upload_image_product.php

通达OA部分源代码

<?php 

include_once "logincheck.php";
include_once "myconnect.php";

if(!isset($_POST["pid"]))
{
	header("Location: gen_confirm_mem.php?errmsg=".urlencode("Invalid access, unable to continue."));
	die();
}
$pid=(int)$_POST["pid"];

$sbq_off_chk="select * from sbbleads_products where sb_id=$pid and sb_uid=".$_SESSION["sbbleads_userid"];
$sbrs_off_chk=mysql_query($sbq_off_chk);
if(mysql_num_rows($sbrs_off_chk) < 1)
{
	header("Location: gen_confirm_mem.php?errmsg=".urlencode("Invalid access, unable to continue."));
	die();
}

$config=mysql_fetch_array(mysql_query("select * from sbbleads_config"));

if (is_uploaded_file($_FILES['userfile']['tmp_name'])) 
{
	$realname = $_FILES['userfile']['name'];
///////--------chking extension	
	if(!preg_match("/(\.jpg|\.png|\.gif|\.bmp|\.jpeg)$/i",$realname))
		die();
///////--------end chking extension	
	if ($_FILES['userfile']['size']>($config["sb_image_size"]))
	{
	$mess="Uploaded files must be less than ".($config["sb_image_size"]/1000)."k. Please try again";
	}
	elseif($_FILES['userfile']['size']<=0)
	{
	$mess="File could not be uploaded. Please try again";
	}
	else
	{

//	echo $realname . ", size: ". $_FILES['userfile']['size'] . " [ ";
	$insert="no";
	switch($_FILES['userfile']['error'])
	{ case 0: $mess = "Image has been uploaded successfully"; $insert="yes";	  break;
	  case 1:
	  case 2: $mess = "Error : File size more than maximum size allowed by server";break;
	  case 3: $mess = "Error : File partially uploaded"; break;
	  case 4: $mess = "Error : No File Uploaded";
	  break;
	}
//	echo $mess . " ]  ";
		
		
		// check whether the file exists beforehand, if yes use randomvar in front of filename
		mt_srand((double)microtime()*1000000);
		$randvar =  mt_rand(1,10000000);
		settype($randvar,"string");
		
$extension=explode(".",$realname);
$newfilename = "uploadedimages/" . $randvar.".".$extension[count($extension)-1];// str_replace(" ","_",$realname);
//echo $newfilename;
$shortfname = $randvar.".".$extension[count($extension)-1];// . str_replace(" ","_",$realname);

		while ( file_exists($newfilename) != FALSE )
		{
		$randvar =  mt_rand(1,10000000);
		settype($randvar,"string");
$newfilename = "uploadedimages/" . $randvar.".".$extension[count($extension)-1];// str_replace(" ","_",$realname);
$shortfname =  $randvar.".".$extension[count($extension)-1];// str_replace(" ","_",$realname);
		}
//////////////////////
		copy($_FILES['userfile']['tmp_name'], $newfilename);
		
		//=============================if insertion = yes
		if($insert=="yes")
		{
		if(!get_magic_quotes_gpc())
			$url=str_replace("$","\$",addslashes($shortfname));
		else
			$url=str_replace("$","\$",$shortfname);
			
		mysql_query("Insert into `sbbleads_product_images` ( sb_offer_id, sb_img_url) VALUES ( $pid,'$url')");
			
			if($config["sb_image_magik"]=="enable")
			{
			$size_str=$config["sb_th_width"] . "x" . $config["sb_th_width"];
			$size_str2=$config["sb_th_width2"] . "x" . $config["sb_th_width2"];
			$path1="uploadedimages" . '/' . $url;
			$path2="thumbs1" . '/' . $url;
			$path3="thumbs2" . '/' . $url;
				if($config["sb_water_marking"]=="enable")
				{
				exec("composite -dissolve 20 images/watermark.gif $path1 $path1");
				}
				exec("convert $path1 -resize $size_str $path2");
				exec("convert $path1 -resize $size_str2 $path3");
			}

		}
		
}// Else fr more than 60k

} 
else 
{	
$mess="Some error occurred, please try again";
}
	header ("Location: view_images_product.php?sb_id=$pid&msg=".urlencode($mess));
	die();

?>