function wppa_user_upload() { global $wpdb; static $done; wppa_dbg_msg('Usr_upl entered'); if ($done) { return; } // Already done $done = true; // Mark as done // Upload possible? $may_upload = wppa_switch('user_upload_on'); if (wppa_switch('user_upload_login')) { if (!is_user_logged_in()) { $may_upload = false; } // Must login } // Create album possible? $may_create = wppa_switch('user_create_on'); if (wppa_switch('user_create_login')) { if (!is_user_logged_in()) { $may_create = false; } // Must login } // Edit album possible? $may_edit = wppa_switch('user_album_edit_on'); // Do create if ($may_create) { if (wppa_get_post('wppa-fe-create')) { // Create album $nonce = wppa_get_post('nonce'); if (wppa_get_post('wppa-album-name')) { $albumname = trim(strip_tags(wppa_get_post('wppa-album-name'))); } if (!wppa_sanitize_file_name($albumname)) { $albumname = __('New Album', 'wp-photo-album-plus'); } $ok = wp_verify_nonce($nonce, 'wppa-album-check'); if (!$ok) { die('<b>' . __('ERROR: Illegal attempt to create an album.', 'wp-photo-album-plus') . '</b>'); } // Check captcha $captkey = wppa_get_randseed('session'); if (!wppa_check_captcha($captkey)) { wppa_alert(__('Wrong captcha, please try again', 'wp-photo-album-plus')); return; } $parent = strval(intval(wppa_get_post('wppa-album-parent'))); if (!wppa_user_is('administrator') && wppa_switch('default_parent_always')) { $parent = wppa_opt('default_parent'); } $album = wppa_create_album_entry(array('name' => $albumname, 'description' => strip_tags(wppa_get_post('wppa-album-desc')), 'a_parent' => $parent, 'owner' => wppa_switch('frontend_album_public') ? '--- public ---' : wppa_get_user())); if ($album) { wppa_alert(sprintf(__('Album #%s created', 'wp-photo-album-plus'), $album)); wppa_flush_treecounts($parent); wppa_create_pl_htaccess(); } else { wppa_alert(__('Could not create album', 'wp-photo-album-plus')); } } } // Do Upload if ($may_upload) { if (wppa_get_post('wppa-upload-album')) { // Upload photo $nonce = wppa_get_post('nonce'); $ok = wp_verify_nonce($nonce, 'wppa-check'); if (!$ok) { die('<b>' . __('ERROR: Illegal attempt to upload a file.', 'wp-photo-album-plus') . '</b>'); } //print_r($_POST); $alb = wppa_get_post('wppa-upload-album'); if (is_array($_FILES)) { $bret = true; $filecount = '1'; $done = '0'; $fail = '0'; foreach ($_FILES as $file) { if (!is_array($file['error'])) { $bret = wppa_do_frontend_file_upload($file, $alb); // this should no longer happen since the name is incl [] if ($bret) { $done++; } else { $fail++; } } else { $filecount = count($file['error']); for ($i = '0'; $i < $filecount; $i++) { if ($bret) { $f['error'] = $file['error'][$i]; $f['tmp_name'] = $file['tmp_name'][$i]; $f['name'] = $file['name'][$i]; $f['type'] = $file['type'][$i]; $f['size'] = $file['size'][$i]; $bret = wppa_do_frontend_file_upload($f, $alb); if ($bret) { $done++; } else { $fail++; } } } } } $points = '0'; $alert = ''; if ($done) { //SUCCESSFUL UPLOAD, ADD POINTS $points = wppa_opt('cp_points_upload') * $done; $bret = wppa_add_credit_points($points, __('Photo upload', 'wp-photo-album-plus')); $alert .= sprintf(_n('Photo successfully uploaded.', '%s photos successfully uploaded.', $done, 'wp-photo-album-plus'), $done); if ($bret) { $alert .= ' ' . sprintf(__('%s points added.', 'wp-photo-album-plus'), $points); } } if ($fail) { if (!$done) { $alert .= __('Upload failed', 'wp-photo-album-plus'); } else { $alert .= sprintf(_n('1 Upload failed', '%s uploads failed.', $fail, 'wp-photo-album-plus'), $fail); } } $reload = wppa_switch('home_after_upload') && $done ? 'home' : false; wppa_alert($alert, $reload); } } } // Do Edit if ($may_edit) { if (wppa_get_post('wppa-albumeditsubmit')) { $alb = wppa_get_post('wppa-albumeditid'); $name = wppa_get_post('wppa-albumeditname'); $name = trim(strip_tags($name)); if (!wppa_sanitize_file_name($name)) { // Empty album name is not allowed $name = 'Album-#' . $alb; } $description = wppa_get_post('wppa-albumeditdesc'); if (!wp_verify_nonce(wppa_get_post('wppa-albumeditnonce'), 'wppa_nonce_' . $alb)) { die('Security check failure'); } wppa_update_album(array('id' => $alb, 'name' => $name, 'description' => $description, 'modified' => time())); wppa_create_pl_htaccess(); } } }
function wppa_user_upload() { global $wpdb; static $done; wppa_dbg_msg('Usr_upl entered'); if ($done) { return; } // Already done $done = true; // Mark as done // Upload possible? $may_upload = wppa_switch('user_upload_on'); if (wppa_switch('user_upload_login')) { if (!is_user_logged_in()) { $may_upload = false; } // Must login } // Create album possible? $may_create = wppa_switch('user_create_on'); if (wppa_switch('user_create_login')) { if (!is_user_logged_in()) { $may_create = false; } // Must login } // Edit album possible? $may_edit = wppa_switch('user_album_edit_on'); // Do create if ($may_create) { if (wppa_get_post('wppa-fe-create')) { // Create album $nonce = wppa_get_post('nonce'); if (wppa_get_post('wppa-album-name')) { $albumname = trim(strip_tags(wppa_get_post('wppa-album-name'))); } if (!wppa_sanitize_file_name($albumname)) { $albumname = __('New Album', 'wp-photo-album-plus'); } $ok = wp_verify_nonce($nonce, 'wppa-album-check'); if (!$ok) { die('<b>' . __('ERROR: Illegal attempt to create an album.', 'wp-photo-album-plus') . '</b>'); } // Check captcha if (wppa_switch('user_create_captcha')) { $captkey = wppa_get_randseed('session'); if (!wppa_check_captcha($captkey)) { wppa_alert(__('Wrong captcha, please try again', 'wp-photo-album-plus')); return; } } $parent = strval(intval(wppa_get_post('wppa-album-parent'))); if (!wppa_user_is('administrator') && wppa_switch('default_parent_always')) { $parent = wppa_opt('default_parent'); } $album = wppa_create_album_entry(array('name' => $albumname, 'description' => strip_tags(wppa_get_post('wppa-album-desc')), 'a_parent' => $parent, 'owner' => wppa_switch('frontend_album_public') ? '--- public ---' : wppa_get_user())); if ($album) { if (wppa_switch('fe_alert')) { wppa_alert(sprintf(__('Album #%s created', 'wp-photo-album-plus'), $album)); } wppa_flush_treecounts($parent); wppa_create_pl_htaccess(); } else { wppa_alert(__('Could not create album', 'wp-photo-album-plus')); } } } // Do Upload if ($may_upload) { $blogged = false; if (wppa_get_post('wppa-upload-album')) { // Upload photo $nonce = wppa_get_post('nonce'); $ok = wp_verify_nonce($nonce, 'wppa-check'); if (!$ok) { die('<b>' . __('ERROR: Illegal attempt to upload a file.', 'wp-photo-album-plus') . '</b>'); } $alb = wppa_get_post('wppa-upload-album'); $alb = strval(intval($alb)); // Force numeric if (!wppa_album_exists($alb)) { $alert = sprintf(__('Album %s does not exist', 'wp-photo-album-plus'), $alb); wppa_alert($alert); return; } $uploaded_ids = array(); if (is_array($_FILES)) { $iret = true; $filecount = '1'; $done = '0'; $fail = '0'; foreach ($_FILES as $file) { if (!is_array($file['error'])) { $iret = wppa_do_frontend_file_upload($file, $alb); // this should no longer happen since the name is incl [] if ($iret) { $uploaded_ids[] = $iret; $done++; wppa_set_last_album($alb); } else { $fail++; } } else { $filecount = count($file['error']); for ($i = '0'; $i < $filecount; $i++) { if ($iret) { $f['error'] = $file['error'][$i]; $f['tmp_name'] = $file['tmp_name'][$i]; $f['name'] = $file['name'][$i]; $f['type'] = $file['type'][$i]; $f['size'] = $file['size'][$i]; $iret = wppa_do_frontend_file_upload($f, $alb); if ($iret) { $uploaded_ids[] = $iret; $done++; wppa_set_last_album($alb); } else { $fail++; } } } } } $points = '0'; $alert = ''; $reload = wppa_switch('home_after_upload') && $done ? 'home' : false; if ($done) { // SUCCESSFUL UPLOAD, Blog It? if (current_user_can('edit_posts') && isset($_POST['wppa-blogit'])) { $title = $_POST['wppa-post-title']; if (!$title) { $title = wppa_local_date(); } $pretxt = $_POST['wppa-blogit-pretext']; $posttxt = $_POST['wppa-blogit-posttext']; $status = wppa_switch('blog_it_moderate') ? 'pending' : 'publish'; $post_content = $pretxt; foreach ($uploaded_ids as $id) { $post_content .= str_replace('#id', $id, wppa_opt('blog_it_shortcode')); } $post_content .= $posttxt; $post = array('post_title' => $title, 'post_content' => $post_content, 'post_status' => $status); $post = sanitize_post($post, 'db'); $iret = wp_insert_post($post); $blogged = true; } // ADD POINTS $points = wppa_opt('cp_points_upload') * $done; $bret = wppa_add_credit_points($points, __('Photo upload', 'wp-photo-album-plus')); $alert .= sprintf(_n('%d photo successfully uploaded', '%d photos successfully uploaded', $done, 'wp-photo-album-plus'), $done); if ($bret) { $alert .= ' ' . sprintf(__('%s points added', 'wp-photo-album-plus'), $points); } if (wppa_switch('fe_alert')) { wppa_alert($alert, $reload); } else { wppa_alert('', $reload); } // Blogged? if ($blogged) { if (wppa_switch('fe_alert')) { if ($status == 'pending') { wppa_alert(__('Your post is awaiting moderation.', 'wp-photo-album-plus')); } } echo '<script type="text/javascript" >document.location.href=\'' . home_url() . '\';</script>'; wppa_exit(); } } if ($fail) { if (!$done) { $alert .= __('Upload failed', 'wp-photo-album-plus'); } else { $alert .= sprintf(_n('%d upload failed', '%d uploads failed', $fail, 'wp-photo-album-plus'), $fail); } wppa_alert($alert, $reload); } } } } // Do Edit if ($may_edit) { if (wppa_get_post('wppa-albumeditsubmit')) { // Get album id $alb = wppa_get_post('wppa-albumeditid'); if (!$alb || !wppa_album_exists($alb)) { die('Security check failure'); } // Valid request? if (!wp_verify_nonce(wppa_get_post('wppa-albumeditnonce'), 'wppa_nonce_' . $alb)) { die('Security check failure'); } // Name $name = wppa_get_post('wppa-albumeditname'); $name = trim(strip_tags($name)); if (!$name) { // Empty album name is not allowed $name = 'Album-#' . $alb; } // Description $description = wppa_get_post('wppa-albumeditdesc'); // Custom data $custom = wppa_get_album_item($alb, 'custom'); if ($custom) { $custom_data = unserialize($custom); } else { $custom_data = array('', '', '', '', '', '', '', '', '', ''); } $idx = '0'; while ($idx < '10') { if (isset($_POST['custom_' . $idx])) { $value = wppa_get_post('custom_' . $idx); $custom_data[$idx] = wppa_sanitize_custom_field($value); } $idx++; } $custom = serialize($custom_data); // Update wppa_update_album(array('id' => $alb, 'name' => $name, 'description' => $description, 'custom' => $custom, 'modified' => time())); wppa_index_update('album', $alb); wppa_create_pl_htaccess(); } } }