function main()
{
if (isset($_FILES['picturefile']['name'])) {
$referersplit = preg_split("/[?]/", $_SERVER['HTTP_REFERER']);
$referer = $referersplit[0];
try {
if ($_FILES["picturefile"]["size"] > 5 * 1024 * 1024 || $_FILES['picturefile']['tmp_name'] == null) {
throw new Exception('File too large!');
} else {
if (getContentType($_FILES['picturefile']['name']) == null) {
throw new Exception('File type not supported!');
} else {
$filename = generateUniqueId() . "-" . $_FILES['picturefile']['name'];
$tmpName = $_FILES['picturefile']['tmp_name'];
$image = new SimpleImage();
$image->load($tmpName);
$imageWasResized = false;
if ($image->getHeight() > 1024) {
$image->resizeToHeight(1024);
}
if ($image->getWidth() > 1024) {
$image->resizeToWidth(1024);
}
$image->save($tmpName);
// Saving even if not resized, to reduce compression level of file
$fp = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
fclose($fp);
updateOrInsertImage($filename, $content);
}
}
header('Location: ' . $referer . "?uploadresult=true&filelocation=php/io.php?file=" . $filename);
return true;
} catch (Exception $e) {
header('Location: ' . $referer . "?uploadresult=false&errormsg=" . $e->getMessage());
return true;
}
}
if (isset($_GET['id'])) {
$slideshowId = $_GET['id'];
$slideshowSrc = getSlideshow($slideshowId);
$slideshow = array('id' => $slideshowId, 'src' => $slideshowSrc);
sendJSONResponse(json_encode($slideshow));
return true;
}
if (isset($_POST['id'], $_POST['key'], $_POST['src'])) {
$slideshowId = $_POST['id'];
$slideshowKey = $_POST['key'];
$slideshowToSave = $_POST['src'];
if (isCorrectKey($slideshowId, $slideshowKey)) {
updateSlideshow($slideshowId, $slideshowToSave);
} else {
throw new Exception("ERROR key is wrong");
}
$result = array('id' => $slideshowId);
sendJSONResponse(json_encode($result));
return true;
}
if (isset($_POST['create'])) {
$id = generateUniqueId();
$key = generateRandomLegibleString();
createEmptySlideshow($id, $key);
$idAndKey = array('id' => $id, 'key' => $key);
sendJSONResponse(json_encode($idAndKey));
return true;
}
if (isset($_GET['file'])) {
$imageId = $_GET['file'];
$image = getImage($imageId);
header("Content-type: " . getContentType($imageId));
print $image;
return true;
}
return false;
}
function main()
{
if (isset($_FILES['picturefile']['name'])) {
$referersplit = preg_split("/[?]/", $_SERVER['HTTP_REFERER']);
$referer = $referersplit[0];
try {
if ($_FILES["picturefile"]["size"] > 5 * 1024 * 1024) {
throw new Exception('File too large!');
} else {
$filename = generateUniqueId() . "-" . $_FILES['picturefile']['name'];
$filelocation = "uploaded_files/" . $filename;
$uploadresult = move_uploaded_file($_FILES['picturefile']['tmp_name'], "../" . $filelocation);
if (!$uploadresult) {
throw new Exception('Error when saving file!');
}
$image = new SimpleImage();
$image->load("../" . $filelocation);
$imageWasResized = false;
if ($image->getHeight() > 1024) {
$image->resizeToHeight(1024);
}
if ($image->getWidth() > 1024) {
$image->resizeToWidth(1024);
}
$image->save("../" . $filelocation);
// Saving even if not resized, to reduce compression level of file
}
header('Location: ' . $referer . "?uploadresult=true&filelocation=" . $filelocation);
return true;
} catch (Exception $e) {
header('Location: ' . $referer . "?uploadresult=false&errormsg=" . $e->getMessage());
return true;
}
}
if (isset($_GET['id'])) {
$slideshowId = $_GET['id'];
$slideshowSrc = getSlideshow($slideshowId);
$slideshow = array('id' => $slideshowId, 'src' => $slideshowSrc);
sendJSONResponse(json_encode($slideshow));
return true;
}
if (isset($_POST['id'], $_POST['key'], $_POST['src'])) {
$slideshowId = $_POST['id'];
$slideshowKey = $_POST['key'];
$slideshowToSave = $_POST['src'];
if (isCorrectKey($slideshowId, $slideshowKey)) {
updateSlideshow($slideshowId, $slideshowToSave);
} else {
throw new Exception("ERROR key is wrong");
}
$result = array('id' => $slideshowId);
sendJSONResponse(json_encode($result));
return true;
}
if (isset($_POST['create'])) {
$id = generateUniqueId();
$key = generateRandomLegibleString();
createEmptySlideshow($id, $key);
$idAndKey = array('id' => $id, 'key' => $key);
sendJSONResponse(json_encode($idAndKey));
return true;
}
return false;
}
switch ($form['action']) {
case 'login':
doLogin($form);
break;
case "register":
registerNewUser();
break;
case "getsecurityquestion":
$question = getSecurityQuestion($form['username']);
if ($question === false) {
sendJSONError($lang['forgot_password_no_question']);
} else {
sendJSONResponse(array("question" => $question));
}
break;
case "fetchpassword":
$form['answer'] = $utils->getRequestVar('answer');
$form['answer'] = $db->escape($form['answer']);
$answer = getPassword($form['username'], $form['answer']);
if ($answer === false) {
sendJSONError($lang['forgot_password_invalid_answer']);
} else {
sendJSONResponse(array("password" => $answer));
}
break;
default:
buildView();
}
break;
}
exit(0);
function registerNewUser()
{
global $db, $utils, $lang, $configValues;
// Check form values
$formtype = 'request';
// 'post';
$postdata = array();
$postdata['firstname'] = $utils->getRequestVar('firstname', $formtype);
$postdata['lastname'] = $utils->getRequestVar('lastname', $formtype);
$postdata['age'] = $utils->getRequestVar('age', $formtype, 'int');
$postdata['gender'] = $utils->getRequestVar('gender', $formtype);
$postdata['telephone'] = $utils->getRequestVar('telephone', $formtype);
$postdata['email'] = $utils->getRequestVar('email', $formtype);
$postdata['password'] = $utils->getRequestVar('password', $formtype);
$postdata['question'] = $utils->getRequestVar('question', $formtype);
$postdata['answer'] = $utils->getRequestVar('answer', $formtype);
// Validate required fields
$failedfields = array();
if (strlen($postdata['firstname']) == 0) {
$failedfields[] = $lang['firstname'];
}
if (strlen($postdata['lastname']) == 0) {
$failedfields[] = $lang['lastname'];
}
if (strlen($postdata['email']) == 0 || !$utils->validateEmailAddress($postdata['email'])) {
$failedfields[] = $lang['email'];
}
if (strlen($postdata['password']) == 0) {
$failedfields[] = $lang['password'];
}
if (strlen($postdata['question']) == 0) {
$failedfields[] = $lang['question'];
}
if (strlen($postdata['answer']) == 0) {
$failedfields[] = $lang['answer'];
}
if (count($failedfields) > 0) {
sendJSONError($lang['failed_fields'] . ': ' . implode(', ', $failedfields));
exit(0);
}
// Validate unique email address
if (!isUniqueUser($postdata['email'])) {
sendJSONError($lang['not_unique_userid'], array("show_login" => true, "username" => $postdata['email']));
exit(0);
}
// Escape values
array_map(array($db, 'escape'), $postdata);
/*
* Create the new user
*/
$error = false;
$db->beginTrans();
try {
// Add user to radcheck table
$fields = array('id', 'Username', 'Attribute', 'op', 'Value');
$data = array(0, $postdata['email'], 'ClearText-Password', ':=', $postdata['password']);
$db->insert($configValues['CONFIG_DB_TBL_RADCHECK'], $fields, $data);
if (strlen($db->getLastError())) {
throw new Exception('Error adding user to radcheck table: ' . $db->getLastError());
}
// Add user to radreply table
$fields = array('id', 'Username', 'Attribute', 'op', 'Value');
$data = array(0, $postdata['email'], 'Reply-Message', '=', $lang['welcome_title']);
$db->insert($configValues['CONFIG_DB_TBL_RADREPLY'], $fields, $data);
if (strlen($db->getLastError())) {
throw new Exception('Error adding user to radreply table: ' . $db->getLastError());
}
// Add user to userinfo table
$fields = array('username', 'firstname', 'lastname', 'age', 'gender', 'workphone', 'email', 'question', 'answer');
$data = array($postdata['email'], $postdata['firstname'], $postdata['lastname'], $postdata['age'], $postdata['gender'], $postdata['telephone'], $postdata['email'], $postdata['question'], $postdata['answer']);
$db->insert($configValues['CONFIG_DB_TBL_DALOUSERINFO'], $fields, $data);
if (strlen($db->getLastError())) {
throw new Exception('Error adding user to userinfo table: ' . $db->getLastError());
}
// Add user to the default group
if (isset($configValues['CONFIG_GROUP_NAME']) && $configValues['CONFIG_GROUP_NAME'] != "") {
$fields = array('UserName', 'GroupName', 'priority');
$data = array($postdata['email'], $configValues['CONFIG_GROUP_NAME'], $configValues['CONFIG_GROUP_PRIORITY']);
$db->insert($configValues['CONFIG_DB_TBL_RADUSERGROUP'], $fields, $data);
if (strlen($db->getLastError())) {
throw new Exception('Error adding user to default group: ' . $db->getLastError());
}
}
// Success - commit changes
$db->commitTrans();
} catch (Exception $e) {
// Reverse the transaction
if ($db->getInTrans()) {
$db->rollbackTrans();
}
$error = $e->getMessage();
}
$db->disconnect();
// Send response back to callee
$response = array("username" => $postdata['email'], "password" => $postdata['password']);
if (DEV_DEBUG) {
$response['debug'] = $postdata;
}
if ($error) {
sendJSONError($error);
} else {
sendJSONResponse($response);
}
exit;
}
