1 files changed, 57 insertions, 0 deletions

diff --git a/foto/upload.php b/foto/upload.php
new file mode 100644
index 0000000..e8d1549
--- /dev/null
+++ b/foto/upload.php
@@ -0,0 +1,57 @@
+<?php
+
+if ( ! isset($_FILES["images"]) || $_SERVER["REQUEST_METHOD"] != "POST" ){
+	exit;
+}
+lredirect("gallery");
+
+if ( ! isset($_POST["gallery"]) || ! preg_match("/[0-9]+/", $_POST["gallery"]) )
+	exit;
+	
+//$extension = array("jpeg", "jpg", "png", "gif");
+$extension = array("jpeg", "jpg", "png", "gif", "webm", "mp4", "avi", "mkv");
+$count = 0;
+$message = array();
+define("IMAGE_MAXSIZE", "2000");
+define("IMAGE_PATH", ABSPATH . "/../images/");
+
+foreach($_FILES["images"]["tmp_name"] as $f => $tmp_name ){
+	if ( $_FILES["images"]["error"][$f] == 4 )
+		// no file was uploaded
+		continue;
+	
+	if ( $_FILES["images"]["error"][$f] != 0 ){
+		continue;
+	}
+	if ( $_FILES["images"]["size"][$f] > IMAGE_MAXSIZE ){
+		$message[$count] = $_FILES["images"]["name"][$f] . " is too large!";
+		$count++;
+		continue;
+	} elseif ( ! in_array( pathinfo($_FILES["images"]["name"][$f], PATHINFO_EXTENSION), $extension ) ){
+		$message[$count] =  $_FILES["images"]["name"][$f] . " - Extension not allowed!";
+		$count++;
+		continue;
+	}
+	$hash = hash_file("md5", $tmp_name);
+
+	$sql = $db->prepare("INSERT INTO " . DBPREFIX . "image (id, gallery, name, desc, owner, mime, size, hash, time) VALUES (NULL, %s, %s, %s, %d, %s, %d, %s, %d);", $_POST["gallery"], $_FILES["images"]["name"][$f], "", $_SESSION["userid"], $_FILES["images"]["mime"][$f], $_FILES["images"]["size"][$f], $hash, time());
+
+	if ( ! file_exists(IMAGE_PATH . $hash . ".gz") ){
+		move_uploaded_file($tmp_name, IMAGE_PATH . $hash);
+
+		$gzfile = IMAGE_PATH . $hash . ".gz";
+		$fp = gzopen($gzfile, "w9");
+
+		if ( ! gzwrite($fp, file_get_contents(IMAGE_PATH . $hash)) )
+			exit;
+
+		if ( ! gzclose($fp) )
+			exit;
+
+		if ( ! unlink(IMAGE_PATH . $hash) )
+			exit;
+	}
+
+	if ( ! $db->doQuery($sql) )
+		exit;
+}