|
1 | 1 | <?php |
2 | 2 |
|
| 3 | +session_start(); |
| 4 | + |
| 5 | +if($_SESSION['user_class'] != "administrator"){ |
| 6 | + header("location:../index.php"); |
| 7 | + die("PERMISSION DENIED!"); |
| 8 | +} |
| 9 | + |
| 10 | +require '../../config.php'; |
| 11 | +if(is_file('../../'.FC_CONTENT_DIR.'/config.php')) { |
| 12 | + include '../../'.FC_CONTENT_DIR.'/config.php'; |
| 13 | +} |
| 14 | + |
| 15 | +if($_POST['csrf_token'] !== $_SESSION['token']) { |
| 16 | + die('Error: CSRF Token is invalid'); |
| 17 | +} |
| 18 | + |
3 | 19 | $year = date('Y',time()); |
4 | 20 | $gallery_id = 'gallery'. (int) $_REQUEST['gal']; |
5 | 21 | $uploads_dir = '../../content/galleries/'.$year.'/'.$gallery_id; |
|
20 | 36 | } |
21 | 37 |
|
22 | 38 | if(array_key_exists('file',$_FILES) && $_FILES['file']['error'] == 0 ){ |
| 39 | + |
23 | 40 | $tmp_name = $_FILES["file"]["tmp_name"]; |
24 | 41 | $timestring = microtime(true); |
| 42 | + $random_int = random_int(0, 999); |
25 | 43 |
|
26 | | - $suffix = strrchr($_FILES["file"]["name"],"."); |
27 | | - $org_name = $timestring . $suffix; |
28 | | - $img_name = $timestring."_img.jpg"; |
29 | | - $tmb_name = $timestring."_tmb.jpg"; |
| 44 | + $suffix = substr(strrchr($_FILES["file"]["name"],"."),1); |
| 45 | + $org_name = $timestring .'.'. $suffix; |
| 46 | + $img_name = $timestring.$random_int."_img.jpg"; |
| 47 | + $tmb_name = $timestring.$random_int."_tmb.jpg"; |
| 48 | + |
| 49 | + if(!in_array($suffix, $fc_upload_img_types)) { |
| 50 | + exit; |
| 51 | + } else { |
30 | 52 |
|
31 | | - if(move_uploaded_file($tmp_name, "$uploads_dir/$org_name")) { |
32 | | - create_thumbs($uploads_dir,$org_name,$img_name, $max_width,$max_height,90); |
33 | | - create_thumbs($uploads_dir,$img_name,$tmb_name, $max_width_tmb,$max_height_tmb,80); |
34 | | - unlink("$uploads_dir/$org_name"); |
35 | | - print ('Uploaded'); |
| 53 | + if(move_uploaded_file($tmp_name, "$uploads_dir/$org_name")) { |
| 54 | + create_thumbs($uploads_dir,$org_name,$img_name, $max_width,$max_height,90); |
| 55 | + create_thumbs($uploads_dir,$img_name,$tmb_name, $max_width_tmb,$max_height_tmb,80); |
| 56 | + unlink("$uploads_dir/$org_name"); |
| 57 | + print ('Uploaded'); |
| 58 | + } |
36 | 59 | } |
37 | 60 | } |
38 | 61 | function create_thumbs($updir, $img, $name, $thumbnail_width, $thumbnail_height, $quality){ |
39 | 62 | $arr_image_details = GetImageSize("$updir/$img"); |
40 | 63 | $original_width = $arr_image_details[0]; |
41 | 64 | $original_height = $arr_image_details[1]; |
42 | 65 | $a = $thumbnail_width / $thumbnail_height; |
43 | | - $b = $original_width / $original_height; |
| 66 | + $b = $original_width / $original_height; |
44 | 67 |
|
45 | 68 |
|
46 | 69 | if ($a<$b) { |
|
0 commit comments