upload.php -- need to modify upload.php -- need to modify
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

upload.php -- need to modify

Started by kalyanalee, March 31, 2016, 05:39:59 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

kalyanalee

Dear Admin and Anyone,

I want to modify upload.php, so i could set a file name directly in the code and also i do not need to click "Upload File" button. Could you show me what should i modify in this upload.php file?

Thank you very much.

kalyanalee

I have tried to modify it, but it still didn't work. Thank you for your help.

Αndré

Quote from: kalyanalee on March 31, 2016, 05:39:59 PM
so i could set a file name directly in the code

Not sure if I understood correctly. Do you want to set a fixed file name in the code, or should the user be able to enter a file name in the upload form?


Quote from: kalyanalee on March 31, 2016, 05:39:59 PM
i do not need to click "Upload File" button

You need to submit the form in some way. This could probably be achieved with JavaScript, but won't work for people who disabled JavaScript in their browser.

kalyanalee

Thank you for your reply, Andre...

Here i want to do...

I capture a picture using webcam, by using js, i got...

        $nama = 'temp/'.md5($_SERVER['REMOTE_ADDR'].rand()).'.jpg';
        header("Content-type:image/jpeg");
        imagejpeg($img,$nama, 90);

I have saved the file in folder "temp" with the file name and path is defined by variable "$nama".

Now, i look into "upload.php"

I would like to combine the above code into "upload.php", so by using html_single, i upload the file in a user album...

the basic idea is...
This code in "upload.php" which gave a user the right to choose file...
      <input type="file" name="$name" size="40" class="listbox"/>

I want to replace it with the "$nama" variable...

So, when user capture a picture using webcam, they could upload it directly to his/her album.

Thank you very much...

Αndré

It's not possible to set a default value for a file field. See http://stackoverflow.com/questions/1017224/dynamically-set-value-of-a-file-input

You'd need to post the actual form data directly to Coppermine. As I said in the other thread:
Quote from: Αndré on April 06, 2016, 11:44:50 AM
I haven't checked the code yet how this is possible. I think ron4mac currently has a more extensive comprehension at the upload process and knows where/how you have to send your files to (probably upload.php). Maybe he replies to this thread.

kalyanalee

Thank you for your reply, Andre... I really appreciated it... :)

I have searched for input type html tag, and i also found out that it was not possible for security reason.

But Andre, the folder "temp" is also in the server side, not in the client side... So, the file "$nama" is in the server. I have tried, it was possible to move from one folder to another in server by using php code. What i really do not understand in this coppermine is which variable should contain the file path and name also its extension. So, if i would like to move it to user's album, which variable should i assign the variable name and extension?

I also noticed there was a hidden input....

// The hidden form input function. Takes the hidden input field name and value.
function hidden_input($name, $value)
{
        echo <<<EOT
        <tr>
            <td colspan="2">
                   <input type="hidden" name="$name" value="$value" />
            </td>
        </tr>

EOT;
}


what do exactly this "$name" and "$value" contain?

Thank you very much...  ;D

Αndré

Please have a look at the HTML source Code of the simple upload form. The hidden input is used e.g. for the timestamp and form token.

However, if the file is already on the server I suggest to just add a new row to the pictures table in the MySQL database. I can provide help to extend your current script, if you get stuck.

kalyanalee

Thank you for your hospitality, Andre...

Here is the code...

/**
* Get the width and height of the destination image
* from the POST variables and convert them into
* integer values
*/
$w = (int)$_POST['width'];
$h = (int)$_POST['height'];

// create the image with desired width and height

$img = imagecreatetruecolor($w, $h);

// now fill the image with blank color
// do you remember i wont pass the 0xFFFFFF pixels
// from flash?
imagefill($img, 0, 0, 0xFFFFFF);

$rows = 0;
$cols = 0;

// now process every POST variable which
// contains a pixel color
for($rows = 0; $rows < $h; $rows++){
   // convert the string into an array of n elements
   $c_row = explode(",", $_POST['px' . $rows]);
   for($cols = 0; $cols < $w; $cols++){
      // get the single pixel color value
      $value = $c_row[$cols];
      // if value is not empty (empty values are the blank pixels)
      if($value != ""){
         // get the hexadecimal string (must be 6 chars length)
         // so add the missing chars if needed
         $hex = $value;
         while(strlen($hex) < 6){
            $hex = "0" . $hex;
         }
         // convert value from HEX to RGB
         $r = hexdec(substr($hex, 0, 2));
         $g = hexdec(substr($hex, 2, 2));
         $b = hexdec(substr($hex, 4, 2));
         // allocate the new color
         // N.B. teorically if a color was already allocated
         // we dont need to allocate another time
         // but this is only an example
         $test = imagecolorallocate($img, $r, $g, $b);
         // and paste that color into the image
         // at the correct position
         imagesetpixel($img, $cols, $rows, $test);
      }
   }
}
$path = 'albums/userpics/10001/';
$nama = md5($_SERVER['REMOTE_ADDR'].rand()).'.jpg';
// print out the correct header to the browser
header("Content-type:image/jpeg");
imagejpeg($img,$path.$nama, 90);

$namathumb = 'thumb_'.$nama;
$thumb = imagecreatetruecolor(128,96);
imagealphablending($thumb, false);
imagecopyresized($thumb, $img, 0, 0, 0, 0, 128, 96, $w, $h);
imagejpeg($thumb, $path.$namathumb,90);

$namanormal = 'normal_'.$nama;
$normal = imagecreatetruecolor(400,300);
imagealphablending($normal, false);
imagecopyresized($normal, $img, 0, 0, 0, 0, 400, 300, $w, $h);
imagejpeg($normal, $path.$namanormal,90);


Basically, this code will generate three files, which are placed in folder "userpics/10001/". The size of these files are met the requirement of coppermine. folder "10001" should be got from user category folder. The problems are:
1. I do not know how coppermine could recoqnize user without session? If i could know the user, i think i will try to connect to the database and retrive this user information and then customize the user category folder.
2. Actually, i am a newbie in web programming, but i am eager to learn and work hard... So, please be patient with me...

Thank you very much for your kindness, Andre...

kalyanalee

Dear Andre,

To stress the point of my problem in my previous reply, i just have written this php code....

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "dbphotobook";
$id = 4;
$aid = 0;
$category = 0;


// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);

// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

$sql = "SELECT aid,category FROM cpg15x_albums WHERE owner=$id";
$result = mysqli_query($conn,$sql);
if (mysqli_num_rows($result) > 0) {
    // output data of each row
    while($aid==0) {
        $row = mysqli_fetch_assoc($result);
      $aid = $row["aid"];
      $category = $row["category"];
    }
} else {
    echo "0 results";
}

$filepath = 'userpics/'.$category.'/';
$filename = 'xxx.jpg';
$filesize = 10000;
$total_filesize = 11000;
$pwidth = 320;
$pheight = 400;
$mtime = date('Y-m-d H:i:s');
$owner_id = $id;
$approved = 'YES';

$sql = "INSERT INTO cpg15x_pictures (aid, filepath, filename, filesize, total_filesize, pwidth, pheight,mtime, owner_id, approved)
VALUES ($aid, '$filepath', '$filename', $filesize, $total_filesize, $pwidth, $pheight,'$mtime', $owner_id, '$approved')";

if (mysqli_query($conn, $sql)) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}

mysqli_close($conn);
?>


The basic idea of this code is to write a row in table cpg15x_pictures according to a user id... So, as i stated in the previous reply, i wonder how coppermine determined the user_id.

Please give me a correction about this code... Thank you very much, Andre...

kalyanalee

Dear Andre,

Apparently, i have solved this problem...

Thank you very much...

kalyanalee

Dear Andre,

How could i get this total_filesize aka size on disk?
I have tried filesize() and stat() but there aren't any clue for me...

Thank you very much...

ron4mac

#11
Here is the general idea of a file you will need to place in the root of your CPG installation. You will need to post to it the username, password, width, height and picture informations. It returns nothing if successful, otherwise an error message. NO TESTING DONE

<?php
// Confirm we are in Coppermine
define('IN_COPPERMINE'true);

// Get basic functions, etc.
require('include/init.inc.php');
require(
'include/picmgmt.inc.php');

// Authenticate the user
$uname $superCage->post->getEscaped('username');
$upass $superCage->post->getEscaped('password');
if (!
$cpg_udb->login($uname$upass0)) die('nologin');
if (!
USER_ID) die('no userid');

// Get user album and category info (may need some work here)
$rslt cpg_db_query("SELECT aid, category FROM {$CONFIG['TABLE_ALBUMS']} WHERE (category = " . (FIRST_USER_CAT USER_ID) . " OR owner = " USER_ID);
$catalb cpg_db_fetch_row($rslt);

/**
 * Get the width and height of the destination image
 * from the POST variables and convert them into
 * integer values
 */
$w $superCage->post->getInt('width');
$h $superCage->post->getInt('height');

// create the image with desired width and height

$img imagecreatetruecolor($w$h);

// now fill the image with blank color
// do you remember i wont pass the 0xFFFFFF pixels 
// from flash?
imagefill($img000xFFFFFF);

$rows 0;
$cols 0;

// now process every POST variable which
// contains a pixel color
for($rows 0$rows $h$rows++){
   
// convert the string into an array of n elements
   
$c_row explode(","$superCage->post->getRaw('px' $rows));
   for(
$cols 0$cols $w$cols++){
      
// get the single pixel color value
      
$value $c_row[$cols];
      
// if value is not empty (empty values are the blank pixels)
      
if($value != ""){
         
// get the hexadecimal string (must be 6 chars length)
         // so add the missing chars if needed
         
$hex $value;
         while(
strlen($hex) < 6){
            
$hex "0" $hex;
         }
         
// convert value from HEX to RGB
         
$r hexdec(substr($hex02));
         
$g hexdec(substr($hex22));
         
$b hexdec(substr($hex42));
         
// allocate the new color
         // N.B. teorically if a color was already allocated 
         // we dont need to allocate another time
         // but this is only an example
         
$test imagecolorallocate($img$r$g$b);
         
// and paste that color into the image
         // at the correct position
         
imagesetpixel($img$cols$rows$test);
      }
   }
}

// Get the path to where the image should be saved
$path $CONFIG['fullpath'] . $CONFIG['userpics'] . (USER_ID FIRST_USER_CAT);

// Place the image
$nama md5($superCage->server->getRaw("REMOTE_ADDR").rand()).'.jpg';
imagejpeg($img,$path.'/'.$nama90);

// Add to database (creating thumb, etc.)
$result add_picture($catalb['aid'], $path$nama);
if (
$result !== true) {
$fail is_array($result) ? $result['error'] : 'failed to add image';
die($fail);
}


kalyanalee

Thank you very much, ron4mac...

May i know how to calculate or get the value of total_filesize or file size on disk? I have checked php function like filesize, stat, but i couldn't retrieve or calculate this number.

When i used stat() for the array 11 (blksize) or 12 (blocks), the number always -1, so i couldn't calculate the file size on disk.
How do coppermine get this value?

Thank you...

ron4mac

#13
Quote from: kalyanalee on April 10, 2016, 10:41:52 AM
May i know how to calculate or get the value of total_filesize or file size on disk?
The value for total_filesize is taken care of automatically by add_picture() in the code that I gave you.
see: include/picmgmt.inc.php, line # 110

Also: there is (at least) one mistake in my code above...
Near the end of the code...
imagejpeg($img,$path.$nama, 90);
should be:
imagejpeg($img,$path.'/'.$nama, 90);

I made that correction to the code above and added more appropriate error handling after add_picture()