# Rotating if we need to rotate $tmpimg->image = imagerotate($tmpimg->image, 360 - $rotate, imageColorAllocateAlpha($tmpimg->image, 0, 0, 0, 127)); # Adding to our main image $img->draw($tmpimg->image, $y . ' ' . $x . ' ' . $width . ' ' . $height); } # Making sure we have our open directories $parent_id = 0; $path = '/'; $dir = explode('/', $_JPOST->dir); for ($i = 1, $directories = count($dir); $i < $directories; $i++) { # Checking to see if our path exists $name = $dir[$i]; $query = "\tSELECT\n\t\t\t\t\t*\n\t\t\t\tFROM \n\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t\t`environment`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t\t`path`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $path) . "' AND\n\t\t\t\t\t`name`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, str_replace(str_split(NQ_INVALID_PATH_CHARS), '', $name)) . "'\n\t\t\t\tLIMIT 1"; $directory_data = mysqli_single_result_query($G_STORAGE_CONTROLLER_DBLINK, $query); # If we aren't allowed we exit check_directory_blacklisted($G_CONTROLLER_DBLINK, $G_TOKEN_DATA['id'], $G_TOKEN_SESSION_DATA, $directory_data['path'] . $directory_data['name']); # If it doesn't we add it if (empty($directory_data)) { # Updating our parent $query = "\tUPDATE \n\t\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\t\tSET\n\t\t\t\t\t\t`directories`=`directories`+1\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`id`=" . (int) $parent_id . "\n\t\t\t\t\tLIMIT 1"; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # Adding our directory $query = "\tINSERT INTO \n\t\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\t\tSET\n\t\t\t\t\t\t`app_id`\t\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t\t`enviroment`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t\t\t`name`\t\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, str_replace(str_split(NQ_INVALID_PATH_CHARS), '', $name)) . "',\n\t\t\t\t\t\t`path`\t\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $path) . "',\n\t\t\t\t\t\t`created`\t\t=NOW(),\n\t\t\t\t\t\t`parent_directory_id`\t=" . (int) $parent_id; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); $parent_id = mysqli_insert_id($G_STORAGE_CONTROLLER_DBLINK); } else { $parent_id = $directory_data['id']; } # Adding to our path $path .= str_replace(str_split(NQ_INVALID_PATH_CHARS), '', $name) . '/'; }
define('PUBLIC_ENDPOINT', false); // Can anyone can access this endpoint define('INCLUDE_IMAGE_CLASS', true); // Are you going to be using the image class # Including our configuration require_once __DIR__ . '/_includes/config.php'; require_once __DIR__ . '/_includes/validate-app.php'; # Handling our global json parsing $_JPOST = PostParser::decode(); # Getting our directory $G_PATH_DATA = parse_path($_JPOST->dir, $_ENDPOINT, $G_TOKEN_SESSION_DATA); $query = "\tSELECT\n\t\t\t\t*\n\t\t\tFROM\n\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t`path`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, urldecode($G_PATH_DATA->dir)) . "' AND\n\t\t\t\t`name`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, urldecode($G_PATH_DATA->name)) . "'\n\t\t\tLIMIT 1"; $G_DIRECTORY_DATA = mysqli_single_result_query($G_STORAGE_CONTROLLER_DBLINK, $query); # Checking to see if we are blacklisted $tid = isset($G_TOKEN_DATA['id']) ? $G_TOKEN_DATA['id'] : 0; check_directory_blacklisted($G_CONTROLLER_DBLINK, $tid, $G_TOKEN_SESSION_DATA, $G_DIRECTORY_DATA['path'] . $G_DIRECTORY_DATA['name'], true); # Getting our live file $query = "\tSELECT\n\t\t\t\t*\n\t\t\tFROM\n\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\tWHERE \n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . " AND\n\t\t\t\t`environment`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "' AND\n\t\t\t\t`directory_id`\t=" . (int) $G_DIRECTORY_DATA['id'] . " AND\n\t\t\t\t`name`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $_JPOST->name) . "'\n\t\t\tLIMIT 1"; $current_file_data = mysqli_single_result_query($G_STORAGE_CONTROLLER_DBLINK, $query); # Invalid file to modify if (!isset($current_file_data['id'])) { exit_fail(NQ_ERROR_INVALID_VALUE, LANG_INVALID_FILE); } # Getting our server where we the image is stored $query = "\tSELECT\n\t\t\t\t*\n\t\t\tFROM\n\t\t\t\t" . NQ_SERVERS_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`id`=" . (int) $current_file_data['host_id'] . "\n\t\t\tLIMIT 1"; $G_SERVER_DATA = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # Combining our host properties into our path $G_SERVER_HOST = NQ_FILE_STORAGE_PROTOCOL . $G_SERVER_DATA['username'] . NQ_FILE_STORAGE_CRED_SEPARATOR . $G_SERVER_DATA['password'] . NQ_FILE_STORAGE_HOST_SEPARATOR . $G_SERVER_DATA['host'] . $G_SERVER_DATA['path']; # Loading the image $img = new Image(); $img->load($G_SERVER_HOST . $current_file_data['filepath']);