/** * Upload personal photo function * Assumes all security checks have been performed by this point * * @access public * @param integer [Optional] member id instead of current member * @return array [ error (error message), status (status message [ok/fail] ) ] */ public function uploadPhoto($member_id = 0) { //----------------------------------------- // INIT //----------------------------------------- $return = array('error' => '', 'status' => '', 'final_location' => '', 'final_width' => '', 'final_height' => '', 't_final_location' => '', 't_final_width' => '', 't_final_height' => ''); $member_id = $member_id ? intval($member_id) : intval($this->memberData['member_id']); $memberData = IPSMember::load($member_id); $real_name = ''; $upload_dir = ''; $t_real_name = ''; $p_max = $memberData['photoMaxKb']; if (IN_ACP) { $p_max = 10000; } if (!$member_id) { return array('status' => 'cannot_find_member'); } /* Fix up upload directory */ $paths = $this->_getProfileUploadPaths(); $upload_path = $paths['path']; $upload_dir = $paths['dir']; /* Check for an upload */ if ($_FILES['upload_photo']['name'] != "" and $_FILES['upload_photo']['name'] != "none") { if (!IPSMember::canUploadPhoto($memberData)) { $return['status'] = 'fail'; $return['error'] = 'no_photo_upload_permission'; return $return; } $real_name = 'photo-' . $member_id; /* Fetch library */ require_once IPS_KERNEL_PATH . 'classUpload.php'; /*noLibHook*/ $upload = new classUpload(); /* Bit of set up */ $upload->out_file_name = 'photo-' . $member_id; $upload->out_file_dir = $upload_path; $upload->max_file_size = $p_max * 1024; $upload->upload_form_field = 'upload_photo'; /* Set up our allowed types */ $upload->allowed_file_ext = array('gif', 'png', 'jpg', 'jpeg'); /* http://community.invisionpower.com/resources/bugs.html/_/ip-board/problem-change-avatar-too-large-r42679 This is not ideal but is no longer an issue in 4.x - the alternative is a lot of refactoring of classUpload */ $filename = IPSText::parseCleanValue(str_replace(array('<', '>'), '-', $_FILES['upload_photo']['name'])); $extension = $upload->_getFileExtension($filename); if ($_FILES['upload_photo']['size'] <= $upload->max_file_size && in_array($extension, $upload->allowed_file_ext)) { /* Remove any current photos - http://community.invisionpower.com/resources/bugs.html/_/ip-board/profile-picture-not-removed-on-replacement-r41405 */ $this->removeUploadedPhotos($member_id, $upload_path); } /* Upload */ $upload->process(); /* Oops, what happened? */ if ($upload->error_no) { switch ($upload->error_no) { case 1: // No upload $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; case 2: // Invalid file ext $return['status'] = 'fail'; $return['error'] = 'invalid_file_extension'; break; case 3: // Too big... $return['status'] = 'fail'; $return['error'] = 'upload_to_big'; break; case 4: // Cannot move uploaded file $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; case 5: // Possible XSS attack (image isn't an image) $return['status'] = 'fail'; $return['error'] = 'upload_failed'; break; } return $return; } /* We got this far.. */ $real_name = $upload->parsed_file_name; $t_real_name = $upload->parsed_file_name; /* Now build sized copies */ $return = $this->buildSizedPhotos($upload->parsed_file_name, $member_id); } return $return; }
/** * Convert an image * * @access public * @param integer Foreign ID number * @param array Data to insert to table * @param string Path to where images are stores * @param boolean If true, loads file data from database, rather than move file * @return boolean Success or fail **/ public function convertImage($id, $info, $path, $db = false, $parent = false) { // First remap for gallery 5 foreach ($info as $k => $v) { if (isset($this->_imageRemap[$k])) { $info[$this->_imageRemap[$k]] = $v; unset($info[$k]); } else { $info[$k] = $v; } } unset($info['image_id']); // Check we have a path //if (!$this->settings['gallery_images_path']) //{ // $this->logError($id, 'Your IP.Gallery uploads path has not been configured'); // return false; //} if (!file_exists($this->settings['gallery_images_path'] . '/gallery')) { if (!mkdir($this->settings['gallery_images_path'] . '/gallery', 0777)) { $this->error('"gallery" folder does not exist in the uploads directory.'); return false; } } if (!is_writable($this->settings['gallery_images_path'])) { $this->error('"gallery" folder is not writable.'); return false; } //----------------------------------------- // Make sure we have everything we need //----------------------------------------- if (!$id) { $this->logError($id, 'No ID number provided'); return false; } // Need image path if was not stored in database if (!$path and !$db) { $this->logError($id, 'No path provided'); return false; } // Be sure to have member id if (!$info['image_member_id']) { $this->logError($id, 'No member ID provided'); return false; } // Need to store in either category or album if (!$info['image_album_id']) { $this->logError($id, 'No album ID provided'); return false; } // Check if a masked name was provided. If not, just use the filename. $info['image_masked_file_name'] = $info['image_masked_file_name'] ? $info['image_masked_file_name'] : $info['image_file_name']; if (!$db and !$info['image_masked_file_name']) { $this->logError($id, 'No filename provided'); return false; } // Make sure image data was provided if stored in database. if ($db && !$info['image_data']) { $this->logError($id, 'No file data provided'); return false; } if (isset($info['image_directory']) && $info['image_directory'] != '') { $oldPath = $path; $path = $path . '/' . trim($info['image_directory'], '/'); } // Check the file actually exists if (!$db && !file_exists($path . '/' . $info['image_masked_file_name'])) { if (!file_exists($oldPath . '/' . $info['image_masked_file_name'])) { $this->logError($id, 'Could not locate file ' . $path . '/' . $info['image_masked_file_name']); return false; } $path = $oldPath; } $albumID = $this->getLink($info['image_album_id'], 'gallery_albums', true); if ($albumID) { if (isset($info['image_category_id'])) { $categoryID = $this->getLink($info['image_category_id'], 'gallery_categories', true); $info['image_category_id'] = $categoryID; } else { $info['image_category_id'] = ipsRegistry::$settings['gallery_members_album']; } $info['image_album_id'] = $albumID; } else { $info['image_category_id'] = $this->getLink($info['image_album_id'], 'gallery_categories'); $info['image_album_id'] = 0; } //----------------------------------------- // Set up array //----------------------------------------- $imageArray = array('image_member_id' => $this->getLink($info['image_member_id'], 'members', false, $this->useLocalLink), 'image_album_id' => $info['image_album_id'], 'image_category_id' => $info['image_category_id'], 'image_caption' => $info['image_caption'] ? $info['image_caption'] : 'No caption', 'image_description' => $info['image_description'], 'image_directory' => '', 'image_file_name' => $info['image_file_name'], 'image_approved' => $info['image_approved'], 'image_thumbnail' => 0, 'image_views' => intval($info['image_views']), 'image_comments' => intval($info['image_comments']), 'image_date' => intval($info['image_date']), 'image_ratings_total' => intval($info['image_ratings_total']), 'image_ratings_count' => intval($info['image_ratings_count']), 'image_caption_seo' => IPSText::makeSeoTitle($info['image_caption']), 'image_notes' => $info['image_notes'], 'image_rating' => intval($info['image_ratings_total']) > 0 ? intval($info['image_ratings_total']) / intval($info['image_ratings_count']) : 0, 'image_privacy' => $info['image_privacy']); if (!isset($info['image_file_size'])) { $imageArray['image_file_size'] = @filesize($path . '/' . $info['image_masked_file_name']); } else { $imageArray['image_file_size'] = $info['image_file_size']; } // Fields still required = array( 'file_name', 'file_type', 'masked_file_name', 'medium_file_name'); // Fields optional = array( 'file_size', 'pinned', 'media', 'credit_info', 'metadata', 'media_thumb'); $_file = IPSLib::getAppDir('gallery') . '/app_class_gallery.php'; $_name = 'app_class_gallery'; $galleryLibObject = null; if (file_exists($_file)) { $classToLoad = IPSLib::loadLibrary($_file, $_name); $galleryLibObject = new $classToLoad($this->registry); } require_once IPS_KERNEL_PATH . 'classUpload.php'; $upload = new classUpload(); $dir = $this->registry->gallery->helper('upload')->createDirectoryName($imageArray['image_album_id'], $imageArray['image_category_id']); if (!is_dir($this->settings['gallery_images_path'] . DIRECTORY_SEPARATOR . $dir)) { $this->error('Could not create directory to store images, please check <b>permissions (0777)</b> and <b>ownership</b> on "' . $this->settings['gallery_images_path'] . '/gallery/"'); } $ext = $upload->_getFileExtension($info['image_file_name']); $container = $imageArray['image_category_id']; if ($imageArray['image_album_id']) { $container = $imageArray['image_album_id']; } $new_name = "gallery_{$info['image_member_id']}_" . $container . "_" . time() . '_' . $id . '.' . $ext; $imageArray['image_masked_file_name'] = $new_name; $new_file = $this->settings['gallery_images_path'] . '/' . $dir . '/' . $new_name; // stop image_directory being category_ and album_ if (($imageArray['image_album_id'] != 0 || isset($imageArray['image_album_id']) || !empty($imageArray['image_album_id'])) && ($imageArray['image_category_id'] != 0 || isset($imageArray['image_category_id']) || !empty($imageArray['image_category_id']))) { // Set directory $imageArray['image_directory'] = $imageArray['image_album_id'] ? 'gallery/album_' . $imageArray['image_album_id'] : 'gallery/category_' . $imageArray['image_category_id']; } else { $imageArray['image_directory'] = ''; } if ($imageArray['image_directory'] == 'gallery/category_' || $imageArray['image_directory'] == 'gallery/album_') { $imageArray['image_directory'] = ''; } // Create the file from the db if that's the case if ($db) { $this->createFile($new_name, $info['image_data'], $info['image_file_size'], $this->settings['gallery_images_path'] . '/' . substr($dir, 0, -1)); } else { // Copy the file to its end IP.Gallery location if (!@copy($path . '/' . $info['image_masked_file_name'], $new_file)) { $e = error_get_last(); $this->logError($id, 'Could not move file - attempted to move ' . $path . '/' . $info['image_masked_file_name'] . ' to ' . $new_file . '<br />' . $e['message'] . '<br /><br />'); return false; } } @chmod($new_file, 0777); if (method_exists($upload, 'check_xss_infile')) { $upload->saved_upload_name = $new_file; $upload->check_xss_infile(); if ($upload->error_no == 5) { $this->logError($id, 'Invalid XSS file: ' . $info['image_file_name'] . '<br /><br />'); return false; } } //------------------------------------------------------------- // Exif/IPTC support? //------------------------------------------------------------- $meta_data = array(); if ($this->settings['gallery_exif']) { $meta_data = array_merge($meta_data, $this->registry->gallery->helper('image')->extractExif($new_file)); } if ($this->settings['gallery_iptc']) { $meta_data = array_merge($meta_data, $this->registry->gallery->helper('image')->extractIptc($new_file)); } $imageArray['image_metadata'] = serialize($meta_data); //------------------------------------------------------------- // Pass to library //------------------------------------------------------------- $media = 0; $imageArray['image_media'] = $this->_isImage($ext) ? 0 : 1; $imageArray['image_medium_file_name'] = 'med_' . $new_name; $imageArray['image_file_type'] = $this->registry->gallery->helper('image')->getImageType($new_file); // Go $this->DB->insert('gallery_images', $imageArray); $inserted_id = $this->DB->getInsertId(); // Permissions $prefix = ipsRegistry::dbFunctions()->getPrefix(); $this->DB->query("UPDATE {$prefix}gallery_images i, {$prefix}permission_index p SET i.image_parent_permission=p.perm_view WHERE p.app='gallery' AND p.perm_type='categories' AND p.perm_type_id=i.image_category_id"); //----------------------------------------- // Add link //----------------------------------------- $this->addLink($inserted_id, $id, 'gallery_images'); return true; }
/** * Convert an image * * @access public * @param integer Foreign ID number * @param array Data to insert to table * @param string Path to where images are stores * @param array Custom field data to insert to table * @param boolean If true, loads file data from database, rather than move file * @return boolean Success or fail **/ public function convertImage($id, $info, $path, $custom_fields, $db = false) { // Check we have a path if (!$this->settings['gallery_images_path']) { $this->logError($id, 'Your IP.Gallery uploads path has not been configured'); return false; } //----------------------------------------- // Make sure we have everything we need //----------------------------------------- if (!$id) { $this->logError($id, 'No ID number provided'); return false; } // Need image path if was not stored in database if (!$path and !$db) { $this->logError($id, 'No path provided'); return false; } // Be sure to have member id if (!$info['member_id']) { $this->logError($id, 'No member ID provided'); return false; } // Need to store in either category or album if (!$info['category_id'] and !$info['album_id']) { $this->logError($id, 'No category or album ID provided'); return false; } // Check if a masked name was provided. If not, just use the filename. $info['masked_file_name'] = $info['masked_file_name'] ? $info['masked_file_name'] : $info['file_name']; if (!$db and !$info['masked_file_name']) { $this->logError($id, 'No filename provided'); return false; } // Make sure image data was provided if stored in database. if ($db && !$info['data']) { $this->logError($id, 'No file data provided'); return false; } if (isset($info['directory']) && $info['directory'] != '') { $path = $path . '/' . trim($info['directory'], '/'); } // Check the file actually exists if (!$db && !file_exists($path . '/' . $info['masked_file_name'])) { $this->logError($id, 'Could not locate file ' . $path . '/' . $info['masked_file_name']); return false; } //----------------------------------------- // Set up array //----------------------------------------- $imageArray = array('member_id' => $this->getLink($info['member_id'], 'members', false, $this->useLocalLink), 'category_id' => $info['category_id'] ? $this->getLink($info['category_id'], 'gallery_categories') : 0, 'album_id' => $info['album_id'] ? $this->getLink($info['album_id'], 'gallery_albums') : 0, 'caption' => $info['caption'] ? $info['caption'] : 'No caption', 'file_size' => $info['file_size'] ? $info['file_size'] : 2, 'description' => $info['description'], 'directory' => '', 'file_name' => $info['file_name'], 'approved' => $info['approved'], 'thumbnail' => $info['thumbnail'], 'views' => intval($info['views']), 'comments' => intval($info['comments']), 'idate' => intval($info['idate']), 'ratings_total' => intval($info['ratings_total']), 'ratings_count' => intval($info['ratings_count']), 'caption_seo' => IPSText::makeSeoTitle($info['caption']), 'image_notes' => $info['image_notes'], 'rating' => intval($info['ratings_total']) > 0 ? intval($info['ratings_total']) / intval($info['ratings_count']) : 0); // Fields still required = array( 'file_name', 'file_type', 'masked_file_name', 'medium_file_name'); // Fields optional = array( 'file_size', 'pinned', 'media', 'credit_info', 'metadata', 'media_thumb'); $_file = IPSLib::getAppDir('gallery') . '/app_class_gallery.php'; $_name = 'app_class_gallery'; $galleryLibObject; if (file_exists($_file)) { $classToLoad = IPSLib::loadLibrary($_file, $_name); $galleryLibObject = new $classToLoad($this->registry); } $this->_loadMediaCache(); require_once IPS_KERNEL_PATH . 'classUpload.php'; $upload = new classUpload(); $allowed_ext = array(); foreach ($this->media_thumb_cache as $k => $v) { if (!$v['allowed']) { continue; } if ($v['default_type'] == 0 and !$allow_media) { continue; } $allowed_ext[] = str_replace(".", "", $k); } $dir = ""; if ($this->settings['gallery_dir_images']) { $dir = $this->DB->buildAndFetch(array('select' => 'directory', 'from' => 'gallery_images', 'order' => "id DESC", 'limit' => array(0, 1))); $dir = $dir['directory']; if (!is_dir($this->settings['gallery_images_path'] . '/' . $dir)) { $dir = ''; } $total = $this->DB->buildAndFetch(array('select' => 'COUNT(directory) AS files', 'from' => 'gallery_images', 'where' => "directory='{$dir}'")); if ($total['files'] >= $this->settings['gallery_dir_images'] || !$total['files']) { $dir = time(); @mkdir($this->settings['gallery_images_path'] . '/' . $dir, 0777); @chmod($this->settings['gallery_images_path'] . '/' . $dir, 0777); @touch($this->settings['gallery_images_path'] . '/' . $dir . '/index.html'); } $dir = $dir ? "{$dir}/" : ""; $imageArray['directory'] = str_replace("/", "", $dir); } $ext = $upload->_getFileExtension($info['file_name']); if (!in_array($ext, $allowed_ext)) { $this->logError($id, "Invalid_mime_type for file name: {$info['file_name']}"); return false; } $new_name = "gallery_{$info['member_id']}_" . ($info['album_id'] > 0 ? $info['album_id'] : $info['category_id']) . "_" . time() % $imageArray['file_size'] . '.' . $ext; $imageArray['masked_file_name'] = $new_name; $new_file = $this->settings['gallery_images_path'] . '/' . $dir . $new_name; // Create the file from the db if that's the case if ($db) { $this->createFile($new_name, $info['data'], $info['file_size'], $this->settings['gallery_images_path'] . '/' . substr($dir, 0, -1)); } else { // Copy the file to its end IP.Gallery location if (!@copy($path . '/' . $info['masked_file_name'], $new_file)) { $e = error_get_last(); $this->logError($id, 'Could not move file - attempted to move ' . $path . '/' . $info['masked_file_name'] . ' to ' . $new_file . '<br />' . $e['message'] . '<br /><br />'); return false; } } @chmod($new_file, 0777); if (method_exists($upload, 'check_xss_infile')) { $upload->saved_upload_name = $new_file; $upload->check_xss_infile(); if ($upload->error_no == 5) { $this->logError($id, 'Invalid XSS file: ' . $info['file_name'] . '<br /><br />'); return false; } } //------------------------------------------------------------- // Exif/IPTC support? //------------------------------------------------------------- $meta_data = array(); if ($this->settings['gallery_exif']) { $meta_data = array_merge($meta_data, $this->registry->glib->extractExif($new_file)); } if ($this->settings['gallery_iptc']) { $meta_data = array_merge($meta_data, $this->registry->glib->extractIptc($new_file)); } $imageArray['metadata'] = serialize($meta_data); //------------------------------------------------------------- // Pass to library //------------------------------------------------------------- $media = 0; $ext = '.' . $ext; $imageArray['media'] = $this->media_thumb_cache[$ext]['default_type'] ? 0 : 1; $image = array('media' => $imageArray['media'], 'directory' => $dir, 'masked_file_name' => $new_name); if (!$imageArray['media']) { $this->registry->glib->rebuildImage($image, FALSE, TRUE); } $imageArray['medium_file_name'] = $this->registry->glib->did_medium ? 'med_' . $new_name : ''; $imageArray['file_type'] = $this->registry->glib->getImageType($new_file); $imageArray['thumbnail'] = $this->registry->glib->did_thumb ? $this->registry->glib->did_thumb : 0; //----------------------------------------- // Insert //----------------------------------------- foreach ($custom_fields as $key => $value) { if (preg_match('/field_(.+)/', $key, $matches)) { $newKey = $this->getLink($matches[1], 'gallery_form_fields'); if ($newKey) { $imageArray['field_' . $newKey] = $value; } } } // Go $this->DB->insert('gallery_images', $imageArray); $inserted_id = $this->DB->getInsertId(); //----------------------------------------- // Add link //----------------------------------------- $this->addLink($inserted_id, $id, 'gallery_images'); return true; }
/** * Rebuild Attachment Data * * @access public * @return void */ public function rebuildAttachdata() { /* Upload Class */ require_once IPS_KERNEL_PATH . 'classUpload.php'; $upload = new classUpload(); //----------------------------------------- // Set up //----------------------------------------- $done = 0; $start = intval($this->request['st']) >= 0 ? intval($this->request['st']) : 0; $end = intval($this->request['pergo']) ? intval($this->request['pergo']) : 100; $dis = $end + $start; $output = array(); //----------------------------------------- // Got any more? //----------------------------------------- $tmp = $this->DB->buildAndFetch(array('select' => 'attach_id', 'from' => 'attachments', 'limit' => array($dis, 1))); $max = intval($tmp['attach_id']); //----------------------------------------- // Avoid limit... //----------------------------------------- $this->DB->build(array('select' => '*', 'from' => 'attachments', 'order' => 'attach_id ASC', 'limit' => array($start, $end))); $outer = $this->DB->execute(); //----------------------------------------- // Process... //----------------------------------------- while ($r = $this->DB->fetch($outer)) { //----------------------------------------- // Get ext //----------------------------------------- $update = array(); $update['attach_ext'] = $upload->_getFileExtension($r['attach_file']); if ($r['attach_location']) { if (file_exists($this->settings['upload_dir'] . '/' . $r['attach_location'])) { $update['attach_filesize'] = @filesize($this->settings['upload_dir'] . '/' . $r['attach_location']); if ($r['attach_is_image']) { $dims = @getimagesize($this->settings['upload_dir'] . '/' . $r['attach_location']); if ($dims[0] and $dims[1]) { $update['attach_img_width'] = $dims[0]; $update['attach_img_height'] = $dims[1]; } } } } if (count($update)) { $this->DB->update('attachments', $update, 'attach_id=' . $r['attach_id']); } $done++; } //----------------------------------------- // Finish - or more?... //----------------------------------------- if (!$done and !$max) { //----------------------------------------- // Done.. //----------------------------------------- $text = $this->lang->words['re_rebuildcomp'] . implode("<br />", $output); $url = "{$this->settings['base_url']}{$this->form_code}"; $time = 2; } else { //----------------------------------------- // More.. //----------------------------------------- $thisgoeshere = sprintf($this->lang->words['re_thisgoeshere'], $dis); $text = $thisgoeshere . implode("<br />", $output); $url = "{$this->settings['base_url']}{$this->form_code}&do={$this->request['do']}&pergo={$this->request['pergo']}&st={$dis}"; $time = 0; } //----------------------------------------- // Bye.... //----------------------------------------- $this->registry->output->redirect($url, $text, $time); }