On changeThumb.php where would be a suitable place to paste:
{
move_uploaded_file($_FILES["file"]["tmp_name"],
cpg1412/uploads" . $_FILES["file"]["name"]);
}
Here is changethumb.php:
<?php
define('IN_COPPERMINE', true);
define('CHANGETHUMB_PHP', true);
define('UPLOAD_PHP', true);
define('DB_INPUT_PHP', true);
require('include/init.inc.php');
require('include/picmgmt.inc.php');
if (!USER_ID || !$CONFIG['enable_custom_thumbs'] ) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);//not logged in
(isset($_REQUEST['id'])) ? $pid = (int)$_REQUEST['id'] : $pid = -1; //valid id?
//fetching all the pic data
$result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} AS p, {$CONFIG['TABLE_ALBUMS']} AS a WHERE a.aid = p.aid AND pid = '$pid'");
$CURRENT_PIC = mysql_fetch_array($result);
mysql_free_result($result);
//user allowed to edit the pic??
if (!(GALLERY_ADMIN_MODE || ($CURRENT_PIC['category'] == FIRST_USER_CAT + USER_ID && $CONFIG['users_can_edit_pics']) || ($CONFIG['users_can_edit_pics'] && $CURRENT_PIC['owner_id'] == USER_ID)) || !USER_ID) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
$img_path=$CONFIG['fullpath'].$CURRENT_PIC['filepath'].$CURRENT_PIC['filename'];
$mime_content_image = cpg_get_type($img_path);
$event = isset($_REQUEST['event']) ? $_REQUEST['event'] : null;
switch ($event) {
case 'picture':
if (!USER_CAN_UPLOAD_PICTURES) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
// Test if the filename of the temporary uploaded picture is empty
if ($_FILES['userpicture']['tmp_name'] == '') cpg_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__);
//check filetype, don't accept images
$mime_content = cpg_get_type($_FILES['userpicture']['name']);
if ($mime_content['content'] != 'image' ) cpg_die(ERROR, "Error, please upload an image, this is ". $mime_content['content'], __FILE__, __LINE__);
//filpath
$filepath = $CURRENT_PIC['filepath'];
$dest_dir = $CONFIG['fullpath'] . $CURRENT_PIC['filepath'];
if (!is_writable($dest_dir)) cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true);
$matches = array();
$forbidden_chars = strtr($CONFIG['forbiden_fname_char'], array('&' => '&', '"' => '"', '<' => '<', '>' => '>'));
// Check that the file uploaded has a valid extension
if (get_magic_quotes_gpc()) $_FILES['userpicture']['name'] = stripslashes($_FILES['userpicture']['name']);
$picture_name = strtr($_FILES['userpicture']['name'], $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char'])));
if (!preg_match("/(.+)\.(.*?)\Z/", $picture_name, $matches)) {
$matches[1] = 'invalid_fname';
$matches[2] = 'xxx';
}
if ($matches[2] == '' || !is_known_filetype($matches)) {
cpg_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__);
}
// Create a unique name for the uploaded file
$nr = 0;
$picture_name = $matches[1] . '.' . $matches[2];
$thumb_name = $CURRENT_PIC['filename'];
if (!preg_match("/(.+)\.(.*?)\Z/", $thumb_name, $tmatches)) {
$tmatches[1] = 'invalid_fname';
$tmatches[2] = 'xxx';
}
if ($tmatches[2] == '' || !is_known_filetype($tmatches)) {
cpg_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__);
}
$thumb_name = $CONFIG['thumb_pfx'].$tmatches[1].".".$matches[2];
$mini_name = $CONFIG['mini_pfx'].$tmatches[1].".".$matches[2];
while (file_exists($dest_dir . $picture_name)) {
$picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
}
$uploaded_pic = $dest_dir . $picture_name;
// Move the picture into its final location
if (!move_uploaded_file($_FILES['userpicture']['tmp_name'], $uploaded_pic))
cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true);
// Change file permission
chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
// Get picture information
// Check that picture file size is lower than the maximum allowed
if (filesize($uploaded_pic) > ($CONFIG['max_upl_size'] << 10)) {
@unlink($uploaded_pic);
cpg_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__);
} elseif (is_image($picture_name)) {
$imginfo = getimagesize($uploaded_pic);
// getimagesize does not recognize the file as a picture
if ($imginfo == null) {
@unlink($uploaded_pic);
cpg_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true);
// JPEG and PNG only are allowed with GD
} elseif ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && $imginfo[2] != GIS_GIF && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) {
@unlink($uploaded_pic);
cpg_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true);
} elseif (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) {
@unlink($uploaded_pic);
cpg_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__);
} // Image is ok
}
$work_image = $CONFIG['fullpath'] . $filepath . $picture_name;
$thumb = $CONFIG['fullpath'] . $filepath . $thumb_name;
$mini = $CONFIG['fullpath'] . $filepath . $mini_name;
delfile($CONFIG['fullpath'] . $filepath,$CURRENT_PIC['filename']);
if ($CONFIG['enable_mini_thumbs'])
{
if (!resize_image($work_image, $mini, $CONFIG['mini_thumb_width'], $CONFIG['thumb_method'], "mini", "false", 1))
{
@unlink($uploaded_pic);
cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_insert_pic'], $mini) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true);
}
}
if (!resize_image($work_image, $thumb, $CONFIG['thumb_width'], $CONFIG['thumb_method'], $CONFIG['thumb_use'], "false", 1, $mime_content_image['content']))
{
@unlink($uploaded_pic);
cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_insert_pic'], $thumb) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true);
}
else
{
@unlink($uploaded_pic);
break;
$header_location = (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) ? 'Refresh: 0; URL=' : 'Location: ';
$redirect = "changeThumb.php?id=".$CURRENT_PIC['pid'];
header($header_location . $redirect);
pageheader($lang_info, "<META http-equiv=\"refresh\" content=\"1;url=$redirect\">");
msg_box($lang_info, $lang_db_input_php['upl_success'], $lang_continue, $redirect);
pagefooter();
ob_end_flush();
exit;
}
break;
case "delete_thumb":
if (isset($_POST['all_thumb'])) { //confirm checkbox clicked??
$path = $CONFIG['fullpath'] . $CURRENT_PIC['filepath'];
$file = $CURRENT_PIC['filename'];
delfile($path,$file);
}
}
pageheader($lang_editpics_php['edit_pics']);
if ($mime_content_image['content'] != 'image' )
{
$thumb_url = get_pic_url($CURRENT_PIC, 'thumb');
(is_image($thumb_url)) ? $thumb_image = "<img src=\"".$thumb_url."\" class=\"image\">" : $thumb_image = "";
$thumb_link = 'displayimage.php?pos='.(-$CURRENT_PIC['pid']);
$filename = htmlspecialchars($CURRENT_PIC['filename']);
echo <<<EOT
<script type="text/javascript">
function change() {
opener.document.getElementById('div_main$pid').innerHTML = "<br><br><a href=\"javascript:void()\" onClick=\"window.location.reload()\">click to reload</a>";
}
</script>
<form action="changeThumb.php" method="post">
<table class="maintable" cellpadding="6" cellspacing="1" border="0" width="100%" align="center">
<tr>
<td class="tableh1" colspan="2" style="padding: 6px 0 6px 6px"><strong>$lang_cThumb[stats]</strong></td>
</tr>
<tr>
<td class="panelsurround" align="center">
<span style="float: left">$lang_cThumb[title] $filename!</span><br /><br />
<div class="panel">
<div style="width:480px" align="left">
<fieldset class="fieldset">
<legend>$thumb_image</legend>
<table cellpadding="0" cellspacing="3" border="0">
<tr>
<td>$lang_cThumb[remove]</td>
</tr>
<tr>
<td><label for="deletethumb"><input type="checkbox" name="all_thumb" id="all_thumb" value="true" />$lang_cThumb[remove_thumb]</label></td>
</tr>
</table>
</fieldset>
</div>
</div>
<div style="margin-top:6px">
<input type="hidden" name="id" value="$CURRENT_PIC[pid]" />
<input type="hidden" name="event" value="delete_thumb" />
<input type="submit" class="button" value="$lang_cThumb[remove_thumb]" accesskey="s" onClick="change()"/>
</div>
</td>
</tr>
</table>
</form>
<table class="maintable graybox" cellpadding="0" cellspacing="1" border="0" width="100%" align="center">
EOT;
create_thumb_upload ();
echo <<<EOT
</table>
EOT;
endtable();
}
else // it'S a image and we do not change thumbs for images
{
echo <<<EOT
<table class="maintable" cellpadding="6" cellspacing="1" border="0" width="100%" align="center">
<tr>
<td class="tableh1" colspan="2" style="padding: 6px 0 6px 6px"><strong>$lang_cThumb[error]</strong></td>
</tr>
<tr>
<td class="panelsurround" align="center">
<div class="panel">
<div style="width:480px" align="left">
<fieldset class="fieldset">
<legend></legend>
<table cellpadding="0" cellspacing="3" border="0">
<tr>
<td>$lang_cThumb[no_images]</td>
</tr>
</table>
</fieldset>
</div>
</div>
</td>
</tr>
</table>
EOT;
}
pagefooter();
ob_end_flush();
function clean_table() {
global $CONFIG;
$comparative_timestamp = time() - 3600;
$result = mysql_query("DELETE FROM {$CONFIG['TABLE_TEMPDATA']} WHERE timestamp < $comparative_timestamp");
if ($result) {
return TRUE;
} else {
return FALSE;
}
}
function hidden_input($name, $value) {
echo " <input type=\"hidden\" name=\"$name\" value=\"$value\">\n";
}
function file_input($text, $name, $iterations) {
$ordinal = '';
// Begin loop
for ($counter=0; $counter<$iterations; $counter++) {
// Create a numbering system when necessary.
if ($text == '') {
$cardinal = $counter + 1;
$ordinal = "".$cardinal.". ";
}
// Create the file input box.
echo <<<EOT
<tr>
<td class="tableb">
$text $ordinal
</td>
<td class="tableb" valign="top">
<input type="file" name="$name" size="40" class="listbox">
</td>
</tr>
EOT;
}
}
function create_form(&$data) {
global $CONFIG;
foreach($data as $element) {
if ((is_array($element))) {
switch ($element[2]) {
case 0 :
text_box_input($element[0], $element[1], $element[3], $element[4]);
break;
case 1 :
file_input($element[0], $element[1], $element[3]);
break;
case 2 :
form_alb_list_box($element[0], $element[1]);
break;
case 3 :
text_area_input($element[0], $element[1], $element[3]);
break;
case 4 :
hidden_input($element[0], $element[1]);
break;
default:
cpg_die(ERROR, $lang_upload_php['reg_instr_1'], __FILE__, __LINE__);
} // switch
} else {
form_label($element);
}
}
}
function form_label($text) {
echo <<<EOT
<tr>
<td class="tableh2" colspan="2">
<b>$text</b>
</td>
</tr>
EOT;
}
function open_form($path) {
echo <<<EOT
<script language="JavaScript">
function textCounter(field, maxlimit) {
if (field.value.length > maxlimit) // if too long...trim it!
field.value = field.value.substring(0, maxlimit);
}
</script>
<form method="post" action="$path" ENCTYPE="multipart/form-data">
</td>
EOT;
}
function close_form($button_value) {
global $lang_upload_php;
echo <<<EOT
<tr>
<td colspan="2" align="center" class="tablef">
<input type="submit" value="{$button_value}" class="button" onClick="change()">
</td>
</form>
</tr>
EOT;
}
function form_instructions() {
global $CONFIG, $lang_cThumb, $max_file_size;
echo "<tr><td colspan=2><br />";
printf ($lang_cThumb['instr'], $CONFIG['max_upl_size']);
echo "</td></tr>";
}
function create_thumb_upload ()
{
global $lang_upload_php, $CONFIG, $max_file_size,$CURRENT_PIC;
// Do some cleanup in the edit directory.
spring_cleaning('./albums/edit',3600);
// Do some cleaning in the temp data table.
clean_table();
open_form($_SERVER['PHP_SELF']);
form_instructions();
// Declare an array containing the various upload form box definitions.
$captionLabel = $lang_upload_php['description'];
$form_array = array(
sprintf($lang_upload_php['max_fsize'], $CONFIG['max_upl_size']),
array('MAX_FILE_SIZE', $max_file_size, 4),
array($lang_upload_php['picture'], 'userpicture', 1, 1),
array('event', 'picture', 4),
array('id', $CURRENT_PIC['pid'], 4)
);
create_form($form_array);
close_form($lang_upload_php['title']);
}
function delfile($path,$file)
{
global $CONFIG;
$stringParts = explode(".", $file);
array_pop($stringParts);
$file = $path.$CONFIG['thumb_pfx']. implode(".", $stringParts);
unlink ($file.".jpg");
unlink ($file.".gif");
unlink ($file.".png");
}
?>