0byt3m1n1
Path:
/
data
/
applications
/
aps.bak
/
coppermine
/
1.4.16-5
/
standard
/
htdocs
/
[
Home
]
File: xp_publish.php
<?php /************************* Coppermine Photo Gallery ************************ Copyright (c) 2003-2008 Dev Team v1.1 originally written by Gregory DEMAR This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 3 as published by the Free Software Foundation. ******************************************** Coppermine version: 1.4.16 $HeadURL: https://coppermine.svn.sourceforge.net/svnroot/coppermine/trunk/cpg1.4.x/xp_publish.php $ $Revision: 4233 $ $Author: gaugau $ $Date: 2008-02-02 09:23:58 +0100 (Sa, 02 Feb 2008) $ **********************************************/ // ------------------------------------------------------------------------- // // Coppermine Windows XP Web Publishing Wizard Client // // Based on the article posted by Sebastian Delmont // // http://www.zonageek.com/code/misc/wizards/ // // ------------------------------------------------------------------------- // // Other information can be found on Microsoft web site // // http://www.microsoft.com/whdc/hwdev/tech/WIA/imaging/webwizard.mspx // // http://msdn.microsoft.com/library/default.asp?url=/library/en-us/shellcc/platform/shell/programmersguide/shell_basics/shell_basics_extending/publishing_wizard/pubwiz_intro.asp // ------------------------------------------------------------------------- // // Original implementation comes from Gallery // // http://gallery.menalto.com // // ------------------------------------------------------------------------- // // Declare we are in Coppermine. define('IN_COPPERMINE', true); // Set the language block. define('XP_PUBLISH_PHP', true); // Activate more language block sets. define('LOGIN_PHP', true); define('DB_INPUT_PHP', true); define('ALBMGR_PHP', true); // Call necessaryy files and subroutines. require('include/init.inc.php'); require('include/picmgmt.inc.php'); // Set the log file path. define('LOGFILE', 'xp_publish.log'); // ------------------------------------------------------------------------- // // HTML template for the login screen $template_login = <<<EOT <p><b>{ENTER_LOGIN_PSWD}</b></p> <form method="post" id="login" action="{POST_ACTION}"> <table border="0" cellpadding="0" cellspasing="0"> <tr> <td>{USERNAME}: </td> <td><input type="text" name="username" value="" maxlength="25" /></td> </tr> <tr> <td>{PASSWORD}: </td> <td><input type="password" name="password" value="" maxlength="25" /></td> </tr> </table> </form> EOT; // HTML template for a successful login $template_login_success = <<< EOT <p>{WELCOME}</p> <form method="post" id="dummy" action="{POST_ACTION}"> <input type="hidden" name="dummy_val" value="1" /> </form> <script language="javascript" type="text/javascript"> dummy.submit(); </script> EOT; // HTML template for an unsuccessful login $template_login_failure = <<< EOT <p>{ERROR}</p> <form method="post" id="dummy" action="{POST_ACTION}"> <input type="hidden" name="dummy_val" value="1" /> </form> EOT; // HTML template for the select destination/create new album screen $template_select_album = <<<EOT <p>{WELCOME}</p> <br /> <!-- BEGIN no_album --> <p>{NO_ALBUM}</p> <!-- END no_album --> <table border="0" cellpadding="0" cellspasing="0"> <!-- BEGIN existing_albums --> <tr> <td colspan="2"><b>{UPLOAD}</b></td> </tr> <form id="selform"> <tr> <td>{ALBUM}: </td> <td><select id="album" name="album">{SELECT_ALBUM}</select></td> </tr> </form> <tr> <td> </td> </tr> <!-- END existing_albums --> <!-- BEGIN create_album --> <form method="post" id="createAlb" action="{POST_ACTION}"> <tr> <td colspan="2"><b>{CREATE_NEW}</b></td> </tr> <tr> <td>{ALBUM}: </td> <td><input type="text" id="newAlbName" name="new_alb_name" value="" maxlength="255" /></td> </tr> <!-- BEGIN select_category --> <tr> <td>{CATEGORY}: </td> <td><select name="cat">{SELECT_CATEGORY}</select></td> </tr> <!-- END select_category --> </form> <!-- END create_album --> </table> EOT; // HTML template for a successful album creation $template_create_album = <<<EOT <p>{NEW_ALB_CREATED}</p> <p>{CONTINUE}</p> <form id="selform"> <input type="hidden" id="album" name="album" value ="{ALBUM_ID}" /> </form> EOT; // ------------------------------------------------------------------------- // // Simple die function (replace the cpg_die function that can't be used inside the wizard) function simple_die($msg_code, $msg_text, $error_file, $error_line, $output_buffer = false) { global $CONFIG, $lang_cpg_die; $msg = $lang_cpg_die[$msg_code] . ': ' . $msg_text; if (!$CONFIG['debug_mode']) { $msg .= '(' . $lang_cpg_die['file'] . ': ' . $error_file . ' / ' . $lang_cpg_die['line'] . ': ' . $error_line . ')'; } echo $msg; // If debug mode is active, write the output into a log file if (!$CONFIG['debug_mode']) { $ob = ob_get_contents(); fwrite(fopen(LOGFILE, 'w'), $ob); } exit; } // Quote a string in order to make a valid JavaScript string function javascript_string($str) { // replace \ with \\ and then ' with \'. $str = str_replace('\\', '\\\\', $str); $str = str_replace('\'', '\\\'', $str); return $str; } // Retrieve the category list function get_subcat_data($parent, $ident = '') { global $CONFIG, $CAT_LIST; $result = cpg_db_query("SELECT cid, name, description FROM {$CONFIG['TABLE_CATEGORIES']} WHERE parent = '$parent' AND cid != 1 ORDER BY pos"); if (mysql_num_rows($result) > 0) { $rowset = cpg_db_fetch_rowset($result); foreach ($rowset as $subcat) { $CAT_LIST[] = array($subcat['cid'], $ident . $subcat['name']); get_subcat_data($subcat['cid'], $ident . ' '); } } } // Return the HTML code for the album list select box function html_album_list(&$alb_count) { global $CONFIG; if (USER_IS_ADMIN) { $public_albums = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " ORDER BY title"); if (mysql_num_rows($public_albums)) { $public_albums_list = cpg_db_fetch_rowset($public_albums); } else { $public_albums_list = array(); } } else { $public_albums_list = array(); } if (USER_ID) { $user_albums = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY title"); if (mysql_num_rows($user_albums)) { $user_albums_list = cpg_db_fetch_rowset($user_albums); } else { $user_albums_list = array(); } } else { $user_albums_list = array(); } $alb_count = count($public_albums_list) + count($user_albums_list); $html = "\n"; foreach($user_albums_list as $album) { $html .= ' <option value="' . $album['aid'] . '">* ' . $album['title'] . "</option>\n"; } foreach($public_albums_list as $album) { $html .= ' <option value="' . $album['aid'] . '">' . $album['title'] . "</option>\n"; } return $html; } // Return the HTML code for the category list select box function html_cat_list() { global $CONFIG, $CAT_LIST; global $lang_albmgr_php; $CAT_LIST = array(); if (USER_CAN_CREATE_ALBUMS) $CAT_LIST[] = array(FIRST_USER_CAT + USER_ID, $lang_albmgr_php['my_gallery']); $CAT_LIST[] = array(0, $lang_albmgr_php['no_category']); get_subcat_data(0, ''); $html = "\n"; foreach($CAT_LIST as $category) { $html .= ' <option value="' . $category[0] . '">' . $category[1] . "</option>\n"; } return $html; } // Display information on how to use/install the wizard client function display_instructions() { //global $PHP_SELF; global $lang_xp_publish_required, $lang_xp_publish_client, $lang_xp_publish_select, $lang_xp_publish_testing, $lang_xp_publish_notes, $lang_xp_publish_flood, $lang_xp_publish_php; global $CONFIG, $lang_charset; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Coppermine Photo Gallery - XP Publish README</title> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset']; ?>" /> <style type="text/css"> <!-- body { font-family : Verdana, Arial, Helvetica, sans-serif; font-size: 12px; background : #F7F7F7 ; color : Black; margin: 30px; line-height: 1.5; } td { font-size: 12px; } h1{ font-weight: bold; font-size: 22px; font-family: "Trebuchet MS", Verdana, Arial, Helvetica, sans-serif; text-decoration: none; line-height : 120%; color : #000000; } h2 { font-family: Arial, Helvetica, sans-serif; font-size: 18px; color: #0E72A4; text-decoration: underline; margin-top: 20px; margin-bottom: 10px; } h3 { font-weight: bold; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; text-decoration: underline; } p { font-family : Verdana, Arial, Helvetica, sans-serif; font-size: 12px; margin: 10px 10px 0px 0px; } ul { margin-left: 5px; margin-right: 0px; margin-top: 10px; margin-bottom: 10px; padding: 0px; list-style-type: square; } li { margin-left: 10px; margin-top: 6px; margin-bottom: 6px; padding: 0px; list-style-position: outside; } --> </style> <!-- $Id: xp_publish.php 4233 2008-02-02 08:23:58Z gaugau $ --> </head> <body> <?php echo $lang_xp_publish_client ?> Sebastian Delmont <a href="http://www.zonageek.com/code/misc/wizards/">Creating your own XP Publishing Wizard</a>.</p> <?php echo $lang_xp_publish_required ?> <a href="<?php echo $_SERVER['PHP_SELF'] ?>?cmd=send_reg"><?php echo $lang_xp_publish_php['link'] ?></a>. <?php echo $lang_xp_publish_select, $lang_xp_publish_testing, $lang_xp_publish_notes; ?> <a href="<?php echo dirname($_SERVER['PHP_SELF']) . '/' . LOGFILE ?>"><?php echo LOGFILE ?></a> <?php echo $lang_xp_publish_flood ?> </body> </html> <?php } // Output page header function output_header() { global $CONFIG; global $lang_charset, $lang_text_dir, $lang_xp_publish_php; ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html dir="ltr"> <head> <title><?php echo $lang_xp_publish_php['title'] ?></title> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset']; ?>" /> <style type="text/css"> <!-- body { font-family : Verdana, Arial, Helvetica, sans-serif; font-size: 12px; background : #FFFFFF ; color : Black; margin: 20px; border: 1px solid #000000; } td { font-size: 12px; padding-top: 5px; padding-bottom: 0px; } h1{ font-weight: bold; font-size: 22px; font-family: Arial, Helvetica, sans-serif; text-decoration: none; line-height : 120%; color : #0E72A4; } h2 { font-family: Arial, Helvetica, sans-serif; font-size: 18px; color: #0E72A4; text-decoration: underline; } h3 { font-weight: bold; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; text-decoration: underline; } p { font-family : Verdana, Arial, Helvetica, sans-serif; font-size: 12px; margin: 10px 10px 0px 0px; } ul { margin-left: 5px; margin-right: 0px; margin-top: 10px; margin-bottom: 10px; padding: 0px; } li { margin-left: 10px; margin-top: 4px; margin-bottom: 4px; padding: 0px; list-style-position: outside; list-style-type: disc; } form { display: inline; } input { width: 200px; } --> </style> </head> <body> <h1><?php echo $lang_xp_publish_php['title'] ?></h1> <p></p> <?php } // Output page footer function output_footer() { global $WIZARD_BUTTONS, $ONBACK_SCRIPT, $ONNEXT_SCRIPT; global $CONFIG; //$PHP_SELF, ?> <div id="content"></div> <script language="javascript" type="text/javascript"> function create_alb() { if (createAlb.newAlbName.value == ''){ return false; } else { createAlb.submit(); } } function create_alb_or_use_existing() { if (createAlb.newAlbName.value == ''){ startUpload(); } else { createAlb.submit(); } } function startUpload() { var xml = window.external.Property('TransferManifest'); var files = xml.selectNodes('transfermanifest/filelist/file'); for (i = 0; i < files.length; i++) { var postTag = xml.createNode(1, 'post', ''); postTag.setAttribute('href', '<?php echo trim($CONFIG['site_url'], '/') . '/' . $_SERVER['PHP_SELF'] . '?cmd=add_picture'?>&album=' + selform.album.value); postTag.setAttribute('name', 'userpicture'); var dataTag = xml.createNode(1, 'formdata', ''); dataTag.setAttribute('name', 'MAX_FILE_SIZE'); dataTag.text = '10000000'; postTag.appendChild(dataTag); files.item(i).appendChild(postTag); } var uploadTag = xml.createNode(1, 'uploadinfo', ''); uploadTag.setAttribute('friendlyname', '<?php echo javascript_string($CONFIG['gallery_name'])?>'); var htmluiTag = xml.createNode(1, 'htmlui', ''); htmluiTag.text = '<?php echo trim($CONFIG['site_url'], '/') . '/'?>'; uploadTag.appendChild(htmluiTag); xml.documentElement.appendChild(uploadTag); window.external.Property('TransferManifest')=xml; window.external.SetWizardButtons(true,true,true); content.innerHtml=xml; window.external.FinalNext(); } function OnBack() { <?php echo $ONBACK_SCRIPT; ?> window.external.SetWizardButtons(false,true,false); } function OnNext() { <?php echo $ONNEXT_SCRIPT; ?> } function OnCancel() { } function window.onload() { window.external.SetHeaderText('<?php echo javascript_string($CONFIG['gallery_name'])?>','<?php echo javascript_string($CONFIG['gallery_description'])?>'); window.external.SetWizardButtons(<?php echo $WIZARD_BUTTONS; ?>); } </script> </body> </html> <?php } // Send the file needed to register the service under Windows XP function send_reg_file() { global $CONFIG; //, $PHP_SELF; header("Content-Type: application/octet-stream"); $time_stamp = time(); header("Content-Disposition: attachment; filename=cpg_".$time_stamp.".reg"); $lines[] = 'Windows Registry Editor Version 5.00'; //$lines[] = '[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\PublishingWizard\Providers\CopperminePhotoGallery]'; $lines[] = '[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\PublishingWizard\Providers\\'. $CONFIG['gallery_name'] .']'; $lines[] = '"displayname"="' . $CONFIG['gallery_name'] . '"'; $lines[] = '"description"="' . $CONFIG['gallery_description'] . '"'; $lines[] = '"href"="' . trim($CONFIG['site_url'], '/') . '/' . $_SERVER['PHP_SELF'] . '?cmd=publish"'; $lines[] = '"icon"="' . "http://" . $_SERVER['HTTP_HOST'] . '/favicon.ico"'; print join("\r\n", $lines); print "\r\n"; exit; } // Display the login page function form_login() { //global $PHP_SELF; global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS; global $template_login; global $lang_login_php, $lang_xp_publish_php, $cpg_udb; global $CONFIG; if (!method_exists($cpg_udb,'login')) { echo '<p>' . $lang_xp_publish_php['need_login'] . '</p>'; $ONNEXT_SCRIPT = ''; $ONBACK_SCRIPT = 'window.external.FinalBack();'; $WIZARD_BUTTONS = 'false,false,false'; return; } $params = array('{POST_ACTION}' => trim($CONFIG['site_url'], '/') . '/' . $_SERVER['PHP_SELF'] . '?cmd=publish', '{ENTER_LOGIN_PSWD}' => $lang_login_php['enter_login_pswd'], '{USERNAME}' => $lang_login_php['username'], '{PASSWORD}' => $lang_login_php['password'], ); echo template_eval($template_login, $params); $ONNEXT_SCRIPT = 'login.submit();'; $ONBACK_SCRIPT = 'window.external.FinalBack();'; $WIZARD_BUTTONS = 'true,true,false'; } // Process login information function process_login() { global $CONFIG, $USER; //$PHP_SELF, global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS; global $template_login_success, $template_login_failure,$template_login; global $lang_login_php, $cpg_udb; $tt = 'worked'; if ( $USER_DATA = $cpg_udb->login(addslashes($_POST['username']), addslashes($_POST['password'])) ) { $USER['am'] = 1; user_save_profile(); $params = array('{WELCOME}' => sprintf($lang_login_php['welcome'], USER_NAME), '{POST_ACTION}' => trim($CONFIG['site_url'], '/') . '/' . $_SERVER['PHP_SELF'] . '?cmd=publish', ); echo template_eval($template_login_success, $params); } else { $params = array('{ERROR}' => $lang_login_php['err_login'], '{POST_ACTION}' => trim($CONFIG['site_url'], '/') . '/' . $_SERVER['PHP_SELF'] . '?cmd=publish', ); echo template_eval($template_login_failure, $params); } $ONNEXT_SCRIPT = 'dummy.submit();'; $ONBACK_SCRIPT = 'dummy.submit();'; $WIZARD_BUTTONS = 'true,true,false'; } // Display the form that allows to choose/create the destination album function form_publish() { global $CONFIG, $CAT_LIST; //, $PHP_SELF; global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS; global $template_select_album; global $lang_xp_publish_php; $alb_count = 0; $html_album_list = html_album_list($alb_count); $html_cat_list = html_cat_list(); if (!(USER_CAN_CREATE_ALBUMS || USER_IS_ADMIN)) { template_extract_block($template_select_album, 'existing_albums'); template_extract_block($template_select_album, 'create_album'); $params = array('{WELCOME}' => sprintf($lang_xp_publish_php['welcome'], USER_NAME), '{NO_ALBUM}' => $lang_xp_publish_php['no_alb'], ); echo template_eval($template_select_album, $params); $WIZARD_BUTTONS = "false,false,false"; } elseif (!$alb_count) { template_extract_block($template_select_album, 'no_album'); template_extract_block($template_select_album, 'existing_albums'); if (!USER_IS_ADMIN) template_extract_block($template_select_album, 'select_category'); $params = array('{WELCOME}' => sprintf($lang_xp_publish_php['welcome'], USER_NAME), '{CREATE_NEW}' => $lang_xp_publish_php['create_new'], '{ALBUM}' => $lang_xp_publish_php['album'], '{CATEGORY}' => $lang_xp_publish_php['category'], '{SELECT_CATEGORY}' => $html_cat_list, '{POST_ACTION}' => trim($CONFIG['site_url'], '/') . '/' . $_SERVER['PHP_SELF'] . '?cmd=create_album', ); echo template_eval($template_select_album, $params); $ONNEXT_SCRIPT = 'create_alb();'; $ONBACK_SCRIPT = 'window.external.FinalBack();'; $WIZARD_BUTTONS = 'true,true,false'; } else { template_extract_block($template_select_album, 'no_album'); if (!USER_IS_ADMIN) template_extract_block($template_select_album, 'select_category'); $params = array('{WELCOME}' => sprintf($lang_xp_publish_php['welcome'], USER_NAME), '{UPLOAD}' => $lang_xp_publish_php['upload'], '{ALBUM}' => $lang_xp_publish_php['album'], '{SELECT_ALBUM}' => $html_album_list, '{CATEGORY}' => $lang_xp_publish_php['category'], '{SELECT_CATEGORY}' => $html_cat_list, '{CREATE_NEW}' => $lang_xp_publish_php['create_new'], '{POST_ACTION}' => trim($CONFIG['site_url'], '/') . '/' . $_SERVER['PHP_SELF'] . '?cmd=create_album', ); echo template_eval($template_select_album, $params); $ONNEXT_SCRIPT = 'create_alb_or_use_existing();'; $ONBACK_SCRIPT = 'window.external.FinalBack();'; $WIZARD_BUTTONS = 'true,true,false'; } } // Create a new album where pictures will be uploaded function create_album() { global $CONFIG; global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS; global $template_create_album; global $lang_errors, $lang_xp_publish_php; if (!(USER_CAN_CREATE_ALBUMS || USER_IS_ADMIN)) simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); if (USER_IS_ADMIN) { $category = (int)$_POST['cat']; } else { $category = FIRST_USER_CAT + USER_ID; } $query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos) VALUES ('$category', '" . addslashes($_POST['new_alb_name']) . "', 'NO', '0')"; cpg_db_query($query); $params = array('{NEW_ALB_CREATED}' => sprintf($lang_xp_publish_php['new_alb_created'], $_POST['new_alb_name']), '{CONTINUE}' => $lang_xp_publish_php['continue'], '{ALBUM_ID}' => mysql_insert_id(), ); echo template_eval($template_create_album, $params); $ONNEXT_SCRIPT = 'startUpload();'; $ONBACK_SCRIPT = 'window.external.FinalBack();'; $WIZARD_BUTTONS = 'true,true,true'; } // Add a picture function process_picture() { global $CONFIG, $IMG_TYPES; global $lang_db_input_php, $lang_errors; @unlink(LOGFILE); if (!USER_ID || !USER_CAN_UPLOAD_PICTURES) simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); $album = (int)$_GET['album']; $title = ''; $caption = ''; $keywords = ''; $user1 = ''; $user2 = ''; $user3 = ''; $user4 = ''; $position = 0; // Check if the album id provided is valid if (!USER_IS_ADMIN) { $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album' and category = '" . (USER_ID + FIRST_USER_CAT) . "'"); if (mysql_num_rows($result) == 0) simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__); $row = mysql_fetch_array($result); mysql_free_result($result); $category = $row['category']; } else { $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album'"); if (mysql_num_rows($result) == 0) simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__); $row = mysql_fetch_array($result); mysql_free_result($result); $category = $row['category']; } // Get position $result = cpg_db_query("SELECT position FROM {$CONFIG['TABLE_PICTURES']} WHERE aid='$album' order by position desc"); if (mysql_num_rows($result) == 0) { $position = 100; } else { $row = mysql_fetch_array($result); mysql_free_result($result); if ($row['position']) { $position = $row['position']; $position++; } } // Test if the filename of the temporary uploaded picture is empty if ($_FILES['userpicture']['tmp_name'] == '') simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__); // Create destination directory for pictures if (USER_ID && !defined('SILLY_SAFE_MODE')) { if (USER_IS_ADMIN && ($category != (USER_ID + FIRST_USER_CAT))) { $filepath = 'wpw-' . date("Ymd"); } else { $filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT); } $dest_dir = $CONFIG['fullpath'] . $filepath; if (!is_dir($dest_dir)) { mkdir($dest_dir, octdec($CONFIG['default_dir_mode'])); if (!is_dir($dest_dir)) simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true); chmod($dest_dir, octdec($CONFIG['default_dir_mode'])); $fp = fopen($dest_dir . '/index.html', 'w'); fwrite($fp, ' '); fclose($fp); } $dest_dir .= '/'; $filepath .= '/'; } else { $filepath = $CONFIG['userpics']; $dest_dir = $CONFIG['fullpath'] . $filepath; } // Check that target dir is writable if (!is_writable($dest_dir)) simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true); $matches = array(); if (get_magic_quotes_gpc()) $_FILES['userpicture']['name'] = stripslashes($_FILES['userpicture']['name']); // Replace forbidden chars with underscores $picture_name = replace_forbidden($_FILES['userpicture']['name']); // Check that the file uploaded has a valid extension if (!preg_match("/(.+)\.(.*?)\Z/", $picture_name, $matches)) { $matches[1] = 'invalid_fname'; $matches[2] = 'xxx'; } if ($matches[2] == '' || !is_known_filetype($matches)) { simple_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__); } // Create a unique name for the uploaded file $nr = 0; $picture_name = $matches[1] . '.' . $matches[2]; while (file_exists($dest_dir . $picture_name)) { $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2]; } $uploaded_pic = $dest_dir . $picture_name; // Move the picture into its final location if (!move_uploaded_file($_FILES['userpicture']['tmp_name'], $uploaded_pic)) simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true); // Change file permission chmod($uploaded_pic, octdec($CONFIG['default_file_mode'])); // Check file size. Delete if it is excessive. if (filesize($uploaded_pic) > ($CONFIG['max_upl_size'] << 10)) { @unlink($uploaded_pic); simple_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__); } elseif (is_image($picture_name)) { // Get picture information $imginfo = getimagesize($uploaded_pic); // getimagesize does not recognize the file as a picture if ($imginfo == null) { @unlink($uploaded_pic); simple_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true); } // JPEG and PNG only are allowed with GD //if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) { if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && $CONFIG['GIF_support'] == 0) { @unlink($uploaded_pic); simple_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true); } // Check that picture size (in pixels) is lower than the maximum allowed if (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) { if ((USER_IS_ADMIN && $CONFIG['auto_resize'] == 1) || (!USER_IS_ADMIN && $CONFIG['auto_resize'] > 0)) //($CONFIG['auto_resize']==1) { //resize_image($uploaded_pic, $uploaded_pic, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $imginfo[0] > $CONFIG['max_upl_width_height'] ? 'wd' : 'ht'); resize_image($uploaded_pic, $uploaded_pic, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $CONFIG['thumb_use']); } else { @unlink($uploaded_pic); simple_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__); } } } // Create thumbnail and internediate image and add the image into the DB $result = add_picture($album, $filepath, $picture_name, $position, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category); if (!$result) { @unlink($uploaded_pic); simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true); } else { echo ("SUCCESS"); exit; } } // ------------------------------------------------------------------------- // if (USER_IS_ADMIN && !GALLERY_ADMIN_MODE) { $USER['am'] = 1; user_save_profile(); } $cmd = empty($_GET['cmd']) ? '' : $_GET['cmd']; if (!USER_ID && $cmd && $cmd != 'send_reg') $cmd = 'login'; if (!empty($_POST['username'])) $cmd = 'process_login'; switch ($cmd) { case 'login' : output_header(); form_login(); output_footer(); break; case 'process_login' : output_header(); process_login(); output_footer(); break; case 'publish' : output_header(); form_publish(); output_footer(); break; case 'create_album' : output_header(); create_album(); output_footer(); break; case 'add_picture' : process_picture(); break; case 'send_reg' : send_reg_file(); break; default: display_instructions(); } // switch ?>