Example #1
0
function main()
{
    if (isset($_FILES['picturefile']['name'])) {
        $referersplit = preg_split("/[?]/", $_SERVER['HTTP_REFERER']);
        $referer = $referersplit[0];
        try {
            if ($_FILES["picturefile"]["size"] > 5 * 1024 * 1024 || $_FILES['picturefile']['tmp_name'] == null) {
                throw new Exception('File too large!');
            } else {
                if (getContentType($_FILES['picturefile']['name']) == null) {
                    throw new Exception('File type not supported!');
                } else {
                    $filename = generateUniqueId() . "-" . $_FILES['picturefile']['name'];
                    $tmpName = $_FILES['picturefile']['tmp_name'];
                    $image = new SimpleImage();
                    $image->load($tmpName);
                    $imageWasResized = false;
                    if ($image->getHeight() > 1024) {
                        $image->resizeToHeight(1024);
                    }
                    if ($image->getWidth() > 1024) {
                        $image->resizeToWidth(1024);
                    }
                    $image->save($tmpName);
                    // Saving even if not resized, to reduce compression level of file
                    $fp = fopen($tmpName, 'r');
                    $content = fread($fp, filesize($tmpName));
                    fclose($fp);
                    updateOrInsertImage($filename, $content);
                }
            }
            header('Location: ' . $referer . "?uploadresult=true&filelocation=php/io.php?file=" . $filename);
            return true;
        } catch (Exception $e) {
            header('Location: ' . $referer . "?uploadresult=false&errormsg=" . $e->getMessage());
            return true;
        }
    }
    if (isset($_GET['id'])) {
        $slideshowId = $_GET['id'];
        $slideshowSrc = getSlideshow($slideshowId);
        $slideshow = array('id' => $slideshowId, 'src' => $slideshowSrc);
        sendJSONResponse(json_encode($slideshow));
        return true;
    }
    if (isset($_POST['id'], $_POST['key'], $_POST['src'])) {
        $slideshowId = $_POST['id'];
        $slideshowKey = $_POST['key'];
        $slideshowToSave = $_POST['src'];
        if (isCorrectKey($slideshowId, $slideshowKey)) {
            updateSlideshow($slideshowId, $slideshowToSave);
        } else {
            throw new Exception("ERROR key is wrong");
        }
        $result = array('id' => $slideshowId);
        sendJSONResponse(json_encode($result));
        return true;
    }
    if (isset($_POST['create'])) {
        $id = generateUniqueId();
        $key = generateRandomLegibleString();
        createEmptySlideshow($id, $key);
        $idAndKey = array('id' => $id, 'key' => $key);
        sendJSONResponse(json_encode($idAndKey));
        return true;
    }
    if (isset($_GET['file'])) {
        $imageId = $_GET['file'];
        $image = getImage($imageId);
        header("Content-type: " . getContentType($imageId));
        print $image;
        return true;
    }
    return false;
}
Example #2
0
function main()
{
    if (isset($_FILES['picturefile']['name'])) {
        $referersplit = preg_split("/[?]/", $_SERVER['HTTP_REFERER']);
        $referer = $referersplit[0];
        try {
            if ($_FILES["picturefile"]["size"] > 5 * 1024 * 1024) {
                throw new Exception('File too large!');
            } else {
                $filename = generateUniqueId() . "-" . $_FILES['picturefile']['name'];
                $filelocation = "uploaded_files/" . $filename;
                $uploadresult = move_uploaded_file($_FILES['picturefile']['tmp_name'], "../" . $filelocation);
                if (!$uploadresult) {
                    throw new Exception('Error when saving file!');
                }
                $image = new SimpleImage();
                $image->load("../" . $filelocation);
                $imageWasResized = false;
                if ($image->getHeight() > 1024) {
                    $image->resizeToHeight(1024);
                }
                if ($image->getWidth() > 1024) {
                    $image->resizeToWidth(1024);
                }
                $image->save("../" . $filelocation);
                // Saving even if not resized, to reduce compression level of file
            }
            header('Location: ' . $referer . "?uploadresult=true&filelocation=" . $filelocation);
            return true;
        } catch (Exception $e) {
            header('Location: ' . $referer . "?uploadresult=false&errormsg=" . $e->getMessage());
            return true;
        }
    }
    if (isset($_GET['id'])) {
        $slideshowId = $_GET['id'];
        $slideshowSrc = getSlideshow($slideshowId);
        $slideshow = array('id' => $slideshowId, 'src' => $slideshowSrc);
        sendJSONResponse(json_encode($slideshow));
        return true;
    }
    if (isset($_POST['id'], $_POST['key'], $_POST['src'])) {
        $slideshowId = $_POST['id'];
        $slideshowKey = $_POST['key'];
        $slideshowToSave = $_POST['src'];
        if (isCorrectKey($slideshowId, $slideshowKey)) {
            updateSlideshow($slideshowId, $slideshowToSave);
        } else {
            throw new Exception("ERROR key is wrong");
        }
        $result = array('id' => $slideshowId);
        sendJSONResponse(json_encode($result));
        return true;
    }
    if (isset($_POST['create'])) {
        $id = generateUniqueId();
        $key = generateRandomLegibleString();
        createEmptySlideshow($id, $key);
        $idAndKey = array('id' => $id, 'key' => $key);
        sendJSONResponse(json_encode($idAndKey));
        return true;
    }
    return false;
}
Example #3
0
        switch ($form['action']) {
            case 'login':
                doLogin($form);
                break;
            case "register":
                registerNewUser();
                break;
            case "getsecurityquestion":
                $question = getSecurityQuestion($form['username']);
                if ($question === false) {
                    sendJSONError($lang['forgot_password_no_question']);
                } else {
                    sendJSONResponse(array("question" => $question));
                }
                break;
            case "fetchpassword":
                $form['answer'] = $utils->getRequestVar('answer');
                $form['answer'] = $db->escape($form['answer']);
                $answer = getPassword($form['username'], $form['answer']);
                if ($answer === false) {
                    sendJSONError($lang['forgot_password_invalid_answer']);
                } else {
                    sendJSONResponse(array("password" => $answer));
                }
                break;
            default:
                buildView();
        }
        break;
}
exit(0);
Example #4
0
function registerNewUser()
{
    global $db, $utils, $lang, $configValues;
    // Check form values
    $formtype = 'request';
    // 'post';
    $postdata = array();
    $postdata['firstname'] = $utils->getRequestVar('firstname', $formtype);
    $postdata['lastname'] = $utils->getRequestVar('lastname', $formtype);
    $postdata['age'] = $utils->getRequestVar('age', $formtype, 'int');
    $postdata['gender'] = $utils->getRequestVar('gender', $formtype);
    $postdata['telephone'] = $utils->getRequestVar('telephone', $formtype);
    $postdata['email'] = $utils->getRequestVar('email', $formtype);
    $postdata['password'] = $utils->getRequestVar('password', $formtype);
    $postdata['question'] = $utils->getRequestVar('question', $formtype);
    $postdata['answer'] = $utils->getRequestVar('answer', $formtype);
    // Validate required fields
    $failedfields = array();
    if (strlen($postdata['firstname']) == 0) {
        $failedfields[] = $lang['firstname'];
    }
    if (strlen($postdata['lastname']) == 0) {
        $failedfields[] = $lang['lastname'];
    }
    if (strlen($postdata['email']) == 0 || !$utils->validateEmailAddress($postdata['email'])) {
        $failedfields[] = $lang['email'];
    }
    if (strlen($postdata['password']) == 0) {
        $failedfields[] = $lang['password'];
    }
    if (strlen($postdata['question']) == 0) {
        $failedfields[] = $lang['question'];
    }
    if (strlen($postdata['answer']) == 0) {
        $failedfields[] = $lang['answer'];
    }
    if (count($failedfields) > 0) {
        sendJSONError($lang['failed_fields'] . ': ' . implode(', ', $failedfields));
        exit(0);
    }
    // Validate unique email address
    if (!isUniqueUser($postdata['email'])) {
        sendJSONError($lang['not_unique_userid'], array("show_login" => true, "username" => $postdata['email']));
        exit(0);
    }
    // Escape values
    array_map(array($db, 'escape'), $postdata);
    /*
     * Create the new user
     */
    $error = false;
    $db->beginTrans();
    try {
        // Add user to radcheck table
        $fields = array('id', 'Username', 'Attribute', 'op', 'Value');
        $data = array(0, $postdata['email'], 'ClearText-Password', ':=', $postdata['password']);
        $db->insert($configValues['CONFIG_DB_TBL_RADCHECK'], $fields, $data);
        if (strlen($db->getLastError())) {
            throw new Exception('Error adding user to radcheck table: ' . $db->getLastError());
        }
        // Add user to radreply table
        $fields = array('id', 'Username', 'Attribute', 'op', 'Value');
        $data = array(0, $postdata['email'], 'Reply-Message', '=', $lang['welcome_title']);
        $db->insert($configValues['CONFIG_DB_TBL_RADREPLY'], $fields, $data);
        if (strlen($db->getLastError())) {
            throw new Exception('Error adding user to radreply table: ' . $db->getLastError());
        }
        // Add user to userinfo table
        $fields = array('username', 'firstname', 'lastname', 'age', 'gender', 'workphone', 'email', 'question', 'answer');
        $data = array($postdata['email'], $postdata['firstname'], $postdata['lastname'], $postdata['age'], $postdata['gender'], $postdata['telephone'], $postdata['email'], $postdata['question'], $postdata['answer']);
        $db->insert($configValues['CONFIG_DB_TBL_DALOUSERINFO'], $fields, $data);
        if (strlen($db->getLastError())) {
            throw new Exception('Error adding user to userinfo table: ' . $db->getLastError());
        }
        // Add user to the default group
        if (isset($configValues['CONFIG_GROUP_NAME']) && $configValues['CONFIG_GROUP_NAME'] != "") {
            $fields = array('UserName', 'GroupName', 'priority');
            $data = array($postdata['email'], $configValues['CONFIG_GROUP_NAME'], $configValues['CONFIG_GROUP_PRIORITY']);
            $db->insert($configValues['CONFIG_DB_TBL_RADUSERGROUP'], $fields, $data);
            if (strlen($db->getLastError())) {
                throw new Exception('Error adding user to default group: ' . $db->getLastError());
            }
        }
        // Success - commit changes
        $db->commitTrans();
    } catch (Exception $e) {
        // Reverse the transaction
        if ($db->getInTrans()) {
            $db->rollbackTrans();
        }
        $error = $e->getMessage();
    }
    $db->disconnect();
    // Send response back to callee
    $response = array("username" => $postdata['email'], "password" => $postdata['password']);
    if (DEV_DEBUG) {
        $response['debug'] = $postdata;
    }
    if ($error) {
        sendJSONError($error);
    } else {
        sendJSONResponse($response);
    }
    exit;
}