hedera-web/rest/image/upload.php

148 lines
3.6 KiB
PHP
Raw Normal View History

2016-07-22 20:00:27 +00:00
<?php
2016-08-25 10:47:09 +00:00
require_once (__DIR__.'/util.php');
2016-07-22 20:00:27 +00:00
use Vn\Lib;
2016-09-06 14:25:02 +00:00
use Vn\Lib\UserException;
2016-07-22 20:00:27 +00:00
/**
* Uploads a file creating its corresponding sizes.
2016-12-20 09:32:17 +00:00
*/
2016-08-25 10:47:09 +00:00
class Upload extends Vn\Web\JsonRequest
2016-07-22 20:00:27 +00:00
{
2016-09-06 14:25:02 +00:00
function run ($db)
2016-07-22 20:00:27 +00:00
{
2016-08-25 10:47:09 +00:00
$util = new Util ($this->app);
2016-07-22 20:00:27 +00:00
// Checks schema.
$regexp = '/[^a-z0-9_]/';
if (empty ($_REQUEST['schema']) || preg_match ($regexp, $_REQUEST['schema']) !== 0)
throw new UserException (s('Bad schema name'));
2016-07-22 20:00:27 +00:00
$schema = $_REQUEST['schema'];
2016-08-25 10:47:09 +00:00
$info = $util->loadInfo ($schema);
2016-07-22 20:00:27 +00:00
if (!$info)
throw new UserException (s('Schema not exists'));
2016-07-22 20:00:27 +00:00
// Checks file name and identifier.
$query = sprintf (
'SHOW INDEX FROM `%1$s`.`%2$s` WHERE Key_name = \'PRIMARY\''
,$info['schema']
,$info['table']
);
$pk = $db->getRow ($query);
if (!empty ($_REQUEST['id']) && empty ($_REQUEST['name']))
{
$query = sprintf (
'SELECT `%3$s` FROM `%1$s`.`%2$s` WHERE `%4$s` = #id'
,$info['schema']
,$info['table']
,$info['column']
,$pk['Column_name']
);
$_REQUEST['name'] = $db->getValue ($query,
['id' => $_REQUEST['id']]);
}
if (empty ($_REQUEST['name']) || preg_match ($regexp, $_REQUEST['name']) !== 0)
throw new UserException (s('Bad file name'));
2016-07-22 20:00:27 +00:00
// Checks permissions.
if (!empty ($_REQUEST['id']))
{
$filterColumn = $pk['Column_name'];
$filterValue = $_REQUEST['id'];
}
else
{
$filterColumn = $info['column'];
$filterValue = $_REQUEST['name'];
}
$query = sprintf (
'UPDATE `%1$s`.`%2$s` SET `%3$s` = #name WHERE `%4$s` = #filter LIMIT 1'
,$info['schema']
,$info['table']
,$info['column']
,$filterColumn
);
$params = [
'name' => $_REQUEST['name'],
'filter' => $filterValue
];
if (!$db->query ($query, $params))
throw new UserException (s('Permission denied'));
2016-07-22 20:00:27 +00:00
// Checks for file errors.
if (empty ($_FILES['image']['name']))
throw new UserException (s('File not choosed'));
2016-07-22 20:00:27 +00:00
if ($_FILES['image']['error'] != 0)
{
switch ($_FILES['image']['error'])
{
case UPLOAD_ERR_INI_SIZE:
$message = 'ErrIniSize';
break;
case UPLOAD_ERR_FORM_SIZE:
$message = 'ErrFormSize';
break;
case UPLOAD_ERR_PARTIAL:
$message = 'ErrPartial';
break;
case UPLOAD_ERR_NO_FILE:
$message = 'ErrNoFile';
break;
case UPLOAD_ERR_NO_TMP_DIR:
$message = 'ErrNoTmpDir';
break;
case UPLOAD_ERR_CANT_WRITE:
$message = 'ErrCantWrite';
break;
case UPLOAD_ERR_EXTENSION:
$message = 'ErrExtension';
break;
default:
$message = 'ErrDefault';
break;
}
throw new Lib\Exception (s($message));
2016-07-22 20:00:27 +00:00
}
$maxSize = $db->getValue ('SELECT max_size FROM image_config');
if ($_FILES['image']['size'] > $maxSize * 1048576)
throw new UserException (sprintf (s('File size error'), $maxSize));
2016-07-22 20:00:27 +00:00
// Resizes and saves the image.
$fileName = "{$_REQUEST['name']}.png";
2016-08-25 10:47:09 +00:00
$schemaPath = "{$util->dataDir}/$schema";
2016-07-22 20:00:27 +00:00
$fullFile = "$schemaPath/full/$fileName";
$symbolicSrc = "../full/$fileName";
$image = Image::create ($_FILES['image']['tmp_name']);
Image::resizeSave ($image, $fullFile, $info['max_height'], $info['max_width']);
foreach ($info['sizes'] as $size => $i)
{
$dstFile = "$schemaPath/$size/$fileName";
Image::resizeSave ($image, $dstFile, $i['height'], $i['width'], $i['crop'], $symbolicSrc);
}
imagedestroy ($image);
unlink ($_FILES['image']['tmp_name']);
return TRUE;
}
}