<%@ CodePage=65001 Language="VBScript"%> <% Option Explicit %> <% sBBSLangPage = "albums" BBS.SetupBBS BBS.SetScheme(0) dictEnvironment.item("V-LOCATIONLINKS") = dictEnvironment.item("V-LOCATIONLINKS") & " -> " & dictLanguage("GLOBAL-LOCATION9") & " -> " & dictLanguage("GLOBAL-LOCATION12") dim iAlbumID, vAlbumInfo, bIsAdmin, Uploader, sAlbumUsername, iUserAlbumID, sComponent, objFile, bError, iPhotoID, SQL dim sGUID ' Check for permission if not(BBS.HasPermission(PERM_ViewBBS, -1)) then response.redirect sBBSForumRoot & "/logon.asp?error=needregistration" if not(BBS.HasPermission(PERM_AlbumView, -1)) then response.redirect sBBSForumRoot & "/restricted-page.asp" if dictConfiguration("bENABLEPHOTOALBUMS") = 0 then response.redirect "../category-view.asp" if not(BBS.HasPermission(PERM_Albumcreate, -1)) then response.redirect sBBSForumRoot & "/restricted-page.asp" ' Administrators might want to work on someone else's album if BBS.GetUserlevel(MODULE_Albums, -1) >= USERLEVEL_ModuleAdministrator then if len(request.querystring("useralbum")) > 0 then iUserAlbumID = BBS.GetUserInfoByID(request.querystring("useralbum"))(UI_MemberID) sAlbumUsername = BBS.GetUserInfoByID(request.querystring("useralbum"))(UI_Username) end if else sAlbumUsername = sBBSUserName iUserAlbumID = iBBSMemberID end if vAlbumInfo = Albums.GetAlbumInfo(request.querystring("albumid")) if vAlbumInfo(AI_AlbumID) = -1 then response.redirect "photo-main.asp" if ucase(vAlbumInfo(AI_Username)) <> ucase(sBBSUsername) and BBS.GetUserlevel(MODULE_Albums, -1) < USERLEVEL_ModuleAdministrator then response.redirect "photo-main.asp" end if ' Uploading a photo if request.querystring("action") = "upload" then sGUID = mid(trim(Server.CreateObject("Scriptlet.Typelib").GUID), 2, 36) bError = False iPhotoID = GetNewPhoto(vAlbumInfo(AI_AlbumID)) sComponent = BBS.DetectUploadComponent if sComponent = "DUNDAS" then Set Uploader = Server.CreateObject("Dundas.Upload.2") Uploader.SaveToMemory Uploader.UseVirtualDir = True ' Check if any files were uploaded If Uploader.Files.Count = 0 Then dictEnvironment("V-ERROR") = dictLanguage("ALBUMS-NOFILES") End if if ucase(sBBSDatabaseType) = "MYSQL" Then rsMaster.open "select * from photos where photoid=" & iPhotoID, sConnString & "OPTION=16387;", adOpenStatic, adLockOptimistic else rsMaster.open "select * from photos where photoid=" & iPhotoID, dbConnection, adOpenStatic, adLockOptimistic end if For Each objFile In Uploader.Files bError = False if not(BBS.IsAllowed(BBS.GetExtension(Uploader.GetFileName(objFile.OriginalPath)))) then bError = True end if if (dictConfiguration("iMAXALBUMFILESIZE") <> 0) and (objFile.size/1024 > clng(dictConfiguration("iMAXALBUMFILESIZE")) and BBS.GetUserLevel(MODULE_Albums, -1) < USERLEVEL_ModuleAdministrator) then bError = True dictEnvironment("V-ERROR") = dictLanguage("ALBUMS-FILETOOBIG") end if if bError = False then rsMaster("albumid") = vAlbumInfo(AI_AlbumID) rsmaster("dateuploaded") = now rsMaster("filename").value = Uploader.GetFileName(objFile.OriginalPath) rsMaster("username").value = vAlbumInfo(AI_Username) rsMaster("description") = BBS.ValidateField(Uploader.Form("description")) rsMaster("fileguid") = sGUID if dictConfiguration("bSTOREINFILESYSTEM") = 1 then objFile.saveas sBBSForumRoot & "/photos/uploads/" & sGUID rsMaster("picture").value = GetBlankBinary rsMaster("fullfile").value = 1 rsMaster("thumbfile").value = 0 else rsMaster("picture").value = objFile.binary rsMaster("fullfile").value = 0 rsMaster("thumbfile").value = 0 end if rsMaster.Update vAlbumInfo(AI_DateUpdated) = now vAlbumInfo(AI_PhotoCount) = Albums.GetNumberOfPhotos(vAlbumInfo(AI_AlbumID)) Albums.EditAlbum(vAlbumInfo) dictEnvironment("V-ERROR") = dictLanguage("UPLOAD-SUCCESS") End If next elseif sComponent = "PUREASP" then ' Check if any files were uploaded err.clear on error resume next Set Uploader = New FileUploader Uploader.Upload() if err.Number <> 0 then dictEnvironment("V-ERROR") = dictLanguage("ALBUMS-SERVERERROR") bError = True end if on error goto 0 if bError = False then If Uploader.Files.Count = 0 Then dictEnvironment("V-ERROR") = dictLanguage("ALBUMS-NOFILES") End if ' Loop through the uploaded files For Each objFile In Uploader.Files.Items bError = False if not(BBS.IsAllowed(BBS.GetExtension(objFile.FileName))) then bError = True end if if (dictConfiguration("iMAXALBUMFILESIZE") <> 0) and (objFile.FileSize/1024 > clng(dictConfiguration("iMAXALBUMFILESIZE")) and BBS.GetUserLevel(MODULE_Albums, -1) < USERLEVEL_ModuleAdministrator) then dictEnvironment("V-ERROR") = dictLanguage("ALBUMS-FILETOOBIG") bError = True end if if bError = False then ' Open the table you are saving the file to if ucase(sBBSDatabaseType) = "MYSQL" Then rsMaster.open "select * from photos where photoid=" & iPhotoID, sConnString & "OPTION=16387;", adOpenStatic, adLockOptimistic else rsMaster.open "select * from photos where photoid=" & iPhotoID, dbConnection, adOpenStatic, adLockOptimistic end if rsMaster("albumid") = vAlbumInfo(AI_AlbumID) rsmaster("dateuploaded") = now rsMaster("username").value = sBBSUsername rsMaster("filename") = objFile.FileName rsMaster("description") = BBS.ValidateField(Uploader.Form("description")) rsMaster("fileguid") = sGUID if dictConfiguration("bSTOREINFILESYSTEM") = 1 then objFile.SaveToDiskMBBS(server.mappath(sBBSForumRoot & "/photos/uploads")) & "\" & sGUID rsMaster("picture").value = GetBlankBinary rsMaster("fullfile").value = 1 rsMaster("thumbfile").value = 0 else objFile.SaveToDatabase rsMaster("picture") rsMaster("fullfile").value = 0 rsMaster("thumbfile").value = 0 end if rsMaster.Update vAlbumInfo(AI_DateUpdated) = now vAlbumInfo(AI_PhotoCount) = Albums.GetNumberOfPhotos(vAlbumInfo(AI_AlbumID)) Albums.EditAlbum(vAlbumInfo) dictEnvironment("V-ERROR") = dictLanguage("UPLOAD-SUCCESS") end if next if bError = True then SQL = "delete from photos where photoid=" & BBS.ValidateNumeric(iPhotoID) dbConnection.execute SQL end if end if end if end if function GetNewPhoto(byval iAlbumID) dim SQL, rsInfo set rsInfo = Server.CreateObject("ADODB.Recordset") SQL = "insert into photos (albumid, dateuploaded, username, description, picture, filename, fullfile, thumbfile, fileguid) values (" & BBS.ValidateNumeric(iAlbumID) & ", " & sDateDelimiter & BBS.GetSQLDateTime(now) & sDateDelimiter & ", " SQL = SQL & "'" & BBS.ValidateSQL(sBBSUsername) & "', '', '', '', 0,0, '')" dbConnection.execute SQL SQL = "select @@identity" rsInfo.open SQL, dbConnection, adOpenStatic, adLockReadOnly if rsInfo.EOF then GetNewPhoto = -1 else GetNewPhoto = clng(rsInfo.fields(0).value) end if rsInfo.Close set rsInfo = Nothing end function dictEnvironment("V-ALBUMOWNERID") = BBS.GetUserInfobyName(vAlbumInfo(AI_Username))(UI_MemberID) dictEnvironment("U-FORMACTION") = "upload-photos.asp?action=upload&albumid=" & vAlbumInfo(AI_AlbumID) dictEnvironment("V-ALBUMINFO") = vAlbumInfo dictEnvironment.add "V-TITLE", dictLanguage.item("ALBUMS-TITLE") dictEnvironment.add "C-SHOWRANDOMQUOTES", dictConfiguration("bDISPLAYBBSQUOTES") if iBBSUserLevel >= USERLEVEL_SupportAdministrator then dictEnvironment.add "C-SHOWADMINLINK", 1 Function GetBlankBinary() Dim pbinBinaryData pBinBinaryData = chrb(46) & chrb(46) Dim lobjRs Dim llngLength Dim lbinBuffer CONST adLongVarBinary = 205 llngLength = LenB(pbinBinaryData) Set lobjRs = Server.CreateObject("ADODB.Recordset") Call lobjRs.Fields.Append("BinaryData", adLongVarBinary, llngLength) Call lobjRs.Open() Call lobjRs.AddNew() Call lobjRs.Fields("BinaryData").AppendChunk(pbinBinaryData & ChrB(0)) Call lobjRs.Update() lbinBuffer = lobjRs.Fields("BinaryData").GetChunk(llngLength) Call lobjRs.Close() Set lobjRs = Nothing GetBlankBinary = lbinBuffer End Function %> <% Filesystem.ExecuteBBSTemplate("/photos/upload-photos.asp") %>