<?php
require_once 'init.php';
require_once 'file.utils.php';
if ($arg['loggedIn']) {
try {
$dump = dumpFiles($i, $_SESSION['user']);
echo json_encode(array("success" => true, "payload" => $dump));
} catch (mysqli_sql_exception $exc) {
tossError($exc, "There was an internal error while retreiving your files.");
}
} else {
echo error("Access Denied");
}
<?php
require_once 'init.php';
require_once 'file.utils.php';
if ($arg['loggedIn']) {
try {
$record = getFileRecord($i, $_GET['fileId'], $_SESSION['user']);
$record['id'] = $record['public_id'];
$record['title'] = $record['name'];
$record['path'] = $record['fname'];
echo json_encode(array("success" => true, "fileInfo" => $record));
} catch (mysqli_sql_exception $exc) {
tossError($exc, "There was an internal error while retreiving your file");
} catch (UnexpectedValueException $exc) {
tossError($exc, "This file no longer exists");
}
} else {
echo error("Access denied");
}
<?php
require_once 'init.php';
require_once 'user.utils.php';
if ($arg['loggedIn'] && $arg['isAdmin']) {
try {
// Retreive user account details
$userRecord = getUserRecord($i, $_POST['id']);
// If user is changing password, verify integrity (must come in hashed)
if (isset($_POST['password'])) {
verifyPasswordIntegrity($_POST['password']);
$userRecord['password'] = $_POST['password'];
}
// Apply other changed fields
if (isset($_POST['username']) && $_POST['username'] != "") {
$userRecord['username'] = $_POST['username'];
}
if (isset($_POST['isAdmin'])) {
$userRecord['isAdmin'] = filter_var($_POST['isAdmin'], FILTER_VALIDATE_BOOLEAN);
}
// Do the update
$updatedUserRecord = updateUserRecord($i, $userRecord['public_id'], $userRecord['username'], $userRecord['password'], $userRecord['isAdmin']);
echo json_encode(array("success" => true, "userData" => $updatedUserRecord));
} catch (mysqli_sql_exception $exc) {
tossError($exc, "There was an internal error while updating the user");
}
} else {
echo error("Access Denied");
}
$filename = replaceFileWithUpload($userUploadsDirectory, "file-file", $fileId, false);
// Try to create a thumbnail
$thumbField = false;
try {
$thumbField = createImageThumbnail($userUploadsDirectory, $filename);
} catch (Exception $exc) {
/* Non-fatal */
}
associateFilename($i, $filename, $fileId, $thumbField);
}
} catch (mysqli_sql_exception $exc) {
tossError($exc, "There was an internal error while uploading your file");
} catch (InvalidArgumentException $exc) {
tossError($exc, "The uploaded file has an unsafe extension");
} catch (Exception $exc) {
tossError($exc, "Server is misconfigured, please contact your administrator");
}
}
$redir = $_POST['redirection'];
if ($redir) {
if ($redir == "continue") {
header("Location: file.edit.php");
// User clicked "Create and add another"
} else {
header("Location: index.php");
}
} else {
header("Location: index.php");
}
} else {
header("Location: index.php");
<?php
require_once 'init.php';
require_once 'user.utils.php';
if ($arg['loggedIn'] && $arg['isAdmin']) {
try {
// Check that password has been hashed
verifyPasswordIntegrity($_POST['password']);
$userId = uniqid();
// Create uploads directory for user
createUserUploadDirectory("uploads/", $userId);
// Create user record
$isAdmin = filter_var($_POST['isAdmin'], FILTER_VALIDATE_BOOLEAN);
$newUserRecord = createUserRecord($i, $userId, $_POST['username'], $_POST['password'], $isAdmin);
echo json_encode(array("success" => true, "userData" => $newUserRecord));
} catch (mysqli_sql_exception $exc) {
tossError($exc, "There was an internal issue while deleting your file.");
} catch (RuntimeException $exc) {
tossError($exc, "There was an error creating your uploads directory.");
} catch (InvalidArgumentException $exc) {
tossError($exc, $exc);
}
} else {
echo error("Access Denied");
}
<?php
require_once 'init.php';
require_once 'file.utils.php';
if ($arg['loggedIn']) {
try {
$record = array();
try {
$record = getFileRecord($i, $_GET['i'], $_SESSION['user']);
} catch (UnexpectedValueException $exc) {
throw new Exception("File record not found");
}
deleteFileRecord($i, $record['public_id'], $_SESSION['user']);
deleteFile("uploads/" . $_SESSION['userPublic'] . "/", $record['fname']);
if ($record['has_thumb'] == 1) {
deleteFile("uploads/" . $_SESSION['userPublic'] . "/", $record['fname'] . ".thumb.png");
}
} catch (mysqli_sql_exception $exc) {
tossError($exc, "There was an internal issue while deleting your file.");
} catch (Exception $exc) {
tossError($exc, "There was an error while deleting your file");
}
}
header("Location: index.php");
<?php
require_once 'init.php';
require_once 'user.utils.php';
if ($arg['loggedIn'] && $arg['isAdmin']) {
try {
$dump = dumpUsers($i);
echo json_encode(array("success" => true, "payload" => $dump));
} catch (mysqli_sql_exception $exc) {
tossError($exc, "There was an internal error while fetching the user list.");
}
} else {
echo error("Access Denied");
}
