function avatar_upload($remote, &$userinfo, $avatar_filename, $avatar) { require_once CORE_PATH . 'classes/cpg_file.php'; global $MAIN_CFG, $db, $lang; if ($remote) { if (!preg_match('/^(http:\\/\\/)?([\\w\\-\\.]+)\\:?([0-9]*)\\/(.*)$/', $avatar_filename, $url_ary) || empty($url_ary[4])) { cpg_error('The URL you entered is incomplete'); } $avatar = get_fileinfo($avatar_filename, !$MAIN_CFG['avatar']['animated'], true); if (!isset($avatar['size'])) { cpg_error(_AVATAR_ERR_DATA); } elseif ($avatar['animation'] && !$MAIN_CFG['avatar']['animated']) { cpg_error('Animated avatar not allowed'); } $avatar_filesize = $avatar['size']; $avatar_filetype = $avatar['type']; $imgtype = check_image_type($avatar_filetype); if ($avatar['size'] > 0 && $avatar['size'] < $MAIN_CFG['avatar']['filesize']) { $new_filename = $userinfo['user_id'] . '_' . uniqid(rand()) . $imgtype; $avatar_filename = $MAIN_CFG['avatar']['path'] . "/{$new_filename}"; if (CPG_File::write($avatar_filename, $avatar['data']) != $avatar['size']) { trigger_error('Could not write avatar to local storage', E_USER_ERROR); } } } else { $avatar_filesize = $avatar['size']; $avatar_filetype = $avatar['type']; $imgtype = check_image_type($avatar_filetype); $new_filename = $userinfo['user_id'] . '_' . uniqid(rand()) . $imgtype; $avatar_filename = $MAIN_CFG['avatar']['path'] . "/{$new_filename}"; if (!CPG_File::move_upload($avatar, $avatar_filename)) { trigger_error('Could not copy avatar to local storage', E_USER_ERROR); } if (!$MAIN_CFG['avatar']['animated'] && ($fp = fopen($avatar_filename, 'rb'))) { $data = fread($fp, $avatar_filesize); fclose($fp); $data = preg_split('/\\x00[\\x00-\\xFF]\\x00\\x2C/', $data); // split GIF frames if (count($data) > 2) { unlink($avatar_filename); cpg_error('Animated avatar not allowed'); } unset($data); } } if ($avatar_filesize < 40 || $avatar_filesize > $MAIN_CFG['avatar']['filesize']) { unlink($avatar_filename); cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024))); } avatar_size($avatar_filename, true); avatar_delete($userinfo); return "user_avatar='{$new_filename}', user_avatar_type=1"; }
private function move_uploaded_attachment($file, $filename) { global $error, $error_msg, $lang, $upload_dir, $attach_config; if (intval($attach_config['allow_ftp_upload'])) { ftp_file($filename, $this->attach_filename, $this->type); } else { require_once 'includes/classes/cpg_file.php'; if (!CPG_File::move_upload($file, $upload_dir . '/' . $this->attach_filename)) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['General_upload_error'], './' . $upload_dir . '/' . $this->attach_filename); return; } } if (!$error && $this->thumbnail == 1) { if (intval($attach_config['allow_ftp_upload'])) { $source = $file; $dest_file = THUMB_DIR . '/t_' . $this->attach_filename; } else { $source = $upload_dir . '/' . $this->attach_filename; $dest_file = amod_realpath($upload_dir); $dest_file .= '/' . THUMB_DIR . '/t_' . $this->attach_filename; } if (!create_thumbnail($file, $dest_file, $this->type)) { if (!create_thumbnail($source, $dest_file, $this->type)) { $this->thumbnail = 0; } } } }
// Create a unique name for the uploaded file $nr = 0; $picture_name = $matches[1] . '.' . $matches[2]; // Create a unique name for the uploaded file $picture_name = $matches[1] . '.' . $matches[2]; $nr = 0; while (file_exists($dest_dir . $picture_name)) { $picture_name = $exp[0] . '~' . $nr++ . '.' . $ext; } $uploaded_pic = $dest_dir . $picture_name; */ // open_basedir restriction workaround // if (false === stripos(ini_get('open_basedir'), dirname($_FILES['userpicture']['tmp_name']))) require_once 'includes/classes/cpg_file.php'; $tmpfile = $CONFIG['userpics'] . md5(microtime()) . '.tmp'; if (!CPG_File::move_upload($_FILES['userpicture'], $tmpfile)) { cpg_die(_ERROR, 'Couldn\'t create a copy of the uploaded image', __FILE__, __LINE__); } // Get picture information if (!($imginfo = getimagesize($tmpfile))) { unlink($tmpfile); cpg_die(_ERROR, ERR_INVALID_IMG, __FILE__, __LINE__, true); } // Check GD for GIF support else only JPEG and PNG are allowed if ($imginfo[2] != IMAGETYPE_JPEG && $imginfo[2] != IMAGETYPE_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2' && !function_exists('imagecreatefromgif'))) { unlink($tmpfile); cpg_die(_ERROR, GD_FILE_TYPE_ERR, __FILE__, __LINE__, true); } // Check image type is among those allowed for ImageMagick if ($CONFIG['thumb_method'] == 'im' && !stristr($CONFIG['allowed_img_types'], $IMG_TYPES[$imginfo[2]])) { unlink($tmpfile);