/** * Save Post * * @param $userID * @param mixed $data * @return bool|int|null|string */ public static function savePhoto($userID, $data) { global $db, $TNB_GLOBALS; //Check the Photo File Name if (!isset($data['file']) || strpos($data['file'], "../") !== false || !file_exists(DIR_FS_PHOTO_TMP . $data['file'])) { buckys_add_message(MSG_FILE_UPLOAD_ERROR, MSG_TYPE_ERROR); return false; } $data['pageID'] = isset($data['pageID']) && is_numeric($data['pageID']) ? $data['pageID'] : BuckysPost::INDEPENDENT_POST_PAGE_ID; // Validate the file type $fileParts = pathinfo($data['file']); if (!in_array(strtolower($fileParts['extension']), $TNB_GLOBALS['imageTypes'])) { buckys_add_message(MSG_INVALID_PHOTO_TYPE, MSG_TYPE_ERROR); return false; } //Validate File Size list($width, $height, $type, $attr) = getimagesize(DIR_FS_PHOTO_TMP . $data['file']); if ($width * $height > MAX_IMAGE_WIDTH * MAX_IMAGE_HEIGHT) { buckys_add_message(MSG_PHOTO_MAX_SIZE_ERROR, MSG_TYPE_ERROR); return false; } //Checking File Size and move it from the tmp folder to the user photo folder and resize it. if ($data['post_visibility'] == 2) { //Calc Ratio using real image width $ratio = floatval($width / $data['width']); $sourceWidth = ($data['x2'] - $data['x1']) * $ratio; BuckysPost::moveFileFromTmpToUserFolder($userID, $data['file'], PROFILE_IMAGE_WIDTH, PROFILE_IMAGE_HEIGHT, $data['x1'] * $ratio, $data['y1'] * $ratio, $sourceWidth, $sourceWidth); if ($data['pageID'] == BuckysPost::INDEPENDENT_POST_PAGE_ID) { //Update User Profile Field BuckysUser::updateUserFields($userID, ['thumbnail' => $data['file']]); $is_profile = 1; } else { //Update Page Profile field $pageIns = new BuckysPage(); $pageIns->updateData($data['pageID'], ['logo' => $data['file']]); $is_profile = 1; } } else { if ($width > MAX_POST_IMAGE_WIDTH) { $height = $height * (MAX_POST_IMAGE_WIDTH / $width); $width = MAX_POST_IMAGE_WIDTH; } if ($height > MAX_POST_IMAGE_HEIGHT) { $width = $width * (MAX_POST_IMAGE_HEIGHT / $height); $height = MAX_POST_IMAGE_HEIGHT; } //Create normal image BuckysPost::moveFileFromTmpToUserFolder($userID, $data['file'], $width, $height, 0, 0); $is_profile = 0; } $now = date('Y-m-d H:i:s'); $newId = $db->insertFromArray(TABLE_POSTS, ['poster' => $userID, 'pageID' => $data['pageID'], 'profileID' => $data['profileID'], 'content' => $data['content'], 'type' => 'image', 'post_date' => $now, 'image' => $data['file'], 'visibility' => $data['post_visibility'] > 0 ? 1 : 0, 'is_profile' => $is_profile]); if (!$newId) { buckys_add_message($db->getLastError(), MSG_TYPE_ERROR); return false; } //Assign Photo to Album if (isset($data['album']) && $data['album'] != '') { if (!BuckysAlbum::checkAlbumOwner($data['album'], $userID)) { buckys_add_message(MSG_INVALID_ALBUM_ID, MSG_TYPE_ERROR); } else { BuckysAlbum::addPhotoToAlbum($data['album'], $newId); } } buckys_add_message(MSG_PHOTO_UPLOADED_SUCCESSFULLY); return $newId; }
if (isset($_REQUEST['action'])) { $paramAction = get_secure_string($_REQUEST['action']); } $pageIns = new BuckysPage(); $pageFollowerIns = new BuckysPageFollower(); //Capture Ajax requests (such as save title, ... here) if (is_numeric($userID)) { switch ($paramAction) { //============ Update About Content By Ajax =================// case 'updateAbout': $paramPageID = get_secure_integer($_REQUEST['pageID']); $paramContent = get_secure_string($_REQUEST['content']); $pageData = $pageIns->getPageByID($paramPageID); if ($pageData && $pageData['userID'] == $userID) { $data['about'] = $paramContent; $pageIns->updateData($paramPageID, $data); echo json_encode(['success' => 1, 'msg' => MSG_CONTENT_UPDATED_SUCCESS, 'content' => $paramContent, 'content_display' => render_enter_to_br($paramContent)]); } else { if (empty($pageData)) { //No such page exists echo json_encode(['success' => 0, 'msg' => MSG_NO_SUCH_PAGE]); } else { //You don't have permission to update content echo json_encode(['success' => 0, 'msg' => MSG_NO_PERMISSION_TO_EDIT_PAGE]); } } exit; //=============== Update Page Title by Ajax ===================// //=============== Update Page Title by Ajax ===================// case 'updatePageTitle': $paramPageID = get_secure_integer($_REQUEST['pageID']);