Beispiel #1
0
function handleJSON_changeImageProfile($smarty, $module_name)
{
    global $arrConf;
    Header('Content-Type: application/json');
    $arrCredentials = getUserCredentials($_SESSION['elastix_user']);
    $pDB = new paloDB($arrConf['elastix_dsn']["elastix"]);
    $pACL = new paloACL($pDB);
    $jsonObject = new PaloSantoJSON();
    $idUser = $arrCredentials['idUser'];
    foreach ($_FILES['picture']['error'] as $key => $error) {
        if ($error == UPLOAD_ERR_OK) {
            $pictureUpload = $_FILES['picture']['name'][$key];
            if (!preg_match("/^(\\w|-|\\.|\\(|\\)|\\s)+\\.(png|PNG|JPG|jpg|JPEG|jpeg)\$/", $pictureUpload)) {
                $jsonObject->set_error(_tr("Invalid file extension.- It must be png or jpg or jpeg"));
                return $jsonObject->createJSON();
            } elseif (preg_match("/(\\.php)/", $pictureUpload)) {
                $jsonObject->set_error(_tr("Possible file upload attack."));
                return $jsonObject->createJSON();
            } else {
                if (is_uploaded_file($_FILES['picture']['tmp_name'][$key])) {
                    $ancho = 159;
                    $alto = 159;
                    redimensionarImagen($_FILES['picture']['tmp_name'][$key], $_FILES['picture']['tmp_name'][$key], $ancho, $alto);
                    $picture_type = $_FILES['picture']['type'][$key];
                    $picture_content = file_get_contents($_FILES['picture']['tmp_name'][$key]);
                    $Exito = $pACL->setUserPicture($idUser, $picture_type, $picture_content);
                    if ($Exito === false) {
                        $jsonObject->set_error(_tr("Image couldn't be upload."));
                        return $jsonObject->createJSON();
                    }
                } else {
                    $jsonObject->set_error(_tr("Possible file upload attack. Filename") . " : " . $pictureUpload);
                    return $jsonObject->createJSON();
                }
            }
            $url = "index.php?menu=_elastixutils&action=getImage&ID={$idUser}&rawmode=yes";
            $jsonObject->set_message($url);
            return $jsonObject->createJSON();
        }
    }
    return $jsonObject->createJSON();
}
Beispiel #2
0
function uploadImage($idUser, $pDB, &$error)
{
    $pACL = new paloACL($pDB);
    $pictureUpload = $_FILES['picture']['name'];
    $Exito = false;
    //valido el tipo de archivo
    // \w cualquier caracter, letra o guion bajo
    // \s cualquier espacio en blanco
    if (!preg_match("/^(\\w|-|\\.|\\(|\\)|\\s)+\\.(png|PNG|JPG|jpg|JPEG|jpeg)\$/", $pictureUpload)) {
        $error = _tr("Invalid file extension.- It must be png or jpg or jpeg");
    } elseif (preg_match("/(\\.php)/", $pictureUpload)) {
        $error = _tr("Possible file upload attack.");
    } else {
        if (is_uploaded_file($_FILES['picture']['tmp_name'])) {
            $ancho = 240;
            $alto = 200;
            redimensionarImagen($_FILES['picture']['tmp_name'], $_FILES['picture']['tmp_name'], $ancho, $alto);
            $picture_type = $_FILES['picture']['type'];
            $picture_content = file_get_contents($_FILES['picture']['tmp_name']);
            $Exito = $pACL->setUserPicture($idUser, $picture_type, $picture_content);
            if ($Exito === false) {
                $error = "Image couldn't be upload";
            }
        } else {
            $error = _tr("Possible file upload attack. Filename") . " : " . $pictureUpload;
        }
    }
    return $Exito;
}