...
PDA

Chmode on upload

wslover
12-31-2005, 07:39 PM
Hi,
Can anyone tell me what and where to add the code so the image is chmod to 644 on upload?

<?php
//session_start();
include("./admin/config.php");
include("$include_path/common.php");

global $HTTP_POST_VARS,$HTTP_GET_VARS,$HTTP_SESSION_VARS,$HTTP_POST_FILES;
global $_SESSION;

if ($HTTP_POST_VARS!="")
$_POST=$HTTP_POST_VARS;

if ($HTTP_GET_VARS!="")
$_GET=$HTTP_GET_VARS;

if ($HTTP_SESSION_VARS!="")
$_SESSION=$HTTP_SESSION_VARS;

if ($HTTP_POST_FILES!="")
$_FILES=$HTTP_POST_FILES;


check_user_login();

$img_src = "";

include("$include_path/$table_file");

if(isset($_POST['delete_image']))
{

$sql = "
select
concat(id, '.', image_ext) as image
from
$tb_users
where
id = '$_SESSION[userid]'
";
$query = mysql_query($sql) or die(mysql_error());

$file = $image_path . "/" . mysql_result($query, 0, "image");

if(file_exists($file))
{

if(unlink($file)){
drop_rotation($_SESSION['userid']);
set_notfound_image($_SESSION['userid']);
$message = "Your image has been deleted.";
} else {
$message = "An error occured, your image was not deleted. If you continue to get this message, please contact us at <a href=mailto:images@teenchill.com>images@teenchill.com</a>";
}

} else {
$message = "Could not delete image, no image was found.";
}
}

if(isset($_POST['upload_image']))
{

$sql = "
select
total_files
from
$tb_users
where
id = '$_SESSION[userid]'
";
$query = mysql_query($sql) or die(mysql_error());
$total = mysql_result($query, 0, "total_files");

if ($total <= 20)
{

$sql = "
select
image_status
from
$tb_users
where
id = '$_SESSION[userid]'
";
$query = mysql_query($sql) or die(mysql_error());

$res = mysql_fetch_array($query);
if ($res['image_status']!="disabled")
{

$upload_image_error = false;
$allowed = false;

$the_file_ext_array = explode(".", $_FILES['the_file']['name']);
$the_file_ext = $the_file_ext_array[sizeof($the_file_ext_array)-1];

if(!strlen($_FILES['the_file']['name']))
{

$upload_image_error = true;
$message = "You did not upload anything!<br><br>";

}

$sql = "
select
*
from
$tb_image_types
";
$query = mysql_query($sql) or die(mysql_error());

while($array = mysql_fetch_array($query))
if($the_file_ext == $array["ext"]) $allowed = true;

if(!$allowed)
{

$upload_image_error = true;

$message = "The file that you uploaded was of a type that is not<br>allowed, you are only allowed to upload files of the type:<br><br>";

$ssql = "
select
*
from
$tb_image_types
";
$squery = mysql_query($ssql) or die(mysql_error());

while($sarray = mysql_fetch_array($squery))
$message .= "." . $sarray["ext"] . "<br>";

}

if($allowed)
{

// echo " tmp ".$_FILES['the_file']['tmp_name'];

$size = getimagesize($_FILES['the_file']['tmp_name']);
list($foo, $width, $bar, $height) = explode("\"", $size[3]);

if($width > $max_image_width)
{

$upload_image_error = true;

$message = "Your image should be no wider than " . $max_image_width . " Pixels<br><br>";
}

if($height > $max_image_height)
{

$upload_image_error = true;

$message = "Your image should be no higher than " . $max_image_height . " Pixels<br><br>";
}

}

if(!$upload_image_error)
{
$sql = "
select
total_files
from
$tb_users
where
id = '$_SESSION[userid]'
";
$query = mysql_query($sql) or die(mysql_error());
$total = mysql_result($query, 0, "total_files");
$number = $total + 1;
$main_picture= $_POST['pic_type'];

if($total && $main_picture=="y") {
$number=1;
}
$file_name = $_SESSION['userid'] . "_$number." . $the_file_ext;

if(isset($_POST['overwrite']))
{
if(move_uploaded_file($_FILES['the_file']['tmp_name'], $image_path . "/" . $file_name))
{
if($main_picture=="y") {
update_ext($the_file_ext, $_SESSION['userid']);
}
$newest_sql ="select * from $tb_newest_pictures where user_id ='$_SESSION[userid]' and image_number ='$number' ";
$newest_res = mysql_query($newest_sql);
if(mysql_num_rows($newest_res) ) {
$newest_picture_sql ="update $tb_newest_pictures set upload_time=now() where user_id ='$_SESSION[userid]' and image_number ='$number' ";
mysql_query($newest_picture_sql);
echo mysql_error();
}
else {
$newest_picture_sql ="insert into $tb_newest_pictures(user_id,image_number,upload_time) values ('$_SESSION[userid]','$number',now() ) ";
mysql_query($newest_picture_sql);
echo mysql_error();
}
if ($automatically_approve_picture=="no"){
$message = "Your image was uploaded successfully. It will now have to be reviewed<br>before being shown live on the site. Please allow up to 48 hours for review."; }
else {
$message = "Your image was uploaded successfully."; }

$uid=$_SESSION['userid'];
$main=$_POST['pic_type'];

if($main == "n")
$desc=$_POST['pic_desc'];
$sql="insert into $tb_upload_image_details (id,user_id,total_file_count,main,description)
values('',$uid,$number,'$main','$desc')";

mysql_query($sql);
if($main == "n") {
$sql = "update $tb_users set total_files=total_files+1 where id = '$_SESSION[userid]' ";
$query = mysql_query($sql) or die(mysql_error());
}
else {
if(!$total) {
$sql = "update $tb_users set total_files=total_files+1 where id = '$_SESSION[userid]' ";
$query = mysql_query($sql) or die(mysql_error());
}
}

}
else
{

$message = "Your image was not uploaded, a file write error occured. If you continue to get this message, please contact us at <a href=mailto:images@teenchill.com>images@teenchill.com</a>";
}


update_url("here", "", $_SESSION['userid']);

if ($automatically_approve_picture=="yes")
approve_image($_SESSION['userid']);
else
queue_image($_SESSION['userid']);

$imgsrc="$dat_base_url/images/$file_name";

NewImageAddedNotification($_SESSION['userid'], $imgsrc);
}
else
{

if (!@copy($_FILES['the_file']['tmp_name'], $image_path . "/" . $file_name))
{

$message = "Your new image was not uploaded.";

}
else
{

$message = "Your new image has been uploaded.";
update_ext($the_file_ext, $_SESSION['userid']);

}

update_url("here", "", $_SESSION['userid']);

if ($automatically_approve_picture=="yes")
approve_image($_SESSION['userid']);
else
queue_image($_SESSION['userid']);

$imgsrc="$dat_base_url/images/$file_name";

NewImageAddedNotification($_SESSION['userid']);

}
} // if (uploade_image_error)

} // if (disabled)
else
{
$message = "You image was disabled by our ADMIN. So here after, you must email your pictures to <a href=mailto:images@teenchill.com>images@teenchill.com</a> and we will post them for you if approved";
}
}
else
{
$message = "Your number of uploaded images has exceeded the limit...";
}
}

if(isset($_POST['submit_image_url'])){
$message = del_image($_SESSION[userid]);
$message = update_url($_POST['update_where'], $_POST['new_image_url'], $_SESSION['userid']);

}

include("$include_path/doc_head.php");
include("$include_path/styles.php");


include ("Ads_new.php");
include("$include_path/right.php");
include("$include_path/left.php");


// start content


$form = "";
$location = "";

if(isset($message)){
$message_code = <<<EOF
<table cellpadding="5" cellspacing="5" border="0">
<tr>
<td class="s9">$message</td>
</tr>
</table>
EOF;
}

$user_id = isset($_SESSION['userid']) ? $_SESSION['userid'] : 0;

$image_src = get_image($user_id,3);

include("$include_path/image_rules.php");
$image_code = $image_rules;


$tpl->assign(array('IMAGE_SRC' => $image_src));
$tpl->parse('IMAGE_CODE', 'upload_image_code');
$image_code .= $tpl->fetch('IMAGE_CODE');


if($allow_local_image == 1){
$tpl->assign(array('MAX_IMAGE_SIZE' => $max_image_size));

$location = query_where($user_id);

if($location == "here" || !$allow_remote_image){
$tpl->assign(array('CHECKED_LOCAL_IMAGE' => ' checked'));
$img_src = "";
}

$tpl->parse('FIELD_LOCAL_IMAGES', 'field_local_image');
} else {
$tpl->clear_dynamic('field_local_image');
}

if($allow_remote_image == 1){
if($location == "there" or $allow_local_image == 0) {
$tpl->assign(array('CHECKED_REMOTE_IMAGE' => " checked"));
}

$the_img_src = strstr($img_src, "notfound_image") ? "" : $img_src;
$tpl->assign(array('THE_IMG_SRC' => $the_img_src));

$tpl->parse('FIELD_REMOTE_IMAGE', 'field_remote_image');
} else {
$tpl->clear_dynamic('field_remote_image');
}



$tpl->parse('FORM', 'upload_form');
$form = $tpl->fetch('FORM');

$title = "Upload Image";

if(isset($_SESSION['userid']))
$content .= $image_code;

if(isset($message_code)) $content .= $message_code;

if(isset($_SESSION['userid'])) $content .= $form;

$final_output = table($title, $content);


$tpl->assign(array('CONTENT_TEXT' => $final_output));
$tpl->parse('PAGE', 'main');
$final_output = $tpl->fetch('PAGE');



$final_output = final_output($final_output);

//echo $final_output;
include ("copy.php");

function NewImageAddedNotification($uid, $img)
{
global $tb_users, $tb_user_types, $dat_base_url, $owner_email, $tb_email_templates;

$sql = "select u.username, ut.user_type from $tb_users u, $tb_user_types ut where u.id = '$uid' and u.user_type=ut.id ";
$res = mysql_query($sql);
echo mysql_error();

if ($data = mysql_fetch_row($res))
{
$username = $data[0];
$usertype = $data[1];
}

$mailheader="From: ".$owner_email;
$mailheader.="\r\nMIME-Version: 1.0\r\n";
$mailheader.="Content-type: text/html; charset=iso-8859-1\r\n";

$subject = "New Image Added in $dat_base_url ";

$sql = "select file_content from $tb_email_templates where file_name = 'new_image_notification' ";
$res = mysql_query($sql);
echo mysql_error();

if ($data = mysql_fetch_row($res))
{
$message = $data[0];
}


$message = ereg_replace("<<BASE_URL>>",$dat_base_url, $message);
$message = ereg_replace("<<USERNAME>>",$username, $message);
$message = ereg_replace("<<USERTYPE>>",$usertype, $message);
$message = ereg_replace("<<IMAGE_SRC>>",$img, $message);


/*
$message = "New image was added in the site $dat_base_url <br><br>
<b>User Details :</b> <br><br>
Username : $username<br>
Usertype : $usertype <br><br>
Image : <img src='$img' border=1 >";

*/


$to = $owner_email;
mail($to, $subject, $message, $mailheader);
}

?>

Thanks in advance!
Bill
thesavior
12-31-2005, 10:45 PM
This should work.

<?php
//session_start();
include("./admin/config.php");
include("$include_path/common.php");

global $HTTP_POST_VARS,$HTTP_GET_VARS,$HTTP_SESSION_VARS,$HTTP_POST_FILES;
global $_SESSION;

if ($HTTP_POST_VARS!="")
$_POST=$HTTP_POST_VARS;

if ($HTTP_GET_VARS!="")
$_GET=$HTTP_GET_VARS;

if ($HTTP_SESSION_VARS!="")
$_SESSION=$HTTP_SESSION_VARS;

if ($HTTP_POST_FILES!="")
$_FILES=$HTTP_POST_FILES;


check_user_login();

$img_src = "";

include("$include_path/$table_file");

if(isset($_POST['delete_image']))
{

$sql = "
select
concat(id, '.', image_ext) as image
from
$tb_users
where
id = '$_SESSION[userid]'
";
$query = mysql_query($sql) or die(mysql_error());

$file = $image_path . "/" . mysql_result($query, 0, "image");
chmod("$file", 0644); // added line

if(file_exists($file))
{

if(unlink($file)){
drop_rotation($_SESSION['userid']);
set_notfound_image($_SESSION['userid']);
$message = "Your image has been deleted.";
} else {
$message = "An error occured, your image was not deleted. If you continue to get this message, please contact us at <a href=mailto:images@teenchill.com>images@teenchill.com</a>";
}

} else {
$message = "Could not delete image, no image was found.";
}
}

if(isset($_POST['upload_image']))
{

$sql = "
select
total_files
from
$tb_users
where
id = '$_SESSION[userid]'
";
$query = mysql_query($sql) or die(mysql_error());
$total = mysql_result($query, 0, "total_files");

if ($total <= 20)
{

$sql = "
select
image_status
from
$tb_users
where
id = '$_SESSION[userid]'
";
$query = mysql_query($sql) or die(mysql_error());

$res = mysql_fetch_array($query);
if ($res['image_status']!="disabled")
{

$upload_image_error = false;
$allowed = false;

$the_file_ext_array = explode(".", $_FILES['the_file']['name']);
$the_file_ext = $the_file_ext_array[sizeof($the_file_ext_array)-1];

if(!strlen($_FILES['the_file']['name']))
{

$upload_image_error = true;
$message = "You did not upload anything!<br><br>";

}

$sql = "
select
*
from
$tb_image_types
";
$query = mysql_query($sql) or die(mysql_error());

while($array = mysql_fetch_array($query))
if($the_file_ext == $array["ext"]) $allowed = true;

if(!$allowed)
{

$upload_image_error = true;

$message = "The file that you uploaded was of a type that is not<br>allowed, you are only allowed to upload files of the type:<br><br>";

$ssql = "
select
*
from
$tb_image_types
";
$squery = mysql_query($ssql) or die(mysql_error());

while($sarray = mysql_fetch_array($squery))
$message .= "." . $sarray["ext"] . "<br>";

}

if($allowed)
{

// echo " tmp ".$_FILES['the_file']['tmp_name'];

$size = getimagesize($_FILES['the_file']['tmp_name']);
list($foo, $width, $bar, $height) = explode("\"", $size[3]);

if($width > $max_image_width)
{

$upload_image_error = true;

$message = "Your image should be no wider than " . $max_image_width . " Pixels<br><br>";
}

if($height > $max_image_height)
{

$upload_image_error = true;

$message = "Your image should be no higher than " . $max_image_height . " Pixels<br><br>";
}

}

if(!$upload_image_error)
{
$sql = "
select
total_files
from
$tb_users
where
id = '$_SESSION[userid]'
";
$query = mysql_query($sql) or die(mysql_error());
$total = mysql_result($query, 0, "total_files");
$number = $total + 1;
$main_picture= $_POST['pic_type'];

if($total && $main_picture=="y") {
$number=1;
}
$file_name = $_SESSION['userid'] . "_$number." . $the_file_ext;

if(isset($_POST['overwrite']))
{
if(move_uploaded_file($_FILES['the_file']['tmp_name'], $image_path . "/" . $file_name))
{
if($main_picture=="y") {
update_ext($the_file_ext, $_SESSION['userid']);
}
$newest_sql ="select * from $tb_newest_pictures where user_id ='$_SESSION[userid]' and image_number ='$number' ";
$newest_res = mysql_query($newest_sql);
if(mysql_num_rows($newest_res) ) {
$newest_picture_sql ="update $tb_newest_pictures set upload_time=now() where user_id ='$_SESSION[userid]' and image_number ='$number' ";
mysql_query($newest_picture_sql);
echo mysql_error();
}
else {
$newest_picture_sql ="insert into $tb_newest_pictures(user_id,image_number,upload_time) values ('$_SESSION[userid]','$number',now() ) ";
mysql_query($newest_picture_sql);
echo mysql_error();
}
if ($automatically_approve_picture=="no"){
$message = "Your image was uploaded successfully. It will now have to be reviewed<br>before being shown live on the site. Please allow up to 48 hours for review."; }
else {
$message = "Your image was uploaded successfully."; }

$uid=$_SESSION['userid'];
$main=$_POST['pic_type'];

if($main == "n")
$desc=$_POST['pic_desc'];
$sql="insert into $tb_upload_image_details (id,user_id,total_file_count,main,description)
values('',$uid,$number,'$main','$desc')";

mysql_query($sql);
if($main == "n") {
$sql = "update $tb_users set total_files=total_files+1 where id = '$_SESSION[userid]' ";
$query = mysql_query($sql) or die(mysql_error());
}
else {
if(!$total) {
$sql = "update $tb_users set total_files=total_files+1 where id = '$_SESSION[userid]' ";
$query = mysql_query($sql) or die(mysql_error());
}
}

}
else
{

$message = "Your image was not uploaded, a file write error occured. If you continue to get this message, please contact us at <a href=mailto:images@teenchill.com>images@teenchill.com</a>";
}


update_url("here", "", $_SESSION['userid']);

if ($automatically_approve_picture=="yes")
approve_image($_SESSION['userid']);
else
queue_image($_SESSION['userid']);

$imgsrc="$dat_base_url/images/$file_name";

NewImageAddedNotification($_SESSION['userid'], $imgsrc);
}
else
{

if (!@copy($_FILES['the_file']['tmp_name'], $image_path . "/" . $file_name))
{

$message = "Your new image was not uploaded.";

}
else
{

$message = "Your new image has been uploaded.";
update_ext($the_file_ext, $_SESSION['userid']);

}

update_url("here", "", $_SESSION['userid']);

if ($automatically_approve_picture=="yes")
approve_image($_SESSION['userid']);
else
queue_image($_SESSION['userid']);

$imgsrc="$dat_base_url/images/$file_name";

NewImageAddedNotification($_SESSION['userid']);

}
} // if (uploade_image_error)

} // if (disabled)
else
{
$message = "You image was disabled by our ADMIN. So here after, you must email your pictures to <a href=mailto:images@teenchill.com>images@teenchill.com</a> and we will post them for you if approved";
}
}
else
{
$message = "Your number of uploaded images has exceeded the limit...";
}
}

if(isset($_POST['submit_image_url'])){
$message = del_image($_SESSION[userid]);
$message = update_url($_POST['update_where'], $_POST['new_image_url'], $_SESSION['userid']);

}

include("$include_path/doc_head.php");
include("$include_path/styles.php");


include ("Ads_new.php");
include("$include_path/right.php");
include("$include_path/left.php");


// start content


$form = "";
$location = "";

if(isset($message)){
$message_code = <<<EOF
<table cellpadding="5" cellspacing="5" border="0">
<tr>
<td class="s9">$message</td>
</tr>
</table>
EOF;
}

$user_id = isset($_SESSION['userid']) ? $_SESSION['userid'] : 0;

$image_src = get_image($user_id,3);

include("$include_path/image_rules.php");
$image_code = $image_rules;


$tpl->assign(array('IMAGE_SRC' => $image_src));
$tpl->parse('IMAGE_CODE', 'upload_image_code');
$image_code .= $tpl->fetch('IMAGE_CODE');


if($allow_local_image == 1){
$tpl->assign(array('MAX_IMAGE_SIZE' => $max_image_size));

$location = query_where($user_id);

if($location == "here" || !$allow_remote_image){
$tpl->assign(array('CHECKED_LOCAL_IMAGE' => ' checked'));
$img_src = "";
}

$tpl->parse('FIELD_LOCAL_IMAGES', 'field_local_image');
} else {
$tpl->clear_dynamic('field_local_image');
}

if($allow_remote_image == 1){
if($location == "there" or $allow_local_image == 0) {
$tpl->assign(array('CHECKED_REMOTE_IMAGE' => " checked"));
}

$the_img_src = strstr($img_src, "notfound_image") ? "" : $img_src;
$tpl->assign(array('THE_IMG_SRC' => $the_img_src));

$tpl->parse('FIELD_REMOTE_IMAGE', 'field_remote_image');
} else {
$tpl->clear_dynamic('field_remote_image');
}



$tpl->parse('FORM', 'upload_form');
$form = $tpl->fetch('FORM');

$title = "Upload Image";

if(isset($_SESSION['userid']))
$content .= $image_code;

if(isset($message_code)) $content .= $message_code;

if(isset($_SESSION['userid'])) $content .= $form;

$final_output = table($title, $content);


$tpl->assign(array('CONTENT_TEXT' => $final_output));
$tpl->parse('PAGE', 'main');
$final_output = $tpl->fetch('PAGE');



$final_output = final_output($final_output);

//echo $final_output;
include ("copy.php");

function NewImageAddedNotification($uid, $img)
{
global $tb_users, $tb_user_types, $dat_base_url, $owner_email, $tb_email_templates;

$sql = "select u.username, ut.user_type from $tb_users u, $tb_user_types ut where u.id = '$uid' and u.user_type=ut.id ";
$res = mysql_query($sql);
echo mysql_error();

if ($data = mysql_fetch_row($res))
{
$username = $data[0];
$usertype = $data[1];
}

$mailheader="From: ".$owner_email;
$mailheader.="\r\nMIME-Version: 1.0\r\n";
$mailheader.="Content-type: text/html; charset=iso-8859-1\r\n";

$subject = "New Image Added in $dat_base_url ";

$sql = "select file_content from $tb_email_templates where file_name = 'new_image_notification' ";
$res = mysql_query($sql);
echo mysql_error();

if ($data = mysql_fetch_row($res))
{
$message = $data[0];
}


$message = ereg_replace("<<BASE_URL>>",$dat_base_url, $message);
$message = ereg_replace("<<USERNAME>>",$username, $message);
$message = ereg_replace("<<USERTYPE>>",$usertype, $message);
$message = ereg_replace("<<IMAGE_SRC>>",$img, $message);


/*
$message = "New image was added in the site $dat_base_url <br><br>
<b>User Details :</b> <br><br>
Username : $username<br>
Usertype : $usertype <br><br>
Image : <img src='$img' border=1 >";

*/


$to = $owner_email;
mail($to, $subject, $message, $mailheader);
}

?>

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum