function handleJSON_changeImageProfile($smarty, $module_name) { global $arrConf; Header('Content-Type: application/json'); $arrCredentials = getUserCredentials($_SESSION['elastix_user']); $pDB = new paloDB($arrConf['elastix_dsn']["elastix"]); $pACL = new paloACL($pDB); $jsonObject = new PaloSantoJSON(); $idUser = $arrCredentials['idUser']; foreach ($_FILES['picture']['error'] as $key => $error) { if ($error == UPLOAD_ERR_OK) { $pictureUpload = $_FILES['picture']['name'][$key]; if (!preg_match("/^(\\w|-|\\.|\\(|\\)|\\s)+\\.(png|PNG|JPG|jpg|JPEG|jpeg)\$/", $pictureUpload)) { $jsonObject->set_error(_tr("Invalid file extension.- It must be png or jpg or jpeg")); return $jsonObject->createJSON(); } elseif (preg_match("/(\\.php)/", $pictureUpload)) { $jsonObject->set_error(_tr("Possible file upload attack.")); return $jsonObject->createJSON(); } else { if (is_uploaded_file($_FILES['picture']['tmp_name'][$key])) { $ancho = 159; $alto = 159; redimensionarImagen($_FILES['picture']['tmp_name'][$key], $_FILES['picture']['tmp_name'][$key], $ancho, $alto); $picture_type = $_FILES['picture']['type'][$key]; $picture_content = file_get_contents($_FILES['picture']['tmp_name'][$key]); $Exito = $pACL->setUserPicture($idUser, $picture_type, $picture_content); if ($Exito === false) { $jsonObject->set_error(_tr("Image couldn't be upload.")); return $jsonObject->createJSON(); } } else { $jsonObject->set_error(_tr("Possible file upload attack. Filename") . " : " . $pictureUpload); return $jsonObject->createJSON(); } } $url = "index.php?menu=_elastixutils&action=getImage&ID={$idUser}&rawmode=yes"; $jsonObject->set_message($url); return $jsonObject->createJSON(); } } return $jsonObject->createJSON(); }
function uploadImage($idUser, $pDB, &$error) { $pACL = new paloACL($pDB); $pictureUpload = $_FILES['picture']['name']; $Exito = false; //valido el tipo de archivo // \w cualquier caracter, letra o guion bajo // \s cualquier espacio en blanco if (!preg_match("/^(\\w|-|\\.|\\(|\\)|\\s)+\\.(png|PNG|JPG|jpg|JPEG|jpeg)\$/", $pictureUpload)) { $error = _tr("Invalid file extension.- It must be png or jpg or jpeg"); } elseif (preg_match("/(\\.php)/", $pictureUpload)) { $error = _tr("Possible file upload attack."); } else { if (is_uploaded_file($_FILES['picture']['tmp_name'])) { $ancho = 240; $alto = 200; redimensionarImagen($_FILES['picture']['tmp_name'], $_FILES['picture']['tmp_name'], $ancho, $alto); $picture_type = $_FILES['picture']['type']; $picture_content = file_get_contents($_FILES['picture']['tmp_name']); $Exito = $pACL->setUserPicture($idUser, $picture_type, $picture_content); if ($Exito === false) { $error = "Image couldn't be upload"; } } else { $error = _tr("Possible file upload attack. Filename") . " : " . $pictureUpload; } } return $Exito; }