public function createAction()
{
global $TNB_GLOBALS;
$data = $_POST;
$token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null;
if (!$token) {
return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')];
}
if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) {
return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')];
}
$data['type'] = $data['post_type'];
if ($data['type'] == 'image') {
//Upload photo if it is image type
$tempFile = $_FILES['image']['tmp_name'];
$targetPath = DIR_FS_PHOTO . "tmp";
if (!is_dir($targetPath)) {
mkdir($targetPath, 0777);
//Create Index file
$fp = fopen($targetPath . "/index.html", "w");
fclose($fp);
}
// Validate the file type
$fileParts = pathinfo($_FILES['image']['name']);
//Check the file extension
if (in_array(strtolower($fileParts['extension']), $TNB_GLOBALS['imageTypes'])) {
//Check Image Size
list($width, $height, $type, $attr) = getimagesize($tempFile);
//Check Image Type
if (!in_array($type, [IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_JPEG2000, IMAGETYPE_PNG])) {
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_INVALID_PHOTO_TYPE)];
}
if ($width * $height > MAX_IMAGE_WIDTH * MAX_IMAGE_HEIGHT) {
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_PHOTO_MAX_SIZE_ERROR)];
} else {
$targetFileName = md5(uniqid()) . "." . $fileParts['extension'];
$targetFile = $targetPath . '/' . $targetFileName;
move_uploaded_file($tempFile, $targetFile);
$data['file'] = $targetFileName;
}
} else {
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_INVALID_PHOTO_TYPE)];
}
}
if (BuckysPost::savePost($userID, $data)) {
//Success
$message = buckys_get_pure_messages();
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS', 'MESSAGE' => $message]];
} else {
$error = buckys_get_pure_messages();
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result($error)];
}
}
<?php
require dirname(__FILE__) . '/includes/bootstrap.php';
if (!($userID = buckys_is_logged_in())) {
buckys_redirect('/index.php', MSG_NOT_LOGGED_IN_USER, MSG_TYPE_ERROR);
}
//Action Process
if (isset($_POST['action']) && $_POST['action'] == 'submit-post') {
//Save Post
BuckysPost::savePost($userID, $_POST);
if (isset($_POST['pageID']) && is_numeric($_POST['pageID'])) {
buckys_redirect('/page.php?pid=' . $_POST['pageID']);
} else {
buckys_redirect('/account.php');
}
} else {
if (isset($_GET['action']) && $_GET['action'] == 'delete-post') {
//Delete Post
if ($userID != $_GET['userID'] || !BuckysPost::deletePost($userID, $_GET['postID'])) {
echo 'Invalid Request';
} else {
echo 'success';
}
exit;
} else {
if (isset($_GET['action']) && ($_GET['action'] == 'unlikePost' || $_GET['action'] == 'likePost')) {
$post = BuckysPost::getPostById($_GET['postID']);
if ($post['post_status'] != 1) {
render_result_xml(array('status' => 'error', 'message' => MSG_INVALID_REQUEST));
exit;
}
