public function crop_upload()
{
if (isset($GLOBALS["HTTP_RAW_POST_DATA"])) {
$pic = $GLOBALS["HTTP_RAW_POST_DATA"];
if (isset($_GET['width']) && !empty($_GET['width'])) {
$width = intval($_GET['width']);
}
if (isset($_GET['height']) && !empty($_GET['height'])) {
$height = intval($_GET['height']);
}
if (isset($_GET['file']) && !empty($_GET['file'])) {
$_GET['file'] = str_ireplace(';', '', 'php', $_GET['file']);
if (is_image($_GET['file']) == false || stripos($_GET['file'], '.php') !== false) {
exit;
}
if (strpos($_GET['file'], pc_base::load_config('system', 'upload_url')) !== false) {
$file = $_GET['file'];
$basename = basename($file);
if (strpos($basename, 'thumb_') !== false) {
$file_arr = explode('_', $basename);
$basename = array_pop($file_arr);
}
$new_file = 'thumb_' . $width . '_' . $height . '_' . $basename;
} else {
pc_base::load_sys_class('attachment', '', 0);
$module = trim($_GET['module']);
$catid = intval($_GET['catid']);
$siteid = $this->get_siteid();
$attachment = new attachment($module, $catid, $siteid);
$uploadedfile['filename'] = basename($_GET['file']);
$uploadedfile['fileext'] = fileext($_GET['file']);
if (in_array($uploadedfile['fileext'], array('jpg', 'gif', 'jpeg', 'png', 'bmp'))) {
$uploadedfile['isimage'] = 1;
}
$file_path = $this->upload_path . date('Y/md/');
pc_base::load_sys_func('dir');
dir_create($file_path);
$new_file = date('Ymdhis') . rand(100, 999) . '.' . $uploadedfile['fileext'];
$uploadedfile['filepath'] = date('Y/md/') . $new_file;
$aid = $attachment->add($uploadedfile);
}
$filepath = date('Y/md/');
file_put_contents($this->upload_path . $filepath . $new_file, $pic);
} else {
return false;
}
echo pc_base::load_config('system', 'upload_url') . $filepath . $new_file;
exit;
}
}
