$return['errorText'][$name] = 'unauthorised to change project ' . $project; } else { if (!in_array($ext, $allowed_ext)) { $return['error'] = true; $return['errorText'][$name] = 'exists, extension undeleteable'; } else { $file = IMAGEBASEDIR . $name; $db_name = $name; $path = pathinfo($file); $destination = check_file_duplicate(IMAGEBASEDIR . $project . "/.trash/" . $path['filename'] . '.' . $path['extension']); $return['dest'][] = $destination; if (!file_exists($file)) { $return['error'] = true; $return['errorText'][$db_name] = 'does not exist'; } else { if (!underPath($file)) { $return['error'] = true; $return['errorText'][$db_name] = 'is not in your image path'; } else { if (!rename($file, $destination)) { $return['error'] = true; $return['errorText'][$db_name] = 'could not be deleted'; } else { if ($ext == 'jpg') { // delete database entry if it is an image //$q = new myQuery("SELECT id FROM img WHERE name='{$db_name}'"); //$id = $q->get_one(); $q = new myQuery("DELETE FROM img WHERE name='{$db_name}'"); if ($q->get_affected_rows() != 1) { //$return['error'] = true; $return['errorText'][$db_name] = 'deleted (not from db)';
<?php // access a file in a user's directory require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php'; auth(); $file = IMAGEBASEDIR . $_GET['file']; preg_match("/^\\d{1,11}\\//", $_GET['file'], $project); $project = str_replace('/', '', $project[0]); $user = $_SESSION['user_id']; // apply your logic here $userCanDownloadThisFile = in_array($project, $_SESSION['projects']); if (file_exists($file) && $userCanDownloadThisFile && underPath($file)) { $ext = pathinfo($file, PATHINFO_EXTENSION); if (array_key_exists('thumb', $_GET) && in_array($ext, array('jpg', 'gif', 'png')) && filesize($file) > 5000) { header('Content-Type: image/jpeg'); if ($ext == 'jpg') { echo exif_thumbnail($file); } else { if ($ext == 'png' || $ext == 'gif') { $img = $ext == 'png' ? imagecreatefrompng($file) : imagecreatefromgif($file); $width = imagesx($img); $height = imagesy($img); $new_height = 100; $new_width = $width * $new_height / $height; $thumb_img = imagecreatetruecolor($new_width, $new_height); imagecopyresampled($thumb_img, $img, 0, 0, 0, 0, $new_width, $new_height, $width, $height); imagedestroy($img); imagejpeg($thumb_img); imagedestroy($thumb_img); } }