<?
require "pics.php";
// this is just the config file for passwords etc
function is_valid_filename($filename)
{
return eregi('^[a-zA-Z0-9._-]+$', $filename);
}
function is_valid_type($type)
{
if($type == "image/gif" ||
$type == "image/jpeg" ||
$type == "image/pjpeg" ||
$type == "image/x-png" ||
$type == "image/png") return true;
else return false;
}
function is_zip_file($type)
{
return ($type == "application/zip" ||
$type == "application/x-zip" ||
$type == "application/x-zip-compressed");
}
function get_user_quota($user)
{
require "pics.php";
$connection = mysql_pconnect($db_host, $db_user, $db_password);
mysql_select_db($db_database);
$query = "SELECT size FROM quota q, member m ";
$query .= "WHERE m.quota_key = q.quota_key ";
$query .= "AND BINARY m.username = '$user'";
$results = mysql_query($query);
$result = mysql_fetch_array($results);
$total = $result[0];
mysql_free_result($results);
mysql_close($connection);
return $total;
}
function get_used_space($user)
{
require "pics.php";
$connection = mysql_pconnect($db_host, $db_user, $db_password);
mysql_select_db($db_database);
$query = "SELECT sum(p.filesize) as sum ";
$query .= "FROM picture p, member m ";
$query .= "WHERE BINARY username = '$user' ";
$query .= "AND m.member_key = p.member_key";
$results = mysql_query($query);
$result = mysql_fetch_array($results);
$total = $result[0];
mysql_free_result($results);
mysql_close($connection);
return $total;
}
function add_picture($member_key, $filename, $filesize, $size_x, $size_y)
{
require "pics.php";
$connection = mysql_pconnect($db_host, $db_user, $db_password);
mysql_select_db($db_database);
$query = "INSERT into picture ";
$query .= "(member_key, filename, filesize, size_x, size_y, date_posted) ";
$query .= "VALUES ($member_key, '$filename', $filesize, $size_x, $size_y, now())";
mysql_query($query);
$query = "SELECT picture_key FROM picture ";
$query .= "WHERE member_key = $member_key ";
$query .= "AND BINARY filename = '$filename'";
$results = mysql_query($query);
$result = mysql_fetch_array($results);
$key = $result[0];
mysql_free_result($results);
mysql_close($connection);
return $key;
}
function create_tn($src, $dst, $type)
{
require "pics.php";
if($type == "image/jpeg" || $type == "image/pjpeg")
$src_img = imagecreatefromjpeg($src);
else if($type == "image/gif")
$src_img = imagecreatefromgif($src);
else if($type == "image/x-png")
$src_img = imagecreatefrompng($src);
$size = getimagesize($src);
$x = $size[0];
$y = $size[1];
$new_x = 0;
$new_y = 0;
if($x < $tn_aspect && $y < $tn_aspect)
{
$new_x = $x;
$new_y = $y;
}
else
{
$ratio = $tn_aspect / $x;
if($y * $ratio > $tn_aspect)
$ratio = $tn_aspect / $y;
$new_x = $x * $ratio;
$new_y = $y * $ratio;
}
$dst_img = imagecreatetruecolor($new_x, $new_y);
imagecopyresized($dst_img, $src_img,
0, 0, 0, 0, $new_x, $new_y, $x, $y);
$index = (int)($dst / 100);
$dst_dir = "$tn_dir/$index";
if(!file_exists($dst_dir))
mkdir($dst_dir);
imagejpeg($dst_img, "$dst_dir/$dst.jpg", $tn_quality);
}
function get_tn_offset($index)
{
$offset = (int)($index / 100);
return $offset;
}
session_start();
$user = $_SESSION["user"];
$key = $_SESSION["key"];
$is_zip = false;
$zip_log = "";
if(!$user)
{
header("Location: index.php");
exit;
}
if(isset($_SESSION["quota_exceeded"]))
{
header("Location: home.php");
exit;
}
if(isset($_FILES['image']))
{
$file = $_FILES['image']['name'];
if(!$file)
{
header("Location: upload.php");
exit;
}
$tmpfile = $_FILES['image']['tmp_name'];
$fullpath = "$users_dir/$user/" . $_FILES['image']['name'];
if(is_zip_file($_FILES['image']['type']))
{
$is_zip = true;
$tmp_user_dir = "$work_dir/$user";
$command = "unzip -qoj $tmpfile -d $tmp_user_dir";
if(file_exists($tmp_user_dir))
exec("rm -rf $tmp_user_dir");
mkdir($tmp_user_dir);
exec($command);
$i = 0;
$d = dir($tmp_user_dir);
while (false != ($entry = $d->read()))
{
if($entry[0] != '.')
{
$fullpath = "$users_dir/$user/$entry";
$file = "$tmp_user_dir/$entry";
$type = exec("$mime_tool $file");
if(!is_valid_filename($entry))
{
$zip_log = $zip_log."Skipping file \"$entry\". Invalid filename.<br>";
}
else if(file_exists($fullpath))
{
$zip_log = $zip_log."<font color=\"red\">Skipping file \"$entry\". File with the same name exists in your account.</font><br>";
}
else if(is_valid_type($type))
{
copy($file, $fullpath);
$size = getimagesize($fullpath);
$size_x = $size[0];
$size_y = $size[1];
$pic_number = add_picture($key, $entry, filesize($fullpath), $size_x, $size_y);
create_tn($fullpath, $pic_number, $type);
$used = get_used_space($user);
$total = get_user_quota($user);
$link = "<a href=".$site_url."users/".$user."/".$entry.">$entry</a>";
$zip_log = $zip_log."File \"$link\" imported successfully.<br>";
if($total != -1 && ($used >= $total))
{
$zip_log = $zip_log."<font color=\"red\">Processing stopped. Quota exceeded.</font><br>";
break;
}
}
else
$zip_log = $zip_log."<font color=\"red\">Skipping file: \"$entry\". Invalid file type.</font><br>";
}
}
exec("rm -rf $tmp_user_dir");
$success = true;
}
else if(!is_valid_filename($file))
{
$error = "Invalid filename. Must be alphanumeric. Underscores and dashes are ok.";
}
else if(file_exists($fullpath))
{
$error = "File already exists!";
}
else if(is_valid_type($_FILES['image']['type']) == false)
{
$error = "Invalid file type, rejected.";
}
else if(move_uploaded_file($_FILES['image']['tmp_name'], $fullpath))
{
$size = getimagesize($fullpath);
$size_x = $size[0];
$size_y = $size[1];
$pic_number = add_picture($key, $file, filesize($fullpath), $size_x, $size_y);
create_tn($fullpath, $pic_number, $_FILES['image']['type']);
$used = get_used_space($user);
$total = get_user_quota($user);
if($total - $used < 0)
$_SESSION["quota_exceeded"] = true;
$success = true;
}
}
?>
<html>
<head>
<title><?= $site_name ?> - Upload</title>
<link rel="stylesheet" href="pics.css" type="text/css">
</head>
<body>
<table cellspacing="0" cellpadding="10" width="100%" height="99%" border="1" bordercolor="#1144aa">
<tr height="4%">
<td colspan="2" bgcolor="#1144aa">
<? require "top_motd.php" ?>
</td>
</tr>
<tr>
<td width="20%" valign="top">
<? require "nav_user.php";
?>
<? require "nav_last5.php";
?>
</td>
<td valign="top">
<p>
Files must be in the image/gif (*.gif), image/jpeg (*.jpeg), image/pjpeg (*.jpg) or image/x-png (*.png) formats. You may however use any filename extension that you wish.
</p>
<p><b>You can also upload a zip file containing one or more images if you wish to upload multiple images at once, or reduce the size of your upload. The server will extract the images from the zip and import them into your
account. </b></p>
<form enctype="multipart/form-data" action="upload.php" method="POST">
<input class="formbttn" name="image" type="file"><br>
<input class="formbttn" type="submit" value="Upload"> <br><i><b>Please wait till upload completes, sometimes takes a while- otherwise you'll get a black image/thumbnail. If that happens, delete the file and try again</b></i>
</form>
<? if(isset($error))
{
?>
<div class="error"><?= $error ?></div>
<? }
?>
<? if(!isset($error) && isset($success))
{
?>
<? $user = $_SESSION["user"];
?>
<? if($is_zip) { ?>
<?= $zip_log ?>
<? } else { ?>
<p><b>File <?= $file ?> uploaded.</b>
<p>
<table cellspacing="0" cellpadding="0" border="0">
<tr><td align="right"><b><?=number_format($total)?>&nbsp;</b></td>
<td>bytes total.</td></tr>
<tr><td align="right"><b><?=number_format($used)?>&nbsp;</b></td>
<td>bytes used.</td></tr>
<tr><td align="right"><b><?=number_format($total - $used)?>&nbsp;</b>
</td><td>bytes free.</td></tr>
</table>
</p>
<p><b>URL:</b><br>
<a href="<?=$site_url?>users/<?=$user?>/<?=$file?>"><?=$site_url?>users/<?=$user?>/<?=$file?></a></p>
<table cellspacing="0" cellpadding="0" border="0">
<tr>
<td colspan =2>&nbsp;&nbsp;&nbsp;</td>
<td align="left" valign="bottom">
<a href="<?=$site_url?>users/<?=$user?>/<?=$file?>"><img src="<?=$site_url?>user/thumbs/<?=get_tn_offset($pic_number)?>/<?=$pic_number?>.jpg" border="0"></a>
</td>
</tr>
</table>
<? } ?>
<? }
?>
</td>
</tr>
</table>
</body>
</html>