1<?php
2/**************************
3  Coppermine Photo Gallery
4 **************************
5  Copyright (c) 2003-2016 Coppermine Dev Team
6  v1.0 originally written by Gregory Demar
7
8  This program is free software; you can redistribute it and/or modify
9  it under the terms of the GNU General Public License version 3
10  as published by the Free Software Foundation.
11
12 ************************************
13  Coppermine version: 1.6.03
14  $HeadURL$
15 ************************************/
16
17// Confirm we are in Coppermine and set the language blocks.
18define('IN_COPPERMINE', true);
19define('UPLOAD_PHP', true);
20define('DB_INPUT_PHP', true);
21define('ADMIN_PHP', true);
22
23// Call basic functions, etc.
24require('include/init.inc.php');
25require('include/picmgmt.inc.php');
26
27// Check to see if user can upload pictures.  Quit with an error if user cannot.
28if (!USER_CAN_UPLOAD_PICTURES && !USER_CAN_CREATE_ALBUMS) {
29    cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
30}
31
32// Globalize $CONFIG
33global $CONFIG, $USER, $lang_upload_php, $upload_form, $max_file_size;
34
35// Set up an array of choices for the upload method
36$upload_choices = array(
37//    'swfupload'   => $lang_upload_php['upload_swf'],
38//    'html_single' => $lang_upload_php['upload_single'],
39);
40// Filter upload choices to allow plugins to add upload methods
41$upload_choices = CPGPluginAPI::filter('upload_options', $upload_choices);
42
43// Complain if there is no upload method
44if (!$upload_choices) {
45    cpg_die(ERROR, $lang_upload_php['err_no_method'], __FILE__, __LINE__);
46}
47
48// Default upload method set by the gallery administrator
49$upload_form = $CONFIG['upload_mechanism'];
50
51// Populate Icon array
52$icon_array = array();
53$icon_array['continue'] = cpg_fetch_icon('right', 2);
54$icon_array['ok'] = cpg_fetch_icon('ok', 0);
55$icon_array['cancel'] = cpg_fetch_icon('cancel', 2);
56$icon_array['upload'] = cpg_fetch_icon('upload', 2);
57$icon_array['info'] = cpg_fetch_icon('info', 2);
58
59if ($superCage->get->keyExists('html5')) {
60    $upload_form = 'upload_h5a';
61} elseif ($superCage->get->keyExists('single')) {
62	// If we have "single" key in GET then we will force the upload form mechanism to single file upload
63	// This acts as a fallback if js or flash is disabled
64    $upload_form = 'upload_sgl';
65} elseif ($CONFIG['allow_user_upload_choice'] && $superCage->get->keyExists('method')) {
66    // pull in upload method from GET parameter 'method'
67    $matches = $superCage->get->getMatched('method','/^[0-9A-Za-z_]+$/');
68    $upload_form = $matches[0];
69    $USER['upload_method'] = $upload_form;
70} elseif ($superCage->post->keyExists('method')) {
71    // pull in upload method from POST parameter 'method'
72    $matches = $superCage->post->getMatched('method','/^[0-9A-Za-z_]+$/');
73    $upload_form = $matches[0];
74} elseif ($CONFIG['allow_user_upload_choice'] && isset($USER['upload_method'])) {
75    $upload_form = $USER['upload_method'];
76}
77
78// Confirm that upload method chosen is one of the available choices
79if (!in_array($upload_form, array_keys($upload_choices))) {
80    // Try gallery default upload method
81    $upload_form = $CONFIG['upload_mechanism'];
82    if (!in_array($upload_form, array_keys($upload_choices))) {
83        $upload_form = 'upload_h5a';
84    }
85    unset($USER['upload_method']);
86}
87
88js_include('js/upload.js');
89
90//___________________________________Function Block_______________________________________
91
92// The text box form input function. Takes the text label for the box, the input name, the maximum length for text boxes,
93// and the number of iterations.
94function text_box_input($text, $name, $max_length, $iterations, $default='')
95{
96
97    global $CONFIG, $LINEBREAK;
98
99    $ordinal = '';
100
101    if (($text == '') and ($iterations == '')) {
102        echo '        <input type="hidden" name="' . $name . '" value="' . $default . '" />' . $LINEBREAK;
103        return;
104    }
105
106    // Begin loop
107    for ($counter=0; $counter<$iterations; $counter++) {
108
109    // Create a numbering system when necessary.
110    if ($text == '') {
111        $cardinal = $counter + 1;
112        $ordinal = "".$cardinal.". ";
113    }
114
115    // Create a text box.
116    echo <<<EOT
117        <tr>
118            <td width="40%" class="tableb">
119                        $text  $ordinal
120        </td>
121        <td width="60%" class="tableb" valign="top">
122                <input type="text" style="width: 100%" name="$name" maxlength="$max_length" value="$default" class="textinput" id="$name" />
123                </td>
124        </tr>
125
126EOT;
127    }
128}
129
130// The file input function. Takes the label, field name, and number of iterations as arguments.
131function file_input($text, $name, $iterations)
132{
133
134    $ordinal = '';
135
136    // Begin loop
137    for ($counter=0; $counter<$iterations; $counter++) {
138
139    // Create a numbering system when necessary.
140    if ($text == '') {
141        $cardinal = $counter + 1;
142        $ordinal = "".$cardinal.". ";
143    }
144
145    // Create the file input box.
146    echo <<<EOT
147        <tr>
148            <td class="tableb">
149                        $text  $ordinal
150        </td>
151        <td class="tableb" valign="top">
152                        <input type="file" name="$name" size="40" class="listbox" />
153                </td>
154        </tr>
155
156EOT;
157    }
158}
159
160// The function for text areas on forms. Takes the label, field name, and maximum length as arguments.
161function text_area_input($text, $name, $max_length,$default='')
162{
163
164    // Create the text area.
165    echo <<<EOT
166        <tr>
167                <td class="tableb" valign="top">
168                        $text
169                </td>
170                <td class="tableb" valign="top">
171                        <textarea name="$name" rows="5" cols="40" class="textinput" style="width: 100%;" onKeyDown="textCounter(this, $max_length);" onKeyUp="textCounter(this, $max_length);">$default</textarea>
172                </td>
173        </tr>
174EOT;
175}
176
177
178// The hidden form input function. Takes the hidden input field name and value.
179function hidden_input($name, $value)
180{
181        echo <<<EOT
182        <tr>
183            <td colspan="2">
184                   <input type="hidden" name="$name" value="$value" />
185            </td>
186        </tr>
187
188EOT;
189}
190
191
192// The form label creation function. Takes a non-array element form $data as its argument.
193function form_label($text)
194{
195    echo <<<EOT
196        <tr>
197                <td class="tableh2" colspan="2">
198                        <strong>$text</strong>
199                </td>
200        </tr>
201
202EOT;
203}
204
205
206// Creates the album list drop down
207function form_alb_list_box($text, $name)
208{
209    global $lang_common;
210
211    $superCage = Inspekt::makeSuperCage();
212
213    if ($superCage->get->keyExists('album')) {
214        $sel_album = $superCage->get->getInt('album');
215    } elseif ($superCage->post->keyExists('album')) {
216        $sel_album = $superCage->post->getInt('album');
217    } else {
218        $sel_album = 0;
219    }
220    $options = album_selection_options($sel_album);
221    $only_empty_albums = only_empty_albums_button();
222
223    echo <<<EOT
224    <tr>
225      <td class="tableb tableb_alternate" width="50">
226        {$text}
227      </td>
228      <td class="tableb tableb_alternate" valign="top">
229        <select name="{$name}" class="listbox">
230          <option value="">{$lang_common['select_album']}</option>
231          {$options}
232        </select>
233        {$only_empty_albums}
234      </td>
235    </tr>
236
237EOT;
238}
239
240
241// Creates Javascript verification code and opening form tags
242// $path --> path to the form action script
243function open_form($path)
244{
245    global $upload_form;
246
247    $on_submit = '';
248    if ('swfupload' == $upload_form) {
249        $on_submit = 'onsubmit="cpgUploadToggleProgressBar();"';
250    }
251
252    echo <<<EOT
253    <script language="javascript" type="text/javascript">
254    function textCounter(field, maxlimit) {
255            if (field.value.length > maxlimit) // if too long...trim it!
256            field.value = field.value.substring(0, maxlimit);
257    }
258    </script>
259    <form name="cpgform" id="cpgform" method="post" action="$path" enctype="multipart/form-data" $on_submit>
260EOT;
261}
262
263
264// The close form function creates the submit button and the closing tags.
265function close_form($button_value, $progress=0, $icon='ok')
266{
267    // Pull the language array into the function.
268    global $lang_upload_php, $THEME_DIR, $icon_array;
269
270    // Create the submit button and close the form.
271    echo <<<EOT
272      <tr>
273        <td colspan="2" align="center" class="tablef">
274          <span id="cpg_progress_bar" style="display:none">
275EOT;
276    if ($progress == 1) {
277        if (defined('THEME_HAS_PROGRESS_GRAPHICS')) {
278            $prefix = $THEME_DIR;
279        } else {
280            $prefix = '';
281        }
282        echo '            <img src="' . $prefix . 'images/loader.gif" border="0" alt="" title="' . $lang_upload_php['please_wait'] . '" />';
283    }
284    echo <<<EOT
285          </span>
286          <span id="cpg_upload_button" style="display:block">
287            <button type="submit" value="{$button_value}" class="button">{$icon_array[$icon]}{$button_value}</button>
288          </span>
289        </td>
290      </tr>
291EOT;
292}
293
294
295// Function to set the allowed file extensions string as required by swfupload
296// This function is currently not being used.
297function set_allowed_file_extensions_swf()
298{
299    global $CONFIG;
300    $allowed_types = '';
301    $allowed_img_types = explode('/', $CONFIG['allowed_img_types']);
302    if (count($allowed_img_types)) {
303        $allowed_types = '*.' . implode(';*.', $allowed_img_types) . ';';
304    }
305
306    $allowed_mov_types = explode('/', $CONFIG['allowed_mov_types']);
307    if (count($allowed_mov_types)) {
308        $allowed_types .= '*.' . implode(';*.', $allowed_mov_types) . ';';
309    }
310
311    $allowed_snd_types = explode('/', $CONFIG['allowed_snd_types']);
312    if (count($allowed_snd_types)) {
313        $allowed_types .= '*.' . implode(';*.', $allowed_snd_types) . ';';
314    }
315
316    $allowed_doc_types = explode('/', $CONFIG['allowed_doc_types']);
317    if (count($allowed_doc_types)) {
318        $allowed_types .= '*.' . implode(';*.', $allowed_doc_types) . ';';
319    }
320
321    set_js_var('allowed_file_types', $allowed_types);
322}
323
324
325//################################# MAIN CODE BLOCK ##################################################
326
327// Check whether we are getting album id through _GET or _POST
328if ($superCage->get->keyExists('album')) {
329    $sel_album = $superCage->get->getInt('album');
330} elseif ($superCage->post->keyExists('album')) {
331    $sel_album = $superCage->post->getInt('album');
332} else {
333    $sel_album = 0;
334}
335
336// Get public and private albums, and set maximum individual file size.
337
338if (GALLERY_ADMIN_MODE) {
339    $public_albums = cpg_db_query("SELECT aid, title, cid, name FROM {$CONFIG['TABLE_ALBUMS']} INNER JOIN {$CONFIG['TABLE_CATEGORIES']} ON cid = category WHERE category < " . FIRST_USER_CAT);
340    //select albums that don't belong to a category
341    $public_albums_no_cat = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = 0");
342} else {
343    $public_albums = cpg_db_query("SELECT aid, title, cid, name FROM {$CONFIG['TABLE_ALBUMS']} INNER JOIN {$CONFIG['TABLE_CATEGORIES']} ON cid = category WHERE category < " . FIRST_USER_CAT . " AND ((uploads='YES' AND (visibility = '0' OR visibility IN ".USER_GROUP_SET." OR alb_password != '')) OR (owner=".USER_ID."))");
344    //select albums that don't belong to a category
345    $public_albums_no_cat = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = 0 AND ((uploads='YES' AND (visibility = '0' OR visibility IN ".USER_GROUP_SET." OR alb_password != '')) OR (owner=".USER_ID."))");
346}
347
348
349if ($public_albums->numRows()) {
350    $public_albums_list = cpg_db_fetch_rowset($public_albums);
351} else {
352    $public_albums_list = array();
353}
354
355//do the same for non-categorized albums
356if ($public_albums_no_cat->numRows()) {
357    $public_albums_list_no_cat = cpg_db_fetch_rowset($public_albums_no_cat);
358} else {
359    $public_albums_list_no_cat = array();
360}
361
362//merge the 2 album arrays
363$public_albums_list = array_merge($public_albums_list, $public_albums_list_no_cat);
364
365
366if (USER_ID) {
367    $user_albums = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY title");
368    if ($user_albums->numRows()) {
369        $user_albums_list = cpg_db_fetch_rowset($user_albums);
370    } else {
371        $user_albums_list = array();
372    }
373} else {
374    $user_albums_list = array();
375}
376
377if (!count($public_albums_list) && !count($user_albums_list)) {
378    // there's no album where the user is allowed to upload to
379    if (USER_CAN_CREATE_ALBUMS) {
380        cpg_die (ERROR, $lang_upload_php['err_no_alb_uploadables'].'<br />&nbsp;<br /><a href="albmgr.php" title="'.$lang_user_admin_menu['albmgr_title'].'" class="admin_menu">'.$lang_user_admin_menu['albmgr_lnk'].'</a>', __FILE__, __LINE__);
381    } else {
382        cpg_die (ERROR, $lang_upload_php['err_no_alb_uploadables'], __FILE__, __LINE__);
383    }
384}
385
386// Assign maximum file size for browser controls.
387$max_file_size = $CONFIG['max_upl_size'] * 1024;
388
389// If no form inputs to process, create the upload forms using the upload congfiguration.
390if (!$superCage->post->keyExists('process') && !$superCage->post->keyExists('plugin_process')) {
391
392    $upload_select = '';
393    if ($CONFIG['allow_user_upload_choice']) {
394        // allow user to choose upload method
395        $upload_select .= '&nbsp;&nbsp;&nbsp;';
396
397        $upload_select .= '<select name="method" id="uploadMethod" class="listbox" title="' . $lang_upload_php['choose_method'] . '">';
398
399        foreach ($upload_choices as $key => $label) {
400            $upload_select .= '<option value="' . $key . '"'
401                . ($key == $upload_form ? ' selected="selected"' : '')
402                . '>' . $label . '</option>';
403        }
404        $upload_select .= '</select>' . '&nbsp;'
405            . cpg_display_help('f=configuration.htm&amp;as=admin_upload_mechanism&amp;ae=admin_upload_mechanism_end', '450', '300');
406    }
407
408    // Call active plugins for alternate upload forms
409    CPGPluginAPI::action('upload_form',array($upload_form,$upload_select));
410
411    // Do some cleanup in the edit directory.
412    spring_cleaning('./'.$CONFIG['fullpath'].'edit',CPG_HOUR);
413
414	if ($USER_DATA['pub_upl_need_approval'] == 1 || $USER_DATA['priv_upl_need_approval'] == 1) {
415		echo '<div id="admin_approval" style="display: none;">';
416		msg_box($lang_common['information'], $lang_db_input_php['upload_success']);
417		echo '</div>';
418	}
419
420	$upload_help = cpg_display_help('f=empty.htm&amp;h=lang_upload_php[title]&amp;t=lang_tmp_upload',470,245);
421
422    $upload_table_header = <<<EOT
423    <table border="0" cellspacing="0" cellpadding="0" width="100%">
424        <tr>
425            <td>
426                {$icon_array['upload']}{$lang_upload_php['title']} {$upload_help}
427            </td>
428            <td style="text-align:right">
429                <span id="upload_method_selector">
430                    {$upload_select}
431                </span>
432            </td>
433        </tr>
434    </table>
435EOT;
436
437    pagefooter();
438
439
440// Process a plugin's form submission
441} elseif ($superCage->post->keyExists('plugin_process')) {
442
443    // Call active plugins for alternate upload forms
444    CPGPluginAPI::action('upload_process',$upload_form);
445}
446
447//EOF