-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfuns.php
More file actions
executable file
·124 lines (106 loc) · 3.9 KB
/
Copy pathfuns.php
File metadata and controls
executable file
·124 lines (106 loc) · 3.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
<?php
// Sanitize user input
function requestFilter($request){
return htmlspecialchars(strip_tags($_POST[$request]));
}
// Handle image upload to the server
function uploadImg($request){
// Return null if no file was uploaded or an upload error occurred
if (!isset($_FILES[$request]) || $_FILES[$request]['error'] === UPLOAD_ERR_NO_FILE){
return null;
}
// Define 1 MB in bytes
define("MB", 1048576);
global $errormsg;
// Generate a unique file name to avoid overwriting existing files
$imageName = uniqid() . "_" . $_FILES[$request]['name'];
$imageSize = $_FILES[$request]['size']; // Retrieve file size
$imageTemp = $_FILES[$request]['tmp_name']; // Retrieve temporary file path
$imageError = $_FILES[$request]['error']; // Retrieve upload error code
$allowedTypes = array('jpg', 'jpeg', 'png', 'gif');
// Extract file extension
$tranlated = explode('.', $imageName);
$extension = strtolower(end($tranlated));
// Check potential upload errors
if ($imageError === UPLOAD_ERR_INI_SIZE) {
$errormsg[] = 'File size exceeds the server limit';
} elseif ($imageError === UPLOAD_ERR_FORM_SIZE) {
$errormsg[] = 'File size exceeds the form limit';
} elseif ($imageError !== UPLOAD_ERR_OK) {
$errormsg[] = 'Unknown upload error (Code ' . $imageError . ')';
}
// Ensure file size does not exceed 2 MB
if($imageSize > 2 * MB){
$errormsg[] = 'Image size exceeds 2 MB';
}
// Validate file extension
if (!in_array($extension, $allowedTypes) && !empty($imageName)) {
$errormsg[] = 'Invalid image type';
}
// If no errors found, upload file
if(empty($errormsg)){
move_uploaded_file($imageTemp, "../images/".$imageName);
return $imageName;
} else {
// Return error list if upload failed
return array("status" => "failed", "error" => $errormsg);
}
}
// Function to delete an image from the server
function deleteImage($dir, $imgName){
// If file exists, delete it
if(file_exists($dir . "/" . $imgName )){
unlink($dir . "/" . $imgName);
return true;
}
return false;
}
// Display image (updated version)
function displayImage($imageName) {
// Clean image name for security using <basename function>
$imageName = basename($imageName);
$imagePath = __DIR__ . '/images/' . $imageName;
// If image exists, display it
if(file_exists($imagePath) && is_file($imagePath)){
// Detect content type based on file extension
$extension = strtolower(pathinfo($imagePath, PATHINFO_EXTENSION));
$contentTypes = [
'jpg' => 'image/jpeg',
'jpeg' => 'image/jpeg',
'png' => 'image/png',
'gif' => 'image/gif'
];
$contentType = $contentTypes[$extension] ?? 'image/jpeg';
header('Content-Type: ' . $contentType); // Set correct header so browser displays the image
header('Cache-Control: max-age=3600'); // Cache image for 1 hour
readfile($imagePath);
return true;
} else {
// Image not found → return 404
http_response_code(404);
header('Content-Type: application/json');
echo json_encode(['status' => 'error', 'message' => 'Image not found']);
return false;
}
}
// Authentication function
function checkAuthenticate(){
$apiKey = $_SERVER['HTTP_API_KEY'] ?? '';
$secretKey = "example";
if($apiKey === $secretKey){
return;
} else {
http_response_code(401);
header('Content-Type: application/json; charset=utf-8');
echo json_encode(['status'=>'error','message'=>'Access denied - Invalid API Key']);
exit;
}
}
// Image display handler (without separate image.php)
if (isset($_GET['img'])) {
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: *');
displayImage($_GET['img']);
exit;
}
?>