Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php session_start();
- /**
- * Created by PhpStorm.
- * User: ygranger
- * Date: 5/10/17
- * Time: 11:45 AM
- */
- include_once('../functions/functions.php');
- include_once('../db/dsn.php');
- // hash of (userid+time) => $_FILES[_hash_] => file upload id is returned
- //Operations performed
- // 1. user logged
- // 2. $_FILES is set
- // 3. user directory exists and is writable
- // 4. upload is correct (serial, mime-type)
- // 5. move to user uploads directory
- // 6. redim to standard site size and create a thumb
- // 7. store [fullpath,relpath] of .original .copy .thumb in a database table
- //1. user logged
- if (!isset($_POST)||!isset($_SESSION['username']))
- {
- $_SESSION['errorMsg'] = 'Veuillez vous identifier';
- include('../functions/redirect.php');
- }
- if (isset($_SESSION['userrank'])&& $_SESSION['userrank']<4)
- {
- // 2. $_FILES is set without error
- if (!isset($_SESSION['$opId'])) {
- $_SESSION['errorMsg'] = 'Un problème est survenu lors du chargement de votre fichier';
- include('../functions/redirect.php');
- } else {
- $opId = $_SESSION['$opId'];
- unset($_SESSION['$opId']);
- }
- if ((!(isset($_FILES['_' . $opId . '_']))) || $_FILES['_' . $opId . '_']['error'] > 0) {
- $_SESSION['errorMsg'] = 'Un problème est survenu lors du chargement de votre fichier';
- include('../functions/redirect.php');
- }
- // 3. user directory exists and is writable
- list($bStatus, $strErrorMsg) = checkUserUpDir($_SESSION['userid'], rebaseUrl('/img/uploads/'), 'pics');
- if (!$bStatus) {
- echo($strErrorMsg);
- die();
- }
- $userUploadDir = rebaseUrl('/img/uploads/pics' . $_SESSION['userid']);
- $userUploadRelPathDir = '/img/uploads/pics' . $_SESSION['userid'];
- // 4. upload is correct (serial, mime-type)
- // 4.1. File posted changed (injection)
- if (!is_uploaded_file($_FILES['_' . $opId . '_']['tmp_name'])) {
- $bError = TRUE;
- $errorMsg = 'Fichier modifié par l\'utilisateur';;
- }
- // 4.2. whitelisted types
- $strAllowedTypes = array("image/bmp", "image/gif", "image/jpeg", "image/png");
- $upFileType = get_mime_type($_FILES['_' . $opId . '_']['tmp_name']);
- if (!in_array($upFileType, $strAllowedTypes, TRUE)) {
- $bError = TRUE;
- $errorMsg = 'Type de fichier non pris en charge';
- }
- if ($bError) {
- $_SESSION['errorMsg'] = $strErrorMsg;
- include('../functions/redirect.php');
- }
- // 5. move to user uploads directory
- $upFileName = strtolower(strip_tags($_FILES['_' . $opId . '_']['name']));
- $upFileRelPath = str_replace('//', '/', $userUploadRelPathDir . '/' . $upFileName);
- $upFileFullPath = str_replace('//', '/', $userUploadDir . '/' . $upFileName);
- $upFileInfo = new SplFileInfo($upFileFullPath);
- $upFileExt = $upFileInfo->getExtension();
- $upFileSize = $_FILES['_' . $opId . '_']['size'];
- $bMoveResult = move_uploaded_file($_FILES['_' . $opId . '_']['tmp_name'], $upFileFullPath);
- if ($bMoveResult == FALSE) {
- $bError = TRUE;
- $_SESSION['errorMsg'] = 'Erreur lors du déplacement du fichier';
- include('../functions/redirect.php');
- }
- // 6. redim to standard-arbitrary size and create a thumb
- $copyFileName = date('YmdHis') . '_copy.png';
- $copyFileFullPath = str_replace('//', '/', $userUploadDir . '/' . $copyFileName);
- $copyFileRelPath = str_replace('//', '/', $userUploadRelPathDir . '/' . $copyFileName);
- $bCopyFileCreation = redefImgFormat($upFileFullPath, $copyFileFullPath, 300, 0, 'ratio');
- chmod($copyFileFullPath, 0755);
- $copyFileInfo = new SplFileInfo($copyFileFullPath);
- $copyFileExt = $copyFileInfo->getExtension();
- $copyFileSize = filesize($copyFileFullPath);
- $thumbFileName = date('YmdHis') . '_thumbs.png';
- $thumbFileFullPath = str_replace('//', '/', $userUploadDir . '/' . $thumbFileName);
- $thumbFileRelPath = str_replace('//', '/', $userUploadRelPathDir . '/' . $thumbFileName);
- $bThumbFileCreation = redefImgFormat($upFileFullPath, $thumbFileFullPath, 100, 0, 'ratio');
- chmod($thumbFileFullPath, 0755);
- $thumbFileInfo = new SplFileInfo($thumbFileFullPath);
- $thumbFileExt = $thumbFileInfo->getExtension();
- $thumbFileSize = filesize($thumbFileFullPath);
- // 7. store [fullpath,relpath] of .original .copy .thumb in a database table
- $connSql = dbconn();
- $req = $connSql->prepare('INSERT INTO imgupload (upFileFullPath,
- upFileRelPath,
- upFileName,
- upFileExt,
- upFileSize,
- copyFileFullPath,
- copyFileRelPath,
- copyFileName,
- copyFileExt,
- copyFileSize,
- thumbFileFullPath,
- thumbFileRelPath,
- thumbFileName,
- thumbFileExt,
- thumbFileSize,
- opId,
- userId,
- dt_post)
- VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?) ');
- $req->execute([$upFileFullPath,
- $upFileRelPath,
- $upFileName,
- $upFileExt,
- $upFileSize,
- $copyFileFullPath,
- $copyFileRelPath,
- $copyFileName,
- $copyFileExt,
- $copyFileSize,
- $thumbFileFullPath,
- $thumbFileRelPath,
- $thumbFileName,
- $thumbFileExt,
- $thumbFileSize,
- $opId,
- $_SESSION['userid'],
- date('Y-m-d H:i:s')]);
- $req = null;
- $connSql = null;
- $_SESSION['$opConfirmedId'] = $opId;
- }
- //back to upload form
- include('../functions/redirect.php');
Add Comment
Please, Sign In to add comment