Subversion Repositories svnkaklik

Compare Revisions

Ignore whitespace Rev 5 → Rev 6

/web/test/gallery/cpg133/upload.php
0,0 → 1,2533
<?php
/*************************
Coppermine Photo Gallery
************************
Copyright (c) 2003-2005 Coppermine Dev Team
v1.1 originaly written by Gregory DEMAR
 
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
********************************************
Coppermine version: 1.3.3
$Source: /cvsroot/coppermine/stable/upload.php,v $
$Revision: 1.14 $
$Author: gaugau $
$Date: 2005/04/19 03:17:11 $
**********************************************/
 
// Confirm we are in Coppermine and set the language blocks.
define('IN_COPPERMINE', true);
define('UPLOAD_PHP', true);
define('DB_INPUT_PHP', true);
define('CONFIG_PHP', true);
 
// Call basic functions, etc.
require('include/init.inc.php');
require('include/picmgmt.inc.php');
 
// Some placeholders.
$customize = CUSTOMIZE_UPLOAD_FORM;
$user_form = USER_UPLOAD_FORM;
$allowed_URI_boxes = NUM_URI_BOXES;
$allowed_file_boxes = NUM_FILE_BOXES;
 
// Check to see if user can upload pictures. Quit with an error if he cannot.
if (!USER_CAN_UPLOAD_PICTURES) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
 
// Globalize $CONFIG.
global $CONFIG, $lang_upload_php, $user_form, $max_file_size;
 
//___________________________________Function Block_______________________________________
 
 
// The form label creation function. Takes a non-array element form $data as its argument.
function form_label($text) {
echo <<<EOT
<tr>
<td class="tableh2" colspan="2">
<b>$text</b>
</td>
</tr>
 
EOT;
}
 
// The form statement creation function. Takes a non-array element form $data as its argument.
function form_statement($text) {
echo <<<EOT
<tr>
<td class="tableb" colspan="2">
$text
</td>
</tr>
 
EOT;
}
 
// The hidden form input function. Takes the hidden input field name and value.
function hidden_input($name, $value) {
echo " <input type=\"hidden\" name=\"$name\" value=\"$value\">\n";
}
 
// The text box form input function. Takes the text label for the box, the input name, the maximum length for text boxes,
// and the number of iterations.
function text_box_input($text, $name, $max_length, $iterations) {
 
global $CONFIG;
 
$ordinal = '';
 
if (($text == '') and ($iterations == '')) {
echo " <input type=\"hidden\" name=\"$name\" value=\"\">\n";
return;
}
 
// Begin loop
for ($counter=0; $counter<$iterations; $counter++) {
 
// Create a numbering system when necessary.
if ($text == '') {
$cardinal = $counter + 1;
$ordinal = "".$cardinal.". ";
}
 
// Create a text box.
echo <<<EOT
<tr>
<td width="40%" class="tableb">
$text $ordinal
</td>
<td width="60%" class="tableb" valign="top">
<input type="text" style="width: 100%" name="$name" maxlength="$max_length" value="" class="textinput">
</td>
</tr>
 
EOT;
}
}
 
// The file input function. Takes the label, field name, and number of iterations as arguments.
function file_input($text, $name, $iterations) {
 
$ordinal = '';
 
// Begin loop
for ($counter=0; $counter<$iterations; $counter++) {
 
// Create a numbering system when necessary.
if ($text == '') {
$cardinal = $counter + 1;
$ordinal = "".$cardinal.". ";
}
 
// Create the file input box.
echo <<<EOT
<tr>
<td class="tableb">
$text $ordinal
</td>
<td class="tableb" valign="top">
<input type="file" name="$name" size="40" class="listbox">
</td>
</tr>
 
EOT;
}
}
 
// The function for text areas on forms. Takes the label, field name, and maximum length as arguments.
function text_area_input($text, $name, $max_length) {
 
// Create the text area.
echo <<<EOT
<tr>
<td class="tableb" valign="top">
$text
</td>
<td class="tableb" valign="top">
<textarea name="$name" rows="5" cols="40" wrap="virtual" class="textinput" style="width: 100%;" onKeyDown="textCounter(this, $max_length);" onKeyUp="textCounter(this, $max_length);"></textarea>
</td>
</tr>
EOT;
}
 
// The function to create the album list drop down.
function form_alb_list_box($text, $name) {
//Vodovnik.com modified this code to allow display of Categories besides album names
 
// Pull the $CONFIG array and the GET array into the function.
global $CONFIG, $HTTP_GET_VARS;
 
// Also pull the album lists into the function.
global $user_albums_list, $public_albums_list;
 
// Check to see if an album has been preselected by URL addition. If so, make $sel_album the album number. Otherwise, make $sel_album 0.
$sel_album = isset($HTTP_GET_VARS['album']) ? $HTTP_GET_VARS['album'] : 0;
 
// Create the opening of the drop down box.
echo <<<EOT
<tr>
<td class="tableb">
$text
</td>
<td class="tableb" valign="top">
<select name="$name" class="listbox">
 
EOT;
 
//Cylce through the User albums.
foreach($user_albums_list as $album) {
 
// Set $album_id to the actual album ID.
$album_id = $album['aid'];
 
//Query the database to determine the category the album belongs to.
$vQuery = "SELECT category FROM " . $CONFIG['TABLE_ALBUMS'] . " WHERE aid='" . $album_id . "'";
$vRes = db_query($vQuery);
$vRes = mysql_fetch_array($vRes);
 
// Query the database to get the category name.
$vQuery = "SELECT name FROM " . $CONFIG['TABLE_CATEGORIES'] . " WHERE cid='" . $vRes['category'] . "'";
$vRes = db_query($vQuery);
$vRes = mysql_fetch_array($vRes);
 
// Create the option for the drop down list.
echo ' <option value="' . $album['aid'] . '"' . ($album['aid'] == $sel_album ? ' selected' : '') . '>' . (($vRes['name']) ? '(' . $vRes['name'] . ') ' : '') . $album['title'] . "</option>\n";
}
 
//Cycle through the public albums.
foreach($public_albums_list as $album) {
 
// Set $album_id to the actual album ID.
$album_id = $album['aid'];
 
//Query the database to determine the category the album belongs to.
$vQuery = "SELECT category FROM " . $CONFIG['TABLE_ALBUMS'] . " WHERE aid='" . $album_id . "'";
$vRes = db_query($vQuery);
$vRes = mysql_fetch_array($vRes);
 
// Query the database to get the category name.
$vQuery = "SELECT name FROM " . $CONFIG['TABLE_CATEGORIES'] . " WHERE cid='" . $vRes['category'] . "'";
$vRes = db_query($vQuery);
$vRes = mysql_fetch_array($vRes);
 
// Create the option for the drop down list.
echo ' <option value="' . $album['aid'] . '"' . ($album['aid'] == $sel_album ? ' selected' : '') . '>' . (($vRes['name']) ? '(' . $vRes['name'] . ') ' : '') . $album['title'] . "</option>\n";
}
 
// Close the drop down.
echo <<<EOT
</select>
</td>
</tr>
 
EOT;
}
 
// The create form function. Takes the $data array as its object.
//
// Type:
// 0 => text box input
// 1 => file input
// 2 => album list
// 3 => text area input
// 4 => hidden input
function create_form(&$data) {
 
global $CONFIG;
 
// Cycle through the elements in the data array.
foreach($data as $element) {
 
// If the element is another array, parse the definition contained within the array.
if ((is_array($element))) {
 
// Based on the type declared in the data array's third position, create a different form input.
switch ($element[2]) {
 
// If the type is a text box input
case 0 :
 
//Call the form input function.
text_box_input($element[0], $element[1], $element[3], $element[4]);
break;
 
// If the type is a file input.
case 1 :
 
// Call the file input function.
file_input($element[0], $element[1], $element[3]);
break;
 
// If the type is an album list dropdown.
case 2 :
 
// Call the album list function.
form_alb_list_box($element[0], $element[1]);
break;
 
// If the type is a text area
case 3 :
 
// Call the text area function.
text_area_input($element[0], $element[1], $element[3]);
break;
 
// If the type is a hidden form
case 4 :
 
// Call the hidden input funtion.
hidden_input($element[0], $element[1]);
break;
 
// If the type is not present, kill the script.
default:
cpg_die(ERROR, $lang_upload_php['reg_instr_1'], __FILE__, __LINE__);
} // switch
} else {
 
// If the element is not an array, it is a label, so call the label function.
form_label($element);
}
}
}
 
// The open_form function creates the Javascript verification code and the opening form tags.
// $path hold the form action path.
function open_form($path) {
 
echo <<<EOT
<script language="JavaScript">
function textCounter(field, maxlimit) {
if (field.value.length > maxlimit) // if too long...trim it!
field.value = field.value.substring(0, maxlimit);
}
</script>
<form method="post" action="$path" ENCTYPE="multipart/form-data">
</td>
EOT;
}
 
// The close form function creates the submit button and the closing tags.
function close_form($button_value) {
 
// Pull the language array into the function.
global $lang_upload_php;
 
// Create the submit button and close the form.
echo <<<EOT
<tr>
<td colspan="2" align="center" class="tablef">
<input type="submit" value="{$button_value}" class="button">
</td>
</form>
</tr>
 
EOT;
}
 
function form_instructions() {
 
global $CONFIG, $lang_upload_php, $user_form, $max_file_size;
 
echo "<tr><td colspan=\"2\">";
 
printf ($lang_upload_php['reg_instr_2'], $CONFIG['max_upl_size']);
 
if ($user_form > '3') {
 
echo "<br /><br />{$lang_upload_php['reg_instr_3']}";
 
}
 
if (($user_form == '2') or ($user_form == '3') or ($user_form == '5') or ($user_form == '6')) {
 
echo "<br /><br />{$lang_upload_php['reg_instr_4']}";
 
}
 
echo "<br /><br />{$lang_upload_php['reg_instr_5']}";
 
echo "</td></tr>";
 
}
 
 
// The get_and_convert_to_bytes function retrieves a limitng value from php.ini and converts the shorthand to bytes.
function get_and_convert_to_bytes ($ini_variable_name) {
 
// Get the variable from php.ini
$ini_string = ini_get($ini_variable_name);
 
// Declare an array to store regex matches in.
$parsed_ini_size = array();
 
// Make sure the returned value is a string, then split the number and the unit in two.
if ((is_string($ini_string)) and (eregi('^([[:digit:]])+([[:alpha:]])*$', $ini_string, $parsed_ini_size))) {
 
// Store the numerical component in $ini_limit cast as an integer
$ini_limit = (int) $parsed_ini_size[1];
 
// Convert the unit to lower case for analysis and store in $ini_limit_unit.
$ini_limit_unit = strtolower($parsed_ini_size[2]);
 
 
// Check the unit to see if any conversion is necessary.
if ($ini_limit_unit == 'm') {
 
// The units indicate megabytes. Shift to bytes.
$ini_limit = $ini_limit << 20;
 
} elseif ($ini_limit_unit == 'k') {
 
// The units indicate kilobytes. Shift to bytes.
$ini_limit = $ini_limit << 10;
}
 
// Return the modified value from php.ini
return $ini_limit;
 
} else {
 
// The returned value is not a string or no pattern match was found. Return false.
return false;
 
}
}
 
// The function spring_cleaning is a garbage collection routine used to purge a directory of old files.
function& spring_cleaning($directory_path, $cache_time = 86400, $exclusion_list = array('index.html')) {
 
//Storage the deleted files
$deleted_list = array();
 
//First we get the transitory directory handle.
$directory_handle = opendir($directory_path);
 
// Exit if the directory cannot be opened.
if(!$directory_handle) {
 
// Return.
return;
 
}
 
// Now let's read through the directory contents.
while (!(($file = readdir($directory_handle)) === false)) {
 
// Avoid deleting the index page of the directory.
if (in_array($file,$exclusion_list)) {
 
// This is the index file, so we move on.
continue;
 
}
 
$dir_path = $directory_path."/".$file;
 
if (is_dir($dir_path)) {
 
// This is a directory, so we move on.
continue;
 
}
 
// We find out when the file was last accessed.
$access_time = filemtime($dir_path); // fileatime() returned incorrect value on Windows
 
// We find out the current time.
$current_time = time();
 
// We calculate the the delete time. We will delete anything older than $cache_time.
$delete_time = $current_time - $access_time;
 
// Now we compare the two.
if ($delete_time >= $cache_time) {
 
// The file is old. We delete it.
$deleted_list[] = $dir_path; // Store the name of the file getting deleted
unlink($dir_path);
}
 
}
 
// Don't forget to close the directory.
closedir($directory_handle);
return $deleted_list;
}
 
// The create_record function. Takes the encoded string. Returns the unique record ID.
function create_record($encoded_string) {
 
// Globalize $CONFIG
global $CONFIG;
 
// Declare and initialize variables.
$unique_ID_array = array();
$generic_array = array();
 
// Get all IDs from the table.
$result = db_query("SELECT unique_ID FROM {$CONFIG['TABLE_TEMPDATA']}");
 
// Create unique ID array.
if (mysql_num_rows($result)) {
 
// Move all values into $unique_ID_array.
while ($generic_array = mysql_fetch_array($result)) {
 
// Store the values.
$unique_ID_array[] = $generic_array['unique_ID'];
 
}
 
} else {
 
// The table may be empty. Give it a value.
$unique_ID_array[] = 0;
 
}
 
// Free resources.
mysql_free_result($result);
 
// Generate the unique ID. Keep generating new IDs until one that is not in use is found.
do {
 
// Create a random string by taking the first 8 characters of an MD5 hash of a concatenation of the current UNIX epoch time and the current server process ID.
$unique_ID = substr(md5(microtime().getmypid()), 0, 8);
 
} while (in_array($unique_ID, $unique_ID_array));
 
// Create a timestamp to track the record.
$timestamp = time();
 
// Insert the new record.
$result = db_query("INSERT INTO {$CONFIG['TABLE_TEMPDATA']} VALUES ('$unique_ID', '$encoded_string', '$timestamp')");
 
// Return the unique ID if insertion was successful. Otherwise, return false.
if ($result) {
 
return $unique_ID;
 
} else {
 
return FALSE;
 
}
 
}
 
// The update_record function. Takes the $unique_ID and $encoded_string.
function update_record($unique_ID, $encoded_string) {
 
// Globalize $CONFIG
global $CONFIG;
 
// Update record.
$result = db_query("UPDATE {$CONFIG['TABLE_TEMPDATA']} SET encoded_string = '$encoded_string' WHERE unique_ID = '$unique_ID'");
 
// Return true if successful.
if ($result) {
 
return TRUE;
 
} else {
 
return FALSE;
 
}
 
}
 
// The delete_record function. Takes the $unique_ID.
function delete_record($unique_ID) {
 
// Globalize $CONFIG
global $CONFIG;
 
// Delete record.
$result = db_query("DELETE FROM {$CONFIG['TABLE_TEMPDATA']} WHERE unique_ID = '$unique_ID'");
 
// Return true if successful.
if ($result) {
 
return TRUE;
 
} else {
 
return FALSE;
 
}
 
}
 
// The retrieve_record function. Takes the $unique_ID.
function retrieve_record($unique_ID) {
 
// Globalize $CONFIG
global $CONFIG;
 
// Retrieve record.
$result = db_query("SELECT encoded_string FROM {$CONFIG['TABLE_TEMPDATA']} WHERE unique_ID = '$unique_ID'");
 
// Return string if successful.
if (mysql_num_rows($result)) {
 
// Move value into $encoded_string.
while ($generic_array = mysql_fetch_array($result)) {
 
// Store the value.
$encoded_string = $generic_array['encoded_string'];
 
}
 
// Free resources.
mysql_free_result($result);
 
return $encoded_string;
 
} else {
 
// Free resources.
mysql_free_result($result);
 
return FALSE;
 
}
 
}
 
// The clean_table function.
function clean_table() {
 
// Globalize $CONFIG
global $CONFIG;
 
// Create a timestamp from an hour ago.
$comparative_timestamp = time() - 3600;
 
// Delete record.
$result = db_query("DELETE FROM {$CONFIG['TABLE_TEMPDATA']} WHERE timestamp < $comparative_timestamp");
 
// Return true if successful.
if ($result) {
 
return TRUE;
 
} else {
 
return FALSE;
 
}
 
}
 
//The function check_status determines the status of a URI resource.
//It takes the URI as its argument and serves to give more specific error
//messages about unavailable resources.
function check_status($URI) {
 
// Parse the URI into it's requisite parts.
$parts = @parse_url($URI);
 
// If there is no detectable host, return FALSE.
if (empty($parts["host"])) {
 
return FALSE;
 
} else {
 
$host = $parts["host"];
 
}
 
// If a path is detected, make it $path. Otherwise, assume it is a directory.
if (!empty($parts["path"])) {
 
$path = $parts["path"];
 
} else {
 
$path = "/";
 
}
 
// Append any queries that might be attached.
if (!empty($parts["query"])) {
 
$path .= "?" . $parts["query"];
 
}
 
// Set the port if supplied. Default to port 80.
if (!empty($parts["port"])) {
 
$port = $parts["port"];
 
} else {
 
$port = "80";
 
}
 
// Attempt to open a socket to the host.
$socket = @fsockopen( $host, $port, $errno, $errstr, 30 );
 
// Verify that the socket opened. Return false if it fails.
if (!$socket) {
 
return FALSE;
 
} else {
 
// Craft HTTP request.
$request = "HEAD $path HTTP/1.0\r\nUser-Agent: PHP/".phpversion()."\r\nHost: $host\r\nAccept: */*\r\n\r\n";
 
// Get request length.
$length = strlen($request);
 
// Send request data to host. Return false if there is an error.
if(!(fwrite($socket, $request, $length))) {
 
return FALSE;
 
}
 
// Collect the host's response.
$response = fgets($socket, 22);
 
// Close the socket.
fclose($socket);
 
// Return the response.
return $response;
 
}
 
}
//################################# MAIN CODE BLOCK ##################################################
 
// Check to see if user customizations are allowed and if one the request has been made yet.
 
if ((CUSTOMIZE_UPLOAD_FORM) and (!isset($_REQUEST['file_upload_request'])) and (!isset($_REQUEST['URI_upload_request'])) and (!isset($_POST['control']))) {
 
// Check to see if the form type is configurable. If it is, produce the configuration form. Otherwise, generate a warning.
 
if(!(USER_UPLOAD_FORM == 0) and !(USER_UPLOAD_FORM == 7)) {
 
// Create the box request page.
pageheader($lang_upload_php['custom_title']);
starttable("100%", $lang_upload_php['custom_title'], 2);
echo "<tr><td colspan=\"2\">";
echo "{$lang_upload_php['cust_instr_1']}<br /><br />";
 
$data = array();
$data[] = $lang_upload_php['cust_instr_2'];
 
// If the file upload type is only file uploads or is a dual mode, ask for the requisite number of file upload boxes.
if ((USER_UPLOAD_FORM == '1') or (USER_UPLOAD_FORM == '3') or (USER_UPLOAD_FORM == '4') or (USER_UPLOAD_FORM == '6')) {
 
// Add the file upload array element to the form array.
$data[] = array($lang_upload_php['cust_instr_6'],'file_upload_request', '0', '4', '1');
 
// Print number of allowed file upload boxes.
printf ($lang_upload_php['cust_instr_3'], $allowed_file_boxes);
 
echo "<br /><br />";
 
}
 
// If the file upload type is only URI uploads or is a dual mode, ask for the requisite number of URI upload boxes.
if ((USER_UPLOAD_FORM == '2') or (USER_UPLOAD_FORM == '3') or (USER_UPLOAD_FORM == '5') or (USER_UPLOAD_FORM == '6')) {
 
// Add the URI upload array element to the form array.
$data[] = array($lang_upload_php['cust_instr_5'], 'URI_upload_request', '0', '4', '1');
 
// Print number of allowed URI upload boxes.
printf ($lang_upload_php['cust_instr_4'], $allowed_URI_boxes);
 
echo "<br /><br />";
 
}
 
echo "{$lang_upload_php['cust_instr_7']}<br /><br />";
echo "</td></tr>";
open_form($_SERVER['PHP_SELF']);
create_form($data);
close_form($lang_continue);
endtable();
pagefooter();
 
// Exit the script.
exit;
 
} else {
 
//Use the default settings for the number of boxes.
 
$num_URI_boxes = NUM_URI_BOXES;
$num_file_boxes = NUM_FILE_BOXES;
 
}
 
} elseif (CUSTOMIZE_UPLOAD_FORM) {
 
// If the user is allowed to customize the form, check the incoming data for the number of requested boxes.
 
//Check for the number of file upload boxes.
 
if (isset($_REQUEST['file_upload_request'])) {
 
// Do some validation.
$filtered_request = max(0, intval($_REQUEST['file_upload_request']));
 
if ($filtered_request > NUM_FILE_BOXES) {
$num_file_boxes = NUM_FILE_BOXES;
} else {
$num_file_boxes = $filtered_request;
}
 
}
 
//Check for the number of requested URI upload boxes.
 
if (isset($_REQUEST['URI_upload_request'])) {
 
// Do some validation.
$filtered_request = max(0, intval($_REQUEST['URI_upload_request']));
 
if ($filtered_request > NUM_URI_BOXES) {
$num_URI_boxes = NUM_URI_BOXES;
} else {
$num_URI_boxes = $filtered_request;
}
 
}
 
} else {
 
//Use the default settings for the number of boxes.
 
$num_URI_boxes = NUM_URI_BOXES;
$num_file_boxes = NUM_FILE_BOXES;
 
}
 
// Get public and private albums, and set maximum individual file size.
 
if (GALLERY_ADMIN_MODE) {
$public_albums = db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " ORDER BY title");
} else {
$public_albums = db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " AND uploads='YES' ORDER BY title");
}
if (mysql_num_rows($public_albums)) {
$public_albums_list = db_fetch_rowset($public_albums);
} else {
$public_albums_list = array();
}
 
if (USER_ID) {
$user_albums = db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY title");
if (mysql_num_rows($user_albums)) {
$user_albums_list = db_fetch_rowset($user_albums);
} else {
$user_albums_list = array();
}
} else {
$user_albums_list = array();
}
 
if (!count($public_albums_list) && !count($user_albums_list)) {
cpg_die (ERROR, $lang_upload_php['err_no_alb_uploadables'], __FILE__, __LINE__);
}
 
// Assign maximum file size for browser crontrols.
$max_file_size = $CONFIG['max_upl_size'] << 10;
 
// Create the upload forms using the upload congfiguration.
 
if (!isset($_REQUEST['control'])) {
 
// Do some cleanup in the edit directory.
spring_cleaning("./{$CONFIG['fullpath']}edit",3600);
 
// Do some cleaning in the temp data table.
clean_table();
 
// Create upload form headers.
pageheader($lang_upload_php['title']);
 
// Open the form table.
starttable("100%", $lang_upload_php['title'], 2);
 
// Select the form action.
if (USER_UPLOAD_FORM == '0') {
 
// The user has the single upload only form. Send the request to db_input.php.
open_form('db_input.php');
 
} else {
 
// Direct the request to this script and print the form instructions.
open_form($_SERVER['PHP_SELF']);
form_instructions();
 
}
 
// Use a if-then-else construct to create the upload form for the user based on the setting in the
// groups panel.
if(USER_UPLOAD_FORM == '0') {
 
// The user should have the 'single upload only' form.
 
// Declare an array containing the various upload form box definitions.
$captionLabel = $lang_upload_php['description'];
if ($CONFIG['show_bbcode_help']) {$captionLabel .= '<hr />'.$lang_bbcode_help;}
$form_array = array(
sprintf($lang_upload_php['max_fsize'], $CONFIG['max_upl_size']),
array($lang_upload_php['album'], 'album', 2),
array('MAX_FILE_SIZE', $max_file_size, 4),
array($lang_upload_php['picture'], 'userpicture', 1, 1),
array($lang_upload_php['pic_title'], 'title', 0, 255, 1),
array($captionLabel, 'caption', 3, $CONFIG['max_img_desc_length']),
array($lang_upload_php['keywords'], 'keywords', 0, 255, 1),
array('event', 'picture', 4)
);
 
if(!empty($CONFIG['user_field1_name'])) {
$form_array[] = array($CONFIG['user_field1_name'], 'user1', 0, 255, 1);
}
 
if(!empty($CONFIG['user_field2_name'])) {
$form_array[] = array($CONFIG['user_field2_name'], 'user2', 0, 255, 1);
}
 
if(!empty($CONFIG['user_field3_name'])) {
$form_array[] = array($CONFIG['user_field3_name'], 'user3', 0, 255, 1);
}
 
if(!empty($CONFIG['user_field4_name'])) {
$form_array[] = array($CONFIG['user_field4_name'], 'user4', 0, 255, 1);
}
 
} else {
 
// Check for valid form number.
if ((USER_UPLOAD_FORM >= '0') and (USER_UPLOAD_FORM <= '7')) {
 
// Create form array, and insert MAX_FILE_SIZE control.
$form_array[] = array('MAX_FILE_SIZE', $max_file_size);
 
// Add each upload type depending on the form number,
if((USER_UPLOAD_FORM == '1') or (USER_UPLOAD_FORM == '3') or (USER_UPLOAD_FORM == '4') or (USER_UPLOAD_FORM == '6')) {
 
if($num_file_boxes > 0) {
 
$form_array[] = $lang_upload_php['reg_instr_7'];
 
$form_array[] = array('', 'file_upload_array[]', 1, $num_file_boxes);
 
}
 
}
 
if((USER_UPLOAD_FORM == '2') or (USER_UPLOAD_FORM == '3') or (USER_UPLOAD_FORM == '5') or (USER_UPLOAD_FORM == '6')) {
 
if($num_URI_boxes > 0) {
 
$form_array[] = $lang_upload_php['reg_instr_8'];
 
$form_array[] = array('', 'URI_array[]', 0, 256, $num_URI_boxes);
 
}
 
}
 
if((USER_UPLOAD_FORM == '4') or (USER_UPLOAD_FORM == '5') or (USER_UPLOAD_FORM == '6') or (USER_UPLOAD_FORM == '7')) {
 
$form_array[] = $lang_upload_php['reg_instr_6'];
$form_array[] = array('', 'ZIP_array[]', 1, 1);
 
}
 
// Add the control device.
$form_array[] = array('control', 'phase_1', 4);
 
} else {
 
// Unknown form number.
cpg_die(ERROR, $lang_upload_php['reg_instr_1'], __FILE__, __LINE__);
 
}
 
}
 
// Create the form.
create_form($form_array);
 
// Close the form.
if (USER_UPLOAD_FORM == '0') {
 
// The user has the single upload only form. Select proper language for button.
close_form($lang_upload_php['title']);
 
} else {
 
// Make button say 'Continue.'
close_form($lang_continue);
 
}
 
// Close the table, create footers, and flush the output buffer.
 
endtable();
pagefooter();
ob_end_flush();
 
// Exit the script.
 
exit;
 
}
 
// Recieve incoming file uploads for phase I.
 
if ((isset($_POST['control'])) and ($_POST['control'] == 'phase_1')) {
 
// $_FILES['file_upload_array']['name'][$counter]
// $_FILES['file_upload_array']['size'][$counter]
// $_FILES['file_upload_array']['tmp_name'][$counter]
// $_FILES['file_upload_array']['type'][$counter]
// $_FILES['file_upload_array']['error'][$counter]
//
// Error values:
// 0 - No error
// 1 - Exceeded filesize allowed in php.ini
// 2 - Exceeded filesize allowed by HTML MAX_FILE_SIZE
// 3 - Only a partial upload
// 4 - No upload occurred.
 
$file_upload_count = count($_FILES['file_upload_array']['name']);
 
if ($file_upload_count > 0) {
 
 
// Check for error code support. Set the error code.
 
if (count($_FILES['file_upload_array']['error']) == 0) {
 
// This version of PHP does not support error codes (PHP < 4.2.0). Create our own error code.
 
$error_code = 'default';
 
} else {
 
// We have error support.
$error_support = 'TRUE';
 
}
 
for ($counter = 0; $counter < $file_upload_count; $counter++) {
 
// Check for error code support. Set the error code.
 
if ($error_support) {
 
$error_code = $_FILES['file_upload_array']['error'][$counter];
 
}
 
// Create the failure ordinal for ordering the report of failed uploads.
 
$failure_cardinal = $counter + 1;
 
$failure_ordinal = ''.$failure_cardinal.'. ';
 
// If there is no file name, make a dummy name for the error reporting system.
 
if (($_FILES['file_upload_array']['name'][$counter] == '')) {
 
$file_name = 'filename_unavailable';
 
} else {
 
$file_name = $_FILES['file_upload_array']['name'][$counter];
 
}
 
// Test for a blank file upload box.
if (empty($_FILES['file_upload_array']['tmp_name'][$counter])) {
 
// There is no need for further tests or action as there was no uploaded file, so skip the remainder of the iteration.
continue;
 
}
 
// Check to make sure the file was uploaded via POST.
 
if (!is_uploaded_file($_FILES['file_upload_array']['tmp_name'][$counter])) {
 
// We reject the file, and make a note of the error.
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['no_post']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
}
 
// Check filename and extension:
 
// Check that the file uploaded has a valid name and extension, and replace forbidden chars with underscores.
 
// Initialise the $matches array.
$matches = array();
 
// Get the forbidden characters from the Config console string, and do any necessary translation. Return the translated string.
$forbidden_chars = strtr($CONFIG['forbiden_fname_char'], array('&amp;' => '&', '&quot;' => '"', '&lt;' => '<', '&gt;' => '>'));
 
// If magic quotes is on, remove the slashes it added to the file name.
if (get_magic_quotes_gpc()) $_FILES['file_upload_array']['name'][$counter] = stripslashes($_FILES['file_upload_array']['name'][$counter]);
 
// Create the holder $picture_name by translating the file name. Translate any forbidden character into an underscore.
$picture_name = strtr($_FILES['file_upload_array']['name'][$counter], $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char'])));
 
// Analyze the file extension using regular expressions.
if (!preg_match("/(.+)\.(.*?)\Z/", $picture_name, $matches)) {
 
// The file name is invalid.
$matches[1] = 'invalid_fname';
 
// Make a bogus file extension to trigger Coppermine's defenses.
$matches[2] = 'xxx';
}
 
// If there is no extension, or if the extension is unknown/not permitted by Coppermine, zap the intruder.
if ($matches[2] == '' || !is_known_filetype($matches)) {
 
// We reject the file, and make a note of the error.
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['forb_ext']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
}
 
// Check for upload errors.
 
if (!($error_code == '0') and !($error_code == 'default')) {
 
// PHP has detected a file upload error.
if ($error_code == '1') {
$error_message = $lang_upload_php['exc_php_ini'];
} elseif ($error_code == '2') {
$error_message = $lang_upload_php['exc_file_size'];
} elseif ($error_code == '3') {
$error_message = $lang_upload_php['partial_upload'];
} elseif ($error_code == '4') {
$error_message = $lang_upload_php['no_upload'];
} else {
$error_message = $lang_upload_php['unknown_code'];
}
 
//Make a note in the error array.
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$error_message);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
} elseif ($_FILES['file_upload_array']['tmp_name'][$counter] == '') {
 
// There is no temporary file, so the file did not upload. Make a note of it in the file_failure_arrray and flip the failure switch to generate the ordinal. .
 
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['no_temp_name']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
} elseif ($_FILES['file_upload_array']['size'][$counter] <= 0) {
 
// The file contains no data or was corrupted. Make a note of it in the error array.
 
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['no_file_size']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
} elseif ($_FILES['file_upload_array']['size'][$counter] > $max_file_size) {
 
// The file exceeds the amount specified by the max upload directive. Either the browser is stupid, or somebody isn't playing nice. (Ancient browser - MAX_UPLOAD forgery)
 
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['exc_file_size']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
}
 
// Now we need to move the file into the /edit directory.
 
// We need specify the path for the transitory file.
 
// Create a prefix for easier human recognition.
$prefix = "mHTTP_temp_";
 
//Set the correct file extension.
 
$suffix = $matches[2];
 
// Generate the unique name. Keep generating new names until one that is not in use is found.
 
do {
 
// Create a random seed by taking the first 8 characters of an MD5 hash of a concatenation of the current UNIX epoch time and the current server process ID.
$seed = substr(md5(microtime().getmypid()), 0, 8);
 
// Assemble the file path.
$path_to_image = "./{$CONFIG['fullpath']}edit/". $prefix . $seed . '.' . $suffix;
 
} while (file_exists($path_to_image));
 
// Create a holder called $tempname.
$tempname = $prefix . $seed . '.' . $suffix;
 
//Now we upload the file.
if (!(move_uploaded_file($_FILES['file_upload_array']['tmp_name'][$counter], $path_to_image))) {
 
// The file upload has failed.
 
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['impossible']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
}
 
// Change file permission
chmod($path_to_image, octdec($CONFIG['default_file_mode']));
 
// Create a testing alias.
$picture_alias = $matches[1].".".$matches[2];
 
// Check to see if the filename is consistent with that of a picture.
if (is_image($picture_alias)) {
 
// If it is, get the picture information
$imginfo = getimagesize($path_to_image);
 
// If getimagesize does not recognize the file as a picture, delete the picture.
if ($imginfo === 'FALSE') {
@unlink($path_to_image);
 
// The file upload has failed -- the image is not an image or it is corrupt.
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['not_image']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
// JPEG and PNG only are allowed with GD. If the image is not allowed for GD,delete it.
} elseif ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) {
@unlink($path_to_image);
 
// The file upload has failed -- the image is not allowed with GD.
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['not_GD']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
// Check that picture size (in pixels) is lower than the maximum allowed. If not, delete it.
} elseif (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) {
@unlink($path_to_image);
 
// The file upload has failed -- the image dimensions exceed the allowed amount.
$file_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'file_name'=> $file_name, 'error_code'=>$lang_upload_php['pixel_allowance']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
}
 
// Image is ok
}
 
// Put array info for a successful upload in $escrow_array. Hold the actual file name and the name of the temporary image. We do not use the path for security reasons.
$escrow_array[] = array('actual_name'=>$picture_alias, 'temporary_name'=>$tempname);
 
} // end for loop
} // end if statement
 
// Count the number of items in the URI array.
$URI_upload_count = count($_POST['URI_array']);
 
if ($URI_upload_count > 0) {
 
for ($counter = 0; $counter < $URI_upload_count; $counter++) {
 
// Create the failure ordinal for ordering the report of failed uploads.
 
$failure_cardinal = $counter + 1;
 
$failure_ordinal = ''.$failure_cardinal.'. ';
 
// Initialize the $URI_MIME_type variable.
$URI_MIME_type = "0";
 
// Check to make sure the URI box was not blank.
if (empty($_POST['URI_array'][$counter])) {
 
// The box was empty.
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
}
 
// Check for magic quotes and remove slashes if necessary.
if (get_magic_quotes_gpc()) {
 
$_POST['URI_array'][$counter] = stripslashes($_POST['URI_array'][$counter]);
 
}
 
// Remove excess whitespace.
$_POST['URI_array'][$counter] = trim($_POST['URI_array'][$counter]);
 
// Translate any interior spaces into hex replacements.
$_POST['URI_array'][$counter] = strtr($_POST['URI_array'][$counter], array(" "=>"%20"));
 
// We do some validation for the URI. First we check for http:// or ftp:// at the start of the URI.
if(!ereg('^http://|^ftp://',$_POST['URI_array'][$counter])) {
 
// The URL is malformed or not allowed in Coppermine. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['incorrect_prefix']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
}
 
// To obtain the file name, we explode the URI into $pieces.
$pieces = explode('/',$_POST['URI_array'][$counter]);
 
// We pop off the end of the $pieces array to obtain the possible file name.
$possible_file_name = array_pop($pieces);
 
// Strip the hex equivalent for spaces from the possible file name and restore the spaces.
$possible_file_name = strtr($possible_file_name, array("%20"=>" "));
 
// Check possible filename and extension:
 
// Check that the possible file name has a valid name and extension, and replace forbidden chars with underscores.
 
// Initialise the $matches array.
$matches = array();
 
// Get the forbidden characters from the Config console string, and do any necessary translation. Return the translated string.
$forbidden_chars = strtr($CONFIG['forbiden_fname_char'], array('&amp;' => '&', '&quot;' => '"', '&lt;' => '<', '&gt;' => '>'));
 
// Create the holder $picture_name by translating the possible file name. Translate any forbidden character into an underscore.
$picture_name = strtr($possible_file_name, $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char'])));
 
// Analyze the file extension using regular expressions.
if (!preg_match("/(.+)\.(.*?)\Z/", $picture_name, $matches)) {
 
// The file name is invalid.
$matches[1] = 'invalid_fname';
 
// Make a bogus file extension to tell Coppermine to use a different name.
$matches[2] = 'xxx';
}
 
// Set the variable $extension equal to $matches[2].
$extension = $matches[2];
 
// If there is no extension, or if the extension is unknown/not permitted by Coppermine, attenpt to detect a MIME type.
if ($matches[2] == '' || !is_known_filetype($matches)) {
 
// Check for stream_get_meta_data support.
if (!function_exists(stream_get_meta_data)) {
 
// We cannot get the header information for the file, so we reject the URI as unsafe.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['unsafe_URI']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
}
 
// Open a stream to the resource.
$fp = fopen($_POST['URI_array'][$counter],"rb");
 
// Check to see if the resource was opened.
if (!$fp) {
 
// Attempt to get the status of the resource.
$response = check_status($_POST['URI_array'][$counter]);
 
// Try to parse header if we were able to get a response.
if ($response) {
 
if(strstr($response, '401')) {
 
// 401 Unauthorized - Authorization needed to obtain resource. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_401']);
 
} elseif(strstr($response, '402')) {
 
// 402 Payment Required - Where's the cash? :-) Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_402']);
 
} elseif(strstr($response, '403')) {
 
// 403 Forbidden - No permission to access the resource. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_403']);
 
} elseif(strstr($response, '404')) {
 
// 404 Not Found - The resource is missing. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_404']);
 
} elseif(strstr($response, '500')) {
 
// 500 Internal Server Error - The server has failed. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_500']);
 
} elseif(strstr($response, '503')) {
 
// 503 Service Unavailable - The server is busy. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_503']);
 
} else {
 
// Undocumented error. Note an error. Return status code.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$response);
 
}
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
} else {
 
 
// The resource could not be opened.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['could_not_open_URI']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
}
 
} else {
 
$header = stream_get_meta_data($fp);
 
if($header === 'FALSE') {
 
// We could not get the meta data from the header. We must reject the URI as unsafe.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['meta_data_failure']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
}
 
//Look for server response. Proceed if status code 200 is returned.
if(!(strstr($header['wrapper_data'][0], '200'))) {
 
// The resource is not available. Attempt to determine why, and
// generate the appropriate error.
 
if(strstr($header['wrapper_data'][0], '401')) {
 
// 401 Unauthorized - Authorization needed to obtain resource. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_401']);
 
} elseif(strstr($header['wrapper_data'][0], '402')) {
 
// 402 Payment Required - Where's the cash? :-) Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_402']);
 
} elseif(strstr($header['wrapper_data'][0], '403')) {
 
// 403 Forbidden - No permission to access the resource. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_403']);
 
} elseif(strstr($header['wrapper_data'][0], '404')) {
 
// 404 Not Found - The resource is missing. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_404']);
 
} elseif(strstr($header['wrapper_data'][0], '500')) {
 
// 500 Internal Server Error - The server has failed. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_500']);
 
} elseif(strstr($header['wrapper_data'][0], '503')) {
 
// 503 Service Unavailable - The server is busy. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_503']);
 
} else {
 
// Undocumented error. Note an error. Return status code.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$header['wrapper_data'][0]);
 
}
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
}
 
// Cycle through returned HTTP header. Look for the MIME type, which we will use to create a proper file extension.
 
if (count($header['wrapper_data']) < 2) {
 
// We could not get the meta data from the header. We must reject the URI as unsafe.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['meta_data_failure']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
} else {
 
// Now we loop through each item returned in the wrapper data.
for ($i=1; isset($header['wrapper_data'][$i]); $i++) {
 
// We test each array element to see if it contains the content-type header.
if (strstr(strtolower($header['wrapper_data'][$i]), 'content-type')) {
 
// If we find it, we have found the MIME type. Use regular expressions to extract it.
if(!(eregi('^content-type: ([[:graph:]]+)', $header['wrapper_data'][$i], $MIME_extraction_array))) {
 
// We could not find a MIME type. Note an error and reject the URI as unsafe.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['MIME_extraction_failure']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue 2;
 
} else {
 
// We have found the MIME type, which we will store in $URI_MIME_type.
$URI_MIME_type = $MIME_extraction_array[1];
}
 
// While we are at it, let's see if we can get a content length from the server.
} elseif (strstr(strtolower($header['wrapper_data'][$i]), 'content-length')) {
 
// We have found the Content-Length header. Use regular expressions to extract it.
if(eregi('^content-length: ([[:digit:]]+)', $header['wrapper_data'][$i], $length_extraction_array)) {
 
// The content length should be available in bytes. Cross compare with the maximum file size allowed in an upload.
// Reject the file with an error if it is too large.
if ($length_extraction_array[1] > $max_file_size) {
 
// The content is too large. Reject it with an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['exc_file_size']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue 2;
 
}
 
}
 
}
 
}
 
}
 
// Close the file pointer if we were able to open it.
fclose($fp);
 
}
 
}
 
// Check to see if MIME type was detected.
if($URI_MIME_type) {
 
// A mime type was detected. Determine the appropriate file extension for the MIME type.
// We will hard code the most common GD compatible image MIME types to reduce calls to the DB.
if(($URI_MIME_type == 'image/jpeg') or ($URI_MIME_type == 'image/jpg')) {
 
//The file will need a .jpg extension.
$extension = 'jpg';
 
} elseif ($URI_MIME_type == 'image/png') {
 
//The file will need a .png extension.
$extension = 'png';
 
} elseif ($URI_MIME_type == 'image/gif') {
 
//The file will need a .gif extension.
$extension = 'gif';
 
} else {
// We will try to get the extension from the database.
$MIME_result = db_query("SELECT extension FROM {$CONFIG['TABLE_FILETYPES']} WHERE mime='$URI_MIME_type'");
 
// Check to see if any results were returned.
if (!mysql_num_rows($MIME_result)) {
 
// No results, so free up the resources.
mysql_free_result($MIME_result);
 
// We cannot determine an extension from the MIME type provided, so note an error. Reject the file as unsafe.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['MIME_type_unknown']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
} else {
 
// The was a result. Fetch it.
$extension_data = mysql_fetch_array($MIME_result);
 
// Release the resources.
mysql_free_result($MIME_result);
 
// Store the extension in $extension.
$extension = $extension_data['extension'];
}
 
}
 
}
 
//Now we must create the temporary file name. This will be the permanent file name if MIME type detection was used to establish the extension.
 
// First, we create a prefix for easier human recognition.
$prefix = "mURI_temp_";
 
//Set the correct file extension.
 
$suffix = $extension;
 
// Generate the unique name. Keep generating new names until one that is not in use is found.
 
do {
 
// Create a random seed by taking the first 8 characters of an MD5 hash of a concatenation of the current UNIX epoch time and the current server process ID.
$seed = substr(md5(microtime().getmypid()), 0, 8);
 
// Assemble the file path.
$path_to_image = "./{$CONFIG['fullpath']}/edit/". $prefix . $seed . '.' . $suffix;
 
} while (file_exists($path_to_image));
 
// Create a holder called $tempname.
$tempname = $prefix . $seed . '.' . $suffix;
 
// The file name $path_to_image has been created. We must prepare to download the resource. First, we will attemt to detect the status code for the resource.
 
// Open a stream to the resource.
$fp = fopen($_POST['URI_array'][$counter],"rb");
 
// Check to see if the resource was opened.
if (!$fp) {
 
// Attempt to get the status of the resource.
$response = check_status($_POST['URI_array'][$counter]);
 
// Try to parse header if we were able to get a response.
if ($response) {
 
if(strstr($response, '401')) {
 
// 401 Unauthorized - Authorization needed to obtain resource. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_401']);
 
} elseif(strstr($response, '402')) {
 
// 402 Payment Required - Where's the cash? :-) Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_402']);
 
} elseif(strstr($response, '403')) {
 
// 403 Forbidden - No permission to access the resource. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_403']);
 
} elseif(strstr($response, '404')) {
 
// 404 Not Found - The resource is missing. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_404']);
 
} elseif(strstr($response, '500')) {
 
// 500 Internal Server Error - The server has failed. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_500']);
 
} elseif(strstr($response, '503')) {
 
// 503 Service Unavailable - The server is busy. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_503']);
 
} else {
 
// Undocumented error. Note an error. Return status code.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$response);
 
}
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
} else {
 
 
// The resource could not be opened.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['could_not_open_URI']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
}
 
} else {
 
// Obtain header info if possible.
if (function_exists(stream_get_meta_data)) {
 
// Store header data in $header.
$header = stream_get_meta_data($fp);
 
// If data was returned, test it.
if($header) {
 
//Look for server response. Proceed if status code 200 is returned.
if(!(strstr($header['wrapper_data'][0], '200'))) {
 
// The resource is not available. Attempt to determine why, and
// generate the appropriate error.
 
if(strstr($header['wrapper_data'][0], '401')) {
 
// 401 Unauthorized - Authorization needed to obtain resource. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_401']);
 
} elseif(strstr($header['wrapper_data'][0], '402')) {
 
// 402 Payment Required - Where's the cash? :-) Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_402']);
 
} elseif(strstr($header['wrapper_data'][0], '403')) {
 
// 403 Forbidden - No permission to access the resource. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_403']);
 
} elseif(strstr($header['wrapper_data'][0], '404')) {
 
// 404 Not Found - The resource is missing. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_404']);
 
} elseif(strstr($header['wrapper_data'][0], '500')) {
 
// 500 Internal Server Error - The server has failed. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_500']);
 
} elseif(strstr($header['wrapper_data'][0], '503')) {
 
// 503 Service Unavailable - The server is busy. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['http_503']);
 
} else {
 
// Undocumented error. Note an error. Return status code.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$header['wrapper_data'][0]);
 
}
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
}
 
// Cycle through returned HTTP header.
if (count($header['wrapper_data']) > 1) {
 
// Now we loop through each item returned in the wrapper data.
for ($i=1; isset($header['wrapper_data'][$i]); $i++) {
 
// Let's see if we can get a content length from the server.
if (strstr(strtolower($header['wrapper_data'][$i]), 'content-length')) {
 
// We have found the Content-Length header. Use regular expressions to extract it.
if(eregi('^content-length: ([[:digit:]]+)', $header['wrapper_data'][$i], $length_extraction_array)) {
 
// The content length should be available in bytes. Cross compare with the maximum file size allowed in an upload.
// Reject the file with an error if it is too large.
if ($length_extraction_array[1] > $max_file_size) {
 
// The content is too large. Reject it with an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['exc_file_size']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue 2;
 
}
 
}
 
}
 
}
 
}
 
}
 
}
 
// Cannot get headers from meta data, or we have completed the metadata check and have found a 200 status code and appropriate content length.
 
// Now we must create a file to write the data to.
touch($path_to_image);
 
// Conduct tests on write file.
if (!is_file($path_to_image)) {
 
// The file was not created. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['cant_create_write']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
// Check for writability,
} elseif (!is_writable($path_to_image)) {
 
// The file is not writeable. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['not_writable']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
} else {
 
// Initialize the $content variable.
$content = '';
 
// The write file has been created and is writeable. Let's get the content from the URI.
while (!feof($fp)) {
 
// Read the data into $content in 8KB chunks.
$content .= fread($fp,8192);
 
}
 
// Close the file pointer now that we are done reading it.
fclose($fp);
 
// Open the temp file for writing.
$fpw = fopen($path_to_image, "wb");
 
// Verify the file has opened.
if (!$fpw) {
 
// The file did not open. Make a note of the error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['cant_open_write_file']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
}
 
// Write the data to the file.
if (fwrite($fpw, $content, strlen($content)) === 'FALSE') {
 
// We could not write the data to the file. Note an error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['cant_write_write_file']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
}
 
// The file now resides on the server. Let's close the write file.
fclose($fpw);
 
}
 
}
 
// The file is located at $path_to_image. We now need to continue with on server testing.
 
// Change file permission
chmod($path_to_image, octdec($CONFIG['default_file_mode']));
 
// Create a testing alias. Use the temp name if a MIME type eas discovered.
if ($URI_MIME_type) {
 
// The MIME type eas detected, so we use the temp name.
$picture_alias = $tempname;
 
} else {
 
$picture_alias = $matches[1].".".$matches[2];
 
}
 
// Test file size. Delete if too large.
if (filesize($path_to_image) > $max_file_size) {
 
// The file size is too large, delete it.
@unlink($uploaded_pic);
 
// The file upload has failed -- the file is too large. make a note of the error.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['exc_file_size']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
}
 
// Check to see if the filename is consistent with that of a picture.
if (is_image($picture_alias)) {
 
// If it is, get the picture information
$imginfo = getimagesize($path_to_image);
 
// If getimagesize does not recognize the file as a picture, delete the picture.
if ($imginfo === 'FALSE') {
@unlink($path_to_image);
 
// The file upload has failed -- the image is not an image or it is corrupt.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['not_image']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
// JPEG and PNG only are allowed with GD. If the image is not allowed for GD,delete it.
} elseif ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) {
@unlink($path_to_image);
 
// The file upload has failed -- the image is not allowed with GD.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['not_GD']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
 
// Check that picture size (in pixels) is lower than the maximum allowed. If not, delete it.
} elseif (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) {
@unlink($path_to_image);
 
// The file upload has failed -- the image dimensions exceed the allowed amount.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['pixel_allowance']);
 
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
}
 
// Image is ok
}
 
// Put array info for a successful upload in $escrow_array. Array hold the actual file name and the name of the temporary image. We do not use the path for security reasons.
$escrow_array[] = array('actual_name'=>$picture_alias, 'temporary_name'=>$tempname);
 
}
 
}
 
// Decompressive ZIP uploading is disabled.
// $zip_upload_count = count($_FILES['ZIP_array']['name']);
 
//Now we must prepare the inital form for adding the pictures to the database, and we must move them to their final location.
 
// Count errors in each error array and the escrow array.
$escrow_array_count = count($escrow_array);
$file_error_count = count($file_failure_array);
$URI_error_count = count($URI_failure_array);
$zip_error_count = count($zip_failure_array);
 
// Create page header.
pageheader($lang_upload_php['title']);
 
// Check for successful uploads.
if ($escrow_array_count > '0') {
 
// Serialize and base64_encode the array.
$cayman_escrow = base64_encode(serialize($escrow_array));
 
// Add temp data record to database.
$unique_ID = create_record($cayman_escrow);
 
// Verify record was created.
if (!$unique_ID) {
 
cpg_die(CRITICAL_ERROR, $lang_upload_php['cant_create_write'], __FILE__, __LINE__);
 
}
 
// Prepare success data for user.
starttable("100%", $lang_upload_php['succ'], 2);
echo "<tr><td colspan=\"2\">";
printf ($lang_upload_php['success'], $escrow_array_count);
echo "<br /><br />";
echo $lang_upload_php['add'];
echo "</td></tr>";
 
// Set the form action to this script.
open_form($_SERVER['PHP_SELF']);
 
$form_array = array(
array('unique_ID', $unique_ID, 4),
array('control', 'phase_2', 4)
);
 
create_form($form_array);
close_form($lang_continue);
endtable();
 
// Throw in an HTML break for aesthetics.
echo "<br />";
 
} else {
 
// we had no successful uploads. We create a redirect box.
msg_box($lang_info, sprintf($lang_upload_php['success'], $escrow_array_count), $lang_continue, 'index.php', "100%");
 
// Throw in an HTML break for aesthetics.
echo "<br />";
 
}
 
// Create error report if we have errors.
if (($file_error_count + $URI_error_count + $zip_error_count) > 0) {
 
// Prepare error data for user.
starttable("100%", $lang_upload_php['error_report'], 2);
form_statement($lang_upload_php['error_instr']);
 
// Look for file upload errors.
if ($file_error_count > 0) {
 
// There are file upload errors. Generate the section label.
form_label($lang_upload_php['reg_instr_7']);
echo "<tr><td>{$lang_upload_php['file_name_url']}</td><td>{$lang_upload_php['error_message']}</td></tr>";
 
// Cycle through the file upload errors.
for ($i=0; $i < $file_error_count; $i++) {
 
// Print the error ordinal, file name, and error code.
echo "<tr><td>{$file_failure_array[$i]['failure_ordinal']} {$file_failure_array[$i]['file_name']}</td><td>{$file_failure_array[$i]['error_code']}</td></tr>";
 
}
 
}
 
// Look for URI upload errors.
if ($URI_error_count > 0) {
 
// There are URI upload errors. Generate the section label.
form_label($lang_upload_php['reg_instr_8']);
echo "<tr><td>{$lang_upload_php['file_name_url']}</td><td>{$lang_upload_php['error_message']}</td></tr>";
 
// Cycle through the file upload errors.
for ($i=0; $i < $URI_error_count; $i++) {
 
// Print the error ordinal, file name, and error code.
echo "<tr><td>{$URI_failure_array[$i]['failure_ordinal']} {$URI_failure_array[$i]['URI_name']}</td><td>{$URI_failure_array[$i]['error_code']}</td></tr>";
 
}
 
}
 
// Look for zip upload errors.
if ($zip_error_count > 0) {
 
// There are file upload errors. Generate the section label.
form_label($lang_upload_php['reg_instr_6']);
echo "<tr><td>{$lang_upload_php['file_name_url']}</td><td>{$lang_upload_php['error_message']}</td></tr>";
 
// Cycle through the file upload errors.
for ($i=0; $i < $zip_error_count; $i++) {
 
// Print the error ordinal, file name, and error code.
echo "<tr><td>{$file_failure_array[$i]['failure_ordinal']} {$file_failure_array[$i]['file_name']}</td><td>{$file_failure_array[$i]['error_code']}</td></tr>";
 
}
 
}
 
// Close the error report table.
endtable();
 
}
 
// Create the footer and flush the output buffer.
pagefooter();
ob_end_flush();
 
// Exit the script.
 
exit;
}
 
// Recieve incoming post information for phase II.
if ((isset($_POST['control'])) and ($_POST['control'] == 'phase_2')) {
 
// Check for incoming album placement data.
if ((isset($_POST['album'])) and (isset($_POST['unique_ID']))) {
 
if (isset($_POST['unique_ID'])) {
 
// The unique ID is set, so let us retrieve the record.
$cayman_string = retrieve_record($_POST['unique_ID']);
 
// Verify record was retrieved.
if (!$cayman_string) {
 
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
 
}
 
} else {
 
// The $_POST['unique_ID'] value is not present. Die with an error.
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
 
}
 
// Now we decode the string.
$escrow_array = unserialize(base64_decode($cayman_string));
 
// Now we need to pop a file set off $escrow_array.
// The returned element will take the form: array('actual_name', 'temporary_name')
 
// First, we test to make sure $escrow_array is an array.
if (!(is_array($escrow_array))) {
 
// The decoded information is not an array. Die with an error.
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
 
}
 
// Initialize $file_set as an array.
$file_set = array();
 
// Create array index.
$index = count($escrow_array) - 1;
 
// Read the end of the $escrow_array array into $file_set.
$file_set[0] = $escrow_array[$index]['actual_name'];
$file_set[1] = $escrow_array[$index]['temporary_name'];
 
// Get the image preview path.
$preview_path = $escrow_array[$index]['preview_path'];
 
// Remove end of $escrow_array.
unset($escrow_array[$index]['preview_path']);
unset($escrow_array[$index]['actual_name']);
unset($escrow_array[$index]['temporary_name']);
unset($escrow_array[$index]);
 
// Re-encode the $escrow_array.
$cayman_escrow = base64_encode(serialize($escrow_array));
 
// Update the record.
$update = update_record($_POST['unique_ID'], $cayman_escrow);
 
// Verify that the update occurred.
if (!$update) {
 
// We cannot write to the temporary data file. Note a fatal error.
cpg_die(CRITICAL_ERROR, $lang_upload_php['not_writable'], __FILE__, __LINE__);
 
}
 
// We have incoming placement data. Let's capture it.
 
$album = (int)$HTTP_POST_VARS['album'];
$title = addslashes($HTTP_POST_VARS['title']);
$caption = addslashes($HTTP_POST_VARS['caption']);
$keywords = addslashes($HTTP_POST_VARS['keywords']);
$user1 = addslashes($HTTP_POST_VARS['user1']);
$user2 = addslashes($HTTP_POST_VARS['user2']);
$user3 = addslashes($HTTP_POST_VARS['user3']);
$user4 = addslashes($HTTP_POST_VARS['user4']);
 
// Capture movie or audio width and height if sent.
if(isset($HTTP_POST_VARS['movie_wd'])) {
 
$movie_wd = (int)$HTTP_POST_VARS['movie_wd'];
 
} else {
 
$movie_wd = 0;
 
}
 
if(isset($HTTP_POST_VARS['movie_ht'])) {
 
$movie_ht = (int)$HTTP_POST_VARS['movie_ht'];
 
} else {
 
$movie_ht = 0;
 
}
 
// Check if the album id provided is valid
if (!GALLERY_ADMIN_MODE) {
$result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album' and (uploads = 'YES' OR category = '" . (USER_ID + FIRST_USER_CAT) . "')");
if (mysql_num_rows($result) == 0)cpg_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
$row = mysql_fetch_array($result);
mysql_free_result($result);
$category = $row['category'];
} else {
$result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album'");
if (mysql_num_rows($result) == 0)cpg_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
$row = mysql_fetch_array($result);
mysql_free_result($result);
$category = $row['category'];
}
 
// Pictures are moved in a directory named 10000 + USER_ID
if (USER_ID && !defined('SILLY_SAFE_MODE')) {
$filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT);
$dest_dir = $CONFIG['fullpath'] . $filepath;
if (!is_dir($dest_dir)) {
mkdir($dest_dir, octdec($CONFIG['default_dir_mode']));
if (!is_dir($dest_dir)) cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true);
chmod($dest_dir, octdec($CONFIG['default_dir_mode']));
$fp = fopen($dest_dir . '/index.html', 'w');
fwrite($fp, ' ');
fclose($fp);
}
$dest_dir .= '/';
$filepath .= '/';
} else {
$filepath = $CONFIG['userpics'];
$dest_dir = $CONFIG['fullpath'] . $filepath;
}
 
// Check that target dir is writable
if (!is_writable($dest_dir)) cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true);
 
//Add the Perl regex to break the actual name.
preg_match("/(.+)\.(.*?)\Z/", $file_set[0], $matches);
 
// Create a unique name for the uploaded file
$nr = 0;
$picture_name = $matches[1] . '.' . $matches[2];
while (file_exists($dest_dir . $picture_name)) {
$picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
}
 
// Create path for final location.
$uploaded_pic = $dest_dir . $picture_name;
 
// Form path to temporary image.
$path_to_image = "./{$CONFIG['fullpath']}edit/".$file_set[1];
 
// prevent moving the edit directory...
if (is_dir($path_to_image)) cpg_die(CRITICAL_ERROR, $lang_upload_php['failure'] . " - '$path_to_image'", __FILE__, __LINE__, true);
 
// Move the picture into its final location
if (rename($path_to_image, $uploaded_pic)) {
 
// Change file permission
chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
 
// Create thumbnail and internediate image and add the image into the DB
$result = add_picture($album, $filepath, $picture_name, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category, $raw_ip, $hdr_ip, $movie_wd, $movie_ht);
 
if (!$result) {
 
// The file could not be placed.
$file_placement = 'no';
 
} else {
 
// The file was placed successfully.
$file_placement = 'yes';
 
}
 
} else {
 
// The file was not placed successfully.
$file_placement = 'no';
 
}
 
// Time for garbage cleanup.
 
// First, we delete the preview image.
if ((!strstr($preview_path, 'thumb')) and (file_exists($preview_path))) {
 
unlink($preview_path);
 
}
 
// Check to see if this is the last one.
if(count($escrow_array) == '0') {
 
// Create the final message.
if ($PIC_NEED_APPROVAL) {
 
if ($file_placement == 'no') {
 
$final_message = ''.$lang_upload_php['no_place'].'<br /><br />'.$lang_db_input_php['upload_success'];
 
} else {
 
$final_message = ''.$lang_upload_php['yes_place'].'<br /><br />'.$lang_db_input_php['upload_success'];
 
}
 
} else {
 
if ($file_placement == 'no') {
 
$final_message = ''.$lang_upload_php['no_place'].'<br /><br />'.$lang_upload_php['process_complete'];
 
} else {
 
$final_message = ''.$lang_upload_php['yes_place'].'<br /><br />'.$lang_upload_php['process_complete'];
 
}
 
}
 
// Delete the temporary data file.
delete_record($_POST['unique_ID']);
 
// Send e-mail notification to the admin if requested (added by gaugau: 03-11-09).
if (($CONFIG['upl_notify_admin_email']) and ($PIC_NEED_APPROVAL)) {
// Encapsulate so included lang file doesn't interfere with global one
function cpg_send_upload_notification() {
global $CONFIG;
$lang_db_input_php = cpg_get_default_lang_var('lang_db_input_php');
// Get the mail files.
include_once('include/mailer.inc.php');
 
// Send the message.
cpg_mail($CONFIG['gallery_admin_email'], sprintf($lang_db_input_php['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_db_input_php['notify_admin_email_body'], USER_NAME, $CONFIG['ecards_more_pic_target'].'editpics.php?mode=upload_approval' ));
}
cpg_send_upload_notification();
}
 
// That was the last one. Create a redirect box.
pageheader($lang_info);
msg_box($lang_info, $final_message, $lang_continue, 'index.php', "100%");
pagefooter();
 
// Exit the script.
exit;
 
}
 
}
 
// The user has files that need to be processed and placed in albums.
// We must pull that information from the temporary data file
// whose ID is in $_POST['unique_ID'].
 
if (isset($_POST['unique_ID'])) {
 
// The unique ID is set, so let us retrieve the record.
$cayman_string = retrieve_record($_POST['unique_ID']);
 
// Verify record was retrieved.
if (!$cayman_string) {
 
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
 
}
 
} else {
 
// The $_POST['cayman'] path is not present. Die with an error.
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
 
}
 
// Now we decode the string.
$escrow_array = unserialize(base64_decode($cayman_string));
 
// Now we need to detect the end file set of $escrow_array.
// The returned element will take the form: array('actual_name', 'temporary_name')
 
// First, we test to make sure $escrow_array is an array.
if (!(is_array($escrow_array))) {
 
// The decoded information is not an array. Die with an error.
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
 
}
 
// Initialize $file_set as an array.
$file_set = array();
 
// Create array index.
$index = count($escrow_array) - 1;
 
// Read the end of the $escrow_array array into $file_set.
$file_set[0] = $escrow_array[$index]['actual_name'];
$file_set[1] = $escrow_array[$index]['temporary_name'];
 
// Create preview image.
 
// Create path to image.
$path_to_image = "./{$CONFIG['fullpath']}edit/".$file_set[1];
 
// Create the preview function.
 
// Get the extension for the preview.
 
// First we parse the file name to determine the file type.
$pieces = explode('.',$file_set[1]);
 
// We pop off the end of the $pieces array to obtain the possible file name.
$extension = array_pop($pieces);
 
// Detect if the file is an image.
if(is_image($file_set[1])) {
 
// Create preview image file name.
 
do {
 
// Create a random seed by taking the first 8 characters of an MD5 hash of a concatenation of the current UNIX epoch time and the current server process ID.
$seed = substr(md5(microtime().getmypid()), 0, 8);
 
// Assemble the file path.
$path_to_preview = "./{$CONFIG['fullpath']}edit/preview_" . $seed . '.' . $extension;
 
} while (file_exists($path_to_preview));
 
// Create secure preview path.
$s_preview_path = 'preview_' . $seed . '.' . $extension;
 
// The file is an image, we must resize it for a preview image.
resize_image($path_to_image, $path_to_preview, '150', $CONFIG['thumb_method'], 'wd');
 
} else {
 
// The file is not an image, so we will use the non-image thumbs
// for preview images.
 
// We create the path to the preview image.
$path_to_preview = "images/thumb_{$extension}.jpg";
 
}
 
// Add preview image path to $escrow_array.
$escrow_array[$index]['preview_path'] = $path_to_preview;
 
// Re-encode the $escrow_array.
$cayman_escrow = base64_encode(serialize($escrow_array));
 
// Update the record.
$update = update_record($_POST['unique_ID'], $cayman_escrow);
 
// Verify that the update occurred.
if (!$update) {
 
// We cannot write to the temporary data file. Note a fatal error.
cpg_die(CRITICAL_ERROR, $lang_upload_php['not_writable'], __FILE__, __LINE__);
 
}
 
// Create upload form headers.
pageheader($lang_upload_php['title']);
 
// Open the form table.
starttable("100%", $lang_upload_php['title'], 2);
 
// Direct the request to this script.
open_form($_SERVER['PHP_SELF']);
 
// Create image tag and echo it to the output buffer.
echo "<tr><td class=\"tableh2\"><img class=\"image\" src=\"".$path_to_preview."\" ></td>";
 
// Echo instructions.
echo "<td class=\"tableh2\">{$lang_upload_php['picture']} - {$file_set[0]}<br /><br />{$lang_upload_php['place_instr_1']}<br /><br />";
 
// If we have previously placed a picture, give a brief message about its success or failure.
if (isset($file_placement)) {
 
if ($file_placement == 'yes') {
 
// The previous picture was placed successfully.
echo "{$lang_upload_php['yes_place']}";
 
} elseif ($file_placement == 'no') {
 
// The previous image placement failed.
echo "{$lang_upload_php['no_place']}";
 
}
 
}
 
echo "</td></tr>";
 
// Declare an array containing the various upload form box definitions.
$captionLabel = $lang_upload_php['description'];
if ($CONFIG['show_bbcode_help']) {$captionLabel .= '<hr />'.$lang_bbcode_help;}
//$printed_file_name = "{$lang_upload_php['picture']} - {$file_set[0]}";
 
$form_array = array(
array($lang_upload_php['album'], 'album', 2),
array($lang_upload_php['pic_title'], 'title', 0, 255, 1),
array($captionLabel, 'caption', 3, $CONFIG['max_img_desc_length']),
array($lang_upload_php['keywords'], 'keywords', 0, 255, 1),
array('control', 'phase_2', 4),
array('unique_ID', $_POST['unique_ID'], 4),
);
 
// Check for user defined fields.
if(!empty($CONFIG['user_field1_name'])) {
$form_array[] = array($CONFIG['user_field1_name'], 'user1', 0, 255, 1);
}
 
if(!empty($CONFIG['user_field2_name'])) {
$form_array[] = array($CONFIG['user_field2_name'], 'user2', 0, 255, 1);
}
 
if(!empty($CONFIG['user_field3_name'])) {
$form_array[] = array($CONFIG['user_field3_name'], 'user3', 0, 255, 1);
}
 
if(!empty($CONFIG['user_field4_name'])) {
$form_array[] = array($CONFIG['user_field4_name'], 'user4', 0, 255, 1);
}
 
 
// Check for movies and audio, and create width and height boxes if true.
if((is_movie($file_set[1])) or (is_audio($file_set[1]))) {
 
//Add width and height boxes to the form.
$form_array[] = array($lang_config_php['th_wd'],'movie_wd', 0, 4, 1);
$form_array[] = array($lang_config_php['th_ht'],'movie_ht', 0, 4, 1);
 
}
 
// Create the form and echo more instructions.
create_form($form_array);
 
// More instructions.
if(count($escrow_array) > '1') {
 
form_statement($lang_upload_php['place_instr_2']);
 
}
 
// Make button say 'Continue.'
close_form($lang_continue);
 
// Close the table, create footers, and flush the output buffer.
endtable();
pagefooter();
ob_end_flush();
 
// Exit the script.
exit;
 
 
}
?>