function file_save()
{
global $file_base_path;
extract(doSlash(gpsa(array('id', 'filename', 'category', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second'))));
$id = assert_int($id);
$permissions = gps('perms');
if (is_array($permissions)) {
asort($permissions);
$permissions = implode(",", $permissions);
}
$perms = doSlash($permissions);
$old_filename = fetch('filename', 'txp_file', 'id', $id);
if ($old_filename != false && strcmp($old_filename, $filename) != 0) {
$old_path = build_file_path($file_base_path, $old_filename);
$new_path = build_file_path($file_base_path, $filename);
if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) {
$message = gTxt('file_cannot_rename', array('{name}' => $filename));
return file_list($message);
} else {
file_set_perm($new_path);
}
}
$created_ts = @safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second);
if ($publish_now) {
$created = 'now()';
} elseif ($created_ts > 0) {
$created = "from_unixtime('" . $created_ts . "')";
} else {
$created = '';
}
$size = filesize(build_file_path($file_base_path, $filename));
$rs = safe_update('txp_file', "\n\t\t\tfilename = '{$filename}',\n\t\t\tcategory = '{$category}',\n\t\t\tpermissions = '{$perms}',\n\t\t\tdescription = '{$description}',\n\t\t\tstatus = '{$status}',\n\t\t\tsize = '{$size}',\n\t\t\tmodified = now()" . ($created ? ", created = {$created}" : ''), "id = {$id}");
if (!$rs) {
// update failed, rollback name
if (shift_uploaded_file($new_path, $old_path) === false) {
$message = gTxt('file_unsynchronized', array('{name}' => $filename));
return file_list($message);
} else {
$message = gTxt('file_not_updated', array('{name}' => $filename));
return file_list($message);
}
}
$message = gTxt('file_updated', array('{name}' => $filename));
file_list($message);
}
function thumbnail_insert_post()
{
global $img_dir;
$id = $this->psi('id');
$file = $_FILES['thefile']['tmp_name'];
$name = $_FILES['thefile']['name'];
$file = get_uploaded_file($file);
list(, , $extension) = @getimagesize($file);
if ($file !== false && $this->extensions[$extension]) {
$ext = $this->extensions[$extension];
$newpath = IMPATH . $id . 't' . $ext;
if (shift_uploaded_file($file, $newpath) == false) {
image_list($newpath . sp . gTxt('upload_dir_perms'));
} else {
chmod($newpath, 0644);
safe_update("txp_image", "thumbnail = 1", "id = {$id}");
update_lastmod();
$this->_message(gTxt('image_uploaded', array('{name}' => $name)));
$this->_set_view('edit', $id);
}
} else {
if ($file === false) {
$this->_error(upload_get_errormsg($_FILES['thefile']['error']));
$this->_set_view('edit', $id);
} else {
$this->_error(gTxt('only_graphic_files_allowed'));
$this->_set_view('edit', $id);
}
}
}
function file_save()
{
global $file_base_path;
extract(doSlash(gpsa(array('id', 'filename', 'category', 'description'))));
$permissions = "";
if (isset($_GET['perms'])) {
$permissions = urldecode($_GET['perms']);
} elseif (isset($_POST['perms'])) {
$permissions = $_POST['perms'];
}
if (is_array($permissions)) {
asort($permissions);
$permissions = implode(",", $permissions);
}
$perms = mysql_real_escape_string($permissions);
$old_filename = fetch('filename', 'txp_file', 'id', '$id');
if ($old_filename != false && strcmp($old_filename, $filename) != 0) {
$old_path = build_file_path($file_base_path, $old_filename);
$new_path = build_file_path($file_base_path, $filename);
if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) {
file_list(messenger("file", $filename, "could not be renamed"));
return;
} else {
file_set_perm($new_path);
}
}
$rs = safe_update("txp_file", "filename = '{$filename}',\n\t\t\tcategory = '{$category}',\n\t\t\tpermissions = '{$perms}',\n\t\t\tdescription = '{$description}'", "id = '{$id}'");
if (!$rs) {
// update failed, rollback name
if (shift_uploaded_file($new_path, $old_path) === false) {
file_list(messenger("file", $filename, "has become unsyned with database. Manually fix file name."));
return;
} else {
file_list(messenger(gTxt('file'), $filename, "was not updated"));
return;
}
}
file_list(messenger(gTxt('file'), $filename, "updated"));
}
function thumbnail_insert()
{
global $txpcfg, $extensions, $txp_user, $img_dir, $path_to_site;
extract($txpcfg);
$id = assert_int(gps('id'));
$author = fetch('author', 'txp_image', 'id', $id);
if (!has_privs('image.edit') && !($author === $txp_user && has_privs('image.edit.own'))) {
image_list(gTxt('restricted_area'));
return;
}
$file = $_FILES['thefile']['tmp_name'];
$name = $_FILES['thefile']['name'];
$file = get_uploaded_file($file);
if (empty($file)) {
image_edit(array(upload_get_errormsg(UPLOAD_ERR_NO_FILE), E_ERROR), $id);
return;
}
list($w, $h, $extension) = getimagesize($file);
if ($file !== false && @$extensions[$extension]) {
$ext = $extensions[$extension];
$newpath = IMPATH . $id . 't' . $ext;
if (shift_uploaded_file($file, $newpath) == false) {
image_list(array($newpath . sp . gTxt('upload_dir_perms'), E_ERROR));
} else {
chmod($newpath, 0644);
safe_update("txp_image", "thumbnail = 1, thumb_w = {$w}, thumb_h = {$h}, date = now()", "id = {$id}");
$message = gTxt('image_uploaded', array('{name}' => $name));
update_lastmod();
image_edit($message, $id);
}
} else {
if ($file === false) {
image_list(array(upload_get_errormsg($_FILES['thefile']['error']), E_ERROR));
} else {
image_list(array(gTxt('only_graphic_files_allowed'), E_ERROR));
}
}
}
function file_save()
{
global $file_base_path, $file_statuses, $txp_user;
$varray = array_map('assert_string', gpsa(array('id', 'category', 'title', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second')));
extract(doSlash($varray));
$filename = $varray['filename'] = sanitizeForFile(gps('filename'));
if ($filename == '') {
file_list(array(gTxt('file_not_updated', array('{name}' => $filename)), E_ERROR));
return;
}
$id = $varray['id'] = assert_int($id);
$permissions = gps('perms');
if (is_array($permissions)) {
asort($permissions);
$permissions = implode(",", $permissions);
}
$varray['permissions'] = $permissions;
$perms = doSlash($permissions);
$rs = safe_row('filename, author', 'txp_file', "id={$id}");
if (!has_privs('file.edit') && !($rs['author'] === $txp_user && has_privs('file.edit.own'))) {
require_privs();
}
$old_filename = $varray['old_filename'] = sanitizeForFile($rs['filename']);
if ($old_filename != false && strcmp($old_filename, $filename) != 0) {
$old_path = build_file_path($file_base_path, $old_filename);
$new_path = build_file_path($file_base_path, $filename);
if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) {
file_list(array(gTxt('file_cannot_rename', array('{name}' => $filename)), E_ERROR));
return;
} else {
file_set_perm($new_path);
}
}
$created_ts = @safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second);
if ($publish_now) {
$created = 'now()';
} elseif ($created_ts > 0) {
$created = "from_unixtime('" . $created_ts . "')";
} else {
$created = '';
}
$size = filesize(build_file_path($file_base_path, $filename));
$constraints = array('category' => new CategoryConstraint(gps('category'), array('type' => 'file')), 'status' => new ChoiceConstraint(gps('status'), array('choices' => array_keys($file_statuses), 'message' => 'invalid_status')));
callback_event_ref('file_ui', 'validate_save', 0, $varray, $constraints);
$validator = new Validator($constraints);
$rs = $validator->validate() && safe_update('txp_file', "\n filename = '" . doSlash($filename) . "',\n title = '{$title}',\n category = '{$category}',\n permissions = '{$perms}',\n description = '{$description}',\n status = '{$status}',\n size = '{$size}',\n modified = now()" . ($created ? ", created = {$created}" : ''), "id = {$id}");
if (!$rs) {
// Update failed, rollback name.
if (isset($old_path) && shift_uploaded_file($new_path, $old_path) === false) {
file_list(array(gTxt('file_unsynchronized', array('{name}' => $filename)), E_ERROR));
return;
} else {
file_list(array(gTxt('file_not_updated', array('{name}' => $filename)), E_ERROR));
return;
}
}
update_lastmod('file_saved', compact('id', 'filename', 'title', 'category', 'description', 'status', 'size'));
file_list(gTxt('file_updated', array('{name}' => $filename)));
}
/**
* Uploads an image.
*
* Can be used to upload a new image or replace an existing one.
* If $id is specified, the image will be replaced. If $uploaded is set FALSE,
* $file can take a local file instead of HTTP file upload variable.
*
* All uploaded files will included on the Images panel.
*
* @param array $file HTTP file upload variables
* @param array $meta Image meta data, allowed keys 'caption', 'alt', 'category'
* @param int $id Existing image's ID
* @param bool $uploaded If FALSE, $file takes a filename instead of upload vars
* @return array|string An array of array(message, id) on success, localized error string on error
* @package Image
* @example
* print_r(image_data(
* $_FILES['myfile'],
* array(
* 'caption' => '',
* 'alt' => '',
* 'category' => '',
* )
* ));
*/
function image_data($file, $meta = array(), $id = 0, $uploaded = true)
{
global $txp_user, $event;
$name = $file['name'];
$error = $file['error'];
$file = $file['tmp_name'];
if ($uploaded) {
$file = get_uploaded_file($file);
if (get_pref('file_max_upload_size') < filesize($file)) {
unlink($file);
return upload_get_errormsg(UPLOAD_ERR_FORM_SIZE);
}
}
if (empty($file)) {
return upload_get_errormsg(UPLOAD_ERR_NO_FILE);
}
list($w, $h, $extension) = getimagesize($file);
$ext = get_safe_image_types($extension);
if (!$ext) {
return gTxt('only_graphic_files_allowed');
}
$name = substr($name, 0, strrpos($name, '.')) . $ext;
$safename = doSlash($name);
$meta = lAtts(array('category' => '', 'caption' => '', 'alt' => ''), (array) $meta, false);
extract(doSlash($meta));
$q = "\n name = '{$safename}',\n ext = '{$ext}',\n w = {$w},\n h = {$h},\n alt = '{$alt}',\n caption = '{$caption}',\n category = '{$category}',\n date = now(),\n author = '" . doSlash($txp_user) . "'\n ";
if (empty($id)) {
$rs = safe_insert('txp_image', $q);
if ($rs) {
$id = $GLOBALS['ID'] = $rs;
}
$update = false;
} else {
$id = assert_int($id);
$rs = safe_update('txp_image', $q, "id = {$id}");
$update = true;
}
if (!$rs) {
return gTxt('image_save_error');
}
$newpath = IMPATH . $id . $ext;
if (shift_uploaded_file($file, $newpath) == false) {
if (!$update) {
safe_delete('txp_image', "id = {$id}");
}
unset($GLOBALS['ID']);
return $newpath . sp . gTxt('upload_dir_perms');
}
@chmod($newpath, 0644);
// GD is supported
if (check_gd($ext)) {
// Auto-generate a thumbnail using the last settings
if (get_pref('thumb_w') > 0 || get_pref('thumb_h') > 0) {
$t = new txp_thumb($id);
$t->crop = (bool) get_pref('thumb_crop');
$t->hint = '0';
$t->width = (int) get_pref('thumb_w');
$t->height = (int) get_pref('thumb_h');
$t->write();
}
}
$message = gTxt('image_uploaded', array('{name}' => $name));
update_lastmod('image_uploaded', compact('id', 'name', 'ext', 'w', 'h', 'alt', 'caption', 'category', 'txpuser'));
// call post-upload plugins with new image's $id
callback_event('image_uploaded', $event, false, $id);
return array($message, $id);
}
function image_data($file, $category = '', $id = '', $uploaded = true)
{
global $txpcfg, $extensions, $txp_user;
extract($txpcfg);
$name = $file['name'];
$error = $file['error'];
$file = $file['tmp_name'];
if ($uploaded) {
$file = get_uploaded_file($file);
}
list($w, $h, $extension) = getimagesize($file);
if ($file !== false && @$extensions[$extension]) {
$ext = $extensions[$extension];
$name = substr($name, 0, strrpos($name, '.'));
$name .= $ext;
$name2db = doSlash($name);
$q = "w = '{$w}',\n\t\t\t\t h = '{$h}',\n\t\t\t\t ext = '{$ext}',\n\t\t\t\t name = '{$name2db}',\n\t\t\t\t date = now(),\n\t\t\t\t caption = '',\n\t\t\t\t author = '{$txp_user}'";
if (empty($id)) {
$q .= ", category = '{$category}'";
$rs = safe_insert("txp_image", $q);
$id = mysql_insert_id();
} else {
$id = doSlash($id);
$rs = safe_update('txp_image', $q, "id = {$id}");
}
if (!$rs) {
return gTxt('image_save_error');
} else {
$newpath = IMPATH . $id . $ext;
if (shift_uploaded_file($file, $newpath) == false) {
safe_delete("txp_image", "id='{$id}'");
safe_alter("txp_image", "auto_increment={$id}");
return $newpath . sp . gTxt('upload_dir_perms');
} else {
chmod($newpath, 0755);
return array(messenger('image', $name, 'uploaded'), $id);
}
}
} else {
if ($file === false) {
return upload_get_errormsg($error);
} else {
return gTxt('only_graphic_files_allowed');
}
}
}
function image_data($file, $meta = '', $id = '', $uploaded = true)
{
global $txpcfg, $extensions, $txp_user, $prefs, $file_max_upload_size, $event;
extract($txpcfg);
$name = $file['name'];
$error = $file['error'];
$file = $file['tmp_name'];
if ($uploaded) {
$file = get_uploaded_file($file);
if ($file_max_upload_size < filesize($file)) {
unlink($file);
return upload_get_errormsg(UPLOAD_ERR_FORM_SIZE);
}
}
if (empty($file)) {
return upload_get_errormsg(UPLOAD_ERR_NO_FILE);
}
list($w, $h, $extension) = getimagesize($file);
if ($file !== false && @$extensions[$extension]) {
$ext = $extensions[$extension];
$name = substr($name, 0, strrpos($name, '.')) . $ext;
$safename = doSlash($name);
if ($meta == false) {
$meta = array('category' => '', 'caption' => '', 'alt' => '');
}
extract(doSlash($meta));
$q = "\n\t\t\t\tname = '{$safename}',\n\t\t\t\text = '{$ext}',\n\t\t\t\tw = {$w},\n\t\t\t\th = {$h},\n\t\t\t\talt = '{$alt}',\n\t\t\t\tcaption = '{$caption}',\n\t\t\t\tcategory = '{$category}',\n\t\t\t\tdate = now(),\n\t\t\t\tauthor = '" . doSlash($txp_user) . "'\n\t\t\t";
if (empty($id)) {
$rs = safe_insert('txp_image', $q);
$id = $GLOBALS['ID'] = mysql_insert_id();
} else {
$id = assert_int($id);
$rs = safe_update('txp_image', $q, "id = {$id}");
}
if (!$rs) {
return gTxt('image_save_error');
} else {
$newpath = IMPATH . $id . $ext;
if (shift_uploaded_file($file, $newpath) == false) {
$id = assert_int($id);
safe_delete('txp_image', "id = {$id}");
safe_alter('txp_image', "auto_increment = {$id}");
if (isset($GLOBALS['ID'])) {
unset($GLOBALS['ID']);
}
return $newpath . sp . gTxt('upload_dir_perms');
} else {
@chmod($newpath, 0644);
// GD is supported
if (check_gd($ext)) {
// Auto-generate a thumbnail using the last settings
if (isset($prefs['thumb_w'], $prefs['thumb_h'], $prefs['thumb_crop'])) {
$width = intval($prefs['thumb_w']);
$height = intval($prefs['thumb_h']);
if ($width > 0 or $height > 0) {
$t = new txp_thumb($id);
$t->crop = $prefs['thumb_crop'] == '1';
$t->hint = '0';
$t->width = $width;
$t->height = $height;
$t->write();
}
}
}
$message = gTxt('image_uploaded', array('{name}' => $name));
update_lastmod();
// call post-upload plugins with new image's $id
callback_event('image_uploaded', $event, false, $id);
return array($message, $id);
}
}
} else {
if ($file === false) {
return upload_get_errormsg($error);
} else {
return gTxt('only_graphic_files_allowed');
}
}
}
function file_save()
{
global $file_base_path;
extract(doSlash(gpsa(array('id', 'filename', 'category', 'description'))));
$id = assert_int($id);
$permissions = gps('perms');
if (is_array($permissions)) {
asort($permissions);
$permissions = implode(",", $permissions);
}
$perms = doSlash($permissions);
$old_filename = fetch('filename', 'txp_file', 'id', $id);
if ($old_filename != false && strcmp($old_filename, $filename) != 0) {
$old_path = build_file_path($file_base_path, $old_filename);
$new_path = build_file_path($file_base_path, $filename);
if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) {
$message = gTxt('file_cannot_rename', array('{name}' => $filename));
return file_list($message);
} else {
file_set_perm($new_path);
}
}
$rs = safe_update('txp_file', "\n\t\t\tfilename = '{$filename}',\n\t\t\tcategory = '{$category}',\n\t\t\tpermissions = '{$perms}',\n\t\t\tdescription = '{$description}'\n\t\t", "id = {$id}");
if (!$rs) {
// update failed, rollback name
if (shift_uploaded_file($new_path, $old_path) === false) {
$message = gTxt('file_unsynchronized', array('{name}' => $filename));
return file_list($message);
} else {
$message = gTxt('file_not_updated', array('{name}' => $filename));
return file_list($message);
}
}
$message = gTxt('file_updated', array('{name}' => $filename));
file_list($message);
}
function image_data($file, $meta = '', $id = '', $uploaded = true)
{
global $txpcfg, $txp_user, $prefs, $file_max_upload_size;
$extensions = array(0, '.gif', '.jpg', '.png', '.swf');
extract($txpcfg);
$name = $file['name'];
$error = $file['error'];
$file = $file['tmp_name'];
if ($uploaded) {
$file = get_uploaded_file($file);
if ($file_max_upload_size < filesize($file)) {
unlink($file);
return upload_get_errormsg(UPLOAD_ERR_FORM_SIZE);
}
}
list($w, $h, $extension) = @getimagesize($file);
if ($file !== false && @$extensions[$extension]) {
$ext = $extensions[$extension];
$name = doSlash(substr($name, 0, strrpos($name, '.')) . $ext);
if ($meta == false) {
$meta = array('category' => '', 'caption' => '', 'alt' => '');
}
extract(doSlash($meta));
$q = "\n\t\t\tname = '{$name}',\n\t\t\text = '{$ext}',\n\t\t\tw = {$w},\n\t\t\th = {$h},\n\t\t\talt = '{$alt}',\n\t\t\tcaption = '{$caption}',\n\t\t\tcategory = '{$category}',\n\t\t\tdate = now(),\n\t\t\tauthor = '{$txp_user}'\n\t\t";
if (empty($id)) {
$rs = safe_insert('txp_image', $q);
$id = $GLOBALS['ID'] = mysql_insert_id();
} else {
$id = assert_int($id);
$rs = safe_update('txp_image', $q, "id = {$id}");
}
if (!$rs) {
return gTxt('image_save_error');
} else {
$newpath = IMPATH . $id . $ext;
if (shift_uploaded_file($file, $newpath) == false) {
$id = assert_int($id);
safe_delete('txp_image', "id = {$id}");
safe_alter('txp_image', "auto_increment = {$id}");
if (isset($GLOBALS['ID'])) {
unset($GLOBALS['ID']);
}
return $newpath . sp . gTxt('upload_dir_perms');
} else {
@chmod($newpath, 0644);
// Auto-generate a thumbnail using the last settings
if (isset($prefs['thumb_w'], $prefs['thumb_h'], $prefs['thumb_crop'])) {
img_makethumb($id, $prefs['thumb_w'], $prefs['thumb_h'], $prefs['thumb_crop']);
}
update_lastmod();
$message = gTxt('image_uploaded', array('{name}' => $name));
return array($message, $id);
}
}
} else {
// missing or invalid file
if ($file === false) {
return upload_get_errormsg($error);
} else {
return gTxt('only_graphic_files_allowed');
}
}
}
function save_post()
{
global $file_base_path;
extract(doSlash(gpsa(array('id', 'filename', 'category', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second'))));
$old_filename = safe_field('filename', 'txp_file', "id='{$id}'");
if ($old_filename and $old_filename != $filename) {
if (safe_field('id', 'txp_file', "filename='" . doSlash($filename) . "'")) {
$this->_error(gTxt('file_already_exists', array('{name}' => $filename)));
return;
}
$old_path = $this->file_path($old_filename);
$new_path = $this->file_path($filename);
if (!shift_uploaded_file($old_path, $new_path)) {
$this->_error(messenger("file", $filename, "could not be renamed"));
return;
} else {
$this->file_set_perm($new_path);
}
}
$created_ts = @safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second);
if ($publish_now) {
$created = 'now()';
} elseif ($created_ts > 0) {
$created = "from_unixtime('" . $created_ts . "')";
} else {
$created = '';
}
$size = filesize($this->file_path($filename));
$rs = safe_update('txp_file', "\n\t\t\tfilename = '{$filename}',\n\t\t\tcategory = '{$category}',\n\t\t\tdescription = '{$description}',\n\t\t\tstatus = '{$status}',\n\t\t\tsize = '{$size}',\n\t\t\tmodified = now()" . ($created ? ", created = {$created}" : ''), "id = {$id}");
if (!$rs) {
// update failed, rollback name
if (shift_uploaded_file($new_path, $old_path) === false) {
$this->_error(messenger("file", $filename, "has become unsyned with database. Manually fix file name."));
return;
} else {
$this->_error(messenger(gTxt('file'), $filename, "was not updated"));
return;
}
}
$this->_message(messenger(gTxt('file'), $filename, "updated"));
}
function thumbnail_insert()
{
global $txpcfg, $extensions, $txp_user, $img_dir, $path_to_site;
extract($txpcfg);
$id = gps('id');
$file = $_FILES['thefile']['tmp_name'];
$name = $_FILES['thefile']['name'];
$file = get_uploaded_file($file);
list(, , $extension) = getimagesize($file);
if ($file !== false && $extensions[$extension]) {
$ext = $extensions[$extension];
$newpath = IMPATH . $id . 't' . $ext;
if (shift_uploaded_file($file, $newpath) == false) {
image_list($newpath . sp . gTxt('upload_dir_perms'));
} else {
chmod($newpath, 0755);
safe_update("txp_image", "thumbnail='1'", "id='{$id}'");
image_edit(messenger('image', $name, 'uploaded'), $id);
}
} else {
if ($file === false) {
image_list(upload_get_errormsg($_FILES['thefile']['error']));
} else {
image_list(gTxt('only_graphic_files_allowed'));
}
}
}
