diff options
| author | Horus3 | 2014-10-05 22:00:36 +0200 |
|---|---|---|
| committer | Horus3 | 2014-10-05 22:00:36 +0200 |
| commit | 1851c3a180eafb4563a9f6e4dd40fcc5e925896a (patch) | |
| tree | 7e3f2c85b7297bdeaf34fac2faf8424908c8bde5 | |
| parent | 80fb01db10054baf2c4c6e70a677e429fe5c34ee (diff) | |
| download | jungegemeinde-1851c3a180eafb4563a9f6e4dd40fcc5e925896a.tar.gz | |
Experimental support for image uploading.
| -rw-r--r-- | foto/nginx.conf | 4 | ||||
| -rw-r--r-- | foto/protected.php | 25 | ||||
| -rw-r--r-- | foto/upload.php | 57 | ||||
| -rw-r--r-- | index.php | 16 |
4 files changed, 93 insertions, 9 deletions
diff --git a/foto/nginx.conf b/foto/nginx.conf new file mode 100644 index 0000000..f6dbc71 --- /dev/null +++ b/foto/nginx.conf @@ -0,0 +1,4 @@ + + location /protected { + rewrite /protected/([a-zA-Z]+)/([a-zA-Z0-9]+)/?.* /protected.php?type=$1&id=$2 last; + } diff --git a/foto/protected.php b/foto/protected.php new file mode 100644 index 0000000..c70772d --- /dev/null +++ b/foto/protected.php @@ -0,0 +1,25 @@ +<?php + +lredirect("index"); + +if ( ! isset($_GET["type"]) || ! isset($_GET["id"]) ) + exit; + +switch($_GET["type"]){ + case("image"): + $sql = $db->prepare("SELECT name, mime, size, hash FROM " . DBPREFIX . "image WHERE id = %s;", $_GET["id"]); + $result = $db->doQuery($sql); + $f = $result->fetch_array(MYSQLI_ASSOC); + if ( ! file_exists(IMAGE_PATH . $f["hash"] . ".gz") ){ + header($_SERVER["HTTP_PROTOCOL"] . " 404 Not Found"); + } else { + header("Content-Type: " . $f["mime"]); + header("Content-Disposition: inline; filename=".$f["name"]); + header("Content-Length: " . $f["size"]); + + readgzfile(IMAGE_PATH . $f["hash"] . ".gz"); + } + break; + default: + header($_SERVER["HTTP_PROTOCOL"] . " 404 Not Found"); +} diff --git a/foto/upload.php b/foto/upload.php new file mode 100644 index 0000000..e8d1549 --- /dev/null +++ b/foto/upload.php @@ -0,0 +1,57 @@ +<?php + +if ( ! isset($_FILES["images"]) || $_SERVER["REQUEST_METHOD"] != "POST" ){ + exit; +} +lredirect("gallery"); + +if ( ! isset($_POST["gallery"]) || ! preg_match("/[0-9]+/", $_POST["gallery"]) ) + exit; + +//$extension = array("jpeg", "jpg", "png", "gif"); +$extension = array("jpeg", "jpg", "png", "gif", "webm", "mp4", "avi", "mkv"); +$count = 0; +$message = array(); +define("IMAGE_MAXSIZE", "2000"); +define("IMAGE_PATH", ABSPATH . "/../images/"); + +foreach($_FILES["images"]["tmp_name"] as $f => $tmp_name ){ + if ( $_FILES["images"]["error"][$f] == 4 ) + // no file was uploaded + continue; + + if ( $_FILES["images"]["error"][$f] != 0 ){ + continue; + } + if ( $_FILES["images"]["size"][$f] > IMAGE_MAXSIZE ){ + $message[$count] = $_FILES["images"]["name"][$f] . " is too large!"; + $count++; + continue; + } elseif ( ! in_array( pathinfo($_FILES["images"]["name"][$f], PATHINFO_EXTENSION), $extension ) ){ + $message[$count] = $_FILES["images"]["name"][$f] . " - Extension not allowed!"; + $count++; + continue; + } + $hash = hash_file("md5", $tmp_name); + + $sql = $db->prepare("INSERT INTO " . DBPREFIX . "image (id, gallery, name, desc, owner, mime, size, hash, time) VALUES (NULL, %s, %s, %s, %d, %s, %d, %s, %d);", $_POST["gallery"], $_FILES["images"]["name"][$f], "", $_SESSION["userid"], $_FILES["images"]["mime"][$f], $_FILES["images"]["size"][$f], $hash, time()); + + if ( ! file_exists(IMAGE_PATH . $hash . ".gz") ){ + move_uploaded_file($tmp_name, IMAGE_PATH . $hash); + + $gzfile = IMAGE_PATH . $hash . ".gz"; + $fp = gzopen($gzfile, "w9"); + + if ( ! gzwrite($fp, file_get_contents(IMAGE_PATH . $hash)) ) + exit; + + if ( ! gzclose($fp) ) + exit; + + if ( ! unlink(IMAGE_PATH . $hash) ) + exit; + } + + if ( ! $db->doQuery($sql) ) + exit; +} @@ -35,6 +35,9 @@ else $u = $_SESSION["username"]; $user = new jg($u); +if( ! isset($_GET["page"]) || $_GET["page"] == "" ) + $_GET["page"] = "index"; + ?> <!doctype html> <html> @@ -44,12 +47,11 @@ $user = new jg($u); <?php //<link rel ="stylesheet" href="/static/style.css"> - //echo "<style>" . file_get_contents('static/style.min.css'); echo "<style>" . file_get_contents('static/style.min.css'); ?> .dl-horizontal dt{white-space: normal;}.btn-info{background-color:#3083D6;border-color:#357ebd}.btn-primary{background-color:#3083D6;}.img-responsive{margin:0 auto;}@-moz-document url-prefix(){fieldset{display:table-cell;}}ul.nav li.dropdown:hover ul.dropdown-menu {display:block;}.video{max-width:720px;margin-right: auto;margin-left: auto;}.btn-info:hover,.btn-info:focus,.btn-info:active,.btn-info.active{background-color:#3071a9}</style> <noscript><style>.navbar{margin-bottom:0;}</style></noscript> - <title>Junge Gemeinde Adlershof</title> + <title>Junge Gemeinde Adlershof | <?php ucfirst($_GET["page"]); ?></title> <link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'> <meta name="viewport" content="width=device-width, initial-scale=1.0"> </head> @@ -60,13 +62,10 @@ require_once 'static/header.php'; <div class="text-center"> <div class="row"> <?php - if( ! isset($_GET["page"])) - $_GET["page"] = ""; - - if($_GET["page"] == "" || $_GET["page"] == "index") - print_index(); - else{ switch($_GET["page"]){ + case("index"): + print_index(); + break; case("login"): print_login(); break; @@ -107,7 +106,6 @@ require_once 'static/header.php'; print_404(); break; } - } ?> </div> </div> |