function insertReviewContent($review_header, $description, $landing_url, $cover_pic, $user_uploaded) { $id = generateUniqueId("review_content"); $dated=getCurrentDate(); $user=$_SESSION['uname']; $parentSite=str_replace('.com', '', str_ireplace('www.', '', parse_url($landing_url, PHP_URL_HOST))); $query = "INSERT INTO review_content (id, review_header, review_content, landing_url, cover_pic, user_created, date_uploaded, parent_site) VALUES ($id, '$title', '$description', '$landing_url', '$cover_pic', '$user', '$dated', '$parentSite')"; mysql_query($query) or die(mysql_error()); return $id; }
function addNewPhoto() { $id = generateUniqueId("jos_photo"); $fileName = rand(1000, 100000000) . $_FILES['photo']['name']; $path = "./images/" . $fileName; $title = $_POST['title']; $descr = $_POST['desc']; $landing_url = $_POST['landing_url']; $query = "INSERT INTO review_pic (review_id, review_header, review_content, landing_url, pic_url, is_deleted) VALUES ($id, '$title', '$descr', '$landing_url', '$path', 0)"; $path = dirname(__FILE__) . "\\images\\" . $fileName; move_uploaded_file($_FILES['photo']['tmp_name'], $path); mysql_query($query) or die("Couldn't execute query"); header("Location: ../index.php?msg=Added Successfully"); }
function addNewView() { $reviewId = $_GET['review_id']; if (isset($_SESSION['uname'])) { $viewedBy = $_SESSION['uname']; } else { $viewedBy = "Anonymous"; } $viewedDate = getCurrentDate(); $ipAddress = getUserIpAddress(); $tableName = "review_hits"; $id = generateUniqueId($tableName); $query = "INSERT INTO " . $tableName . " (id, review_id, viewed_by, view_date, ip_viewed_from) VALUES ($id, $reviewId, '$viewedBy', '$viewedDate', '$ipAddress')"; echo $query; mysql_query($query) or die(mysql_error()); }
if ($result) { $insertImage = $bdd->prepare("INSERT INTO users SET image = :image WHERE id= :id"); $insertImage->execute(array('image' => $session . "." . $uploadExtensions, 'id' => $session)); } else { header('HTTP/1.1 422 Erreur durant l\'importation du fichier.'); } } else { header('HTTP/1.1 422 Votre photo de profil doit être au format jpg, jpeg, gif, ou png.'); } } else { header('HTTP/1.1 422 Votre image ne doit pas dépasser 2Mo'); } } $bdd->query("INSERT INTO users VALUES('{$pseudo}','{$name}','{$firstname}','{$email}','{$passwordcrypt}','{$img}')"); header('HTTP/1.1 201 OK'); $session = generateUniqueId(15); echo '{"statut":"true","pseudo":"' . $pseudo . '","session":"' . $session . '"}'; /*---------------------- Gestion des cookies -----------------------------------------*/ setcookie("pseudo", $pseudo, time() + 3600); setcookie("session", $session, time() + 3600); /*---------------------- Fin de gestion des cookies -----------------------------------------*/ } } else { header('HTTP/1.1 400 no post'); } /*---------------------- FUNCTION de création de session -----------------------------------------*/ // Fonction qui génère un numéro de session unique. function generateUniqueId($maxLength = null) { $entropy = ''; // On test le ssl.
function main() { if (isset($_FILES['picturefile']['name'])) { $referersplit = preg_split("/[?]/", $_SERVER['HTTP_REFERER']); $referer = $referersplit[0]; try { if ($_FILES["picturefile"]["size"] > 5 * 1024 * 1024 || $_FILES['picturefile']['tmp_name'] == null) { throw new Exception('File too large!'); } else { if (getContentType($_FILES['picturefile']['name']) == null) { throw new Exception('File type not supported!'); } else { $filename = generateUniqueId() . "-" . $_FILES['picturefile']['name']; $tmpName = $_FILES['picturefile']['tmp_name']; $image = new SimpleImage(); $image->load($tmpName); $imageWasResized = false; if ($image->getHeight() > 1024) { $image->resizeToHeight(1024); } if ($image->getWidth() > 1024) { $image->resizeToWidth(1024); } $image->save($tmpName); // Saving even if not resized, to reduce compression level of file $fp = fopen($tmpName, 'r'); $content = fread($fp, filesize($tmpName)); fclose($fp); updateOrInsertImage($filename, $content); } } header('Location: ' . $referer . "?uploadresult=true&filelocation=php/io.php?file=" . $filename); return true; } catch (Exception $e) { header('Location: ' . $referer . "?uploadresult=false&errormsg=" . $e->getMessage()); return true; } } if (isset($_GET['id'])) { $slideshowId = $_GET['id']; $slideshowSrc = getSlideshow($slideshowId); $slideshow = array('id' => $slideshowId, 'src' => $slideshowSrc); sendJSONResponse(json_encode($slideshow)); return true; } if (isset($_POST['id'], $_POST['key'], $_POST['src'])) { $slideshowId = $_POST['id']; $slideshowKey = $_POST['key']; $slideshowToSave = $_POST['src']; if (isCorrectKey($slideshowId, $slideshowKey)) { updateSlideshow($slideshowId, $slideshowToSave); } else { throw new Exception("ERROR key is wrong"); } $result = array('id' => $slideshowId); sendJSONResponse(json_encode($result)); return true; } if (isset($_POST['create'])) { $id = generateUniqueId(); $key = generateRandomLegibleString(); createEmptySlideshow($id, $key); $idAndKey = array('id' => $id, 'key' => $key); sendJSONResponse(json_encode($idAndKey)); return true; } if (isset($_GET['file'])) { $imageId = $_GET['file']; $image = getImage($imageId); header("Content-type: " . getContentType($imageId)); print $image; return true; } return false; }
function main() { if (isset($_FILES['picturefile']['name'])) { $referersplit = preg_split("/[?]/", $_SERVER['HTTP_REFERER']); $referer = $referersplit[0]; try { if ($_FILES["picturefile"]["size"] > 5 * 1024 * 1024) { throw new Exception('File too large!'); } else { $filename = generateUniqueId() . "-" . $_FILES['picturefile']['name']; $filelocation = "uploaded_files/" . $filename; $uploadresult = move_uploaded_file($_FILES['picturefile']['tmp_name'], "../" . $filelocation); if (!$uploadresult) { throw new Exception('Error when saving file!'); } $image = new SimpleImage(); $image->load("../" . $filelocation); $imageWasResized = false; if ($image->getHeight() > 1024) { $image->resizeToHeight(1024); } if ($image->getWidth() > 1024) { $image->resizeToWidth(1024); } $image->save("../" . $filelocation); // Saving even if not resized, to reduce compression level of file } header('Location: ' . $referer . "?uploadresult=true&filelocation=" . $filelocation); return true; } catch (Exception $e) { header('Location: ' . $referer . "?uploadresult=false&errormsg=" . $e->getMessage()); return true; } } if (isset($_GET['id'])) { $slideshowId = $_GET['id']; $slideshowSrc = getSlideshow($slideshowId); $slideshow = array('id' => $slideshowId, 'src' => $slideshowSrc); sendJSONResponse(json_encode($slideshow)); return true; } if (isset($_POST['id'], $_POST['key'], $_POST['src'])) { $slideshowId = $_POST['id']; $slideshowKey = $_POST['key']; $slideshowToSave = $_POST['src']; if (isCorrectKey($slideshowId, $slideshowKey)) { updateSlideshow($slideshowId, $slideshowToSave); } else { throw new Exception("ERROR key is wrong"); } $result = array('id' => $slideshowId); sendJSONResponse(json_encode($result)); return true; } if (isset($_POST['create'])) { $id = generateUniqueId(); $key = generateRandomLegibleString(); createEmptySlideshow($id, $key); $idAndKey = array('id' => $id, 'key' => $key); sendJSONResponse(json_encode($idAndKey)); return true; } return false; }
if (!$id) { throw new Exception("Project id is not specified or is incorrect"); } if (!file_exists(RDIR . "/projects/" . $id . ".json")) { throw new Exception("Project not found"); } unlink(RDIR . "/projects/" . $id . ".json"); $result["success"] = "Project has been deleted"; } catch (Exception $e) { $result["error"] = $e->getMessage(); } } elseif ($action == "saveProject") { $jsonData = $_REQUEST["jsonData"]; $id = preg_replace("/[^a-z0-9]/", "", $_REQUEST["id"]); if (!$id) { $id = generateUniqueId(20); } $f = fopen(RDIR . "/projects/" . $id . ".json", "w"); fwrite($f, $jsonData); fclose($f); $result["id"] = $id; $result["success"] = "Project saved"; } echo json_encode($result); function generateUniqueId($n) { $availableCharacters = "qwertyuiopasdfghjklzxcvbnm1234567890"; $id = ""; for ($i = 0; $i < $n; $i++) { $id .= substr($availableCharacters, rand(0, strlen($availableCharacters) - 1), 1); }
<?php include_once 'database/connection.php'; include_once 'core.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['content'])) { $content = $_POST['content']; $event_id = $_POST['event_id']; $id = generateUniqueId(); $query = "insert into comments('id','content','event_id','author_id','date')\n\t values('" . $id . "','" . $content . "','" . $event_id . "','" . $_SESSION['user_id'] . "','" . date('Y-m-d') . "')"; $dbh->query($query); header("Location:details.php?id=" . $event_id); } else { echo '<script>You cannot add empty comment</script>'; } } else { echo 'Bad request'; }