$RENDENGINE->render(new Text("Sorry. One of more of the fields were not filled out!")); exit; } $SANTIZER = new InputSanitizer($_POST); //Will think of better sanitize flags. Will add validation steps as well. Remember to santize avatar as well. $SANTIZER->addFilter("firstname", FILTER_SANITIZE_STRING); $SANTIZER->addFilter("lastname", FILTER_SANITIZE_STRING); $SANTIZER->addFilter("haircolor", FILTER_SANITIZE_STRING); $SANTIZER->addFilter("eyecolor", FILTER_SANITIZE_STRING); $SANTIZER->addFilter("height", FILTER_SANITIZE_NUMBER_INT); $SANTIZER->addFilter("weight", FILTER_SANITIZE_NUMBER_INT); $SANTIZER->addFilter("bustsize", FILTER_SANITIZE_NUMBER_INT); $SANTIZER->addFilter("hipsize", FILTER_SANITIZE_NUMBER_INT); $SANTIZER->addFilter("waistsize", FILTER_SANITIZE_NUMBER_INT); $SANTIZER->addFilter("bodytype", FILTER_SANITIZE_STRING); $SANTIZER->addFilter("personality", FILTER_SANITIZE_STRING); $SANTIZER->addFilter("description", FILTER_SANITIZE_STRING); $sant_array = $SANTIZER->filter(); $connection = $DB->connect(); /*Error handling?*/ $char_ava = new CharacterAvatar($avatar_img); $thumb = new ThumbNail($avatar_img); $avatar_name = md5(implode("", $sant_array)); //Hash all values. Assuming values will be "unique enough" $avatar_path = $char_ava->createImage($avatar_name); $thumb_path = $thumb->createImage($avatar_name); //Make the character thumbnail as well. $sant_array[] = $avatar_path; $sant_array[] = $thumb_path; (new sqlDBExecute($connection, "INSERT into CHARACTER VALUES(nextval('Character_CharacterID_seq'),\$1,\$2,\$3,\$4,\$5,\$6,\$7,\$8,\$9,\$10,\$11,\$12,\$13,\$14)", $sant_array))->execute(); }
die($files->getMessage()); } $success = ""; $uid = $_POST['uid']; $smarty->assign("action", "upload.php?pre=" . $_POST['uid']); $userPic = new Pics(); foreach ($files as $file) { //print_r($file->getProp()); if ($file->isValid()) { $smarty->assign("uid", $uid); $filePre = $_GET['pre']; $file->setName('uniq'); $destDir = './images/'; $destName = $file->moveTo($destDir); $realName = $file->getProp('real'); $userPic->insertToUP($filePre, $destName); /*resize the pictures*/ $resize = new ThumbNail($destDir . $destName); $resize->build($destName); $success = $success . "*Uploaded file {$realName} <br>"; } } $smarty->assign("success", $success); /* if ($files->isMissing()) { $smarty->assign("error","No file selected <br>"); } if ($files->isError()) { $smarty->assign("error",$file->errorMsg()."<br>"); } */