$photo_title = trim($_POST['photo_title']); $photo_description = $_POST['photo_description']; $photo_approved = $_POST['photo_approved']; $photo->_dbo->photo_title = $photo_title; $photo->_dbo->photo_description = $photo_description; $photo->_cids = array(); if (!empty($_POST['photo_cids'])) $photo->_cids = $_POST['photo_cids']; $approve = false; if (empty($photo->_dbo->photo_approved) && Permissions::checkPerm("approve_photos") && $photo_approved) { $approve = true; } $photo->update(); if ($approve) $photo->approve(); if (!empty($ref)) header("Location: " . $ref); $pane = new HTML_MessagePane("upd", "Zdjêcie zapisane", "", "a_ok_pane", "a_ok_pane_hdr"); $pane->show(); } catch (Exception2 $e) { $pane = new HTML_MessagePane("upd", $e->getMessage(), $e->getDescription(), "a_fail_pane", "a_fail_pane_hdr"); $pane->show(); } }
public function create($data, $filename, $visibility) { if ($data == '') { // attempt to overcome PHP bug that causes // the HTTP POST value to be empty // it seems that PHP is trying to urldecode the // raw HTTP POST string, but for big enough values // this causes a memory overflow and the data // item remains unset // Here we process the php://input stream directly. $vars = explode('&', file_get_contents('php://input')); foreach ($vars as $var) { $vardata = explode('=', $var); $key = $vardata[0]; $value = $vardata[1]; if ($key == 'data') { $data = urldecode($value); break; } } } if (!isset($_SESSION['user'])) { throw new Exception('Not authorized.'); } if ($data == '') { echo "Data provided is empty. Dumping {$_POST} variable.\n"; var_dump($_POST); throw new Exception('Data provided is empty.'); } $filename = strtolower($filename); $extension = substr($filename, strrpos($filename, '.') + 1); switch ($extension) { case 'jpg': case 'gif': case 'png': break; default: throw new Exception('Unrecognized image type. Expected "jpg", "gif", or "png", but got "' . $extension . '".'); } switch ($visibility) { case 'public': case 'private': break; default: throw new Exception('Invalid visibility; expected "public" or "private", but got "' . $visibility . '"'); } $data = base64_decode($data); if ($data === false) { throw new Exception('Invalid data supplied: data is not base64-encoded.'); } $im = @imagecreatefromstring($data); if ($im !== false) { $width = imagesx($im); $height = imagesy($im); } else { echo 'Warning: We believe this is not a valid image file, but we\'re uploading it anyway.'; $width = 0; $height = 0; } $result = Photo::create($filename, $extension, strlen($data), $_SESSION['user']['id'], $width, $height); $id = $result['id']; $filename = $result['filename']; $uploadfile = 'uploads/' . $filename; if (file_exists($uploadfile)) { throw new Exception('File already exists.'); } file_put_contents($uploadfile, $data); $taken = Photo::timeFromFile($uploadfile); Photo::update($id, $taken); echo 'File uploaded successfully.'; Post::create($filename, $_SESSION['user']['id'], 'photo', $visibility, $taken); }
echo "ERROR"; } } else { echo "ERROR"; } } else { if ($_POST['op'] == "edit") { if ($contest->status === STATUS_OPEN) { $photo = Photo::loadPhotoId($_POST['photoId']); if ($photo->contestId == $contestId) { $photo = new Photo(); // para no sobreescribir fechas $photo->photoId = $_POST['photoId']; $photo->title = $_POST['title']; $photo->description = $_POST['description']; if ($photo->update()) { echo "OK"; } else { echo "ERROR"; } } else { echo _("ERROR: This photo doesn't belong to the contest"); } } else { echo _("ERROR: Not allowed to edit because of the contest status"); } } else { if ($_POST['op'] == "vote") { if ($contest->status === STATUS_VOTING) { if ($userId == $_POST['user_id']) { if ($contest->vote($userId, $_POST['photo_id'], $_POST['rating'])) {