/** * Upload personal photo function * Assumes all security checks have been performed by this point * * @access public * @param integer [Optional] member id instead of current member * @return array [ error (error message), status (status message [ok/fail] ) ] */ public function uploadPhoto($member_id = 0) { //----------------------------------------- // INIT //----------------------------------------- $return = array('error' => '', 'status' => '', 'final_location' => '', 'final_width' => '', 'final_height' => '', 't_final_location' => '', 't_final_width' => '', 't_final_height' => ''); $member_id = $member_id ? intval($member_id) : intval($this->memberData['member_id']); $memberData = IPSMember::load($member_id); $real_name = ''; $upload_dir = ''; $t_real_name = ''; $p_max = $memberData['photoMaxKb']; if (IN_ACP) { $p_max = 10000; } if (!$member_id) { return array('status' => 'cannot_find_member'); } /* Fix up upload directory */ $paths = $this->_getProfileUploadPaths(); $upload_path = $paths['path']; $upload_dir = $paths['dir']; /* Check for an upload */ if ($_FILES['upload_photo']['name'] != "" and $_FILES['upload_photo']['name'] != "none") { if (!IPSMember::canUploadPhoto($memberData)) { $return['status'] = 'fail'; $return['error'] = 'no_photo_upload_permission'; return $return; } $real_name = 'photo-' . $member_id; /* Fetch library */ require_once IPS_KERNEL_PATH . 'classUpload.php'; /*noLibHook*/ $upload = new classUpload(); /* Bit of set up */ $upload->out_file_name = 'photo-' . $member_id; $upload->out_file_dir = $upload_path; $upload->max_file_size = $p_max * 1024; $upload->upload_form_field = 'upload_photo'; /* Set up our allowed types */ $upload->allowed_file_ext = array('gif', 'png', 'jpg', 'jpeg'); /* Remove any current photos - http://community.invisionpower.com/resources/bugs.html/_/ip-board/profile-picture-not-removed-on-replacement-r41405 */ $this->removeUploadedPhotos($member_id, $upload_path); /* Upload */ $upload->process(); /* Oops, what happened? */ if ($upload->error_no) { switch ($upload->error_no) { case 1: // No upload $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; case 2: // Invalid file ext $return['status'] = 'fail'; $return['error'] = 'invalid_file_extension'; break; case 3: // Too big... $return['status'] = 'fail'; $return['error'] = 'upload_to_big'; break; case 4: // Cannot move uploaded file $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; case 5: // Possible XSS attack (image isn't an image) $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; } return $return; } /* We got this far.. */ $real_name = $upload->parsed_file_name; $t_real_name = $upload->parsed_file_name; /* Now build sized copies */ $return = $this->buildSizedPhotos($upload->parsed_file_name, $member_id); } return $return; }
/** * Uploads and saves file * * @return mixed void, or the new insert id */ public function processUpload() { //----------------------------------------- // INIT //----------------------------------------- $this->error = ''; $this->getUploadFormSettings(); //----------------------------------------- // Check upload dir //----------------------------------------- if (!$this->checkUploadDirectory()) { if ($this->error) { return; } } //----------------------------------------- // Can upload? //----------------------------------------- if (!$this->attach_stats['allow_uploads']) { $this->error = 'upload_failed'; return; } //----------------------------------------- // Got attachment types? //----------------------------------------- if (!$this->registry->cache()->getCache('attachtypes') or !is_array($this->registry->cache()->getCache('attachtypes'))) { $attachtypes = array(); $this->DB->build(array('select' => 'atype_extension,atype_mimetype,atype_post,atype_img', 'from' => 'attachments_type', 'where' => "atype_post=1")); $this->DB->execute(); while ($r = $this->DB->fetch()) { $attachtypes[$r['atype_extension']] = $r; } $this->registry->cache()->updateCacheWithoutSaving('attachtypes', $attachtypes); } //----------------------------------------- // Set up array //----------------------------------------- $attach_data = array('attach_ext' => "", 'attach_file' => "", 'attach_location' => "", 'attach_thumb_location' => "", 'attach_hits' => 0, 'attach_date' => time(), 'attach_post_key' => $this->attach_post_key, 'attach_member_id' => $this->memberData['member_id'], 'attach_rel_id' => $this->attach_rel_id, 'attach_rel_module' => $this->type, 'attach_filesize' => 0); //----------------------------------------- // Load the library //----------------------------------------- require_once IPS_KERNEL_PATH . 'classUpload.php'; /*noLibHook*/ $upload = new classUpload(); //----------------------------------------- // Set up the variables //----------------------------------------- $upload->out_file_name = $this->type . '-' . $this->memberData['member_id'] . '-' . str_replace(array('.', ' '), '-', microtime()); $upload->out_file_dir = $this->upload_path; $upload->max_file_size = $this->attach_stats['max_single_upload'] ? $this->attach_stats['max_single_upload'] : 1000000000; $upload->make_script_safe = 1; $upload->force_data_ext = 'ipb'; //----------------------------------------- // Populate allowed extensions //----------------------------------------- if (is_array($this->registry->cache()->getCache('attachtypes')) and count($this->registry->cache()->getCache('attachtypes'))) { /* SKINNOTE: I had to add [attachtypes] to this cache to make it work, may need fixing? */ //$tmp = $this->registry->cache()->getCache('attachtypes'); foreach ($this->registry->cache()->getCache('attachtypes') as $idx => $data) { if ($data['atype_post']) { $upload->allowed_file_ext[] = $data['atype_extension']; } } } //----------------------------------------- // Upload... //----------------------------------------- $upload->process(); //----------------------------------------- // Error? //----------------------------------------- if ($upload->error_no) { switch ($upload->error_no) { case 1: // No upload $this->error = 'upload_no_file'; return $attach_data; break; case 2: // Invalid file ext $this->error = 'invalid_mime_type'; return $attach_data; break; case 3: // Too big... $this->error = 'upload_too_big'; return $attach_data; break; case 4: // Cannot move uploaded file $this->error = 'upload_failed'; return $attach_data; break; case 5: // Possible XSS attack (image isn't an image) $this->error = 'upload_failed'; return $attach_data; break; } } //----------------------------------------- // Still here? //----------------------------------------- if ($upload->saved_upload_name and @is_file($upload->saved_upload_name)) { //----------------------------------------- // Strip off { } and [ ] //----------------------------------------- $upload->original_file_name = str_replace(array('[', ']', '{', '}'), "", $upload->original_file_name); $attach_data['attach_filesize'] = @filesize($upload->saved_upload_name); $attach_data['attach_location'] = $this->upload_dir . $upload->parsed_file_name; if (IPSText::isUTF8($upload->original_file_name)) { $attach_data['attach_file'] = IPSText::convertCharsets($upload->original_file_name, "UTF-8", IPS_DOC_CHAR_SET); } else { $attach_data['attach_file'] = $upload->original_file_name; } $attach_data['attach_is_image'] = $upload->is_image; $attach_data['attach_ext'] = $upload->real_file_extension; if ($attach_data['attach_is_image'] == 1) { require_once IPS_KERNEL_PATH . 'classImage.php'; /*noLibHook*/ require_once IPS_KERNEL_PATH . 'classImageGd.php'; /*noLibHook*/ /* Main attachment */ if (!empty($this->settings['attach_img_max_w']) and !empty($this->settings['attach_img_max_h'])) { $image = new classImageGd(); $image->init(array('image_path' => $this->upload_path, 'image_file' => $upload->parsed_file_name)); $image->force_resize = false; if ($imgData = $image->resizeImage($this->settings['attach_img_max_w'], $this->settings['attach_img_max_h'], false, true)) { if (!$imgData['noResize']) { $image->writeImage($this->upload_path . '/' . $upload->parsed_file_name); } if (is_array($imgData)) { $attach_data['attach_img_width'] = $imgData['newWidth']; $attach_data['attach_img_height'] = $imgData['newHeight']; } $attach_data['attach_filesize'] = @filesize($this->upload_path . '/' . $upload->parsed_file_name); } } /* Thumb nail */ $image = new classImageGd(); $image->force_resize = true; $image->init(array('image_path' => $this->upload_path, 'image_file' => $upload->parsed_file_name)); if (TRUE) { if ($this->attach_settings['siu_width'] < $attach_data['attach_img_width'] or $this->attach_settings['siu_height'] < $attach_data['attach_img_height']) { $_thumbName = preg_replace('#^(.*)\\.(\\w+?)$#', "\\1_thumb.\\2", $upload->parsed_file_name); if ($thumb_data = $image->resizeImage($this->attach_settings['siu_width'], $this->attach_settings['siu_height'])) { $image->writeImage($this->upload_path . '/' . $_thumbName); if (is_array($thumb_data)) { $thumb_data['thumb_location'] = $_thumbName; } } } else { /* Instead of building a thumb the same size as the main image, just copy the details */ $thumb_data = array('thumb_location' => $upload->parsed_file_name, 'newWidth' => $attach_data['attach_img_width'], 'newHeight' => $attach_data['attach_img_height']); } } if ($thumb_data['thumb_location']) { $attach_data['attach_img_width'] = $thumb_data['originalWidth']; $attach_data['attach_img_height'] = $thumb_data['originalHeight']; $attach_data['attach_thumb_width'] = $thumb_data['newWidth']; $attach_data['attach_thumb_height'] = $thumb_data['newHeight']; $attach_data['attach_thumb_location'] = $this->upload_dir . $thumb_data['thumb_location']; } } //----------------------------------------- // Make sure we send integers // @link http://community.invisionpower.com/tracker/issue-32511-attachments-mysql-strict-mode //----------------------------------------- $attach_data['attach_img_width'] = intval($attach_data['attach_img_width']); $attach_data['attach_img_height'] = intval($attach_data['attach_img_height']); $attach_data['attach_thumb_width'] = intval($attach_data['attach_thumb_width']); $attach_data['attach_thumb_height'] = intval($attach_data['attach_thumb_height']); //----------------------------------------- // Add into Database //----------------------------------------- $this->DB->insert('attachments', $attach_data); $newid = $this->DB->getInsertId(); return $newid; } }
/** * Saves the member's avatar * * @param INT Member's ID to save * @param string Upload field name [Default is "upload_avatar"] * @param string Avatar URL Field [Default is "avatar_url"] * @param string Gallery Avatar Directory Field [Default is "avatar_gallery"] * @param string Gallery Avatar Image Field [Default is "avatar_image"] * @author Brandon Farber, Stolen By Matt 'Haxor' Mecham * <code> * Excepton Codes: * NO_MEMBER_ID: A valid member ID was not passed. * NO_PERMISSION: You do not have permission to change the avatar * UPLOAD_NO_IMAGE: Nothing to upload * UPLOAD_INVALID_FILE_EXT: Incorrect file extension (not an image) * UPLOAD_TOO_LARGE: Upload is larger than allowed * UPLOAD_CANT_BE_MOVED: Upload cannot be moved into the uploads directory * UPLOAD_NOT_IMAGE: Upload is not an image, despite what the file extension says! * NO_AVATAR_TO_SAVE: Nothing to save! * </code> */ public function saveNewAvatar($member_id, $uploadFieldName = 'upload_avatar', $urlFieldName = 'avatar_url', $galleryFieldName = 'avatar_gallery', $avatarGalleryImage = 'avatar_image', $gravatarFieldName = 'gravatar_email') { //----------------------------------------- // INIT //----------------------------------------- $avatar = array(); list($p_width, $p_height) = explode("x", strtolower($this->settings['avatar_dims'])); if (!$member_id) { throw new Exception("NO_MEMBER_ID"); } $member = IPSMember::load($member_id, 'extendedProfile,groups'); if (!$member['member_id']) { throw new Exception("NO_MEMBER_ID"); } //----------------------------------------- // Allowed to upload pics for administrators? //----------------------------------------- if (IPS_AREA != 'public') { if ($member['g_access_cp'] and !$this->registry->getClass('class_permissions')->checkPermission('member_photo_admin', 'members', 'members')) { throw new Exception("NO_PERMISSION"); } } //----------------------------------------- // Upload? //----------------------------------------- if ($_FILES[$uploadFieldName]['name'] != "" and $_FILES[$uploadFieldName]['name'] != "none") { $this->settings['upload_dir'] = str_replace('.', '.', $this->settings['upload_dir']); $real_name = 'av-' . $member_id; require_once IPS_KERNEL_PATH . 'classUpload.php'; $upload = new classUpload(); $upload->out_file_name = $real_name; $upload->out_file_dir = $this->settings['upload_dir']; $upload->max_file_size = $this->settings['avup_size_max'] * 1024 * 8; // Allow xtra for compression $upload->upload_form_field = $uploadFieldName; //----------------------------------------- // Populate allowed extensions //----------------------------------------- if (is_array($this->cache->getCache('attachtypes')) and count($this->cache->getCache('attachtypes'))) { foreach ($this->cache->getCache('attachtypes') as $data) { if ($data['atype_photo']) { if ($data['atype_extension'] == 'swf' and $this->settings['disable_flash']) { continue; } $upload->allowed_file_ext[] = $data['atype_extension']; } } } //----------------------------------------- // Upload... //----------------------------------------- $upload->process(); //----------------------------------------- // Error? //----------------------------------------- if ($upload->error_no) { switch ($upload->error_no) { case 1: // No upload throw new Exception("UPLOAD_NO_IMAGE"); break; case 2: // Invalid file ext throw new Exception("UPLOAD_INVALID_FILE_EXT"); break; case 3: // Too big... throw new Exception("UPLOAD_TOO_LARGE"); break; case 4: // Cannot move uploaded file throw new Exception("UPLOAD_CANT_BE_MOVED"); break; case 5: // Possible XSS attack (image isn't an image) throw new Exception("UPLOAD_NOT_IMAGE"); break; } } $real_name = $upload->parsed_file_name; $im = array(); if (!$this->settings['disable_ipbsize'] and $upload->file_extension != '.swf') { $imageDimensions = getimagesize($this->settings['upload_dir'] . '/' . $real_name); if ($imageDimensions[0] > $p_width or $imageDimensions[1] > $p_height) { require_once IPS_KERNEL_PATH . "classImage.php"; require_once IPS_KERNEL_PATH . "classImageGd.php"; $image = new classImageGd(); $image->init(array('image_path' => $this->settings['upload_dir'], 'image_file' => $real_name)); $return = $image->resizeImage($p_width, $p_height); $image->writeImage($this->settings['upload_dir'] . '/' . $real_name); $im['img_width'] = $return['newWidth'] ? $return['newWidth'] : $image->cur_dimensions['width']; $im['img_height'] = $return['newHeight'] ? $return['newHeight'] : $image->cur_dimensions['height']; } else { $im['img_width'] = $imageDimensions[0]; $im['img_height'] = $imageDimensions[1]; } } else { $w = intval($this->request['man_width']) ? intval($this->request['man_width']) : $p_width; $h = intval($this->request['man_height']) ? intval($this->request['man_height']) : $p_height; $im['img_width'] = $w > $p_width ? $p_width : $w; $im['img_height'] = $h > $p_height ? $p_height : $h; } //----------------------------------------- // Set the "real" avatar.. //----------------------------------------- $avatar['avatar_location'] = $real_name; $avatar['avatar_size'] = $im['img_width'] . 'x' . $im['img_height']; $avatar['avatar_type'] = 'upload'; } else { if ($this->request[$urlFieldName] and IPSText::xssCheckUrl($this->request[$urlFieldName]) === true) { $ext = explode(",", $this->settings['avatar_ext']); $checked = 0; $av_ext = preg_replace("/^.*\\.(\\S+)\$/", "\\1", $this->request[$urlFieldName]); foreach ($ext as $v) { if (strtolower($v) == strtolower($av_ext)) { if ($v == 'swf' and $this->settings['disable_flash']) { throw new Exception("INVALID_FILE_EXT"); } $checked = 1; break; } } if ($checked != 1) { throw new Exception("INVALID_FILE_EXT"); } if (!$this->settings['disable_ipbsize']) { if (!($img_size = @getimagesize($this->request[$urlFieldName]))) { $img_size[0] = $p_width; $img_size[1] = $p_height; } $im = IPSLib::scaleImage(array('max_width' => $p_width, 'max_height' => $p_height, 'cur_width' => $img_size[0], 'cur_height' => $img_size[1])); } else { $w = intval($this->request['man_width']) ? intval($this->request['man_width']) : $p_width; $h = intval($this->request['man_height']) ? intval($this->request['man_height']) : $p_height; $im['img_width'] = $w > $p_width ? $p_width : $w; $im['img_height'] = $h > $p_height ? $p_height : $h; } $avatar['avatar_location'] = trim($this->request[$urlFieldName]); $avatar['avatar_size'] = $im['img_width'] . 'x' . $im['img_height']; $avatar['avatar_type'] = 'url'; } else { if (isset($this->request[$galleryFieldName]) and $this->request[$avatarGalleryImage]) { $directory = ''; if ($this->request[$galleryFieldName]) { $directory = preg_replace("/[^\\s\\w_-]/", "", urldecode($this->request[$galleryFieldName])); if ($directory) { $directory .= '/'; } } $filename = preg_replace("/[^\\s\\w\\._\\-\\[\\]\\(\\)]/", "", urldecode($this->request[$avatarGalleryImage])); if (file_exists(DOC_IPS_ROOT_PATH . PUBLIC_DIRECTORY . '/style_avatars/' . $directory . $filename)) { $avatar['avatar_location'] = $directory . $filename; $avatar['avatar_size'] = ''; $avatar['avatar_type'] = 'local'; } } else { if ($this->request[$gravatarFieldName] && $this->request[$gravatarFieldName] && $this->settings['allow_gravatars']) { $avatar['avatar_location'] = strtolower($this->request[$gravatarFieldName]); $avatar['avatar_type'] = 'gravatar'; } } } } //----------------------------------------- // No avatar image? //----------------------------------------- if (!count($avatar)) { throw new Exception("NO_AVATAR_TO_SAVE"); } else { if ($avatar['avatar_type'] != 'upload') { foreach (array('swf', 'jpg', 'jpeg', 'gif', 'png') as $ext) { if (@file_exists($this->settings['upload_dir'] . "/av-" . $member_id . "." . $ext)) { @unlink($this->settings['upload_dir'] . "/av-" . $member_id . "." . $ext); } } } } //----------------------------------------- // Store and redirect //----------------------------------------- IPSMember::save($member_id, array('extendedProfile' => $avatar)); return TRUE; }
/** * Upload background image * Assumes all security checks have been performed by this point * * @access public * @param integer [Optional] member id instead of current member * @return array [ error (error message), status (status message [ok/fail] ) ] */ public function uploadBackgroundImage($member_id = 0) { /* Init vars */ $member_id = $member_id ? intval($member_id) : intval($this->memberData['member_id']); $p_max = $this->memberData['g_max_bgimg_upload'] ? intval($this->memberData['g_max_bgimg_upload']) : 999999999; $real_name = ''; $upload_dir = ''; $final_location = ''; $return = array('error' => '', 'status' => '', 'final_location' => '', 'maxSize' => $p_max); if (!$member_id) { return array('status' => 'cannot_find_member'); } //----------------------------------------- // Sort out upload dir //----------------------------------------- /* Fix for bug 5075 */ $this->settings['upload_dir'] = str_replace('.', '.', $this->settings['upload_dir']); $upload_path = $this->settings['upload_dir']; # Preserve original path $_upload_path = $this->settings['upload_dir']; //----------------------------------------- // Already a dir? //----------------------------------------- if (!file_exists($upload_path . "/bgimages")) { if (@mkdir($upload_path . "/bgimages", IPS_FOLDER_PERMISSION)) { @file_put_contents($upload_path . '/bgimages/index.html', ''); @chmod($upload_path . "/bgimages", IPS_FOLDER_PERMISSION); # Set path and dir correct $upload_path .= "/bgimages"; $upload_dir = "bgimages/"; } else { # Set path and dir correct $upload_dir = ""; } } else { # Set path and dir correct $upload_path .= "/bgimages"; $upload_dir = "bgimages/"; } //----------------------------------------- // Lets check for an uploaded photo.. //----------------------------------------- if ($_FILES['bg_upload']['name'] != "" and $_FILES['bg_upload']['name'] != "none") { //----------------------------------------- // Are we allowed to upload this photo? //----------------------------------------- if ($p_max < 0) { $return['status'] = 'fail'; $return['error'] = 'no_bgimg_upload_permission'; } //----------------------------------------- // Remove any uploaded photos... //----------------------------------------- $this->removeUploadedBackgroundImages($member_id); $real_name = 'bgimg-' . $member_id; //----------------------------------------- // Load the library //----------------------------------------- require_once IPS_KERNEL_PATH . 'classUpload.php'; /*noLibHook*/ $upload = new classUpload(); //----------------------------------------- // Set up the variables //----------------------------------------- $upload->out_file_name = 'bgimg-' . $member_id; $upload->out_file_dir = $upload_path; $upload->max_file_size = $p_max * 1024; $upload->upload_form_field = 'bg_upload'; //----------------------------------------- // Populate allowed extensions //----------------------------------------- $upload->allowed_file_ext = array('gif', 'png', 'jpg', 'jpeg'); //----------------------------------------- // Upload... //----------------------------------------- $upload->process(); //----------------------------------------- // Error? //----------------------------------------- if ($upload->error_no) { switch ($upload->error_no) { case 1: // No upload $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; case 2: // Invalid file ext $return['status'] = 'fail'; $return['error'] = 'invalid_file_extension'; break; case 3: // Too big... $return['status'] = 'fail'; $return['error'] = 'upload_to_big'; break; case 4: // Cannot move uploaded file $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; case 5: // Possible XSS attack (image isn't an image) $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; } return $return; } //----------------------------------------- // Still here? //----------------------------------------- $real_name = $upload->parsed_file_name; $t_real_name = $upload->parsed_file_name; //----------------------------------------- // Check the file size (after compression) //----------------------------------------- if (filesize($upload_path . "/" . $real_name) > $p_max * 1024) { @unlink($upload_path . "/" . $real_name); // Too big... $return['status'] = 'fail'; $return['error'] = 'upload_to_big'; return $return; } //----------------------------------------- // Main //----------------------------------------- $final_location = $upload_dir . $real_name; } else { $return['status'] = 'ok'; return $return; } //----------------------------------------- // Return... //----------------------------------------- $return['final_location'] = $final_location; $return['status'] = 'ok'; return $return; }
/** * Upload a file * * @access protected * @return void */ protected function _uploadFile() { //----------------------------------------- // Check path //----------------------------------------- $path = urldecode($this->request['in']); $this->_checkPath($path); //----------------------------------------- // Get upload class and do upload //----------------------------------------- require_once IPS_KERNEL_PATH . 'classUpload.php'; $upload = new classUpload(); $upload->upload_form_field = 'FILE_UPLOAD'; $upload->allowed_file_ext = array('gif', 'bmp', 'png', 'jpg', 'jpeg', 'tiff'); $upload->out_file_dir = $path; $upload->max_file_size = '10000000'; $upload->process(); //----------------------------------------- // Successful? //----------------------------------------- if ($upload->error_no) { switch ($upload->error_no) { case 1: $this->registry->output->showError($this->lang->words['upload_error_1']); break; case 2: $this->registry->output->showError($this->lang->words['upload_error_2']); break; case 3: $this->registry->output->showError($this->lang->words['upload_error_3']); break; case 4: $this->registry->output->showError($this->lang->words['upload_error_4']); break; case 5: $this->registry->output->showError($this->lang->words['upload_error_5']); break; } } $this->registry->output->global_message = $this->lang->words['file_uploaded']; $this->registry->output->silentRedirectWithMessage($this->settings['base_url'] . 'module=media§ion=list&do=viewdir&dir=' . $path); }
/** * Uploads and saves file * * @access public * @return mixed void, or an array of new insert ids */ public function processMultipleUploads() { /* INIT */ $this->error = ''; $this->getUploadFormSettings(); /* Check the upload directory */ if (!$this->checkUploadDirectory()) { if ($this->error) { return; } } /* Setup Attachment Types */ if (!$this->registry->cache()->getCache('attachtypes') or !is_array($this->registry->cache()->getCache('attachtypes'))) { $attachtypes = array(); $this->DB->build(array('select' => 'atype_extension,atype_mimetype,atype_post,atype_photo,atype_img', 'from' => 'attachments_type', 'where' => "atype_photo=1 OR atype_post=1")); $this->DB->execute(); while ($r = $this->DB->fetch()) { $attachtypes[$r['atype_extension']] = $r; } $this->registry->cache()->updateCacheWithoutSaving('attachtypes', $attachtypes); } /* Can Upload */ if (!$this->attach_stats['allow_uploads']) { $this->error = 'upload_failed'; return; } /* Attachment Library */ require_once IPS_KERNEL_PATH . 'classUpload.php'; $upload = new classUpload(); /* Set up the library */ $upload->out_file_dir = $this->upload_path; $upload->max_file_size = $this->attach_stats['max_single_upload'] ? $this->attach_stats['max_single_upload'] : 1000000000; $upload->make_script_safe = 1; $upload->force_data_ext = 'ipb'; /* Populate allowed extensions */ if (is_array($this->registry->cache()->getCache('attachtypes')) and count($this->registry->cache()->getCache('attachtypes'))) { /* SKINNOTE: I had to add [attachtypes] to this cache to make it work, may need fixing? */ //$tmp = $this->registry->cache()->getCache('attachtypes'); foreach ($this->registry->cache()->getCache('attachtypes') as $idx => $data) { if ($data['atype_post']) { $upload->allowed_file_ext[] = $data['atype_extension']; } } } /* Attempt to upload everything int he $_FILES array */ $upload_results = array(); if (isset($_FILES) && is_array($_FILES) && count($_FILES)) { foreach ($_FILES as $_field_name => $data) { if (!$_FILES[$_field_name]['size']) { continue; } /* Set File Name */ $upload->out_file_name = $this->type . '-' . $this->memberData['member_id'] . '-' . time() % $_FILES[$_field_name]['size']; /* Set File Name */ $upload->upload_form_field = $_field_name; /* Attachment Data Array */ $attach_data = array('attach_ext' => "", 'attach_file' => "", 'attach_location' => "", 'attach_thumb_location' => "", 'attach_hits' => 0, 'attach_date' => time(), 'attach_temp' => 0, 'attach_post_key' => $this->attach_post_key, 'attach_member_id' => $this->memberData['member_id'], 'attach_rel_id' => $this->attach_rel_id, 'attach_rel_module' => $this->type, 'attach_filesize' => 0); /* Upload... */ $upload->process(); /* Error Check */ if ($upload->error_no) { switch ($upload->error_no) { case 1: // No upload $upload_results[$_field_name] = 'upload_no_file'; break; case 2: // Invalid file ext $upload_results[$_field_name] = 'invalid_mime_type'; break; case 3: // Too big... $upload_results[$_field_name] = 'upload_too_big'; break; case 4: // Cannot move uploaded file $upload_results[$_field_name] = 'upload_failed'; break; case 5: // Possible XSS attack (image isn't an image) $upload_results[$_field_name] = 'upload_failed'; break; } } /* Still Here */ if ($upload->saved_upload_name and @file_exists($upload->saved_upload_name)) { /* Strip off { } and [ ] */ $upload->original_file_name = str_replace(array('[', ']', '{', '}'), "", $upload->original_file_name); $attach_data['attach_filesize'] = @filesize($upload->saved_upload_name); $attach_data['attach_location'] = $this->upload_dir . $upload->parsed_file_name; $attach_data['attach_file'] = $upload->original_file_name; $attach_data['attach_is_image'] = $upload->is_image; $attach_data['attach_ext'] = $upload->real_file_extension; if ($attach_data['attach_is_image'] == 1) { require_once IPS_KERNEL_PATH . "classImage.php"; require_once IPS_KERNEL_PATH . "classImageGd.php"; $image = new classImageGd(); $image->init(array('image_path' => $this->upload_path, 'image_file' => $upload->parsed_file_name)); if ($this->attach_settings['siu_thumb']) { $_thumbName = preg_replace("#^(.*)\\.(\\w+?)\$#", "\\1_thumb.\\2", $upload->parsed_file_name); $thumb_data = $image->resizeImage($this->attach_settings['siu_width'], $this->attach_settings['siu_height']); $image->writeImage($this->upload_path . '/' . $_thumbName); if (is_array($thumb_data)) { $thumb_data['thumb_location'] = $_thumbName; } } if ($thumb_data['thumb_location']) { $attach_data['attach_img_width'] = $thumb_data['originalWidth']; $attach_data['attach_img_height'] = $thumb_data['originalHeight']; $attach_data['attach_thumb_width'] = $thumb_data['newWidth']; $attach_data['attach_thumb_height'] = $thumb_data['newHeight']; $attach_data['attach_thumb_location'] = $this->upload_dir . $thumb_data['thumb_location']; } } /* Add into Database */ $this->DB->insert('attachments', $attach_data); $upload_results[$_field_name] = $this->DB->getInsertId(); } } } return $upload_results; }