function _check_fn_ext($picname)
{
global $CONFIG, $lang_db_input_php, $matches;
// Analyze the file extension using regular expressions.
if (!preg_match('/(.+)\\.(.*?)\\Z/', $picname, $matches)) {
// The file name is invalid.
$matches[1] = 'invalid_fname';
// Make a bogus file extension to trigger Coppermine's defenses.
$matches[2] = 'xxx';
}
// If there is no extension, or if the extension is unknown/not permitted by Coppermine, zap the intruder.
if ($matches[2] == '' || !is_known_filetype($matches)) {
// We reject the file, and make a note of the error.
errorOut($lang_db_input_php['err_invalid_fext'] . ' ' . preg_replace('/\\//', ', ', $CONFIG['allowed_file_extensions']), 0, __FILE__, __LINE__);
}
return $matches[2];
}
function add_picture($aid, $filepath, $filename, $position = 0, $title = '', $caption = '', $keywords = '', $user1 = '', $user2 = '', $user3 = '', $user4 = '', $category = 0, $raw_ip = '', $hdr_ip = '', $iwidth = 0, $iheight = 0)
{
global $CONFIG, $USER_DATA, $PIC_NEED_APPROVAL, $CURRENT_PIC_DATA;
global $lang_errors, $lang_db_input_php;
$image = $CONFIG['fullpath'] . $filepath . $filename;
$normal = $CONFIG['fullpath'] . $filepath . $CONFIG['normal_pfx'] . $filename;
$thumb = $CONFIG['fullpath'] . $filepath . $CONFIG['thumb_pfx'] . $filename;
$orig = $CONFIG['fullpath'] . $filepath . $CONFIG['orig_pfx'] . $filename;
// $mini = $CONFIG['fullpath'] . $filepath . $CONFIG['mini_pfx'] . $filename;
$work_image = $image;
if (!is_known_filetype($image)) {
return array('error' => $lang_db_input_php['err_invalid_fext'] . ' ' . $CONFIG['allowed_file_extensions'], 'halt_upload' => 0);
} elseif (is_image($filename)) {
$imagesize = cpg_getimagesize($image);
if ($CONFIG['read_iptc_data']) {
// read IPTC data
$iptc = get_IPTC($image);
if (is_array($iptc) && !$title && !$caption && !$keywords) {
//if any of those 3 are filled out we don't want to override them, they may be blank on purpose.
$title = isset($iptc['Headline']) ? trim($iptc['Headline']) : $title;
$caption = isset($iptc['Caption']) ? trim($iptc['Caption']) : $caption;
$keywords = isset($iptc['Keywords']) ? implode($CONFIG['keyword_separator'], $iptc['Keywords']) : $keywords;
}
}
// resize picture if it's bigger than the max width or height for uploaded pictures
if (max($imagesize[0], $imagesize[1]) > $CONFIG['max_upl_width_height']) {
if (USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) {
$resize_method = $CONFIG['picture_use'] == "thumb" ? $CONFIG['thumb_use'] == "ex" ? "any" : $CONFIG['thumb_use'] : $CONFIG['picture_use'];
resize_image($image, $image, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $resize_method, 'false');
$imagesize = cpg_getimagesize($image);
} elseif (USER_IS_ADMIN) {
// skip resizing for admin
$picture_original_size = true;
} else {
@unlink($uploaded_pic);
$msg = sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']);
return array('error' => $msg, 'halt_upload' => 1);
}
}
// create backup of full sized picture if watermark is enabled for full sized pictures
if (!file_exists($orig) && $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
if (!copy($image, $orig)) {
return false;
} else {
$work_image = $orig;
}
}
if (!file_exists($thumb)) {
// create thumbnail
if (($result = resize_image($work_image, $thumb, $CONFIG['thumb_width'], $CONFIG['thumb_method'], $CONFIG['thumb_use'], "false", 1)) !== true) {
return $result;
}
}
if ($CONFIG['make_intermediate'] && cpg_picture_dimension_exceeds_intermediate_limit($imagesize[0], $imagesize[1]) && !file_exists($normal)) {
// create intermediate sized picture
$resize_method = $CONFIG['picture_use'] == "thumb" ? $CONFIG['thumb_use'] == "ex" ? "any" : $CONFIG['thumb_use'] : $CONFIG['picture_use'];
$watermark = $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'resized') ? 'true' : 'false';
if (($result = resize_image($work_image, $normal, $CONFIG['picture_width'], $CONFIG['thumb_method'], $resize_method, $watermark)) !== true) {
return $result;
}
}
// watermark full sized picture
if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
$wm_max_upl_width_height = $picture_original_size ? max($imagesize[0], $imagesize[1]) : $CONFIG['max_upl_width_height'];
// use max aspect of original image if it hasn't been resized earlier
if (($result = resize_image($work_image, $image, $wm_max_upl_width_height, $CONFIG['thumb_method'], 'any', 'true')) !== true) {
return $result;
}
}
} else {
$imagesize[0] = $iwidth;
$imagesize[1] = $iheight;
}
clearstatcache();
$image_filesize = filesize($image);
$total_filesize = is_image($filename) ? $image_filesize + (file_exists($normal) ? filesize($normal) : 0) + filesize($thumb) : $image_filesize;
// Test if disk quota exceeded
if (!GALLERY_ADMIN_MODE && $USER_DATA['group_quota'] && $category == FIRST_USER_CAT + USER_ID) {
$result = cpg_db_query("SELECT sum(total_filesize) FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND category = '" . (FIRST_USER_CAT + USER_ID) . "'");
$record = mysql_fetch_array($result);
$total_space_used = $record[0];
mysql_free_result($result);
if ($total_space_used + $total_filesize >> 10 > $USER_DATA['group_quota']) {
@unlink($image);
if (is_image($image)) {
@unlink($normal);
@unlink($thumb);
}
$msg = $lang_errors['quota_exceeded'] . '<br /> <br />' . strtr($lang_errors['quota_exceeded_details'], array('[quota]' => $USER_DATA['group_quota'], '[space]' => $total_space_used >> 10));
return array('error' => $msg, 'halt_upload' => 1);
}
}
// Test if picture requires approval
if (GALLERY_ADMIN_MODE) {
$approved = 'YES';
} elseif (!$USER_DATA['priv_upl_need_approval'] && $category == FIRST_USER_CAT + USER_ID) {
$approved = 'YES';
} elseif (!$USER_DATA['pub_upl_need_approval'] && $category < FIRST_USER_CAT) {
$approved = 'YES';
} else {
$approved = 'NO';
}
$PIC_NEED_APPROVAL = $approved == 'NO';
// User ID is recorded when in admin mode
$user_id = USER_ID;
// Populate Array to pass to plugins, then to SQL
$CURRENT_PIC_DATA['aid'] = $aid;
$CURRENT_PIC_DATA['filepath'] = $filepath;
$CURRENT_PIC_DATA['filename'] = $filename;
$CURRENT_PIC_DATA['filesize'] = $image_filesize;
$CURRENT_PIC_DATA['total_filesize'] = $total_filesize;
$CURRENT_PIC_DATA['pwidth'] = $imagesize[0];
$CURRENT_PIC_DATA['pheight'] = $imagesize[1];
$CURRENT_PIC_DATA['owner_id'] = $user_id;
$CURRENT_PIC_DATA['title'] = $title;
$CURRENT_PIC_DATA['caption'] = $caption;
$CURRENT_PIC_DATA['keywords'] = $keywords;
$CURRENT_PIC_DATA['approved'] = $approved;
$CURRENT_PIC_DATA['user1'] = $user1;
$CURRENT_PIC_DATA['user2'] = $user2;
$CURRENT_PIC_DATA['user3'] = $user3;
$CURRENT_PIC_DATA['user4'] = $user4;
$CURRENT_PIC_DATA['pic_raw_ip'] = $raw_ip;
$CURRENT_PIC_DATA['pic_hdr_ip'] = $hdr_ip;
$CURRENT_PIC_DATA['position'] = $position;
$CURRENT_PIC_DATA['guest_token'] = USER_ID == 0 ? cpg_get_guest_token() : '';
$CURRENT_PIC_DATA = CPGPluginAPI::filter('add_file_data', $CURRENT_PIC_DATA);
if (USER_ID > 0 || $CONFIG['allow_guests_enter_file_details'] == 1) {
$query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position, guest_token) VALUES ('{$CURRENT_PIC_DATA['aid']}', '" . addslashes($CURRENT_PIC_DATA['filepath']) . "', '" . addslashes($CURRENT_PIC_DATA['filename']) . "', '{$CURRENT_PIC_DATA['filesize']}', '{$CURRENT_PIC_DATA['total_filesize']}', '{$CURRENT_PIC_DATA['pwidth']}', '{$CURRENT_PIC_DATA['pheight']}', '" . time() . "', '{$CURRENT_PIC_DATA['owner_id']}', '{$CURRENT_PIC_DATA['title']}', '{$CURRENT_PIC_DATA['caption']}', '{$CURRENT_PIC_DATA['keywords']}', '{$CURRENT_PIC_DATA['approved']}', '{$CURRENT_PIC_DATA['user1']}', '{$CURRENT_PIC_DATA['user2']}', '{$CURRENT_PIC_DATA['user3']}', '{$CURRENT_PIC_DATA['user4']}', '{$CURRENT_PIC_DATA['pic_raw_ip']}', '{$CURRENT_PIC_DATA['pic_hdr_ip']}', '{$CURRENT_PIC_DATA['position']}', '{$CURRENT_PIC_DATA['guest_token']}')";
} else {
$query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position, guest_token) VALUES ('{$CURRENT_PIC_DATA['aid']}', '" . addslashes($CURRENT_PIC_DATA['filepath']) . "', '" . addslashes($CURRENT_PIC_DATA['filename']) . "', '{$CURRENT_PIC_DATA['filesize']}', '{$CURRENT_PIC_DATA['total_filesize']}', '{$CURRENT_PIC_DATA['pwidth']}', '{$CURRENT_PIC_DATA['pheight']}', '" . time() . "', '{$CURRENT_PIC_DATA['owner_id']}', '', '', '', '{$CURRENT_PIC_DATA['approved']}', '{$CURRENT_PIC_DATA['user1']}', '{$CURRENT_PIC_DATA['user2']}', '{$CURRENT_PIC_DATA['user3']}', '{$CURRENT_PIC_DATA['user4']}', '{$CURRENT_PIC_DATA['pic_raw_ip']}', '{$CURRENT_PIC_DATA['pic_hdr_ip']}', '{$CURRENT_PIC_DATA['position']}', '{$CURRENT_PIC_DATA['guest_token']}')";
}
$result = cpg_db_query($query);
// Put the pid in current_pic_data and call the plugin filter for file data success
$CURRENT_PIC_DATA['pid'] = mysql_insert_id($CONFIG['LINK_ID']);
CPGPluginAPI::action('add_file_data_success', $CURRENT_PIC_DATA);
//return $result;
return true;
}
function process_picture()
{
global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_POST_FILES, $CONFIG, $IMG_TYPES;
global $lang_db_input_php, $lang_errors;
@unlink(LOGFILE);
if (!USER_ID || !USER_CAN_UPLOAD_PICTURES) {
simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
$album = (int) $HTTP_GET_VARS['album'];
$title = $HTTP_POST_VARS['title'];
$caption = $HTTP_POST_VARS['caption'];
$keywords = $HTTP_POST_VARS['keywords'];
$user1 = '';
$user2 = '';
$user3 = '';
$user4 = '';
// Check if the album id provided is valid
if (!USER_IS_ADMIN) {
$result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}' and category = '" . (USER_ID + FIRST_USER_CAT) . "'");
if (mysql_num_rows($result) == 0) {
simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
}
$row = mysql_fetch_array($result);
mysql_free_result($result);
$category = $row['category'];
} else {
$result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}'");
if (mysql_num_rows($result) == 0) {
simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
}
$row = mysql_fetch_array($result);
mysql_free_result($result);
$category = $row['category'];
}
// Test if the filename of the temporary uploaded picture is empty
if ($HTTP_POST_FILES['userpicture']['tmp_name'] == '') {
simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__);
}
// Create destination directory for pictures
if (USER_ID && !defined('SILLY_SAFE_MODE')) {
if (USER_IS_ADMIN && $category != USER_ID + FIRST_USER_CAT) {
$filepath = 'wpw-' . date("Ymd");
} else {
$filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT);
}
$dest_dir = $CONFIG['fullpath'] . $filepath;
if (!is_dir($dest_dir)) {
mkdir($dest_dir, octdec($CONFIG['default_dir_mode']));
if (!is_dir($dest_dir)) {
simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true);
}
chmod($dest_dir, octdec($CONFIG['default_dir_mode']));
$fp = fopen($dest_dir . '/index.html', 'w');
fwrite($fp, ' ');
fclose($fp);
}
$dest_dir .= '/';
$filepath .= '/';
} else {
$filepath = $CONFIG['userpics'];
$dest_dir = $CONFIG['fullpath'] . $filepath;
}
// Check that target dir is writable
if (!is_writable($dest_dir)) {
simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true);
}
$matches = array();
if (get_magic_quotes_gpc()) {
$HTTP_POST_FILES['userpicture']['name'] = stripslashes($HTTP_POST_FILES['userpicture']['name']);
}
// Replace forbidden chars with underscores
$forbidden_chars = strtr($CONFIG['forbiden_fname_char'], array('&' => '&', '"' => '"', '<' => '<', '>' => '>'));
$picture_name = strtr($HTTP_POST_FILES['userpicture']['name'], $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char'])));
// Check that the file uploaded has a valid extension
if (!preg_match("/(.+)\\.(.*?)\\Z/", $picture_name, $matches)) {
$matches[1] = 'invalid_fname';
$matches[2] = 'xxx';
}
if ($matches[2] == '' || !is_known_filetype($matches)) {
simple_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__);
}
// Create a unique name for the uploaded file
$nr = 0;
$picture_name = $matches[1] . '.' . $matches[2];
while (file_exists($dest_dir . $picture_name)) {
$picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
}
$uploaded_pic = $dest_dir . $picture_name;
// Move the picture into its final location
if (!move_uploaded_file($HTTP_POST_FILES['userpicture']['tmp_name'], $uploaded_pic)) {
simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true);
}
// Change file permission
chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
// Check file size. Delete if it is excessive.
if (filesize($uploaded_pic) > $CONFIG['max_upl_size'] << 10) {
@unlink($uploaded_pic);
simple_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__);
} elseif (is_image($picture_name)) {
// Get picture information
$imginfo = getimagesize($uploaded_pic);
// getimagesize does not recognize the file as a picture
if ($imginfo == null) {
@unlink($uploaded_pic);
simple_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true);
}
// JPEG and PNG only are allowed with GD
if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) {
@unlink($uploaded_pic);
simple_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true);
}
// Check that picture size (in pixels) is lower than the maximum allowed
if (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) {
@unlink($uploaded_pic);
simple_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__);
}
}
// Create thumbnail and internediate image and add the image into the DB
$result = add_picture($album, $filepath, $picture_name, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category);
if (!$result) {
@unlink($uploaded_pic);
simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true);
} else {
echo "SUCCESS";
exit;
}
}
// Check that target dir is writable
if (!is_writable($dest_dir)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true);
}
if (get_magic_quotes_gpc()) {
$_FILES['userpicture']['name'] = stripslashes($_FILES['userpicture']['name']);
}
// Replace forbidden chars with underscores
$picture_name = replace_forbidden($_FILES['userpicture']['name']);
// Check that the file uploaded has a valid extension
$matches = array();
if (!preg_match("/(.+)\\.(.*?)\\Z/", $picture_name, $matches)) {
$matches[1] = 'invalid_fname';
$matches[2] = 'xxx';
}
if ($matches[2] == '' || !is_known_filetype($matches)) {
cpg_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__);
}
// Create a unique name for the uploaded file
$nr = 0;
$picture_name = $matches[1] . '.' . $matches[2];
while (file_exists($dest_dir . $picture_name)) {
$picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
}
$uploaded_pic = $dest_dir . $picture_name;
// Move the picture into its final location
if (!move_uploaded_file($_FILES['userpicture']['tmp_name'], $uploaded_pic)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true);
}
// Change file permission
chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
function process_post_data()
{
global $CONFIG, $mb_utf8_regex;
global $lang_errors, $lang_editpics_php;
$pid = (int) $_POST['id'];
$aid = (int) $_POST['aid'];
$pwidth = (int) $_POST['pwidth'];
$pheight = (int) $_POST['pheight'];
$title = $_POST['title'];
$caption = $_POST['caption'];
$keywords = $_POST['keywords'];
$user1 = $_POST['user1'];
$user2 = $_POST['user2'];
$user3 = $_POST['user3'];
$user4 = $_POST['user4'];
$galleryicon = (int) $_POST['galleryicon'];
$isgalleryicon = $galleryicon === $pid;
// need to implement "Read EXIF info again" checkbox; comment out for now
// $read_exif = isset($_POST['read_exif']);
$reset_vcount = isset($_POST['reset_vcount']);
$reset_votes = isset($_POST['reset_votes']);
$del_comments = isset($_POST['del_comments']) || $delete;
$result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} AS p, {$CONFIG['TABLE_ALBUMS']} AS a WHERE a.aid = p.aid AND pid = '{$pid}'");
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = mysql_fetch_array($result);
mysql_free_result($result);
if (!(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID) || !USER_ID) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
$update = "aid = '" . $aid . "'";
if (is_movie($pic['filename'])) {
$update .= ", pwidth = " . $pwidth;
$update .= ", pheight = " . $pheight;
}
$update .= ", title = '" . addslashes($title) . "'";
$update .= ", caption = '" . addslashes($caption) . "'";
$update .= ", keywords = '" . addslashes($keywords) . "'";
$update .= ", user1 = '" . addslashes($user1) . "'";
$update .= ", user2 = '" . addslashes($user2) . "'";
$update .= ", user3 = '" . addslashes($user3) . "'";
$update .= ", user4 = '" . addslashes($user4) . "'";
if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
$sql = 'update ' . $CONFIG['TABLE_PICTURES'] . ' set galleryicon=0 where owner_id=' . $pic['owner_id'] . ';';
cpg_db_query($sql);
$update .= ", galleryicon = " . addslashes($galleryicon);
}
if ($reset_vcount) {
$update .= ", hits = '0'";
resetDetailHits($pid);
}
if ($reset_votes) {
$update .= ", pic_rating = '0', votes = '0'";
resetDetailVotes($pid);
}
if ($del_comments) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'";
$result = cpg_db_query($query);
} else {
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1";
$result = cpg_db_query($query);
}
// rename a file
if ($_POST['filename'] != $pic['filename']) {
if ($CONFIG['thumb_use'] == 'ht' && $pic['pheight'] > $CONFIG['picture_width']) {
$condition = true;
} elseif ($CONFIG['thumb_use'] == 'wd' && $pic['pwidth'] > $CONFIG['picture_width']) {
$condition = true;
} elseif ($CONFIG['thumb_use'] == 'any' && max($pic['pwidth'], $pic['pheight']) > $CONFIG['picture_width']) {
$condition = true;
} else {
$condition = false;
}
if ($CONFIG['make_intermediate'] && $condition) {
$prefices = array('fullsize', 'normal', 'thumb');
} else {
$prefices = array('fullsize', 'thumb');
}
if (!is_image($pic['filename'])) {
$prefices = array('fullsize');
}
foreach ($prefices as $prefix) {
$oldname = urldecode(get_pic_url($pic, $prefix));
$filename = replace_forbidden($_POST['filename']);
$newname = str_replace($pic['filename'], $filename, $oldname);
$old_mime = cpg_get_type($oldname);
$new_mime = cpg_get_type($newname);
if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__);
}
if (!is_known_filetype($newname)) {
cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__);
}
if (file_exists($newname)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__);
}
if (!file_exists($oldname)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__);
}
if (rename($oldname, $newname)) {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$filename}' WHERE pid = '{$pid}' LIMIT 1");
} else {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__);
}
}
}
}
/**
* getfoldercontent()
*
* return the files and directories of a folder in two arrays
*
* @param $folder the folder to read
* @param $dir_array the array that will contain name of sub-dir
* @param $pic_array the array that will contain name of picture
* @param $expic_array an array that contains pictures already in db
* @return
*/
function getfoldercontent($folder, &$dir_array, &$pic_array, &$expic_array)
{
global $CONFIG, $lang_db_input_php;
$dir = opendir($CONFIG['fullpath'] . $folder);
while ($file = readdir($dir)) {
if (is_dir($CONFIG['fullpath'] . $folder . $file)) {
if ($file != "." && $file != ".." && $CONFIG['fullpath'] . $folder . $file != $CONFIG['fullpath'] . '/edit' && $CONFIG['fullpath'] . $folder . $file != $CONFIG['fullpath'] . '/' . substr($CONFIG['userpics'], 0, strlen($CONFIG['userpics']) - 1)) {
$dir_array[] = $file;
}
}
if (is_file($CONFIG['fullpath'] . $folder . $file)) {
if (strncmp($file, $CONFIG['thumb_pfx'], strlen($CONFIG['thumb_pfx'])) != 0 && strncmp($file, $CONFIG['normal_pfx'], strlen($CONFIG['normal_pfx'])) != 0 && $file != 'index.html') {
$newfile = replace_forbidden($file);
if ($newfile != $file) {
//File name has been changed, let's get a unique filename and rename the existing file.
$matches = array();
if (!preg_match("/(.+)\\.(.*?)\\Z/", $newfile, $matches)) {
$matches[1] = 'invalid_fname';
$matches[2] = 'xxx';
}
if ($matches[2] == '' || !is_known_filetype($matches)) {
cpg_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__);
}
// Create a unique name for the uploaded file
$nr = 0;
$picture_name = $matches[1] . '.' . $matches[2];
while (file_exists($CONFIG['fullpath'] . $folder . $picture_name)) {
$picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
}
@rename($CONFIG['fullpath'] . $folder . $file, $CONFIG['fullpath'] . $folder . $picture_name);
$file = $picture_name;
}
$pic_array[] = $file;
}
}
}
closedir($dir);
natcasesort($dir_array);
natcasesort($pic_array);
}
function add_picture($aid, $filepath, $filename, $title = '', $caption = '', $keywords = '', $user1 = '', $user2 = '', $user3 = '', $user4 = '', $category = 0, $raw_ip = '', $hdr_ip = '', $iwidth = 0, $iheight = 0)
{
global $CONFIG, $ERROR, $USER_DATA, $PIC_NEED_APPROVAL;
global $lang_errors;
$image = $CONFIG['fullpath'] . $filepath . $filename;
$normal = $CONFIG['fullpath'] . $filepath . $CONFIG['normal_pfx'] . $filename;
$thumb = $CONFIG['fullpath'] . $filepath . $CONFIG['thumb_pfx'] . $filename;
if (!is_known_filetype($image)) {
return false;
} elseif (is_image($filename)) {
if (!file_exists($thumb)) {
if (!resize_image($image, $thumb, $CONFIG['thumb_width'], $CONFIG['thumb_method'], $CONFIG['thumb_use'])) {
return false;
}
}
$imagesize = getimagesize($image);
if (max($imagesize[0], $imagesize[1]) > $CONFIG['picture_width'] && $CONFIG['make_intermediate'] && !file_exists($normal)) {
if (!resize_image($image, $normal, $CONFIG['picture_width'], $CONFIG['thumb_method'], $CONFIG['thumb_use'])) {
return false;
}
}
} else {
$imagesize[0] = $iwidth;
$imagesize[1] = $iheight;
}
$image_filesize = filesize($image);
$total_filesize = is_image($filename) ? $image_filesize + (file_exists($normal) ? filesize($normal) : 0) + filesize($thumb) : $image_filesize;
// Test if disk quota exceeded
if (!GALLERY_ADMIN_MODE && $USER_DATA['group_quota']) {
$result = db_query("SELECT sum(total_filesize) FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND category = '" . (FIRST_USER_CAT + USER_ID) . "'");
$record = mysql_fetch_array($result);
$total_space_used = $record[0];
mysql_free_result($result);
if ($total_space_used + $total_filesize >> 10 > $USER_DATA['group_quota']) {
@unlink($image);
if (is_image($image)) {
@unlink($normal);
@unlink($thumb);
}
$msg = strtr($lang_errors['quota_exceeded'], array('[quota]' => $USER_DATA['group_quota'], '[space]' => $total_space_used >> 10));
cpg_die(ERROR, $msg, __FILE__, __LINE__);
}
}
// Test if picture requires approval
if (GALLERY_ADMIN_MODE) {
$approved = 'YES';
} elseif (!$USER_DATA['priv_upl_need_approval'] && $category == FIRST_USER_CAT + USER_ID) {
$approved = 'YES';
} elseif (!$USER_DATA['pub_upl_need_approval']) {
$approved = 'YES';
} else {
$approved = 'NO';
}
$PIC_NEED_APPROVAL = $approved == 'NO';
// User ID is now recorded when in admin mode (casper)
$user_id = USER_ID;
$username = USER_NAME;
$query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (pid, aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, owner_name, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip) VALUES ('', '{$aid}', '" . addslashes($filepath) . "', '" . addslashes($filename) . "', '{$image_filesize}', '{$total_filesize}', '{$imagesize[0]}', '{$imagesize[1]}', '" . time() . "', '{$user_id}', '{$username}','{$title}', '{$caption}', '{$keywords}', '{$approved}', '{$user1}', '{$user2}', '{$user3}', '{$user4}', '{$raw_ip}', '{$hdr_ip}')";
$result = db_query($query);
return $result;
}
function add_picture($aid, $filepath, $filename, $position = 0, $title = '', $caption = '', $keywords = '', $user1 = '', $user2 = '', $user3 = '', $user4 = '', $category = 0, $raw_ip = '', $hdr_ip = '', $iwidth = 0, $iheight = 0)
{
global $CONFIG, $ERROR, $USER_DATA, $PIC_NEED_APPROVAL;
global $lang_errors;
$image = $CONFIG['fullpath'] . $filepath . $filename;
$normal = $CONFIG['fullpath'] . $filepath . $CONFIG['normal_pfx'] . $filename;
$thumb = $CONFIG['fullpath'] . $filepath . $CONFIG['thumb_pfx'] . $filename;
if (!is_known_filetype($image)) {
return false;
} elseif (is_image($filename)) {
$imagesize = getimagesize($image);
if ($CONFIG['read_iptc_data']) {
$iptc = get_IPTC($image);
if (is_array($iptc) && !$title && !$caption && !$keywords) {
//if any of those 3 are filled out we don't want to override them, they may be blank on purpose.
$title = isset($iptc['Title']) ? $iptc['Title'] : $title;
$caption = isset($iptc['Caption']) ? $iptc['Caption'] : $caption;
$keywords = isset($iptc['Keywords']) ? implode(' ', $iptc['Keywords']) : $keywords;
}
}
if ((USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) && max($imagesize[0], $imagesize[1]) > $CONFIG['max_upl_width_height']) {
//resize_image($image, $image, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $imagesize[0] > $CONFIG['max_upl_width_height'] ? 'wd' : 'ht');
resize_image($image, $image, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $CONFIG['thumb_use']);
$imagesize = getimagesize($image);
}
if (!file_exists($thumb)) {
if (!resize_image($image, $thumb, $CONFIG['thumb_width'], $CONFIG['thumb_method'], $CONFIG['thumb_use'])) {
return false;
}
}
if (max($imagesize[0], $imagesize[1]) > $CONFIG['picture_width'] && $CONFIG['make_intermediate'] && !file_exists($normal)) {
if (!resize_image($image, $normal, $CONFIG['picture_width'], $CONFIG['thumb_method'], $CONFIG['thumb_use'])) {
return false;
}
}
} else {
$imagesize[0] = $iwidth;
$imagesize[1] = $iheight;
}
$image_filesize = filesize($image);
$total_filesize = is_image($filename) ? $image_filesize + (file_exists($normal) ? filesize($normal) : 0) + filesize($thumb) : $image_filesize;
// Test if disk quota exceeded
if (!GALLERY_ADMIN_MODE && $USER_DATA['group_quota'] && $category == FIRST_USER_CAT + USER_ID) {
$result = cpg_db_query("SELECT sum(total_filesize) FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND category = '" . (FIRST_USER_CAT + USER_ID) . "'");
$record = mysql_fetch_array($result);
$total_space_used = $record[0];
mysql_free_result($result);
if ($total_space_used + $total_filesize >> 10 > $USER_DATA['group_quota']) {
@unlink($image);
if (is_image($image)) {
@unlink($normal);
@unlink($thumb);
}
$msg = strtr($lang_errors['quota_exceeded'], array('[quota]' => $USER_DATA['group_quota'], '[space]' => $total_space_used >> 10));
cpg_die(ERROR, $msg, __FILE__, __LINE__);
}
}
// Test if picture requires approval
if (GALLERY_ADMIN_MODE) {
$approved = 'YES';
} elseif (!$USER_DATA['priv_upl_need_approval'] && $category == FIRST_USER_CAT + USER_ID) {
$approved = 'YES';
} elseif (!$USER_DATA['pub_upl_need_approval'] && $category < FIRST_USER_CAT) {
$approved = 'YES';
} else {
$approved = 'NO';
}
$PIC_NEED_APPROVAL = $approved == 'NO';
// User ID is now recorded when in admin mode (casper)
$user_id = USER_ID;
$username = USER_NAME;
// Populate Array to pass to plugins, then to SQL.
$CURRENT_PIC_DATA['aid'] = $aid;
$CURRENT_PIC_DATA['filepath'] = $filepath;
$CURRENT_PIC_DATA['filename'] = $filename;
$CURRENT_PIC_DATA['filesize'] = $image_filesize;
$CURRENT_PIC_DATA['total_filesize'] = $total_filesize;
$CURRENT_PIC_DATA['pwidth'] = $imagesize[0];
$CURRENT_PIC_DATA['pheight'] = $imagesize[1];
$CURRENT_PIC_DATA['owner_id'] = $user_id;
$CURRENT_PIC_DATA['owner_name'] = $username;
$CURRENT_PIC_DATA['title'] = $title;
$CURRENT_PIC_DATA['caption'] = $caption;
$CURRENT_PIC_DATA['keywords'] = $keywords;
$CURRENT_PIC_DATA['approved'] = $approved;
$CURRENT_PIC_DATA['user1'] = $user1;
$CURRENT_PIC_DATA['user2'] = $user2;
$CURRENT_PIC_DATA['user3'] = $user3;
$CURRENT_PIC_DATA['user4'] = $user4;
$CURRENT_PIC_DATA['pic_raw_ip'] = $raw_ip;
$CURRENT_PIC_DATA['pic_hdr_ip'] = $hdr_ip;
$CURRENT_PIC_DATA['position'] = $position;
$CURRENT_PIC_DATA = CPGPluginAPI::filter('add_file_data', $CURRENT_PIC_DATA);
$query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, owner_name, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position) VALUES ('{$CURRENT_PIC_DATA['aid']}', '" . addslashes($CURRENT_PIC_DATA['filepath']) . "', '" . addslashes($CURRENT_PIC_DATA['filename']) . "', '{$CURRENT_PIC_DATA['filesize']}', '{$CURRENT_PIC_DATA['total_filesize']}', '{$CURRENT_PIC_DATA['pwidth']}', '{$CURRENT_PIC_DATA['pheight']}', '" . time() . "', '{$CURRENT_PIC_DATA['owner_id']}', '{$CURRENT_PIC_DATA['owner_name']}','{$CURRENT_PIC_DATA['title']}', '{$CURRENT_PIC_DATA['caption']}', '{$CURRENT_PIC_DATA['keywords']}', '{$CURRENT_PIC_DATA['approved']}', '{$CURRENT_PIC_DATA['user1']}', '{$CURRENT_PIC_DATA['user2']}', '{$CURRENT_PIC_DATA['user3']}', '{$CURRENT_PIC_DATA['user4']}', '{$CURRENT_PIC_DATA['pic_raw_ip']}', '{$CURRENT_PIC_DATA['pic_hdr_ip']}', '{$CURRENT_PIC_DATA['position']}')";
$result = cpg_db_query($query);
return $result;
}
function process_post_data()
{
global $CONFIG, $USER_DATA, $lang_errors, $lang_editpics_php, $superCage;
//Check if the form token is valid
if (!checkFormToken()) {
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
$user_album_set = array();
$result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " OR uploads = 'YES'");
while ($row = mysql_fetch_assoc($result)) {
$user_album_set[$row['aid']] = 1;
}
mysql_free_result($result);
$pid = $superCage->post->getInt('id');
$aid = $superCage->post->getInt('aid');
$pwidth = $superCage->post->getInt('pwidth');
$pheight = $superCage->post->getInt('pheight');
$title = cpgSanitizeUserTextInput($superCage->post->getEscaped('title'));
$caption = cpgSanitizeUserTextInput($superCage->post->getEscaped('caption'));
$keywords = cpgSanitizeUserTextInput(utf_replace($superCage->post->getEscaped('keywords')));
$user1 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user1'));
$user2 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user2'));
$user3 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user3'));
$user4 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user4'));
$galleryicon = $superCage->post->getInt('galleryicon');
$isgalleryicon = $galleryicon == $pid;
$read_exif = $superCage->post->keyExists('read_exif') ? $superCage->post->getInt('read_exif') : 0;
$reset_vcount = $superCage->post->keyExists('reset_vcount') ? $superCage->post->getInt('reset_vcount') : 0;
$reset_votes = $superCage->post->keyExists('reset_votes') ? $superCage->post->getInt('reset_votes') : 0;
$del_comments = $superCage->post->keyExists('del_comments') ? $superCage->post->getInt('del_comments') : 0;
$result = cpg_db_query("SELECT category, owner_id, url_prefix, filepath, filename, pwidth, pheight, p.aid AS aid FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = '{$pid}'");
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = mysql_fetch_assoc($result);
mysql_free_result($result);
if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) {
if ($pic['category'] != FIRST_USER_CAT + USER_ID) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
if (!isset($user_album_set[$aid])) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
}
if (!USER_ID || !(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID)) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
$result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = '{$aid}'");
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$new_alb = mysql_fetch_assoc($result);
mysql_free_result($result);
cpg_trim_keywords($keywords);
$update = "aid = '{$aid}'";
if (is_movie($pic['filename'])) {
$update .= ", pwidth = " . $pwidth;
$update .= ", pheight = " . $pheight;
}
$update .= ", title = '{$title}'";
$update .= ", caption = '{$caption}'";
$update .= ", keywords = '{$keywords}'";
if (GALLERY_ADMIN_MODE) {
$approved = $superCage->post->getAlpha('approved');
$update .= ", approved = '{$approved}'";
} elseif ($new_alb['category'] < FIRST_USER_CAT && $aid != $pic['aid']) {
$approved = $USER_DATA['pub_upl_need_approval'] ? 'NO' : 'YES';
$update .= ", approved = '{$approved}'";
} elseif ($new_alb['category'] > FIRST_USER_CAT && $aid != $pic['aid'] && $pic['category'] < FIRST_USER_CAT) {
$approved = $USER_DATA['priv_upl_need_approval'] ? 'NO' : 'YES';
$update .= ", approved = '{$approved}'";
}
$update .= ", user1 = '{$user1}'";
$update .= ", user2 = '{$user2}'";
$update .= ", user3 = '{$user3}'";
$update .= ", user4 = '{$user4}'";
if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
$sql = "UPDATE {$CONFIG['TABLE_PICTURES']} SET galleryicon = 0 WHERE owner_id = {$pic['owner_id']}";
cpg_db_query($sql);
$update .= ", galleryicon = " . $galleryicon;
}
if ($reset_vcount) {
$update .= ", hits = 0";
resetDetailHits($pid);
}
if ($reset_votes) {
$update .= ", pic_rating = 0, votes = 0";
resetDetailVotes($pid);
}
if ($read_exif) {
// If "read exif info again" is checked then just delete the entry from the exif table.
// The new exif information will automatically be read when someone views the image.
$query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE pid = '{$pid}'";
cpg_db_query($query);
}
if ($del_comments) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = '{$pid}'";
cpg_db_query($query);
}
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1";
cpg_db_query($query);
// Executes after a file update is committed
CPGPluginAPI::action('after_edit_file', $pid);
// rename a file
if ($superCage->post->keyExists('filename')) {
$post_filename = $superCage->post->getEscaped('filename');
}
if ($post_filename != $pic['filename']) {
if ($CONFIG['make_intermediate'] && cpg_picture_dimension_exceeds_intermediate_limit($pic['pwidth'], $pic['pheight'])) {
$prefixes = array('fullsize', 'normal', 'thumb');
} else {
$prefixes = array('fullsize', 'thumb');
}
if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
$prefixes[] = 'orig';
}
if (!is_image($pic['filename'])) {
$prefixes = array('fullsize');
// Check for custom thumbnails
$mime_content_old = cpg_get_type($pic['filename']);
$mime_content_new = cpg_get_type(replace_forbidden($post_filename));
$file_base_name_old = str_replace('.' . $mime_content_old['extension'], '', basename($pic['filename']));
foreach (array('.gif', '.png', '.jpg') as $thumb_extension) {
if (file_exists($CONFIG['fullpath'] . $pic['filepath'] . $CONFIG['thumb_pfx'] . $file_base_name_old . $thumb_extension)) {
// Thumbnail found, check if it's the only file using that thumbnail
$count = mysql_result(cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name_old}.%'"), 0);
if ($count == 1) {
$prefixes[] = 'thumb';
$custom_thumb = TRUE;
break;
}
}
}
}
$pic_prefix = array('thumb' => $CONFIG['thumb_pfx'], 'normal' => $CONFIG['normal_pfx'], 'orig' => $CONFIG['orig_pfx'], 'fullsize' => '');
$files_to_rename = array();
foreach ($prefixes as $prefix) {
$oldname = urldecode($CONFIG['fullpath'] . $pic['filepath'] . $pic_prefix[$prefix] . $pic['filename']);
$filename = replace_forbidden($post_filename);
$newname = str_replace($pic['filename'], $filename, $oldname);
if ($custom_thumb == TRUE && $prefix == 'thumb') {
$oldname = str_replace('.' . $mime_content_old['extension'], $thumb_extension, $oldname);
$newname = str_replace('.' . $mime_content_new['extension'], $thumb_extension, $newname);
}
$old_mime = cpg_get_type($oldname);
$new_mime = cpg_get_type($newname);
if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__);
}
if (!is_known_filetype($newname)) {
cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__);
}
if (file_exists($newname)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__);
}
if (!file_exists($oldname)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__);
}
// Check if there will be no conflicts before doing anything
$files_to_rename[] = array('oldname' => $oldname, 'filename' => $filename, 'newname' => $newname);
}
if (count($files_to_rename) > 0) {
foreach ($files_to_rename as $file) {
if (rename($file['oldname'], $file['newname'])) {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$file['filename']}' WHERE pid = '{$pid}' LIMIT 1");
} else {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__);
}
}
}
}
}
function process_picture()
{
global $CONFIG, $IMG_TYPES;
global $lang_db_input_php, $lang_errors;
$superCage = Inspekt::makeSuperCage();
@unlink(LOGFILE);
if (!USER_ID || !USER_CAN_UPLOAD_PICTURES) {
simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
//$album = (int)$_GET['album'];
$album = $superCage->get->getInt('album');
$title = '';
$caption = '';
$keywords = '';
$user1 = '';
$user2 = '';
$user3 = '';
$user4 = '';
$position = 0;
// Check if the album id provided is valid
if (!USER_IS_ADMIN) {
$result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}' and category = '" . (USER_ID + FIRST_USER_CAT) . "'");
if (mysql_num_rows($result) == 0) {
simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
}
$row = mysql_fetch_array($result);
mysql_free_result($result);
$category = $row['category'];
} else {
$result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}'");
if (mysql_num_rows($result) == 0) {
simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
}
$row = mysql_fetch_array($result);
mysql_free_result($result);
$category = $row['category'];
}
// Get position
$result = cpg_db_query("SELECT position FROM {$CONFIG['TABLE_PICTURES']} WHERE aid='{$album}' order by position desc");
if (mysql_num_rows($result) == 0) {
$position = 100;
} else {
$row = mysql_fetch_array($result);
mysql_free_result($result);
if ($row['position']) {
$position = $row['position'];
$position++;
}
}
// Test if the filename of the temporary uploaded picture is empty
// if ($_FILES['userpicture']['tmp_name'] == '') simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__);
if ($superCage->files->getRaw('/userpicture/tmp_name') == '') {
simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__);
}
// Create destination directory for pictures
if (USER_ID && $CONFIG['silly_safe_mode'] != 1) {
if (USER_IS_ADMIN && $category != USER_ID + FIRST_USER_CAT) {
$filepath = 'wpw-' . date("Ymd");
} else {
$filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT);
}
$dest_dir = $CONFIG['fullpath'] . $filepath;
if (!is_dir($dest_dir)) {
mkdir($dest_dir, octdec($CONFIG['default_dir_mode']));
if (!is_dir($dest_dir)) {
simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true);
}
chmod($dest_dir, octdec($CONFIG['default_dir_mode']));
$fp = fopen($dest_dir . '/index.php', 'w');
fwrite($fp, ' ');
fclose($fp);
}
$dest_dir .= '/';
$filepath .= '/';
} else {
$filepath = $CONFIG['userpics'];
$dest_dir = $CONFIG['fullpath'] . $filepath;
}
// Check that target dir is writable
if (!is_writable($dest_dir)) {
simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true);
}
$matches = array();
//if (get_magic_quotes_gpc()) $_FILES['userpicture']['name'] = stripslashes($_FILES['userpicture']['name']);
//using getRaw as it will be sanitized in the code below in the preg_match. {SaWey}
$filename = $superCage->files->getRaw('/userpicture/name');
if (get_magic_quotes_gpc()) {
$filename = stripslashes($filename);
}
// Replace forbidden chars with underscores
//$picture_name = replace_forbidden($_FILES['userpicture']['name']);
$picture_name = replace_forbidden($filename);
// Check that the file uploaded has a valid extension
if (!preg_match("/(.+)\\.(.*?)\\Z/", $picture_name, $matches)) {
$matches[1] = 'invalid_fname';
$matches[2] = 'xxx';
}
if ($matches[2] == '' || !is_known_filetype($matches)) {
simple_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__);
}
// Create a unique name for the uploaded file
$nr = 0;
$picture_name = $matches[1] . '.' . $matches[2];
while (file_exists($dest_dir . $picture_name)) {
$picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
}
$uploaded_pic = $dest_dir . $picture_name;
// Move the picture into its final location
if (!move_uploaded_file($superCage->files->getRaw('/userpicture/tmp_name'), $uploaded_pic)) {
simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true);
}
// Change file permission
chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
// Check file size. Delete if it is excessive.
if (filesize($uploaded_pic) > $CONFIG['max_upl_size'] << 10) {
@unlink($uploaded_pic);
simple_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__);
} elseif (is_image($picture_name)) {
// Get picture information
$imginfo = getimagesize($uploaded_pic);
// cpg_getimagesize does not recognize the file as a picture
if ($imginfo == null) {
@unlink($uploaded_pic);
simple_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true);
}
// JPEG and PNG only are allowed with GD
//if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) {
if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && $CONFIG['GIF_support'] == 0) {
@unlink($uploaded_pic);
simple_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true);
}
// Check that picture size (in pixels) is lower than the maximum allowed
if (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) {
if (USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) {
//resize_image($uploaded_pic, $uploaded_pic, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $imginfo[0] > $CONFIG['max_upl_width_height'] ? 'wd' : 'ht');
resize_image($uploaded_pic, $uploaded_pic, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $CONFIG['thumb_use']);
} else {
@unlink($uploaded_pic);
simple_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__);
}
}
}
// Create thumbnail and internediate image and add the image into the DB
$result = add_picture($album, $filepath, $picture_name, $position, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category);
if ($result !== true) {
@unlink($uploaded_pic);
simple_die(CRITICAL_ERROR, isset($result['error']) ? $result['error'] : sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true);
} else {
echo "SUCCESS";
exit;
}
}
function download_resized_add_data($pic_data)
{
global $CONFIG, $album;
$superCage = Inspekt::makeSuperCage();
$lang = isset($USER['lang']) ? $USER['lang'] : $CONFIG['lang'];
if (!file_exists("plugins/download_resized/lang/{$lang}.php")) {
$lang = 'english';
}
require "plugins/download_resized/lang/{$lang}.php";
$sizes = array();
$sizes[0]['x'] = '1600';
$sizes[1]['x'] = '1440';
$sizes[2]['x'] = '1280';
$sizes[3]['x'] = '1024';
$sizes[4]['x'] = '800';
$sizes[5]['x'] = '640';
$sizes[6]['x'] = $CONFIG['picture_width'];
$mime_content_image = cpg_get_type(get_pic_url($pic_data, 'fullsize'));
if ($superCage->post->keyExists('resize_pid')) {
$pid = $superCage->post->getInt('resize_pid');
$size = $superCage->post->getInt('resize_id');
//sanitize data
if (!is_numeric($size)) {
cpg_die(ERROR, 'Data not valid', __FILE__, __LINE__);
}
$result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = '{$pid}'");
$row = mysql_fetch_assoc($result);
if ($row) {
$path = $CONFIG['fullpath'] . $row['filepath'];
if (isset($CONFIG['enable_watermark'])) {
// modpack installed ? Then we check for an orig image
if (file_exists($CONFIG['fullpath'] . $row['filepath'] . $CONFIG['orig_pfx'] . $row['filename'])) {
$row['filename'] = $CONFIG['orig_pfx'] . $row['filename'];
}
}
$image = $CONFIG['fullpath'] . $row['filepath'] . $row['filename'];
$dest_dir = $CONFIG['fullpath'] . 'edit/';
$filename = $row['filename'];
$CONFIG['read_iptc_data'] = 0;
require 'include/picmgmt.inc.php';
if (is_known_filetype($image)) {
if (is_image($image)) {
$imagesize = getimagesize($image);
if (max($imagesize[0], $imagesize[1]) < $size) {
$pic_data['html'] = "<img src=\"" . $image . "\" class=\"image\" alt=\"" . $image . "\" border=\"0\">";
} else {
// Do some cleanup in the edit directory.
spring_cleaning('./albums/edit', 900);
// is a file with the same name already in the edit dir?
while (file_exists($dest_dir . $filename)) {
$filename = ++$nr . '_' . $row['filename'];
}
//resize the image into the edit dir
if ($CONFIG['enable_watermark'] == 1) {
resize_image($image, $dest_dir . $filename, $size, $CONFIG['thumb_method'], 'any', 'true');
} else {
resize_image($image, $dest_dir . $filename, $size, $CONFIG['thumb_method'], 'any');
}
$pic_data['html'] = "<img src=\"" . $dest_dir . $filename . "\" class=\"image\" alt=\"" . $dest_dir . "\" border=\"0\">";
$image = $dest_dir . $filename;
$row['filename'] = $filename;
}
}
}
}
}
if ($mime_content_image['content'] == 'image') {
$counter = null;
// do we have an image > than min resize size
$html = "<select name=\"resize_id\" class=\"listbox_lang\">";
foreach ($sizes as $key => $value) {
if ($value['x'] <= max($pic_data['pwidth'], $pic_data['pheight'])) {
$html .= "<option value=\"{$value['x']}\">{$value['x']} {$lang_download_resized['px']}</option>";
$counter++;
}
}
$html .= "</select>";
if ($counter < 1) {
return $pic_data;
}
//return if we have no dropdown entry
$album == 'search' ? $referer = "displayimage.php?pos=-{$pic_data['pid']}" : ($referer = null);
if ($row['filename']) {
$down_link = "<a href = \"index.php?file=download_resized/download_resized&filename={$row['filename']}&image={$image}\">{$lang_download_resized['download']}</a>";
} else {
$file_down_data = '';
}
$download_resized_data = <<<EOT
\t\t<table class="tableh" width="100%">
\t\t\t<tr>
\t\t\t\t<td align="center">
\t\t\t\t<form action="{$referer}" method="post">
\t\t\t\t \t{$added}{$lang_download_resized[resize]}: {$html}
\t\t\t\t\t<input type="hidden" value="{$pic_data['pid']}" name="resize_pid" />
\t \t\t\t<input type="submit" value="{$lang_download_resized[send_data]}" class="comment_button" />
\t\t\t\t</form>
\t\t\t\t{$down_link}
\t\t\t\t</td>
\t\t\t</tr>
\t\t</table>
EOT;
$pic_data['html'] = $download_resized_data . $pic_data['html'];
}
return $pic_data;
}
function file_replacer_page_start()
{
global $CONFIG, $lang_errors;
$superCage = Inspekt::makeSuperCage();
if ($superCage->get->keyExists('replacer_id')) {
$pid = $superCage->get->getInt('replacer_id');
$result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE p.pid = '{$pid}' LIMIT 1");
$row = mysql_fetch_assoc($result);
if (!(USER_ADMIN_MODE && $row['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $row['owner_id'] == USER_ID && USER_ID != 0 || GALLERY_ADMIN_MODE)) {
load_template();
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
require_once "./plugins/file_replacer/lang/english.php";
if ($CONFIG['lang'] != 'english' && file_exists("./plugins/file_replacer/lang/{$CONFIG['lang']}.php")) {
require_once "./plugins/file_replacer/lang/{$CONFIG['lang']}.php";
}
if ($superCage->files->keyExists('fileupload') && $row) {
if (!checkFormToken()) {
load_template();
global $lang_errors;
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
$fileupload = $superCage->files->_source['fileupload'];
if ($fileupload['error']) {
load_template();
global $lang_errors;
cpg_die(ERROR, $lang_errors['error'] . ' ' . $fileupload['error'], __FILE__, __LINE__);
}
$image = $CONFIG['fullpath'] . $row['filepath'] . $row['filename'];
$normal = $CONFIG['fullpath'] . $row['filepath'] . $CONFIG['normal_pfx'] . $row['filename'];
$thumb = $CONFIG['fullpath'] . $row['filepath'] . $CONFIG['thumb_pfx'] . $row['filename'];
$orig = $CONFIG['fullpath'] . $row['filepath'] . $CONFIG['orig_pfx'] . $row['filename'];
$work_image = $image;
if (!move_uploaded_file($fileupload['tmp_name'], $image)) {
load_template();
cpg_die(ERROR, sprintf($lang_plugin_file_replacer['error_move_file'], $fileupload['tmp_name'], $image), __FILE__, __LINE__);
}
chmod($image, octdec($CONFIG['default_file_mode']));
if (is_known_filetype($image)) {
if (is_image($image)) {
require 'include/picmgmt.inc.php';
$imagesize = cpg_getimagesize($image);
if ($CONFIG['read_iptc_data']) {
// read IPTC data
$iptc = get_IPTC($image);
if ($superCage->post->keyExists('overwrite_metadata')) {
$title = isset($iptc['Headline']) ? $iptc['Headline'] : '';
$caption = isset($iptc['Caption']) ? $iptc['Caption'] : '';
$keywords = isset($iptc['Keywords']) ? implode($CONFIG['keyword_separator'], $iptc['Keywords']) : '';
$metadata_sql = ", title = '{$title}', caption = '{$caption}', keywords = '{$keywords}'";
}
}
// resize picture if it's bigger than the max width or height for uploaded pictures
if (max($imagesize[0], $imagesize[1]) > $CONFIG['max_upl_width_height']) {
if (USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) {
resize_image($image, $image, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], 'any', 'false');
// hard-coded 'any' according to configuration string 'Max width or height for uploaded pictures'
$imagesize = cpg_getimagesize($image);
} elseif (USER_IS_ADMIN) {
// skip resizing for admin
$picture_original_size = true;
} else {
@unlink($uploaded_pic);
$msg = sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']);
return array('error' => $msg, 'halt_upload' => 1);
}
}
// create backup of full sized picture if watermark is enabled for full sized pictures
if (!file_exists($orig) && $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
if (!copy($image, $orig)) {
return false;
} else {
$work_image = $orig;
}
}
//if (!file_exists($thumb)) {
// create thumbnail
if (($result = resize_image($work_image, $thumb, $CONFIG['thumb_width'], $CONFIG['thumb_method'], $CONFIG['thumb_use'], "false", 1)) !== true) {
return $result;
}
//}
if (max($imagesize[0], $imagesize[1]) > $CONFIG['picture_width'] && $CONFIG['make_intermediate']) {
// create intermediate sized picture
$resize_method = $CONFIG['picture_use'] == "thumb" ? $CONFIG['thumb_use'] == "ex" ? "any" : $CONFIG['thumb_use'] : $CONFIG['picture_use'];
$watermark = $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'resized') ? 'true' : 'false';
if (($result = resize_image($work_image, $normal, $CONFIG['picture_width'], $CONFIG['thumb_method'], $resize_method, $watermark)) !== true) {
return $result;
}
}
// watermark full sized picture
if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
$wm_max_upl_width_height = $picture_original_size ? max($imagesize[0], $imagesize[1]) : $CONFIG['max_upl_width_height'];
// use max aspect of original image if it hasn't been resized earlier
if (($result = resize_image($work_image, $image, $wm_max_upl_width_height, $CONFIG['thumb_method'], 'any', 'true')) !== true) {
return $result;
}
}
list($width, $height) = getimagesize($image);
} else {
$width = 0;
$height = 0;
}
$image_filesize = filesize($image);
$total_filesize = is_image($row['filename']) ? $image_filesize + (file_exists($normal) ? filesize($normal) : 0) + filesize($thumb) : $image_filesize;
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filesize = '{$image_filesize}', total_filesize = '{$total_filesize}', pwidth = '{$width}', pheight = '{$height}' {$metadata_sql} WHERE pid = '{$pid}' LIMIT 1");
if ($superCage->post->keyExists('update_timestamp')) {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET ctime = '" . time() . "' WHERE pid = '{$pid}' LIMIT 1");
}
cpg_db_query("DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE pid = '{$pid}' LIMIT 1");
if ($CONFIG['read_exif_data']) {
include "include/exif_php.inc.php";
exif_parse_file($image, $pid);
}
$CONFIG['site_url'] = rtrim($CONFIG['site_url'], '/');
} else {
if (is_image($image)) {
@unlink($normal);
@unlink($thumb);
}
@unlink($image);
}
header("Location: {$CONFIG['site_url']}/displayimage.php?pid={$pid}");
die;
} else {
load_template();
pageheader($lang_plugin_file_replacer['file_replacer']);
echo '<form method="post" enctype="multipart/form-data">';
starttable('60%', $lang_plugin_file_replacer['upload_file'], 2);
list($timestamp, $form_token) = getFormToken();
echo <<<EOT
<tr>
<td class="tableb" valign="top">
{$lang_plugin_file_replacer['browse']}
</td>
<td class="tableb" valign="top">
<input type="file" name="fileupload" size="40" class="listbox" />
</td>
</tr>
<tr>
<td class="tableb" valign="top">
{$lang_plugin_file_replacer['update_timestamp']}
</td>
<td class="tableb" valign="top">
<input type="checkbox" name="update_timestamp" />
</td>
</tr>
<tr>
<td class="tableb" valign="top">
{$lang_plugin_file_replacer['overwrite_metadata']}
</td>
<td class="tableb" valign="top">
<input type="checkbox" name="overwrite_metadata" />
</td>
</tr>
<tr>
<td align="center" colspan="2" class="tablef">
<input type="hidden" name="form_token" value="{$form_token}" />
<input type="hidden" name="timestamp" value="{$timestamp}" />
<input type="submit" name="commit" class="button" value="{$lang_plugin_file_replacer['upload']}"/>
</td>
</tr>
EOT;
endtable();
echo '</form>';
pagefooter();
exit;
}
}
}
function add_picture($aid, $filepath, $filename, $position = 0, $title = '', $caption = '', $keywords = '', $user1 = '', $user2 = '', $user3 = '', $user4 = '', $category = 0, $raw_ip = '', $hdr_ip = '', $iwidth = 0, $iheight = 0)
{
global $CONFIG, $ERROR, $USER_DATA, $PIC_NEED_APPROVAL;
global $lang_errors;
$image = $CONFIG['fullpath'] . $filepath . $filename;
$normal = $CONFIG['fullpath'] . $filepath . $CONFIG['normal_pfx'] . $filename;
$thumb = $CONFIG['fullpath'] . $filepath . $CONFIG['thumb_pfx'] . $filename;
$orig = $CONFIG['fullpath'] . $filepath . $CONFIG['orig_pfx'] . $filename;
#########
$mini = $CONFIG['fullpath'] . $filepath . $CONFIG['mini_pfx'] . $filename;
#########
$work_image = $image;
#########
if (!is_known_filetype($image)) {
return false;
} elseif (is_image($filename)) {
if (!file_exists($orig) && $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
// if copy of full_sized doesn't exist and if watermark enabled and if fullsized pic watermark=true -> then we need a backup
if (!copy($image, $orig)) {
return false;
} else {
$work_image = $orig;
}
}
$imagesize = getimagesize($image);
if ($CONFIG['read_iptc_data']) {
$iptc = get_IPTC($image);
if (is_array($iptc) && !$title && !$caption && !$keywords) {
//if any of those 3 are filled out we don't want to override them, they may be blank on purpose.
$title = isset($iptc['Title']) ? $iptc['Title'] : $title;
$caption = isset($iptc['Caption']) ? $iptc['Caption'] : $caption;
$keywords = isset($iptc['Keywords']) ? implode(' ', $iptc['Keywords']) : $keywords;
}
}
if (!file_exists($thumb)) {
if (!resize_image($work_image, $thumb, $CONFIG['thumb_width'], $CONFIG['thumb_method'], $CONFIG['thumb_use'], "false", 1)) {
return false;
}
}
$resize_method = $CONFIG['thumb_use'] == "ex" ? "any" : $CONFIG['thumb_use'];
if (max($imagesize[0], $imagesize[1]) > $CONFIG['picture_width'] && $CONFIG['make_intermediate'] && !file_exists($normal)) {
if ($CONFIG['enable_watermark'] == '1' && $CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'resized') {
if (!resize_image($work_image, $normal, $CONFIG['picture_width'], $CONFIG['thumb_method'], $resize_method, "true")) {
return false;
}
} else {
if (!resize_image($work_image, $normal, $CONFIG['picture_width'], $CONFIG['thumb_method'], $resize_method, "false")) {
return false;
}
}
}
if ((USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) && max($imagesize[0], $imagesize[1]) > $CONFIG['max_upl_width_height']) {
//$CONFIG['auto_resize']==1
$max_size_size = $CONFIG['max_upl_width_height'];
} else {
$resize_method = "orig";
$max_size_size = max($imagesize[0], $imagesize[1]);
}
if (max($imagesize[0], $imagesize[1]) > $CONFIG['picture_width'] && $CONFIG['make_intermediate'] && !file_exists($normal)) {
if (!resize_image($image, $normal, $CONFIG['picture_width'], $CONFIG['thumb_method'], $CONFIG['thumb_use'])) {
return false;
}
}
if ($CONFIG['enable_watermark'] == '1' && $CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original') {
if (!resize_image($work_image, $image, $max_size_size, $CONFIG['thumb_method'], $resize_method, 'true')) {
return false;
}
$imagesize = getimagesize($image);
} elseif (USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) {
if (!resize_image($work_image, $image, $max_size_size, $CONFIG['thumb_method'], $resize_method, 'false')) {
return false;
}
$imagesize = getimagesize($image);
}
} else {
$imagesize[0] = $iwidth;
$imagesize[1] = $iheight;
}
$image_filesize = filesize($image);
$total_filesize = is_image($filename) ? $image_filesize + (file_exists($normal) ? filesize($normal) : 0) + filesize($thumb) : $image_filesize;
// Test if disk quota exceeded
if (!GALLERY_ADMIN_MODE && $USER_DATA['group_quota'] && $category == FIRST_USER_CAT + USER_ID) {
$result = cpg_db_query("SELECT sum(total_filesize) FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND category = '" . (FIRST_USER_CAT + USER_ID) . "'");
$record = mysql_fetch_array($result);
$total_space_used = $record[0];
mysql_free_result($result);
if ($total_space_used + $total_filesize >> 10 > $USER_DATA['group_quota']) {
@unlink($image);
if (is_image($image)) {
@unlink($normal);
@unlink($thumb);
}
$msg = strtr($lang_errors['quota_exceeded'], array('[quota]' => $USER_DATA['group_quota'], '[space]' => $total_space_used >> 10));
cpg_die(ERROR, $msg, __FILE__, __LINE__);
}
}
// Test if picture requires approval
if (GALLERY_ADMIN_MODE) {
$approved = 'YES';
} elseif (!$USER_DATA['priv_upl_need_approval'] && $category == FIRST_USER_CAT + USER_ID) {
$approved = 'YES';
} elseif (!$USER_DATA['pub_upl_need_approval'] && $category < FIRST_USER_CAT) {
$approved = 'YES';
} else {
$approved = 'NO';
}
$PIC_NEED_APPROVAL = $approved == 'NO';
// User ID is now recorded when in admin mode (casper)
$user_id = USER_ID;
$username = USER_NAME;
// Populate Array to pass to plugins, then to SQL.
$CURRENT_PIC_DATA['aid'] = $aid;
$CURRENT_PIC_DATA['filepath'] = $filepath;
$CURRENT_PIC_DATA['filename'] = $filename;
$CURRENT_PIC_DATA['filesize'] = $image_filesize;
$CURRENT_PIC_DATA['total_filesize'] = $total_filesize;
$CURRENT_PIC_DATA['pwidth'] = $imagesize[0];
$CURRENT_PIC_DATA['pheight'] = $imagesize[1];
$CURRENT_PIC_DATA['owner_id'] = $user_id;
$CURRENT_PIC_DATA['owner_name'] = $username;
$CURRENT_PIC_DATA['title'] = $title;
$CURRENT_PIC_DATA['caption'] = $caption;
$CURRENT_PIC_DATA['keywords'] = $keywords;
$CURRENT_PIC_DATA['approved'] = $approved;
$CURRENT_PIC_DATA['user1'] = $user1;
$CURRENT_PIC_DATA['user2'] = $user2;
$CURRENT_PIC_DATA['user3'] = $user3;
$CURRENT_PIC_DATA['user4'] = $user4;
$CURRENT_PIC_DATA['pic_raw_ip'] = $raw_ip;
$CURRENT_PIC_DATA['pic_hdr_ip'] = $hdr_ip;
$CURRENT_PIC_DATA['position'] = $position;
$CURRENT_PIC_DATA = CPGPluginAPI::filter('add_file_data', $CURRENT_PIC_DATA);
$query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, owner_name, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position) VALUES ('{$CURRENT_PIC_DATA['aid']}', '" . addslashes($CURRENT_PIC_DATA['filepath']) . "', '" . addslashes($CURRENT_PIC_DATA['filename']) . "', '{$CURRENT_PIC_DATA['filesize']}', '{$CURRENT_PIC_DATA['total_filesize']}', '{$CURRENT_PIC_DATA['pwidth']}', '{$CURRENT_PIC_DATA['pheight']}', '" . time() . "', '{$CURRENT_PIC_DATA['owner_id']}', '{$CURRENT_PIC_DATA['owner_name']}','{$CURRENT_PIC_DATA['title']}', '{$CURRENT_PIC_DATA['caption']}', '{$CURRENT_PIC_DATA['keywords']}', '{$CURRENT_PIC_DATA['approved']}', '{$CURRENT_PIC_DATA['user1']}', '{$CURRENT_PIC_DATA['user2']}', '{$CURRENT_PIC_DATA['user3']}', '{$CURRENT_PIC_DATA['user4']}', '{$CURRENT_PIC_DATA['pic_raw_ip']}', '{$CURRENT_PIC_DATA['pic_hdr_ip']}', '{$CURRENT_PIC_DATA['position']}')";
$result = cpg_db_query($query);
/* OVI START */
$picture_id = mysql_insert_id();
$imageContainer = new FileContainer($picture_id, $CURRENT_PIC_DATA['owner_id']);
$imageContainer->total_filesize = $CURRENT_PIC_DATA['total_filesize'];
if (is_file($image)) {
$imageContainer->original_path = $image;
}
if (is_file($normal)) {
$imageContainer->thumb_paths[] = $normal;
}
if (is_file($thumb)) {
$imageContainer->thumb_paths[] = $thumb;
}
if (is_file($orig)) {
$imageContainer->thumb_paths[] = $orig;
}
// useless? does it upload twice?
// $ mini is not used
if (!defined('API_CALL')) {
global $storage;
$storage->store_file($imageContainer);
// TODO: check $result?
}
/* OVI END */
return $result;
}
function process_post_data()
{
global $CONFIG, $mb_utf8_regex;
global $lang_errors, $lang_editpics_php;
$superCage = Inspekt::makeSuperCage();
$pid = $superCage->post->getInt('id');
$aid = $superCage->post->getInt('aid');
$pwight = $superCage->post->getInt('pwidth');
$pheight = $superCage->post->getInt('pheight');
$title = cpgSanitizeUserTextInput($superCage->post->getEscaped('title'));
$caption = cpgSanitizeUserTextInput($superCage->post->getEscaped('caption'));
$keywords = cpgSanitizeUserTextInput(utf_replace($superCage->post->getEscaped('keywords')));
$user1 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user1'));
$user2 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user2'));
$user3 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user3'));
$user4 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user4'));
$galleryicon = $superCage->post->getInt('galleryicon');
$isgalleryicon = $galleryicon === $pid;
if ($superCage->post->keyExists('read_exif')) {
$read_exif = $superCage->post->getInt('read_exif');
}
if ($superCage->post->keyExists('reset_vcount')) {
$reset_vcount = $superCage->post->getInt('reset_vcount');
}
if ($superCage->post->keyExists('reset_votes')) {
$reset_votes = $superCage->post->getInt('reset_votes');
}
if ($superCage->post->keyExists('del_comments')) {
$del_comments = $superCage->post->getInt('del_comments') || $delete;
}
$result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} AS p, {$CONFIG['TABLE_ALBUMS']} AS a WHERE a.aid = p.aid AND pid = '{$pid}'");
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = mysql_fetch_array($result);
mysql_free_result($result);
if (!(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID) || !USER_ID) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
$update = "aid = '" . $aid . "'";
if (is_movie($pic['filename'])) {
$update .= ", pwidth = " . $pwidth;
$update .= ", pheight = " . $pheight;
}
$update .= ", title = '" . $title . "'";
$update .= ", caption = '" . $caption . "'";
$update .= ", keywords = '" . $keywords . "'";
if (GALLERY_ADMIN_MODE) {
$approved = $superCage->post->getAlpha('approved');
$update .= ", approved = '" . $approved . "'";
}
$update .= ", user1 = '" . $user1 . "'";
$update .= ", user2 = '" . $user2 . "'";
$update .= ", user3 = '" . $user3 . "'";
$update .= ", user4 = '" . $user4 . "'";
if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
$sql = 'update ' . $CONFIG['TABLE_PICTURES'] . ' set galleryicon=0 where owner_id=' . $pic['owner_id'] . ';';
cpg_db_query($sql);
$update .= ", galleryicon = " . $galleryicon;
}
if ($reset_vcount) {
$update .= ", hits = '0'";
resetDetailHits($pid);
}
if ($reset_votes) {
$update .= ", pic_rating = '0', votes = '0'";
resetDetailVotes($pid);
}
if ($read_exif) {
$filepath = urldecode(get_pic_url($pic, 'fullsize'));
// If read exif info again is checked then we will just delete the entry from exif table. The new exif information will automatically be read when someone views the image.
$query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE filename = '{$filepath}'";
cpg_db_query($query);
}
if ($del_comments) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'";
$result = cpg_db_query($query);
} else {
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1";
$result = cpg_db_query($query);
}
// rename a file
if ($superCage->post->keyExists('filename') && ($matches = $superCage->post->getMatched('filename', '/^[0-9A-Za-z\\/_.-]+$/'))) {
$post_filename = $matches[0];
}
if ($post_filename != $pic['filename']) {
if ($CONFIG['thumb_use'] == 'ht' && $pic['pheight'] > $CONFIG['picture_width']) {
$condition = true;
} elseif ($CONFIG['thumb_use'] == 'wd' && $pic['pwidth'] > $CONFIG['picture_width']) {
$condition = true;
} elseif ($CONFIG['thumb_use'] == 'any' && max($pic['pwidth'], $pic['pheight']) > $CONFIG['picture_width']) {
$condition = true;
} else {
$condition = false;
}
if ($CONFIG['make_intermediate'] && $condition) {
$prefices = array('fullsize', 'normal', 'thumb');
} else {
$prefices = array('fullsize', 'thumb');
}
if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
$prefices[] = 'orig';
}
if (!is_image($pic['filename'])) {
$prefices = array('fullsize');
}
foreach ($prefices as $prefix) {
// OVI
// $oldname = urldecode(get_pic_url($pic, $prefix));
$oldname = urldecode(get_pic_url($pic, $prefix, false, true));
// OVI
$filename = replace_forbidden($post_filename);
$newname = str_replace($pic['filename'], $filename, $oldname);
$old_mime = cpg_get_type($oldname);
$new_mime = cpg_get_type($newname);
if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__);
}
if (!is_known_filetype($newname)) {
cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__);
}
// OVI
//if (file_exists($newname))
//cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__);
//if (!file_exists($oldname))
//cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__);
// OVI
// OVI
$imageContainer = new FileContainer($pic['pid'], $pic['owner_id']);
$imageContainer->original_path = $oldname;
//echo $imageContainer->original_path." ".$newname;exit(1);
global $storage;
if (!$storage->rename_file($imageContainer, $newname)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__);
}
// OVI
/*if (rename($oldname, $newname))
{
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '$filename' WHERE pid = '$pid' LIMIT 1");
} else cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__);
*/
}
// foreach
// OVI
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$filename}' WHERE pid = '{$pid}' LIMIT 1");
// OVI
}
}
if (!defined('IN_COPPERMINE')) {
die('Not in Coppermine...');
}
if (!GALLERY_ADMIN_MODE) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
if (isset($_POST['index'])) {
//create index
$pmip = new phpMosaicImageParser();
$albumid = isset($_POST['albumid']) ? $_POST['albumid'] : 0;
$albstr = $albumid ? "WHERE aid = {$albumid}" : '';
$sql = "SELECT pid, filename, filepath FROM {$CONFIG['TABLE_PICTURES']} {$albstr}";
$result = cpg_db_query($sql);
while ($row = mysql_fetch_assoc($result)) {
$image = $CONFIG['fullpath'] . $row['filepath'] . $row['filename'];
if (is_known_filetype($image)) {
if (is_image($image)) {
$pmip->parseImage($image);
echo $pmip->getParsedImages();
}
}
}
// while
mysql_free_result($result);
} elseif (isset($_POST['clear'])) {
//clear index
$sql = "TRUNCATE TABLE {$CONFIG['TABLE_MOSAIC']}";
$result = cpg_db_query($sql);
}
//functions
$options_to_disable = array();
Coppermine version: 1.4.19
Photo Shop version: 1.4.0
$Revision: 1.0 $
$Author: stramm $
**********************************************/
define('PHOTOSHOP_ADMIN_PHP', true);
define('IN_COPPERMINE', true);
require 'include/init.inc.php';
require 'include/archive.php';
//if (!defined('IN_COPPERMINE')) die('Not in Coppermine...');
if (!GALLERY_ADMIN_MODE) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
$filelist = array();
$select_columns = 'p.filepath, p.filename';
$result = cpg_db_query("SELECT p.filepath, p.filename FROM {$CONFIG['TABLE_PICTURES']} as p LEFT JOIN {$CONFIG['TABLE_SHOP']} as s ON p.pid=s.pid WHERE s.pid <> 0 AND s.oid=" . $_REQUEST['oid']);
$rowset = cpg_db_fetch_rowset($result);
foreach ($rowset as $key => $row) {
if (is_known_filetype($rowset[$key]['filepath'] . $CONFIG['orig_pfx'] . $rowset[$key]['filename'])) {
$filelist[] = $rowset[$key]['filepath'] . $CONFIG['orig_pfx'] . $rowset[$key]['filename'];
} else {
$filelist[] = $rowset[$key]['filepath'] . $rowset[$key]['filename'];
}
}
$cwd = "./{$CONFIG['fullpath']}";
$zip = new zip_file('photoshop_pics_oid_' . $_REQUEST['oid'] . '.zip');
$zip->set_options(array('basedir' => $cwd, 'inmemory' => 1, 'recurse' => 0, 'storepaths' => 0));
$zip->add_files($filelist);
$zip->create_archive();
ob_end_clean();
$zip->download_file();
