Skip to content

hfpp2012 / docker-for-discuz

Go to a project
Switch branch/tag
misc_swfupload.php 6.61 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 
<?php

/**
 *      [Discuz!] (C)2001-2099 Comsenz Inc.
 *      This is NOT a freeware, use is subject to license terms
 *
 *      $Id: misc_swfupload.php 25756 2011-11-22 02:47:45Z zhangguosheng $
 */

if(!defined('IN_DISCUZ')) {
	exit('Access Denied');
}

require_once libfile('function/spacecp');

$op = empty($_GET['op'])?'':$_GET['op'];
$isupload = empty($_GET['cam']) && empty($_GET['doodle']) ? true : false;
$iscamera = isset($_GET['cam']) ? true : false;
$isdoodle = isset($_GET['doodle']) ? true : false;
$fileurl = '';
if(!empty($_POST['uid'])) {
	$_G['uid'] = intval($_POST['uid']);
	if(empty($_G['uid']) || $_POST['hash'] != md5($_G['uid'].UC_KEY)) {
		exit();
	}
	$member = getuserbyuid($_G['uid']);
	$_G['username'] = addslashes($member['username']);

	loadcache('usergroup_'.$member['groupid']);
	$_G['group'] = $_G['cache']['usergroup_'.$member['groupid']];

} elseif (empty($_G['uid'])) {
	showmessage('to_login', null, array(), array('showmsg' => true, 'login' => 1));
}

if($op == "finish") {

	$albumid = intval($_GET['albumid']);

	if($albumid > 0) {
		album_update_pic($albumid);
	}

	$space = getuserbyuid($_G['uid']);

	if(ckprivacy('upload', 'feed')) {
		require_once libfile('function/feed');
		feed_publish($albumid, 'albumid');
	}

	exit();

} elseif($op == 'config') {

	$hash = md5($_G['uid'].UC_KEY);
	$uploadurl = urlencode(getsiteurl().'home.php?mod=misc&ac=swfupload'.($iscamera ? '&op=screen' : ($isdoodle ? '&op=doodle&from=':'')));
	if($isupload) {
		if(!checkperm('allowupload')) {
			$hash = '';
		}
	} else {
		$filearr = $dirstr = array();
		if($iscamera) {
			$directory = dreaddir(DISCUZ_ROOT.'./static/image/foreground');
			foreach($directory as $key => $value) {
				$dirstr = DISCUZ_ROOT.'./static/image/foreground/'.$value;
				if(is_dir($dirstr)) {
					$filearr = dreaddir($dirstr, array('jpg','jpeg','gif','png'));
					if(!empty($filearr)) {
						if(is_file($dirstr.'/categories.txt')) {
							$catfile = @file($dirstr.'/categories.txt');
							$dirarr[$key][0] = trim($catfile[0]);
						} else {
							$dirarr[$key][0] = trim($value);
						}
						$dirarr[$key][1] = trim('static/image/foreground/'.$value.'/');
						$dirarr[$key][2] = $filearr;
					}
				}
			}
		} elseif($isdoodle) {
			$filearr = dreaddir(DISCUZ_ROOT.'./static/image/doodle/big', array('jpg','jpeg','gif','png'));
		}
	}
	$feedurl = urlencode(getsiteurl().'home.php?mod=misc&ac=swfupload&op=finish&random='.random(8).'&albumid=');
	$albumurl = urlencode(getsiteurl().'home.php?mod=space&do=album'.($isdoodle ? '&picid=' : '&id='));
	$max = 0;
	if(!empty($_G['group']['maximagesize'])) {
		$max = intval($_G['group']['maximagesize']);
	} else {
		$max = @ini_get(upload_max_filesize);
		$unit = strtolower(substr($max, -1, 1));
		if($unit == 'k') {
			$max = intval($max)*1024;
		} elseif($unit == 'm') {
			$max = intval($max)*1024*1024;
		} elseif($unit == 'g') {
			$max = intval($max)*1024*1024*1024;
		}
	}
	$albums = getalbums($_G['uid']);
	loadcache('albumcategory');
	$categorys = $_G['cache']['albumcategory'];
	$categorystat = $_G['setting']['albumcategorystat'] && !empty($categorys) ? intval($_G['setting']['albumcategorystat']) : 0;
	$categoryrequired = $_G['setting']['albumcategoryrequired'] && !empty($categorys) ? intval($_G['setting']['albumcategoryrequired']) : 0;

} elseif($op == "screen" || $op == "doodle") {

	if(empty($GLOBALS['HTTP_RAW_POST_DATA'])) {
		$GLOBALS['HTTP_RAW_POST_DATA'] = file_get_contents("php://input");
	}
	$status = "failure";
	$dosave = true;

	if($op == "doodle") {
		$magic = C::t('common_magic')->fetch_member_magic($_G['uid'], 'doodle');
		if(empty($magic) || $magic['num'] < 1) {
			$uploadfiles = -8;
			$dosave = false;
		}
	}

	if($dosave && !empty($GLOBALS['HTTP_RAW_POST_DATA'])) {
		$_SERVER['HTTP_ALBUMID'] = addslashes(diconv(urldecode($_SERVER['HTTP_ALBUMID']), 'UTF-8'));
		$from = false;
		if($op == 'screen') {
			$from = 'camera';
		} elseif($_GET['from'] == 'album') {
			$from = 'uploadimage';
		}
		$_G['setting']['allowwatermark'] = 0;
		$uploadfiles = stream_save($GLOBALS['HTTP_RAW_POST_DATA'], $_SERVER['HTTP_ALBUMID'], 'jpg', '', '', 0, $from);
	}

	$uploadResponse = true;
	$picid = $proid = $albumid = 0;
	if($uploadfiles && is_array($uploadfiles)) {
		$status = "success";
		$albumid = $uploadfiles['albumid'];
		$picid =  $uploadfiles['picid'];
		if($op == "doodle") {
			$fileurl = pic_get($uploadfiles['filepath'], 'album', $uploadfiles['thumb'], $uploadfiles['remote'], 0);
			$remote = $uploadfiles['remote'] > 1 ? $uploadfiles['remote'] - 2 : $uploadfiles['remote'];
			if(!$remote) {
				if(!preg_match("/^http\:\/\//i", $fileurl)) {
					$fileurl = getsiteurl().$fileurl;
				}
			}
			require_once libfile('function/magic');
			usemagic($magic['magicid'], $magic['num'], 1);
			updatemagiclog($magic['magicid'], '2', '1', '0');
			if($albumid > 0) {
				album_update_pic($albumid);
			}
		}
	} else {
		switch ($uploadfiles) {
			case -1:
				$uploadfiles = lang('spacecp', 'inadequate_capacity_space');
				break;
			case -2:
				$uploadfiles = lang('spacecp', 'only_allows_upload_file_types');
				break;
			case -4:
				$uploadfiles = lang('spacecp', 'ftp_upload_file_size');
				break;
			case -8:
				$uploadfiles = lang('spacecp', 'has_not_more_doodle');
				break;
			default:
				$uploadfiles = lang('spacecp', 'mobile_picture_temporary_failure');
				break;
		}
	}

} elseif($_FILES && $_POST) {

	if($_FILES["Filedata"]['error']) {
		$uploadfiles = lang('spacecp', 'file_is_too_big');
	} else {
		$_FILES["Filedata"]['name'] = addslashes(diconv(urldecode($_FILES["Filedata"]['name']), 'UTF-8'));
		$_POST['albumid'] = addslashes(diconv(urldecode($_POST['albumid']), 'UTF-8'));
		$catid = $_POST['catid'] ? intval($_POST['catid']) : 0;
		$uploadfiles = pic_save($_FILES["Filedata"], $_POST['albumid'], addslashes(diconv(urldecode($_POST['title']), 'UTF-8')), true, $catid);
	}
	$proid = $_POST['proid'];
	$uploadResponse = true;
	$albumid = 0;
	if($uploadfiles && is_array($uploadfiles)) {
		$status = "success";
		$albumid = $uploadfiles['albumid'];
	} else {
		$status = "failure";
	}
}

$newalbumname = dgmdate($_G['timestamp'], 'Ymd');

include template("home/misc_swfupload");
$outxml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
$outxml .= diconv(ob_get_contents(), $_G['charset'], 'UTF-8');
obclean();

@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
@header("Content-type: application/xml; charset=utf-8");
echo $outxml;

?>