Listening to mseancole's advice in my previous postmseancole's advice in my previous post, I have rewritten the code.
replaced http://codereview.stackexchange.com/ with https://codereview.stackexchange.com/
Listening to mseancole's advice in my previous post, I have rewritten the code.
Listening to mseancole's advice in my previous post, I have rewritten the code.
added link and tried to fix format indentation
Listening to mseancole's advice in my previous postmseancole's advice in my previous post, I have rewritten the code.
function fihHomeIndex() {
global $conf, $DBH;
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
$prelim_check_errors = array();
if (@$_POST['ss'] != $_SESSION['shared_secret']) {
array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
}
if (empty($_POST['adult'])) {
array_push($prelim_check_errors, 'Please choose whether this image contains ADULT content or is family safe!');
} elseif ($_POST['adult'] != 'yes' && $_POST['adult'] != 'no') {
array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
}
if (isSpamIP($_SERVER['REMOTE_ADDR']) !== FALSE) {
array_push($prelim_check_errors, 'Sorry, your IP is listed in one of the spammer lists we use, which aren\'t controlled by us. More information is available at <a href="http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '">http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '</a>.');
}
if (count($prelim_check_errors) >= 1) {
fihRenderErrors($prelim_check_errors);
} else {
$upload_errors = array();
$names = $_FILES['fihImageUpload']['name'];
foreach ($names as $index => $name) {
if ($_FILES['fihImageUpload']['error'][$index] == UPLOAD_ERR_NO_FILE) {
unset($names[$index]);
continue;
}
if (filesize($_FILES['fihImageUpload']['tmp_name'][$index]) > $conf['upload']['max_file_size']) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' exceeds filesize limit.');
unset($names[$index]);
continue;
}
if (FALSE !== ($fileInfo = getimagesize($_FILES['fihImageUpload']['tmp_name'][$index]))) {
if (strrchr($name, '.') == FALSE) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is missing a file extension.');
unset($names[$index]);
continue;
} elseif (! in_array(substr(strrchr($name, '.'), 1), $conf['upload']['file_types']) ||
! in_array($fileInfo['mime'], $conf['upload']['mime_types'])) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
unset($names[$index]);
continue;
}
} else {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
unset($names[$index]);
continue;
}
}
if (empty($names) || count($upload_errors) >= 1) {
$error_m = empty($upload_errors) ? 'Please choose aleast file to upload!' : $upload_errors;
fihRenderErrors($error_m);
} else {
foreach ($names as $index => $name) {
$org_name = sanitize(explode('.', $name)[0]) . '.' . explode('.', $name)[1];
$new_name = sanitize(explode('.', $name)[0], true) . '_' . time() . '.' . explode('.', $name)[1];
if (move_uploaded_file($_FILES['fihImageUpload']['tmp_name'][$index], $conf['storage']['folder'] . 'full/' . $new_name)) {
$image_info = getimagesize($conf['storage']['folder'] . 'full/' . $new_name);
if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images` (`image_id`, `image_orig_filename`, `image_filename`, `image_adult`) VALUES " .
"(NULL, '{$org_name}', '{$new_name}', '{$_POST['adult']}');")) {
die('Database error');
}
$image_last_id = $DBH->insert_id;
$image_dimensions = $image_info[0] . 'x' . $image_info[1];
$image_filesize = filesize($conf['storage']['folder'] . 'full/' . $new_name);
createThumbnail($new_name, $conf['storage']['folder'] . 'thumb/', $conf['thumbnail']['width'], $conf['thumbnail']['height'], $image_last_id);
if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images_meta` (`meta_id`, `image_id`, `image_ext`, `image_size`) VALUES " .
"(NULL, '{$image_last_id}', '{$image_dimensions}', '{$image_filesize}');")) {
die('Database error');
}
$template_info[$index] = array('id' => $image_last_id);
header('Location: ' . $conf['base_url'] . 'upload-success/' . base64_encode(serialize($template_info)));
} else {
die('Possible hacking attempt. Upload aborted.');
}
}
}
}
}
} else {
# Display the header
fihDisplayHead();
# Display the first column, which contains a login form and social networking tools
fihDisplayFirstColumn();
# Display the upload section
fihDisplayUpload();
# Footer
fihDisplayFoot();
}
}
Listening to mseancole's advice in my previous post, I have rewritten the code.
function fihHomeIndex() {
global $conf, $DBH;
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
$prelim_check_errors = array();
if (@$_POST['ss'] != $_SESSION['shared_secret']) {
array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
}
if (empty($_POST['adult'])) {
array_push($prelim_check_errors, 'Please choose whether this image contains ADULT content or is family safe!');
} elseif ($_POST['adult'] != 'yes' && $_POST['adult'] != 'no') {
array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
}
if (isSpamIP($_SERVER['REMOTE_ADDR']) !== FALSE) {
array_push($prelim_check_errors, 'Sorry, your IP is listed in one of the spammer lists we use, which aren\'t controlled by us. More information is available at <a href="http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '">http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '</a>.');
}
if (count($prelim_check_errors) >= 1) {
fihRenderErrors($prelim_check_errors);
} else {
$upload_errors = array();
$names = $_FILES['fihImageUpload']['name'];
foreach ($names as $index => $name) {
if ($_FILES['fihImageUpload']['error'][$index] == UPLOAD_ERR_NO_FILE) {
unset($names[$index]);
continue;
}
if (filesize($_FILES['fihImageUpload']['tmp_name'][$index]) > $conf['upload']['max_file_size']) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' exceeds filesize limit.');
unset($names[$index]);
continue;
}
if (FALSE !== ($fileInfo = getimagesize($_FILES['fihImageUpload']['tmp_name'][$index]))) {
if (strrchr($name, '.') == FALSE) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is missing a file extension.');
unset($names[$index]);
continue;
} elseif (! in_array(substr(strrchr($name, '.'), 1), $conf['upload']['file_types']) ||
! in_array($fileInfo['mime'], $conf['upload']['mime_types'])) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
unset($names[$index]);
continue;
}
} else {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
unset($names[$index]);
continue;
}
}
if (empty($names) || count($upload_errors) >= 1) {
$error_m = empty($upload_errors) ? 'Please choose aleast file to upload!' : $upload_errors;
fihRenderErrors($error_m);
} else {
foreach ($names as $index => $name) {
$org_name = sanitize(explode('.', $name)[0]) . '.' . explode('.', $name)[1];
$new_name = sanitize(explode('.', $name)[0], true) . '_' . time() . '.' . explode('.', $name)[1];
if (move_uploaded_file($_FILES['fihImageUpload']['tmp_name'][$index], $conf['storage']['folder'] . 'full/' . $new_name)) {
$image_info = getimagesize($conf['storage']['folder'] . 'full/' . $new_name);
if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images` (`image_id`, `image_orig_filename`, `image_filename`, `image_adult`) VALUES " .
"(NULL, '{$org_name}', '{$new_name}', '{$_POST['adult']}');")) {
die('Database error');
}
$image_last_id = $DBH->insert_id;
$image_dimensions = $image_info[0] . 'x' . $image_info[1];
$image_filesize = filesize($conf['storage']['folder'] . 'full/' . $new_name);
createThumbnail($new_name, $conf['storage']['folder'] . 'thumb/', $conf['thumbnail']['width'], $conf['thumbnail']['height'], $image_last_id);
if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images_meta` (`meta_id`, `image_id`, `image_ext`, `image_size`) VALUES " .
"(NULL, '{$image_last_id}', '{$image_dimensions}', '{$image_filesize}');")) {
die('Database error');
}
$template_info[$index] = array('id' => $image_last_id);
header('Location: ' . $conf['base_url'] . 'upload-success/' . base64_encode(serialize($template_info)));
} else {
die('Possible hacking attempt. Upload aborted.');
}
}
}
}
} else {
# Display the header
fihDisplayHead();
# Display the first column, which contains a login form and social networking tools
fihDisplayFirstColumn();
# Display the upload section
fihDisplayUpload();
# Footer
fihDisplayFoot();
}
}
Listening to mseancole's advice in my previous post, I have rewritten the code.
function fihHomeIndex() {
global $conf, $DBH;
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
$prelim_check_errors = array();
if (@$_POST['ss'] != $_SESSION['shared_secret']) {
array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
}
if (empty($_POST['adult'])) {
array_push($prelim_check_errors, 'Please choose whether this image contains ADULT content or is family safe!');
} elseif ($_POST['adult'] != 'yes' && $_POST['adult'] != 'no') {
array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
}
if (isSpamIP($_SERVER['REMOTE_ADDR']) !== FALSE) {
array_push($prelim_check_errors, 'Sorry, your IP is listed in one of the spammer lists we use, which aren\'t controlled by us. More information is available at <a href="http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '">http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '</a>.');
}
if (count($prelim_check_errors) >= 1) {
fihRenderErrors($prelim_check_errors);
} else {
$upload_errors = array();
$names = $_FILES['fihImageUpload']['name'];
foreach ($names as $index => $name) {
if ($_FILES['fihImageUpload']['error'][$index] == UPLOAD_ERR_NO_FILE) {
unset($names[$index]);
continue;
}
if (filesize($_FILES['fihImageUpload']['tmp_name'][$index]) > $conf['upload']['max_file_size']) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' exceeds filesize limit.');
unset($names[$index]);
continue;
}
if (FALSE !== ($fileInfo = getimagesize($_FILES['fihImageUpload']['tmp_name'][$index]))) {
if (strrchr($name, '.') == FALSE) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is missing a file extension.');
unset($names[$index]);
continue;
} elseif (! in_array(substr(strrchr($name, '.'), 1), $conf['upload']['file_types']) ||
! in_array($fileInfo['mime'], $conf['upload']['mime_types'])) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
unset($names[$index]);
continue;
}
} else {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
unset($names[$index]);
continue;
}
}
if (empty($names) || count($upload_errors) >= 1) {
$error_m = empty($upload_errors) ? 'Please choose aleast file to upload!' : $upload_errors;
fihRenderErrors($error_m);
} else {
foreach ($names as $index => $name) {
$org_name = sanitize(explode('.', $name)[0]) . '.' . explode('.', $name)[1];
$new_name = sanitize(explode('.', $name)[0], true) . '_' . time() . '.' . explode('.', $name)[1];
if (move_uploaded_file($_FILES['fihImageUpload']['tmp_name'][$index], $conf['storage']['folder'] . 'full/' . $new_name)) {
$image_info = getimagesize($conf['storage']['folder'] . 'full/' . $new_name);
if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images` (`image_id`, `image_orig_filename`, `image_filename`, `image_adult`) VALUES " .
"(NULL, '{$org_name}', '{$new_name}', '{$_POST['adult']}');")) {
die('Database error');
}
$image_last_id = $DBH->insert_id;
$image_dimensions = $image_info[0] . 'x' . $image_info[1];
$image_filesize = filesize($conf['storage']['folder'] . 'full/' . $new_name);
createThumbnail($new_name, $conf['storage']['folder'] . 'thumb/', $conf['thumbnail']['width'], $conf['thumbnail']['height'], $image_last_id);
if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images_meta` (`meta_id`, `image_id`, `image_ext`, `image_size`) VALUES " .
"(NULL, '{$image_last_id}', '{$image_dimensions}', '{$image_filesize}');")) {
die('Database error');
}
$template_info[$index] = array('id' => $image_last_id);
header('Location: ' . $conf['base_url'] . 'upload-success/' . base64_encode(serialize($template_info)));
} else {
die('Possible hacking attempt. Upload aborted.');
}
}
}
}
} else {
# Display the header
fihDisplayHead();
# Display the first column, which contains a login form and social networking tools
fihDisplayFirstColumn();
# Display the upload section
fihDisplayUpload();
# Footer
fihDisplayFoot();
}
}
function fihHomeIndex() {
global $conf, $DBH;
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
$prelim_check_errors = array();
if (@$_POST['ss'] != $_SESSION['shared_secret']) {
array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
}
if (empty($_POST['adult'])) {
array_push($prelim_check_errors, 'Please choose whether this image contains ADULT content or is family safe!');
} elseif ($_POST['adult'] != 'yes' && $_POST['adult'] != 'no') {
array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
}
if (isSpamIP($_SERVER['REMOTE_ADDR']) !== FALSE) {
array_push($prelim_check_errors, 'Sorry, your IP is listed in one of the spammer lists we use, which aren\'t controlled by us. More information is available at <a href="http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '">http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '</a>.');
}
if (count($prelim_check_errors) >= 1) {
fihRenderErrors($prelim_check_errors);
} else {
$upload_errors = array();
$names = $_FILES['fihImageUpload']['name'];
foreach ($names as $index => $name) {
if ($_FILES['fihImageUpload']['error'][$index] == UPLOAD_ERR_NO_FILE) {
unset($names[$index]);
continue;
}
if (filesize($_FILES['fihImageUpload']['tmp_name'][$index]) > $conf['upload']['max_file_size']) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' exceeds filesize limit.');
unset($names[$index]);
continue;
}
if (FALSE !== ($fileInfo = getimagesize($_FILES['fihImageUpload']['tmp_name'][$index]))) {
if (strrchr($name, '.') == FALSE) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is missing a file extension.');
unset($names[$index]);
continue;
} elseif (! in_array(substr(strrchr($name, '.'), 1), $conf['upload']['file_types']) ||
! in_array($fileInfo['mime'], $conf['upload']['mime_types'])) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
unset($names[$index]);
continue;
}
} else {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
unset($names[$index]);
continue;
}
}
if (empty($names) || count($upload_errors) >= 1) {
$error_m = empty($upload_errors) ? 'Please choose aleast file to upload!' : $upload_errors;
fihRenderErrors($error_m);
} else {
foreach ($names as $index => $name) {
$org_name = sanitize(explode('.', $name)[0]) . '.' . explode('.', $name)[1];
$new_name = sanitize(explode('.', $name)[0], true) . '_' . time() . '.' . explode('.', $name)[1];
if (move_uploaded_file($_FILES['fihImageUpload']['tmp_name'][$index], $conf['storage']['folder'] . 'full/' . $new_name)) {
$image_info = getimagesize($conf['storage']['folder'] . 'full/' . $new_name);
if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images` (`image_id`, `image_orig_filename`, `image_filename`, `image_adult`) VALUES " .
"(NULL, '{$org_name}', '{$new_name}', '{$_POST['adult']}');")) {
die('Database error');
}
$image_last_id = $DBH->insert_id;
$image_dimensions = $image_info[0] . 'x' . $image_info[1];
$image_filesize = filesize($conf['storage']['folder'] . 'full/' . $new_name);
createThumbnail($new_name, $conf['storage']['folder'] . 'thumb/', $conf['thumbnail']['width'], $conf['thumbnail']['height'], $image_last_id);
if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images_meta` (`meta_id`, `image_id`, `image_ext`, `image_size`) VALUES " .
"(NULL, '{$image_last_id}', '{$image_dimensions}', '{$image_filesize}');")) {
die('Database error');
}
$template_info[$index] = array('id' => $image_last_id);
header('Location: ' . $conf['base_url'] . 'upload-success/' . base64_encode(serialize($template_info)));
} else {
die('Possible hacking attempt. Upload aborted.');
}
}
}
}
} else {
# Display the header
fihDisplayHead();
# Display the first column, which contains a login form and social networking tools
fihDisplayFirstColumn();
# Display the upload section
fihDisplayUpload();
# Footer
fihDisplayFoot();
}
}
function fihHomeIndex() {
global $conf, $DBH;
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
$prelim_check_errors = array();
if (empty($_POST['adult'])) {
array_push($prelim_check_errors, 'Please choose whether this image contains ADULT content or is family safe!');
} elseif ($_POST['adult'] != 'yes' && $_POST['adult'] != 'no') {
array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
}
if (isSpamIP($_SERVER['REMOTE_ADDR']) !== FALSE) {
array_push($prelim_check_errors, 'Sorry, your IP is listed in one of the spammer lists we use, which aren\'t controlled by us. More information is available at <a href="http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '">http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '</a>.');
}
if (count($prelim_check_errors) >= 1) {
fihRenderErrors($prelim_check_errors);
} else {
$upload_errors = array();
$names = $_FILES['fihImageUpload']['name'];
foreach ($names as $index => $name) {
if ($_FILES['fihImageUpload']['error'][$index] == UPLOAD_ERR_NO_FILE) {
unset($names[$index]);
continue;
}
if (filesize($_FILES['fihImageUpload']['tmp_name'][$index]) > $conf['upload']['max_file_size']) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' exceeds filesize limit.');
unset($names[$index]);
continue;
}
if (FALSE !== ($fileInfo = getimagesize($_FILES['fihImageUpload']['tmp_name'][$index]))) {
if (strrchr($name, '.') == FALSE) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is missing a file extension.');
unset($names[$index]);
continue;
} elseif (! in_array(substr(strrchr($name, '.'), 1), $conf['upload']['file_types']) ||
! in_array($fileInfo['mime'], $conf['upload']['mime_types'])) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
unset($names[$index]);
continue;
}
} else {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
unset($names[$index]);
continue;
}
}
if (empty($names) || count($upload_errors) >= 1) {
$error_m = empty($upload_errors) ? 'Please choose aleast file to upload!' : $upload_errors;
fihRenderErrors($error_m);
} else {
foreach ($names as $index => $name) {
$org_name = sanitize(explode('.', $name)[0]) . '.' . explode('.', $name)[1];
$new_name = sanitize(explode('.', $name)[0], true) . '_' . time() . '.' . explode('.', $name)[1];
if (move_uploaded_file($_FILES['fihImageUpload']['tmp_name'][$index], $conf['storage']['folder'] . 'full/' . $new_name)) {
$image_info = getimagesize($conf['storage']['folder'] . 'full/' . $new_name);
if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images` (`image_id`, `image_orig_filename`, `image_filename`, `image_adult`) VALUES " .
"(NULL, '{$org_name}', '{$new_name}', '{$_POST['adult']}');")) {
die('Database error');
}
$image_last_id = $DBH->insert_id;
$image_dimensions = $image_info[0] . 'x' . $image_info[1];
$image_filesize = filesize($conf['storage']['folder'] . 'full/' . $new_name);
createThumbnail($new_name, $conf['storage']['folder'] . 'thumb/', $conf['thumbnail']['width'], $conf['thumbnail']['height'], $image_last_id);
if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images_meta` (`meta_id`, `image_id`, `image_ext`, `image_size`) VALUES " .
"(NULL, '{$image_last_id}', '{$image_dimensions}', '{$image_filesize}');")) {
die('Database error');
}
$template_info[$index] = array('id' => $image_last_id);
header('Location: ' . $conf['base_url'] . 'upload-success/' . base64_encode(serialize($template_info)));
} else {
die('Possible hacking attempt. Upload aborted.');
}
}
}
}
} else {
# Display the header
fihDisplayHead();
# Display the first column, which contains a login form and social networking tools
fihDisplayFirstColumn();
# Display the upload section
fihDisplayUpload();
# Footer
fihDisplayFoot();
}
}
function fihHomeIndex() {
global $conf, $DBH;
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
$prelim_check_errors = array();
if (@$_POST['ss'] != $_SESSION['shared_secret']) {
array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
}
if (empty($_POST['adult'])) {
array_push($prelim_check_errors, 'Please choose whether this image contains ADULT content or is family safe!');
} elseif ($_POST['adult'] != 'yes' && $_POST['adult'] != 'no') {
array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
}
if (isSpamIP($_SERVER['REMOTE_ADDR']) !== FALSE) {
array_push($prelim_check_errors, 'Sorry, your IP is listed in one of the spammer lists we use, which aren\'t controlled by us. More information is available at <a href="http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '">http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '</a>.');
}
if (count($prelim_check_errors) >= 1) {
fihRenderErrors($prelim_check_errors);
} else {
$upload_errors = array();
$names = $_FILES['fihImageUpload']['name'];
foreach ($names as $index => $name) {
if ($_FILES['fihImageUpload']['error'][$index] == UPLOAD_ERR_NO_FILE) {
unset($names[$index]);
continue;
}
if (filesize($_FILES['fihImageUpload']['tmp_name'][$index]) > $conf['upload']['max_file_size']) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' exceeds filesize limit.');
unset($names[$index]);
continue;
}
if (FALSE !== ($fileInfo = getimagesize($_FILES['fihImageUpload']['tmp_name'][$index]))) {
if (strrchr($name, '.') == FALSE) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is missing a file extension.');
unset($names[$index]);
continue;
} elseif (! in_array(substr(strrchr($name, '.'), 1), $conf['upload']['file_types']) ||
! in_array($fileInfo['mime'], $conf['upload']['mime_types'])) {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
unset($names[$index]);
continue;
}
} else {
array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
unset($names[$index]);
continue;
}
}
if (empty($names) || count($upload_errors) >= 1) {
$error_m = empty($upload_errors) ? 'Please choose aleast file to upload!' : $upload_errors;
fihRenderErrors($error_m);
} else {
foreach ($names as $index => $name) {
$org_name = sanitize(explode('.', $name)[0]) . '.' . explode('.', $name)[1];
$new_name = sanitize(explode('.', $name)[0], true) . '_' . time() . '.' . explode('.', $name)[1];
if (move_uploaded_file($_FILES['fihImageUpload']['tmp_name'][$index], $conf['storage']['folder'] . 'full/' . $new_name)) {
$image_info = getimagesize($conf['storage']['folder'] . 'full/' . $new_name);
if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images` (`image_id`, `image_orig_filename`, `image_filename`, `image_adult`) VALUES " .
"(NULL, '{$org_name}', '{$new_name}', '{$_POST['adult']}');")) {
die('Database error');
}
$image_last_id = $DBH->insert_id;
$image_dimensions = $image_info[0] . 'x' . $image_info[1];
$image_filesize = filesize($conf['storage']['folder'] . 'full/' . $new_name);
createThumbnail($new_name, $conf['storage']['folder'] . 'thumb/', $conf['thumbnail']['width'], $conf['thumbnail']['height'], $image_last_id);
if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images_meta` (`meta_id`, `image_id`, `image_ext`, `image_size`) VALUES " .
"(NULL, '{$image_last_id}', '{$image_dimensions}', '{$image_filesize}');")) {
die('Database error');
}
$template_info[$index] = array('id' => $image_last_id);
header('Location: ' . $conf['base_url'] . 'upload-success/' . base64_encode(serialize($template_info)));
} else {
die('Possible hacking attempt. Upload aborted.');
}
}
}
}
} else {
# Display the header
fihDisplayHead();
# Display the first column, which contains a login form and social networking tools
fihDisplayFirstColumn();
# Display the upload section
fihDisplayUpload();
# Footer
fihDisplayFoot();
}
}
Loading
lang-php