diff --git a/api.backend.php b/api.backend.php index 0164a50..b95b90e 100644 --- a/api.backend.php +++ b/api.backend.php @@ -1,5 +1,14 @@ query($apisql)) return 'ERROR: ['.$apidb->error.']'; @@ -94,6 +104,76 @@ class api{ if(!$result = $sdb->query($sql)) return 'ERROR: ['.$sdb->error.']'; return "Reported $link. Please check back in a day or two"; } + // End Short, begin image host + + function upImage($apidb, $apikey, $idb, $username, $comment, $tags, $private, $imgdata){ + $apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1;"; + if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']'; + if($row = $result->fetch_assoc()){ + $canimg = $row['image']; + $name = $row['name']; + + $name = addslashes($name); + $ip = $_SERVER['REMOTE_ADDR']; + + $apisql = "INSERT INTO `apiuse` (time, name, apikey, ip, type, allowed, misc) VALUES (NOW(), '$name', '$apikey', '$ip', 'Short Link Delete', '$canshort', '$link')"; + if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']'; + } + if($canimg != 1) return 'You are not authorized to upload images'; + + if ($imgdata["file"]["error"] > 0) return "Return Code: ".$imgdata["file"]["error"]; + + $location = 'Pictures'; + $newImgName = substr(number_format(time() * mt_rand(),0,'',''),0,10); + $newImgName = base_convert($short, 10, 36); + + $name = $imgdata["file"]["name"]; + $type = $imgdata["file"]["type"]; + $size = ($imgdata["file"]["size"] / 1024); // get size of file in Kb + $size = round($size, 2)." Kb"; + + $pubLink = substr(number_format(time() * mt_rand(),0,'',''),0,10); + $pubLink = base_convert($short, 10, 36); + + $notspace = ", . - ,.-\n"; + $tags = preg_replace('/^'.$notspace.'$/', " ", $tags); + + $time = date("d/j/y - g:i:s a"); + + $file_ext = pathinfo($imgdata['file']['name'], PATHINFO_EXTENSION); + $extensions = array('png', 'gif', 'jpg', 'jpeg'); + if(!in_array($file_ext, $extensions)) return "ERROR: Improper file extension"; + + $name = "$newImgName.$file_ext"; + + if(round(($imgdata["file"]["size"] / 1024), 2) < 80000){ + if(file_exists("$location/$name") return "ERROR: $name already exists"; + if(preg_match('/php/i', $name) || preg_match('/phtml/i', $name) || preg_match('/htaccess/i', $name)) return "$name can't be uploaded"; + + if($isprivate == 1){ + $location .= "/Private.png/$username"; + $sql="INSERT INTO `share` (name, location, type, size, time, comment, username, tags, private, sharelink) VALUES ('$name', '$location', '$type', '$size', NOW(), '$upcomment', '$upusername', '$tags', '$isprivate', '$share')"; + if(!$result = $idb->query($sql)) return 'ERROR: ['.$idb->error.']'; + + if(!file_exists("Pictures/Private.png/$username")) mkdir("Pictures/Private.png/$username"); + move_uploaded_file($imgdata["file"]["tmp_name"], "$location/$name"); + + genthumb($name, $upusername, 1); + return "Image $name uploaded"; + } + + $sql = "INSERT INTO `recentpics` `name` = '$name';"; + if($result = $idb->query($sql)){ + $sql="INSERT INTO `share` (name, location, type, size, time, comment, username, tags, private) VALUES ('$name', '$location', '$type', '$size', NOW(), '$upcomment', '$upusername', '$tags', '$isprivate')"; + if(!$result = $idb->query($sql)) return 'ERROR: ['.$idb->error.']'; + + move_uploaded_file($imgdata["file"]["tmp_name"], "$location/$name"); + genthumb($name); + + return "Image $name uploaded"; + } + }else{ return "Error: Image size too large"; } + } } ?> \ No newline at end of file