function do_upload_photo()
{
global $vbulletin, $db, $show, $vbphrase, $foruminfo, $userinfo, $albuminfo, $session, $contenttypeid;
$vbulletin->input->clean_array_gpc('p', array('caption' => TYPE_STR));
if (empty($albuminfo)) {
standard_error(fetch_error('invalidid', $vbphrase['album'], $vbulletin->options['contactuslink']));
}
// adding new, can only add in your own
if ($userinfo['userid'] != $vbulletin->userinfo['userid']) {
print_no_permission();
}
$vbulletin->input->clean_gpc('f', 'photo', TYPE_FILE);
// format vbulletin expects: $files[name][x]... we only have one per post
$vbulletin->GPC['attachment'] = array('name' => array($vbulletin->GPC['photo']['name']), 'tmp_name' => array($vbulletin->GPC['photo']['tmp_name']), 'error' => array($vbulletin->GPC['photo']['error']), 'size' => array($vbulletin->GPC['photo']['size']));
$values['albumid'] = $vbulletin->GPC['albumid'];
if (!($attachlib =& vB_Attachment_Store_Library::fetch_library($vbulletin, $contenttypeid, 0, $values))) {
json_error("could not create attachment store");
}
if (!$attachlib->verify_permissions()) {
json_error(ERR_NO_PERMISSION);
}
$uploadids = $attachlib->upload($vbulletin->GPC['attachment'], array(), $vbulletin->GPC['filedata']);
$uploads = explode(',', $uploadids);
if (!empty($attachlib->errors)) {
$errorlist = '';
foreach ($attachlib->errors as $error) {
$filename = htmlspecialchars_uni($error['filename']);
$errormessage = $error['error'] ? $error['error'] : $vbphrase["{$error['errorphrase']}"];
json_error($errormessage, RV_UPLOAD_ERROR);
}
}
// Fetch possible destination albums
$destination_result = $db->query_read("\n SELECT\n albumid, userid, title, coverattachmentid, state\n FROM " . TABLE_PREFIX . "album\n WHERE\n userid = {$userinfo['userid']}\n ");
$destinations = array();
if ($db->num_rows($destination_result)) {
while ($album = $db->fetch_array($destination_result)) {
$destinations[$album['albumid']] = $album;
}
}
$db->free_result($destination_result);
$picture_sql = $db->query_read("\n SELECT\n a.contentid, a.userid, a.caption, a.state, a.dateline, a.attachmentid, a.contenttypeid,\n filedata.extension, filedata.filesize, filedata.thumbnail_filesize, filedata.filedataid\n FROM " . TABLE_PREFIX . "attachment AS a\n INNER JOIN " . TABLE_PREFIX . "filedata AS filedata ON (a.filedataid = filedata.filedataid)\n WHERE\n a.contentid = 0\n AND\n a.attachmentid IN (" . implode(',', $uploads) . ")\n ");
while ($picture = $db->fetch_array($picture_sql)) {
$attachdata =& datamanager_init('Attachment', $vbulletin, ERRTYPE_ARRAY, 'attachment');
$attachdata->set_existing($picture);
$attachdata->set_info('albuminfo', $albuminfo);
$attachdata->set_info('destination', $destinations[$albuminfo['albumid']]);
$attachdata->set('contentid', $albuminfo['albumid']);
$attachdata->set('posthash', '');
$attachdata->set('caption', $vbulletin->GPC['caption']);
$attachdata->save();
}
// update all albums that pictures were moved to
foreach ($destinations as $albumid => $album) {
if (sizeof($album['moved_pictures'])) {
$albumdata =& datamanager_init('Album', $vbulletin, ERRTYPE_SILENT);
$albumdata->set_existing($album);
if (!$album['coverattachmentid']) {
$albumdata->set('coverattachmentid', array_shift($album['moved_pictures']));
}
$albumdata->rebuild_counts();
$albumdata->save();
unset($albumdata);
}
}
$albumdata =& datamanager_init('Album', $vbulletin, ERRTYPE_SILENT);
$albumdata->set_existing($albuminfo);
$albumdata->rebuild_counts();
if ($new_coverid or $updatecounter) {
if ($new_coverid or $cover_moved) {
$albumdata->set('coverattachmentid', $new_coverid);
}
}
$albumdata->save();
unset($albumdata);
// add to updated list
if (can_moderate(0, 'canmoderatepictures') or !$vbulletin->options['albums_pictures_moderation'] and $vbulletin->userinfo['permissions']['albumpermissions'] & $vbulletin->bf_ugp_albumpermissions['picturefollowforummoderation']) {
exec_album_updated($vbulletin->userinfo, $albuminfo);
}
return array('success' => true);
}
// pics uploaded and errors, show only names
foreach (array_keys($errors) as $uploadid) {
$error_names[] = urlencode($uploads["{$uploadid}"]['name']);
}
}
}
}
// else only pics got through; no errors
($hook = vBulletinHook::fetch_hook('album_picture_upload_complete')) ? eval($hook) : false;
if (!$moderatedpictures and $pictureids and !$albuminfo['coverpictureid']) {
// no cover -> set cover to the first pic uploaded
$db->query_write("\n\t\t\tUPDATE " . TABLE_PREFIX . "album SET\n\t\t\t\tcoverpictureid = " . reset($pictureids) . "\n\t\t\tWHERE albumid = {$albuminfo['albumid']}\n\t\t");
}
// add to updated list
if (can_moderate(0, 'canmoderatepictures') or !$vbulletin->options['albums_pictures_moderation'] and $vbulletin->userinfo['permissions']['albumpermissions'] & $vbulletin->bf_ugp_albumpermissions['picturefollowforummoderation']) {
exec_album_updated($vbulletin->userinfo, $albuminfo);
}
$vbulletin->url = 'album.php?' . $vbulletin->session->vars['sessionurl'] . "do=editpictures&albumid={$albuminfo['albumid']}" . "&pictureids[]=" . implode('&pictureids[]=', $pictureids) . ($error_names ? "&errors[]=" . implode('&errors[]=', $error_names) : '');
eval(print_standard_redirect('pictures_uploaded'));
}
// #######################################################################
if ($_REQUEST['do'] == 'addpictures') {
$uploadbits = '';
for ($i = 0; $i < $max_uploads; $i++) {
eval('$uploadbits .= "' . fetch_template('album_picture_uploadbit') . '";');
}
// let's show the information about remaining space if applicable (not an edit)
$show['max_pic_limit'] = $pics_remain !== null;
$show['max_totalsize_limit'] = $userinfo['permissions']['albummaxsize'];
$show['max_picsize_limit'] = $userinfo['permissions']['albumpicmaxsize'];
$show['max_dim_limit'] = ($userinfo['permissions']['albumpicmaxwidth'] or $userinfo['permissions']['albumpicmaxheight']);
/**
* Verifies permissions to attach content to albums
*
* @param object vB_Upload
* @param array Information about uploaded attachment
*
* @return integer
*/
protected function process_upload($upload, $attachment, $imageonly = false)
{
$exists = $this->registry->db->query_first("
SELECT COUNT(*) AS count
FROM " . TABLE_PREFIX . "attachment AS a
WHERE
a.contentid = 0
AND
a.posthash = '" . $this->registry->db->escape_string($this->values['posthash']) . "'
");
$existing = $existing['count'];
$this->contentid = $this->values['albumid'];
$this->fetch_attachcount();
$this->contentid = 0;
// these values are negative (non-overage), so we need to flip them around for a "remaining" value
if (isset($this->totalpics_overage) AND $this->totalpics_overage >= 0)
{
standard_error(fetch_error('upload_album_pics_countfull', vb_number_format(-1 * $this->albumpics_overage)));
}
$moderatedpictures = (
(
$this->registry->options['albums_pictures_moderation']
OR
!($this->registry->userinfo['permissions']['albumpermissions'] & $this->registry->bf_ugp_albumpermissions['picturefollowforummoderation'])
)
AND
!can_moderate(0, 'canmoderatepictures')
);
$this->uploadcount++;
if (!($attachmentid = parent::process_upload($upload, $attachment, $imageonly)))
{
$this->uploadcount--;
return false;
}
// add to updated list
if (
can_moderate(0, 'canmoderatepictures')
OR
(
!$this->registry->options['albums_pictures_moderation']
AND
$this->registry->userinfo['permissions']['albumpermissions'] & $this->registry->bf_ugp_albumpermissions['picturefollowforummoderation']
)
)
{
exec_album_updated($this->registry->userinfo, $this->albuminfo);
}
if (!$moderatedpictures AND !$this->albuminfo['coverattachmentid'])
{
$this->albuminfo['coverattachmentid'] = $attachmentid;
// no cover -> set cover to the first pic uploaded
$this->registry->db->query_write("
UPDATE " . TABLE_PREFIX . "album
SET
coverattachmentid = $attachmentid
WHERE
albumid = {$this->albuminfo['albumid']}
");
}
return $attachmentid;
}
