1<?php 2/************************** 3 Coppermine Photo Gallery 4 ************************** 5 Copyright (c) 2003-2016 Coppermine Dev Team 6 v1.0 originally written by Gregory Demar 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License version 3 10 as published by the Free Software Foundation. 11 12 ************************************ 13 Coppermine version: 1.6.03 14 $HeadURL$ 15 ************************************/ 16 17// Confirm we are in Coppermine and set the language blocks. 18define('IN_COPPERMINE', true); 19define('UPLOAD_PHP', true); 20define('DB_INPUT_PHP', true); 21define('ADMIN_PHP', true); 22 23// Call basic functions, etc. 24require('include/init.inc.php'); 25require('include/picmgmt.inc.php'); 26 27// Check to see if user can upload pictures. Quit with an error if user cannot. 28if (!USER_CAN_UPLOAD_PICTURES && !USER_CAN_CREATE_ALBUMS) { 29 cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); 30} 31 32// Globalize $CONFIG 33global $CONFIG, $USER, $lang_upload_php, $upload_form, $max_file_size; 34 35// Set up an array of choices for the upload method 36$upload_choices = array( 37// 'swfupload' => $lang_upload_php['upload_swf'], 38// 'html_single' => $lang_upload_php['upload_single'], 39); 40// Filter upload choices to allow plugins to add upload methods 41$upload_choices = CPGPluginAPI::filter('upload_options', $upload_choices); 42 43// Complain if there is no upload method 44if (!$upload_choices) { 45 cpg_die(ERROR, $lang_upload_php['err_no_method'], __FILE__, __LINE__); 46} 47 48// Default upload method set by the gallery administrator 49$upload_form = $CONFIG['upload_mechanism']; 50 51// Populate Icon array 52$icon_array = array(); 53$icon_array['continue'] = cpg_fetch_icon('right', 2); 54$icon_array['ok'] = cpg_fetch_icon('ok', 0); 55$icon_array['cancel'] = cpg_fetch_icon('cancel', 2); 56$icon_array['upload'] = cpg_fetch_icon('upload', 2); 57$icon_array['info'] = cpg_fetch_icon('info', 2); 58 59if ($superCage->get->keyExists('html5')) { 60 $upload_form = 'upload_h5a'; 61} elseif ($superCage->get->keyExists('single')) { 62 // If we have "single" key in GET then we will force the upload form mechanism to single file upload 63 // This acts as a fallback if js or flash is disabled 64 $upload_form = 'upload_sgl'; 65} elseif ($CONFIG['allow_user_upload_choice'] && $superCage->get->keyExists('method')) { 66 // pull in upload method from GET parameter 'method' 67 $matches = $superCage->get->getMatched('method','/^[0-9A-Za-z_]+$/'); 68 $upload_form = $matches[0]; 69 $USER['upload_method'] = $upload_form; 70} elseif ($superCage->post->keyExists('method')) { 71 // pull in upload method from POST parameter 'method' 72 $matches = $superCage->post->getMatched('method','/^[0-9A-Za-z_]+$/'); 73 $upload_form = $matches[0]; 74} elseif ($CONFIG['allow_user_upload_choice'] && isset($USER['upload_method'])) { 75 $upload_form = $USER['upload_method']; 76} 77 78// Confirm that upload method chosen is one of the available choices 79if (!in_array($upload_form, array_keys($upload_choices))) { 80 // Try gallery default upload method 81 $upload_form = $CONFIG['upload_mechanism']; 82 if (!in_array($upload_form, array_keys($upload_choices))) { 83 $upload_form = 'upload_h5a'; 84 } 85 unset($USER['upload_method']); 86} 87 88js_include('js/upload.js'); 89 90//___________________________________Function Block_______________________________________ 91 92// The text box form input function. Takes the text label for the box, the input name, the maximum length for text boxes, 93// and the number of iterations. 94function text_box_input($text, $name, $max_length, $iterations, $default='') 95{ 96 97 global $CONFIG, $LINEBREAK; 98 99 $ordinal = ''; 100 101 if (($text == '') and ($iterations == '')) { 102 echo ' <input type="hidden" name="' . $name . '" value="' . $default . '" />' . $LINEBREAK; 103 return; 104 } 105 106 // Begin loop 107 for ($counter=0; $counter<$iterations; $counter++) { 108 109 // Create a numbering system when necessary. 110 if ($text == '') { 111 $cardinal = $counter + 1; 112 $ordinal = "".$cardinal.". "; 113 } 114 115 // Create a text box. 116 echo <<<EOT 117 <tr> 118 <td width="40%" class="tableb"> 119 $text $ordinal 120 </td> 121 <td width="60%" class="tableb" valign="top"> 122 <input type="text" style="width: 100%" name="$name" maxlength="$max_length" value="$default" class="textinput" id="$name" /> 123 </td> 124 </tr> 125 126EOT; 127 } 128} 129 130// The file input function. Takes the label, field name, and number of iterations as arguments. 131function file_input($text, $name, $iterations) 132{ 133 134 $ordinal = ''; 135 136 // Begin loop 137 for ($counter=0; $counter<$iterations; $counter++) { 138 139 // Create a numbering system when necessary. 140 if ($text == '') { 141 $cardinal = $counter + 1; 142 $ordinal = "".$cardinal.". "; 143 } 144 145 // Create the file input box. 146 echo <<<EOT 147 <tr> 148 <td class="tableb"> 149 $text $ordinal 150 </td> 151 <td class="tableb" valign="top"> 152 <input type="file" name="$name" size="40" class="listbox" /> 153 </td> 154 </tr> 155 156EOT; 157 } 158} 159 160// The function for text areas on forms. Takes the label, field name, and maximum length as arguments. 161function text_area_input($text, $name, $max_length,$default='') 162{ 163 164 // Create the text area. 165 echo <<<EOT 166 <tr> 167 <td class="tableb" valign="top"> 168 $text 169 </td> 170 <td class="tableb" valign="top"> 171 <textarea name="$name" rows="5" cols="40" class="textinput" style="width: 100%;" onKeyDown="textCounter(this, $max_length);" onKeyUp="textCounter(this, $max_length);">$default</textarea> 172 </td> 173 </tr> 174EOT; 175} 176 177 178// The hidden form input function. Takes the hidden input field name and value. 179function hidden_input($name, $value) 180{ 181 echo <<<EOT 182 <tr> 183 <td colspan="2"> 184 <input type="hidden" name="$name" value="$value" /> 185 </td> 186 </tr> 187 188EOT; 189} 190 191 192// The form label creation function. Takes a non-array element form $data as its argument. 193function form_label($text) 194{ 195 echo <<<EOT 196 <tr> 197 <td class="tableh2" colspan="2"> 198 <strong>$text</strong> 199 </td> 200 </tr> 201 202EOT; 203} 204 205 206// Creates the album list drop down 207function form_alb_list_box($text, $name) 208{ 209 global $lang_common; 210 211 $superCage = Inspekt::makeSuperCage(); 212 213 if ($superCage->get->keyExists('album')) { 214 $sel_album = $superCage->get->getInt('album'); 215 } elseif ($superCage->post->keyExists('album')) { 216 $sel_album = $superCage->post->getInt('album'); 217 } else { 218 $sel_album = 0; 219 } 220 $options = album_selection_options($sel_album); 221 $only_empty_albums = only_empty_albums_button(); 222 223 echo <<<EOT 224 <tr> 225 <td class="tableb tableb_alternate" width="50"> 226 {$text} 227 </td> 228 <td class="tableb tableb_alternate" valign="top"> 229 <select name="{$name}" class="listbox"> 230 <option value="">{$lang_common['select_album']}</option> 231 {$options} 232 </select> 233 {$only_empty_albums} 234 </td> 235 </tr> 236 237EOT; 238} 239 240 241// Creates Javascript verification code and opening form tags 242// $path --> path to the form action script 243function open_form($path) 244{ 245 global $upload_form; 246 247 $on_submit = ''; 248 if ('swfupload' == $upload_form) { 249 $on_submit = 'onsubmit="cpgUploadToggleProgressBar();"'; 250 } 251 252 echo <<<EOT 253 <script language="javascript" type="text/javascript"> 254 function textCounter(field, maxlimit) { 255 if (field.value.length > maxlimit) // if too long...trim it! 256 field.value = field.value.substring(0, maxlimit); 257 } 258 </script> 259 <form name="cpgform" id="cpgform" method="post" action="$path" enctype="multipart/form-data" $on_submit> 260EOT; 261} 262 263 264// The close form function creates the submit button and the closing tags. 265function close_form($button_value, $progress=0, $icon='ok') 266{ 267 // Pull the language array into the function. 268 global $lang_upload_php, $THEME_DIR, $icon_array; 269 270 // Create the submit button and close the form. 271 echo <<<EOT 272 <tr> 273 <td colspan="2" align="center" class="tablef"> 274 <span id="cpg_progress_bar" style="display:none"> 275EOT; 276 if ($progress == 1) { 277 if (defined('THEME_HAS_PROGRESS_GRAPHICS')) { 278 $prefix = $THEME_DIR; 279 } else { 280 $prefix = ''; 281 } 282 echo ' <img src="' . $prefix . 'images/loader.gif" border="0" alt="" title="' . $lang_upload_php['please_wait'] . '" />'; 283 } 284 echo <<<EOT 285 </span> 286 <span id="cpg_upload_button" style="display:block"> 287 <button type="submit" value="{$button_value}" class="button">{$icon_array[$icon]}{$button_value}</button> 288 </span> 289 </td> 290 </tr> 291EOT; 292} 293 294 295// Function to set the allowed file extensions string as required by swfupload 296// This function is currently not being used. 297function set_allowed_file_extensions_swf() 298{ 299 global $CONFIG; 300 $allowed_types = ''; 301 $allowed_img_types = explode('/', $CONFIG['allowed_img_types']); 302 if (count($allowed_img_types)) { 303 $allowed_types = '*.' . implode(';*.', $allowed_img_types) . ';'; 304 } 305 306 $allowed_mov_types = explode('/', $CONFIG['allowed_mov_types']); 307 if (count($allowed_mov_types)) { 308 $allowed_types .= '*.' . implode(';*.', $allowed_mov_types) . ';'; 309 } 310 311 $allowed_snd_types = explode('/', $CONFIG['allowed_snd_types']); 312 if (count($allowed_snd_types)) { 313 $allowed_types .= '*.' . implode(';*.', $allowed_snd_types) . ';'; 314 } 315 316 $allowed_doc_types = explode('/', $CONFIG['allowed_doc_types']); 317 if (count($allowed_doc_types)) { 318 $allowed_types .= '*.' . implode(';*.', $allowed_doc_types) . ';'; 319 } 320 321 set_js_var('allowed_file_types', $allowed_types); 322} 323 324 325//################################# MAIN CODE BLOCK ################################################## 326 327// Check whether we are getting album id through _GET or _POST 328if ($superCage->get->keyExists('album')) { 329 $sel_album = $superCage->get->getInt('album'); 330} elseif ($superCage->post->keyExists('album')) { 331 $sel_album = $superCage->post->getInt('album'); 332} else { 333 $sel_album = 0; 334} 335 336// Get public and private albums, and set maximum individual file size. 337 338if (GALLERY_ADMIN_MODE) { 339 $public_albums = cpg_db_query("SELECT aid, title, cid, name FROM {$CONFIG['TABLE_ALBUMS']} INNER JOIN {$CONFIG['TABLE_CATEGORIES']} ON cid = category WHERE category < " . FIRST_USER_CAT); 340 //select albums that don't belong to a category 341 $public_albums_no_cat = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = 0"); 342} else { 343 $public_albums = cpg_db_query("SELECT aid, title, cid, name FROM {$CONFIG['TABLE_ALBUMS']} INNER JOIN {$CONFIG['TABLE_CATEGORIES']} ON cid = category WHERE category < " . FIRST_USER_CAT . " AND ((uploads='YES' AND (visibility = '0' OR visibility IN ".USER_GROUP_SET." OR alb_password != '')) OR (owner=".USER_ID."))"); 344 //select albums that don't belong to a category 345 $public_albums_no_cat = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = 0 AND ((uploads='YES' AND (visibility = '0' OR visibility IN ".USER_GROUP_SET." OR alb_password != '')) OR (owner=".USER_ID."))"); 346} 347 348 349if ($public_albums->numRows()) { 350 $public_albums_list = cpg_db_fetch_rowset($public_albums); 351} else { 352 $public_albums_list = array(); 353} 354 355//do the same for non-categorized albums 356if ($public_albums_no_cat->numRows()) { 357 $public_albums_list_no_cat = cpg_db_fetch_rowset($public_albums_no_cat); 358} else { 359 $public_albums_list_no_cat = array(); 360} 361 362//merge the 2 album arrays 363$public_albums_list = array_merge($public_albums_list, $public_albums_list_no_cat); 364 365 366if (USER_ID) { 367 $user_albums = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY title"); 368 if ($user_albums->numRows()) { 369 $user_albums_list = cpg_db_fetch_rowset($user_albums); 370 } else { 371 $user_albums_list = array(); 372 } 373} else { 374 $user_albums_list = array(); 375} 376 377if (!count($public_albums_list) && !count($user_albums_list)) { 378 // there's no album where the user is allowed to upload to 379 if (USER_CAN_CREATE_ALBUMS) { 380 cpg_die (ERROR, $lang_upload_php['err_no_alb_uploadables'].'<br /> <br /><a href="albmgr.php" title="'.$lang_user_admin_menu['albmgr_title'].'" class="admin_menu">'.$lang_user_admin_menu['albmgr_lnk'].'</a>', __FILE__, __LINE__); 381 } else { 382 cpg_die (ERROR, $lang_upload_php['err_no_alb_uploadables'], __FILE__, __LINE__); 383 } 384} 385 386// Assign maximum file size for browser controls. 387$max_file_size = $CONFIG['max_upl_size'] * 1024; 388 389// If no form inputs to process, create the upload forms using the upload congfiguration. 390if (!$superCage->post->keyExists('process') && !$superCage->post->keyExists('plugin_process')) { 391 392 $upload_select = ''; 393 if ($CONFIG['allow_user_upload_choice']) { 394 // allow user to choose upload method 395 $upload_select .= ' '; 396 397 $upload_select .= '<select name="method" id="uploadMethod" class="listbox" title="' . $lang_upload_php['choose_method'] . '">'; 398 399 foreach ($upload_choices as $key => $label) { 400 $upload_select .= '<option value="' . $key . '"' 401 . ($key == $upload_form ? ' selected="selected"' : '') 402 . '>' . $label . '</option>'; 403 } 404 $upload_select .= '</select>' . ' ' 405 . cpg_display_help('f=configuration.htm&as=admin_upload_mechanism&ae=admin_upload_mechanism_end', '450', '300'); 406 } 407 408 // Call active plugins for alternate upload forms 409 CPGPluginAPI::action('upload_form',array($upload_form,$upload_select)); 410 411 // Do some cleanup in the edit directory. 412 spring_cleaning('./'.$CONFIG['fullpath'].'edit',CPG_HOUR); 413 414 if ($USER_DATA['pub_upl_need_approval'] == 1 || $USER_DATA['priv_upl_need_approval'] == 1) { 415 echo '<div id="admin_approval" style="display: none;">'; 416 msg_box($lang_common['information'], $lang_db_input_php['upload_success']); 417 echo '</div>'; 418 } 419 420 $upload_help = cpg_display_help('f=empty.htm&h=lang_upload_php[title]&t=lang_tmp_upload',470,245); 421 422 $upload_table_header = <<<EOT 423 <table border="0" cellspacing="0" cellpadding="0" width="100%"> 424 <tr> 425 <td> 426 {$icon_array['upload']}{$lang_upload_php['title']} {$upload_help} 427 </td> 428 <td style="text-align:right"> 429 <span id="upload_method_selector"> 430 {$upload_select} 431 </span> 432 </td> 433 </tr> 434 </table> 435EOT; 436 437 pagefooter(); 438 439 440// Process a plugin's form submission 441} elseif ($superCage->post->keyExists('plugin_process')) { 442 443 // Call active plugins for alternate upload forms 444 CPGPluginAPI::action('upload_process',$upload_form); 445} 446 447//EOF