-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathupload.php
97 lines (70 loc) · 2.29 KB
/
upload.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<?php
// upload.php
//
// Upload a list of images and save them to
//
// picdir/upload/${unique_id}__$[sanitize(ORIG)].jpg
//
// TODO:
// - Support ?response=json with {"serving_at": "/picdir/2020-20-abc-foo.jpg"}
// Or the HTML can just have some "microdata"?
include('lib.php');
if ($HASHED_PASSWORD) {
if (!password_verify($_POST['password'], $HASHED_PASSWORD)) {
header('content-type: text/html; charset=utf-8', true, 403);
exit('Invalid password');
}
} else {
error_log('Allowing upload without password');
}
// Default header (for errors)
header('content-type: text/html; charset=utf-8', true, 400);
// Check if images were uploaded
if (! isset($_FILES['images'])) {
exit('Expected images=');
}
// The form has multiple="multiple"
$num_files = count($_FILES['images']['name']);
// error_log("num files $num_files");
$body = '';
// Loop through each file
for ($i = 0; $i < $num_files; $i++) {
$tmp_name = $_FILES['images']['tmp_name'][$i];
// error_log("uploaded file $tmp_name");
if (! is_uploaded_file($tmp_name)) {
exit('Expected images= to be a file (dev server rejected big file?)');
}
$error = $_FILES['images']['error'][$i];
if ($error !== UPLOAD_ERR_OK) {
exit("Upload failed with error $error");
}
$filename = $_FILES['images']['name'][$i];
// Check if images were uploaded
if (! isset($filename)) {
exit('Expected image name');
}
$new_filename = unique_id() . '__' . sanitize($filename);
$upload_path = "$UPLOAD_DIR/$new_filename";
error_log("$tmp_name -> $upload_path");
move_uploaded_file($tmp_name, $upload_path);
// TODO: Add redirect=0 or redirect=1 to avoid redirection, which allow you
// to copy and paste
$example = "resize?name=$new_filename&max-width=600";
// Append a snippet to the body.
// TODO: Show original image size, etc.
$body .= <<<EOF
<p>Saved <code><a href="$upload_path">$upload_path</a></code></p>
<p><b>Serve small (and rotated) versions with URLs like this:</b></p>
<code><a href="$example">$example</a></code> (redirects to a static file)
<p>
<a href="form?filename=$new_filename">Use the form to construct a URL</a>
</p>
<hr/>
EOF;
}
header("Content-type: text/html", $replace = true, 200);
html_header();
echo($body);
echo('<p><a href=".">Back to home page</a></p>');
html_footer();
?>