Location: PHPKode > projects > Yappa-ng > yappa-ng/admin_modules/admin_module_upload.inc.php
<?php

/*
 * ***********************************************************************************************
 * Filename:     admin_module_upload.inc.php
 * Module:       Admin-Module
 * Subcategory:  Upload pictures/images
 * Description:  Lets you upload your images to the specific album (sec-checks!)
 * Remark:       Idea and great parts of the sourcecode from Kim Le (Thank You!)
 * ***********************************************************************************************
 *
 *
 * Project:     yappa-ng : yet another php photo album - next generation
 * Author:      Fritz Berger <hide@address.com>
 * Copyright:   2003 Fritz Berger
 * $Header: /cvsroot/yappa-ng/yappa-ng/admin_modules/admin_module_upload.inc.php,v 1.18 2005/04/25 18:02:07 zirkon13 Exp $
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 *
 * You may contact the author of yappa-ng by e-mail at:
 *    hide@address.com
 *
 * The latest version of yappa-ng can be obtained from:
 *    http://www.zirkon.at/zirkon/scripts/yappa-ng/yappa-ng_main_ger.html (german)
 *    http://www.zirkon.at/zirkon/scripts/yappa-ng/yappa-ng_main_eng.html (english)
 *
 * ***********************************************************************************************
 * ***********************************************************************************************
 * ***                                                                                         ***
 * ***   yappa-ng is based on "YAPPA v1.7 devel - 22.April 2002"                               ***
 * ***                         released on http://sourceforge.net/projects/yappa/              ***
 * ***   YAPPA is Copyright Federico 'pix' Feroldi (hide@address.com)                           ***
 * ***   YAPPA is released under the GNU GPL                                                   ***
 * ***                                                                                         ***
 * ***********************************************************************************************
 * ***********************************************************************************************
 */


?>

<?php


/*
 * Standard Security Check
 */

if (!defined('SecCheck')) {
	die("You Cannot Access This Script Directly - Have a Nice Day.");
}



/* Cleanup the file name removing any special characters. */
/* Code for this function submitted by:
 *     Marc Andrew Pawlowsky (marcpawl at users dot sourceforge dot net) 
 */
function CleanFileName($old_name) {
	$first_letter_good = false;
	while ( (! $first_letter_good) && ($old_name != "") ) {
		$first_letter = substr($old_name, 0, 1);
		if ($first_letter == '.') {
			// We do not allow the first letter to be a period since this is
			// special indicating a hidden file in Unix.
			$old_name = substr($old_name, 1);
		} else {
			$first_letter_good = true;
		}
	}

	/* In this section we only let through characters we know as safe.
	 * The dangerous alternative is to try to filter out characters,
	 * but that makes it possible to make mistakes such having
	 * special HTML characters, e.g. < or >
	 *
	 * changed by Fritz Berger
	 * the following could be solved by a good erig_replace - but i'm not so good with regular expressions.
	 *
	 * Keep only alphanumeric letters
	 * and SOME special chars:
	 * blank will get changed to "_" (underscore)
	 * "_", "-" and "." will be allowed 
	 * AND the dot only one at a time!
	 */
	$new_name = "";
	$i = 0;
	// check that there are not 2 or more dots in row
	$l_one_dot_check = 0;
	// be sure that after deleting some bad chars there is not a dot in first place AGAIN!
	$l_dot_is_now_first = 1;
	$len = strlen($old_name);
	while ($i < $len) {
		$letter = substr($old_name, $i, 1);
		/* because the ctype_alnum is still not widely spread (january 2004) and many
		 * server have the PHP compiled without the ctype_alnum option I stop using it
		 * (for the moment) and reset to "conventional" (but slower) methods */
		// if ( ctype_alnum($letter) ) {
		if ( ereg("[A-Za-z0-9]", $letter) ) {
			$new_name = $new_name . $letter;
			$l_one_dot_check = 0;
			$l_dot_is_now_first = 0;
		} else {
			if ($letter ==  " ") {
				$letter = "_";
			}
			if (($letter == ".") && ($l_one_dot_check == 0) && ($l_dot_is_now_first == 0)) {
				$new_name = $new_name . $letter;
				$l_one_dot_check = 1;
			}
			if (($letter == "_") || ($letter == "-")) {
				$new_name = $new_name . $letter;
				$l_one_dot_check = 0;
				$l_dot_is_now_first = 0;
			}
		}
		$i = $i + 1;
	}

	return $new_name;
}


$config['lang_intuitive'] = "no";
$album->clear_album_comment();
$album->read_album_info();
$page["album_title"] = $album->_album_title;

$uri_base = str_replace("&admintask=Upload","",$global_var['self_url']);


$num_files = $config["upload_number"];

$l_album = rawurldecode($_GET["album"]);
$dir = singleslash($config["photo_root"] . "/" . $l_album);
// list the permitted filetypes to display

$l_permitted = "";
$l_first = 0;
foreach($config['permitted_filetypes'] as $ok) {
	if ($l_first == 0) {
		$l_permitted .= $ok;
		$l_first = 1;
	} else {
		$l_permitted .= "|" . $ok;
	}
}

if(isset($_FILES['fupload'])) {
	for ($i=0; $i<$num_files; $i++ ) {
		if (($_FILES['fupload']['name'][$i]) && ($_FILES['fupload']['size'][$i] != "0")) {
			$l_original_filename = $_FILES['fupload']['name'][$i];
			$l_original_filesize = $_FILES['fupload']['size'][$i];
			$l_dest_filename = CleanFileName($l_original_filename);
			$dest = singleslash($dir . "/" . $l_dest_filename);
			// if file does not start with a dot, has one or more chars before the image-extension
			// accept the file
			if (eregi("^[^.].+\.($l_permitted)$",$l_dest_filename)) {
				if (!copy($_FILES['fupload']['tmp_name'][$i], $dest)) {
					// copy error!
					$msg[$i] = $lang_akt["admin_upload_file"] . ($i+1). ": " . $l_original_filename . " / " . $l_original_filesize . " Bytes: " . $lang_akt["admin_upload_error"] . "<br>";
					// log level: Warning
					if((int)"8" & (int)$config["loglevel"]) {
						$log_msg = date("U") . "|Warning|" . "AlbumAdmin Upload: Could not upload file '" . $l_original_filename . "' into album '" . $l_album . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|admin_module_upload.inc.php|" . __LINE__ . "\n";
						@error_log($log_msg, 3, "yappa-ng.log");
					}
				} else {
					//upload ok!
					$msg[$i] = $lang_akt["admin_upload_file"] . ($i+1). ": " . $l_dest_filename . " / " . $l_original_filesize . " Bytes " . $lang_akt["admin_upload_ok"] . "<br>";
					if ($l_original_filename != $l_dest_filename) {
						// log level 1: Administration
						if((int)"1" & (int)$config["loglevel"]) {
							$log_msg = date("U") . "|Administration|" . "AlbumAdmin Upload: CHANGED filename from '" . $l_original_filename . "' to '" . $l_dest_filename . "' !|" . $_SERVER['REMOTE_ADDR'] . "|-|admin_module_upload.inc.php|" . __LINE__ . "\n";
							@error_log($log_msg, 3, "yappa-ng.log");
						}
					}
					// log level 1: Administration
					if((int)"1" & (int)$config["loglevel"]) {
						$log_msg = date("U") . "|Administration|" . "AlbumAdmin Upload: UPLOAD of file '" . $l_dest_filename . "' into album '" . $l_album . "' successful.|" . $_SERVER['REMOTE_ADDR'] . "|-|admin_module_upload.inc.php|" . __LINE__ . "\n";
						@error_log($log_msg, 3, "yappa-ng.log");
					}
					if (!@chmod($dest, intval("0644", 8))) {
						if((int)"8" & (int)$config["loglevel"]) {
							$log_msg = date("U") . "|Warning|" . "AlbumAdmin Upload: Failed to CHMOD successfully uploaded file '" . $l_dest_filename . "' into album '" . $l_album . "'|-|-|admin_module_upload.inc.php|" . __LINE__ . "\n";
							@error_log($log_msg, 3, "yappa-ng.log");
						}
					}
				}
			} else {
				// upload is NOT a permitted filetype!!!!
				$msg[$i] =$lang_akt["admin_upload_file"] . ($i+1). ": " . $l_original_filename . " / " . $l_original_filesize . " Bytes " . $lang_akt["admin_upload_noimage"] . "<br>";
				// log level: Warning
				if((int)"8" & (int)$config["loglevel"]) {
					$log_msg = date("U") . "|Warning|" . "AlbumAdmin Upload: Uploaded file is NOT a permitted filetype '" . $l_original_filename . "' into album '" . $l_album . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|admin_module_upload.inc.php|" . __LINE__ . "\n";
					@error_log($log_msg, 3, "yappa-ng.log");
				}
			}
		}
	}
}

?>

<form action="<?php print $global_var['self_url']; ?>" enctype="multipart/form-data" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php print $config["upload_limit"]; ?>">
<table cellspacing="0" cellpadding="5" border="0" width="100%">
<tr valign="top">
<td class="thumbnailCell">
<table width="100%" border="0" cellspacing="0" cellpadding="3">
	<tr><td colspan=2 align="center" class="adminHeading"><?php print $lang_akt["admin_upload_hmain"]; ?></td></tr>
	<tr><td colspan=4 align="center" class="adminDescription"><?php print $lang_akt["admin_upload_album"]; ?></td></tr>
	<tr><td colspan=4 align="center" class="adminAlbum"> " <?php print $page["album_title"] ? $page["album_title"] : $page["album_name"]; ?> " </td></tr>
	<tr><td colspan=4 align="center" class="adminComments"><?php print $lang_akt["admin_upload_expl1"]; ?></td></tr>
	<tr><td colspan=4 align="center" class="adminComments"><?php $l_help = str_replace("|",", ",$l_permitted); print $l_help; ?></td></tr>
	<tr><td colspan=4 align="center" class="adminComments"><?php print $lang_akt["admin_upload_expl2a"] . $config["upload_limit"] . $lang_akt["admin_upload_expl2b"]; ?></td></tr>
	<tr><td colspan="2" class="passwdAdminCancel" align="center" >
	[ <b><a href="<?php echo $uri_base ?>"><?php echo $lang_akt["passwd_admin_cancel"]; ?></b></a> ]</td></tr>
	<tr><td width="10%">&nbsp;</td><td>&nbsp;</td></tr>
	<tr><td colspan="2" align="center" class="adminStatus">
	<?php if(isset($_POST['BeenSubmitted'])) {
		for ($i=0; $i<$num_files; $i++ ) {
			if(isset($msg[$i])) {
				print $msg[$i];
			}
		}
	}  ?>
	</td></tr>


	<?php for ($i=0; $i<$num_files; $i++) { ?>
		<tr><td width="10%" nowrap><?php print $lang_akt["admin_upload_file"] . ($i+1). ": " ; ?></td>
		<td><input type=file size=30 name="fupload[<?php print $i; ?>]"></td></tr>
	<?php }
		/* <td><input type=file size=30 name="fupload_<?=$i?>"></td></tr> */
	?>

	<tr><td colspan="2">&nbsp;</td></tr>
	<tr><td colspan="2" align="center">
		<input type="hidden" name="BeenSubmitted" value="true">
		<input type="submit" name="submit" value="<?php print $lang_akt['submit']; ?>">
	</td>
	</tr>


</table>
</td>
</tr>
</table>
</form>
Return current item: Yappa-ng