From a139e6ca48c02f4ede5850fc47d5b76bce0ca64a Mon Sep 17 00:00:00 2001 From: ENGO150 Date: Fri, 24 May 2024 18:34:11 +0200 Subject: [PATCH] uploading image to user_content dir --- res/forum/api/upload_picture.php | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/res/forum/api/upload_picture.php b/res/forum/api/upload_picture.php index 82d2f96..35f8503 100644 --- a/res/forum/api/upload_picture.php +++ b/res/forum/api/upload_picture.php @@ -30,7 +30,9 @@ if (!isset($_POST["name"])) goto send; } -if (!in_array(strtolower(pathinfo($_FILES["file_upload"]["name"], PATHINFO_EXTENSION)), $supported_formats)) +$file_format = strtolower(pathinfo($_FILES["file_upload"]["name"], PATHINFO_EXTENSION)); + +if (!in_array($file_format, $supported_formats)) { $status = 3; goto send; @@ -47,6 +49,23 @@ if (!$res["admin"]) } } +$user_id = $res["id"]; +$dir = "../../../user_content/" . $user_id; + +if (!(file_exists($dir) && is_dir($dir))) +{ + mkdir($dir); +} + +$safe_name = mysqli_real_escape_string($database, $_POST["name"]); +$safe_desc = isset($_POST["desc"]) ? mysqli_real_escape_string($database, $_POST["desc"]) : null; + +$photo_id = count(glob($dir . "/*")); + +$database -> query("INSERT INTO post (title, description, author, photo_id) VALUES (\"" . $safe_name . "\", " . ($safe_desc == null ? "NULL" : "\"" . $safe_desc . "\"") . ", " . $user_id . ", " . $photo_id . ")"); + +move_uploaded_file($_FILES["file_upload"]["tmp_name"], $dir . "/" . $photo_id . "." . $file_format); + send: header('Content-type: application/json'); echo json_encode(["status" => $status]); \ No newline at end of file