| 6 |
kaklik |
1 |
<?php
|
|
|
2 |
/*************************
|
|
|
3 |
Coppermine Photo Gallery
|
|
|
4 |
************************
|
|
|
5 |
Copyright (c) 2003-2005 Coppermine Dev Team
|
|
|
6 |
v1.1 originaly written by Gregory DEMAR
|
|
|
7 |
|
|
|
8 |
This program is free software; you can redistribute it and/or modify
|
|
|
9 |
it under the terms of the GNU General Public License as published by
|
|
|
10 |
the Free Software Foundation; either version 2 of the License, or
|
|
|
11 |
(at your option) any later version.
|
|
|
12 |
********************************************
|
|
|
13 |
Coppermine version: 1.3.3
|
|
|
14 |
$Source: /cvsroot/coppermine/stable/db_input.php,v $
|
|
|
15 |
$Revision: 1.9 $
|
|
|
16 |
$Author: gaugau $
|
|
|
17 |
$Date: 2005/04/19 03:17:10 $
|
|
|
18 |
**********************************************/
|
|
|
19 |
|
|
|
20 |
define('IN_COPPERMINE', true);
|
|
|
21 |
define('DB_INPUT_PHP', true);
|
|
|
22 |
|
|
|
23 |
require('include/init.inc.php');
|
|
|
24 |
require('include/picmgmt.inc.php');
|
|
|
25 |
require('include/mailer.inc.php');
|
|
|
26 |
|
|
|
27 |
function check_comment(&$str)
|
|
|
28 |
{
|
|
|
29 |
global $CONFIG, $lang_bad_words, $queries;
|
|
|
30 |
|
|
|
31 |
$ercp = array('/\S{' . ($CONFIG['max_com_wlength'] + 1) . ',}/i');
|
|
|
32 |
if ($CONFIG['filter_bad_words']) foreach($lang_bad_words as $word) {
|
|
|
33 |
$ercp[] = '/' . ($word[0] == '*' ? '': '\b') . str_replace('*', '', $word) . ($word[(strlen($word)-1)] == '*' ? '': '\b') . '/i';
|
|
|
34 |
}
|
|
|
35 |
|
|
|
36 |
if (strlen($str) > $CONFIG['max_com_size']) $str = substr($str, 0, ($CONFIG['max_com_size'] -3)) . '...';
|
|
|
37 |
$str = preg_replace($ercp, '(...)', $str);
|
|
|
38 |
}
|
|
|
39 |
|
|
|
40 |
if (!isset($HTTP_GET_VARS['event']) && !isset($HTTP_POST_VARS['event'])) {
|
|
|
41 |
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
|
|
|
42 |
}
|
|
|
43 |
|
|
|
44 |
$event = isset($HTTP_POST_VARS['event']) ? $HTTP_POST_VARS['event'] : $HTTP_GET_VARS['event'];
|
|
|
45 |
switch ($event) {
|
|
|
46 |
|
|
|
47 |
// Comment update
|
|
|
48 |
|
|
|
49 |
case 'comment_update':
|
|
|
50 |
if (!(USER_CAN_POST_COMMENTS)) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
|
|
|
51 |
|
|
|
52 |
check_comment($HTTP_POST_VARS['msg_body']);
|
|
|
53 |
check_comment($HTTP_POST_VARS['msg_author']);
|
|
|
54 |
$msg_body = addslashes(trim($HTTP_POST_VARS['msg_body']));
|
|
|
55 |
$msg_author = addslashes(trim($HTTP_POST_VARS['msg_author']));
|
|
|
56 |
$msg_id = (int)$HTTP_POST_VARS['msg_id'];
|
|
|
57 |
|
|
|
58 |
if ($msg_body == '') cpg_die(ERROR, $lang_db_input_php['err_comment_empty'], __FILE__, __LINE__);
|
|
|
59 |
|
|
|
60 |
if (GALLERY_ADMIN_MODE) {
|
|
|
61 |
$update = db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_body='$msg_body', msg_author='$msg_author' WHERE msg_id='$msg_id'");
|
|
|
62 |
} elseif (USER_ID) {
|
|
|
63 |
$update = db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_body='$msg_body' WHERE msg_id='$msg_id' AND author_id ='" . USER_ID . "' LIMIT 1");
|
|
|
64 |
} else {
|
|
|
65 |
$update = db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_body='$msg_body' WHERE msg_id='$msg_id' AND author_md5_id ='{$USER['ID']}' AND author_id = '0' LIMIT 1");
|
|
|
66 |
}
|
|
|
67 |
|
|
|
68 |
$header_location = (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) ? 'Refresh: 0; URL=' : 'Location: ';
|
|
|
69 |
|
|
|
70 |
$result = db_query("SELECT pid FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='$msg_id'");
|
|
|
71 |
if (!mysql_num_rows($result)) {
|
|
|
72 |
mysql_free_result($result);
|
|
|
73 |
$header_location = (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) ? 'Refresh: 0; URL=' : 'Location: ';
|
|
|
74 |
$redirect = "index.php";
|
|
|
75 |
header($header_location . $redirect);
|
|
|
76 |
pageheader($lang_info, "<META http-equiv=\"refresh\" content=\"1;url=$redirect\">");
|
|
|
77 |
msg_box($lang_info, $lang_db_input_php['redirect_msg'], $lang_db_input_php['continue'], $redirect);
|
|
|
78 |
pagefooter();
|
|
|
79 |
ob_end_flush();
|
|
|
80 |
exit;
|
|
|
81 |
} else {
|
|
|
82 |
$comment_data = mysql_fetch_array($result);
|
|
|
83 |
mysql_free_result($result);
|
|
|
84 |
$redirect = "displayimage.php?pos=" . (- $comment_data['pid']);
|
|
|
85 |
header($header_location . $redirect);
|
|
|
86 |
pageheader($lang_info, "<META http-equiv=\"refresh\" content=\"1;url=$redirect\">");
|
|
|
87 |
msg_box($lang_info, $lang_db_input_php['redirect_msg'], $lang_db_input_php['continue'], $redirect);
|
|
|
88 |
pagefooter();
|
|
|
89 |
ob_end_flush();
|
|
|
90 |
exit;
|
|
|
91 |
}
|
|
|
92 |
break;
|
|
|
93 |
|
|
|
94 |
// Comment
|
|
|
95 |
|
|
|
96 |
case 'comment':
|
|
|
97 |
if (!(USER_CAN_POST_COMMENTS)) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
|
|
|
98 |
|
|
|
99 |
check_comment($HTTP_POST_VARS['msg_body']);
|
|
|
100 |
check_comment($HTTP_POST_VARS['msg_author']);
|
|
|
101 |
$msg_author = addslashes(trim($HTTP_POST_VARS['msg_author']));
|
|
|
102 |
$msg_body = addslashes(trim($HTTP_POST_VARS['msg_body']));
|
|
|
103 |
$pid = (int)$HTTP_POST_VARS['pid'];
|
|
|
104 |
|
|
|
105 |
if ($msg_author == '' || $msg_body == '') cpg_die(ERROR, $lang_db_input_php['empty_name_or_com'], __FILE__, __LINE__);
|
|
|
106 |
|
|
|
107 |
$result = db_query("SELECT comments FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='$pid'");
|
|
|
108 |
if (!mysql_num_rows($result)) cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
|
|
|
109 |
$album_data = mysql_fetch_array($result);
|
|
|
110 |
mysql_free_result($result);
|
|
|
111 |
|
|
|
112 |
if ($album_data['comments'] != 'YES') cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
|
|
|
113 |
|
|
|
114 |
if (!$CONFIG['disable_comment_flood_protect']){
|
|
|
115 |
$result = db_query("SELECT author_md5_id, author_id FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = '$pid' ORDER BY msg_id DESC LIMIT 1");
|
|
|
116 |
if (mysql_num_rows($result)) {
|
|
|
117 |
$last_com_data = mysql_fetch_array($result);
|
|
|
118 |
if ((USER_ID && $last_com_data['author_id'] == USER_ID) || (!USER_ID && $last_com_data['author_md5_id'] == $USER['ID'])) {
|
|
|
119 |
cpg_die(ERROR, $lang_db_input_php['no_flood'], __FILE__, __LINE__);
|
|
|
120 |
}
|
|
|
121 |
}
|
|
|
122 |
}
|
|
|
123 |
|
|
|
124 |
if (!USER_ID) { // Anonymous users, we need to use META refresh to save the cookie
|
|
|
125 |
$insert = db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg_author, msg_body, msg_date, author_md5_id, author_id, msg_raw_ip, msg_hdr_ip) VALUES ('$pid', '$msg_author', '$msg_body', NOW(), '{$USER['ID']}', '0', '$raw_ip', '$hdr_ip')");
|
|
|
126 |
$USER['name'] = $HTTP_POST_VARS['msg_author'];
|
|
|
127 |
$redirect = "displayimage.php?pos=" . (- $pid);
|
|
|
128 |
if ($CONFIG['email_comment_notification']) {
|
|
|
129 |
$mail_body = $msg_body . "\n\r ".$lang_db_input_php['email_comment_body'] . " " . $CONFIG['ecards_more_pic_target'] . $redirect;
|
|
|
130 |
cpg_mail($CONFIG['gallery_admin_email'], $lang_db_input_php['email_comment_subject'], $mail_body);
|
|
|
131 |
}
|
|
|
132 |
pageheader($lang_db_input_php['com_added'], "<META http-equiv=\"refresh\" content=\"1;url=$redirect\">");
|
|
|
133 |
msg_box($lang_db_input_php['info'], $lang_db_input_php['com_added'], $lang_continue, $redirect);
|
|
|
134 |
pagefooter();
|
|
|
135 |
ob_end_flush();
|
|
|
136 |
exit;
|
|
|
137 |
} else { // Registered users, we can use Location to redirect
|
|
|
138 |
$insert = db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg_author, msg_body, msg_date, author_md5_id, author_id, msg_raw_ip, msg_hdr_ip) VALUES ('$pid', '" . addslashes(USER_NAME) . "', '$msg_body', NOW(), '', '" . USER_ID . "', '$raw_ip', '$hdr_ip')");
|
|
|
139 |
$redirect = "displayimage.php?pos=" . (- $pid);
|
|
|
140 |
if ($CONFIG['email_comment_notification']) {
|
|
|
141 |
$mail_body = $msg_body . "\n\r ".$lang_db_input_php['email_comment_body'] . " " . $CONFIG['ecards_more_pic_target'] . $redirect;
|
|
|
142 |
cpg_mail($CONFIG['gallery_admin_email'], $lang_db_input_php['email_comment_subject'], $mail_body);
|
|
|
143 |
}
|
|
|
144 |
$header_location = (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) ? 'Refresh: 0; URL=' : 'Location: ';
|
|
|
145 |
header($header_location . $redirect);
|
|
|
146 |
pageheader($lang_db_input_php['com_added'], "<META http-equiv=\"refresh\" content=\"1;url=$redirect\">");
|
|
|
147 |
msg_box($lang_db_input_php['info'], $lang_db_input_php['com_added'], $lang_continue, $redirect);
|
|
|
148 |
pagefooter();
|
|
|
149 |
ob_end_flush();
|
|
|
150 |
exit;
|
|
|
151 |
}
|
|
|
152 |
break;
|
|
|
153 |
|
|
|
154 |
// Update album
|
|
|
155 |
|
|
|
156 |
case 'album_update':
|
|
|
157 |
if (!(USER_ADMIN_MODE || GALLERY_ADMIN_MODE)) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
|
|
|
158 |
|
|
|
159 |
$aid = (int)$HTTP_POST_VARS['aid'];
|
|
|
160 |
$title = addslashes(trim($HTTP_POST_VARS['title']));
|
|
|
161 |
$category = (int)$HTTP_POST_VARS['category'];
|
|
|
162 |
$description = addslashes(trim($HTTP_POST_VARS['description']));
|
|
|
163 |
$thumb = (int)$HTTP_POST_VARS['thumb'];
|
|
|
164 |
$visibility = (int)$HTTP_POST_VARS['visibility'];
|
|
|
165 |
$uploads = $HTTP_POST_VARS['uploads'] == 'YES' ? 'YES' : 'NO';
|
|
|
166 |
$comments = $HTTP_POST_VARS['comments'] == 'YES' ? 'YES' : 'NO';
|
|
|
167 |
$votes = $HTTP_POST_VARS['votes'] == 'YES' ? 'YES' : 'NO';
|
|
|
168 |
|
|
|
169 |
if (!$title) cpg_die(ERROR, $lang_db_input_php['alb_need_title'], __FILE__, __LINE__);
|
|
|
170 |
|
|
|
171 |
if (GALLERY_ADMIN_MODE) {
|
|
|
172 |
$query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='$title', description='$description', category='$category', thumb='$thumb', uploads='$uploads', comments='$comments', votes='$votes', visibility='$visibility' WHERE aid='$aid' LIMIT 1";
|
|
|
173 |
} else {
|
|
|
174 |
$category = FIRST_USER_CAT + USER_ID;
|
|
|
175 |
$query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='$title', description='$description', thumb='$thumb', comments='$comments', votes='$votes', visibility='$visibility' WHERE aid='$aid' AND category='$category' LIMIT 1";
|
|
|
176 |
}
|
|
|
177 |
|
|
|
178 |
$update = db_query($query);
|
|
|
179 |
if (isset($CONFIG['debug_mode']) && ($CONFIG['debug_mode'] == 1)) {
|
|
|
180 |
$queries[] = $query;
|
|
|
181 |
}
|
|
|
182 |
|
|
|
183 |
if (!mysql_affected_rows()) cpg_die(INFORMATION, $lang_db_input_php['no_udp_needed'], __FILE__, __LINE__);
|
|
|
184 |
if ($CONFIG['debug_mode'] == 0) {
|
|
|
185 |
pageheader($lang_db_input_php['alb_updated'], "<META http-equiv=\"refresh\" content=\"1;url=modifyalb.php?album=$aid\">");
|
|
|
186 |
}
|
|
|
187 |
msg_box($lang_db_input_php['info'], $lang_db_input_php['alb_updated'], $lang_continue, "modifyalb.php?album=$aid");
|
|
|
188 |
pagefooter();
|
|
|
189 |
ob_end_flush();
|
|
|
190 |
exit;
|
|
|
191 |
break;
|
|
|
192 |
|
|
|
193 |
// Picture upload
|
|
|
194 |
|
|
|
195 |
|
|
|
196 |
case 'picture':
|
|
|
197 |
if (!USER_CAN_UPLOAD_PICTURES) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
|
|
|
198 |
|
|
|
199 |
$album = (int)$HTTP_POST_VARS['album'];
|
|
|
200 |
$title = addslashes($HTTP_POST_VARS['title']);
|
|
|
201 |
$caption = addslashes($HTTP_POST_VARS['caption']);
|
|
|
202 |
$keywords = addslashes($HTTP_POST_VARS['keywords']);
|
|
|
203 |
$user1 = addslashes($HTTP_POST_VARS['user1']);
|
|
|
204 |
$user2 = addslashes($HTTP_POST_VARS['user2']);
|
|
|
205 |
$user3 = addslashes($HTTP_POST_VARS['user3']);
|
|
|
206 |
$user4 = addslashes($HTTP_POST_VARS['user4']);
|
|
|
207 |
// Check if the album id provided is valid
|
|
|
208 |
if (!GALLERY_ADMIN_MODE) {
|
|
|
209 |
$result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album' and (uploads = 'YES' OR category = '" . (USER_ID + FIRST_USER_CAT) . "')");
|
|
|
210 |
if (mysql_num_rows($result) == 0)cpg_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
|
|
|
211 |
$row = mysql_fetch_array($result);
|
|
|
212 |
mysql_free_result($result);
|
|
|
213 |
$category = $row['category'];
|
|
|
214 |
} else {
|
|
|
215 |
$result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album'");
|
|
|
216 |
if (mysql_num_rows($result) == 0)cpg_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
|
|
|
217 |
$row = mysql_fetch_array($result);
|
|
|
218 |
mysql_free_result($result);
|
|
|
219 |
$category = $row['category'];
|
|
|
220 |
}
|
|
|
221 |
// Test if the filename of the temporary uploaded picture is empty
|
|
|
222 |
if ($HTTP_POST_FILES['userpicture']['tmp_name'] == '') cpg_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__);
|
|
|
223 |
// Pictures are moved in a directory named 10000 + USER_ID
|
|
|
224 |
if (USER_ID && !defined('SILLY_SAFE_MODE')) {
|
|
|
225 |
$filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT);
|
|
|
226 |
$dest_dir = $CONFIG['fullpath'] . $filepath;
|
|
|
227 |
if (!is_dir($dest_dir)) {
|
|
|
228 |
mkdir($dest_dir, octdec($CONFIG['default_dir_mode']));
|
|
|
229 |
if (!is_dir($dest_dir)) cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true);
|
|
|
230 |
chmod($dest_dir, octdec($CONFIG['default_dir_mode']));
|
|
|
231 |
$fp = fopen($dest_dir . '/index.html', 'w');
|
|
|
232 |
fwrite($fp, ' ');
|
|
|
233 |
fclose($fp);
|
|
|
234 |
}
|
|
|
235 |
$dest_dir .= '/';
|
|
|
236 |
$filepath .= '/';
|
|
|
237 |
} else {
|
|
|
238 |
$filepath = $CONFIG['userpics'];
|
|
|
239 |
$dest_dir = $CONFIG['fullpath'] . $filepath;
|
|
|
240 |
}
|
|
|
241 |
// Check that target dir is writable
|
|
|
242 |
if (!is_writable($dest_dir)) cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true);
|
|
|
243 |
// Replace forbidden chars with underscores
|
|
|
244 |
$matches = array();
|
|
|
245 |
$forbidden_chars = strtr($CONFIG['forbiden_fname_char'], array('&' => '&', '"' => '"', '<' => '<', '>' => '>'));
|
|
|
246 |
// Check that the file uploaded has a valid extension
|
|
|
247 |
if (get_magic_quotes_gpc()) $HTTP_POST_FILES['userpicture']['name'] = stripslashes($HTTP_POST_FILES['userpicture']['name']);
|
|
|
248 |
$picture_name = strtr($HTTP_POST_FILES['userpicture']['name'], $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char'])));
|
|
|
249 |
if (!preg_match("/(.+)\.(.*?)\Z/", $picture_name, $matches)) {
|
|
|
250 |
$matches[1] = 'invalid_fname';
|
|
|
251 |
$matches[2] = 'xxx';
|
|
|
252 |
}
|
|
|
253 |
|
|
|
254 |
if ($matches[2] == '' || !is_known_filetype($matches)) {
|
|
|
255 |
cpg_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__);
|
|
|
256 |
}
|
|
|
257 |
|
|
|
258 |
// Create a unique name for the uploaded file
|
|
|
259 |
$nr = 0;
|
|
|
260 |
$picture_name = $matches[1] . '.' . $matches[2];
|
|
|
261 |
while (file_exists($dest_dir . $picture_name)) {
|
|
|
262 |
$picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
|
|
|
263 |
}
|
|
|
264 |
$uploaded_pic = $dest_dir . $picture_name;
|
|
|
265 |
// Move the picture into its final location
|
|
|
266 |
if (!move_uploaded_file($HTTP_POST_FILES['userpicture']['tmp_name'], $uploaded_pic))
|
|
|
267 |
cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true);
|
|
|
268 |
// Change file permission
|
|
|
269 |
chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
|
|
|
270 |
// Get picture information
|
|
|
271 |
|
|
|
272 |
|
|
|
273 |
// Check that picture file size is lower than the maximum allowed
|
|
|
274 |
if (filesize($uploaded_pic) > ($CONFIG['max_upl_size'] << 10)) {
|
|
|
275 |
@unlink($uploaded_pic);
|
|
|
276 |
cpg_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__);
|
|
|
277 |
} elseif (is_image($picture_name)) {
|
|
|
278 |
$imginfo = getimagesize($uploaded_pic);
|
|
|
279 |
// getimagesize does not recognize the file as a picture
|
|
|
280 |
if ($imginfo == null) {
|
|
|
281 |
@unlink($uploaded_pic);
|
|
|
282 |
cpg_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true);
|
|
|
283 |
// JPEG and PNG only are allowed with GD
|
|
|
284 |
} elseif ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) {
|
|
|
285 |
@unlink($uploaded_pic);
|
|
|
286 |
cpg_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true);
|
|
|
287 |
// *** NOT NEEDED CHECK DONE BY 'is_image'
|
|
|
288 |
// Check image type is among those allowed for ImageMagick
|
|
|
289 |
//} elseif (!stristr($CONFIG['allowed_img_types'], $IMG_TYPES[$imginfo[2]]) && $CONFIG['thumb_method'] == 'im') {
|
|
|
290 |
//@unlink($uploaded_pic);
|
|
|
291 |
//cpg_die(ERROR, sprintf($lang_db_input_php['allowed_img_types'], $CONFIG['allowed_img_types']), __FILE__, __LINE__);
|
|
|
292 |
// Check that picture size (in pixels) is lower than the maximum allowed
|
|
|
293 |
} elseif (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) {
|
|
|
294 |
@unlink($uploaded_pic);
|
|
|
295 |
cpg_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__);
|
|
|
296 |
} // Image is ok
|
|
|
297 |
}
|
|
|
298 |
|
|
|
299 |
// Upload is ok
|
|
|
300 |
// Create thumbnail and internediate image and add the image into the DB
|
|
|
301 |
$result = add_picture($album, $filepath, $picture_name, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category, $raw_ip, $hdr_ip,(int) $_POST['width'],(int) $_POST['height']);
|
|
|
302 |
|
|
|
303 |
if (!$result) {
|
|
|
304 |
@unlink($uploaded_pic);
|
|
|
305 |
cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true);
|
|
|
306 |
} elseif ($PIC_NEED_APPROVAL) {
|
|
|
307 |
pageheader($lang_info);
|
|
|
308 |
msg_box($lang_info, $lang_db_input_php['upload_success'], $lang_continue, 'index.php');
|
|
|
309 |
// start: send admin approval mail
|
|
|
310 |
if ($CONFIG['upl_notify_admin_email'])
|
|
|
311 |
{
|
|
|
312 |
include_once('include/mailer.inc.php');
|
|
|
313 |
cpg_mail($CONFIG['gallery_admin_email'], sprintf($lang_db_input_php['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_db_input_php['notify_admin_email_body'], USER_NAME, $CONFIG['ecards_more_pic_target'].'/editpics.php?mode=upload_approval' ));
|
|
|
314 |
}
|
|
|
315 |
// end: send admin approval mail
|
|
|
316 |
ob_end_flush();
|
|
|
317 |
} else {
|
|
|
318 |
$header_location = (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) ? 'Refresh: 0; URL=' : 'Location: ';
|
|
|
319 |
$redirect = "displayimage.php?pos=" . (- mysql_insert_id());
|
|
|
320 |
header($header_location . $redirect);
|
|
|
321 |
pageheader($lang_info, "<META http-equiv=\"refresh\" content=\"1;url=$redirect\">");
|
|
|
322 |
msg_box($lang_info, $lang_db_input_php['upl_success'], $lang_continue, $redirect);
|
|
|
323 |
pagefooter();
|
|
|
324 |
ob_end_flush();
|
|
|
325 |
exit;
|
|
|
326 |
}
|
|
|
327 |
break;
|
|
|
328 |
|
|
|
329 |
// Unknow event
|
|
|
330 |
|
|
|
331 |
default:
|
|
|
332 |
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
|
|
|
333 |
}
|
|
|
334 |
?>
|