diff options
Diffstat (limited to 'foto')
| -rw-r--r-- | foto/nginx.conf | 4 | ||||
| -rw-r--r-- | foto/protected.php | 25 | ||||
| -rw-r--r-- | foto/upload.php | 57 |
3 files changed, 86 insertions, 0 deletions
diff --git a/foto/nginx.conf b/foto/nginx.conf new file mode 100644 index 0000000..f6dbc71 --- /dev/null +++ b/foto/nginx.conf @@ -0,0 +1,4 @@ + + location /protected { + rewrite /protected/([a-zA-Z]+)/([a-zA-Z0-9]+)/?.* /protected.php?type=$1&id=$2 last; + } diff --git a/foto/protected.php b/foto/protected.php new file mode 100644 index 0000000..c70772d --- /dev/null +++ b/foto/protected.php @@ -0,0 +1,25 @@ +<?php + +lredirect("index"); + +if ( ! isset($_GET["type"]) || ! isset($_GET["id"]) ) + exit; + +switch($_GET["type"]){ + case("image"): + $sql = $db->prepare("SELECT name, mime, size, hash FROM " . DBPREFIX . "image WHERE id = %s;", $_GET["id"]); + $result = $db->doQuery($sql); + $f = $result->fetch_array(MYSQLI_ASSOC); + if ( ! file_exists(IMAGE_PATH . $f["hash"] . ".gz") ){ + header($_SERVER["HTTP_PROTOCOL"] . " 404 Not Found"); + } else { + header("Content-Type: " . $f["mime"]); + header("Content-Disposition: inline; filename=".$f["name"]); + header("Content-Length: " . $f["size"]); + + readgzfile(IMAGE_PATH . $f["hash"] . ".gz"); + } + break; + default: + header($_SERVER["HTTP_PROTOCOL"] . " 404 Not Found"); +} diff --git a/foto/upload.php b/foto/upload.php new file mode 100644 index 0000000..e8d1549 --- /dev/null +++ b/foto/upload.php @@ -0,0 +1,57 @@ +<?php + +if ( ! isset($_FILES["images"]) || $_SERVER["REQUEST_METHOD"] != "POST" ){ + exit; +} +lredirect("gallery"); + +if ( ! isset($_POST["gallery"]) || ! preg_match("/[0-9]+/", $_POST["gallery"]) ) + exit; + +//$extension = array("jpeg", "jpg", "png", "gif"); +$extension = array("jpeg", "jpg", "png", "gif", "webm", "mp4", "avi", "mkv"); +$count = 0; +$message = array(); +define("IMAGE_MAXSIZE", "2000"); +define("IMAGE_PATH", ABSPATH . "/../images/"); + +foreach($_FILES["images"]["tmp_name"] as $f => $tmp_name ){ + if ( $_FILES["images"]["error"][$f] == 4 ) + // no file was uploaded + continue; + + if ( $_FILES["images"]["error"][$f] != 0 ){ + continue; + } + if ( $_FILES["images"]["size"][$f] > IMAGE_MAXSIZE ){ + $message[$count] = $_FILES["images"]["name"][$f] . " is too large!"; + $count++; + continue; + } elseif ( ! in_array( pathinfo($_FILES["images"]["name"][$f], PATHINFO_EXTENSION), $extension ) ){ + $message[$count] = $_FILES["images"]["name"][$f] . " - Extension not allowed!"; + $count++; + continue; + } + $hash = hash_file("md5", $tmp_name); + + $sql = $db->prepare("INSERT INTO " . DBPREFIX . "image (id, gallery, name, desc, owner, mime, size, hash, time) VALUES (NULL, %s, %s, %s, %d, %s, %d, %s, %d);", $_POST["gallery"], $_FILES["images"]["name"][$f], "", $_SESSION["userid"], $_FILES["images"]["mime"][$f], $_FILES["images"]["size"][$f], $hash, time()); + + if ( ! file_exists(IMAGE_PATH . $hash . ".gz") ){ + move_uploaded_file($tmp_name, IMAGE_PATH . $hash); + + $gzfile = IMAGE_PATH . $hash . ".gz"; + $fp = gzopen($gzfile, "w9"); + + if ( ! gzwrite($fp, file_get_contents(IMAGE_PATH . $hash)) ) + exit; + + if ( ! gzclose($fp) ) + exit; + + if ( ! unlink(IMAGE_PATH . $hash) ) + exit; + } + + if ( ! $db->doQuery($sql) ) + exit; +} |