-
Notifications
You must be signed in to change notification settings - Fork 0
/
upload.php
99 lines (72 loc) · 2.48 KB
/
upload.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<?php
include_once "util.php";
$_POST or error("No POST");
$sql = new sqldb()
or error("Unable to init mysql");
$username = $sql->escape_string($_POST["username"])
or "Anon";
$username = trim($username);
$question = $sql->escape_string($_POST["question"])
or error("Need a question");
$question = trim($question);
$fileBase64 = $_POST["file"]
or error("need an image");
// make a note of the directory that will recieve the uploaded file
$dir = 'images/';
// Now let's deal with the upload
// make a unique filename for the uploaded file and check it is not already
// taken... if it is already taken keep trying until we find a vacant one
// sample filename: 1140732936-filename.jpg
do
{
$filename = uniqid('pic_').'.jpeg';
} while(file_exists($dir.$filename));
// decode the image
$image = base64_decode($fileBase64);
// drop images over 1 MB
(strlen($image) < (1024*1024))
or error("Image is too big!");
// validate it really is an image
$finfo = finfo_open(FILEINFO_MIME_TYPE)
or error("cant open file info object");
$info = finfo_buffer($finfo, $image)
or error("cant read image info");
strpos(' '.$info, 'image') // space char so offset>0 on match
or error("File is not an image, it's a $info!");
finfo_close($finfo);
// save image to file
saveImage($image, $dir.$filename);
$userid = getUserId($sql, $username)
or error("cant find userid");
$sql->query("INSERT INTO tPictures (cUser_id, cRel_path, cQuestion) VALUES ('$userid', '$filename', '$question')")
or error("cant insert into pictures");
$id = $sql->insert_id()
or error("error inserting into db");
$message = '{ '.
"\"result\":$id".
'}';
echo $message;
// remove old images
$maxImage = 100;
$result = $sql->query("SELECT cRel_path FROM tPictures ORDER BY cUpload_date DESC LIMIT $maxImage,-1");
while( ($row = $result->fetchArray()) )
{
$filename = $row['cRel_path'];
$sql->exec("DELETE FROM tPictures WHERE cRel_path='$filename'");
unlink($dir.$filename);
}
// remove unused users and answers
$select_ids = "SELECT cId FROM tPictures";
$sql->exec("DELETE FROM tUsers WHERE cId NOT IN (SELECT cUser_id FROM tPictures UNION SELECT cUser_id FROM tAnswers)");
$sql->exec("DELETE FROM tAnswers WHERE cId NOT IN (SELECT cPicture_id FROM tAnswers)");
function saveImage($image, $name)
{
isset($image, $name)
or error("No image or filename");
$fp = fopen($name, 'w')
or error("Cant open file for writing");
fwrite($fp, $image)
or error ("Cant write image to file");
fclose($fp);
}
?>