(.*)<\/thumbnail_url>/', $xdata, $xmatches)){
$thumbnail = "http://img.youtube.com/vi/$vid/0.jpg";
$rh = fopen($thumbnail, 'rb');
$wh = fopen($CONFIG['fullpath'] . "edit/yt_$vid.jpg", 'wb');
while (!feof($rh)) fwrite($wh, fread($rh, 1024));
fclose($rh);
fclose($wh);
$escrow_array[] = array('actual_name'=>"youtube_$vid.jpg", 'temporary_name'=> "yt_$vid.jpg");
//} else {
// $YT_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $YT_URI, 'error_code'=> $xdata);
//}
} else {
$YT_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $YT_URI, 'error_code'=> 'Failed to find video');
}
}
}
//Now we must prepare the inital form for adding the pictures to the database, and we must move them to their final location.
// Count errors in each error array and the escrow array.
$escrow_array_count = count($escrow_array);
$file_error_count = count($file_failure_array);
$URI_error_count = count($URI_failure_array);
$zip_error_count = count($zip_failure_array);
$YT_error_count = count($YT_failure_array);
// Create page header.
pageheader($lang_upload_php['title']);
// Check for successful uploads.
if ($escrow_array_count > '0') {
// Serialize and base64_encode the array.
$cayman_escrow = base64_encode(serialize($escrow_array));
// Add temp data record to database.
$unique_ID = create_record($cayman_escrow);
// Verify record was created.
if (!$unique_ID) {
cpg_die(CRITICAL_ERROR, $lang_upload_php['cant_create_write'], __FILE__, __LINE__);
}
// Prepare success data for user.
open_form($_SERVER['PHP_SELF']); // Set the form action to this script.
starttable("100%", $lang_upload_php['succ'], 2);
echo "";
printf ($lang_upload_php['success'], $escrow_array_count);
echo "
";
echo $lang_upload_php['add'];
echo " |
";
$form_array = array(
array('unique_ID', $unique_ID, 4),
array('control', 'phase_2', 4)
);
create_form($form_array);
close_form($lang_continue);
endtable();
// Throw in an HTML break for aesthetics.
echo "
";
} else {
// we had no successful uploads. We create a redirect box.
msg_box($lang_info, sprintf($lang_upload_php['success'], $escrow_array_count), $lang_continue, 'index.php', "100%");
// Throw in an HTML break for aesthetics.
echo "
";
}
// Create error report if we have errors.
if (($file_error_count + $URI_error_count + $zip_error_count + $YT_error_count) > 0) {
// Prepare error data for user.
starttable("100%", $lang_upload_php['error_report'], 2);
form_statement($lang_upload_php['error_instr']);
// Look for file upload errors.
if ($file_error_count > 0) {
// There are file upload errors. Generate the section label.
form_label($lang_upload_php['reg_instr_7']);
echo "{$lang_upload_php['file_name_url']} | {$lang_upload_php['error_message']} |
";
// Cycle through the file upload errors.
for ($i=0; $i < $file_error_count; $i++) {
// Print the error ordinal, file name, and error code.
echo "{$file_failure_array[$i]['failure_ordinal']} {$file_failure_array[$i]['file_name']} | {$file_failure_array[$i]['error_code']} |
";
}
}
// Look for URI upload errors.
if ($URI_error_count > 0) {
// There are URI upload errors. Generate the section label.
form_label($lang_upload_php['reg_instr_8']);
echo "{$lang_upload_php['file_name_url']} | {$lang_upload_php['error_message']} |
";
// Cycle through the file upload errors.
for ($i=0; $i < $URI_error_count; $i++) {
// Print the error ordinal, file name, and error code.
echo "{$URI_failure_array[$i]['failure_ordinal']} {$URI_failure_array[$i]['URI_name']} | {$URI_failure_array[$i]['error_code']} |
";
}
}
// Look for zip upload errors.
if ($zip_error_count > 0) {
// There are file upload errors. Generate the section label.
form_label($lang_upload_php['reg_instr_6']);
echo "{$lang_upload_php['file_name_url']} | {$lang_upload_php['error_message']} |
";
// Cycle through the file upload errors.
for ($i=0; $i < $zip_error_count; $i++) {
// Print the error ordinal, file name, and error code.
echo "{$file_failure_array[$i]['failure_ordinal']} {$file_failure_array[$i]['file_name']} | {$file_failure_array[$i]['error_code']} |
";
}
}
// Look for YT upload errors.
if ($YT_error_count > 0) {
// There are URI upload errors. Generate the section label.
form_label("YT errors:");
echo "URI | Error message |
";
// Cycle through the file upload errors.
for ($i=0; $i < $YT_error_count; $i++) {
// Print the error ordinal, file name, and error code.
echo "{$YT_failure_array[$i]['failure_ordinal']} {$YT_failure_array[$i]['URI_name']} | {$YT_failure_array[$i]['error_code']} |
";
}
}
// Close the error report table.
endtable();
}
// Create the footer and flush the output buffer.
echo "";
pagefooter();
ob_end_flush();
// Exit the script.
exit;
}
// Recieve incoming post information for phase II.
if ((isset($_POST['control'])) and ($_POST['control'] == 'phase_2')) {
// Check for incoming album placement data.
if ((isset($_POST['album'])) and (isset($_POST['unique_ID']))) {
// Check if user selected an album to upload picture to. If not, die with error.
// added by frogfoot
$album = (int)$_POST['album'];
if (!$album){
cpg_die(ERROR, $lang_db_input_php['album_not_selected'], __FILE__, __LINE__);
}
if (isset($_POST['unique_ID'])) {
// The unique ID is set, so let us retrieve the record.
$cayman_string = retrieve_record($_POST['unique_ID']);
// Verify record was retrieved.
if (!$cayman_string) {
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
} else {
// The $_POST['unique_ID'] value is not present. Die with an error.
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
// Now we decode the string.
$escrow_array = unserialize(base64_decode($cayman_string));
// Now we need to pop a file set off $escrow_array.
// The returned element will take the form: array('actual_name', 'temporary_name')
// First, we test to make sure $escrow_array is an array.
if (!(is_array($escrow_array))) {
// The decoded information is not an array. Die with an error.
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
// Initialize $file_set as an array.
$file_set = array();
// Create array index.
$index = count($escrow_array) - 1;
// Read the end of the $escrow_array array into $file_set.
$file_set[0] = $escrow_array[$index]['actual_name'];
$file_set[1] = $escrow_array[$index]['temporary_name'];
// Get the image preview path.
$preview_path = $escrow_array[$index]['preview_path'];
// Remove end of $escrow_array.
unset($escrow_array[$index]['preview_path']);
unset($escrow_array[$index]['actual_name']);
unset($escrow_array[$index]['temporary_name']);
unset($escrow_array[$index]);
// Re-encode the $escrow_array.
$cayman_escrow = base64_encode(serialize($escrow_array));
// Update the record.
$update = update_record($_POST['unique_ID'], $cayman_escrow);
// Verify that the update occurred.
if (!$update) {
// We cannot write to the temporary data file. Note a fatal error.
cpg_die(CRITICAL_ERROR, $lang_upload_php['not_writable'], __FILE__, __LINE__);
}
// We have incoming placement data. Let's capture it.
$album = (int)$_POST['album'];
$title = addslashes($_POST['title']);
$caption = addslashes($_POST['caption']);
$keywords = addslashes($_POST['keywords']);
$user1 = addslashes($_POST['user1']);
$user2 = addslashes($_POST['user2']);
$user3 = addslashes($_POST['user3']);
$user4 = addslashes($_POST['user4']);
// Capture movie or audio width and height if sent.
if(isset($_POST['movie_wd'])) {
$movie_wd = (int)$_POST['movie_wd'];
} else {
$movie_wd = 320;
}
if(isset($_POST['movie_ht'])) {
$movie_ht = (int)$_POST['movie_ht'];
} else {
$movie_ht = 240;
}
// Check if the album id provided is valid
if (!GALLERY_ADMIN_MODE) {
$result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album' and (uploads = 'YES' OR category = '" . (USER_ID + FIRST_USER_CAT) . "')");
if (mysql_num_rows($result) == 0)cpg_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
$row = mysql_fetch_array($result);
mysql_free_result($result);
$category = $row['category'];
} else {
$result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album'");
if (mysql_num_rows($result) == 0)cpg_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
$row = mysql_fetch_array($result);
mysql_free_result($result);
$category = $row['category'];
}
// Pictures are moved in a directory named 10000 + USER_ID
if (USER_ID && !defined('SILLY_SAFE_MODE')) {
$filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT);
$dest_dir = $CONFIG['fullpath'] . $filepath;
if (!is_dir($dest_dir)) {
mkdir($dest_dir, octdec($CONFIG['default_dir_mode']));
if (!is_dir($dest_dir)) cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true);
@chmod($dest_dir, octdec($CONFIG['default_dir_mode'])); //silence the output in case chmod is disabled
$fp = fopen($dest_dir . '/index.html', 'w');
fwrite($fp, ' ');
fclose($fp);
}
$dest_dir .= '/';
$filepath .= '/';
} else {
$filepath = $CONFIG['userpics'];
$dest_dir = $CONFIG['fullpath'] . $filepath;
}
// Check that target dir is writable
if (!is_writable($dest_dir)) cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true);
//Add the Perl regex to break the actual name.
preg_match("/(.+)\.(.*?)\Z/", $file_set[0], $matches);
// Create a unique name for the uploaded file
$nr = 0;
$picture_name = $matches[1] . '.' . $matches[2];
while (file_exists($dest_dir . $picture_name)) {
$picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
}
// Create path for final location.
$uploaded_pic = $dest_dir . $picture_name;
// Form path to temporary image.
$path_to_image = './'.$CONFIG['fullpath'].'edit/'.$file_set[1];
// prevent moving the edit directory...
if (is_dir($path_to_image)) cpg_die(CRITICAL_ERROR, $lang_upload_php['failure'] . " - '$path_to_image'", __FILE__, __LINE__, true);
// Move the picture into its final location
if (rename($path_to_image, $uploaded_pic)) {
// Change file permission
@chmod($uploaded_pic, octdec($CONFIG['default_file_mode'])); //silence the output in case chmod is disabled
// Create thumbnail and intermediate image and add the image into the DB
$result = add_picture($album, $filepath, $picture_name, 0,$title, $caption, $keywords, $user1, $user2, $user3, $user4, $category, $raw_ip, $hdr_ip, $movie_wd, $movie_ht);
if (!$result) {
// The file could not be placed.
$file_placement = 'no';
} else {
// The file was placed successfully.
$file_placement = 'yes';
}
} else {
// The file was not placed successfully.
$file_placement = 'no';
}
// Time for garbage cleanup.
// First, we delete the preview image.
if ((!strstr($preview_path, 'thumb')) and (file_exists($preview_path))) {
unlink($preview_path);
}
// Check to see if this is the last one.
if(count($escrow_array) == '0') {
// Create the final message.
if ($PIC_NEED_APPROVAL) {
if ($file_placement == 'no') {
$final_message = ''.$lang_upload_php['no_place'].'
'.$lang_db_input_php['upload_success'];
} else {
$final_message = ''.$lang_upload_php['yes_place'].'
'.$lang_db_input_php['upload_success'];
}
} else {
if ($file_placement == 'no') {
$final_message = ''.$lang_upload_php['no_place'].'
'.$lang_upload_php['process_complete'];
} else {
$final_message = ''.$lang_upload_php['yes_place'].'
'.$lang_upload_php['process_complete'];
}
}
// Delete the temporary data file.
delete_record($_POST['unique_ID']);
// Send e-mail notification to the admin if requested (added by gaugau: 03-11-09).
if (($CONFIG['upl_notify_admin_email']) and ($PIC_NEED_APPROVAL)) {
// Encapsulate so included lang file doesn't interfere with global one
function cpg_send_upload_notification() {
global $CONFIG;
$lang_db_input_php = cpg_get_default_lang_var('lang_db_input_php');
// Get the mail files.
include_once('include/mailer.inc.php');
// Send the message.
cpg_mail('admin', sprintf($lang_db_input_php['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_db_input_php['notify_admin_email_body'], USER_NAME, $CONFIG['ecards_more_pic_target']. (substr( $CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') .'editpics.php?mode=upload_approval' ));
}
cpg_send_upload_notification();
}
// That was the last one. Create a redirect box.
pageheader($lang_info);
msg_box($lang_info, $final_message, $lang_continue, 'index.php', "100%");
pagefooter();
// Exit the script.
exit;
}
}
// The user has files that need to be processed and placed in albums.
// We must pull that information from the temporary data file
// whose ID is in $_POST['unique_ID'].
if (isset($_POST['unique_ID'])) {
// The unique ID is set, so let us retrieve the record.
$cayman_string = retrieve_record($_POST['unique_ID']);
// Verify record was retrieved.
if (!$cayman_string) {
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
} else {
// The $_POST['cayman'] path is not present. Die with an error.
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
// Now we decode the string.
$escrow_array = unserialize(base64_decode($cayman_string));
// Now we need to detect the end file set of $escrow_array.
// The returned element will take the form: array('actual_name', 'temporary_name')
// First, we test to make sure $escrow_array is an array.
if (!(is_array($escrow_array))) {
// The decoded information is not an array. Die with an error.
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
// Initialize $file_set as an array.
$file_set = array();
// Create array index.
$index = count($escrow_array) - 1;
// Read the end of the $escrow_array array into $file_set.
$file_set[0] = $escrow_array[$index]['actual_name'];
$file_set[1] = $escrow_array[$index]['temporary_name'];
// Create preview image.
// Create path to image.
$path_to_image = './'.$CONFIG['fullpath'].'edit/'.$file_set[1];
// Create the preview function.
// Get the extension for the preview.
// First we parse the file name to determine the file type.
$pieces = explode('.',$file_set[1]);
// We pop off the end of the $pieces array to obtain the possible file name.
$extension = array_pop($pieces);
// Detect if the file is an image.
if(is_image($file_set[1])) {
// Create preview image file name.
do {
// Create a random seed by taking the first 8 characters of an MD5 hash of a concatenation of the current UNIX epoch time and the current server process ID.
$seed = substr(md5(uniqid("")), 0, 8);
// Assemble the file path.
$path_to_preview = './'.$CONFIG['fullpath'].'edit/preview_' . $seed . '.' . $extension;
} while (file_exists($path_to_preview));
// Create secure preview path.
$s_preview_path = 'preview_' . $seed . '.' . $extension;
// The file is an image, we must resize it for a preview image.
resize_image($path_to_image, $path_to_preview, '150', $CONFIG['thumb_method'], 'wd');
if ($CONFIG['read_iptc_data']) {
$iptc = get_IPTC($path_to_image);
}
} else {
// The file is not an image, so we will use the non-image thumbs
// for preview images.
// We create the path to the preview image.
$path_to_preview = "images/thumb_{$extension}.jpg";
}
// Add preview image path to $escrow_array.
$escrow_array[$index]['preview_path'] = $path_to_preview;
// Re-encode the $escrow_array.
$cayman_escrow = base64_encode(serialize($escrow_array));
// Update the record.
$update = update_record($_POST['unique_ID'], $cayman_escrow);
// Verify that the update occurred.
if (!$update) {
// We cannot write to the temporary data file. Note a fatal error.
cpg_die(CRITICAL_ERROR, $lang_upload_php['not_writable'], __FILE__, __LINE__);
}
// Create upload form headers.
pageheader($lang_upload_php['title']);
// Direct the request to this script.
open_form($_SERVER['PHP_SELF']);
// Open the form table.
starttable("100%", $lang_upload_php['title'], 2);
// Create image tag and echo it to the output buffer.
echo " | ";
// Echo instructions.
echo "{$lang_upload_php['picture']} - {$file_set[0]}
{$lang_upload_php['place_instr_1']}
";
// If we have previously placed a picture, give a brief message about its success or failure.
if (isset($file_placement)) {
if ($file_placement == 'yes') {
// The previous picture was placed successfully.
echo "{$lang_upload_php['yes_place']}";
} elseif ($file_placement == 'no') {
// The previous image placement failed.
echo "{$lang_upload_php['no_place']}";
}
}
echo " |
";
// Declare an array containing the various upload form box definitions.
$captionLabel = $lang_upload_php['description'];
if ($CONFIG['show_bbcode_help']) {$captionLabel .= ' '. cpg_display_help('f=index.html&base=64&h='.urlencode(base64_encode(serialize($lang_bbcode_help_title))).'&t='.urlencode(base64_encode(serialize($lang_bbcode_help))),470,245);}
//$printed_file_name = "{$lang_upload_php['picture']} - {$file_set[0]}";
//Use the IPTC title or headline for the Coppermine title if available.
if (isset($iptc['Title']) && !empty($iptc['Title'])) {
$title=$iptc['Title'];
} elseif (isset($iptc['Headline']) && !empty($iptc['Headline'])) {
$title=$iptc['Headline'];
} else {
$title='';
}
$form_array = array(
array($lang_upload_php['album'], 'album', 2),
array($lang_upload_php['pic_title'], 'title', 0, 255, 1, $title),
array($captionLabel, 'caption', 3, $CONFIG['max_img_desc_length'], (isset($iptc['Caption'])) ? $iptc['Caption'] : ''),
array($lang_upload_php['keywords'], 'keywords', 0, 255, 1,(isset($iptc['Keywords'])) ? implode(' ',$iptc['Keywords']): ''),
array('control', 'phase_2', 4),
array('unique_ID', $_POST['unique_ID'], 4),
);
// Check for user defined fields.
if(!empty($CONFIG['user_field1_name'])) {
$form_array[] = array($CONFIG['user_field1_name'], 'user1', 0, 255, 1);
}
if(!empty($CONFIG['user_field2_name'])) {
$form_array[] = array($CONFIG['user_field2_name'], 'user2', 0, 255, 1);
}
if(!empty($CONFIG['user_field3_name'])) {
$form_array[] = array($CONFIG['user_field3_name'], 'user3', 0, 255, 1);
}
if(!empty($CONFIG['user_field4_name'])) {
$form_array[] = array($CONFIG['user_field4_name'], 'user4', 0, 255, 1);
}
// Check for movies and audio, and create width and height boxes if true.
if((is_movie($file_set[1])) or (is_audio($file_set[1]))) {
//Add width and height boxes to the form.
$form_array[] = array($lang_admin_php['th_wd'],'movie_wd', 0, 4, 1);
$form_array[] = array($lang_admin_php['th_ht'],'movie_ht', 0, 4, 1);
}
// Create the form and echo more instructions.
create_form($form_array);
// More instructions.
if(count($escrow_array) > '1') {
form_statement($lang_upload_php['place_instr_2']);
}
// Make button say 'Continue.'
close_form($lang_continue);
// Close the table, create footers, and flush the output buffer.
endtable();
echo "";
pagefooter();
ob_end_flush();
// Exit the script.
exit;
}
?>