| 6 |
kaklik |
1 |
<?php
|
|
|
2 |
/*************************
|
|
|
3 |
Coppermine Photo Gallery
|
|
|
4 |
************************
|
|
|
5 |
Copyright (c) 2003-2005 Coppermine Dev Team
|
|
|
6 |
v1.1 originaly written by Gregory DEMAR
|
|
|
7 |
|
|
|
8 |
This program is free software; you can redistribute it and/or modify
|
|
|
9 |
it under the terms of the GNU General Public License as published by
|
|
|
10 |
the Free Software Foundation; either version 2 of the License, or
|
|
|
11 |
(at your option) any later version.
|
|
|
12 |
********************************************
|
|
|
13 |
Coppermine version: 1.3.3
|
|
|
14 |
$Source: /cvsroot/coppermine/stable/addpic.php,v $
|
|
|
15 |
$Revision: 1.9 $
|
|
|
16 |
$Author: gaugau $
|
|
|
17 |
$Date: 2005/04/19 03:17:10 $
|
|
|
18 |
**********************************************/
|
|
|
19 |
|
|
|
20 |
define('IN_COPPERMINE', true);
|
|
|
21 |
define('ADDPIC_PHP', true);
|
|
|
22 |
|
|
|
23 |
require('include/init.inc.php');
|
|
|
24 |
require('include/picmgmt.inc.php');
|
|
|
25 |
|
|
|
26 |
if (!GALLERY_ADMIN_MODE) die('Access denied');
|
|
|
27 |
|
|
|
28 |
$aid = (int)$HTTP_GET_VARS['aid'];
|
|
|
29 |
$pic_file = base64_decode($HTTP_GET_VARS['pic_file']);
|
|
|
30 |
$dir_name = dirname($pic_file) . "/";
|
|
|
31 |
$file_name = basename($pic_file);
|
|
|
32 |
|
|
|
33 |
// Get the forbidden characters from the Config console string, and do any necessary translation. Return the translated string.
|
|
|
34 |
$forbidden_chars = strtr($CONFIG['forbiden_fname_char'], array('&' => '&', '"' => '"', '<' => '<', '>' => '>'));
|
|
|
35 |
|
|
|
36 |
// Create the holder $picture_name by translating the file name. Translate any forbidden character into an underscore.
|
|
|
37 |
$sane_name = strtr($file_name, $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char'])));
|
|
|
38 |
$source = "./" . $CONFIG['fullpath'] . $dir_name . $file_name;
|
|
|
39 |
rename($source, "./" . $CONFIG['fullpath'] . $dir_name . $sane_name);
|
|
|
40 |
$file_name = $sane_name;
|
|
|
41 |
|
|
|
42 |
$sql = "SELECT pid " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE filepath='" . addslashes($dir_name) . "' AND filename='" . addslashes($file_name) . "' " . "LIMIT 1";
|
|
|
43 |
$result = db_query($sql);
|
|
|
44 |
|
|
|
45 |
if (mysql_num_rows($result)) {
|
|
|
46 |
$file_name = "images/up_dup.gif";
|
|
|
47 |
} elseif (add_picture($aid, $dir_name, $file_name)) {
|
|
|
48 |
$file_name = "images/up_ok.gif";
|
|
|
49 |
} else {
|
|
|
50 |
$file_name = "images/up_pb.gif";
|
|
|
51 |
echo $ERROR;
|
|
|
52 |
}
|
|
|
53 |
|
|
|
54 |
if (ob_get_length()) {
|
|
|
55 |
ob_end_flush();
|
|
|
56 |
exit;
|
|
|
57 |
}
|
|
|
58 |
|
|
|
59 |
header('Content-type: image/gif');
|
|
|
60 |
echo fread(fopen($file_name, 'rb'), filesize($file_name));
|
|
|
61 |
ob_end_flush()
|
|
|
62 |
?>
|