function avatar_upload($remote, &$userinfo, $avatar_filename, $avatar)
{
require_once CORE_PATH . 'classes/cpg_file.php';
global $MAIN_CFG, $db, $lang;
if ($remote) {
if (!preg_match('/^(http:\\/\\/)?([\\w\\-\\.]+)\\:?([0-9]*)\\/(.*)$/', $avatar_filename, $url_ary) || empty($url_ary[4])) {
cpg_error('The URL you entered is incomplete');
}
$avatar = get_fileinfo($avatar_filename, !$MAIN_CFG['avatar']['animated'], true);
if (!isset($avatar['size'])) {
cpg_error(_AVATAR_ERR_DATA);
} elseif ($avatar['animation'] && !$MAIN_CFG['avatar']['animated']) {
cpg_error('Animated avatar not allowed');
}
$avatar_filesize = $avatar['size'];
$avatar_filetype = $avatar['type'];
$imgtype = check_image_type($avatar_filetype);
if ($avatar['size'] > 0 && $avatar['size'] < $MAIN_CFG['avatar']['filesize']) {
$new_filename = $userinfo['user_id'] . '_' . uniqid(rand()) . $imgtype;
$avatar_filename = $MAIN_CFG['avatar']['path'] . "/{$new_filename}";
if (CPG_File::write($avatar_filename, $avatar['data']) != $avatar['size']) {
trigger_error('Could not write avatar to local storage', E_USER_ERROR);
}
}
} else {
$avatar_filesize = $avatar['size'];
$avatar_filetype = $avatar['type'];
$imgtype = check_image_type($avatar_filetype);
$new_filename = $userinfo['user_id'] . '_' . uniqid(rand()) . $imgtype;
$avatar_filename = $MAIN_CFG['avatar']['path'] . "/{$new_filename}";
if (!CPG_File::move_upload($avatar, $avatar_filename)) {
trigger_error('Could not copy avatar to local storage', E_USER_ERROR);
}
if (!$MAIN_CFG['avatar']['animated'] && ($fp = fopen($avatar_filename, 'rb'))) {
$data = fread($fp, $avatar_filesize);
fclose($fp);
$data = preg_split('/\\x00[\\x00-\\xFF]\\x00\\x2C/', $data);
// split GIF frames
if (count($data) > 2) {
unlink($avatar_filename);
cpg_error('Animated avatar not allowed');
}
unset($data);
}
}
if ($avatar_filesize < 40 || $avatar_filesize > $MAIN_CFG['avatar']['filesize']) {
unlink($avatar_filename);
cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024)));
}
avatar_size($avatar_filename, true);
avatar_delete($userinfo);
return "user_avatar='{$new_filename}', user_avatar_type=1";
}
private function move_uploaded_attachment($file, $filename)
{
global $error, $error_msg, $lang, $upload_dir, $attach_config;
if (intval($attach_config['allow_ftp_upload'])) {
ftp_file($filename, $this->attach_filename, $this->type);
} else {
require_once 'includes/classes/cpg_file.php';
if (!CPG_File::move_upload($file, $upload_dir . '/' . $this->attach_filename)) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['General_upload_error'], './' . $upload_dir . '/' . $this->attach_filename);
return;
}
}
if (!$error && $this->thumbnail == 1) {
if (intval($attach_config['allow_ftp_upload'])) {
$source = $file;
$dest_file = THUMB_DIR . '/t_' . $this->attach_filename;
} else {
$source = $upload_dir . '/' . $this->attach_filename;
$dest_file = amod_realpath($upload_dir);
$dest_file .= '/' . THUMB_DIR . '/t_' . $this->attach_filename;
}
if (!create_thumbnail($file, $dest_file, $this->type)) {
if (!create_thumbnail($source, $dest_file, $this->type)) {
$this->thumbnail = 0;
}
}
}
}
// Create a unique name for the uploaded file
$nr = 0;
$picture_name = $matches[1] . '.' . $matches[2];
// Create a unique name for the uploaded file
$picture_name = $matches[1] . '.' . $matches[2];
$nr = 0;
while (file_exists($dest_dir . $picture_name)) {
$picture_name = $exp[0] . '~' . $nr++ . '.' . $ext;
}
$uploaded_pic = $dest_dir . $picture_name; */
// open_basedir restriction workaround
// if (false === stripos(ini_get('open_basedir'), dirname($_FILES['userpicture']['tmp_name'])))
require_once 'includes/classes/cpg_file.php';
$tmpfile = $CONFIG['userpics'] . md5(microtime()) . '.tmp';
if (!CPG_File::move_upload($_FILES['userpicture'], $tmpfile)) {
cpg_die(_ERROR, 'Couldn\'t create a copy of the uploaded image', __FILE__, __LINE__);
}
// Get picture information
if (!($imginfo = getimagesize($tmpfile))) {
unlink($tmpfile);
cpg_die(_ERROR, ERR_INVALID_IMG, __FILE__, __LINE__, true);
}
// Check GD for GIF support else only JPEG and PNG are allowed
if ($imginfo[2] != IMAGETYPE_JPEG && $imginfo[2] != IMAGETYPE_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2' && !function_exists('imagecreatefromgif'))) {
unlink($tmpfile);
cpg_die(_ERROR, GD_FILE_TYPE_ERR, __FILE__, __LINE__, true);
}
// Check image type is among those allowed for ImageMagick
if ($CONFIG['thumb_method'] == 'im' && !stristr($CONFIG['allowed_img_types'], $IMG_TYPES[$imginfo[2]])) {
unlink($tmpfile);
