Home General support

Public Photo Uploader

sagech Member
in General support
Hi there :)

I just made a very crude public photo uploader by copying and pasting the admin's upload page, and making some tiny adjustments.

I'm not sure whether any security flaws or useless codes exist though.. perhaps someone might want to cleanup the code.

Basically I placed the code below into a file called "upload.php" in the same folder as "admin.php".

`<?php /* Don't put anything before this line! */<br />
define('OFFSET_PATH', true);

require_once("sortable.php");

/* Display the admin pages. Do action handling first. */

$gallery = new Gallery();

if (isset($_GET['prune'])) {

$gallery->garbageCollect(true, true);

//header("Location: " . FULLWEBPATH . "/zen/admin.php");

} else {

$gallery->garbageCollect();

}

if (isset($_GET['action'])) {

$action = $_GET['action'];

if ($action == "upload") {

// Check for files.

$files_empty = true;

if (isset($_FILES['files']))

foreach($_FILES['files']['name'] as $name) { if (!empty($name)) $files_empty = false; }

// Make sure the folder exists. If not, create it.

if (isset($_POST['processed'])

&& !empty($_POST['folder'])

&& !$files_empty) {

$folder = strip($_POST['folder']);

$uploaddir = SERVERPATH . '/albums/' . $folder;

if (!is_dir($uploaddir)) {

mkdir ($uploaddir, 0777);

}

@chmod($uploaddir,0777);

$error = false;

foreach ($_FILES['files']['error'] as $key => $error) {

if ($_FILES['files']['name'][$key] == "") continue;

if ($error == UPLOAD_ERR_OK) {

$tmp_name = $_FILES['files']['tmp_name'][$key];

$name = $_FILES['files']['name'][$key];

if (is_image($name)) {

$uploadfile = $uploaddir . '/' . $name;

move_uploaded_file($tmp_name, $uploadfile);

@chmod($uploadfile, 0777);

} else if (is_zip($name)) {

unzip($tmp_name, $uploaddir);

}

}

}

$album = new Album($gallery, $folder);

$title = strip($_POST['albumtitle']);

if (!empty($title)) {

$album->setTitle($title);

$album->save();

}

header("Location: " . FULLWEBPATH . "/zen/upload.php?action=success");

} else {

// Handle the error and return to the upload page.

$page = "upload";

$error = true;

if ($files_empty) {

$errormsg = "You must upload at least one file.";

} else if (empty($_POST['albumtitle'])) {

$errormsg = "You must enter a title for your new album.";

} else if (empty($_POST['folder'])) {

$errormsg = "You must enter a folder name for your new album.";

} else if (empty($_POST['processed'])) {

$errormsg = "You've most likely exceeded the upload limits. Try uploading fewer files at a time, or use a ZIP file.";

} else {

$errormsg = "There was an error submitting the form. Please try again. If this keeps happening, check your "

. "server and PHP configuration (make sure file uploads are enabled, and upload_max_filesize is set high enough). "

. "If you think this is a bug, file a bug report. Thanks!";

}

}

} elseif($action == "success"){

$uploadstatus = true;

}

}

if (issetPage('edit')) {

zenSortablesPostHandler('albumOrder', 'albumList', 'albums');

}

if (issetPage('edit')) {

zenSortablesHeader('albumList','albumOrder','div');

}

?>

SMKBS Photo Gallery - Photo Uploader















window.totalinputs = 5;

// Array of album names for javascript functions.

var albumArray = new Array ( <?php <br />
$first = true;

$albums = $gallery->getAlbums();

foreach ($albums as $folder) {

$album = new Album($gallery, $folder);

echo ($first ? "" : ", ") . "'" . addslashes($album->getFolder()) . "'";

$first = false;

}

?> );

Upload Photos

This web-based upload accepts image formats: JPEG,

PNG and GIF.

You can also upload a ZIP archive containing either of those file types.

The maximum size for any one file is <?php echo ini_get('upload_max_filesize'); ?>B.

<?php if (isset($error) && $error) { ?>

Something went wrong...

<?php echo (empty($errormsg) ? "There was an error submitting the form. Please try again." : $errormsg); ?>



<?php } ?>

<?php if (isset($uploadstatus) && $uploadstatus) { unset($uploadstatus); ?>

Upload was successful!



<?php } ?>







Upload to:



a New Album +

<?php <br />
$albums = $gallery->getAlbums();

foreach ($albums as $folder) {

$album = new Album($gallery, $folder);

?>

getFolder();?>"><?php echo $album->getTitle();?>

<?php } ?>





called:

in the folder named:



That name is already used.


















































+ Add more upload boxes (won't reload the page, but remember your upload limits!)











`

I also placed this into the "admin.css" file.

`.successbox {

padding: 20px;

background-color: #EAFFDF;

border-top: 1px solid #6DAF4C;

border-left: 1px solid #6DAF4C;

border-right: 1px solid #6DAF4C;

border-bottom: 5px solid #6DAF4C;

margin-bottom: 10px;

font-size: 100%;

}

.successbox h2 {

color: #6DAF4C;

font-size: 100%;

font-weight: bold;

margin: 0px;

}`
Sign In or Register to comment.