Subversion Repositories svnkaklik

Rev

Details | Last modification | View Log

Rev Author Line No. Line
6 kaklik 1
<?php
2
/*************************
3
  Coppermine Photo Gallery
4
  ************************
5
  Copyright (c) 2003-2005 Coppermine Dev Team
6
  v1.1 originaly written by Gregory DEMAR
7
 
8
  This program is free software; you can redistribute it and/or modify
9
  it under the terms of the GNU General Public License as published by
10
  the Free Software Foundation; either version 2 of the License, or
11
  (at your option) any later version.
12
  ********************************************
13
  Coppermine version: 1.3.3
14
  $Source: /cvsroot/coppermine/stable/db_input.php,v $
15
  $Revision: 1.9 $
16
  $Author: gaugau $
17
  $Date: 2005/04/19 03:17:10 $
18
**********************************************/
19
 
20
define('IN_COPPERMINE', true);
21
define('DB_INPUT_PHP', true);
22
 
23
require('include/init.inc.php');
24
require('include/picmgmt.inc.php');
25
require('include/mailer.inc.php');
26
 
27
function check_comment(&$str)
28
{
29
    global $CONFIG, $lang_bad_words, $queries;
30
 
31
    $ercp = array('/\S{' . ($CONFIG['max_com_wlength'] + 1) . ',}/i');
32
    if ($CONFIG['filter_bad_words']) foreach($lang_bad_words as $word) {
33
        $ercp[] = '/' . ($word[0] == '*' ? '': '\b') . str_replace('*', '', $word) . ($word[(strlen($word)-1)] == '*' ? '': '\b') . '/i';
34
    }
35
 
36
    if (strlen($str) > $CONFIG['max_com_size']) $str = substr($str, 0, ($CONFIG['max_com_size'] -3)) . '...';
37
    $str = preg_replace($ercp, '(...)', $str);
38
}
39
 
40
if (!isset($HTTP_GET_VARS['event']) && !isset($HTTP_POST_VARS['event'])) {
41
    cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
42
}
43
 
44
$event = isset($HTTP_POST_VARS['event']) ? $HTTP_POST_VARS['event'] : $HTTP_GET_VARS['event'];
45
switch ($event) {
46
 
47
    // Comment update
48
 
49
    case 'comment_update':
50
        if (!(USER_CAN_POST_COMMENTS)) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
51
 
52
        check_comment($HTTP_POST_VARS['msg_body']);
53
        check_comment($HTTP_POST_VARS['msg_author']);
54
        $msg_body = addslashes(trim($HTTP_POST_VARS['msg_body']));
55
        $msg_author = addslashes(trim($HTTP_POST_VARS['msg_author']));
56
        $msg_id = (int)$HTTP_POST_VARS['msg_id'];
57
 
58
        if ($msg_body == '') cpg_die(ERROR, $lang_db_input_php['err_comment_empty'], __FILE__, __LINE__);
59
 
60
        if (GALLERY_ADMIN_MODE) {
61
            $update = db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_body='$msg_body', msg_author='$msg_author' WHERE msg_id='$msg_id'");
62
        } elseif (USER_ID) {
63
            $update = db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_body='$msg_body' WHERE msg_id='$msg_id' AND author_id ='" . USER_ID . "' LIMIT 1");
64
        } else {
65
            $update = db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_body='$msg_body' WHERE msg_id='$msg_id' AND author_md5_id ='{$USER['ID']}' AND author_id = '0' LIMIT 1");
66
        }
67
 
68
        $header_location = (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) ? 'Refresh: 0; URL=' : 'Location: ';
69
 
70
        $result = db_query("SELECT pid FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='$msg_id'");
71
        if (!mysql_num_rows($result)) {
72
            mysql_free_result($result);
73
            $header_location = (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) ? 'Refresh: 0; URL=' : 'Location: ';
74
            $redirect = "index.php";
75
            header($header_location . $redirect);
76
            pageheader($lang_info, "<META http-equiv=\"refresh\" content=\"1;url=$redirect\">");
77
            msg_box($lang_info, $lang_db_input_php['redirect_msg'], $lang_db_input_php['continue'], $redirect);
78
            pagefooter();
79
            ob_end_flush();
80
            exit;
81
        } else {
82
            $comment_data = mysql_fetch_array($result);
83
            mysql_free_result($result);
84
            $redirect = "displayimage.php?pos=" . (- $comment_data['pid']);
85
            header($header_location . $redirect);
86
            pageheader($lang_info, "<META http-equiv=\"refresh\" content=\"1;url=$redirect\">");
87
            msg_box($lang_info, $lang_db_input_php['redirect_msg'], $lang_db_input_php['continue'], $redirect);
88
            pagefooter();
89
            ob_end_flush();
90
            exit;
91
        }
92
        break;
93
 
94
    // Comment
95
 
96
    case 'comment':
97
        if (!(USER_CAN_POST_COMMENTS)) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
98
 
99
        check_comment($HTTP_POST_VARS['msg_body']);
100
                check_comment($HTTP_POST_VARS['msg_author']);
101
        $msg_author = addslashes(trim($HTTP_POST_VARS['msg_author']));
102
        $msg_body = addslashes(trim($HTTP_POST_VARS['msg_body']));
103
        $pid = (int)$HTTP_POST_VARS['pid'];
104
 
105
        if ($msg_author == '' || $msg_body == '') cpg_die(ERROR, $lang_db_input_php['empty_name_or_com'], __FILE__, __LINE__);
106
 
107
        $result = db_query("SELECT comments FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='$pid'");
108
        if (!mysql_num_rows($result)) cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
109
        $album_data = mysql_fetch_array($result);
110
        mysql_free_result($result);
111
 
112
        if ($album_data['comments'] != 'YES') cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
113
 
114
        if (!$CONFIG['disable_comment_flood_protect']){
115
          $result = db_query("SELECT author_md5_id, author_id FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = '$pid' ORDER BY msg_id DESC LIMIT 1");
116
          if (mysql_num_rows($result)) {
117
              $last_com_data = mysql_fetch_array($result);
118
              if ((USER_ID && $last_com_data['author_id'] == USER_ID) || (!USER_ID && $last_com_data['author_md5_id'] == $USER['ID'])) {
119
                  cpg_die(ERROR, $lang_db_input_php['no_flood'], __FILE__, __LINE__);
120
              }
121
          }
122
        }
123
 
124
        if (!USER_ID) { // Anonymous users, we need to use META refresh to save the cookie
125
            $insert = db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg_author, msg_body, msg_date, author_md5_id, author_id, msg_raw_ip, msg_hdr_ip) VALUES ('$pid', '$msg_author', '$msg_body', NOW(), '{$USER['ID']}', '0', '$raw_ip', '$hdr_ip')");
126
            $USER['name'] = $HTTP_POST_VARS['msg_author'];
127
            $redirect = "displayimage.php?pos=" . (- $pid);
128
            if ($CONFIG['email_comment_notification']) {
129
                $mail_body = $msg_body . "\n\r ".$lang_db_input_php['email_comment_body'] . " " . $CONFIG['ecards_more_pic_target'] . $redirect;
130
                cpg_mail($CONFIG['gallery_admin_email'], $lang_db_input_php['email_comment_subject'], $mail_body);
131
            }
132
            pageheader($lang_db_input_php['com_added'], "<META http-equiv=\"refresh\" content=\"1;url=$redirect\">");
133
            msg_box($lang_db_input_php['info'], $lang_db_input_php['com_added'], $lang_continue, $redirect);
134
            pagefooter();
135
            ob_end_flush();
136
            exit;
137
        } else { // Registered users, we can use Location to redirect
138
            $insert = db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg_author, msg_body, msg_date, author_md5_id, author_id, msg_raw_ip, msg_hdr_ip) VALUES ('$pid', '" . addslashes(USER_NAME) . "', '$msg_body', NOW(), '', '" . USER_ID . "', '$raw_ip', '$hdr_ip')");
139
            $redirect = "displayimage.php?pos=" . (- $pid);
140
            if ($CONFIG['email_comment_notification']) {
141
                $mail_body = $msg_body . "\n\r ".$lang_db_input_php['email_comment_body'] . " " . $CONFIG['ecards_more_pic_target'] . $redirect;
142
                cpg_mail($CONFIG['gallery_admin_email'], $lang_db_input_php['email_comment_subject'], $mail_body);
143
            }
144
            $header_location = (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) ? 'Refresh: 0; URL=' : 'Location: ';
145
            header($header_location . $redirect);
146
            pageheader($lang_db_input_php['com_added'], "<META http-equiv=\"refresh\" content=\"1;url=$redirect\">");
147
            msg_box($lang_db_input_php['info'], $lang_db_input_php['com_added'], $lang_continue, $redirect);
148
            pagefooter();
149
            ob_end_flush();
150
            exit;
151
        }
152
        break;
153
 
154
    // Update album
155
 
156
    case 'album_update':
157
        if (!(USER_ADMIN_MODE || GALLERY_ADMIN_MODE)) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
158
 
159
        $aid = (int)$HTTP_POST_VARS['aid'];
160
        $title = addslashes(trim($HTTP_POST_VARS['title']));
161
        $category = (int)$HTTP_POST_VARS['category'];
162
        $description = addslashes(trim($HTTP_POST_VARS['description']));
163
        $thumb = (int)$HTTP_POST_VARS['thumb'];
164
        $visibility = (int)$HTTP_POST_VARS['visibility'];
165
        $uploads = $HTTP_POST_VARS['uploads'] == 'YES' ? 'YES' : 'NO';
166
        $comments = $HTTP_POST_VARS['comments'] == 'YES' ? 'YES' : 'NO';
167
        $votes = $HTTP_POST_VARS['votes'] == 'YES' ? 'YES' : 'NO';
168
 
169
        if (!$title) cpg_die(ERROR, $lang_db_input_php['alb_need_title'], __FILE__, __LINE__);
170
 
171
        if (GALLERY_ADMIN_MODE) {
172
            $query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='$title', description='$description', category='$category', thumb='$thumb', uploads='$uploads', comments='$comments', votes='$votes', visibility='$visibility' WHERE aid='$aid' LIMIT 1";
173
        } else {
174
            $category = FIRST_USER_CAT + USER_ID;
175
            $query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='$title', description='$description', thumb='$thumb',  comments='$comments', votes='$votes', visibility='$visibility' WHERE aid='$aid' AND category='$category' LIMIT 1";
176
        }
177
 
178
        $update = db_query($query);
179
        if (isset($CONFIG['debug_mode']) && ($CONFIG['debug_mode'] == 1)) {
180
            $queries[] = $query;
181
        }
182
 
183
        if (!mysql_affected_rows()) cpg_die(INFORMATION, $lang_db_input_php['no_udp_needed'], __FILE__, __LINE__);
184
        if ($CONFIG['debug_mode'] == 0) {
185
            pageheader($lang_db_input_php['alb_updated'], "<META http-equiv=\"refresh\" content=\"1;url=modifyalb.php?album=$aid\">");
186
        }
187
        msg_box($lang_db_input_php['info'], $lang_db_input_php['alb_updated'], $lang_continue, "modifyalb.php?album=$aid");
188
        pagefooter();
189
        ob_end_flush();
190
        exit;
191
        break;
192
 
193
    // Picture upload
194
 
195
 
196
    case 'picture':
197
        if (!USER_CAN_UPLOAD_PICTURES) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
198
 
199
        $album = (int)$HTTP_POST_VARS['album'];
200
        $title = addslashes($HTTP_POST_VARS['title']);
201
        $caption = addslashes($HTTP_POST_VARS['caption']);
202
        $keywords = addslashes($HTTP_POST_VARS['keywords']);
203
        $user1 = addslashes($HTTP_POST_VARS['user1']);
204
        $user2 = addslashes($HTTP_POST_VARS['user2']);
205
        $user3 = addslashes($HTTP_POST_VARS['user3']);
206
        $user4 = addslashes($HTTP_POST_VARS['user4']);
207
        // Check if the album id provided is valid
208
        if (!GALLERY_ADMIN_MODE) {
209
            $result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album' and (uploads = 'YES' OR category = '" . (USER_ID + FIRST_USER_CAT) . "')");
210
            if (mysql_num_rows($result) == 0)cpg_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
211
            $row = mysql_fetch_array($result);
212
            mysql_free_result($result);
213
            $category = $row['category'];
214
        } else {
215
            $result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album'");
216
            if (mysql_num_rows($result) == 0)cpg_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
217
            $row = mysql_fetch_array($result);
218
            mysql_free_result($result);
219
            $category = $row['category'];
220
        }
221
        // Test if the filename of the temporary uploaded picture is empty
222
        if ($HTTP_POST_FILES['userpicture']['tmp_name'] == '') cpg_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__);
223
        // Pictures are moved in a directory named 10000 + USER_ID
224
        if (USER_ID && !defined('SILLY_SAFE_MODE')) {
225
            $filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT);
226
            $dest_dir = $CONFIG['fullpath'] . $filepath;
227
            if (!is_dir($dest_dir)) {
228
                mkdir($dest_dir, octdec($CONFIG['default_dir_mode']));
229
                if (!is_dir($dest_dir)) cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true);
230
                chmod($dest_dir, octdec($CONFIG['default_dir_mode']));
231
                $fp = fopen($dest_dir . '/index.html', 'w');
232
                fwrite($fp, ' ');
233
                fclose($fp);
234
            }
235
            $dest_dir .= '/';
236
            $filepath .= '/';
237
        } else {
238
            $filepath = $CONFIG['userpics'];
239
            $dest_dir = $CONFIG['fullpath'] . $filepath;
240
        }
241
        // Check that target dir is writable
242
        if (!is_writable($dest_dir)) cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true);
243
        // Replace forbidden chars with underscores
244
        $matches = array();
245
        $forbidden_chars = strtr($CONFIG['forbiden_fname_char'], array('&amp;' => '&', '&quot;' => '"', '&lt;' => '<', '&gt;' => '>'));
246
        // Check that the file uploaded has a valid extension
247
        if (get_magic_quotes_gpc()) $HTTP_POST_FILES['userpicture']['name'] = stripslashes($HTTP_POST_FILES['userpicture']['name']);
248
        $picture_name = strtr($HTTP_POST_FILES['userpicture']['name'], $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char'])));
249
        if (!preg_match("/(.+)\.(.*?)\Z/", $picture_name, $matches)) {
250
            $matches[1] = 'invalid_fname';
251
            $matches[2] = 'xxx';
252
        }
253
 
254
        if ($matches[2] == '' || !is_known_filetype($matches)) {
255
            cpg_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__);
256
        }
257
 
258
        // Create a unique name for the uploaded file
259
        $nr = 0;
260
        $picture_name = $matches[1] . '.' . $matches[2];
261
        while (file_exists($dest_dir . $picture_name)) {
262
            $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
263
        }
264
        $uploaded_pic = $dest_dir . $picture_name;
265
        // Move the picture into its final location
266
        if (!move_uploaded_file($HTTP_POST_FILES['userpicture']['tmp_name'], $uploaded_pic))
267
            cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true);
268
        // Change file permission
269
        chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
270
        // Get picture information
271
 
272
 
273
        // Check that picture file size is lower than the maximum allowed
274
        if (filesize($uploaded_pic) > ($CONFIG['max_upl_size'] << 10)) {
275
            @unlink($uploaded_pic);
276
            cpg_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__);
277
        } elseif (is_image($picture_name)) {
278
            $imginfo = getimagesize($uploaded_pic);
279
            // getimagesize does not recognize the file as a picture
280
            if ($imginfo == null) {
281
                @unlink($uploaded_pic);
282
                cpg_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true);
283
            // JPEG and PNG only are allowed with GD
284
            } elseif ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) {
285
                @unlink($uploaded_pic);
286
                cpg_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true);
287
            // *** NOT NEEDED CHECK DONE BY 'is_image'
288
            // Check image type is among those allowed for ImageMagick
289
            //} elseif (!stristr($CONFIG['allowed_img_types'], $IMG_TYPES[$imginfo[2]]) && $CONFIG['thumb_method'] == 'im') {
290
                //@unlink($uploaded_pic);
291
                //cpg_die(ERROR, sprintf($lang_db_input_php['allowed_img_types'], $CONFIG['allowed_img_types']), __FILE__, __LINE__);
292
            // Check that picture size (in pixels) is lower than the maximum allowed
293
            } elseif (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) {
294
                @unlink($uploaded_pic);
295
                cpg_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__);
296
            } // Image is ok
297
        }
298
 
299
        // Upload is ok
300
        // Create thumbnail and internediate image and add the image into the DB
301
        $result = add_picture($album, $filepath, $picture_name, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category, $raw_ip, $hdr_ip,(int) $_POST['width'],(int) $_POST['height']);
302
 
303
        if (!$result) {
304
            @unlink($uploaded_pic);
305
            cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true);
306
        } elseif ($PIC_NEED_APPROVAL) {
307
            pageheader($lang_info);
308
            msg_box($lang_info, $lang_db_input_php['upload_success'], $lang_continue, 'index.php');
309
            // start: send admin approval mail
310
            if ($CONFIG['upl_notify_admin_email'])
311
            {
312
                include_once('include/mailer.inc.php');
313
                cpg_mail($CONFIG['gallery_admin_email'], sprintf($lang_db_input_php['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_db_input_php['notify_admin_email_body'], USER_NAME,  $CONFIG['ecards_more_pic_target'].'/editpics.php?mode=upload_approval' ));
314
            }
315
            // end: send admin approval mail
316
            ob_end_flush();
317
        } else {
318
            $header_location = (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) ? 'Refresh: 0; URL=' : 'Location: ';
319
            $redirect = "displayimage.php?pos=" . (- mysql_insert_id());
320
            header($header_location . $redirect);
321
            pageheader($lang_info, "<META http-equiv=\"refresh\" content=\"1;url=$redirect\">");
322
            msg_box($lang_info, $lang_db_input_php['upl_success'], $lang_continue, $redirect);
323
            pagefooter();
324
            ob_end_flush();
325
            exit;
326
        }
327
        break;
328
 
329
    // Unknow event
330
 
331
    default:
332
        cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
333
}
334
?>