diff options
Diffstat (limited to 'foto')
| -rw-r--r-- | foto/nginx.conf | 4 | ||||
| -rw-r--r-- | foto/protected.php | 25 | ||||
| -rw-r--r-- | foto/upload.php | 57 |
3 files changed, 0 insertions, 86 deletions
diff --git a/foto/nginx.conf b/foto/nginx.conf deleted file mode 100644 index f6dbc71..0000000 --- a/foto/nginx.conf +++ /dev/null @@ -1,4 +0,0 @@ - - location /protected { - rewrite /protected/([a-zA-Z]+)/([a-zA-Z0-9]+)/?.* /protected.php?type=$1&id=$2 last; - } diff --git a/foto/protected.php b/foto/protected.php deleted file mode 100644 index c70772d..0000000 --- a/foto/protected.php +++ /dev/null @@ -1,25 +0,0 @@ -<?php - -lredirect("index"); - -if ( ! isset($_GET["type"]) || ! isset($_GET["id"]) ) - exit; - -switch($_GET["type"]){ - case("image"): - $sql = $db->prepare("SELECT name, mime, size, hash FROM " . DBPREFIX . "image WHERE id = %s;", $_GET["id"]); - $result = $db->doQuery($sql); - $f = $result->fetch_array(MYSQLI_ASSOC); - if ( ! file_exists(IMAGE_PATH . $f["hash"] . ".gz") ){ - header($_SERVER["HTTP_PROTOCOL"] . " 404 Not Found"); - } else { - header("Content-Type: " . $f["mime"]); - header("Content-Disposition: inline; filename=".$f["name"]); - header("Content-Length: " . $f["size"]); - - readgzfile(IMAGE_PATH . $f["hash"] . ".gz"); - } - break; - default: - header($_SERVER["HTTP_PROTOCOL"] . " 404 Not Found"); -} diff --git a/foto/upload.php b/foto/upload.php deleted file mode 100644 index e8d1549..0000000 --- a/foto/upload.php +++ /dev/null @@ -1,57 +0,0 @@ -<?php - -if ( ! isset($_FILES["images"]) || $_SERVER["REQUEST_METHOD"] != "POST" ){ - exit; -} -lredirect("gallery"); - -if ( ! isset($_POST["gallery"]) || ! preg_match("/[0-9]+/", $_POST["gallery"]) ) - exit; - -//$extension = array("jpeg", "jpg", "png", "gif"); -$extension = array("jpeg", "jpg", "png", "gif", "webm", "mp4", "avi", "mkv"); -$count = 0; -$message = array(); -define("IMAGE_MAXSIZE", "2000"); -define("IMAGE_PATH", ABSPATH . "/../images/"); - -foreach($_FILES["images"]["tmp_name"] as $f => $tmp_name ){ - if ( $_FILES["images"]["error"][$f] == 4 ) - // no file was uploaded - continue; - - if ( $_FILES["images"]["error"][$f] != 0 ){ - continue; - } - if ( $_FILES["images"]["size"][$f] > IMAGE_MAXSIZE ){ - $message[$count] = $_FILES["images"]["name"][$f] . " is too large!"; - $count++; - continue; - } elseif ( ! in_array( pathinfo($_FILES["images"]["name"][$f], PATHINFO_EXTENSION), $extension ) ){ - $message[$count] = $_FILES["images"]["name"][$f] . " - Extension not allowed!"; - $count++; - continue; - } - $hash = hash_file("md5", $tmp_name); - - $sql = $db->prepare("INSERT INTO " . DBPREFIX . "image (id, gallery, name, desc, owner, mime, size, hash, time) VALUES (NULL, %s, %s, %s, %d, %s, %d, %s, %d);", $_POST["gallery"], $_FILES["images"]["name"][$f], "", $_SESSION["userid"], $_FILES["images"]["mime"][$f], $_FILES["images"]["size"][$f], $hash, time()); - - if ( ! file_exists(IMAGE_PATH . $hash . ".gz") ){ - move_uploaded_file($tmp_name, IMAGE_PATH . $hash); - - $gzfile = IMAGE_PATH . $hash . ".gz"; - $fp = gzopen($gzfile, "w9"); - - if ( ! gzwrite($fp, file_get_contents(IMAGE_PATH . $hash)) ) - exit; - - if ( ! gzclose($fp) ) - exit; - - if ( ! unlink(IMAGE_PATH . $hash) ) - exit; - } - - if ( ! $db->doQuery($sql) ) - exit; -} |