kiduc
/
bibiuc.com
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 59 Wiki Activity
Browse Source

Improving image upload 

Only login user can accesss the upload.php file.
pull/189/head
Danang Probo Sayekti 10 years ago
parent
34ff8ad95b
commit
4e16a36bd5
1 changed files with 41 additions and 28 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +41
    -28
      upload.php

+ 41
- 28
upload.php View File

@ -1,5 +1,11 @@
<?php
require 'system/includes/dispatch.php';
require 'system/includes/session.php';
// Load the configuration file
config('source', 'config/config.ini');
$whitelist = array('jpg', 'jpeg', 'png', 'gif');
$name = null;
$dir = 'content/images/';
@ -7,39 +13,46 @@ $error = null;
$timestamp = date('YmdHis');
$path = null;
if (is_dir($dir)) {
} else {
mkdir($dir, 0755, true);
}
if (login()) {
if (is_dir($dir)) {
} else {
mkdir($dir, 0755, true);
}
if (isset($_FILES)) {
if (isset($_FILES['file'])) {
$tmp_name = $_FILES['file']['tmp_name'];
$name = basename($_FILES['file']['name']);
$error = $_FILES['file']['error'];
$path = $dir . $timestamp . '-' . $name;
if (isset($_FILES)) {
if (isset($_FILES['file'])) {
$tmp_name = $_FILES['file']['tmp_name'];
$name = basename($_FILES['file']['name']);
$error = $_FILES['file']['error'];
$path = $dir . $timestamp . '-' . $name;
$check = getimagesize($tmp_name);
$check = getimagesize($tmp_name);
if($check !== false) {
if ($error === UPLOAD_ERR_OK) {
$extension = pathinfo($timestamp . '-' . $name, PATHINFO_EXTENSION);
if (!in_array($extension, $whitelist)) {
$error = 'Invalid file type uploaded.';
} else {
move_uploaded_file($tmp_name, $dir . $timestamp . '-' . $name);
if($check !== false) {
if ($error === UPLOAD_ERR_OK) {
$extension = pathinfo($timestamp . '-' . $name, PATHINFO_EXTENSION);
if (!in_array($extension, $whitelist)) {
$error = 'Invalid file type uploaded.';
} else {
move_uploaded_file($tmp_name, $dir . $timestamp . '-' . $name);
}
}
} else {
$error = "File is not an image.";
}
}
else {
$error = "File is not an image.";
}
}
}
echo json_encode(array(
'path' => $path,
'name' => $name,
'error' => $error,
));
die();
echo json_encode(array(
'path' => $path,
'name' => $name,
'error' => $error,
));
die();
} else {
$login = site_url() . 'login';
header("location: $login");
}

Write Preview
Loading…
Cancel
Save