2 /* Copyright (c) 2009 Arnaud Renevier, Inc, published under the modified BSD
5 require ("./inc/settings.php");
6 require ("./inc/errors.php");
7 require ("./inc/db/mysql.php");
8 require ("./inc/utils.php");
10 function unique_file ($dirname, $relpath, $con) {
11 $relpath = str_replace ('/', '', $relpath); // strip slashes from path
12 $relpath = str_replace ('\\', '', $relpath); // strip antislashes from path
13 $filename = $dirname . '/' . $relpath;
16 $dotpos = strrpos ($relpath, '.');
18 $base = substr ($relpath, 0, $dotpos);
19 $ext = substr ($relpath, $dotpos + 1);
25 while ($counter < 1000) {
26 if (!file_exists ($filename) && !$con->imgurl_exists ($filename)) {
30 $filename = $dirname . '/' . $base . '_' . $counter . '.' . $ext;
33 // we tried to find an unused filename 1000 times. Give up now.
37 function checkimgupload ($file) {
38 if (!is_uploaded_file ($file ["tmp_name"])) {
39 if ($file ["error"] == UPLOAD_ERR_INI_SIZE) {
40 file_too_big_error ();
45 if (!getimagesize ($file ["tmp_name"])) {
50 function main ($con) {
51 if (isset ($_FILES ["newimage_input"])) {
52 $file = $_FILES ["newimage_input"];
53 checkimgupload ($file);
55 $dest = unique_file (UPLOADDIR, $file ["name"], $con);
57 (!move_uploaded_file ($file ["tmp_name"], $dest))) {
61 exit (sprintf ("<p class=\"res\">request accepted</p>
62 <p class=\"infos\"><span class=\"imgurl\">%s</p></span></p>",
63 rawurlencode ($dest)));
64 } else if (isset ($_POST ["feature_imgurl"])) {
65 $imgurl = rawurldecode (unquote ($_POST ["feature_imgurl"]));
66 $title = unquote ($_POST ["feature_title"]);
67 $description = unquote ($_POST ["feature_description"]);
68 $lon = $_POST ["feature_lon"];
69 $lat = $_POST ["feature_lat"];
72 $feature = new feature ($imgurl, $title, $description, $lon, $lat);
73 } catch (Exception $e) {
74 switch ($e->getMessage ()) {
75 case $feature->err_lonlat_invalid:
83 if (!$con->save_feature ($feature)) {
84 feature_unavailable ();
86 } catch (Exception $e) {
91 } else if (isset ($_POST ["feature_delete"])) {
92 $imgurl = rawurldecode (unquote ($_POST ["feature_delete"]));
93 $feature = $con->getfeature ($imgurl);
94 if (!isset ($feature)) {
95 feature_unavailable ();
99 $con->delete_feature ($feature);
100 } catch (Exception $e) {
105 } else if (isset ($_POST ["imgurl_delete_0"])) {
107 while (isset ($_POST ["imgurl_delete_" . $idx])) {
108 $imgurl = rawurldecode (unquote ($_POST ["imgurl_delete_" . $idx]));
109 if (!$con->imgurl_exists ($imgurl)) {
110 if (file_exists ($imgurl)) {
113 $fname = relative_path ($imgurl);
114 if (file_exists ($fname)) {
127 $connection->connect (DBHOST, DBUSER, DBPWD, DBNAME, DBPREFIX);
128 } catch (Exception $e) {
131 $cookie_name = sprintf ("%sauth", DBPREFIX);
132 if (!isset ($_COOKIE [$cookie_name]) ||
133 !$connection->checkpwdmd5 ("admin", $_COOKIE [$cookie_name])) {