2018-07-30 23:43:12 +02:00
|
|
|
<?php defined('BLUDIT') or die('Bludit CMS.');
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
|
2018-10-29 18:21:42 +01:00
|
|
|
// $_POST
|
|
|
|
// ----------------------------------------------------------------------------
|
|
|
|
// (string) $_POST['username']
|
|
|
|
$username = empty($_POST['username']) ? false : $_POST['username'];
|
|
|
|
// ----------------------------------------------------------------------------
|
|
|
|
|
|
|
|
if ($username===false) {
|
2019-01-31 20:07:59 +01:00
|
|
|
ajaxResponse(1, 'Error in username.');
|
2018-10-29 18:21:42 +01:00
|
|
|
}
|
|
|
|
|
2018-07-30 23:43:12 +02:00
|
|
|
if (!isset($_FILES['profilePictureInputFile'])) {
|
2019-01-31 20:07:59 +01:00
|
|
|
ajaxResponse(1, 'Error trying to upload the profile picture.');
|
2018-07-30 23:43:12 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// File extension
|
2019-03-10 18:27:24 +01:00
|
|
|
$allowedExtensions = array('gif', 'png', 'jpg', 'jpeg', 'svg');
|
|
|
|
$fileExtension = pathinfo($_FILES['profilePictureInputFile']['name'], PATHINFO_EXTENSION);
|
|
|
|
if (!in_array($fileExtension, $allowedExtensions) ) {
|
|
|
|
$message = 'File type is not supported. Allowed types: '.implode(', ',$allowedExtensions);
|
|
|
|
Log::set($message, LOG_TYPE_ERROR);
|
|
|
|
ajaxResponse(1, $message);
|
|
|
|
}
|
|
|
|
|
2018-07-30 23:43:12 +02:00
|
|
|
// Tmp filename
|
|
|
|
$tmpFilename = $username.'.'.$fileExtension;
|
2019-03-10 18:27:24 +01:00
|
|
|
|
2018-07-30 23:43:12 +02:00
|
|
|
// Final filename
|
|
|
|
$filename = $username.'.png';
|
|
|
|
|
2019-03-10 18:27:24 +01:00
|
|
|
// Check path traversal
|
2019-03-10 18:28:29 +01:00
|
|
|
if (Text::stringContains($username, DS, false)) {
|
2019-03-10 18:27:24 +01:00
|
|
|
$message = 'Path traversal detected.';
|
|
|
|
Log::set($message, LOG_TYPE_ERROR);
|
|
|
|
ajaxResponse(1, $message);
|
|
|
|
}
|
|
|
|
|
2018-07-30 23:43:12 +02:00
|
|
|
// Move from temporary directory to uploads folder
|
|
|
|
rename($_FILES['profilePictureInputFile']['tmp_name'], PATH_TMP.$tmpFilename);
|
|
|
|
|
|
|
|
// Resize and convert to png
|
|
|
|
$image = new Image();
|
|
|
|
$image->setImage(PATH_TMP.$tmpFilename, PROFILE_IMG_WIDTH, PROFILE_IMG_HEIGHT, 'crop');
|
|
|
|
$image->saveImage(PATH_UPLOADS_PROFILES.$filename, PROFILE_IMG_QUALITY, false, true);
|
|
|
|
|
|
|
|
// Remove the tmp file
|
|
|
|
unlink(PATH_TMP.$tmpFilename);
|
|
|
|
|
|
|
|
// Permissions
|
|
|
|
chmod(PATH_UPLOADS_PROFILES.$filename, 0644);
|
|
|
|
|
2019-01-31 20:07:59 +01:00
|
|
|
ajaxResponse(0, 'Image uploaded.', array(
|
2018-07-30 23:43:12 +02:00
|
|
|
'filename'=>$filename,
|
|
|
|
'absoluteURL'=>DOMAIN_UPLOADS_PROFILES.$filename,
|
|
|
|
'absolutePath'=>PATH_UPLOADS_PROFILES.$filename
|
2019-01-31 20:07:59 +01:00
|
|
|
));
|
2018-07-30 23:43:12 +02:00
|
|
|
|
|
|
|
?>
|