Changeset 2073 in ExiteCMS for modules/common/wiki/php-files/modules/wiki/handlers/page/upload.php
- Timestamp:
- 11/26/08 22:20:46 (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
modules/common/wiki/php-files/modules/wiki/handlers/page/upload.php
r2043 r2073 10 10 | the included gpl.txt file or visit http://gnu.org | 11 11 +----------------------------------------------------*/ 12 global $db_prefix, $locale, $userdata, $imagetypes; 13 14 if ($this->HasAccess("read")) { 15 16 // error handling 17 if (isset($_GET['status'])) { 18 $status = $_GET['status']; 19 switch ($status) { 20 case "upy": 21 $error = stripinput($GET['image'])." succesfully uploaded"; 22 break; 23 case "upe": 24 $error = stripinput($GET['image'])." succesfully replaced"; 25 break; 26 case "upn": 27 $error = "The file uploaded is not recognized as a valid image"; 28 break; 29 } 30 if (isset($error)) { 31 print("<table align='center' cellpadding='0' cellspacing='0' width='100%'> 32 <tr> 33 <td class='tbl' align='center'> 34 <br /> 35 <b>".$error."</b> 36 <br /><br /> 37 </td> 38 </tr> 39 </table>\n"); 40 } 41 } 42 43 // parameter processing 44 $userid = isset($_GET['userid']) ? stripinput($_GET['userid']) : -1; 45 if (isset($_POST['uploadimage'])) { 46 $imgext = strrchr($_FILES['myfile']['name'], "."); 47 $imgname = $_FILES['myfile']['name']; 48 $imgsize = $_FILES['myfile']['size']; 49 $imgtemp = $_FILES['myfile']['tmp_name']; 50 // valid extension ? 12 13 // globals used in PM function storemessage() 14 global $db_prefix, $locale, $userdata, $imagetypes, $settings, $action, $attachments, $global_options, $totals, $random_id; 15 16 // no upload allowed if no write access to the page! 17 if (!$this->HasAccess("write")) { 18 redirect($this->Href()); 19 } 20 21 // load the locale 22 locale_load('modules.wiki'); 23 24 // error handling 25 if (isset($_GET['status'])) { 26 $status = stripinput($_GET['status']); 27 $file = isset($_GET['file']) ? stripinput($_GET['file']) : ""; 28 switch ($status) { 29 case "upy": 30 $error = $file." succesfully uploaded"; 31 break; 32 case "upe": 33 $error = $file." succesfully replaced"; 34 break; 35 case "upi": 36 $error = "The file uploaded has an illegal file type"; 37 break; 38 case "upn": 39 $error = "The file uploaded is not recognized as a valid image"; 40 break; 41 case "upx": 42 $error = "The file is not really uploaded. Hacking attempt logged!"; 43 break; 44 default: 45 break; 46 } 47 if (isset($error)) { 48 49 // no we need to report this to the wiki admins? 50 if (!empty($settings['wiki_report_uploads'])) { 51 52 // include the pm functions 53 include_once PATH_INCLUDES."pm_functions_include.php"; 54 55 // create the PM message 56 $message = array(); 57 $message['pm_subject'] = $locale['430']; 58 $message['pm_message'] = sprintf($locale['431'], $userdata['user_name'], $error); 59 $message['pm_size'] = strlen($message['pm_message']); 60 $message['pm_datestamp'] = time(); 61 $message['pm_smileys'] = 1; 62 $message['recipients'] = array(-1 * $settings['wiki_report_uploads']); 63 $message['user_ids'] = array(); 64 65 $group_id = $settings['wiki_report_uploads']; 66 if ($group_id == "101" || $group_id == "102" || $group_id == "103") { 67 // message to a user_level based group 68 $result = dbquery( 69 "SELECT u.user_id, u.user_name, u.user_email, mo.pmconfig_email_notify FROM ".$db_prefix."users u 70 LEFT JOIN ".$db_prefix."pm_config mo USING(user_id) 71 WHERE user_status = '0' AND user_level >= '".$group_id."'" 72 ); 73 } else { 74 // message to a user_groups based group 75 $groups = array(); 76 // gather the group and it's sub-groups into an array 77 getgroupmembers($group_id); 78 $sql = "SELECT u.user_id, u.user_name, u.user_email, mo.pmconfig_email_notify FROM ".$db_prefix."users u 79 LEFT JOIN ".$db_prefix."pm_config mo USING(user_id) 80 WHERE "; 81 $c = 0; 82 foreach ($groups as $group) { 83 $sql .= ($c++==0?"":"OR ")."user_groups REGEXP('^\\\.{$group}$|\\\.{$group}\\\.|\\\.{$group}$') "; 84 } 85 $result = dbquery($sql); 86 } 87 } 88 89 // process the user information retrieved 90 while ($data = dbarray($result)) { 91 // make sure we don't already have this user (due to group membership) 92 if (!in_array($data['user_id'], $message['user_ids'])) { 93 // add it to the processed user_ids list 94 $message['user_ids'][] = $data; 95 } 96 } 97 98 // send the PM message 99 storemessage($message, false, true); 100 101 print("<table align='center' cellpadding='0' cellspacing='0' width='100%'> 102 <tr> 103 <td class='tbl' align='center'> 104 <br /> 105 <b>".$error."</b> 106 <br /><br /> 107 </td> 108 </tr> 109 </table>\n"); 110 } 111 } 112 // parameter processing 113 $userid = isset($_GET['userid']) ? stripinput($_GET['userid']) : -1; 114 if (isset($_POST['uploadfile']) && !empty($_FILES['myfile']['name'])) { 115 $imgext = strrchr($_FILES['myfile']['name'], "."); 116 $imgname = $_FILES['myfile']['name']; 117 $imgsize = $_FILES['myfile']['size']; 118 $imgtemp = $_FILES['myfile']['tmp_name']; 119 120 // check if this file has really been uploaded 121 if (is_uploaded_file($imgtemp)) { 122 123 // check if this file has a forbidden extension 124 if (in_array($imgext, explode(",", $settings['attachtypes']))) { 125 redirect($this->Href('upload')."&file=".stripinput($imgname)."&status=upi"); 126 } 127 128 // check if the file is an image file 51 129 if (in_array($imgext, $imagetypes)) { 52 // really an uploaded file? 53 if (is_uploaded_file($imgtemp)){ 54 // really an image? 55 if (verify_image($imgtemp)){ 56 $imgname = PATH_IMAGES."wiki/".substr("000000".$userdata['user_id'], -6)."_".$imgname; 57 $newfile = !file_exists($imgname); 58 move_uploaded_file($imgtemp, $imgname); 59 chmod($afolder.$imgname,0644); 60 if ($newfile) { 61 redirect($this->Href('upload')."&status=upy&image=".$_FILES['myfile']['name']); 62 } else { 63 redirect($this->Href('upload')."&status=upe"); 64 } 130 if (verify_image($imgtemp)){ 131 $imgname = PATH_IMAGES."wiki/".substr("000000".$userdata['user_id'], -6)."_".$imgname; 132 $newfile = !file_exists($imgname); 133 move_uploaded_file($imgtemp, $imgname); 134 chmod($afolder.$imgname,0644); 135 if ($newfile) { 136 redirect($this->Href('upload')."&file=".stripinput($imgname)."&status=upy"); 65 137 } else { 66 redirect($this->Href('upload')."& status=upn");138 redirect($this->Href('upload')."&file=".stripinput($imgname)."&status=upe"); 67 139 } 68 } 69 } else { 70 redirect($this->Href('upload')."&status=upn"); 71 } 72 } 73 74 if (isset($_GET['delete']) && $this->IsAdmin() && file_exists(PATH_IMAGES."wiki/".stripinput($_GET['delete']))) { 75 unlink (PATH_IMAGES."wiki/".stripinput($_GET['delete'])); 76 } 77 78 // open the page body 79 print("<div class='page'>"); 80 81 // get the list of uploaded images 82 $filelist = makefilelist(PATH_IMAGES.'wiki', ".|.."); 83 84 // create a page 85 $upload_list = array(); 86 $uploads = count($filelist); 87 $user = ""; 140 } else { 141 redirect($this->Href('upload')."&file=".stripinput($imgname)."&status=upn"); 142 } 143 144 } else { 145 146 $imgname = PATH_ROOT."files/wiki/".substr("000000".$userdata['user_id'], -6)."_".$imgname; 147 $newfile = !file_exists($imgname); 148 move_uploaded_file($imgtemp, $imgname); 149 chmod($afolder.$imgname,0644); 150 if ($newfile) { 151 redirect($this->Href('upload')."&file=".stripinput($imgname)."&status=upy"); 152 } else { 153 redirect($this->Href('upload')."&file=".stripinput($imgname)."&status=upe"); 154 } 155 156 } 157 158 } else { 159 redirect($this->Href('upload')."&file=".stripinput($imgname)."&status=upx"); 160 } 161 162 } 163 164 if (isset($_GET['delete']) && isset($_GET['type']) && $this->IsAdmin()) { 165 switch (stripinput($_GET['type'])) { 166 case "F": 167 unlink (PATH_ROOT."files/wiki/".stripinput($_GET['delete'])); 168 break; 169 case "I": 170 unlink (PATH_IMAGES."wiki/".stripinput($_GET['delete'])); 171 break; 172 default: 173 } 174 } 175 176 // get the list of uploaded images and files 177 $filelist = array_flip(makefilelist(PATH_IMAGES.'wiki', ".|..")); 178 foreach($filelist as $key => $value) { 179 $filelist[$key] = "I"; 180 } 181 $filelist = array_merge($filelist, array_flip(makefilelist(PATH_ROOT.'files/wiki', ".|.."))); 182 foreach($filelist as $key => $value) { 183 if (isNum($value)) $filelist[$key] = "F"; 184 } 185 ksort($filelist); 186 187 // create a page 188 $upload_list = array(); 189 $uploads = count($imagelist) + count($filelist); 190 $user = ""; 88 191 89 // display the uploaded files in a foldable list 90 print("<table align='center' cellpadding='0' cellspacing='0' width='100%'> 91 <tr> 92 <td class='tbl2' style='white-space:nowrap;'> 93 Uploaded by 192 // open the page body 193 print("<div class='page'>"); 194 195 // display the uploaded files in a foldable list 196 print("<table align='center' cellpadding='0' cellspacing='0' width='100%'> 197 <tr> 198 <td class='tbl2' style='white-space:nowrap;'> 199 Uploaded by 200 </td> 201 <td align='right' class='tbl2'> 202 Options 203 </td> 204 </tr> 205 <tr> 206 <td colspan='2' height='1'> 207 </td> 208 </tr>\n"); 209 210 $first = true; 211 foreach ($filelist as $file => $filetype) { 212 $s = explode("_", $file); 213 $usr = count($s) > 1 ? (int) $s[0] : 0; 214 if ($usr != $user) { 215 $user = $usr; 216 if ($usr == 0) { 217 $username = $locale['user2'];; 218 } else { 219 $result = dbquery("SELECT user_name FROM ".$db_prefix."users WHERE user_id = '$usr'"); 220 if ($data = dbarray($result)) { 221 $username = $data['user_name']; 222 } 223 } 224 // close the previous block? 225 if (!$first) { 226 print ("</table> 227 </div> 228 </td> 229 </tr>\n"); 230 } else { 231 $first = false; 232 } 233 // new user 234 print ("<tr> 235 <td class='tbl2'> 236 <img src='".THEME."images/bullet.gif' alt='' /> 237 <a href='".BASEDIR."profile.php?lookup=$usr'>$username</a> 94 238 </td> 95 <td align='right' class='tbl2'>96 Options239 <td class='tbl2' align='right'> 240 <img onclick=\"javascript:flipBox('dl_$usr')\" src='".THEME."images/panel_".($userid == $usr ? "off" : "on").".gif' name='b_dl_$usr' alt='' /> 97 241 </td> 98 242 </tr> 99 243 <tr> 100 <td colspan='2' height='1'> 101 </td> 102 </tr>\n"); 103 104 $first = true; 105 foreach ($filelist as $file) { 106 $s = explode("_", $file); 107 $usr = count($s) > 1 ? (int) $s[0] : 0; 108 if ($usr != $user) { 109 $user = $usr; 110 if ($usr == 0) { 111 $username = $locale['user2'];; 112 } else { 113 $result = dbquery("SELECT user_name FROM ".$db_prefix."users WHERE user_id = '$usr'"); 114 if ($data = dbarray($result)) { 115 $username = $data['user_name']; 116 } 117 } 118 // close the previous block? 119 if (!$first) { 120 print ("</table> 121 </div> 244 <td colspan='2'> 245 <div id='box_dl_$usr' style='".($userid == $usr ? "" : "display:none")."'> 246 <table cellpadding='0' cellspacing='0' width='100%'>\n"); 247 } 248 if ($filetype == "I") { 249 $imagesize = @getimagesize(PATH_IMAGES."wiki/".$file); 250 $filetime = date("Y-m-d H:i", filemtime(PATH_IMAGES."wiki/".$file)); 251 } else { 252 $imagesize = ""; 253 $filetime = date("Y-m-d H:i", filemtime(PATH_ROOT."files/wiki/".$file)); 254 } 255 print ("<tr> 256 <td class='tbl'> 257 $file 122 258 </td> 259 <td class='tbl' width='1%' style='white-space:nowrap'> 260 ".$filetime." 261 </td> 262 <td class='tbl' width='1%' style='white-space:nowrap'> 263 ".(is_array($imagesize) ? ($imagesize[0]."x".$imagesize[1]) : "")." 264 </td> 265 <td align='right' width='1%' class='tbl' style='white-space:nowrap'>"); 266 print (" 267 <a href='".$this->Href('upload')."&userid=$usr&view=$file&type=$filetype'><img src='".THEME."images/image_view.gif' alt='View' title='View' /></a> "); 268 if ($this->IsAdmin()) { 269 if ($filetype == "I") { 270 print ("<a href='".$this->Href('upload')."&userid=$usr&delete=$file&type=I' onclick='return DeleteItem()'><img src='".THEME."images/picture_delete.gif' alt='Delete' title='Delete Image' /></a>"); 271 } else { 272 print ("<a href='".$this->Href('upload')."&userid=$usr&delete=$file&type=F' onclick='return DeleteItem()'><img src='".THEME."images/page_delete.gif' alt='Delete' title='Delete File' /></a>"); 273 } 274 print ("</td> 123 275 </tr>\n"); 124 } else { 125 $first = false; 126 } 127 // new user 276 } 277 if (isset($_GET['view']) && stripinput($_GET['view']) == $file) { 278 if (stripinput($_GET['type']) == "I") { 128 279 print ("<tr> 129 <td class='tbl2'> 130 <img src='".THEME."images/bullet.gif' alt='' /> 131 <a href='".BASEDIR."profile.php?lookup=$usr'>$username</a> 132 </td> 133 <td class='tbl2' align='right'> 134 <img onclick=\"javascript:flipBox('dl_$usr')\" src='".THEME."images/panel_".($userid == $usr ? "off" : "on").".gif' name='b_dl_$usr' alt='' /> 135 </td> 136 </tr> 137 <tr> 138 <td colspan='2'> 139 <div id='box_dl_$usr' style='".($userid == $usr ? "" : "display:none")."'> 140 <table cellpadding='0' cellspacing='0' width='100%'>\n"); 141 } 142 $imagesize = @getimagesize(PATH_IMAGES."wiki/".$file); 143 print ("<tr> 144 <td class='tbl'> 145 $file 146 </td> 147 <td class='tbl' width='1%' style='white-space:nowrap'> 148 ".date("Y-m-d H:i", filemtime(PATH_IMAGES."wiki/".$file))." 149 </td> 150 <td class='tbl' width='1%' style='white-space:nowrap'> 151 ".(is_array($imagesize) ? ($imagesize[0]."x".$imagesize[1]) : "")." 152 </td> 153 <td align='right' width='1%' class='tbl' style='white-space:nowrap'> 154 <a href='".$this->Href('upload')."&userid=$usr&view=$file'><img src='".THEME."images/image_view.gif' alt='View' title='View' /></a> "); 155 if ($this->IsAdmin()) { 156 print ("<a href='".$this->Href('upload')."&userid=$usr&delete=$file' onclick='return DeleteItem()'><img src='".THEME."images/image_delete.gif' alt='Delete' title='Delete' /></a> 280 <td class='tbl2' colspan='4' align='center'> 281 <img src='".IMAGES."wiki/$file' alt='$file' /> 157 282 </td> 158 283 </tr>\n"); 159 }160 if (isset($_GET['view']) && stripinput($_GET['view']) == $file) {161 284 print ("<tr> 162 <td class='tbl2' colspan='4' align='center'> 163 <img src='".IMAGES."wiki/$file' alt='$file' /> 164 </td> 165 </tr>\n"); 285 <td class='tbl2' colspan='4' align='center'> 286 <div style='vertical-align:middle;display:table-cell;padding:4px;'> 287 <b>Copy to Wiki</b>:<br /> {{image class=\"center\" alt=\"$file\" title=\" description here \" url=\"$file\"}} 288 </div> 289 </td> 290 </tr>\n"); 291 } else { 166 292 print ("<tr> 167 <td class='tbl2' colspan='4' align='center'> 168 <div style='vertical-align:middle;display:table-cell;padding:4px;'> 169 <b>Copy to Wiki</b>:<br /> {{image class=\"center\" alt=\"$file\" title=\" description here \" url=\"$file\"}} 170 </div> 171 </td> 172 </tr>\n"); 173 } 174 175 } 176 // need to close the last block? 177 if (!$first) { 178 print ("</table> 179 </div> 293 <td class='tbl2' colspan='4' align='center'> 294 <div style='vertical-align:middle;display:table-cell;padding:4px;'> 295 <b>Copy to Wiki</b>:<br /> [[".$settings['siteurl']."files/wiki/$file ".substr($file,7)."]] 296 </div> 297 </td> 298 </tr>\n"); 299 } 300 } 301 } 302 // need to close the last block? 303 if (!$first) { 304 print ("</table> 305 </div> 306 </td> 307 </tr>\n"); 308 } 309 print ("</table> 310 <script type='text/javascript'> 311 function DeleteItem() 312 { 313 return confirm('Delete uploaded file?'); 314 } 315 </script>"); 316 317 // file path notice 318 print("<br /><div style='text-align:center;' class='small'>To prevent abuse, the wiki administrator(s) will be notified about every file uploaded</div>"); 319 320 // seperator 321 print("<hr /><br />"); 322 323 // upload form 324 print("<form name='uploadform' method='post' action='".$this->Href('upload')."' enctype='multipart/form-data'> 325 <table align='center' cellpadding='0' cellspacing='0' width='100%'> 326 <tr> 327 <td align='center' class='tbl'> 328 New Wiki File: <input type='file' name='myfile' class='textbox' style='width:250px;' /> 180 329 </td> 181 </tr>\n"); 182 } 183 print ("</table> 184 <script type='text/javascript'> 185 function DeleteItem() 186 { 187 return confirm('Delete uploaded image?'); 188 } 189 </script>"); 190 191 // seperator 192 print("<br /><hr /><br />"); 193 194 // upload form 195 print("<form name='uploadform' method='post' action='".$this->Href('upload')."' enctype='multipart/form-data'> 196 <table align='center' cellpadding='0' cellspacing='0' width='100%'> 197 <tr> 198 <td align='center' class='tbl'> 199 New Wiki Image: <input type='file' name='myfile' class='textbox' style='width:250px;' /> 200 </td> 201 </tr> 202 <tr> 203 <td align='center' class='tbl'> 204 <input type='submit' name='uploadimage' value='Upload' class='button' /> 205 </td> 206 </tr> 207 </table> 208 </form>"); 209 210 // close the page body 211 print("</div>"); 212 } 330 </tr> 331 <tr> 332 <td align='center' class='tbl'> 333 <input type='submit' name='uploadfile' value='Upload' class='button' /> 334 </td> 335 </tr> 336 </table> 337 </form>"); 338 339 // close the page body 340 print("</div>"); 213 341 ?>
Note: See TracChangeset
for help on using the changeset viewer.
