2 /* Copyright (c) 2009 Arnaud Renevier, Inc, published under the modified BSD
5 require_once ("./inc/settings.php");
6 require_once ("./inc/db/mysql.php");
7 require_once ("./inc/utils.php");
9 function exit_document ($body) {
10 exit ("<html><head></head><body>$body</body></html>");
13 function success_auth () {
17 function success_feature ($feature, $request) {
18 $res = "<success request=\"$request\"><feature>";
19 $res .= "<id>" . $feature->id . "</id>";
23 full_url_from_imgpath ($feature->imgpath)
27 $res .= "<description>" .
28 htmlspecialchars ($feature->description) .
31 // XXX: we do not use <title> because that would be interpreted and
32 // altered by browers html parser
34 htmlspecialchars ($feature->title) .
37 $res .= "<lon>" . $feature->lon . "</lon>";
38 $res .= "<lat>" . $feature->lat . "</lat>";
39 $res .= "</feature></success>";
43 function success_delete_feature ($feature) {
44 $res = "<success request=\"del\"><feature>";
45 $res .= "<id>" . $feature->id . "</id>";
46 $res .= "</feature></success>";
50 function success ($reason) {
51 exit_document ("<success request=\"$reason\"></success>");
54 function error ($reason) {
55 exit_document ("<error reason=\"$reason\"></error>");
58 function error_feature ($id, $reason) {
59 $res = "<error reason=\"$reason\"><feature>";
60 $res .= "<id>" . $id . "</id>";
61 $res .= "</feature></error>";
65 function nochange_error ($id) {
66 error_feature ($id, "nochange");
68 function unreferenced_error ($id) {
69 error_feature ($id, "unreferenced");
72 function server_error () {
76 function unauthorized_error () {
77 error ("unauthorized");
80 function request_error () {
84 function file_too_big_error () {
88 function notanimage_error () {
92 function delete_from_ftp ($file) {
93 $ftp_conn = ftp_connect (FTPSERVER);
94 $login = ftp_login ($ftp_conn, FTPUSER, FTPPASS);
95 if ((!$ftp_conn) || (!$login)) {
98 $target = sprintf ("%s/%s", FTPIMGDIR, basename ($file));
99 $deleted = ftp_delete ($ftp_conn, $target);
104 ftp_close ($ftp_conn);
107 function send_to_ftp ($file) {
108 $ftp_conn = ftp_connect (FTPSERVER);
109 $login = ftp_login ($ftp_conn, FTPUSER, FTPPASS);
110 if ((!$ftp_conn) || (!$login)) {
113 $dest = sprintf ("%s/%s", FTPIMGDIR, basename ($file));
114 $upload = ftp_put ($ftp_conn, $dest, $file, FTP_BINARY);
119 ftp_close ($ftp_conn);
122 function save_uploaded_file ($file, $con) {
124 if (isset ($file) && ($file ["error"] != UPLOAD_ERR_NO_FILE)) {
125 img_check_upload ($file);
126 $dest = unique_file (UPLOADDIR, $file ["name"], $con);
127 if (!isset ($dest) ||
128 (!move_uploaded_file ($file ["tmp_name"], $dest))) {
133 return basename_safe ($dest);
136 function img_check_upload ($file) {
137 if (!is_uploaded_file ($file ["tmp_name"])) {
138 if ($file ["error"] == UPLOAD_ERR_INI_SIZE) {
139 file_too_big_error ();
144 if (!getimagesize ($file ["tmp_name"])) {
149 function delete_image_if_unused ($imgpath, $con) {
150 if (!isset ($imgpath) || (strlen ($imgpath) == 0)) {
153 if ($con->imgpath_exists ($imgpath)) {
156 $path = UPLOADDIR . "/" . $imgpath;
157 if (file_exists($path)) {
159 delete_from_ftp ($path);
166 function unique_file ($dirname, $relpath, $con) {
167 $relpath = str_replace ('/', '', $relpath); // strip slashes from path
168 $relpath = str_replace ('\\', '', $relpath); // strip antislashes from path
169 $filename = $dirname . '/' . $relpath;
172 $dotpos = strrpos ($relpath, '.');
174 $base = substr ($relpath, 0, $dotpos);
175 $ext = substr ($relpath, $dotpos + 1);
181 while ($counter < 1000) {
182 if (!file_exists ($filename) &&
183 !($con->imgpath_exists (basename_safe ($filename)))) {
187 $filename = $dirname . '/' . $base . '_' . $counter . '.' . $ext;
190 // we tried to find an unused filename 1000 times. Give up now.
194 function main ($con) {
195 if (!isset ($_POST ["request"])) {
198 if ($_POST ["request"] == "auth") {
199 $pwd = unquote ($_POST["password"]);
201 if ($con->checkpwdmd5 ($user, md5 ($pwd))) {
202 // cookie will be valid for 2 weeks. I've chosen that value
203 // arbitrarily, and it may change in the future.
204 $time = time () + 14 * 60 * 24 * 60;
205 $cookie_name = sprintf ("%sauth", DBPREFIX);
206 setcookie ($cookie_name, md5 ($pwd), $time, "" , "", false, true);
209 unauthorized_error ();
212 if (!($con->checkpwdmd5 ("admin",
213 $_COOKIE [sprintf ("%sauth", DBPREFIX)]))) {
214 unauthorized_error ();
217 switch ($_POST ["request"]) {
219 $id = $_POST ["fid"];
220 $feature = $con->getfeature ($id);
221 if (!isset ($feature)) {
222 unreferenced_error ($id);
225 // no file uploaded, but editor currently has an image: it means
226 // image was not changed
227 if ($_POST ["keep_img"] == "yes") {
228 $imgpath = $feature->imgpath;
230 $imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
233 $lon = $_POST ["lon"];
234 $lat = $_POST ["lat"];
235 $title = unquote ($_POST ["title"]);
236 $description = unquote ($_POST ["description"]);
239 $new_feature = new feature ($id, $lon, $lat, $imgpath, $title, $description, 0);
240 } catch (Exception $e) {
244 if (($new_feature->lon == $feature->lon) &&
245 ($new_feature->lat == $feature->lat) &&
246 ($new_feature->title == $feature->title) &&
247 ($new_feature->imgpath == $feature->imgpath) &&
248 ($new_feature->description == $feature->description)) {
249 nochange_error ($feature->id);
253 if ($feature->imgpath && ($feature->imgpath != $new_feature->imgpath)) {
254 $old_imgpath = $feature->imgpath;
258 $con->save_feature ($new_feature);
259 } catch (Exception $e) {
264 delete_image_if_unused ($old_imgpath, $con);
265 } catch (Exception $e) {}
267 success_feature ($new_feature, "update");
270 $imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
272 $lon = $_POST ["lon"];
273 $lat = $_POST ["lat"];
274 $title = unquote ($_POST ["title"]);
275 $description = unquote ($_POST ["description"]);
277 $feature = new feature (null, $lon, $lat, $imgpath, $title, $description, 0);
278 } catch (Exception $e) {
282 $feature = $con->save_feature ($feature);
283 } catch (Exception $e) {
286 success_feature ($feature, "add");
289 $id = $_POST ["fid"];
290 $feature = $con->getfeature ($id);
291 if (!isset ($feature)) {
292 unreferenced_error ($id);
294 $imgpath = $feature->imgpath;
297 $con->delete_feature ($feature);
298 } catch (Exception $e) {
303 delete_image_if_unused ($imgpath, $con);
304 } catch (Exception $e) {}
306 success_delete_feature ($feature);
316 $connection->connect (DBHOST, DBUSER, DBPWD, DBNAME, DBPREFIX);
317 } catch (Exception $e) {