From eea55797aa7399567cdda04a1944dc795564aa1e Mon Sep 17 00:00:00 2001
From: ENGO150 <v.smejkal06@gmail.com>
Date: Fri, 24 May 2024 18:22:33 +0200
Subject: [PATCH] checking file size

---
 res/forum/api/upload_picture.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/res/forum/api/upload_picture.php b/res/forum/api/upload_picture.php
index 81001ac..82d2f96 100644
--- a/res/forum/api/upload_picture.php
+++ b/res/forum/api/upload_picture.php
@@ -5,7 +5,7 @@ session_start();
 
 if (!isset($_SESSION["username"])) goto fail;
 
-$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
+$out = $database -> query("SELECT username, admin, id FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\"");
 
 if ($out -> num_rows != 1)
 {
@@ -36,6 +36,17 @@ if (!in_array(strtolower(pathinfo($_FILES["file_upload"]["name"], PATHINFO_EXTEN
     goto send;
 }
 
+$res = $out -> fetch_assoc();
+
+if (!$res["admin"])
+{
+    if ($_FILES["file_upload"]["size"] > 5 * 1024 * 1024)
+    {
+        $status = 4;
+        goto send;
+    }
+}
+
 send:
 header('Content-type: application/json');
 echo json_encode(["status" => $status]);
\ No newline at end of file