Yet another mod: allow unregistered users to upload, but get contact info Yet another mod: allow unregistered users to upload, but get contact info
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Yet another mod: allow unregistered users to upload, but get contact info

Started by divestoclimb, December 24, 2008, 06:29:30 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

divestoclimb

I've done a modification to 1.4.19 to require that unregistered users enter a name and phone number when they upload images to any album in a specific category in the gallery. The purpose of this is for a photo contest so we can contact the winner if they don't have an account on our site. The name and phone number get stored as user fields #1 and 2 for every image that's uploaded.

Notes:

  • No validation is done on the data to ensure that the person really entered a name and correct number.
  • This modification requires a previous one I've done: preselect an album to upload to via link. Apply that modification before doing this one.
  • Because this code relies on having the album passed to upload.php at the beginning of the process, users could bypass the requirements if they went straight to upload.php then selected the album they wanted to place their photos in. On my site I'm removing direct links to upload.php and relying on album-specific links instead for my users so it's not an issue for me.
First, a new database record needs to be created. In the database table cpg14x_config, add a row with name "photo_contest_category" and value of whatever category ID corresponds to the category you want this code to act on. You determine this number by hovering over the category link in Coppermine, and looking at the end of the URL for the link--it should look like "?cat=#". The # is the category ID you want.
You also should assign names to user defined fields 1 and 2, which can be done as an admin on the config page under "Custom fields for image description (leave blank if unused)." This is not required, but it will make it easier to see the contact information associated with an image by clicking the "Edit file information" button.

In lang/english.php, search for $lang_upload_php and insert these lines into the list that follows:

  'contest_enter_info' => '<your info here>',
  'real_name' => "Your Real Name",
  'phone_number' => "Your Phone Number",

The <your info here> text will be displayed on the first upload screen. The text I have is specific to my site--you probably want to include something about how in order to upload a photo to this category, you either need to log in as a photo gallery user or enter your contact information.

Still in lang/english.php, search for $lang_errors and insert this line into the list that follows:

  'need_info_or_login' => '<your error message here>',

Again, my message text is site-specific. This is the error message that will be displayed to a user who neglects to enter a name and phone number.

Now open upload.php and find the following:

        // Check for valid form number.
        if ((USER_UPLOAD_FORM >= '0') and (USER_UPLOAD_FORM <= '7')) {

            // Create form array, and insert MAX_FILE_SIZE control.
            $form_array[] = array('MAX_FILE_SIZE', $max_file_size);

Add the following below it:

    if(! USER_ID and array_key_exists("album", $_GET) and is_numeric($_GET["album"])) {
// Look up the album's category
$sql="SELECT category FROM ".$CONFIG['TABLE_PREFIX']."albums WHERE aid=".$_GET["album"];
$results=cpg_db_query($sql);
if(mysql_num_rows($results)) {
    list($cat)=mysql_fetch_array($results);
    if($cat == $CONFIG['photo_contest_category']) {
// Require the user to enter a name and phone number
array_push($form_array, $lang_upload_php['contest_enter_info'],
array($lang_upload_php['real_name'], 'user1', 0, 255, 1),
array($lang_upload_php['phone_number'], 'user2', 0, 30, 1)
);
    }
}
    }


Now find this section:

// Check for error code support. Set the error code.

        if (count($_FILES['file_upload_array']['error']) == 0) {

            // This version of PHP does not support error codes (PHP < 4.2.0).  Create our own error code.

            $error_code = 'default';

        } else {

            // We have error support.
            $error_support = 'TRUE';

        }

And add this below it:

$contest_category=false;
if(! USER_ID and array_key_exists("album", $_POST) and is_numeric($_POST["album"])) {
    // Look up the album's category
    $sql="SELECT category FROM ".$CONFIG['TABLE_PREFIX']."albums WHERE aid=".$_POST["album"];
    $results=cpg_db_query($sql);
    if(mysql_num_rows($results)) {
list($cat)=mysql_fetch_array($results);
if($cat == $CONFIG['photo_contest_category']) {
    $contest_category=true;
    if($_POST['user1'] == '' or $_POST['user2'] == '') {
pageheader($lang_error);
msg_box($lang_error, $lang_errors['need_info_or_login'], $lang_continue, "upload.php?album=".$_POST["album"], "100%");

// Create the footer and flush the output buffer.
pagefooter();
ob_end_flush();

// Exit the script.
exit;
    }
}
    }
}


Find this section of code that was modified as part of the preselect album mod:

        $form_array = array(
            array('unique_ID', $unique_ID, 4)
        );

if(array_key_exists("album", $_POST) and is_numeric($_POST["album"])) {
    array_push($form_array, array("preset_album", $_POST["album"], 4));
}

array_push($form_array,
    array('control', 'phase_2', 4)
);

Replace it with this:

        $form_array = array(
            array('unique_ID', $unique_ID, 4)
        );

if(array_key_exists("album", $_POST) and is_numeric($_POST["album"])) {
    array_push($form_array, array("preset_album", $_POST["album"], 4));

    if($contest_category) {
array_push($form_array, array("user1", $_POST["user1"], 4),
array("user2", $_POST["user2"], 4));
    }
}


array_push($form_array,
    array('control', 'phase_2', 4)
);


Now find this section of code that was modified as part of my last mod:

    $form_array = array();
    if(array_key_exists("preset_album", $_POST) and is_numeric($_POST["preset_album"])) {
array_push($form_array, array("album", $_POST["preset_album"], 4));
    } else {
array_push($form_array, array($lang_upload_php['album'], 'album', 2));
    }
    array_push($form_array,
    array($lang_upload_php['pic_title'], 'title', 0, 255, 1, $title),
    array($captionLabel, 'caption', 3, $CONFIG['max_img_desc_length'], (isset($iptc['Caption'])) ? $iptc['Caption'] : ''),
    array($lang_upload_php['keywords'], 'keywords', 0, 255, 1,(isset($iptc['Keywords'])) ? implode(' ',$iptc['Keywords']): ''),
    array('control', 'phase_2', 4),
    array('unique_ID', $_POST['unique_ID'], 4)
    );

Change it to this:

    $form_array = array();
    if(array_key_exists("preset_album", $_POST) and is_numeric($_POST["preset_album"])) {
array_push($form_array, array("album", $_POST["preset_album"], 4));
    } else {
array_push($form_array, array($lang_upload_php['album'], 'album', 2));
    }
    array_push($form_array,
array($lang_upload_php['pic_title'], 'title', 0, 255, 1, $title),
array($captionLabel, 'caption', 3, $CONFIG['max_img_desc_length'], (isset($iptc['Caption'])) ? $iptc['Caption'] : ''),
array($lang_upload_php['keywords'], 'keywords', 0, 255, 1,(isset($iptc['Keywords'])) ? implode(' ',$iptc['Keywords']): '')
    );

    // include user1 and user2 information if it's been passed to
    // us
    if($_POST['user1'] != '' and $_POST['user2'] != '') {
array_push($form_array,
    array('user1', $_POST['user1'], 4),
    array('user2', $_POST['user2'], 4)
);
    }

    array_push($form_array,
array('control', 'phase_2', 4),
array('unique_ID', $_POST['unique_ID'], 4)
    );


Finally, find this code just below the last section:

    if(!empty($CONFIG['user_field1_name'])) {
        $form_array[] = array($CONFIG['user_field1_name'], 'user1', 0, 255, 1);
    }

    if(!empty($CONFIG['user_field2_name'])) {
        $form_array[] = array($CONFIG['user_field2_name'], 'user2', 0, 255, 1);
    }

And comment it out like so:

    /* if(!empty($CONFIG['user_field1_name'])) {
        $form_array[] = array($CONFIG['user_field1_name'], 'user1', 0, 255, 1);
    }

    if(!empty($CONFIG['user_field2_name'])) {
        $form_array[] = array($CONFIG['user_field2_name'], 'user2', 0, 255, 1);
    } */

(this prevents the user from seeing their contact information again later in the upload process, and it hides these fields from other uploaders)
UPDATE This code section appears twice in upload.php. Comment out both sections.

As a footnote, I'm not being overly pedantic about input validation because if someone is submitting bad data it's their problem--we just won't be able to contact them if they win.

phill104

It is a mistake to think you can solve any major problems just with potatoes.

Fabricio Ferrero

:-[ I was doing another things and seems that I moved here by mistake.

Thanks Phill for noticed.

As we (Supporters) doesn't have the permission to move it from here, please some Adm move this properly. Thanks.
Read Docs and Search the Forum before posting. - Soporte en español
--*--
Fabricio Ferrero's Website

Catching up! :)

Joachim Müller