// extract picture information
$action = $_POST['action'];
$from = $_POST['from'];
$md5_id = $_POST['md5_id'];
$title = $_POST['title'];
$category = $_POST['category'];
$desc = $_POST['desc'];
if ($action != "update" && $action != "delete") {
Util::log_and_die("Bad Request: unknown action: " . $action);
}
// file id check
if (!$md5_id) {
Util::log_and_die("Bad Request: file's md5 id is missing");
}
// perform task depending on notification type
FileDB::init();
if ($action == "update") {
$success = FileDB::update_record($md5_id, $title, $category, $desc);
if (!$success) {
Util::log_and_die("Server error: file info update failed");
}
Util::log_and_echo("Request processed: file info updated successfully");
} elseif ($action == "delete") {
$file_path = FileDB::get_file_path($md5_id);
$success = unlink($file_path);
if (!$success) {
Util::log_and_die("Server error: file deletion failed");
}
Util::log_and_echo("Request processed: file deleted successfully");
}
FileDB::close();
FileDB::init();
// duplication check
if (FileDB::check_duplicate($md5_id)) {
Util::log_and_die("Bad client upload request: duplicated file for " . $md5_id);
}
// type and size check
$type = strtolower(pathinfo($file["name"], PATHINFO_EXTENSION));
$size = $_FILES['file']['size'];
if ($size > MAXSIZE) {
Util::log_and_die("Bad client upload request: file exceed size limit(" . MAXSIZE . "kb)");
} elseif (!in_array($type, $allowed_types)) {
Util::log_and_die("Bad client upload request: unacceptable file format");
}
// build upload path
$upload_dir = "uploads/";
$ext = $type;
$upload_path = $upload_dir . $md5_id . "." . $ext;
// save the uploaded file to filesystem and add record to database
$success = move_uploaded_file($file["tmp_name"], $upload_path) && FileDB::insert_record($upload_path, $from, $md5_id, $title, $category, $desc);
if ($success) {
} else {
Util::log_and_die("Server error: upload failed");
}
FileDB::close();
Util::log_and_echo("Request processed: file uploaded successfully");
// send the new file to peer servers
$success = send_to_peers($upload_path, $md5_id, $title, $category, $desc);
if (!$success) {
Util::log("Response from peers: at least one peer didn't get the file");
}
Util::log("Response from peers: all peers received the file successfully!");
public static function delete_record($md5_id)
{
// clean user input to avoid sql injection
// $md5_id = mysqli_escape_string($md5_id);
$sql = 'DELETE FROM pictures ' . 'WHERE id = "' . $md5_id . '";';
$success = mysql_query($sql, self::$conn);
if (!$success) {
Util::log_and_echo('delete error: ' . mysql_error());
}
return $success;
}
