Viên ngọc phương Đông

ruạṛ

<?php
/**
 * Add a photo to a gallery
 * @version 0.9
 * @author Robert Urquhart <programmer@activatedesign.co.nz>
 * @package WEP-CRM
*/
session_start();
/**
 * load includes
 * connect to database 
 */
require_once $_SERVER['DOCUMENT_ROOT'].'/admin/scripts-includes/universal.php';

$connID = connect_to_db();

/**
 * initialise $message
 */
$message = '';

/**
 * @global array $whitelist The variables we expect to recieve from the form as [variable name to use in this script] => [index in $_POST]
 */
$whitelist = array(
	'gallery_id' => 'gallery'
	, 'title' => 'title'
);

foreach($whitelist as $f => $v)
{
	$$f = (isset($_POST[$v])) ? clean_plain_data($_POST[$v]) : '';
	//echo $$f.' | '; //debugging
}

/**
 * check for valid gallery_id 
 */
if(!is_numeric_id($gallery_id, false))
{
	getout('Gallery not found', '../galleries.php');
	exit;
}

/*
 * process image
 * @var string $upload name of file field in form
 */
$upload = 'new';

/*
 * do we have a file?
 */
if ($_FILES[$upload] && is_uploaded_file($_FILES[$upload]['tmp_name'])) 
{
	$filename = file_name($_FILES[$upload]['name']);
	
	//@todo move image dimensions to universal.php
	//@todo while we're at it add a setting for thumbnail-prefix
	$dim = array('w'=>GALLERY_IMAGE_WIDTH,'h'=>GALLERY_IMAGE_HEIGHT, 'tw'=>GALLERY_THUMBNAIL_WIDTH, 'th'=>GALLERY_THUMBNAIL_HEIGHT, 'orient'=>''); //thumbnail height handled/cropped in template
	$path = select_one('gallery_data','gallery_path','gallery_id',$gallery_id);
	$dir = DOC_ROOT.$path;
	// $message .= $dir.$filename; //debugging
	$message .= upload_image($upload,$dim,$dir,$filename);
	
	if(!file_exists($dir.$filename))
	{
		// appropriate message should have been generated by upload_image()
	}
	else
	{
		list($w, $h) = @getimagesize($dir.$filename);
		$check = select_one('image_data','image_id',"concat_ws(':',container_id,image_type,image_filename)",$gallery_id.':gallery:'.$filename);
		//$message .= $check.'.<br />';
		if(!$check)
		{
			//create new record
			if(!$update = mysql_query("
						insert into image_data (image_type, container_id, image_path, image_filename, title, width, height, active)
						values ('gallery', '$gallery_id', '$path', '$filename', '$title', '$w', '$h','1')
						"))
			{
				$message .= 'There was a problem uploading the file (2). Please try again.'.mysql_error();
				unlink(($dir.$filename));
			}
		}
		else
		{
			mysql_query("update image_data set title='$title', width='$w', height='$h' where image_id = '$check'");
			$message = 'Image replaced.'; //overwrites upload success message @todo have this check in image upload handler
		}
	}
} 
else
{
	$message .= 'No image selected.<br />';
}

/** 
 * return to previous page
 */
getout($message);
exit;
?>