forked from verdnatura/hedera-web
150 lines
3.7 KiB
PHP
Executable File
150 lines
3.7 KiB
PHP
Executable File
<?php
|
|
|
|
require_once ('vn/web/json-request.php');
|
|
require_once (__DIR__.'/util.php');
|
|
|
|
use Vn\Lib;
|
|
|
|
/**
|
|
* Uploads a file creating its corresponding sizes.
|
|
**/
|
|
class Upload extends Vn\Web\JsonRequest
|
|
{
|
|
function run ()
|
|
{
|
|
$db = $this->login ();
|
|
$util = new Util ($this->app);
|
|
|
|
// Checks schema.
|
|
|
|
$regexp = '/[^a-z0-9_]/';
|
|
|
|
if (empty ($_REQUEST['schema']) || preg_match ($regexp, $_REQUEST['schema']) !== 0)
|
|
throw new Lib\UserException (s('BadSchemaName'), 'badSchemaName');
|
|
|
|
$schema = $_REQUEST['schema'];
|
|
$info = $util->loadInfo ($schema);
|
|
|
|
if (!$info)
|
|
throw new Lib\UserException (s('SchemaNotExists'), 'schemaNotExists');
|
|
|
|
// Checks file name and identifier.
|
|
|
|
$query = sprintf (
|
|
'SHOW INDEX FROM `%1$s`.`%2$s` WHERE Key_name = \'PRIMARY\''
|
|
,$info['schema']
|
|
,$info['table']
|
|
);
|
|
$pk = $db->getRow ($query);
|
|
|
|
if (!empty ($_REQUEST['id']) && empty ($_REQUEST['name']))
|
|
{
|
|
$query = sprintf (
|
|
'SELECT `%3$s` FROM `%1$s`.`%2$s` WHERE `%4$s` = #id'
|
|
,$info['schema']
|
|
,$info['table']
|
|
,$info['column']
|
|
,$pk['Column_name']
|
|
);
|
|
$_REQUEST['name'] = $db->getValue ($query,
|
|
['id' => $_REQUEST['id']]);
|
|
}
|
|
|
|
if (empty ($_REQUEST['name']) || preg_match ($regexp, $_REQUEST['name']) !== 0)
|
|
throw new Lib\UserException (s('BadFileName'), 'badFileName');
|
|
|
|
// Checks permissions.
|
|
|
|
if (!empty ($_REQUEST['id']))
|
|
{
|
|
$filterColumn = $pk['Column_name'];
|
|
$filterValue = $_REQUEST['id'];
|
|
}
|
|
else
|
|
{
|
|
$filterColumn = $info['column'];
|
|
$filterValue = $_REQUEST['name'];
|
|
}
|
|
|
|
$query = sprintf (
|
|
'UPDATE `%1$s`.`%2$s` SET `%3$s` = #name WHERE `%4$s` = #filter LIMIT 1'
|
|
,$info['schema']
|
|
,$info['table']
|
|
,$info['column']
|
|
,$filterColumn
|
|
);
|
|
$params = [
|
|
'name' => $_REQUEST['name'],
|
|
'filter' => $filterValue
|
|
];
|
|
|
|
if (!$db->query ($query, $params))
|
|
throw new Lib\UserException (s('PermissionDenied'), 'permissionDenied');
|
|
|
|
// Checks for file errors.
|
|
|
|
if (empty ($_FILES['image']['name']))
|
|
throw new Lib\UserException (s('FileNotChoosed'), 'fileNotChoosed');
|
|
|
|
if ($_FILES['image']['error'] != 0)
|
|
{
|
|
switch ($_FILES['image']['error'])
|
|
{
|
|
case UPLOAD_ERR_INI_SIZE:
|
|
$message = 'ErrIniSize';
|
|
break;
|
|
case UPLOAD_ERR_FORM_SIZE:
|
|
$message = 'ErrFormSize';
|
|
break;
|
|
case UPLOAD_ERR_PARTIAL:
|
|
$message = 'ErrPartial';
|
|
break;
|
|
case UPLOAD_ERR_NO_FILE:
|
|
$message = 'ErrNoFile';
|
|
break;
|
|
case UPLOAD_ERR_NO_TMP_DIR:
|
|
$message = 'ErrNoTmpDir';
|
|
break;
|
|
case UPLOAD_ERR_CANT_WRITE:
|
|
$message = 'ErrCantWrite';
|
|
break;
|
|
case UPLOAD_ERR_EXTENSION:
|
|
$message = 'ErrExtension';
|
|
break;
|
|
default:
|
|
$message = 'ErrDefault';
|
|
break;
|
|
}
|
|
|
|
throw new Lib\Exception (s($message), 'uploadError');
|
|
}
|
|
|
|
$maxSize = $db->getValue ('SELECT max_size FROM image_config');
|
|
|
|
if ($_FILES['image']['size'] > $maxSize * 1048576)
|
|
throw new Lib\UserException (sprintf (s('FileSizeError'), $maxSize), 'fileSizeError');
|
|
|
|
// Resizes and saves the image.
|
|
|
|
$fileName = "{$_REQUEST['name']}.png";
|
|
$schemaPath = "{$util->dataDir}/$schema";
|
|
$fullFile = "$schemaPath/full/$fileName";
|
|
$symbolicSrc = "../full/$fileName";
|
|
|
|
$image = Image::create ($_FILES['image']['tmp_name']);
|
|
Image::resizeSave ($image, $fullFile, $info['max_height'], $info['max_width']);
|
|
|
|
foreach ($info['sizes'] as $size => $i)
|
|
{
|
|
$dstFile = "$schemaPath/$size/$fileName";
|
|
Image::resizeSave ($image, $dstFile, $i['height'], $i['width'], $i['crop'], $symbolicSrc);
|
|
}
|
|
|
|
imagedestroy ($image);
|
|
unlink ($_FILES['image']['tmp_name']);
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
?>
|