root/trunk/redirectors/uploadavatar.php

Revision 291, 5.9 kB (checked in by hannes, 3 years ago)

establishing a global warnings array to store and display (choke) warnings

Line 
1 <?php
2
3 /**
4  * Package: Spam Board 5
5  * File: redirectors/uploadavatar.php
6  * Description: Upload a new image to the avatar directory
7  *
8  * Copyright (C) 2007, 2009 Hannes Schueller
9  *
10  * This program is free software: you can redistribute it and/or modify
11  * it under the terms of the GNU Affero General Public License as
12  * published by the Free Software Foundation, version 3 of the
13  * License.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  * GNU Affero General Public License for more details.
19  *
20  * You should have received a copy of the GNU Affero General Public License
21  * along with this program (see LICENCE). If not,
22  * see <http://www.gnu.org/licenses/>.
23  **/
24
25 // called independently from index
26 require_once('../includes/config/settings.php');
27
28 // load classes on demand
29 function __autoload($class) {
30     global $SETTINGS;
31     if (is_file($SETTINGS['fspath'] . 'classes/pages/' . $class . '.php')) {
32         require_once($SETTINGS['fspath'] . 'classes/pages/' . $class . '.php');
33     } elseif (is_file($SETTINGS['fspath'] . 'classes/misc/' . $class . '.php')) {
34         require_once($SETTINGS['fspath'] . 'classes/misc/' . $class . '.php');
35     } else { die('Class ' . $class . ' not found.'); }
36 }
37
38 // initialize global warnings array
39 $WARNINGS = Array();
40
41 // import version number
42 require_once($SETTINGS['fspath'] . 'includes/config/version.php');
43 // bots definition
44 require_once($SETTINGS['fspath'] . 'includes/config/bots.php');
45 // formatting object
46 $F = new Format();
47 require($SETTINGS['fspath'] . 'includes/lang/' . $SETTINGS['language'] . '.php');
48 // open database connection
49 $C = new Connection();
50 Member::session();
51 if (isset($_SESSION['lang']) && $_SESSION['lang'] != '') {
52     include($SETTINGS['fspath'] . 'includes/lang/' . $_SESSION['lang'] . '.php');
53 }
54 // translate passed variables to local identifiers
55 require($SETTINGS['fspath'] . 'includes/input.php');
56
57 // page start
58 $_pref = '../';
59 $html = Page::start();
60
61 if (isset($INPUT['commit']) && $INPUT['commit'] == 'y') {
62     // post-commit
63     // check if user has permission; required: write; independent from id
64     if (Member::checkRights('Uploadavatar', 'w')) {
65         // permission granted
66         if (is_array($_FILES['avatarfile']) && is_uploaded_file($_FILES['avatarfile']['tmp_name'])) {
67             // check file size
68             if ($_FILES['avatarfile']['size'] <= 512000) {
69                 // check file type
70                 if (in_array($_FILES['avatarfile']['type'], Array('image/gif', 'image/png', 'image/jpg', 'image/jpeg'))) {
71                     // this wasn't too reliable, so check file type again
72                     $_size = @getimagesize($_FILES['avatarfile']['tmp_name']);
73                     if ($_size[2] <= 3 && $_size[2] >= 1) {
74                         // check image dimensions
75                         if ($_size[0] <= 100 && $_size[1] <= 100) {
76                             // strip out any unwanted characters
77                             $_FILES['avatarfile']['name'] = preg_replace('/[^0-9a-zA-Z\.\/_\-]/', '_', $_FILES['avatarfile']['name']);
78                             // check if file name already exists
79                             $_found = 0;
80                             if ($handle = @opendir($SETTINGS['fspath'] . 'images/avatars')) {
81                                 while (($file = @readdir($handle)) !== FALSE) {
82                                     if ($file == $_FILES['avatarfile']['name']) {
83                                         $_found = 1;
84                                     }
85                                 }
86                                 closedir($handle);
87                             }
88                             if ($_found === 0) {
89                                 // move file to avatar directory
90                                 if (@move_uploaded_file($_FILES['avatarfile']['tmp_name'], $SETTINGS['fspath'] . 'images/avatars/' . $_FILES['avatarfile']['name'])) {
91                                     // success at last!
92                                     $div = $html->body->addChild('div', $LANG['upload_avatar_success']);
93                                     $div->addAttribute('class', 'message');
94                                 } else {
95                                     // last minute error
96                                     $div = $html->body->addChild('div', $LANG['error_avatar_move']);
97                                     $div->addAttribute('class', 'message');
98                                 }
99                             } else {
100                                 // file name taken
101                                 $div = $html->body->addChild('div', $LANG['error_avatar_filename']);
102                                 $div->addAttribute('class', 'message');
103                             }
104                         } else {
105                             // width or height too large
106                             $div = $html->body->addChild('div', $LANG['error_avatar_dimension']);
107                             $div->addAttribute('class', 'message');
108                         }
109                     } else {
110                         // invalid file type
111                         $div = $html->body->addChild('div', $LANG['error_avatar_filetype']);
112                         $div->addAttribute('class', 'message');
113                     }
114                 } else {
115                     // invalid file type
116                     $div = $html->body->addChild('div', $LANG['error_avatar_filetype']);
117                     $div->addAttribute('class', 'message');
118                 }
119             } else {
120                 // file size too large
121                 $div = $html->body->addChild('div', $LANG['error_avatar_filesize']);
122                 $div->addAttribute('class', 'message');
123             }
124         } else {
125             // no file set?
126             $div = $html->body->addChild('div', $LANG['error_avatar_file_missing']);
127             $div->addAttribute('class', 'message');
128         }
129     } else {
130         $div = $html->body->addChild('div', $LANG['error_permission_denied']);
131         $div->addAttribute('class', 'message');
132     }
133 } else {
134     // pre-commit
135     // check if user has permission; required: read; independent from id
136     if (Member::checkRights('Uploadavatar', 'r')) {
137         // permission granted
138         $html->body->addElement(new XMLElement($LANG['upload_avatar_hints']));
139         $form = new Form($_SERVER['PHP_SELF'], 'uploadform', 'multipart/form-data');
140         $form->addInput('hidden', 'commit', 'y');
141         $form->addInput('hidden', 'MAX_FILE_SIZE', '51200');
142         $form->addInput('file', 'avatarfile');
143         $form->addChild('br');
144         $form->addChild('br');
145         $form->addInput('reset', 'reset', $LANG['Reset']);
146         $form->addInput('submit', 'submit', $LANG['Submit']);
147         $html->body->addElement($form->get());
148     } else {
149         $div = $html->body->addChild('div', $LANG['error_permission_denied']);
150         $div->addAttribute('class', 'message');
151     }
152 }
153
154 $html->body->addChild('br');
155 $html->body->addChild('br');
156 $div = $html->body->addChild('div');
157 $div->addAttribute('align', 'center');
158 $a = $div->addChild('a', $LANG['Close_Window']);
159 $a->addAttribute('href', 'javascript:self.close()');
160
161 // page output
162 Page::send($html);
163
164 ?>
Note: See TracBrowser for help on using the browser.