X-Git-Url: https://dev.renevier.net/gitweb.cgi?p=syp.git;a=blobdiff_plain;f=api.php;h=2054350084a29108e54982d3de468354805b33da;hp=50e8bfe3cfa2cc5cc1fad902cc24cde9757d03e8;hb=259b6d11bb6d0233343744c0452358293d5be517;hpb=4acc8da49e3d4083fd9906388dd8fe0212bb9f42 diff --git a/api.php b/api.php index 50e8bfe..2054350 100644 --- a/api.php +++ b/api.php @@ -20,7 +20,7 @@ function success_feature ($feature, $request) { $res .= "" . ($feature->imgpath ? - full_url_from_imgpath ($feature->imgpath) + image_url_from_imgpath ($feature->imgpath) : "") . ""; @@ -98,8 +98,13 @@ function save_uploaded_file ($file, $con) { (!move_uploaded_file ($file ["tmp_name"], $dest))) { server_error (); } + $mini_dest = getthumbsdir () . "/mini_" . basename_safe ($dest); + + if (!create_thumbnail_or_copy ($dest, $mini_dest)) { + server_error (); + } } - return basename($dest); + return basename_safe ($dest); } function img_check_upload ($file) { @@ -120,14 +125,17 @@ function delete_image_if_unused ($imgpath, $con) { return; } if ($con->imgpath_exists ($imgpath)) { - return false; + return; } + $path = UPLOADDIR . "/" . $imgpath; - if (file_exists($path)) { + if (file_exists ($path)) { unlink ($path); - return true; - } else { - return false; + } + + $thumb_path = getthumbsdir () . "/mini_" . $imgpath; + if (file_exists ($thumb_path)) { + unlink ($thumb_path); } } @@ -148,7 +156,7 @@ function unique_file ($dirname, $relpath, $con) { while ($counter < 1000) { if (!file_exists ($filename) && - !($con->imgpath_exists (basename ($filename)))) { + !($con->imgpath_exists (basename_safe ($filename)))) { return $filename; } else { $counter++; @@ -159,28 +167,41 @@ function unique_file ($dirname, $relpath, $con) { return null; } -function main ($con) { - if (!isset ($_POST ["request"])) { - request_error (); - } - if ($_POST ["request"] == "auth") { - $pwd = unquote ($_POST["password"]); - $user = "admin"; +function check_auth ($con, $pwd, $cookie_name, $auth_only) { + $authentificated = false; + $user = "admin"; + + if ($pwd) { if ($con->checkpwdmd5 ($user, md5 ($pwd))) { // cookie will be valid for 2 weeks. I've chosen that value // arbitrarily, and it may change in the future. $time = time () + 14 * 60 * 24 * 60; - $cookie_name = sprintf ("%sauth", DBPREFIX); setcookie ($cookie_name, md5 ($pwd), $time, "" , "", false, true); - success_auth (); + $authentificated = true; + if ($auth_only) { + success_auth (); + } } else { unauthorized_error (); } } - if (!($con->checkpwdmd5 ("admin", - $_COOKIE [sprintf ("%sauth", DBPREFIX)]))) { + + if (!$authentificated && !($con->checkpwdmd5 ($user, + $_COOKIE [$cookie_name]))) { unauthorized_error (); } +} + +function main ($con) { + if (!isset ($_POST ["request"])) { + request_error (); + } + + $pwd = unquote ($_POST["password"]); + $cookie_name = sprintf ("%sauth", DBPREFIX); + // does user only want authentication or does he want to do other things + $auth_only = ($_POST ["request"] == "auth"); + check_auth ($con, $pwd, $cookie_name, $auth_only); switch ($_POST ["request"]) { case "update":