1<?php 2/** 3 * @package tikiwiki 4 */ 5// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project 6// 7// All Rights Reserved. See copyright.txt for details and a complete list of authors. 8// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. 9// $Id$ 10 11$section = 'galleries'; 12require_once('tiki-setup.php'); 13$categlib = TikiLib::lib('categ'); 14$imagegallib = TikiLib::lib('imagegal'); 15$filegallib = TikiLib::lib('filegal'); 16 17$access->check_feature('feature_galleries'); 18 19if ($tiki_p_upload_images != 'y' and ! $tikilib->user_has_perm_on_object($user, $_REQUEST["galleryId"], "image gallery", "tiki_p_upload_images")) { 20 $smarty->assign('errortype', 401); 21 $smarty->assign('msg', tra("You do not have permission to upload images")); 22 $smarty->display("error.tpl"); 23 die; 24} 25 26$foo = parse_url($_SERVER["REQUEST_URI"]); 27$foo1 = str_replace("tiki-upload_image", "tiki-browse_image", $foo["path"]); 28$foo2 = str_replace("tiki-upload_image", "show_image", $foo["path"]); 29$smarty->assign('url_browse', $tikilib->httpPrefix() . $foo1); 30$smarty->assign('url_show', $foo2); 31$smarty->assign('show', 'n'); 32unset($data); 33// Process an upload here 34if (isset($_REQUEST["upload"])) { 35 check_ticket('upload-image'); 36 // Check here if it is an upload or an URL 37 $tikilib->get_perm_object($_REQUEST["galleryId"], 'image gallery'); 38 if ($tiki_p_admin_galleries == 'y') { 39 $tiki_p_view_image_gallery = 'y'; 40 $tiki_p_upload_images = 'y'; 41 $tiki_p_create_galleries = 'y'; 42 } 43 $access->check_permission('tiki_p_upload_images'); 44 45 $gal_info = $imagegallib->get_gallery($_REQUEST["galleryId"]); 46 if ($gal_info["thumbSizeX"] == 0) { 47 $gal_info["thumbSizeX"] = 80; 48 } 49 if ($gal_info["thumbSizeY"] == 0) { 50 $gal_info["thumbSizeY"] = 80; 51 } 52 // Check the user to be admin or owner or the gallery is public 53 if ($tiki_p_admin_galleries != 'y' && (! $user || $user != $gal_info["user"]) && $gal_info["public"] != 'y') { 54 $smarty->assign('errortype', 401); 55 $smarty->assign('msg', tra("You have permission to upload images but not to this gallery")); 56 $smarty->display("error.tpl"); 57 die; 58 } 59 $error_msg = ''; 60 if (empty($user) && $prefs['feature_antibot'] == 'y' && ! $captchalib->validate()) { 61 $error_msg = $captchalib->getErrors(); 62 $smarty->assign('errortype', 'no_redirect_login'); 63 } 64 if (! empty($_REQUEST["url"])) { 65 // check URL. avoid uploading local files! 66 if (! preg_match('#http[s]?://#i', $_REQUEST["url"])) { 67 $_REQUEST["url"] = 'http://' . $_REQUEST["url"]; 68 } 69 $data = $tikilib->httprequest($_REQUEST["url"]); 70 if ($data) { 71 // Get the image from a URL 72 if (@getimagesize($_REQUEST["url"])) { // that's not nice. reads the image twice. 73 // I'll have to add some functionality in imagegalslib 74 // remember me if i forget that. redflo 75 $url_info = parse_url($_REQUEST["url"]); 76 $pinfo = pathinfo($url_info["path"]); 77 $type = "image/" . $pinfo["extension"]; 78 $filename = $pinfo["basename"]; 79 $size = strlen($data); 80 } else { 81 $error_msg = tra("Cannot get image from URL"); 82 $smarty->assign('errortype', 'no_redirect_login'); 83 } 84 } else { 85 $error_msg = tra("That is not an image (or you have php < 4.0.5)"); 86 $smarty->assign('errortype', 'no_redirect_login'); 87 } 88 } else { 89 // We process here file uploads 90 if (isset($_FILES['userfile1']) && ! empty($_FILES['userfile1']['name'])) { 91 if (is_uploaded_file($_FILES['userfile1']['tmp_name'])) { 92 try { 93 $filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name'], $_FILES['userfile1']['name']); 94 } catch (Exception $e) { 95 $smarty->assign('errortype', 403); 96 $smarty->assign('msg', $e->getMessage()); 97 $smarty->display("error.tpl"); 98 die; 99 } 100 if (! empty($prefs['gal_match_regex'])) { 101 if (! preg_match('/' . $prefs['gal_match_regex'] . '/', $_FILES['userfile1']['name'], $reqs)) { 102 $smarty->assign('msg', tra('Invalid imagename (using filters for filenames)')); 103 $smarty->assign('errortype', 'no_redirect_login'); 104 $smarty->display("error.tpl"); 105 die; 106 } 107 } 108 if (! empty($prefs['gal_nmatch_regex'])) { 109 if (preg_match('/' . $prefs['gal_nmatch_regex'] . '/', $_FILES['userfile1']['name'], $reqs)) { 110 $smarty->assign('msg', tra('Invalid imagename (using filters for filenames)')); 111 $smarty->assign('errortype', 'no_redirect_login'); 112 $smarty->display("error.tpl"); 113 die; 114 } 115 } 116 $type = $_FILES['userfile1']['type']; 117 $size = $_FILES['userfile1']['size']; 118 $filename = $_FILES['userfile1']['name']; 119 // Check for a zip file..... 120 if (substr($filename, strlen($filename) - 3) == 'zip') { 121 if ($tiki_p_batch_upload_images == 'y') { 122 if ($imagegallib->process_batch_image_upload($_REQUEST["galleryId"], $_FILES['userfile1']['tmp_name'], $user) == 0) { 123 $smarty->assign('msg', tra('Error processing zipped image package')); 124 $smarty->assign('errortype', 'no_redirect_login'); 125 $smarty->display("error.tpl"); 126 die; 127 } 128 header("location: tiki-browse_gallery.php?galleryId=" . $_REQUEST["galleryId"]); 129 die(); 130 } else { 131 $smarty->assign('msg', tra('No permission to upload zipped image packages')); 132 $smarty->display("error.tpl"); 133 die; 134 } 135 } 136 $file_name = $_FILES['userfile1']['name']; 137 $file_tmp_name = $_FILES['userfile1']['tmp_name']; 138 $tmp_dest = $prefs['tmpDir'] . '/' . $file_name . '.tmp'; // add .tmp to not overwrite existing files (like index.php) 139 if (! move_uploaded_file($file_tmp_name, $tmp_dest)) { 140 if ($tiki_p_admin == 'y') { 141 $smarty->assign('msg', tra('Errors detected') . '. ' . tra('Check that these paths exist and are writable by the web server') . ': ' . $file_tmp_name . ' ' . $tmp_dest); 142 } else { 143 $smarty->assign('msg', tra('Errors detected')); 144 } 145 $smarty->assign('errortype', 'no_redirect_login'); 146 $smarty->display("error.tpl"); 147 die(); 148 } 149 $fp = fopen($tmp_dest, "rb"); 150 $data = fread($fp, filesize($tmp_dest)); 151 fclose($fp); 152 $imginfo = @getimagesize($tmp_dest); 153 unlink($tmp_dest); 154 if (! $data || ! $imginfo) { // Not in Image format 155 $error_msg = tra('The uploaded file is not recognized as a image'); 156 $smarty->assign('errortype', 'no_redirect_login'); 157 } 158 } else { 159 $error_msg = $tikilib->uploaded_file_error($_FILES['userfile1']['error']); 160 if (! empty($error_msg)) { 161 $smarty->assign('errortype', 'no_redirect_login'); 162 } 163 } 164 } 165 } 166 $up_thumb = 0; 167 // If the thumbnail was uploaded 168 if (isset($_FILES['userfile2']) && ! empty($_FILES['userfile2']['name'])) { 169 try { 170 $filegallib->assertUploadedFileIsSafe($_FILES['userfile2']['tmp_name'], $_FILES['userfile2']['name']); 171 } catch (Exception $e) { 172 $smarty->assign('errortype', 403); 173 $smarty->assign('msg', $e->getMessage()); 174 $smarty->display("error.tpl"); 175 die; 176 } 177 $thumb_data = $imagegallib->get_one_image_from_disk('userfile2'); 178 if (isset($thumb_data['msg'])) { 179 $error_msg = $thumb_data['msg']; 180 $smarty->assign('errortype', 'no_redirect_login'); 181 } 182 $up_thumb = 1; 183 } 184 if ($error_msg) { 185 $smarty->assign('msg', $error_msg); 186 $smarty->display("error.tpl"); 187 die; 188 } 189 if (isset($_REQUEST["name"]) && ! empty($_REQUEST["name"])) { 190 $name = $_REQUEST["name"]; 191 } elseif (isset($filename)) { 192 $name = $filename; 193 } else { 194 $name = ""; 195 } 196 $lat = null; 197 $lon = null; 198 if (isset($data)) { 199 if (! $up_thumb) { 200 if (function_exists("ImageCreateFromString") && (! strstr($type, "gif"))) { 201 if ($img = @imagecreatefromstring($data)) { 202 $size_x = imagesx($img); 203 $size_y = imagesy($img); 204 if ($size_x > $size_y) { 205 $tscale = ((int)$size_x / $gal_info["thumbSizeX"]); 206 } else { 207 $tscale = ((int)$size_y / $gal_info["thumbSizeY"]); 208 } 209 $tw = ((int)($size_x / $tscale)); 210 $ty = ((int)($size_y / $tscale)); 211 if (chkgd2()) { 212 $t = imagecreatetruecolor($tw, $ty); 213 imagecopyresampled($t, $img, 0, 0, 0, 0, $tw, $ty, $size_x, $size_y); 214 } else { 215 $t = imagecreate($tw, $ty); 216 $imagegallib->ImageCopyResampleBicubic($t, $img, 0, 0, 0, 0, $tw, $ty, $size_x, $size_y); 217 } 218 // CHECK IF THIS TEMP IS WRITEABLE OR CHANGE THE PATH TO A WRITEABLE DIRECTORY 219 //$tmpfname = 'temp.jpg'; 220 $tmpfname = tempnam($prefs['tmpDir'], "TMPIMG"); 221 imagejpeg($t, $tmpfname); 222 // Now read the information 223 $fp = fopen($tmpfname, "rb"); 224 $t_data = fread($fp, filesize($tmpfname)); 225 fclose($fp); 226 unlink($tmpfname); 227 //$t_pinfo = pathinfo($tmpfname); 228 //$t_type = $t_pinfo["extension"]; 229 $t_type = 'image/jpg'; // . $t_type; 230 $imageId = $imagegallib->insert_image($_REQUEST["galleryId"], $name, $_REQUEST["description"], $filename, $type, $data, $size, $size_x, $size_y, $user, $t_data, $t_type, $lat, $lon, $gal_info); 231 } else { // Not in Image format 232 $smarty->assign('msg', tra('The uploaded file is not recognized as a image')); 233 $smarty->display('error.tpl'); 234 die; 235 } 236 } else { 237 $tmpfname = ''; 238 $imageId = $imagegallib->insert_image($_REQUEST["galleryId"], $name, $_REQUEST["description"], $filename, $type, $data, $size, $imginfo[0], $imginfo[1], $user, '', '', $lat, $lon, $gal_info); 239 } 240 } else { 241 if (function_exists("ImageCreateFromString") && (! strstr($type, "gif"))) { 242 if ($img = @imagecreatefromstring($data)) { 243 $size_x = imagesx($img); 244 $size_y = imagesy($img); 245 } else { 246 // Not in Image format 247 $smarty->assign('msg', tra('The uploaded file is not recognized as a image')); 248 $smarty->display('error.tpl'); 249 die; 250 } 251 } else { 252 $size_x = $imginfo[0]; 253 $size_y = $imginfo[1]; 254 } 255 $imageId = $imagegallib->insert_image($_REQUEST["galleryId"], $name, $_REQUEST["description"], $filename, $type, $data, $size, $size_x, $size_y, $user, $thumb_data, $thumb_data['filetype'], $lat, $lon, $gal_info); 256 } 257 if (! $imageId) { 258 $smarty->assign('msg', tra('Upload failed')); 259 $smarty->display("error.tpl"); 260 die; 261 } 262 $smarty->assign_by_ref('imageId', $imageId); 263 // Now that the image was inserted we can display the image here. 264 $smarty->assign('show', 'y'); 265 $smarty->assign_by_ref('tmpfname', $tmpfname); 266 $smarty->assign_by_ref('fname', $_REQUEST["url"]); 267 // Finally categorise it 268 $cat_type = 'image'; 269 $cat_objid = $imageId; 270 $cat_desc = substr($_REQUEST["description"], 0, 200); 271 $cat_name = $name; 272 $cat_href = $foo1 . "?imageId=" . $cat_objid; 273 include_once("categorize.php"); 274 } 275} 276$batchRes = []; 277for ($i = 3; $i <= 8; $i++) { 278 if (isset($_FILES["userfile$i"]) && ! empty($_FILES["userfile$i"]['name'])) { 279 $batchRes[] = $imagegallib->get_one_image_from_disk("userfile$i", $_REQUEST['galleryId'], isset($_REQUEST['name']) ? $_REQUEST['name'] : '', $_REQUEST['description'], $gal_info); 280 } 281} 282if (count($batchRes)) { 283 $smarty->assign_by_ref('batchRes', $batchRes); 284} 285// Get the list of galleries to display the select box in the template 286if (isset($_REQUEST["galleryId"])) { 287 $smarty->assign_by_ref('galleryId', $_REQUEST["galleryId"]); 288} else { 289 $smarty->assign('galleryId', ''); 290} 291if ($tiki_p_admin_galleries != 'y') { 292 $galleries = $imagegallib->list_visible_galleries(0, -1, 'lastModif_desc', $user, ''); 293} else { 294 $galleries = $imagegallib->list_galleries(0, -1, 'lastModif_desc', $user, ''); 295} 296$temp_max = count($galleries["data"]); 297for ($i = 0; $i < $temp_max; $i++) { 298 if ($userlib->object_has_one_permission($galleries["data"][$i]["galleryId"], 'image gallery')) { 299 $galleries["data"][$i]["individual"] = 'y'; 300 if ($userlib->object_has_permission($user, $galleries["data"][$i]["galleryId"], 'image gallery', 'tiki_p_view_image_gallery')) { 301 $galleries["data"][$i]["individual_tiki_p_view_image_gallery"] = 'y'; 302 } else { 303 $galleries["data"][$i]["individual_tiki_p_view_image_gallery"] = 'n'; 304 } 305 if ($userlib->object_has_permission($user, $galleries["data"][$i]["galleryId"], 'image gallery', 'tiki_p_upload_images')) { 306 $galleries["data"][$i]["individual_tiki_p_upload_images"] = 'y'; 307 } else { 308 $galleries["data"][$i]["individual_tiki_p_upload_images"] = 'n'; 309 } 310 if ($userlib->object_has_permission($user, $galleries["data"][$i]["galleryId"], 'image gallery', 'tiki_p_create_galleries')) { 311 $galleries["data"][$i]["individual_tiki_p_create_galleries"] = 'y'; 312 } else { 313 $galleries["data"][$i]["individual_tiki_p_create_galleries"] = 'n'; 314 } 315 if ($tiki_p_admin == 'y' || $userlib->object_has_permission($user, $galleries["data"][$i]["galleryId"], 'image gallery', 'tiki_p_admin_galleries')) { 316 $galleries["data"][$i]["individual_tiki_p_create_galleries"] = 'y'; 317 $galleries["data"][$i]["individual_tiki_p_upload_images"] = 'y'; 318 $galleries["data"][$i]["individual_tiki_p_view_image_gallery"] = 'y'; 319 } 320 } else { 321 $galleries["data"][$i]["individual"] = 'n'; 322 } 323} 324$smarty->assign_by_ref('galleries', $galleries["data"]); 325$cat_type = 'image'; 326$cat_objid = '0'; 327include_once("categorize_list.php"); 328include('lib/filegals/max_upload_size.php'); 329include_once('tiki-section_options.php'); 330ask_ticket('upload-image'); 331// disallow robots to index page: 332$smarty->assign('metatag_robots', 'NOINDEX, NOFOLLOW'); 333$smarty->assign('mid', 'tiki-upload_image.tpl'); 334$smarty->display("tiki.tpl"); 335