/** * @param int $expires Expiration timestamp * @param string $dirname Input with a directory name * @return array Associative array with: * - "expiration": date when this post will expire * - "signature": md5 summed, signed string */ function local_get_post_details($expires, $dirname, $redirect) { $expiration = gmdate("D, d M Y H:i:s", $expires) . ' UTC'; $signature = sign_post_details($dirname, $expiration, API_PASSWORD); $base_url = local_get_post_baseurl($dirname); return compact('dirname', 'expiration', 'signature', 'redirect', 'base_url'); }
require_once '../lib/lib.everything.php'; enforce_master_on_off_switch(); /*** ... ***/ $dirname = $_POST['dirname'] ? $_POST['dirname'] : null; $redirect = preg_match('#^http://#', $_POST['redirect']) ? $_POST['redirect'] : null; $expiration = $_POST['expiration'] ? $_POST['expiration'] : null; $file = is_array($_FILES['file']) ? $_FILES['file'] : null; if (strtotime($expiration) < time()) { die_with_code(401, "Sorry, expiration date {$expiration} has come and gone - " . date('r', strtotime($expiration))); } if ($file['error'] > 0) { die_with_code(400, "Sorry, encountered error #{$file['error']} (see http://us.php.net/manual/en/features.file-upload.errors.php)"); } $posted_signature = $_POST['signature'] ? $_POST['signature'] : null; $expected_signature = sign_post_details($dirname, $expiration, API_PASSWORD); if ($posted_signature != $expected_signature) { die_with_code(401, 'Sorry, bad signature'); } if (is_array($file) && is_uploaded_file($file['tmp_name'])) { $object_id = rtrim($dirname, '/') . '/' . ltrim($file['name'], '/'); $content_bytes = file_get_contents($file['tmp_name']); $url = post_file_local($object_id, $content_bytes); } if ($redirect) { $redirect = new Net_URL($redirect); $redirect->addQueryString('url', $url); $redirect = $redirect->getURL(); } if ($redirect) { header("Location: {$redirect}");