<?php session_start();/** * Created by PhpStorm. * User: ygranger * Date: 5/

1. <?php session_start();
2. /**
3. * Created by PhpStorm.
4. * User: ygranger
5. * Date: 5/10/17
6. * Time: 11:45 AM
7. */
8.  
9. include_once('../functions/functions.php');
10. include_once('../db/dsn.php');
11.  
12. // hash of (userid+time) => $_FILES[_hash_] => file upload id is returned
13.  
14. //Operations performed
15.  
16. // 1. user logged
17. // 2. $_FILES is set
18. // 3. user directory exists and is writable
19. // 4. upload is correct (serial, mime-type)
20. // 5. move to user uploads directory
21. // 6. redim to standard site size and create a thumb
22. // 7. store [fullpath,relpath] of .original .copy .thumb in a database table
23.  
24.  
25. //1. user logged
26.  
27. if (!isset($_POST)||!isset($_SESSION['username']))
28. {
29. $_SESSION['errorMsg'] = 'Veuillez vous identifier';
30. include('../functions/redirect.php');
31. }
32.  
33. if (isset($_SESSION['userrank'])&& $_SESSION['userrank']<4)
34. {
35. // 2. $_FILES is set without error
36.  
37. if (!isset($_SESSION['$opId'])) {
38. $_SESSION['errorMsg'] = 'Un problème est survenu lors du chargement de votre fichier';
39. include('../functions/redirect.php');
40. } else {
41. $opId = $_SESSION['$opId'];
42. unset($_SESSION['$opId']);
43. }
44.  
45. if ((!(isset($_FILES['_' . $opId . '_']))) || $_FILES['_' . $opId . '_']['error'] > 0) {
46. $_SESSION['errorMsg'] = 'Un problème est survenu lors du chargement de votre fichier';
47. include('../functions/redirect.php');
48. }
49.  
50. // 3. user directory exists and is writable
51.  
52. list($bStatus, $strErrorMsg) = checkUserUpDir($_SESSION['userid'], rebaseUrl('/img/uploads/'), 'pics');
53.  
54. if (!$bStatus) {
55. echo($strErrorMsg);
56. die();
57. }
58.  
59. $userUploadDir = rebaseUrl('/img/uploads/pics' . $_SESSION['userid']);
60. $userUploadRelPathDir = '/img/uploads/pics' . $_SESSION['userid'];
61.  
62. // 4. upload is correct (serial, mime-type)
63.  
64. // 4.1. File posted changed (injection)
65. if (!is_uploaded_file($_FILES['_' . $opId . '_']['tmp_name'])) {
66. $bError = TRUE;
67. $errorMsg = 'Fichier modifié par l\'utilisateur';;
68. }
69.  
70. // 4.2. whitelisted types
71. $strAllowedTypes = array("image/bmp", "image/gif", "image/jpeg", "image/png");
72. $upFileType = get_mime_type($_FILES['_' . $opId . '_']['tmp_name']);
73.  
74. if (!in_array($upFileType, $strAllowedTypes, TRUE)) {
75. $bError = TRUE;
76. $errorMsg = 'Type de fichier non pris en charge';
77. }
78.  
79. if ($bError) {
80. $_SESSION['errorMsg'] = $strErrorMsg;
81. include('../functions/redirect.php');
82. }
83.  
84.  
85. // 5. move to user uploads directory
86.  
87. $upFileName = strtolower(strip_tags($_FILES['_' . $opId . '_']['name']));
88. $upFileRelPath = str_replace('//', '/', $userUploadRelPathDir . '/' . $upFileName);
89. $upFileFullPath = str_replace('//', '/', $userUploadDir . '/' . $upFileName);
90.  
91. $upFileInfo = new SplFileInfo($upFileFullPath);
92. $upFileExt = $upFileInfo->getExtension();
93. $upFileSize = $_FILES['_' . $opId . '_']['size'];
94.  
95. $bMoveResult = move_uploaded_file($_FILES['_' . $opId . '_']['tmp_name'], $upFileFullPath);
96.  
97. if ($bMoveResult == FALSE) {
98. $bError = TRUE;
99. $_SESSION['errorMsg'] = 'Erreur lors du déplacement du fichier';
100. include('../functions/redirect.php');
101. }
102.  
103.  
104. // 6. redim to standard-arbitrary size and create a thumb
105.  
106. $copyFileName = date('YmdHis') . '_copy.png';
107. $copyFileFullPath = str_replace('//', '/', $userUploadDir . '/' . $copyFileName);
108. $copyFileRelPath = str_replace('//', '/', $userUploadRelPathDir . '/' . $copyFileName);
109. $bCopyFileCreation = redefImgFormat($upFileFullPath, $copyFileFullPath, 300, 0, 'ratio');
110. chmod($copyFileFullPath, 0755);
111.  
112. $copyFileInfo = new SplFileInfo($copyFileFullPath);
113. $copyFileExt = $copyFileInfo->getExtension();
114. $copyFileSize = filesize($copyFileFullPath);
115.  
116. $thumbFileName = date('YmdHis') . '_thumbs.png';
117. $thumbFileFullPath = str_replace('//', '/', $userUploadDir . '/' . $thumbFileName);
118. $thumbFileRelPath = str_replace('//', '/', $userUploadRelPathDir . '/' . $thumbFileName);
119. $bThumbFileCreation = redefImgFormat($upFileFullPath, $thumbFileFullPath, 100, 0, 'ratio');
120. chmod($thumbFileFullPath, 0755);
121.  
122. $thumbFileInfo = new SplFileInfo($thumbFileFullPath);
123. $thumbFileExt = $thumbFileInfo->getExtension();
124. $thumbFileSize = filesize($thumbFileFullPath);
125.  
126. // 7. store [fullpath,relpath] of .original .copy .thumb in a database table
127.  
128. $connSql = dbconn();
129.  
130. $req = $connSql->prepare('INSERT INTO imgupload (upFileFullPath,
131. upFileRelPath,
132. upFileName,
133. upFileExt,
134. upFileSize,
135. copyFileFullPath,
136. copyFileRelPath,
137. copyFileName,
138. copyFileExt,
139. copyFileSize,
140. thumbFileFullPath,
141. thumbFileRelPath,
142. thumbFileName,
143. thumbFileExt,
144. thumbFileSize,
145. opId,
146. userId,
147. dt_post)
148. VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?) ');
149.  
150.  
151. $req->execute([$upFileFullPath,
152. $upFileRelPath,
153. $upFileName,
154. $upFileExt,
155. $upFileSize,
156. $copyFileFullPath,
157. $copyFileRelPath,
158. $copyFileName,
159. $copyFileExt,
160. $copyFileSize,
161. $thumbFileFullPath,
162. $thumbFileRelPath,
163. $thumbFileName,
164. $thumbFileExt,
165. $thumbFileSize,
166. $opId,
167. $_SESSION['userid'],
168. date('Y-m-d H:i:s')]);
169.  
170.  
171. $req = null;
172. $connSql = null;
173. $_SESSION['$opConfirmedId'] = $opId;
174. }
175. //back to upload form
176. include('../functions/redirect.php');