public function createAction() { global $TNB_GLOBALS; $data = $_POST; $token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null; if (!$token) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')]; } if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')]; } $data['type'] = $data['post_type']; if ($data['type'] == 'image') { //Upload photo if it is image type $tempFile = $_FILES['image']['tmp_name']; $targetPath = DIR_FS_PHOTO . "tmp"; if (!is_dir($targetPath)) { mkdir($targetPath, 0777); //Create Index file $fp = fopen($targetPath . "/index.html", "w"); fclose($fp); } // Validate the file type $fileParts = pathinfo($_FILES['image']['name']); //Check the file extension if (in_array(strtolower($fileParts['extension']), $TNB_GLOBALS['imageTypes'])) { //Check Image Size list($width, $height, $type, $attr) = getimagesize($tempFile); //Check Image Type if (!in_array($type, [IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_JPEG2000, IMAGETYPE_PNG])) { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_INVALID_PHOTO_TYPE)]; } if ($width * $height > MAX_IMAGE_WIDTH * MAX_IMAGE_HEIGHT) { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_PHOTO_MAX_SIZE_ERROR)]; } else { $targetFileName = md5(uniqid()) . "." . $fileParts['extension']; $targetFile = $targetPath . '/' . $targetFileName; move_uploaded_file($tempFile, $targetFile); $data['file'] = $targetFileName; } } else { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_INVALID_PHOTO_TYPE)]; } } if (BuckysPost::savePost($userID, $data)) { //Success $message = buckys_get_pure_messages(); return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS', 'MESSAGE' => $message]]; } else { $error = buckys_get_pure_messages(); return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result($error)]; } }
<?php require dirname(__FILE__) . '/includes/bootstrap.php'; if (!($userID = buckys_is_logged_in())) { buckys_redirect('/index.php', MSG_NOT_LOGGED_IN_USER, MSG_TYPE_ERROR); } //Action Process if (isset($_POST['action']) && $_POST['action'] == 'submit-post') { //Save Post BuckysPost::savePost($userID, $_POST); if (isset($_POST['pageID']) && is_numeric($_POST['pageID'])) { buckys_redirect('/page.php?pid=' . $_POST['pageID']); } else { buckys_redirect('/account.php'); } } else { if (isset($_GET['action']) && $_GET['action'] == 'delete-post') { //Delete Post if ($userID != $_GET['userID'] || !BuckysPost::deletePost($userID, $_GET['postID'])) { echo 'Invalid Request'; } else { echo 'success'; } exit; } else { if (isset($_GET['action']) && ($_GET['action'] == 'unlikePost' || $_GET['action'] == 'likePost')) { $post = BuckysPost::getPostById($_GET['postID']); if ($post['post_status'] != 1) { render_result_xml(array('status' => 'error', 'message' => MSG_INVALID_REQUEST)); exit; }