Merge branch 'feature/file-uploads' into dev

author: Malf Furious <m@lfurio.us> 2016-03-31 21:51:29 -0400
committer: Malf Furious <m@lfurio.us> 2016-03-31 21:51:29 -0400
commit: d6d56ec5b3d46598d520ac77dd7e2fd4819e9361 (patch)
tree: d6ee85131fe0132f04570cbf9e2080e8345913e6 /app
parent: 4d69a5ecca13bbda5843c176e1bc4df514f079d7 (diff)
parent: 8ffc128d193929d9197af705974862b92a85a0fb (diff)
download: scrott-d6d56ec5b3d46598d520ac77dd7e2fd4819e9361.tar.gz
scrott-d6d56ec5b3d46598d520ac77dd7e2fd4819e9361.zip
3 files changed, 117 insertions, 1 deletions
diff --git a/app/assets/img/.gitkeep b/app/assets/img/heads/.gitkeep
index e69de29..e69de29 100644
--- a/app/assets/img/.gitkeep
+++ b/app/assets/img/heads/.gitkeep
diff --git a/app/class/form.class.php b/app/class/form.class.php
index 9f103ba..3f28a36 100644
--- a/app/class/form.class.php
+++ b/app/class/form.class.php
@@ -13,6 +13,7 @@ class Form
         $this->textFields = array();
         $this->numbFields = array();
         $this->enumFields = array();
+        $this->fileFields = array();
 
         $this->errorlist  = array();
     }
@@ -86,9 +87,25 @@ class Form
     }
 
     /*
+     * Add new file field to the form
+     */
+    function field_file($name, $maxsize, $allowed_mime = null, $req = false)
+    {
+        if ($req !== true)
+            $req = false;
+
+        $this->fileFields[] = array(
+            'name'    => $name,
+            'maxsize' => $maxsize,
+            'mime'    => $allowed_mime,
+            'req'     => $req
+        );
+    }
+
+    /*
      * Populate the form with input data from web page
      */
-    function populate($input)
+    function populate($input, $files = null)
     {
         /* detect duplicate names */
         $names = array();
@@ -98,6 +115,8 @@ class Form
             $names[] = $fld['name'];
         foreach ($this->enumFields as $fld)
             $names[] = $fld['name'];
+        foreach ($this->fileFields as $fld)
+            $names[] = $fld['name'];
 
         if (count(array_unique($names)) != count($names))
         {
@@ -178,9 +197,49 @@ class Form
                 $this->logError($fld['name'] . " is required");
         }
 
+        /* init file fields */
+        foreach ($this->fileFields as $fld)
+        {
+            if (!is_null($files) && isset($files[$fld['name']]))
+            {
+                $file = $files[$fld['name']];
+
+                if ($file['error'] > 0)
+                {
+                    $this->logError("An unknown error occurred");
+                    continue;
+                }
+
+                if ($file['size'] > $fld['maxsize'])
+                {
+                    $this->logError("File must be no larger than " . $fld['maxsize'] . " bytes");
+                    continue;
+                }
+
+                if (is_array($fld['mime']) && array_search($file['type'], $fld['mime']) === false)
+                {
+                    $this->logError("File type is not supported");
+                    continue;
+                }
+
+                $this->$fld['name'] = $file;
+            }
+
+            else if ($fld['req'])
+                $this->logError($fld['name'] . " is required");
+        }
+
         /* return */
         return count($this->errorlist) == 0;
     }
+
+    /*
+     * Save file uploaded through web form
+     */
+    function saveUploadedFile($file, $filename)
+    {
+        return move_uploaded_file($file['tmp_name'], $filename);
+    }
 }
 
 ?>
diff --git a/app/file.php b/app/file.php
new file mode 100644
index 0000000..3c34a89
--- /dev/null
+++ b/app/file.php
@@ -0,0 +1,57 @@
+<?php
+
+require_once "class/framework.class.php";
+
+/*
+ * Proxy script for fetching resources from the /assets directory
+ * This script enforces access-control on HTTP objects such as images and flat files
+ * which are supplied by users.
+ *
+ * Example request:
+ * yourdomain.com/scrott/file.php?d=/img/heads&f=a4bf903a
+ */
+class Resource extends Framework
+{
+    /*
+     * Get request and figure out what type it is
+     */
+    function handle($dir, $file)
+    {
+        if (basename($file) != $file || $file == "")
+            return;
+
+        switch ($dir)
+        {
+            case "img/heads": $this->heads($file); break;
+        }
+    }
+
+    /*
+     * Request a user head (user image)
+     * Requester must be currently logged in
+     */
+    function heads($file)
+    {
+        if (!$this->getCurrentUser())
+            return;
+
+        if (!file_exists("assets/img/heads/" . $file))
+            $file = "null.jpg";
+
+        $file = "assets/img/heads/" . $file;
+        $f = fopen($file, "rb");
+
+        if (!$f)
+            return;
+
+        header("Content-type: " . mime_content_type($file));
+        header("Content-length: " . filesize($file));
+        fpassthru($f);
+        fclose($f);
+    }
+}
+
+$res = new Resource();
+$res->handle($_REQUEST['d'], $_REQUEST['f']);
+
+?>
author	Malf Furious <m@lfurio.us>	2016-03-31 21:51:29 -0400
committer	Malf Furious <m@lfurio.us>	2016-03-31 21:51:29 -0400
commit	d6d56ec5b3d46598d520ac77dd7e2fd4819e9361 (patch)
tree	d6ee85131fe0132f04570cbf9e2080e8345913e6 /app
parent	4d69a5ecca13bbda5843c176e1bc4df514f079d7 (diff)
parent	8ffc128d193929d9197af705974862b92a85a0fb (diff)
download	scrott-d6d56ec5b3d46598d520ac77dd7e2fd4819e9361.tar.gz scrott-d6d56ec5b3d46598d520ac77dd7e2fd4819e9361.zip