileexists'];
}
} elseif ($fcheck == 2) {
$disp_errors .= sprintf($L['pfs_filemimemissing'], $f_extension);
} else {
$disp_errors .= sprintf($L['pfs_filenotvalid'], $f_extension);
}
} else {
$disp_errors .= $L['pfs_filetoobigorext'];
}
$err_msg[] = $disp_errors;
}
}
return $folderid;
}
/**
* Process uploaded user images files for certain User
*
* @param number $uid User ID for uploads to be attached
* @return boolean|number Number of uploaded images or false for incorrect $uid
*/
function cot_userimages_process_uploads($uid = null)
{
global $cfg, $usr, $m;
$files = 0;
if ($_FILES) {
if (is_null($uid) || empty($uid)) {
$uid = $usr['id'];
}
if (!is_numeric($uid) || $uid != (int) $uid || $uid < 1) {
return false;
}
if ($uid != $usr['id'] || $m == 'edit') {
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('users', 'a');
if (!$usr['isadmin']) {
return 0;
}
$usermode = true;
}
@clearstatcache();
$userimages = cot_userimages_config_get();
foreach ($userimages as $code => $settings) {
$file = $_FILES[$usermode ? $code . ':' . $uid : $code];
if (!$file) {
continue;
}
if (!empty($file['tmp_name']) && $file['size'] > 0 && is_uploaded_file($file['tmp_name'])) {
$gd_supported = array('jpg', 'jpeg', 'png', 'gif');
$var = explode(".", $file['name']);
$file_ext = strtolower(array_pop($var));
$fcheck = cot_file_check($file['tmp_name'], $file['name'], $file_ext);
if (in_array($file_ext, $gd_supported) && $fcheck == 1) {
$file['name'] = cot_safename($file['name'], true);
$path = $code == 'avatar' ? $cfg['avatars_dir'] : $cfg['photos_dir'];
$filename_full = $uid . '-' . strtolower($code != 'avatar' ? $code . '-' . $file['name'] : $file['name']);
$filepath = $path . '/' . $filename_full;
if (file_exists($filepath)) {
unlink($filepath);
}
move_uploaded_file($file['tmp_name'], $filepath);
cot_imageresize($filepath, $filepath, $settings['width'], $settings['height'], $settings['crop'], '', 100);
@chmod($filepath, $cfg['file_perms']);
/* === Hook === */
foreach (cot_getextplugins('profile.update.' . $code) as $pl) {
include $pl;
}
/* ===== */
$sql = cot::$db->query("SELECT user_" . cot::$db->prep($code) . " FROM " . cot::$db->users . " WHERE user_id=" . $uid);
if ($oldimage = $sql->fetchColumn()) {
if (file_exists($oldimage)) {
unlink($oldimage);
}
}
$sql = cot::$db->update(cot::$db->users, array("user_" . $code => $filepath), "user_id='" . $uid . "'");
$files++;
} elseif ($fcheck == 2) {
cot_error(sprintf($L['pfs_filemimemissing'], $file_ext), $code);
} else {
cot_error(sprintf($L['userimages_' . $code . 'notvalid'], $file_ext), $code);
}
}
}
}
return $files;
}
$pfs_fullfile = $pfs_dir_user . $pfs_file;
$pfs_filesize = $row['pfs_size'];
$pfs_icon = $icon[$pfs_extension];
$dotpos = mb_strrpos($pfs_file, ".") + 1;
$pfs_realext = mb_strtolower(mb_substr($pfs_file, $dotpos, 5));
unset($add_thumbnail, $add_image);
$add_file = $standalone ? cot_rc('pfs_link_addfile') : '';
if ($pfs_extension != $pfs_realext) {
$db->update($db_pfs, array('pfs_extension' => $pfs_realext), "pfs_id={$pfs_id}");
$pfs_extension = $pfs_realext;
}
if (in_array($pfs_extension, $gd_supported) && $cfg['pfs']['th_amode'] != 'Disabled') {
if (!file_exists($thumbs_dir_user . $pfs_file) && file_exists($pfs_dir_user . $pfs_file)) {
$th_colortext = array(hexdec(mb_substr($cfg['pfs']['th_colortext'], 0, 2)), hexdec(mb_substr($cfg['pfs']['th_colortext'], 2, 2)), hexdec(mb_substr($cfg['pfs']['th_colortext'], 4, 2)));
$th_colorbg = array(hexdec(mb_substr($cfg['pfs']['th_colorbg'], 0, 2)), hexdec(mb_substr($cfg['pfs']['th_colorbg'], 2, 2)), hexdec(mb_substr($cfg['pfs']['th_colorbg'], 4, 2)));
cot_imageresize($pfs_dir_user . $pfs_file, $thumbs_dir_user . $pfs_file, $cfg['pfs']['th_x'], $cfg['pfs']['th_y'], '', $th_colorbg, $cfg['pfs']['th_jpeg_quality'], true);
}
if ($standalone) {
$add_thumbnail .= cot_rc('pfs_link_addthumb');
$add_image = cot_rc('pfs_link_addpix');
}
if ($opt == 'thumbs') {
$pfs_icon = cot_rc('pfs_link_thumbnail', array('thumbpath' => $thumbs_dir_user));
}
}
$t->assign(array('PFS_ROW_ID' => $pfs_id, 'PFS_ROW_FILE' => $pfs_file, 'PFS_ROW_DATE' => cot_date('datetime_medium', $pfs_date), 'PFS_ROW_DATE_STAMP' => $pfs_date, 'PFS_ROW_EXT' => $pfs_extension, 'PFS_ROW_DESC' => $pfs_desc, 'PFS_ROW_TYPE' => $filedesc[$pfs_extension], 'PFS_ROW_FILE_URL' => $pfs_fullfile, 'PFS_ROW_SIZE' => cot_build_filesize($pfs_filesize, 1), 'PFS_ROW_SIZE_BYTES' => $pfs_filesize, 'PFS_ROW_ICON' => $pfs_icon, 'PFS_ROW_DELETE_URL' => cot_confirm_url(cot_url('pfs', 'a=delete&' . cot_xg() . '&id=' . $pfs_id . '&' . $more . '&opt=' . $opt), 'pfs', 'pfs_confirm_delete_file'), 'PFS_ROW_EDIT_URL' => cot_url('pfs', 'm=edit&id=' . $pfs_id . '&' . $more), 'PFS_ROW_COUNT' => $row['pfs_count'], 'PFS_ROW_INSERT' => $standalone ? $add_thumbnail . $add_image . $add_file : ''));
/* === Hook - Part2 : Include === */
foreach ($extp as $pl) {
include $pl;
}
/* ===== */
