public function saveFile($ajaxDeleteUrl) { if (isset($_POST['send'])) { //ArtikelID? if (isset($_POST['articleID'])) { $articleID = trim(htmlentities($_POST['articleID'], ENT_QUOTES, "UTF-8")); } else { die("1"); } if (isset($_FILES['file']) && !$_FILES['file']['error']) { $mime = $_FILES['file']['type']; $mimetypes = array("image/gif" => "gif", "image/jpeg" => "jpeg", "image/png" => "png", "video/mp4" => "mp4", "video/ogg" => "ogg"); if (!isset($mimetypes[$mime])) { die("2"); } else { $suffix = $mimetypes[$mime]; } $filename = trim(htmlentities($filename, ENT_QUOTES, "UTF-8")); $filename = basename($_FILES['file']['name']); $filename = str_replace(" ", "_", $filename); $filename = preg_replace("/\\.(jpe?g|gif|png|mp4|ogg)\$/i", "", $filename); $filename = $filename . ".{$suffix}"; $filename = $GLOBALS['DB']->escapeString($filename); if (!file_exists("articlefiles/{$articleID}")) { mkdir("articlefiles/{$articleID}"); } $dir = "articlefiles/{$articleID}/{$filename}"; if (strlen($dir) > 250) { die("3"); } if (file_exists($dir)) { die("4"); } // Prüfung nach filesize -- max 20 MB Video if ($_FILES['file']['size'] > 20971520) { die("5"); } // Prüfung ob Bilder nicht mehr als 1 MB if ($mime == "image/gif" || $mime == "image/jpeg" || $mime == "image/png") { if ($_FILES['file']['size'] > 1048576) { die("6"); } } // Prüfung es dürfen nur 3 Bild und 1 Videodatei hochgeladen werden. $getPics = $GLOBALS['DB']->query("SELECT * FROM articlefiles WHERE articleID = '{$articleID}' AND fileType = 'image' ", true); $getVideo = $GLOBALS['DB']->query("SELECT * FROM articlefiles WHERE articleID = '{$articleID}' AND fileType = 'video' ", true); if ($getPics->num_rows >= 3 && ($mime == "image/gif" || $mime == "image/jpeg" || $mime == "image/png")) { die("7"); } if ($getVideo->num_rows >= 1 && ($mime == "video/mp4" || $mime == "video/ogg")) { die("8"); } if ($mime == "image/gif" || $mime == "image/jpeg" || $mime == "image/png") { $fileType = 'image'; } else { $fileType = 'video'; } $write = $GLOBALS['DB']->query("INSERT INTO articlefiles (fileSource, articleID, fileType) VALUES ('{$dir}', '{$articleID}', '{$fileType}') "); // das eigentliche Speichern if ($write == true) { if (move_uploaded_file($_FILES['file']['tmp_name'], $dir)) { $idname = System\Helper::generateRandomIDName(); //Ajax Rückgabe für img if ($mime == "image/gif" || $mime == "image/jpeg" || $mime == "image/png") { echo "<div class='row'><div id='{$idname}'><img class='artfileimg' src='" . PROJECT_HTTP_ROOT . "/scripts/article/{$dir}'><button class='delfilebtn' id='delete{$idname}'><i class='icon-remove'></i></button></div></div> \r\n <script> \$('#delete{$idname}').click(function(){\r\n fileUrl = '{$dir}'; articleID = '{$articleID}'; \$.ajax ({type: 'POST', url: '{$ajaxDeleteUrl}', data: {'fileUrl' : fileUrl, 'articleID' : articleID}, \r\n success: function(data){ if(data == 'true'){ \$('#{$idname}').remove(); } } }); return false; }); </script>"; } else { echo "<div class='row'><div id='{$idname}' style='height: 160px;'><video controls class='artfilesvid'><source src='" . PROJECT_HTTP_ROOT . "/scripts/article/{$dir}' type='video/ogg' /><source src='" . PROJECT_HTTP_ROOT . "/scripts/{$dir}' type='video/mp4' />\r\n Ihr Browser unterstützt keine HTML Videotags.</video><button class='delfilevidbtn' id='delete{$idname}'><i class='icon-remove'></i></button></div> </div> \r\n <script> \$('#delete{$idname}').click(function(){\r\n fileUrl = '{$dir}'; articleID = '{$articleID}'; \$.ajax ({type: 'POST', url: '{$ajaxDeleteUrl}', data: {'fileUrl' : fileUrl, 'articleID' : articleID}, \r\n success: function(data){ if(data == 'true'){ \$('#{$idname}').remove(); } } }); return false; }); </script>"; } } else { die("9"); } } else { die("9"); } } } }