mirror of
https://github.com/slawkens/myaac.git
synced 2025-04-26 17:29:21 +02:00
9de8145f82
Unified all tinyMCE instances used across AAC, now they are initiated in one single file + added option to upload images within editor (CTRL-C CTRL-V) + there is new folder: user/, which will be used for all user generated data, like image uploads, guild images, etc.
54 lines
1.3 KiB
PHP
54 lines
1.3 KiB
PHP
<?php
|
|
define('MYAAC_ADMIN', true);
|
|
|
|
require '../../common.php';
|
|
require SYSTEM . 'functions.php';
|
|
require SYSTEM . 'init.php';
|
|
require SYSTEM . 'login.php';
|
|
|
|
if(!admin())
|
|
die('Access denied.');
|
|
|
|
// Don't attempt to process the upload on an OPTIONS request
|
|
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
|
|
header('Access-Control-Allow-Methods: POST, OPTIONS');
|
|
return;
|
|
}
|
|
|
|
$imageFolder = USER . 'image_uploads/';
|
|
|
|
reset ($_FILES);
|
|
$temp = current($_FILES);
|
|
if (is_uploaded_file($temp['tmp_name'])) {
|
|
header('Access-Control-Allow-Credentials: true');
|
|
header('P3P: CP="There is no P3P policy."');
|
|
|
|
// Sanitize input
|
|
if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {
|
|
header('HTTP/1.1 400 Invalid file name.');
|
|
return;
|
|
}
|
|
|
|
// Verify extension
|
|
$ext = strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION));
|
|
if (!in_array($ext, ['gif', 'jpg', 'png'])) {
|
|
header('HTTP/1.1 400 Invalid extension.');
|
|
return;
|
|
}
|
|
|
|
do {
|
|
$randomName = generateRandomString(8). ".$ext";
|
|
$fileToWrite = $imageFolder . $randomName;
|
|
} while (file_exists($fileToWrite));
|
|
|
|
move_uploaded_file($temp['tmp_name'], $fileToWrite);
|
|
|
|
$returnPathToImage = BASE_URL . 'user/image_uploads/' . $randomName;
|
|
echo json_encode(['location' => $returnPathToImage]);
|
|
} else {
|
|
// Notify editor that the upload failed
|
|
header('HTTP/1.1 500 Server Error');
|
|
}
|
|
|
|
|