From 39e79f97178c74591b84d6cbe952f7a182d19abe Mon Sep 17 00:00:00 2001
From: unknown <Peter@.(none)>
Date: Wed, 17 Nov 2010 11:59:03 +0100
Subject: [PATCH] Simple local avatar feature

---
 account_prefs_inc.php      |    3 ++
 avatar_file_add.php        |   67 ++++++++++++++++++++++++++++++++++
 avatar_file_delete.php     |   77 +++++++++++++++++++++++++++++++++++++++
 avatar_file_upload_inc.php |   85 ++++++++++++++++++++++++++++++++++++++++++++
 config_defaults_inc.php    |   22 +++++++++++
 file_download.php          |   47 ++++++++++++------------
 6 files changed, 277 insertions(+), 24 deletions(-)
 create mode 100644 avatar_file_add.php
 create mode 100644 avatar_file_delete.php
 create mode 100644 avatar_file_upload_inc.php
diff --git a/account_prefs_inc.php b/account_prefs_inc.php
index 36b9b33..47adf0f 100644
--- a/account_prefs_inc.php
+++ b/account_prefs_inc.php
@@ -186,6 +186,9 @@
 </tr>
 </table>
 </form>
+
+<?php 	include ( 'avatar_file_upload_inc.php' ); ?>
+
 </div>
 
 <br />
diff --git a/avatar_file_add.php b/avatar_file_add.php
new file mode 100644
index 0000000..736d227
--- /dev/null
+++ b/avatar_file_add.php
@@ -0,0 +1,67 @@
+<?php
+# MantisBT - a php based bugtracking system
+
+# MantisBT is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# MantisBT is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
+
+	/**
+	 * Add the image file to b used as avatar
+	 *
+	 * @package MantisBT
+	 * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
+	 * @copyright Copyright (C) 2002 - 2010  MantisBT Team - mantisbt-dev@lists.sourceforge.net
+	 * @link http://www.mantisbt.org
+	 */
+	 /**
+	  * MantisBT Core API's
+	  */
+	require_once( 'core.php' );
+
+	require_once( 'file_api.php' );
+
+	$f_avatar_id = gpc_get_int ( 'avatar_id', -1 );
+	$f_file		 = gpc_get_file( 'file'     , -1 );
+
+	if ( $f_avatar_id == -1 && $f_file	== -1 ) {
+		# _POST/_FILES does not seem to get populated if you exceed size limit so check if avatar_id is -1
+		trigger_error( ERROR_FILE_TOO_BIG, ERROR );
+	}
+
+	form_security_validate( 'avatar_file_add' );
+
+	if ( !file_is_uploading_enabled() ) {
+		access_denied();
+	}
+
+	access_ensure_global_level( config_get( 'upload_avatar_file_threshold' ) );
+
+	file_add( $f_avatar_id, $f_file, 'avatar' );
+
+	form_security_purge( 'avatar_file_add' );
+
+	# Determine which view page to redirect back to.
+	$t_redirect_url = 'account_prefs_page.php';
+
+	html_page_top( null, $t_redirect_url );
+	
+?>
+<br />
+<div align="center">
+<?php
+	echo lang_get( 'operation_successful' ) . '<br />';
+	print_bracket_link( $t_redirect_url, lang_get( 'proceed' ) );
+?>
+</div>
+
+<?php
+	html_page_bottom();
diff --git a/avatar_file_delete.php b/avatar_file_delete.php
new file mode 100644
index 0000000..191eec1
--- /dev/null
+++ b/avatar_file_delete.php
@@ -0,0 +1,77 @@
+<?php
+# MantisBT - a php based bugtracking system
+
+# MantisBT is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# MantisBT is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
+
+	/**
+	 * Delete a file from a bug and then view the bug
+	 *
+	 * @package MantisBT
+	 * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
+	 * @copyright Copyright (C) 2002 - 2010  MantisBT Team - mantisbt-dev@lists.sourceforge.net
+	 * @link http://www.mantisbt.org
+	 */
+	 /**
+	  * MantisBT Core API's
+	  */
+	require_once( 'core.php' );
+
+	require_once( 'file_api.php' );
+
+	/**
+	 * Get array of attachments associated with the specified avatar id.  The array will be
+	 * sorted in terms of date added (ASC).  The array will include the following fields:
+	 * id, title, diskfile, filename, filesize, file_type, date_added. For now one user has
+	 * only one avatar which has his avatar_id set equal to user_id.
+	 * @param int p_avatar_id integer representing avatar id
+	 * @return array array of results or null
+	 * @access public
+	 * @uses database_api.php
+	 * @uses file_api.php
+	 */
+	function get_avatar ( $p_avatar_id ) {
+		$c_avatar_id = db_prepare_int( $p_avatar_id );
+	
+		$t_avatar_file_table = db_get_table( 'mantis_avatar_file_table' );
+	
+		$query = "SELECT id, title, diskfile, filename, filesize, file_type, date_added
+			                FROM $t_avatar_file_table
+			                WHERE avatar_id=" . db_param() . "
+			                ORDER BY date_added";
+		$db_result = db_query_bound( $query, Array( $c_avatar_id ) );
+		$num_files = db_num_rows( $db_result );
+	
+		$t_result = array();
+	
+		for( $i = 0;$i < $num_files;$i++ ) {
+			$t_result[] = db_fetch_array( $db_result );
+		}
+	
+		return $t_result;
+	}
+		
+	form_security_validate( 'avatar_file_delete' );
+
+	$f_avatar_id = gpc_get_int( 'avatar_id' );
+	$f_file_id = get_avatar ( $f_avatar_id );
+	
+	access_ensure_global_level( config_get( 'update_avatar_threshold' ) );
+
+	helper_ensure_confirmed( lang_get( 'delete_attachment_sure_msg' ), lang_get( 'delete_attachment_button' ) );
+
+	file_delete( $f_file_id[0]['id'], 'avatar' );
+
+	form_security_purge( 'avatar_file_delete' );
+
+	print_header_redirect( 'account_prefs_page.php' );
diff --git a/avatar_file_upload_inc.php b/avatar_file_upload_inc.php
new file mode 100644
index 0000000..0b80285
--- /dev/null
+++ b/avatar_file_upload_inc.php
@@ -0,0 +1,85 @@
+<?php
+# MantisBT - a php based bugtracking system
+
+# MantisBT is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# MantisBT is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
+
+	/**
+	 * This include file prints out the avatar file upload form
+	 * It POSTs to avatar_file_add.php
+	 * @package MantisBT
+	 * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
+	 * @copyright Copyright (C) 2002 - 2010  MantisBT Team - mantisbt-dev@lists.sourceforge.net
+	 * @link http://www.mantisbt.org
+	 */
+
+	require_once( 'file_api.php' );
+
+	# check if we can allow the upload... bail out if we can't
+	if ( !file_is_uploading_enabled() ) {
+		return false;
+	}
+
+	$t_max_file_size = (int)min( ini_get_number( 'upload_max_filesize' ), ini_get_number( 'post_max_size' ), config_get( 'max_file_size' ) );
+?>
+<br />
+
+<?php
+	collapse_open( 'upload_form' );
+?>
+<form method="post" enctype="multipart/form-data" action="avatar_file_add.php">
+<?php echo form_security_field( 'avatar_file_add' ) ?>
+<table class="width75" cellspacing="1">
+<tr>
+	<td class="form-title" colspan="2">
+<?php
+		collapse_icon( 'upload_form' );
+		echo lang_get( 'upload_file' ) ?>
+	</td>
+</tr>
+<tr class="row-1">
+	<td class="category" width="15%">
+		<?php echo lang_get( 'select_file' ) ?><br />
+		<?php echo '<span class="small">(' . lang_get( 'max_file_size' ) . ': ' . number_format( $t_max_file_size/1000 ) . 'k)</span>'?>
+	</td>
+	<td width="85%">
+		<input type="hidden" name="avatar_id" value="<?php echo $p_user_id ?>" />
+		<input type="hidden" name="max_file_size" value="<?php echo $t_max_file_size ?>" />
+		<input name="file" type="file" size="40" />
+		<input type="submit" class="button" value="<?php echo lang_get( 'upload_file_button' ) ?>" />
+<?php 
+if ( ($p_user_id == auth_get_current_user_id()) || user_is_administrator( $p_user_id ) ) {
+	echo '&#160;[';
+	print_link( 'avatar_file_delete.php?avatar_id=' . $p_user_id . form_security_param( 'avatar_file_delete' ), lang_get( 'delete_link' ), false, 'small' );
+	echo ']';
+}
+?>
+	</td>
+</tr>
+</table>
+</form>
+<?php
+	collapse_closed( 'upload_form' );
+?>
+<table class="width75" cellspacing="1">
+<tr>
+	<td class="form-title" colspan="2">
+		<?php
+			collapse_icon( 'upload_form' );
+			echo lang_get( 'upload_file' ) ?>
+	</td>
+</tr>
+</table>
+
+<?php
+	collapse_end( 'upload_form' );
diff --git a/config_defaults_inc.php b/config_defaults_inc.php
index b3f8bd8..cad1bda 100644
--- a/config_defaults_inc.php
+++ b/config_defaults_inc.php
@@ -943,6 +943,12 @@
 	$g_default_avatar = "%path%images/no_avatar.png";
 
 	/**
+	 * access level needed to update avatars
+	 * @global int $g_update_avatar_threshold
+	 */
+	$g_update_avatar_threshold	= DEVELOPER;
+	
+	/**
 	 * Show release dates on changelog
 	 * @global int $g_show_changelog_dates
 	 */
@@ -1571,6 +1577,14 @@
 	 */
 	$g_document_files_prefix = 'doc';
 
+	
+	/**
+	 * prefix to be used for the file system names of avatars uploaded to mantis.
+	 * Eg: avatar-015-face.png
+	 * @global string $g_document_files_prefix
+	 */
+	$g_avatar_files_prefix = 'avatar';
+	
 	/**
 	 * absolute path to the default upload folder.  Requires trailing / or \
 	 * @global string $g_absolute_path_default_upload_folder
@@ -2275,6 +2289,13 @@
 	$g_upload_bug_file_threshold	= REPORTER;
 
 	/**
+	 * access level needed to upload avatars
+	 *  if $g_allow_file_upload set to OFF then avatar upload is disabled
+	 * @global int $g_upload_avatar_file_threshold
+	 */
+	$g_upload_avatar_file_threshold	= DEVELOPER;
+	
+	/**
 	 * Add bugnote threshold
 	 * @global int $g_add_bugnote_threshold
 	 */
@@ -2868,6 +2889,7 @@
 	 * table names
 	 * @global array $g_db_table
 	 */
+	$g_db_table['mantis_avatar_file_table']				= '%db_table_prefix%_avatar_file%db_table_suffix%';
 	$g_db_table['mantis_bug_file_table']				= '%db_table_prefix%_bug_file%db_table_suffix%';
 	$g_db_table['mantis_bug_history_table']				= '%db_table_prefix%_bug_history%db_table_suffix%';
 	$g_db_table['mantis_bug_monitor_table']				= '%db_table_prefix%_bug_monitor%db_table_suffix%';
diff --git a/file_download.php b/file_download.php
index 6e750b5..282cb60 100644
--- a/file_download.php
+++ b/file_download.php
@@ -55,51 +55,50 @@
 	$f_file_id = gpc_get_int( 'file_id' );
 	$f_type = gpc_get_string( 'type' );
 
+	// allow only tables we can handle
+	$t_allowed_tables = array ( 'bug', 'doc', 'avatar' );
+	if ( ! in_array ($f_type, $t_allowed_tables) ) {
+		access_denied();
+	}
+	
+	// later on either change the table name mantis_project_file_table to
+	// mantis_doc_file_table or change the code on all places with file_download.php
+	// reference to use type='project' instead of type='doc'.
+	if ( $f_type == 'doc' ) {
+		$f_type = 'project';
+	}
+	
 	$c_file_id = (integer)$f_file_id;
 
 	# we handle the case where the file is attached to a bug
 	# or attached to a project as a project doc.
 	$query = '';
-	switch ( $f_type ) {
-		case 'bug':
-			$t_bug_file_table = db_get_table( 'mantis_bug_file_table' );
-			$query = "SELECT *
-				FROM $t_bug_file_table
-				WHERE id=" . db_param();
-			break;
-		case 'doc':
-			$t_project_file_table = db_get_table( 'mantis_project_file_table' );
-			$query = "SELECT *
-				FROM $t_project_file_table
-				WHERE id=" . db_param();
-			break;
-		default:
-			access_denied();
-	}
+	$t_file_table = db_get_table( 'mantis_'.$f_type.'_file_table' );
+	$query = "SELECT *
+		FROM $t_file_table
+		WHERE id=" . db_param();
 	$result = db_query_bound( $query, Array( $c_file_id ) );
 	$row = db_fetch_array( $result );
 	extract( $row, EXTR_PREFIX_ALL, 'v' );
 
-	if ( $f_type == 'bug' ) {
-		$t_project_id = bug_get_field( $v_bug_id, 'project_id' );
-	} else {
-		$t_project_id = $v_project_id;
-	}
-
 	# Check access rights
 	switch ( $f_type ) {
 		case 'bug':
 			if ( !file_can_download_bug_attachments( $v_bug_id ) ) {
 				access_denied();
 			}
+			$t_project_id = bug_get_field( $v_bug_id, 'project_id' );
 			break;
-		case 'doc':
+		case 'project':
 			# Check if project documentation feature is enabled.
 			if ( OFF == config_get( 'enable_project_documentation' ) ) {
 				access_denied();
 			}
-
 			access_ensure_project_level( config_get( 'view_proj_doc_threshold' ), $v_project_id );
+			$t_project_id = $v_project_id;
+			break;
+		case 'avatar':
+			$t_project_id = $v_avatar_id;
 			break;
 	}
 
-- 
1.6.2.msysgit.0.186.gf7512


+ +
+ + (' . lang_get( 'max_file_size' ) . ': ' . number_format( $t_max_file_size/1000 ) . 'k)'?> +	+ + + + + +