<?php
# Application
define('APP', dirname(__file__).DIRECTORY_SEPARATOR.'..'.DIRECTORY_SEPARATOR.'..'.DIRECTORY_SEPARATOR);
# Framework
require APP.'fw'.DIRECTORY_SEPARATOR.'init.php';
# Configuration
fw::config();
$extensions = array('image/jpeg'=>'jpg', 'image/png'=>'png', 'image/gif'=>'gif', 'image/wbmp'=>'wbmp');
$dimensions = explode('x', fw::config('dimensions'));
$max_width = (int) $dimensions[0];
$max_height = (int) $dimensions[1];
// Upload
function upload($id, $mime, $size, $title)
{
global $extensions;
$id = db::escape($id);
if(strlen($id) == 13 && db::num_rows(db::query('SELECT NULL FROM `'.DB_PREFIX.'upload` WHERE `id`="'.$id.'"')))
{
db::query('INSERT INTO `'.DB_PREFIX.'Image` (`upload_id`, `extension`, `size`, `title`) VALUES ("'.$id.'", "'.$extensions[$mime].'", '.$size.', "'.db::escape($title).'")');
return APP.'upload'.DIRECTORY_SEPARATOR.'original'.DIRECTORY_SEPARATOR.db::last_id().'.'.$extensions[$mime];
}
return false;
}
// File API
if(isset($_SERVER['HTTP_ID']))
{
// Validate
$data = @getimagesize('php://input');
if(!$data) die();
if(!isset($extensions[$data['mime']])) die();
$contents = file_get_contents('php://input');
$size = strlen($contents);
if($size > fw::config('file_limit')) die();
if($max_width || $max_height)
{
list($width, $height) = getimagesize('php://input');
if(($max_width && $width > $max_width) || ($max_height && $height > $max_height)) die();
}
// Upload
if($path = upload($_SERVER['HTTP_ID'], $data['mime'], $size, isset($_SERVER['HTTP_TITLE'])?$_SERVER['HTTP_TITLE']:''))
{
file_put_contents($path, $contents);
}
} else
// Web
if(isset($_POST['id']))
{
// Validate
$file = @fopen($_POST['url'], 'rb');
if(!$file) die('0');
$type = false;
$size = false;
$headers = stream_get_meta_data($file);
foreach($headers['wrapper_data'] as $header)
{
if(!$type && substr($header, 0, 12) == 'Content-Type') $type = substr($header, 14);
if(!$size && substr($header, 0, 14) == 'Content-Length') $size = (int) substr($header, 16);
if($type && $size) break;
}
if(!$type || !$size) die('0');
if(!isset($extensions[$type])) die('1');
if($size > fw::config('file_limit')) die('2');
if($max_width || $max_height)
{
list($width, $height) = getimagesize($_POST['url']);
if(($max_width && $width > $max_width) || ($max_height && $height > $max_height)) die('4');
}
// Upload
if($path = upload($_POST['id'], $type, $size, isset($_POST['title'])?$_POST['title']:''))
{
file_put_contents($path, stream_get_contents($file));
} else
{
echo ' '.$size;
}
} else
// Iframe
if(isset($_GET['id']))
{
// Validate
if(!isset($_FILES['image'])) die('2');
$file = $_FILES['image'];
if($file['error'] == 1 || $file['size'] > fw::config('file_limit')) die('2');
if($file['error'] || !isset($extensions[$file['type']])) die('1');
if($max_width || $max_height)
{
list($width, $height) = getimagesize($file['tmp_name']);
if(($max_width && $width > $max_width) || ($max_height && $height > $max_height)) die('4');
}
// Upload
if($path = upload($_GET['id'], $file['type'], $file['size'], $file['name']))
{
move_uploaded_file($file['tmp_name'], $path);
} else
{
echo ' '.$file['size'];
}
}