<?php
// This form handler is called from upload_cartoons.php. This page contains a form
// with the following elements (all are form arrays):
// - image_file[]: the actual file browser
// - tag_id[]: the category of the cartoon (animals, crime, election, etc.)
// - description[]: a text description of each cartoon
//
// The uploader verifies that all information was included for each image and then
// copies the full-quality image into a non-web-accessible directory for download
// following a verified purchase. The image is converted to a small thumbnail for
// search results and a medium-sized watermarked image for customers to view in
// order to decide to make a purchase. All files are then placed in the correct
// location and the image and its associated information is added to the database.
ini_set("track_errors", true);
session_start();
$_SESSION["ERRORS"] = array();
$_SESSION["UPLOADED_FILES"] = array();
if (mysql_connect("localhost", "db_user", "db_pass")) {
if (!mysql_select_db($db_name)) {
array_push($_SESSION["ERRORS"], "Could not connect to the database: " . mysql_error());
}
}
else {
array_push($_SESSION["ERRORS"], "Could not connect to the database: " . mysql_error());
}
$tblCartoons = "Cartoons";
$tblTagMap = "TagMap";
// upload_cartoons.php contains a thorough JavaScript-based validation routine,
// but double-check here that all information was provided, just in case.
$files = array();
for (range(0, count($_POST['image_file'])-1 as $idx) {
if (
isset($_POST['tag_id'][$idx]) &&
isset($_POST['description'][$idx]) &&
isset($_FILES['image_file']['name'][$idx]) &&
isset($_FILES['image_file']['tmp_name'][$idx]) &&
is_uploaded_file($_FILES['image_file']['tmp_name'][$idx]) &&
$_FILES['image_file']['error'][$idx] == 0
) {
$_SESSION["UPLOADED_FILES"][$_FILES['image_file']['name'][$idx]] = "Not attempted";
array_push($files, array(
'orig_filename' => $_FILES['image_file']['name'][$idx],
'local_filename' => $_FILES['image_file']['tmp_name'][$idx],
'tag_id' => $_POST['tag_id'][$idx],
'description' => $_POST['description'][$idx]
));
}
}
// Set some constants and operational parameters
$image_hires_dir = "/home/client/hires_images"; // not accessible to HTTP
$image_thumb_dir = "/home/client/html/thumbs";
$image_basic_dir = "/home/client/html/images";
$basic_max_dim = 640;
$thumb_max_dim = 180;
$jpeg_quality = 75; // out of 100
$watermark_str = "copyright";
$watermark_font = 5; // built-in font #5 - fixed
foreach ( $files as $file_info ) {
// Set variables and verify/escape those to be used in DB queries
$orig_filename = $file_info['orig_filename'];
$local_filename = $file_info['local_filename'];
$description = escape_sql_param($file_info['description']);
$tag_id = $file_info['tag_id'];
if (!preg_match('/^\d+$/', $tag_id)) {
array_push($_SESSION["ERRORS"], "Could not verify tag id!");
break;
}
$_SESSION["UPLOADED_FILES"][$orig_filename] = "Failed";
// generate local filenames and copy uploaded hires file
$new_base_filename = strtoupper(md5($orig_filename)) . "-" . time() . ".jpg";
$filename_hires = "$image_hires_dir/$new_base_filename";
$filename_thumb = "$image_thumb_dir/$new_base_filename";
$filename_basic = "$image_basic_dir/$new_base_filename";
$prev_err = error_reporting(0);
$copy_ok = copy($local_filename, $filename_hires); // $local_filename confirmed by is_uploaded_file
error_reporting($prev_err);
if ($copy_ok) {
// Get info from the hires image
$prev_err = error_reporting(0);
$img_hires = imagecreatefromjpeg($filename_hires);
error_reporting($prev_err);
if ($img_hires) {
list($hires_w, $hires_h) = getimagesize($filename_hires);
$hires_max_dim = max($hires_w, $hires_h);
$hires_x_offset = 0;
$hires_y_offset = 0;
// Create the medium-quality (standard/browse) image - resixed and watermarked
$basic_ratio = $basic_max_dim / $hires_max_dim;
$basic_w = $hires_w * $basic_ratio;
$basic_h = $hires_h * $basic_ratio;
$basic_x_offset = round(($basic_max_dim - $basic_w) / 2);
$basic_y_offset = round(($basic_max_dim - $basic_h) / 2);
$img_basic = imagecreatetruecolor($basic_max_dim, $basic_max_dim);
$white_basic = imagecolorallocate($img_basic, 0xFF, 0xFF, 0xFF);
imagefill($img_basic, 0, 0, $white_basic);
imagecopyresampled($img_basic, $img_hires,
$basic_x_offset, $basic_y_offset,
$hires_x_offset, $hires_y_offset,
$basic_w, $basic_h,
$hires_w, $hires_h);
// Watermark the basic image
$gray_basic = imagecolorallocate($img_basic, 0x80, 0x80, 0x80);
$watermark_w = imagefontwidth($watermark_font) * strlen($watermark_str);
$watermark_y = $basic_y_offset + 50;
$odd_row = 0;
while ($watermark_y < $basic_y_offset + $basic_h - 50) {
$watermark_x = $basic_x_offset + 50 + (50 * $odd_row);
$odd_row = 1 - $odd_row;
while ($watermark_x < $basic_x_offset + $basic_w - $watermark_w) {
imagestring($img_basic, $watermark_font, $watermark_x, $watermark_y, $watermark_str, $gray_basic);
$watermark_x += 150;
}
$watermark_y += 50;
}
imagejpeg($img_basic, $filename_basic, $jpeg_quality); // Save the file
// Create the thumbnail image - resize but no watermark required
$thumb_ratio = $thumb_max_dim / $hires_max_dim;
$thumb_w = $hires_w * $thumb_ratio;
$thumb_h = $hires_h * $thumb_ratio;
$thumb_x_offset = round(($thumb_max_dim - $thumb_w) / 2);
$thumb_y_offset = round(($thumb_max_dim - $thumb_h) / 2);
$img_thumb = imagecreatetruecolor($thumb_max_dim, $thumb_max_dim);
$white_thumb = imagecolorallocate($img_thumb, 0xFF, 0xFF, 0xFF);
imagefill($img_thumb, 0, 0, $white_thumb);
imagecopyresampled($img_thumb, $img_hires,
$thumb_x_offset, $thumb_y_offset,
$hires_x_offset, $hires_y_offset,
$thumb_w, $thumb_h,
$hires_w, $hires_h);
imagejpeg($img_thumb, $filename_thumb, $jpeg_quality); // Save the file
// Free memory
imagedestroy($img_basic);
imagedestroy($img_thumb);
imagedestroy($img_hires);
// Add image to database and its tag association
$query = "INSERT INTO $tblCartoons " .
" (id, description, filename, upload_date, hidden, deleted, deleted_date, is_bestof)" .
"VALUES (NULL, '$description', '$new_base_filename', NOW(), '0', '0' , NULL, '0')";
$qresult = mysql_query($query); // SAFE: $description: escaped above
// $new_base_filename: locally generated
// other arguments are constant
if ($qresult) {
$cartoon_id = mysql_insert_id();
$query = "INSERT INTO $tblTagMap (cartoon_id, tag_id) VALUES ('$cartoon_id', '$tag_id')";
$qresult = mysql_query($query); // SAFE: $cartoon_id: locally generated
// $tag_id: verifiedabove
if ($qresult) {
$_SESSION["UPLOADED_FILES"][$orig_filename] = "Succeeded";
}
else {
array_push($_SESSION["ERRORS"], "Database error setting tag: " . mysql_error());
break;
}
}
else {
array_push($_SESSION["ERRORS"], "Database error adding image: " . mysql_error());
break;
}
}
else {
unlink($filename_hires);
array_push($_SESSION["ERRORS"], "Error reading $orig_filename: not a valid JPEG image");
break;
}
}
else {
array_push($_SESSION["ERRORS"], "Error copying: $php_errormsg");
break;
}
}
if ($_SESSION["ERRORS"]) {
header("Location: error.php");
}
else {
header("Location: upload_complete.php");
}
?>
