防止用户上传更多照片的功能

时间:2015-03-05 作者:dkl

Mjello,

我正在努力解决这个功能,它阻止用户上传超过其会员资格的照片。

所以他们有10张照片要上传。当他们达到0时,他们将无法再上传照片。现在,当他们达到0时上载的图像不会插入到他们的个人资料中,但仍会上载到服务器。我的错误消息也不会触发。

我有点搞不清楚我在这里遗漏了什么。

这是函数的外观:

/**
     * Uploads image
     */
    public static function uploadImage($file) {
        require_once(ABSPATH.\'wp-admin/includes/image.php\');
        $attachment=array(\'ID\' => 0);


        if(!empty($file[\'name\'])) {
            $uploads=wp_upload_dir();
            $filetype=wp_check_filetype($file[\'name\'], null);
            $filename=wp_unique_filename($uploads[\'path\'], \'o.\'.$filetype[\'ext\']);
            $filepath=$uploads[\'path\'].\'/\'.$filename;           

            //validate file
            if (!in_array($filetype[\'ext\'], array(\'jpg\', \'JPG\', \'jpeg\', \'JPEG\', \'png\', \'PNG\'))) {
                SWPInterface::$messages[]=__(\'Only JPG and PNG images are allowed.\', );
            } else if(move_uploaded_file($file[\'tmp_name\'], $filepath)) {

                    //upload image
                    $attachment=array(
                        \'guid\' => $uploads[\'url\'].\'/\'.$filename,
                        \'post_mime_type\' => $filetype[\'type\'],
                        \'post_title\' => sanitize_title(current(explode(\'.\', $filename))),
                        \'post_content\' => \'\',
                        \'post_status\' => \'inherit\',
                        \'post_author\' => get_current_user_id(),
                    );

                    //add image
                    $attachment[\'ID\']=wp_insert_attachment($attachment, $attachment[\'guid\'], 0);
                    update_post_meta($attachment[\'ID\'], \'_wp_attached_file\', substr($uploads[\'subdir\'], 1).\'/\'.$filename);

                    //add thumbnails
                    $metadata=wp_generate_attachment_metadata($attachment[\'ID\'], $filepath);
                    wp_update_attachment_metadata($attachment[\'ID\'], $metadata);

            } else {
                SWPInterface::$messages[]=__(\'This image is too large for uploading.\');
            }
        }

        return $attachment;
    }
}
下面是实际的形式:

<div class="widget clearfix">
    <h4 class="widget-title clearfix">
        <span class="left"><?php _e(\'Photos\'); ?> </span>
        <span class="widget-options">
            <?php if(SWPUser::isProfile()) { ?>
            <form action="" enctype="multipart/form-data" method="POST" class="upload-form popup-container">
                <label for="user_photo" title="<?php _e(\'Upload a new image\'); ?>"></label>
                <input type="file" id="user_photo" name="user_photo" class="shifted" />
                <input type="hidden" name="user_action" value="add_photo" />
                <input type="hidden" name="nonce" value="<?php echo wp_create_nonce(SWP_PREFIX.\'nonce\'); ?>" />
                <?php if(SWPUser::$data[\'user\'][\'membership\'][\'photos\']<=0) { ?> 
                <div class="popup hidden">
                    <ul class="error">
                        <li><?php _e(\'You are not allowed to upload more images.\'); ?></li>
                    </ul>
                </div>
                <?php } ?>              
            </form>
            <?php } ?>
        </span> 
    </h4>
    <?php if(empty(SWPUser::$data[\'active_user\'][\'photos\'])) { ?>
    <span class="secondary"><?php _e(\'You have not uploaded any photos yet.\'); ?></span>
    <?php } else { ?>
    <div class="SWP-slider carousel-slider">                        
        <ul>
            <?php
            $counter=0;
            foreach(SWPUser::sortPhotos(SWPUser::$data[\'active_user\'][\'photos\']) as $photo) {
            $thumbnail=wp_get_attachment_image_src($photo[\'ID\'], \'full\');
            $fullsize=wp_get_attachment_image_src($photo[\'ID\'], \'extended\');
            $counter++;
            if($counter==1) {
            ?>
            <li class="clearfix">
            <?php } ?>
                <div class="fourcol static-column <?php if($counter==3) { ?>last<?php } ?>">
                    <div class="profile-preview widget-profile">
                        <div class="profile-image popup-container">
                            <a href="<?php echo $fullsize[0]; ?>" class="colorbox" data-group="photos"><img src="<?php echo SWP_resize($thumbnail[0], 150, 150); ?>" class="fullwidth" alt="" /></a>
                            <?php if(!is_user_logged_in()) { ?>
                            <div class="popup hidden">
                                <ul class="error">
                                    <li><?php _e(\'Please login ); ?></li>
                                </ul>
                            </div>
                            <?php } ?>
                        </div>
                        <?php if(SWPUser::isProfile()) { ?>
                        <div class="profile-options clearfix">
                            <div class="profile-option">
                                <form class="ajax-form" action="<?php echo AJAX_URL; ?>" method="POST">
                                    <?php if(SWPUser::isFeaturedPhoto($photo[\'ID\'])) { ?>
                                    <a href="#" title="<?php _e(\'Unfeature Photo\'); ?>" data-title="<?php _e(\'Feature Photo\'); ?>" class="icon-star submit-button current"></a>
                                    <input type="hidden" class="toggle" name="user_action" value="unfeature_photo" data-value="feature_photo" />
                                    <?php } else { ?>
                                    <a href="#" title="<?php _e(\'Feature Photo\'); ?>" data-title="<?php _e(\'Unfeature Photo\'); ?>" class="icon-star submit-button"></a>
                                    <input type="hidden" class="toggle" name="user_action" value="feature_photo" data-value="unfeature_photo" />
                                    <?php } ?>
                                    <input type="hidden" name="user_photo" value="<?php echo $photo[\'ID\']; ?>" />
                                    <input type="hidden" class="nonce" value="<?php echo wp_create_nonce(SWP_PREFIX.\'nonce\'); ?>" />
                                    <input type="hidden" class="action" value="<?php echo SWP_PREFIX; ?>update_user" />         
                                </form>
                            </div>
                            <div class="profile-option">
                                <form action="" method="POST">
                                    <a href="#" title="<?php _e(\'Remove Photo\'); ?>" class="submit-button icon-remove"></a>                                 
                                    <input type="hidden" name="user_photo" value="<?php echo $photo[\'ID\']; ?>" />
                                    <input type="hidden" name="user_action" value="remove_photo" />
                                    <input type="hidden" name="nonce" value="<?php echo wp_create_nonce(SWP_PREFIX.\'nonce\'); ?>" />
                                </form>
                            </div>
                        </div>
                        <?php } ?>  
                    </div>                                      
                </div>
            <?php 
            if($counter==3) {
            $counter=0;
            ?>
            </li>
            <?php 
                }
            }
            if($counter!==0) {
            ?>
            </li>
            <?php } ?>
        </ul>
    </div>
    <?php } ?>
</div>
更新:我可以通过在验证之前添加以下内容来阻止上载:

if(TiliaUser::$data[\'user\'][\'membership\'][\'photos\']<=0) {
             return $file;
}
但是,我无法显示错误消息。有什么想法吗?

1 个回复
SO网友:Mark Kaplun

一般来说,您的问题是在前端检查条件,而不是在后端。在将文件移动到uploads目录并将其作为附件添加之前,必须检查是否允许用户上载文件。

如果您设置的限制很好,那么可能足以限制UI中的上载,但如果它有业务或法律相关的影响,那么唯一的方法就是服务器端检查。

结束
标签: functions   uploads   user-meta   小码农  

相关推荐

每页完全不同的Functions.php?

是否可以通过条件加载完全不同的函数?i、 函数中的e。php您有一个条件加载在旧函数的include中,然后有另一个条件加载在新函数中?这样做的原因是一个网站正在呈现新的面貌,但只是一页一页,旧的样式和功能很混乱,需要更换,但我不能只是删除它们,因为网站的其余部分将失败。