forked from RmK9/Wanderblog
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathupload.php
84 lines (62 loc) · 2.43 KB
/
upload.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<?php
/**
* Created by PhpStorm.
* User: Sean
* Date: 12/8/2015
* Time: 3:20 PM
*/
require_once 'functions.php'; //Grabs any extra functions
session_start();
//Check for logged in
$loggedIn = loggedIn();
if($loggedIn['user_group'] > 1){
try {
$postID = $_POST['postId'];
if ($postID) {
$uploadDir = 'uploads\\' . $postID . '\\';
if(!file_exists($uploadDir)) {
mkdir($uploadDir, 0777, true);
}
for ($i = 0; $i < count($_FILES['files']['name']); $i++) {
$file = $_FILES["files"]["tmp_name"][$i];
echo 'Looped';
//Check file is an image
$imageSizeData = getimagesize($file);
if ($imageSizeData === FALSE)
{
echo 'False';
//not an image and don't add to database
}else {
echo 'true';
$fileName = $_FILES["files"]["name"][$i];
$tmpName = $_FILES["files"]["tmp_name"][$i];
$ext = substr(strrchr($fileName, "."), 1);
$randName = md5(rand() * time()); //could use sha256
$filePath = $uploadDir . $randName . '.' . $ext;
$result = move_uploaded_file($tmpName, $filePath);
if($result){
echo 'DB';
$imageName = addslashes($fileName);
$imagePath = addslashes($filePath);
$oConn = loginToDB();
$savePicture = $oConn->prepare('INSERT INTO Pictures VALUES(NULL, :PostID, :imageName, :path, NOW())'); //Prepare query to check for existing postID
$savePicture->bindValue(':PostID', $postID, PDO::PARAM_STR);
$savePicture->bindValue(':imageName', $imageName, PDO::PARAM_STR);
$savePicture->bindValue(':path', $imagePath, PDO::PARAM_STR);
if ($savePicture->execute()) {
// Picture added successfully
echo 'Success';
}
}
}
}
echo 'finished';
}else{
echo 'Adventure not found';
}
}catch (PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
} finally{
$oConn = null;
}
}