// extract picture information $action = $_POST['action']; $from = $_POST['from']; $md5_id = $_POST['md5_id']; $title = $_POST['title']; $category = $_POST['category']; $desc = $_POST['desc']; if ($action != "update" && $action != "delete") { Util::log_and_die("Bad Request: unknown action: " . $action); } // file id check if (!$md5_id) { Util::log_and_die("Bad Request: file's md5 id is missing"); } // perform task depending on notification type FileDB::init(); if ($action == "update") { $success = FileDB::update_record($md5_id, $title, $category, $desc); if (!$success) { Util::log_and_die("Server error: file info update failed"); } Util::log_and_echo("Request processed: file info updated successfully"); } elseif ($action == "delete") { $file_path = FileDB::get_file_path($md5_id); $success = unlink($file_path); if (!$success) { Util::log_and_die("Server error: file deletion failed"); } Util::log_and_echo("Request processed: file deleted successfully"); } FileDB::close();
FileDB::init(); // duplication check if (FileDB::check_duplicate($md5_id)) { Util::log_and_die("Bad client upload request: duplicated file for " . $md5_id); } // type and size check $type = strtolower(pathinfo($file["name"], PATHINFO_EXTENSION)); $size = $_FILES['file']['size']; if ($size > MAXSIZE) { Util::log_and_die("Bad client upload request: file exceed size limit(" . MAXSIZE . "kb)"); } elseif (!in_array($type, $allowed_types)) { Util::log_and_die("Bad client upload request: unacceptable file format"); } // build upload path $upload_dir = "uploads/"; $ext = $type; $upload_path = $upload_dir . $md5_id . "." . $ext; // save the uploaded file to filesystem and add record to database $success = move_uploaded_file($file["tmp_name"], $upload_path) && FileDB::insert_record($upload_path, $from, $md5_id, $title, $category, $desc); if ($success) { } else { Util::log_and_die("Server error: upload failed"); } FileDB::close(); Util::log_and_echo("Request processed: file uploaded successfully"); // send the new file to peer servers $success = send_to_peers($upload_path, $md5_id, $title, $category, $desc); if (!$success) { Util::log("Response from peers: at least one peer didn't get the file"); } Util::log("Response from peers: all peers received the file successfully!");
public static function delete_record($md5_id) { // clean user input to avoid sql injection // $md5_id = mysqli_escape_string($md5_id); $sql = 'DELETE FROM pictures ' . 'WHERE id = "' . $md5_id . '";'; $success = mysql_query($sql, self::$conn); if (!$success) { Util::log_and_echo('delete error: ' . mysql_error()); } return $success; }