case "uploadimage":
if ($_POST["coordinates"]) {
$coords = explode(",", $_POST["coordinates"]);
foreach ($coords as $coord) {
$tmp_coords[] = clean_input($coord, "int");
}
$PROCESSED["coordinates"] = implode(",", $tmp_coords);
}
if ($_POST["dimensions"]) {
$dimensions = explode(",", $_POST["dimensions"]);
foreach ($dimensions as $dimension) {
$tmp_dimensions[] = clean_input($dimension, "int");
}
$PROCESSED["dimensions"] = implode(",", $tmp_dimensions);
}
$filesize = moveImage($_FILES["image"]["tmp_name"], $ENTRADA_USER->getID(), $PROCESSED["coordinates"], $PROCESSED["dimensions"]);
if ($filesize) {
$PROCESSED_PHOTO["proxy_id"] = $ENTRADA_USER->getID();
$PROCESSED_PHOTO["photo_active"] = 1;
$PROCESSED_PHOTO["photo_type"] = 1;
$PROCESSED_PHOTO["updated_date"] = time();
$PROCESSED_PHOTO["photo_filesize"] = $filesize;
$query = "SELECT `photo_id` FROM `" . AUTH_DATABASE . "`.`user_photos` WHERE `proxy_id` = " . $db->qstr($ENTRADA_USER->getID());
$photo_id = $db->GetOne($query);
if ($photo_id) {
if ($db->AutoExecute("`" . AUTH_DATABASE . "`.`user_photos`", $PROCESSED_PHOTO, "UPDATE", "`photo_id` = " . $db->qstr($photo_id))) {
echo json_encode(array("status" => "success", "data" => webservice_url("photo", array($ENTRADA_USER->getID(), "upload")) . "/" . time()));
}
} else {
if ($db->AutoExecute("`" . AUTH_DATABASE . "`.`user_photos`", $PROCESSED_PHOTO, "INSERT")) {
echo json_encode(array("status" => "success", "data" => webservice_url("photo", array($ENTRADA_USER->getID(), "upload")) . "/" . time()));
} elseif (!isset($_SESSION["isAuthorized"]) || !$_SESSION["isAuthorized"]) {
header("Location: " . ENTRADA_URL);
exit;
} elseif (!$ENTRADA_ACL->amIAllowed("user", "update", false)) {
$ERROR++;
$ERRORSTR[] = "Your account does not have the permissions required to use this feature of this module.<br /><br />If you believe you are receiving this message in error please contact <a href=\"mailto:" . html_encode($AGENT_CONTACTS["administrator"]["email"]) . "\">" . html_encode($AGENT_CONTACTS["administrator"]["name"]) . "</a> for assistance.";
echo display_error();
application_log("error", "Group [" . $_SESSION["permissions"][$ENTRADA_USER->getAccessId()]["group"] . "] and role [" . $_SESSION["permissions"][$ENTRADA_USER->getAccessId()]["role"] . "] does not have access to this module [" . $MODULE . "]");
} else {
if ($PROXY_ID) {
$ajax_action = clean_input($_POST["ajax_action"], "alpha");
if (!empty($ajax_action)) {
ob_clear_open_buffers();
switch ($ajax_action) {
case "uploadimage":
$filesize = moveImage($_FILES["image"]["tmp_name"], $PROXY_ID, $_POST["coordinates"], $_POST["dimensions"]);
if ($filesize) {
$PROCESSED_PHOTO["proxy_id"] = $PROXY_ID;
$PROCESSED_PHOTO["photo_active"] = 1;
$PROCESSED_PHOTO["photo_type"] = 1;
$PROCESSED_PHOTO["updated_date"] = time();
$PROCESSED_PHOTO["photo_filesize"] = $filesize;
$query = "SELECT `photo_id` FROM `" . AUTH_DATABASE . "`.`user_photos` WHERE `proxy_id` = " . $db->qstr($PROXY_ID);
$photo_id = $db->GetOne($query);
if ($photo_id) {
if ($db->AutoExecute(AUTH_DATABASE . ".user_photos", $PROCESSED_PHOTO, "UPDATE", "`photo_id` = " . $db->qstr($photo_id))) {
echo json_encode(array("status" => "success", "data" => webservice_url("photo", array($PROXY_ID, "upload")) . "/" . time()));
}
} else {
if ($db->AutoExecute(AUTH_DATABASE . ".user_photos", $PROCESSED_PHOTO, "INSERT")) {
echo json_encode(array("status" => "success", "data" => webservice_url("photo", array($PROXY_ID, "upload")) . "/" . time()));
