From 1851c3a180eafb4563a9f6e4dd40fcc5e925896a Mon Sep 17 00:00:00 2001
From: Horus3
Date: Sun, 5 Oct 2014 22:00:36 +0200
Subject: Experimental support for image uploading.

---
 foto/nginx.conf    |  4 ++++
 foto/protected.php | 25 ++++++++++++++++++++++++
 foto/upload.php    | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 index.php          | 16 +++++++--------
 4 files changed, 93 insertions(+), 9 deletions(-)
 create mode 100644 foto/nginx.conf
 create mode 100644 foto/protected.php
 create mode 100644 foto/upload.php

diff --git a/foto/nginx.conf b/foto/nginx.conf
new file mode 100644
index 0000000..f6dbc71
--- /dev/null
+++ b/foto/nginx.conf
@@ -0,0 +1,4 @@
+
+	location /protected {
+		rewrite /protected/([a-zA-Z]+)/([a-zA-Z0-9]+)/?.*	/protected.php?type=$1&id=$2 last;
+	}
diff --git a/foto/protected.php b/foto/protected.php
new file mode 100644
index 0000000..c70772d
--- /dev/null
+++ b/foto/protected.php
@@ -0,0 +1,25 @@
+<?php
+
+lredirect("index");
+
+if ( ! isset($_GET["type"]) || ! isset($_GET["id"]) )
+	exit;
+
+switch($_GET["type"]){
+	case("image"):
+		$sql = $db->prepare("SELECT name, mime, size, hash FROM " . DBPREFIX . "image WHERE id = %s;", $_GET["id"]);
+		$result = $db->doQuery($sql);
+		$f = $result->fetch_array(MYSQLI_ASSOC);
+		if ( ! file_exists(IMAGE_PATH . $f["hash"] . ".gz") ){
+			header($_SERVER["HTTP_PROTOCOL"] . " 404 Not Found");
+		} else {
+			header("Content-Type: " . $f["mime"]);
+			header("Content-Disposition: inline; filename=".$f["name"]);
+			header("Content-Length: " . $f["size"]);
+
+			readgzfile(IMAGE_PATH . $f["hash"] . ".gz");
+		}
+		break;
+	default:
+		header($_SERVER["HTTP_PROTOCOL"] . " 404 Not Found");
+}
diff --git a/foto/upload.php b/foto/upload.php
new file mode 100644
index 0000000..e8d1549
--- /dev/null
+++ b/foto/upload.php
@@ -0,0 +1,57 @@
+<?php
+
+if ( ! isset($_FILES["images"]) || $_SERVER["REQUEST_METHOD"] != "POST" ){
+	exit;
+}
+lredirect("gallery");
+
+if ( ! isset($_POST["gallery"]) || ! preg_match("/[0-9]+/", $_POST["gallery"]) )
+	exit;
+	
+//$extension = array("jpeg", "jpg", "png", "gif");
+$extension = array("jpeg", "jpg", "png", "gif", "webm", "mp4", "avi", "mkv");
+$count = 0;
+$message = array();
+define("IMAGE_MAXSIZE", "2000");
+define("IMAGE_PATH", ABSPATH . "/../images/");
+
+foreach($_FILES["images"]["tmp_name"] as $f => $tmp_name ){
+	if ( $_FILES["images"]["error"][$f] == 4 )
+		// no file was uploaded
+		continue;
+	
+	if ( $_FILES["images"]["error"][$f] != 0 ){
+		continue;
+	}
+	if ( $_FILES["images"]["size"][$f] > IMAGE_MAXSIZE ){
+		$message[$count] = $_FILES["images"]["name"][$f] . " is too large!";
+		$count++;
+		continue;
+	} elseif ( ! in_array( pathinfo($_FILES["images"]["name"][$f], PATHINFO_EXTENSION), $extension ) ){
+		$message[$count] =  $_FILES["images"]["name"][$f] . " - Extension not allowed!";
+		$count++;
+		continue;
+	}
+	$hash = hash_file("md5", $tmp_name);
+
+	$sql = $db->prepare("INSERT INTO " . DBPREFIX . "image (id, gallery, name, desc, owner, mime, size, hash, time) VALUES (NULL, %s, %s, %s, %d, %s, %d, %s, %d);", $_POST["gallery"], $_FILES["images"]["name"][$f], "", $_SESSION["userid"], $_FILES["images"]["mime"][$f], $_FILES["images"]["size"][$f], $hash, time());
+
+	if ( ! file_exists(IMAGE_PATH . $hash . ".gz") ){
+		move_uploaded_file($tmp_name, IMAGE_PATH . $hash);
+
+		$gzfile = IMAGE_PATH . $hash . ".gz";
+		$fp = gzopen($gzfile, "w9");
+
+		if ( ! gzwrite($fp, file_get_contents(IMAGE_PATH . $hash)) )
+			exit;
+
+		if ( ! gzclose($fp) )
+			exit;
+
+		if ( ! unlink(IMAGE_PATH . $hash) )
+			exit;
+	}
+
+	if ( ! $db->doQuery($sql) )
+		exit;
+}
diff --git a/index.php b/index.php
index 52bf162..d149a26 100644
--- a/index.php
+++ b/index.php
@@ -35,6 +35,9 @@ else
 	$u = $_SESSION["username"];
 
 $user = new jg($u);
+if( ! isset($_GET["page"]) || $_GET["page"] == "" )
+	$_GET["page"] = "index";
+
 ?>
 <!doctype html>
 <html>
@@ -44,12 +47,11 @@ $user = new jg($u);
 	<?php 
 	//<link rel ="stylesheet" href="/static/style.css">
 
-	//echo "<style>" . file_get_contents('static/style.min.css');
 	echo "<style>" . file_get_contents('static/style.min.css');
 	?>
 	.dl-horizontal dt{white-space: normal;}.btn-info{background-color:#3083D6;border-color:#357ebd}.btn-primary{background-color:#3083D6;}.img-responsive{margin:0 auto;}@-moz-document url-prefix(){fieldset{display:table-cell;}}ul.nav li.dropdown:hover ul.dropdown-menu {display:block;}.video{max-width:720px;margin-right: auto;margin-left: auto;}.btn-info:hover,.btn-info:focus,.btn-info:active,.btn-info.active{background-color:#3071a9}</style>
 	<noscript><style>.navbar{margin-bottom:0;}</style></noscript>
-	<title>Junge Gemeinde Adlershof</title>
+	<title>Junge Gemeinde Adlershof | <?php ucfirst($_GET["page"]); ?></title>
 	<link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'>
 	<meta name="viewport" content="width=device-width, initial-scale=1.0">
 </head>
@@ -60,13 +62,10 @@ require_once 'static/header.php';
 	<div class="text-center">
 		<div class="row">
 <?php
-	if( ! isset($_GET["page"]))
-		$_GET["page"] = "";
-
-	if($_GET["page"] == "" || $_GET["page"] == "index")
-		print_index();
-	else{
 		switch($_GET["page"]){
+			case("index"):
+				print_index();
+				break;
 			case("login"):
 				print_login();
 				break;
@@ -107,7 +106,6 @@ require_once 'static/header.php';
 				print_404();
 				break;
 		}
-	}
 ?>
 </div>
 </div>
-- 
cgit v1.2.3