'Coppermine - XP Web Publishing Wizard',
'welcome' => 'Welcome %s,',
'need_login' => 'You need to login to the gallery using your web browser before you can use this wizard.
When you login don\'t forget to select the remember me option if it is present.',
'no_alb' => 'Sorry but there is no album where you are allowed to upload pictures with this wizard.',
'upload' => 'Upload your pictures into an existing album',
'create_new' => 'Create a new album for your pictures',
'album' => 'Album',
'category' => 'Category',
'new_alb_created' => 'Your new album "%s" was created.',
'continue' => 'Press "Next" to start to upload your pictures',
);
// ------------------------------------------------------------------------- //
// Activate more language block sets.
define('LOGIN_PHP', true);
define('DB_INPUT_PHP', true);
define('ALBMGR_PHP', true);
// Call necessaryy files and subroutines.
require('include/init.inc.php');
require('include/picmgmt.inc.php');
// Set the log file path.
define('LOGFILE', 'xp_publish.log');
// ------------------------------------------------------------------------- //
// HTML template for the login screen
$template_login = <<{ENTER_LOGIN_PSWD}
EOT;
// HTML template for a successful login
$template_login_success = <<< EOT
{WELCOME}
EOT;
// HTML template for an unsuccessful login
$template_login_failure = <<< EOT
{ERROR}
EOT;
// HTML template for the select destination/create new album screen
$template_select_album = <<{WELCOME}
{NO_ALBUM}
{UPLOAD}
EOT;
// HTML template for a successful album creation
$template_create_album = <<{NEW_ALB_CREATED}
{CONTINUE}
EOT;
// ------------------------------------------------------------------------- //
// Simple die function (replace the cpg_die function that can't be used inside the wizard)
function simple_die($msg_code, $msg_text, $error_file, $error_line, $output_buffer = false)
{
global $CONFIG, $lang_cpg_die;
$msg = $lang_cpg_die[$msg_code] . ': ' . $msg_text;
if (!$CONFIG['debug_mode']) {
$msg .= '(' . $lang_cpg_die['file'] . ': ' . $error_file . ' / ' . $lang_cpg_die['line'] . ': ' . $error_line . ')';
}
echo $msg;
// If debug mode is active, write the output into a log file
if (!$CONFIG['debug_mode']) {
$ob = ob_get_contents();
fwrite(fopen(LOGFILE, 'w'), $ob);
}
exit;
}
// Quote a string in order to make a valid JavaScript string
function javascript_string($str)
{
// replace \ with \\ and then ' with \'.
$str = str_replace('\\', '\\\\', $str);
$str = str_replace('\'', '\\\'', $str);
return $str;
}
// Retrieve the category list
function get_subcat_data($parent, $ident = '')
{
global $CONFIG, $CAT_LIST;
$result = db_query("SELECT cid, name, description FROM {$CONFIG['TABLE_CATEGORIES']} WHERE parent = '$parent' AND cid != 1 ORDER BY pos");
if (mysql_num_rows($result) > 0) {
$rowset = db_fetch_rowset($result);
foreach ($rowset as $subcat) {
$CAT_LIST[] = array($subcat['cid'], $ident . $subcat['name']);
get_subcat_data($subcat['cid'], $ident . ' ');
}
}
}
// Return the HTML code for the album list select box
function html_album_list(&$alb_count)
{
global $CONFIG;
if (USER_IS_ADMIN) {
$public_albums = db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " ORDER BY title");
if (mysql_num_rows($public_albums)) {
$public_albums_list = db_fetch_rowset($public_albums);
} else {
$public_albums_list = array();
}
} else {
$public_albums_list = array();
}
if (USER_ID) {
$user_albums = db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY title");
if (mysql_num_rows($user_albums)) {
$user_albums_list = db_fetch_rowset($user_albums);
} else {
$user_albums_list = array();
}
} else {
$user_albums_list = array();
}
$alb_count = count($public_albums_list) + count($user_albums_list);
$html = "\n";
foreach($user_albums_list as $album) {
$html .= ' \n";
}
foreach($public_albums_list as $album) {
$html .= ' \n";
}
return $html;
}
// Return the HTML code for the category list select box
function html_cat_list()
{
global $CONFIG, $CAT_LIST;
global $lang_albmgr_php;
$CAT_LIST = array();
if (USER_CAN_CREATE_ALBUMS) $CAT_LIST[] = array(FIRST_USER_CAT + USER_ID, $lang_albmgr_php['my_gallery']);
$CAT_LIST[] = array(0, $lang_albmgr_php['no_category']);
get_subcat_data(0, '');
$html = "\n";
foreach($CAT_LIST as $category) {
$html .= ' \n";
}
return $html;
}
// Display information on how to use/install the wizard client
function display_instructions()
{
global $PHP_SELF;
?>
Coppermine Photo Gallery - XP Publish README
XP Web Publishing Wizard Client
This module allows to use Windows XP web publishing wizard with
Coppermine.
A working installation of Coppermine on which the web upload function works properly.
How to install on client side
Right click on this link. Select "save
target as..". Save the file on your hard drive. When saving the file, check that the proposed
file name is cpg_###.reg (the ### represents a numerical timestamp). Change it to that name if necessary (leave the numbers). When downloaded, double click on the
file in order to register your server with the web publishing wizard.
Testing
In Windows Explorer, select some files and click on Publish xxx on the web
in the left pane.
Confirm your file selection. Click on Next.
In the list of services that appear, select the one for your photo gallery (it has the name
of your gallery). If the service does not appear, check that you have installed
cpg_pub_wizard.reg as described above.
Input your login information if required.
Select the target album for your pictures or create a new one.
Click on next. The upload of your pictures starts.
When it is completed, check your gallery to see if pictures have been properly added.
Notes :
Once the upload has started, the wizard can't display any error message returned by
the script so you can't know if the upload failed or succeeded until you check your gallery.
If the upload fails, enable "Debug mode" on the Coppermine config page,
try with one single picture and check error messages in the
file
that is located in Coppermine directory on your server.
In order to avoid that the gallery be flooded by pictures uploaded through the wizard,
only the gallery admins and users that can have their own albums can use this feature.
' . $lang_xp_publish_php['need_login'] . '';
$ONNEXT_SCRIPT = '';
$ONBACK_SCRIPT = 'window.external.FinalBack();';
$WIZARD_BUTTONS = 'false,false,false';
return;
}
$params = array('{POST_ACTION}' => $PHP_SELF . '?cmd=publish',
'{ENTER_LOGIN_PSWD}' => $lang_login_php['enter_login_pswd'],
'{USERNAME}' => $lang_login_php['username'],
'{PASSWORD}' => $lang_login_php['password'],
);
echo template_eval($template_login, $params);
$ONNEXT_SCRIPT = 'login.submit();';
$ONBACK_SCRIPT = 'window.external.FinalBack();';
$WIZARD_BUTTONS = 'true,true,false';
}
// Process login information
function process_login()
{
global $CONFIG, $HTTP_POST_VARS, $PHP_SELF, $USER;
global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS;
global $template_login_success, $template_login_failure;
global $lang_login_php;
$results = db_query("SELECT user_id, user_name, user_password FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '" . addslashes($HTTP_POST_VARS['username']) . "' AND BINARY user_password = '" . addslashes($HTTP_POST_VARS['password']) . "' AND user_active = 'YES'");
if (mysql_num_rows($results)) {
$USER_DATA = mysql_fetch_array($results);
$cookie_life_time = 86400;
setcookie($CONFIG['cookie_name'] . '_uid', $USER_DATA['user_id'], time() + $cookie_life_time, $CONFIG['cookie_path']);
setcookie($CONFIG['cookie_name'] . '_pass', md5($HTTP_POST_VARS['password']), time() + $cookie_life_time, $CONFIG['cookie_path']);
$USER['am'] = 1;
user_save_profile();
$params = array('{WELCOME}' => sprintf($lang_login_php['welcome'], USER_NAME),
'{POST_ACTION}' => $PHP_SELF . '?cmd=publish',
);
echo template_eval($template_login_success, $params);
} else {
$params = array('{ERROR}' => $lang_login_php['err_login'],
'{POST_ACTION}' => $PHP_SELF . '?cmd=publish',
);
echo template_eval($template_login_failure, $params);
}
$ONNEXT_SCRIPT = 'dummy.submit();';
$ONBACK_SCRIPT = 'dummy.submit();';
$WIZARD_BUTTONS = 'true,true,false';
}
// Display the form that allows to choose/create the destination album
function form_publish()
{
global $CONFIG, $CAT_LIST, $PHP_SELF;
global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS;
global $template_select_album;
global $lang_xp_publish_php;
$alb_count = 0;
$html_album_list = html_album_list($alb_count);
$html_cat_list = html_cat_list();
if (!(USER_CAN_CREATE_ALBUMS || USER_IS_ADMIN)) {
template_extract_block($template_select_album, 'existing_albums');
template_extract_block($template_select_album, 'create_album');
$params = array('{WELCOME}' => sprintf($lang_xp_publish_php['welcome'], USER_NAME),
'{NO_ALBUM}' => $lang_xp_publish_php['no_alb'],
);
echo template_eval($template_select_album, $params);
$WIZARD_BUTTONS = "false,false,false";
} elseif (!$alb_count) {
template_extract_block($template_select_album, 'no_album');
template_extract_block($template_select_album, 'existing_albums');
if (!USER_IS_ADMIN) template_extract_block($template_select_album, 'select_category');
$params = array('{WELCOME}' => sprintf($lang_xp_publish_php['welcome'], USER_NAME),
'{CREATE_NEW}' => $lang_xp_publish_php['create_new'],
'{ALBUM}' => $lang_xp_publish_php['album'],
'{CATEGORY}' => $lang_xp_publish_php['category'],
'{SELECT_CATEGORY}' => $html_cat_list,
'{POST_ACTION}' => $PHP_SELF . '?cmd=create_album',
);
echo template_eval($template_select_album, $params);
$ONNEXT_SCRIPT = 'create_alb();';
$ONBACK_SCRIPT = 'window.external.FinalBack();';
$WIZARD_BUTTONS = 'true,true,false';
} else {
template_extract_block($template_select_album, 'no_album');
if (!USER_IS_ADMIN) template_extract_block($template_select_album, 'select_category');
$params = array('{WELCOME}' => sprintf($lang_xp_publish_php['welcome'], USER_NAME),
'{UPLOAD}' => $lang_xp_publish_php['upload'],
'{ALBUM}' => $lang_xp_publish_php['album'],
'{SELECT_ALBUM}' => $html_album_list,
'{CATEGORY}' => $lang_xp_publish_php['category'],
'{SELECT_CATEGORY}' => $html_cat_list,
'{CREATE_NEW}' => $lang_xp_publish_php['create_new'],
'{POST_ACTION}' => $PHP_SELF . '?cmd=create_album',
);
echo template_eval($template_select_album, $params);
$ONNEXT_SCRIPT = 'create_alb_or_use_existing();';
$ONBACK_SCRIPT = 'window.external.FinalBack();';
$WIZARD_BUTTONS = 'true,true,false';
}
}
// Create a new album where pictures will be uploaded
function create_album()
{
global $CONFIG, $HTTP_POST_VARS;
global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS;
global $template_create_album;
global $lang_errors, $lang_xp_publish_php;
if (!(USER_CAN_CREATE_ALBUMS || USER_IS_ADMIN)) simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
if (USER_IS_ADMIN) {
$category = (int)$HTTP_POST_VARS['cat'];
} else {
$category = FIRST_USER_CAT + USER_ID;
}
$query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos) VALUES ('$category', '" . addslashes($HTTP_POST_VARS['new_alb_name']) . "', 'NO', '0')";
db_query($query);
$params = array('{NEW_ALB_CREATED}' => sprintf($lang_xp_publish_php['new_alb_created'], $HTTP_POST_VARS['new_alb_name']),
'{CONTINUE}' => $lang_xp_publish_php['continue'],
'{ALBUM_ID}' => mysql_insert_id(),
);
echo template_eval($template_create_album, $params);
$ONNEXT_SCRIPT = 'startUpload();';
$ONBACK_SCRIPT = 'window.external.FinalBack();';
$WIZARD_BUTTONS = 'true,true,true';
}
// Add a picture
function process_picture()
{
global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_POST_FILES, $CONFIG, $IMG_TYPES;
global $lang_db_input_php, $lang_errors;
@unlink(LOGFILE);
if (!USER_ID || !USER_CAN_UPLOAD_PICTURES) simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
$album = (int)$HTTP_GET_VARS['album'];
$title = '';
$caption = '';
$keywords = '';
$user1 = '';
$user2 = '';
$user3 = '';
$user4 = '';
// Check if the album id provided is valid
if (!USER_IS_ADMIN) {
$result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album' and category = '" . (USER_ID + FIRST_USER_CAT) . "'");
if (mysql_num_rows($result) == 0) simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
$row = mysql_fetch_array($result);
mysql_free_result($result);
$category = $row['category'];
} else {
$result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album'");
if (mysql_num_rows($result) == 0) simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
$row = mysql_fetch_array($result);
mysql_free_result($result);
$category = $row['category'];
}
// Test if the filename of the temporary uploaded picture is empty
if ($HTTP_POST_FILES['userpicture']['tmp_name'] == '') simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__);
// Create destination directory for pictures
if (USER_ID && !defined('SILLY_SAFE_MODE')) {
if (USER_IS_ADMIN && ($category != (USER_ID + FIRST_USER_CAT))) {
$filepath = 'wpw-' . date("Ymd");
} else {
$filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT);
}
$dest_dir = $CONFIG['fullpath'] . $filepath;
if (!is_dir($dest_dir)) {
mkdir($dest_dir, octdec($CONFIG['default_dir_mode']));
if (!is_dir($dest_dir)) simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true);
chmod($dest_dir, octdec($CONFIG['default_dir_mode']));
$fp = fopen($dest_dir . '/index.html', 'w');
fwrite($fp, ' ');
fclose($fp);
}
$dest_dir .= '/';
$filepath .= '/';
} else {
$filepath = $CONFIG['userpics'];
$dest_dir = $CONFIG['fullpath'] . $filepath;
}
// Check that target dir is writable
if (!is_writable($dest_dir)) simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true);
$matches = array();
if (get_magic_quotes_gpc()) $HTTP_POST_FILES['userpicture']['name'] = stripslashes($HTTP_POST_FILES['userpicture']['name']);
// Replace forbidden chars with underscores
$forbidden_chars = strtr($CONFIG['forbiden_fname_char'], array('&' => '&', '"' => '"', '<' => '<', '>' => '>'));
$picture_name = strtr($HTTP_POST_FILES['userpicture']['name'], $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char'])));
// Check that the file uploaded has a valid extension
if (!preg_match("/(.+)\.(.*?)\Z/", $picture_name, $matches)) {
$matches[1] = 'invalid_fname';
$matches[2] = 'xxx';
}
if ($matches[2] == '' || !is_known_filetype($matches)) {
simple_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__);
}
// Create a unique name for the uploaded file
$nr = 0;
$picture_name = $matches[1] . '.' . $matches[2];
while (file_exists($dest_dir . $picture_name)) {
$picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
}
$uploaded_pic = $dest_dir . $picture_name;
// Move the picture into its final location
if (!move_uploaded_file($HTTP_POST_FILES['userpicture']['tmp_name'], $uploaded_pic))
simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true);
// Change file permission
chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
// Check file size. Delete if it is excessive.
if (filesize($uploaded_pic) > ($CONFIG['max_upl_size'] << 10)) {
@unlink($uploaded_pic);
simple_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__);
} elseif (is_image($picture_name)) {
// Get picture information
$imginfo = getimagesize($uploaded_pic);
// getimagesize does not recognize the file as a picture
if ($imginfo == null) {
@unlink($uploaded_pic);
simple_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true);
}
// JPEG and PNG only are allowed with GD
if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) {
@unlink($uploaded_pic);
simple_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true);
}
// Check that picture size (in pixels) is lower than the maximum allowed
if (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) {
@unlink($uploaded_pic);
simple_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__);
}
}
// Create thumbnail and internediate image and add the image into the DB
$result = add_picture($album, $filepath, $picture_name, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category);
if (!$result) {
@unlink($uploaded_pic);
simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '