FabrikaHradekTour/res/forum/api/upload_picture.php

<?php

include("../../global.php");
session_start();

if (!isset($_SESSION["username"])) goto fail;

$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");

if ($out -> num_rows != 1)
{
    fail:
    echo "nope";
    header("Location: ../../../index.php");
    return;
}

$status = 0;
$supported_formats = array("jpg", "jpeg", "png", "webp");

if (!isset($_FILES["file_upload"]))
{
    $status = 1;
    goto send;
}

if (!isset($_POST["name"]))
{
    $status = 2;
    goto send;
}

if (!in_array(strtolower(pathinfo($_FILES["file_upload"]["name"], PATHINFO_EXTENSION)), $supported_formats))
{
    $status = 3;
    goto send;
}

send:
header('Content-type: application/json');
echo json_encode(["status" => $status]);