123 lines
2.9 KiB
PHP
123 lines
2.9 KiB
PHP
|
<?php
|
||
|
|
|
||
|
|
/*
|
||
|
|
|
||
|
|
Jappix - An open social platform
|
||
|
|
This is the Jappix microblog file attaching script
|
||
|
|
|
||
|
|
-------------------------------------------------
|
||
|
|
|
||
|
|
License: AGPL
|
||
|
|
Author: Vanaryon
|
||
|
|
Last revision: 14/01/12
|
||
|
|
|
||
|
|
*/
|
||
|
|
|
||
|
|
// PHP base
|
||
|
|
define('JAPPIX_BASE', '..');
|
||
|
|
|
||
|
|
// Get the needed files
|
||
|
|
require_once('./functions.php');
|
||
|
|
require_once('./read-main.php');
|
||
|
|
require_once('./read-hosts.php');
|
||
|
|
|
||
|
|
// Optimize the page rendering
|
||
|
|
hideErrors();
|
||
|
|
compressThis();
|
||
|
|
|
||
|
|
// Not allowed for a special node
|
||
|
|
if(isStatic() || isUpload())
|
||
|
|
exit;
|
||
|
|
|
||
|
|
// Set a special XML header
|
||
|
|
header('Content-Type: text/xml; charset=utf-8');
|
||
|
|
|
||
|
|
// Everything is okay
|
||
|
|
if((isset($_FILES['file']) && !empty($_FILES['file'])) && (isset($_POST['user']) && !empty($_POST['user'])) && (isset($_POST['location']) && !empty($_POST['location']))) {
|
||
|
|
// Get the user name
|
||
|
|
$user = $_POST['user'];
|
||
|
|
|
||
|
|
// Get the file name
|
||
|
|
$tmp_filename = $_FILES['file']['tmp_name'];
|
||
|
|
$filename = $_FILES['file']['name'];
|
||
|
|
|
||
|
|
// Get the location
|
||
|
|
if(HOST_UPLOAD)
|
||
|
|
$location = HOST_UPLOAD;
|
||
|
|
else
|
||
|
|
$location = $_POST['location'];
|
||
|
|
|
||
|
|
// Get the file new name
|
||
|
|
$ext = getFileExt($filename);
|
||
|
|
$new_name = preg_replace('/(^)(.+)(\.)(.+)($)/i', '$2', $filename);
|
||
|
|
|
||
|
|
// Define some vars
|
||
|
|
$content_dir = JAPPIX_BASE.'/store/share/'.$user;
|
||
|
|
$security_file = $content_dir.'/index.html';
|
||
|
|
$name = sha1(time().$filename);
|
||
|
|
$path = $content_dir.'/'.$name.'.'.$ext;
|
||
|
|
$thumb_xml = '';
|
||
|
|
|
||
|
|
// Forbidden file?
|
||
|
|
if(!isSafe($filename) || !isSafe($name.'.'.$ext)) {
|
||
|
|
exit(
|
||
|
|
'<jappix xmlns=\'jappix:file:post\'>
|
||
|
|
<error>forbidden-type</error>
|
||
|
|
</jappix>'
|
||
|
|
);
|
||
|
|
}
|
||
|
|
|
||
|
|
// Create the user directory
|
||
|
|
if(!is_dir($content_dir)) {
|
||
|
|
mkdir($content_dir, 0777, true);
|
||
|
|
chmod($content_dir, 0777);
|
||
|
|
}
|
||
|
|
|
||
|
|
// Create (or re-create) the security file
|
||
|
|
if(!file_exists($security_file))
|
||
|
|
file_put_contents($security_file, securityHTML());
|
||
|
|
|
||
|
|
// File upload error?
|
||
|
|
if(!is_uploaded_file($tmp_filename) || !move_uploaded_file($tmp_filename, $path)) {
|
||
|
|
exit(
|
||
|
|
'<jappix xmlns=\'jappix:file:post\'>
|
||
|
|
<error>move-error</error>
|
||
|
|
</jappix>'
|
||
|
|
);
|
||
|
|
}
|
||
|
|
|
||
|
|
// Resize and compress if this is a JPEG file
|
||
|
|
if(preg_match('/^(jpg|jpeg|png|gif)$/i', $ext)) {
|
||
|
|
// Resize the image
|
||
|
|
resizeImage($path, $ext, 1024, 1024);
|
||
|
|
|
||
|
|
// Copy the image
|
||
|
|
$thumb = $content_dir.'/'.$name.'_thumb.'.$ext;
|
||
|
|
copy($path, $thumb);
|
||
|
|
|
||
|
|
// Create the thumbnail
|
||
|
|
if(resizeImage($thumb, $ext, 140, 105))
|
||
|
|
$thumb_xml = '<thumb>'.htmlspecialchars($location.'store/share/'.$user.'/'.$name.'_thumb.'.$ext).'</thumb>';
|
||
|
|
}
|
||
|
|
|
||
|
|
// Return the path to the file
|
||
|
|
exit(
|
||
|
|
'<jappix xmlns=\'jappix:file:post\'>
|
||
|
|
<href>'.htmlspecialchars($location.'store/share/'.$user.'/'.$name.'.'.$ext).'</href>
|
||
|
|
<title>'.htmlspecialchars($new_name).'</title>
|
||
|
|
<type>'.htmlspecialchars(getFileMIME($path)).'</type>
|
||
|
|
<length>'.htmlspecialchars(filesize($path)).'</length>
|
||
|
|
'.$thumb_xml.'
|
||
|
|
</jappix>'
|
||
|
|
);
|
||
|
|
}
|
||
|
|
|
||
|
|
// Bad request error!
|
||
|
|
exit(
|
||
|
|
'<jappix xmlns=\'jappix:file:post\'>
|
||
|
|
<error>bad-request</error>
|
||
|
|
</jappix>'
|
||
|
|
);
|
||
|
|
|
||
|
|
?>
|