From cebfaca5e5b8e20938ba6ebf3b53f27e665dbb95 Mon Sep 17 00:00:00 2001
From: zlaxy <zlaxyi@gmail.com>
Date: Thu, 28 Sep 2017 00:31:08 +0300
Subject: [PATCH] Added upload image feature

---
 README          |  4 ++--
 index.php       | 55 ++++++++++++++++++++++++++++++++++++++++++-------
 settings.php    |  4 ++++
 settings_ru.php |  4 ++++
 4 files changed, 57 insertions(+), 10 deletions(-)

diff --git a/README b/README
index 2d49564..50a8f25 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-PHPCSV Guestbook version 0.96
+PHPCSV Guestbook version 0.97
 
 Simple php guestbook with csv file data storage.
 
@@ -15,7 +15,7 @@ Archive: https://github.com/zlaxy/phpcsvguestbook/archive/master.zip
 
 2. Edit settings.php: change $GBadmin and $GBpassword (and other variables if necessary)
 
-3. Check privileges for access to files: data storage (default: gbdb.csv) must have write permissions. Other files need only read rights.
+3. Check privileges for access to files: data storage (default: gbdb.csv) must have write permissions. If you enabled upload feature, 'upload' directory must have rwx permissions. Other files need only read rights.
 
 Using:
 
diff --git a/index.php b/index.php
index 54a1fbc..6d82d43 100644
--- a/index.php
+++ b/index.php
@@ -33,15 +33,36 @@ function ReadEntries() {
     return $Entries;
 }
 
+function SaveFile() {
+    $filename = substr(md5(uniqid()), 0, 13).'.'.pathinfo($_FILES['uploadedfile']['name'], PATHINFO_EXTENSION);
+    $uploaddir = 'upload/';
+    $uploadfile = $uploaddir.$filename;
+    if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $uploadfile)) {
+        return $uploadfile;
+    } else {
+        return false;
+    }
+}
+
+function CheckFile() {
+    global $GBimagesize;
+    if (getimagesize($_FILES['uploadedfile']['tmp_name'])) {
+        if ((filesize($_FILES['uploadedfile']['tmp_name']))<($GBimagesize)) return SaveFile();
+            else return false;
+    } else return false;
+}
+
 function AddEntry() {
     global $GBdata;
     global $Titles;
     global $PageStatus;
+    global $UploadedFile;
     $NewEntry[name]=$_POST['name'];
     $NewEntry[from]=$_POST['from'];
     $NewEntry[link]=$_POST['link'];
     $NewEntry[email]=$_POST['email'];
-    $NewEntry[text]=$_POST['text'];
+    if ($UploadedFile) $NewEntry[text]=$_POST['text']." <br><img src=\"$UploadedFile\">";
+        else $NewEntry[text]=$_POST['text'];
     $NewEntry[datetime]=time();
     $NewEntry[response]="";
     $fhandle=fopen($GBdata,"a");
@@ -57,6 +78,7 @@ function AddEntryView() {
     global $PageStatus;
     global $GBcaptcha;
     global $GBtextlenght;
+    global $GBupload;
     echo "<h2>",$Titles[Page],"</h2><br>\n";
     if ($PageStatus=="added") echo "$Titles[Added]"; else {
         $captchanumber11=rand(1, 4);
@@ -64,17 +86,22 @@ function AddEntryView() {
         $captchanumber21=rand(1, 4);
         $captchanumber22=rand(0, 9);
         $_SESSION['captcha']=md5(base64_encode(($captchanumber11.$captchanumber12)+($captchanumber21.$captchanumber22)));
-        echo "<form action=index.php method=post>\n";
+        echo "<form action=index.php method=post enctype=\"multipart/form-data\">\n";
         echo "  $Titles[Name]: <input type=text name=\"name\" value=\"",$Values["name"],"\" maxlength=255> ($Titles[Required])<br>\n";
         echo "  $Titles[City]: <input type=text name=\"from\" value=\"",$Values["from"],"\" maxlength=255><br>\n";
         echo "  $Titles[Link]: <input type=text name=\"link\" value=\"",$Values["link"],"\" maxlength=255><br>\n";
         echo "  $Titles[Email]: <input type=text name=\"email\" value=\"",$Values["email"],"\" maxlength=255> ($Titles[NotPublic])<br>\n";
         echo "  $Titles[Text]:<br>\n  <textarea name=\"text\" wrap=virtual cols=50 rows=5  maxlength=$GBtextlenght>",$Values["text"],"</textarea><br>\n";
+        if ($GBupload) {
+            echo "  <label for=\"file\">".$Titles[FileUpload]."</label>\n";
+            echo "  <input type=\"file\" name=\"uploadedfile\"><br>\n";
+        }
         if ($GBcaptcha) echo "  $Titles[Captcha]: <font class=\"text\">$captchanumber11</font><font>$captchanumber11</font><font>$captchanumber12</font> $Titles[CaptchaPlus] <font>$captchanumber21</font><font>$captchanumber22</font><font class=\"text\">$captchanumber21</font> = <input type=text name=\"captcha\" size=2 maxlength=2> ?<br>\n";
         echo "  <input type=submit name=\"submit\" value=\"$Titles[Submit]\">\n";
         echo "</form>\n";
         if ($PageStatus=="emptyname") echo "$Titles[EmptyName]<br>\n";
         if ($PageStatus=="emptytext") echo "$Titles[EmptyText]<br>\n";
+        if ($PageStatus=="wrongimage") echo "$Titles[WrongImage]<br>\n";
         if ($PageStatus=="wrongcaptcha") echo "$Titles[WrongCaptcha]<br>\n";
     }
 }
@@ -213,15 +240,27 @@ function EntriesView() {
 }
 
 if($_POST['submit']) {
-    if(!$_POST['text']) $PageStatus="emptytext";
-    if(!$_POST['name']) $PageStatus="emptyname";
-    if(($_POST['name'])&&($_POST['text']))
+    if (!$_POST['text']) $PageStatus="emptytext";
+    if (!$_POST['name']) $PageStatus="emptyname";
+    if ($GBupload) {
+        if ($_FILES['uploadedfile']['tmp_name']) {
+            $UploadedFile=CheckFile();
+            if (!$UploadedFile) {
+                $PageStatus="wrongimage";
+            }
+        }
+    }
+    if (($_POST['name'])&&($_POST['text']))
         if ($_POST["captcha"]&&(md5(base64_encode($_POST["captcha"]))==$_SESSION["captcha"])) {
-            AddEntry();
-            if ($GBnotificationmailto) SendMail();
-        } else if (!$GBcaptcha) {
+            if (!$PageStatus=="wrongimage") {
                 AddEntry();
                 if ($GBnotificationmailto) SendMail();
+            }
+        } else if (!$GBcaptcha) {
+                if (!$PageStatus=="wrongimage") {
+                    AddEntry();
+                    if ($GBnotificationmailto) SendMail();
+                }
             } else $PageStatus="wrongcaptcha";
     if (($PageStatus)&&!($PageStatus=="added")) {
         $SESSION["value"]["name"]=$_POST['name'];
diff --git a/settings.php b/settings.php
index 3da568a..8bdb7e2 100644
--- a/settings.php
+++ b/settings.php
@@ -14,6 +14,8 @@ $GBpagination=10; // pagination for entries, 0 - disabled
 $GBreadmore=255; // number of symbols for 'Read More' feature, 0 - shows full entries
 $GBsearch=true; // enable or disable search bar
 $GBcaptcha=true; // enable or disable captcha
+$GBupload=true; // enable or disable upload image feature
+$GBimagesize=1048576; // maximum image size
 $GBnotificationmailto=""; // leave empty if you don't want send notification
 $GBnotificationmailfrom="";
 $GBtextlenght=7168; // maximum size of entry text
@@ -63,4 +65,6 @@ $Titles[Next]=">>";
 $Titles[Search]="Search";
 $Titles[NoResult]="No search result";
 $Titles[ReadMore]="Read more";
+$Titles[FileUpload]="Upload image:";
+$Titles[WrongImage]="Can't upload image.";
 ?>
diff --git a/settings_ru.php b/settings_ru.php
index ef4104b..8a45046 100644
--- a/settings_ru.php
+++ b/settings_ru.php
@@ -15,6 +15,8 @@ $GBpagination=10; // количество записей на странице,
 $GBreadmore=0; // количество символов для функции 'Читать далее', 0 - показывать записи полностью
 $GBsearch=true; // включение или отключение строки поиска
 $GBcaptcha=true; // включение или отключение капчи
+$GBupload=true; // включение или отключние возможности загрузки картинок
+$GBimagesize=1048576; // максимальный размер изображения
 $GBnotificationmailto=""; // оставьте поле пустым, если не хотите отправки уведомлений о новых записях
 $GBnotificationmailfrom="";
 $GBtextlenght=7168; // максимальное количество символов для текста записи
@@ -64,4 +66,6 @@ $Titles[Next]="Вперед";
 $Titles[Search]="Поиск";
 $Titles[NoResult]="Ничего не найдено";
 $Titles[ReadMore]="Читать далее";
+$Titles[FileUpload]="Загрузить изображение:";
+$Titles[WrongImage]="Не могу загрузить изображение.";
 ?>