1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
<?php
if ( ! isset($_FILES["images"]) || $_SERVER["REQUEST_METHOD"] != "POST" ){
exit;
}
lredirect("gallery");
if ( ! isset($_POST["gallery"]) || ! preg_match("/[0-9]+/", $_POST["gallery"]) )
exit;
//$extension = array("jpeg", "jpg", "png", "gif");
$extension = array("jpeg", "jpg", "png", "gif", "webm", "mp4", "avi", "mkv");
$count = 0;
$message = array();
define("IMAGE_MAXSIZE", "2000");
define("IMAGE_PATH", ABSPATH . "/../images/");
foreach($_FILES["images"]["tmp_name"] as $f => $tmp_name ){
if ( $_FILES["images"]["error"][$f] == 4 )
// no file was uploaded
continue;
if ( $_FILES["images"]["error"][$f] != 0 ){
continue;
}
if ( $_FILES["images"]["size"][$f] > IMAGE_MAXSIZE ){
$message[$count] = $_FILES["images"]["name"][$f] . " is too large!";
$count++;
continue;
} elseif ( ! in_array( pathinfo($_FILES["images"]["name"][$f], PATHINFO_EXTENSION), $extension ) ){
$message[$count] = $_FILES["images"]["name"][$f] . " - Extension not allowed!";
$count++;
continue;
}
$hash = hash_file("md5", $tmp_name);
$sql = $db->prepare("INSERT INTO " . DBPREFIX . "image (id, gallery, name, desc, owner, mime, size, hash, time) VALUES (NULL, %s, %s, %s, %d, %s, %d, %s, %d);", $_POST["gallery"], $_FILES["images"]["name"][$f], "", $_SESSION["userid"], $_FILES["images"]["mime"][$f], $_FILES["images"]["size"][$f], $hash, time());
if ( ! file_exists(IMAGE_PATH . $hash . ".gz") ){
move_uploaded_file($tmp_name, IMAGE_PATH . $hash);
$gzfile = IMAGE_PATH . $hash . ".gz";
$fp = gzopen($gzfile, "w9");
if ( ! gzwrite($fp, file_get_contents(IMAGE_PATH . $hash)) )
exit;
if ( ! gzclose($fp) )
exit;
if ( ! unlink(IMAGE_PATH . $hash) )
exit;
}
if ( ! $db->doQuery($sql) )
exit;
}
|
