diff options
Diffstat (limited to '')
| -rw-r--r-- | app/assets/img/heads/.gitkeep (renamed from app/assets/img/.gitkeep) | 0 | ||||
| -rw-r--r-- | app/class/form.class.php | 61 | ||||
| -rw-r--r-- | app/file.php | 57 |
3 files changed, 117 insertions, 1 deletions
diff --git a/app/assets/img/.gitkeep b/app/assets/img/heads/.gitkeep index e69de29..e69de29 100644 --- a/app/assets/img/.gitkeep +++ b/app/assets/img/heads/.gitkeep diff --git a/app/class/form.class.php b/app/class/form.class.php index 9f103ba..3f28a36 100644 --- a/app/class/form.class.php +++ b/app/class/form.class.php @@ -13,6 +13,7 @@ class Form $this->textFields = array(); $this->numbFields = array(); $this->enumFields = array(); + $this->fileFields = array(); $this->errorlist = array(); } @@ -86,9 +87,25 @@ class Form } /* + * Add new file field to the form + */ + function field_file($name, $maxsize, $allowed_mime = null, $req = false) + { + if ($req !== true) + $req = false; + + $this->fileFields[] = array( + 'name' => $name, + 'maxsize' => $maxsize, + 'mime' => $allowed_mime, + 'req' => $req + ); + } + + /* * Populate the form with input data from web page */ - function populate($input) + function populate($input, $files = null) { /* detect duplicate names */ $names = array(); @@ -98,6 +115,8 @@ class Form $names[] = $fld['name']; foreach ($this->enumFields as $fld) $names[] = $fld['name']; + foreach ($this->fileFields as $fld) + $names[] = $fld['name']; if (count(array_unique($names)) != count($names)) { @@ -178,9 +197,49 @@ class Form $this->logError($fld['name'] . " is required"); } + /* init file fields */ + foreach ($this->fileFields as $fld) + { + if (!is_null($files) && isset($files[$fld['name']])) + { + $file = $files[$fld['name']]; + + if ($file['error'] > 0) + { + $this->logError("An unknown error occurred"); + continue; + } + + if ($file['size'] > $fld['maxsize']) + { + $this->logError("File must be no larger than " . $fld['maxsize'] . " bytes"); + continue; + } + + if (is_array($fld['mime']) && array_search($file['type'], $fld['mime']) === false) + { + $this->logError("File type is not supported"); + continue; + } + + $this->$fld['name'] = $file; + } + + else if ($fld['req']) + $this->logError($fld['name'] . " is required"); + } + /* return */ return count($this->errorlist) == 0; } + + /* + * Save file uploaded through web form + */ + function saveUploadedFile($file, $filename) + { + return move_uploaded_file($file['tmp_name'], $filename); + } } ?> diff --git a/app/file.php b/app/file.php new file mode 100644 index 0000000..3c34a89 --- /dev/null +++ b/app/file.php @@ -0,0 +1,57 @@ +<?php + +require_once "class/framework.class.php"; + +/* + * Proxy script for fetching resources from the /assets directory + * This script enforces access-control on HTTP objects such as images and flat files + * which are supplied by users. + * + * Example request: + * yourdomain.com/scrott/file.php?d=/img/heads&f=a4bf903a + */ +class Resource extends Framework +{ + /* + * Get request and figure out what type it is + */ + function handle($dir, $file) + { + if (basename($file) != $file || $file == "") + return; + + switch ($dir) + { + case "img/heads": $this->heads($file); break; + } + } + + /* + * Request a user head (user image) + * Requester must be currently logged in + */ + function heads($file) + { + if (!$this->getCurrentUser()) + return; + + if (!file_exists("assets/img/heads/" . $file)) + $file = "null.jpg"; + + $file = "assets/img/heads/" . $file; + $f = fopen($file, "rb"); + + if (!$f) + return; + + header("Content-type: " . mime_content_type($file)); + header("Content-length: " . filesize($file)); + fpassthru($f); + fclose($f); + } +} + +$res = new Resource(); +$res->handle($_REQUEST['d'], $_REQUEST['f']); + +?> |