case "uploadimage": if ($_POST["coordinates"]) { $coords = explode(",", $_POST["coordinates"]); foreach ($coords as $coord) { $tmp_coords[] = clean_input($coord, "int"); } $PROCESSED["coordinates"] = implode(",", $tmp_coords); } if ($_POST["dimensions"]) { $dimensions = explode(",", $_POST["dimensions"]); foreach ($dimensions as $dimension) { $tmp_dimensions[] = clean_input($dimension, "int"); } $PROCESSED["dimensions"] = implode(",", $tmp_dimensions); } $filesize = moveImage($_FILES["image"]["tmp_name"], $ENTRADA_USER->getID(), $PROCESSED["coordinates"], $PROCESSED["dimensions"]); if ($filesize) { $PROCESSED_PHOTO["proxy_id"] = $ENTRADA_USER->getID(); $PROCESSED_PHOTO["photo_active"] = 1; $PROCESSED_PHOTO["photo_type"] = 1; $PROCESSED_PHOTO["updated_date"] = time(); $PROCESSED_PHOTO["photo_filesize"] = $filesize; $query = "SELECT `photo_id` FROM `" . AUTH_DATABASE . "`.`user_photos` WHERE `proxy_id` = " . $db->qstr($ENTRADA_USER->getID()); $photo_id = $db->GetOne($query); if ($photo_id) { if ($db->AutoExecute("`" . AUTH_DATABASE . "`.`user_photos`", $PROCESSED_PHOTO, "UPDATE", "`photo_id` = " . $db->qstr($photo_id))) { echo json_encode(array("status" => "success", "data" => webservice_url("photo", array($ENTRADA_USER->getID(), "upload")) . "/" . time())); } } else { if ($db->AutoExecute("`" . AUTH_DATABASE . "`.`user_photos`", $PROCESSED_PHOTO, "INSERT")) { echo json_encode(array("status" => "success", "data" => webservice_url("photo", array($ENTRADA_USER->getID(), "upload")) . "/" . time()));
} elseif (!isset($_SESSION["isAuthorized"]) || !$_SESSION["isAuthorized"]) { header("Location: " . ENTRADA_URL); exit; } elseif (!$ENTRADA_ACL->amIAllowed("user", "update", false)) { $ERROR++; $ERRORSTR[] = "Your account does not have the permissions required to use this feature of this module.<br /><br />If you believe you are receiving this message in error please contact <a href=\"mailto:" . html_encode($AGENT_CONTACTS["administrator"]["email"]) . "\">" . html_encode($AGENT_CONTACTS["administrator"]["name"]) . "</a> for assistance."; echo display_error(); application_log("error", "Group [" . $_SESSION["permissions"][$ENTRADA_USER->getAccessId()]["group"] . "] and role [" . $_SESSION["permissions"][$ENTRADA_USER->getAccessId()]["role"] . "] does not have access to this module [" . $MODULE . "]"); } else { if ($PROXY_ID) { $ajax_action = clean_input($_POST["ajax_action"], "alpha"); if (!empty($ajax_action)) { ob_clear_open_buffers(); switch ($ajax_action) { case "uploadimage": $filesize = moveImage($_FILES["image"]["tmp_name"], $PROXY_ID, $_POST["coordinates"], $_POST["dimensions"]); if ($filesize) { $PROCESSED_PHOTO["proxy_id"] = $PROXY_ID; $PROCESSED_PHOTO["photo_active"] = 1; $PROCESSED_PHOTO["photo_type"] = 1; $PROCESSED_PHOTO["updated_date"] = time(); $PROCESSED_PHOTO["photo_filesize"] = $filesize; $query = "SELECT `photo_id` FROM `" . AUTH_DATABASE . "`.`user_photos` WHERE `proxy_id` = " . $db->qstr($PROXY_ID); $photo_id = $db->GetOne($query); if ($photo_id) { if ($db->AutoExecute(AUTH_DATABASE . ".user_photos", $PROCESSED_PHOTO, "UPDATE", "`photo_id` = " . $db->qstr($photo_id))) { echo json_encode(array("status" => "success", "data" => webservice_url("photo", array($PROXY_ID, "upload")) . "/" . time())); } } else { if ($db->AutoExecute(AUTH_DATABASE . ".user_photos", $PROCESSED_PHOTO, "INSERT")) { echo json_encode(array("status" => "success", "data" => webservice_url("photo", array($PROXY_ID, "upload")) . "/" . time()));