if (empty($_FILES['Filedata']['name'])) { return false; } $sess_id = cmsCore::request('sess_id', 'str'); if (!$sess_id) { header("HTTP/1.1 500 File Upload Error"); exit(0); } session_id($sess_id); session_start(); $user_id = (int) $_SESSION['user']['id']; if (!$user_id) { header("HTTP/1.1 500 Internal Server Error"); exit(0); } if ($model->config['photosize'] > 0 && $model->getUserPhotoCount($user_id) >= $model->config['photosize'] && !$inUser->is_admin) { header("HTTP/1.1 500 Internal Server Error"); exit(0); } include_once PATH . '/includes/graphic.inc.php'; $uploaddir = PATH . '/images/users/photos/'; $realfile = $inDB->escape_string($_FILES['Filedata']['name']); $path_parts = pathinfo($realfile); $ext = mb_strtolower($path_parts['extension']); if (!$ext || !in_array($ext, array('jpg', 'jpeg', 'gif', 'png', 'bmp'))) { exit(0); } $lid = $inDB->get_fields('cms_user_photos', ' id > 0 ', 'id', 'id DESC'); $lastid = $lid['id'] + 1; $filename = md5($lastid . $realfile) . '.' . $ext; $uploadphoto = $uploaddir . $filename;