if (empty($_FILES['Filedata']['name'])) {
return false;
}
$sess_id = cmsCore::request('sess_id', 'str');
if (!$sess_id) {
header("HTTP/1.1 500 File Upload Error");
exit(0);
}
session_id($sess_id);
session_start();
$user_id = (int) $_SESSION['user']['id'];
if (!$user_id) {
header("HTTP/1.1 500 Internal Server Error");
exit(0);
}
if ($model->config['photosize'] > 0 && $model->getUserPhotoCount($user_id) >= $model->config['photosize'] && !$inUser->is_admin) {
header("HTTP/1.1 500 Internal Server Error");
exit(0);
}
include_once PATH . '/includes/graphic.inc.php';
$uploaddir = PATH . '/images/users/photos/';
$realfile = $inDB->escape_string($_FILES['Filedata']['name']);
$path_parts = pathinfo($realfile);
$ext = mb_strtolower($path_parts['extension']);
if (!$ext || !in_array($ext, array('jpg', 'jpeg', 'gif', 'png', 'bmp'))) {
exit(0);
}
$lid = $inDB->get_fields('cms_user_photos', ' id > 0 ', 'id', 'id DESC');
$lastid = $lid['id'] + 1;
$filename = md5($lastid . $realfile) . '.' . $ext;
$uploadphoto = $uploaddir . $filename;
