1<?php
2/**
3 * @package tikiwiki
4 */
5// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project
6//
7// All Rights Reserved. See copyright.txt for details and a complete list of authors.
8// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
9// $Id$
10
11$section = 'galleries';
12require_once('tiki-setup.php');
13$categlib = TikiLib::lib('categ');
14$imagegallib = TikiLib::lib('imagegal');
15$filegallib = TikiLib::lib('filegal');
16
17$access->check_feature('feature_galleries');
18
19if ($tiki_p_upload_images != 'y' and ! $tikilib->user_has_perm_on_object($user, $_REQUEST["galleryId"], "image gallery", "tiki_p_upload_images")) {
20	$smarty->assign('errortype', 401);
21	$smarty->assign('msg', tra("You do not have permission to upload images"));
22	$smarty->display("error.tpl");
23	die;
24}
25
26$foo = parse_url($_SERVER["REQUEST_URI"]);
27$foo1 = str_replace("tiki-upload_image", "tiki-browse_image", $foo["path"]);
28$foo2 = str_replace("tiki-upload_image", "show_image", $foo["path"]);
29$smarty->assign('url_browse', $tikilib->httpPrefix() . $foo1);
30$smarty->assign('url_show', $foo2);
31$smarty->assign('show', 'n');
32unset($data);
33// Process an upload here
34if (isset($_REQUEST["upload"])) {
35	check_ticket('upload-image');
36	// Check here if it is an upload or an URL
37	$tikilib->get_perm_object($_REQUEST["galleryId"], 'image gallery');
38	if ($tiki_p_admin_galleries == 'y') {
39		$tiki_p_view_image_gallery = 'y';
40		$tiki_p_upload_images = 'y';
41		$tiki_p_create_galleries = 'y';
42	}
43	$access->check_permission('tiki_p_upload_images');
44
45	$gal_info = $imagegallib->get_gallery($_REQUEST["galleryId"]);
46	if ($gal_info["thumbSizeX"] == 0) {
47		$gal_info["thumbSizeX"] = 80;
48	}
49	if ($gal_info["thumbSizeY"] == 0) {
50		$gal_info["thumbSizeY"] = 80;
51	}
52	// Check the user to be admin or owner or the gallery is public
53	if ($tiki_p_admin_galleries != 'y' && (! $user || $user != $gal_info["user"]) && $gal_info["public"] != 'y') {
54		$smarty->assign('errortype', 401);
55		$smarty->assign('msg', tra("You have permission to upload images but not to this gallery"));
56		$smarty->display("error.tpl");
57		die;
58	}
59	$error_msg = '';
60	if (empty($user) && $prefs['feature_antibot'] == 'y' && ! $captchalib->validate()) {
61		$error_msg = $captchalib->getErrors();
62		$smarty->assign('errortype', 'no_redirect_login');
63	}
64	if (! empty($_REQUEST["url"])) {
65		// check URL. avoid uploading local files!
66		if (! preg_match('#http[s]?://#i', $_REQUEST["url"])) {
67			$_REQUEST["url"] = 'http://' . $_REQUEST["url"];
68		}
69		$data = $tikilib->httprequest($_REQUEST["url"]);
70		if ($data) {
71			// Get the image from a URL
72			if (@getimagesize($_REQUEST["url"])) { // that's not nice. reads the image twice.
73				// I'll have to add some functionality in imagegalslib
74				// remember me if i forget that. redflo
75				$url_info = parse_url($_REQUEST["url"]);
76				$pinfo = pathinfo($url_info["path"]);
77				$type = "image/" . $pinfo["extension"];
78				$filename = $pinfo["basename"];
79				$size = strlen($data);
80			} else {
81				$error_msg = tra("Cannot get image from URL");
82				$smarty->assign('errortype', 'no_redirect_login');
83			}
84		} else {
85			$error_msg = tra("That is not an image (or you have php < 4.0.5)");
86			$smarty->assign('errortype', 'no_redirect_login');
87		}
88	} else {
89		// We process here file uploads
90		if (isset($_FILES['userfile1']) && ! empty($_FILES['userfile1']['name'])) {
91			if (is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
92				try {
93					$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name'], $_FILES['userfile1']['name']);
94				} catch (Exception $e) {
95					$smarty->assign('errortype', 403);
96					$smarty->assign('msg', $e->getMessage());
97					$smarty->display("error.tpl");
98					die;
99				}
100				if (! empty($prefs['gal_match_regex'])) {
101					if (! preg_match('/' . $prefs['gal_match_regex'] . '/', $_FILES['userfile1']['name'], $reqs)) {
102						$smarty->assign('msg', tra('Invalid imagename (using filters for filenames)'));
103						$smarty->assign('errortype', 'no_redirect_login');
104						$smarty->display("error.tpl");
105						die;
106					}
107				}
108				if (! empty($prefs['gal_nmatch_regex'])) {
109					if (preg_match('/' . $prefs['gal_nmatch_regex'] . '/', $_FILES['userfile1']['name'], $reqs)) {
110						$smarty->assign('msg', tra('Invalid imagename (using filters for filenames)'));
111						$smarty->assign('errortype', 'no_redirect_login');
112						$smarty->display("error.tpl");
113						die;
114					}
115				}
116				$type = $_FILES['userfile1']['type'];
117				$size = $_FILES['userfile1']['size'];
118				$filename = $_FILES['userfile1']['name'];
119				// Check for a zip file.....
120				if (substr($filename, strlen($filename) - 3) == 'zip') {
121					if ($tiki_p_batch_upload_images == 'y') {
122						if ($imagegallib->process_batch_image_upload($_REQUEST["galleryId"], $_FILES['userfile1']['tmp_name'], $user) == 0) {
123							$smarty->assign('msg', tra('Error processing zipped image package'));
124							$smarty->assign('errortype', 'no_redirect_login');
125							$smarty->display("error.tpl");
126							die;
127						}
128						header("location: tiki-browse_gallery.php?galleryId=" . $_REQUEST["galleryId"]);
129						die();
130					} else {
131						$smarty->assign('msg', tra('No permission to upload zipped image packages'));
132						$smarty->display("error.tpl");
133						die;
134					}
135				}
136				$file_name = $_FILES['userfile1']['name'];
137				$file_tmp_name = $_FILES['userfile1']['tmp_name'];
138				$tmp_dest = $prefs['tmpDir'] . '/' . $file_name . '.tmp'; // add .tmp to not overwrite existing files (like index.php)
139				if (! move_uploaded_file($file_tmp_name, $tmp_dest)) {
140					if ($tiki_p_admin == 'y') {
141						$smarty->assign('msg', tra('Errors detected') . '. ' . tra('Check that these paths exist and are writable by the web server') . ': ' . $file_tmp_name . ' ' . $tmp_dest);
142					} else {
143						$smarty->assign('msg', tra('Errors detected'));
144					}
145					$smarty->assign('errortype', 'no_redirect_login');
146					$smarty->display("error.tpl");
147					die();
148				}
149				$fp = fopen($tmp_dest, "rb");
150				$data = fread($fp, filesize($tmp_dest));
151				fclose($fp);
152				$imginfo = @getimagesize($tmp_dest);
153				unlink($tmp_dest);
154				if (! $data || ! $imginfo) { // Not in Image format
155					$error_msg = tra('The uploaded file is not recognized as a image');
156					$smarty->assign('errortype', 'no_redirect_login');
157				}
158			} else {
159				$error_msg = $tikilib->uploaded_file_error($_FILES['userfile1']['error']);
160				if (! empty($error_msg)) {
161					$smarty->assign('errortype', 'no_redirect_login');
162				}
163			}
164		}
165	}
166	$up_thumb = 0;
167	// If the thumbnail was uploaded
168	if (isset($_FILES['userfile2']) && ! empty($_FILES['userfile2']['name'])) {
169		try {
170			$filegallib->assertUploadedFileIsSafe($_FILES['userfile2']['tmp_name'], $_FILES['userfile2']['name']);
171		} catch (Exception $e) {
172			$smarty->assign('errortype', 403);
173			$smarty->assign('msg', $e->getMessage());
174			$smarty->display("error.tpl");
175			die;
176		}
177		$thumb_data = $imagegallib->get_one_image_from_disk('userfile2');
178		if (isset($thumb_data['msg'])) {
179			$error_msg = $thumb_data['msg'];
180			$smarty->assign('errortype', 'no_redirect_login');
181		}
182		$up_thumb = 1;
183	}
184	if ($error_msg) {
185		$smarty->assign('msg', $error_msg);
186		$smarty->display("error.tpl");
187		die;
188	}
189	if (isset($_REQUEST["name"]) && ! empty($_REQUEST["name"])) {
190		$name = $_REQUEST["name"];
191	} elseif (isset($filename)) {
192		$name = $filename;
193	} else {
194		$name = "";
195	}
196	$lat = null;
197	$lon = null;
198	if (isset($data)) {
199		if (! $up_thumb) {
200			if (function_exists("ImageCreateFromString") && (! strstr($type, "gif"))) {
201				if ($img = @imagecreatefromstring($data)) {
202					$size_x = imagesx($img);
203					$size_y = imagesy($img);
204					if ($size_x > $size_y) {
205						$tscale = ((int)$size_x / $gal_info["thumbSizeX"]);
206					} else {
207						$tscale = ((int)$size_y / $gal_info["thumbSizeY"]);
208					}
209					$tw = ((int)($size_x / $tscale));
210					$ty = ((int)($size_y / $tscale));
211					if (chkgd2()) {
212						$t = imagecreatetruecolor($tw, $ty);
213						imagecopyresampled($t, $img, 0, 0, 0, 0, $tw, $ty, $size_x, $size_y);
214					} else {
215						$t = imagecreate($tw, $ty);
216						$imagegallib->ImageCopyResampleBicubic($t, $img, 0, 0, 0, 0, $tw, $ty, $size_x, $size_y);
217					}
218					// CHECK IF THIS TEMP IS WRITEABLE OR CHANGE THE PATH TO A WRITEABLE DIRECTORY
219					//$tmpfname = 'temp.jpg';
220					$tmpfname = tempnam($prefs['tmpDir'], "TMPIMG");
221					imagejpeg($t, $tmpfname);
222					// Now read the information
223					$fp = fopen($tmpfname, "rb");
224					$t_data = fread($fp, filesize($tmpfname));
225					fclose($fp);
226					unlink($tmpfname);
227					//$t_pinfo = pathinfo($tmpfname);
228					//$t_type = $t_pinfo["extension"];
229					$t_type = 'image/jpg'; // . $t_type;
230					$imageId = $imagegallib->insert_image($_REQUEST["galleryId"], $name, $_REQUEST["description"], $filename, $type, $data, $size, $size_x, $size_y, $user, $t_data, $t_type, $lat, $lon, $gal_info);
231				} else { // Not in Image format
232					$smarty->assign('msg', tra('The uploaded file is not recognized as a image'));
233					$smarty->display('error.tpl');
234					die;
235				}
236			} else {
237				$tmpfname = '';
238				$imageId = $imagegallib->insert_image($_REQUEST["galleryId"], $name, $_REQUEST["description"], $filename, $type, $data, $size, $imginfo[0], $imginfo[1], $user, '', '', $lat, $lon, $gal_info);
239			}
240		} else {
241			if (function_exists("ImageCreateFromString") && (! strstr($type, "gif"))) {
242				if ($img = @imagecreatefromstring($data)) {
243					$size_x = imagesx($img);
244					$size_y = imagesy($img);
245				} else {
246					// Not in Image format
247					$smarty->assign('msg', tra('The uploaded file is not recognized as a image'));
248					$smarty->display('error.tpl');
249					die;
250				}
251			} else {
252				$size_x = $imginfo[0];
253				$size_y = $imginfo[1];
254			}
255			$imageId = $imagegallib->insert_image($_REQUEST["galleryId"], $name, $_REQUEST["description"], $filename, $type, $data, $size, $size_x, $size_y, $user, $thumb_data, $thumb_data['filetype'], $lat, $lon, $gal_info);
256		}
257		if (! $imageId) {
258			$smarty->assign('msg', tra('Upload failed'));
259			$smarty->display("error.tpl");
260			die;
261		}
262		$smarty->assign_by_ref('imageId', $imageId);
263		// Now that the image was inserted we can display the image here.
264		$smarty->assign('show', 'y');
265		$smarty->assign_by_ref('tmpfname', $tmpfname);
266		$smarty->assign_by_ref('fname', $_REQUEST["url"]);
267		// Finally categorise it
268		$cat_type = 'image';
269		$cat_objid = $imageId;
270		$cat_desc = substr($_REQUEST["description"], 0, 200);
271		$cat_name = $name;
272		$cat_href = $foo1 . "?imageId=" . $cat_objid;
273		include_once("categorize.php");
274	}
275}
276$batchRes = [];
277for ($i = 3; $i <= 8; $i++) {
278	if (isset($_FILES["userfile$i"]) && ! empty($_FILES["userfile$i"]['name'])) {
279		$batchRes[] = $imagegallib->get_one_image_from_disk("userfile$i", $_REQUEST['galleryId'], isset($_REQUEST['name']) ? $_REQUEST['name'] : '', $_REQUEST['description'], $gal_info);
280	}
281}
282if (count($batchRes)) {
283	$smarty->assign_by_ref('batchRes', $batchRes);
284}
285// Get the list of galleries to display the select box in the template
286if (isset($_REQUEST["galleryId"])) {
287	$smarty->assign_by_ref('galleryId', $_REQUEST["galleryId"]);
288} else {
289	$smarty->assign('galleryId', '');
290}
291if ($tiki_p_admin_galleries != 'y') {
292	$galleries = $imagegallib->list_visible_galleries(0, -1, 'lastModif_desc', $user, '');
293} else {
294	$galleries = $imagegallib->list_galleries(0, -1, 'lastModif_desc', $user, '');
295}
296$temp_max = count($galleries["data"]);
297for ($i = 0; $i < $temp_max; $i++) {
298	if ($userlib->object_has_one_permission($galleries["data"][$i]["galleryId"], 'image gallery')) {
299		$galleries["data"][$i]["individual"] = 'y';
300		if ($userlib->object_has_permission($user, $galleries["data"][$i]["galleryId"], 'image gallery', 'tiki_p_view_image_gallery')) {
301			$galleries["data"][$i]["individual_tiki_p_view_image_gallery"] = 'y';
302		} else {
303			$galleries["data"][$i]["individual_tiki_p_view_image_gallery"] = 'n';
304		}
305		if ($userlib->object_has_permission($user, $galleries["data"][$i]["galleryId"], 'image gallery', 'tiki_p_upload_images')) {
306			$galleries["data"][$i]["individual_tiki_p_upload_images"] = 'y';
307		} else {
308			$galleries["data"][$i]["individual_tiki_p_upload_images"] = 'n';
309		}
310		if ($userlib->object_has_permission($user, $galleries["data"][$i]["galleryId"], 'image gallery', 'tiki_p_create_galleries')) {
311			$galleries["data"][$i]["individual_tiki_p_create_galleries"] = 'y';
312		} else {
313			$galleries["data"][$i]["individual_tiki_p_create_galleries"] = 'n';
314		}
315		if ($tiki_p_admin == 'y' || $userlib->object_has_permission($user, $galleries["data"][$i]["galleryId"], 'image gallery', 'tiki_p_admin_galleries')) {
316			$galleries["data"][$i]["individual_tiki_p_create_galleries"] = 'y';
317			$galleries["data"][$i]["individual_tiki_p_upload_images"] = 'y';
318			$galleries["data"][$i]["individual_tiki_p_view_image_gallery"] = 'y';
319		}
320	} else {
321		$galleries["data"][$i]["individual"] = 'n';
322	}
323}
324$smarty->assign_by_ref('galleries', $galleries["data"]);
325$cat_type = 'image';
326$cat_objid = '0';
327include_once("categorize_list.php");
328include('lib/filegals/max_upload_size.php');
329include_once('tiki-section_options.php');
330ask_ticket('upload-image');
331// disallow robots to index page:
332$smarty->assign('metatag_robots', 'NOINDEX, NOFOLLOW');
333$smarty->assign('mid', 'tiki-upload_image.tpl');
334$smarty->display("tiki.tpl");
335