function do_upload_photo() { global $vbulletin, $db, $show, $vbphrase, $foruminfo, $userinfo, $albuminfo, $session, $contenttypeid; $vbulletin->input->clean_array_gpc('p', array('caption' => TYPE_STR)); if (empty($albuminfo)) { standard_error(fetch_error('invalidid', $vbphrase['album'], $vbulletin->options['contactuslink'])); } // adding new, can only add in your own if ($userinfo['userid'] != $vbulletin->userinfo['userid']) { print_no_permission(); } $vbulletin->input->clean_gpc('f', 'photo', TYPE_FILE); // format vbulletin expects: $files[name][x]... we only have one per post $vbulletin->GPC['attachment'] = array('name' => array($vbulletin->GPC['photo']['name']), 'tmp_name' => array($vbulletin->GPC['photo']['tmp_name']), 'error' => array($vbulletin->GPC['photo']['error']), 'size' => array($vbulletin->GPC['photo']['size'])); $values['albumid'] = $vbulletin->GPC['albumid']; if (!($attachlib =& vB_Attachment_Store_Library::fetch_library($vbulletin, $contenttypeid, 0, $values))) { json_error("could not create attachment store"); } if (!$attachlib->verify_permissions()) { json_error(ERR_NO_PERMISSION); } $uploadids = $attachlib->upload($vbulletin->GPC['attachment'], array(), $vbulletin->GPC['filedata']); $uploads = explode(',', $uploadids); if (!empty($attachlib->errors)) { $errorlist = ''; foreach ($attachlib->errors as $error) { $filename = htmlspecialchars_uni($error['filename']); $errormessage = $error['error'] ? $error['error'] : $vbphrase["{$error['errorphrase']}"]; json_error($errormessage, RV_UPLOAD_ERROR); } } // Fetch possible destination albums $destination_result = $db->query_read("\n SELECT\n albumid, userid, title, coverattachmentid, state\n FROM " . TABLE_PREFIX . "album\n WHERE\n userid = {$userinfo['userid']}\n "); $destinations = array(); if ($db->num_rows($destination_result)) { while ($album = $db->fetch_array($destination_result)) { $destinations[$album['albumid']] = $album; } } $db->free_result($destination_result); $picture_sql = $db->query_read("\n SELECT\n a.contentid, a.userid, a.caption, a.state, a.dateline, a.attachmentid, a.contenttypeid,\n filedata.extension, filedata.filesize, filedata.thumbnail_filesize, filedata.filedataid\n FROM " . TABLE_PREFIX . "attachment AS a\n INNER JOIN " . TABLE_PREFIX . "filedata AS filedata ON (a.filedataid = filedata.filedataid)\n WHERE\n a.contentid = 0\n AND\n a.attachmentid IN (" . implode(',', $uploads) . ")\n "); while ($picture = $db->fetch_array($picture_sql)) { $attachdata =& datamanager_init('Attachment', $vbulletin, ERRTYPE_ARRAY, 'attachment'); $attachdata->set_existing($picture); $attachdata->set_info('albuminfo', $albuminfo); $attachdata->set_info('destination', $destinations[$albuminfo['albumid']]); $attachdata->set('contentid', $albuminfo['albumid']); $attachdata->set('posthash', ''); $attachdata->set('caption', $vbulletin->GPC['caption']); $attachdata->save(); } // update all albums that pictures were moved to foreach ($destinations as $albumid => $album) { if (sizeof($album['moved_pictures'])) { $albumdata =& datamanager_init('Album', $vbulletin, ERRTYPE_SILENT); $albumdata->set_existing($album); if (!$album['coverattachmentid']) { $albumdata->set('coverattachmentid', array_shift($album['moved_pictures'])); } $albumdata->rebuild_counts(); $albumdata->save(); unset($albumdata); } } $albumdata =& datamanager_init('Album', $vbulletin, ERRTYPE_SILENT); $albumdata->set_existing($albuminfo); $albumdata->rebuild_counts(); if ($new_coverid or $updatecounter) { if ($new_coverid or $cover_moved) { $albumdata->set('coverattachmentid', $new_coverid); } } $albumdata->save(); unset($albumdata); // add to updated list if (can_moderate(0, 'canmoderatepictures') or !$vbulletin->options['albums_pictures_moderation'] and $vbulletin->userinfo['permissions']['albumpermissions'] & $vbulletin->bf_ugp_albumpermissions['picturefollowforummoderation']) { exec_album_updated($vbulletin->userinfo, $albuminfo); } return array('success' => true); }
// pics uploaded and errors, show only names foreach (array_keys($errors) as $uploadid) { $error_names[] = urlencode($uploads["{$uploadid}"]['name']); } } } } // else only pics got through; no errors ($hook = vBulletinHook::fetch_hook('album_picture_upload_complete')) ? eval($hook) : false; if (!$moderatedpictures and $pictureids and !$albuminfo['coverpictureid']) { // no cover -> set cover to the first pic uploaded $db->query_write("\n\t\t\tUPDATE " . TABLE_PREFIX . "album SET\n\t\t\t\tcoverpictureid = " . reset($pictureids) . "\n\t\t\tWHERE albumid = {$albuminfo['albumid']}\n\t\t"); } // add to updated list if (can_moderate(0, 'canmoderatepictures') or !$vbulletin->options['albums_pictures_moderation'] and $vbulletin->userinfo['permissions']['albumpermissions'] & $vbulletin->bf_ugp_albumpermissions['picturefollowforummoderation']) { exec_album_updated($vbulletin->userinfo, $albuminfo); } $vbulletin->url = 'album.php?' . $vbulletin->session->vars['sessionurl'] . "do=editpictures&albumid={$albuminfo['albumid']}" . "&pictureids[]=" . implode('&pictureids[]=', $pictureids) . ($error_names ? "&errors[]=" . implode('&errors[]=', $error_names) : ''); eval(print_standard_redirect('pictures_uploaded')); } // ####################################################################### if ($_REQUEST['do'] == 'addpictures') { $uploadbits = ''; for ($i = 0; $i < $max_uploads; $i++) { eval('$uploadbits .= "' . fetch_template('album_picture_uploadbit') . '";'); } // let's show the information about remaining space if applicable (not an edit) $show['max_pic_limit'] = $pics_remain !== null; $show['max_totalsize_limit'] = $userinfo['permissions']['albummaxsize']; $show['max_picsize_limit'] = $userinfo['permissions']['albumpicmaxsize']; $show['max_dim_limit'] = ($userinfo['permissions']['albumpicmaxwidth'] or $userinfo['permissions']['albumpicmaxheight']);
/** * Verifies permissions to attach content to albums * * @param object vB_Upload * @param array Information about uploaded attachment * * @return integer */ protected function process_upload($upload, $attachment, $imageonly = false) { $exists = $this->registry->db->query_first(" SELECT COUNT(*) AS count FROM " . TABLE_PREFIX . "attachment AS a WHERE a.contentid = 0 AND a.posthash = '" . $this->registry->db->escape_string($this->values['posthash']) . "' "); $existing = $existing['count']; $this->contentid = $this->values['albumid']; $this->fetch_attachcount(); $this->contentid = 0; // these values are negative (non-overage), so we need to flip them around for a "remaining" value if (isset($this->totalpics_overage) AND $this->totalpics_overage >= 0) { standard_error(fetch_error('upload_album_pics_countfull', vb_number_format(-1 * $this->albumpics_overage))); } $moderatedpictures = ( ( $this->registry->options['albums_pictures_moderation'] OR !($this->registry->userinfo['permissions']['albumpermissions'] & $this->registry->bf_ugp_albumpermissions['picturefollowforummoderation']) ) AND !can_moderate(0, 'canmoderatepictures') ); $this->uploadcount++; if (!($attachmentid = parent::process_upload($upload, $attachment, $imageonly))) { $this->uploadcount--; return false; } // add to updated list if ( can_moderate(0, 'canmoderatepictures') OR ( !$this->registry->options['albums_pictures_moderation'] AND $this->registry->userinfo['permissions']['albumpermissions'] & $this->registry->bf_ugp_albumpermissions['picturefollowforummoderation'] ) ) { exec_album_updated($this->registry->userinfo, $this->albuminfo); } if (!$moderatedpictures AND !$this->albuminfo['coverattachmentid']) { $this->albuminfo['coverattachmentid'] = $attachmentid; // no cover -> set cover to the first pic uploaded $this->registry->db->query_write(" UPDATE " . TABLE_PREFIX . "album SET coverattachmentid = $attachmentid WHERE albumid = {$this->albuminfo['albumid']} "); } return $attachmentid; }