summaryrefslogtreecommitdiffstats
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--app/assets/img/heads/.gitkeep (renamed from app/assets/img/.gitkeep)0
-rw-r--r--app/class/form.class.php61
-rw-r--r--app/file.php57
3 files changed, 117 insertions, 1 deletions
diff --git a/app/assets/img/.gitkeep b/app/assets/img/heads/.gitkeep
index e69de29..e69de29 100644
--- a/app/assets/img/.gitkeep
+++ b/app/assets/img/heads/.gitkeep
diff --git a/app/class/form.class.php b/app/class/form.class.php
index 9f103ba..3f28a36 100644
--- a/app/class/form.class.php
+++ b/app/class/form.class.php
@@ -13,6 +13,7 @@ class Form
$this->textFields = array();
$this->numbFields = array();
$this->enumFields = array();
+ $this->fileFields = array();
$this->errorlist = array();
}
@@ -86,9 +87,25 @@ class Form
}
/*
+ * Add new file field to the form
+ */
+ function field_file($name, $maxsize, $allowed_mime = null, $req = false)
+ {
+ if ($req !== true)
+ $req = false;
+
+ $this->fileFields[] = array(
+ 'name' => $name,
+ 'maxsize' => $maxsize,
+ 'mime' => $allowed_mime,
+ 'req' => $req
+ );
+ }
+
+ /*
* Populate the form with input data from web page
*/
- function populate($input)
+ function populate($input, $files = null)
{
/* detect duplicate names */
$names = array();
@@ -98,6 +115,8 @@ class Form
$names[] = $fld['name'];
foreach ($this->enumFields as $fld)
$names[] = $fld['name'];
+ foreach ($this->fileFields as $fld)
+ $names[] = $fld['name'];
if (count(array_unique($names)) != count($names))
{
@@ -178,9 +197,49 @@ class Form
$this->logError($fld['name'] . " is required");
}
+ /* init file fields */
+ foreach ($this->fileFields as $fld)
+ {
+ if (!is_null($files) && isset($files[$fld['name']]))
+ {
+ $file = $files[$fld['name']];
+
+ if ($file['error'] > 0)
+ {
+ $this->logError("An unknown error occurred");
+ continue;
+ }
+
+ if ($file['size'] > $fld['maxsize'])
+ {
+ $this->logError("File must be no larger than " . $fld['maxsize'] . " bytes");
+ continue;
+ }
+
+ if (is_array($fld['mime']) && array_search($file['type'], $fld['mime']) === false)
+ {
+ $this->logError("File type is not supported");
+ continue;
+ }
+
+ $this->$fld['name'] = $file;
+ }
+
+ else if ($fld['req'])
+ $this->logError($fld['name'] . " is required");
+ }
+
/* return */
return count($this->errorlist) == 0;
}
+
+ /*
+ * Save file uploaded through web form
+ */
+ function saveUploadedFile($file, $filename)
+ {
+ return move_uploaded_file($file['tmp_name'], $filename);
+ }
}
?>
diff --git a/app/file.php b/app/file.php
new file mode 100644
index 0000000..3c34a89
--- /dev/null
+++ b/app/file.php
@@ -0,0 +1,57 @@
+<?php
+
+require_once "class/framework.class.php";
+
+/*
+ * Proxy script for fetching resources from the /assets directory
+ * This script enforces access-control on HTTP objects such as images and flat files
+ * which are supplied by users.
+ *
+ * Example request:
+ * yourdomain.com/scrott/file.php?d=/img/heads&f=a4bf903a
+ */
+class Resource extends Framework
+{
+ /*
+ * Get request and figure out what type it is
+ */
+ function handle($dir, $file)
+ {
+ if (basename($file) != $file || $file == "")
+ return;
+
+ switch ($dir)
+ {
+ case "img/heads": $this->heads($file); break;
+ }
+ }
+
+ /*
+ * Request a user head (user image)
+ * Requester must be currently logged in
+ */
+ function heads($file)
+ {
+ if (!$this->getCurrentUser())
+ return;
+
+ if (!file_exists("assets/img/heads/" . $file))
+ $file = "null.jpg";
+
+ $file = "assets/img/heads/" . $file;
+ $f = fopen($file, "rb");
+
+ if (!$f)
+ return;
+
+ header("Content-type: " . mime_content_type($file));
+ header("Content-length: " . filesize($file));
+ fpassthru($f);
+ fclose($f);
+ }
+}
+
+$res = new Resource();
+$res->handle($_REQUEST['d'], $_REQUEST['f']);
+
+?>