diff options
Diffstat (limited to 'upload.php')
-rw-r--r-- | upload.php | 83 |
1 files changed, 62 insertions, 21 deletions
diff --git a/upload.php b/upload.php index a03824de2..7e320c1fa 100644 --- a/upload.php +++ b/upload.php @@ -16,7 +16,6 @@ ***************************************************************************/ //------------------------------------------------------------------- functions - // The validate_upload function checks if the image of the given path is valid. // A picture is valid when : // - width, height and filesize are not higher than the maximum @@ -114,10 +113,10 @@ else } if ( $access_forbidden == true or $page['cat_site_id'] != 1 - or $conf['upload_available'] == 'false' ) + or !$conf['upload_available'] ) { echo '<div style="text-align:center;">'.$lang['upload_forbidden'].'<br />'; - echo '<a href="'.add_session_id_to_url( './category.php' ).'">'; + echo '<a href="'.add_session_id( './category.php' ).'">'; echo $lang['thumbnails'].'</a></div>'; exit(); } @@ -127,44 +126,66 @@ $handle = $vtp->Open( './template/'.$user['template'].'/upload.vtp' ); initialize_template(); $tpl = array( 'upload_title', 'upload_username', 'mail_address', 'submit', - 'upload_successful', 'search_return_main_page' ); -templatize_array( $tpl, 'lang', $sub ); -// user -$vtp->setGlobalVar( $handle, 'style', $user['style'] ); -$vtp->setGlobalVar( $handle, 'user_login', $user['username'] ); -$vtp->setGlobalVar( $handle, 'user_mail_address',$user['mail_address'] ); + 'upload_successful', 'search_return_main_page','upload_author', + 'upload_name','upload_creation_date','upload_comment', + 'mandatory' ); +templatize_array( $tpl, 'lang', $handle ); $error = array(); -$i = 0; $page['upload_successful'] = false; if ( isset( $_GET['waiting_id'] ) ) { $page['waiting_id'] = $_GET['waiting_id']; } //-------------------------------------------------------------- picture upload -// vérification de la présence et de la validité des champs. +// verfying fields if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) ) { $path = $page['cat_dir'].$_FILES['picture']['name']; if ( @is_file( $path ) ) { - $error[$i++] = $lang['upload_file_exists']; + array_push( $error, $lang['upload_file_exists'] ); } // test de la présence des champs obligatoires - if ( $_FILES['picture']['name'] == "" ) + if ( $_FILES['picture']['name'] == '' ) { - $error[$i++] = $lang['upload_filenotfound']; + array_push( $error, $lang['upload_filenotfound'] ); } if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)", $_POST['mail_address'] ) ) { - $error[$i++] = $lang['reg_err_mail_address']; + array_push( $error, $lang['reg_err_mail_address'] ); } if ( $_POST['username'] == '' ) { - $error[$i++] = $lang['upload_err_username']; + array_push( $error, $lang['upload_err_username'] ); } + if ( $_POST['date_creation'] != '' ) + { + list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] ); + // int checkdate ( int month, int day, int year) + if ( checkdate( $month, $day, $year ) ) + { + // int mktime ( int hour, int minute, int second, + // int month, int day, int year [, int is_dst]) + $date_creation = mktime( 0, 0, 0, $month, $day, $year ); + } + else + { + array_push( $error, $lang['err_date'] ); + } + } + // creation of the "infos" field : + // <infos author="Pierrick LE GALL" comment="my comment" + // date_creation="1056891767" name="" /> + $xml_infos = '<infos'; + $xml_infos.= ' author="'.htmlspecialchars($_POST['author'],ENT_QUOTES).'"'; + $xml_infos.= ' comment="'.htmlspecialchars($_POST['comment'],ENT_QUOTES).'"'; + $xml_infos.= ' date_creation="'.$date_creation.'"'; + $xml_infos.= ' name="'.htmlspecialchars( $_POST['name'], ENT_QUOTES).'"'; + $xml_infos.= ' />'; + if ( sizeof( $error ) == 0 ) { $result = validate_upload( $path, $conf['upload_maxfilesize'], @@ -173,17 +194,17 @@ if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) ) $upload_type = $result['type']; for ( $j = 0; $j < sizeof( $result['error'] ); $j++ ) { - $error[$i++] = $result['error'][$j]; + array_push( $error, $result['error'][$j] ); } } if ( sizeof( $error ) == 0 ) { $query = 'insert into '.PREFIX_TABLE.'waiting'; - $query.= ' (cat_id,file,username,mail_address,date) values'; + $query.= ' (cat_id,file,username,mail_address,date,infos) values'; $query.= " (".$page['cat'].",'".$_FILES['picture']['name']."'"; $query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'"; - $query.= ",'".$_POST['mail_address']."',".time().")"; + $query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')"; $query.= ';'; mysql_query( $query ); $page['waiting_id'] = mysql_insert_id(); @@ -209,7 +230,7 @@ if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) ) $upload_type = $result['type']; for ( $j = 0; $j < sizeof( $result['error'] ); $j++ ) { - $error[$i++] = $result['error'][$j]; + array_push( $error, $result['error'][$j] ); } if ( sizeof( $error ) == 0 ) { @@ -243,7 +264,7 @@ if ( !$page['upload_successful'] ) { $url.= '&waiting_id='.$page['waiting_id']; } - $vtp->setGlobalVar( $handle, 'form_action', $url ); + $vtp->setGlobalVar( $handle, 'form_action', add_session_id( $url ) ); //--------------------------------------------------------------------- advises if ( $conf['upload_maxfilesize'] != '' ) { @@ -307,7 +328,27 @@ if ( !$page['upload_successful'] ) if ( !isset( $page['waiting_id'] ) ) { $vtp->addSession( $handle, 'fields' ); + // username + if ( isset( $_POST['username'] ) ) $username = $_POST['username']; + else $username = $user['username']; + $vtp->setVar( $handle, 'fields.username', $username ); + // mail address + if ( isset( $_POST['mail_address'] ) )$mail_address=$_POST['mail_address']; + else $mail_address=$user['mail_address']; + $vtp->setGlobalVar( $handle, 'user_mail_address',$user['mail_address'] ); + // name of the picture + $vtp->setVar( $handle, 'fields.name', $_POST['name'] ); + // author + $vtp->setVar( $handle, 'fields.author', $_POST['author'] ); + // date of creation + $vtp->setVar( $handle, 'fields.date_creation', $_POST['date_creation'] ); + // comment + $vtp->setVar( $handle, 'fields.comment', $_POST['comment'] ); + $vtp->closeSession( $handle, 'fields' ); + + $vtp->addSession( $handle, 'note' ); + $vtp->closeSession( $handle, 'note' ); } $vtp->closeSession( $handle, 'upload_not_successful' ); } |