Return to Question

Listening to mseancole's advice in my previous post, I have rewritten the code.

Listening to mseancole's advice in my previous post, I have rewritten the code.

Listening to mseancole's advice in my previous post, I have rewritten the code.

function fihHomeIndex() {
global $conf, $DBH;
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
 $prelim_check_errors = array();
 if (@$_POST['ss'] != $_SESSION['shared_secret']) {
 array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
 }
 
 if (empty($_POST['adult'])) {
 array_push($prelim_check_errors, 'Please choose whether this image contains ADULT content or is family safe!');
 } elseif ($_POST['adult'] != 'yes' && $_POST['adult'] != 'no') {
 array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
 }
 
 if (isSpamIP($_SERVER['REMOTE_ADDR']) !== FALSE) {
 array_push($prelim_check_errors, 'Sorry, your IP is listed in one of the spammer lists we use, which aren\'t controlled by us. More information is available at <a href="http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '">http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '</a>.');
 }
 if (count($prelim_check_errors) >= 1) {
 fihRenderErrors($prelim_check_errors);
 } else {
 $upload_errors = array(); 
 $names = $_FILES['fihImageUpload']['name'];
 foreach ($names as $index => $name) {
 if ($_FILES['fihImageUpload']['error'][$index] == UPLOAD_ERR_NO_FILE) {
 unset($names[$index]);
 continue;
 }
 
 if (filesize($_FILES['fihImageUpload']['tmp_name'][$index]) > $conf['upload']['max_file_size']) {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' exceeds filesize limit.');
 unset($names[$index]);
 continue;
 }
 
 if (FALSE !== ($fileInfo = getimagesize($_FILES['fihImageUpload']['tmp_name'][$index]))) {
 if (strrchr($name, '.') == FALSE) {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is missing a file extension.');
 unset($names[$index]);
 continue;
 } elseif (! in_array(substr(strrchr($name, '.'), 1), $conf['upload']['file_types']) ||
 ! in_array($fileInfo['mime'], $conf['upload']['mime_types'])) {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
 unset($names[$index]);
 continue;
 }
 } else {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
 unset($names[$index]);
 continue;
 }
 }
 
 if (empty($names) || count($upload_errors) >= 1) {
 $error_m = empty($upload_errors) ? 'Please choose aleast file to upload!' : $upload_errors;
 fihRenderErrors($error_m);
 } else {
 foreach ($names as $index => $name) {
 $org_name = sanitize(explode('.', $name)[0]) . '.' . explode('.', $name)[1];
 $new_name = sanitize(explode('.', $name)[0], true) . '_' . time() . '.' . explode('.', $name)[1];
 
 if (move_uploaded_file($_FILES['fihImageUpload']['tmp_name'][$index], $conf['storage']['folder'] . 'full/' . $new_name)) {
 $image_info = getimagesize($conf['storage']['folder'] . 'full/' . $new_name);
 
 if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images` (`image_id`, `image_orig_filename`, `image_filename`, `image_adult`) VALUES " . 
 "(NULL, '{$org_name}', '{$new_name}', '{$_POST['adult']}');")) {
 die('Database error');
 }
 
 $image_last_id = $DBH->insert_id;
 $image_dimensions = $image_info[0] . 'x' . $image_info[1];
 $image_filesize = filesize($conf['storage']['folder'] . 'full/' . $new_name);
 
 createThumbnail($new_name, $conf['storage']['folder'] . 'thumb/', $conf['thumbnail']['width'], $conf['thumbnail']['height'], $image_last_id);
 
 if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images_meta` (`meta_id`, `image_id`, `image_ext`, `image_size`) VALUES " .
 "(NULL, '{$image_last_id}', '{$image_dimensions}', '{$image_filesize}');")) {
 die('Database error');
 }
 
 $template_info[$index] = array('id' => $image_last_id);
 header('Location: ' . $conf['base_url'] . 'upload-success/' . base64_encode(serialize($template_info)));
 } else {
 die('Possible hacking attempt. Upload aborted.');
 }
 }
 }
 }
} else {
 # Display the header
 fihDisplayHead();
 # Display the first column, which contains a login form and social networking tools
 fihDisplayFirstColumn();
 # Display the upload section
 fihDisplayUpload();
 # Footer
 fihDisplayFoot();
}
}

Listening to mseancole's advice in my previous post, I have rewritten the code.

function fihHomeIndex() {
global $conf, $DBH;
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
 $prelim_check_errors = array();
 if (@$_POST['ss'] != $_SESSION['shared_secret']) {
 array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
 }
 
 if (empty($_POST['adult'])) {
 array_push($prelim_check_errors, 'Please choose whether this image contains ADULT content or is family safe!');
 } elseif ($_POST['adult'] != 'yes' && $_POST['adult'] != 'no') {
 array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
 }
 
 if (isSpamIP($_SERVER['REMOTE_ADDR']) !== FALSE) {
 array_push($prelim_check_errors, 'Sorry, your IP is listed in one of the spammer lists we use, which aren\'t controlled by us. More information is available at <a href="http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '">http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '</a>.');
 }
 if (count($prelim_check_errors) >= 1) {
 fihRenderErrors($prelim_check_errors);
 } else {
 $upload_errors = array(); 
 $names = $_FILES['fihImageUpload']['name'];
 foreach ($names as $index => $name) {
 if ($_FILES['fihImageUpload']['error'][$index] == UPLOAD_ERR_NO_FILE) {
 unset($names[$index]);
 continue;
 }
 
 if (filesize($_FILES['fihImageUpload']['tmp_name'][$index]) > $conf['upload']['max_file_size']) {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' exceeds filesize limit.');
 unset($names[$index]);
 continue;
 }
 
 if (FALSE !== ($fileInfo = getimagesize($_FILES['fihImageUpload']['tmp_name'][$index]))) {
 if (strrchr($name, '.') == FALSE) {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is missing a file extension.');
 unset($names[$index]);
 continue;
 } elseif (! in_array(substr(strrchr($name, '.'), 1), $conf['upload']['file_types']) ||
 ! in_array($fileInfo['mime'], $conf['upload']['mime_types'])) {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
 unset($names[$index]);
 continue;
 }
 } else {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
 unset($names[$index]);
 continue;
 }
 }
 
 if (empty($names) || count($upload_errors) >= 1) {
 $error_m = empty($upload_errors) ? 'Please choose aleast file to upload!' : $upload_errors;
 fihRenderErrors($error_m);
 } else {
 foreach ($names as $index => $name) {
 $org_name = sanitize(explode('.', $name)[0]) . '.' . explode('.', $name)[1];
 $new_name = sanitize(explode('.', $name)[0], true) . '_' . time() . '.' . explode('.', $name)[1];
 
 if (move_uploaded_file($_FILES['fihImageUpload']['tmp_name'][$index], $conf['storage']['folder'] . 'full/' . $new_name)) {
 $image_info = getimagesize($conf['storage']['folder'] . 'full/' . $new_name);
 
 if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images` (`image_id`, `image_orig_filename`, `image_filename`, `image_adult`) VALUES " . 
 "(NULL, '{$org_name}', '{$new_name}', '{$_POST['adult']}');")) {
 die('Database error');
 }
 
 $image_last_id = $DBH->insert_id;
 $image_dimensions = $image_info[0] . 'x' . $image_info[1];
 $image_filesize = filesize($conf['storage']['folder'] . 'full/' . $new_name);
 
 createThumbnail($new_name, $conf['storage']['folder'] . 'thumb/', $conf['thumbnail']['width'], $conf['thumbnail']['height'], $image_last_id);
 
 if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images_meta` (`meta_id`, `image_id`, `image_ext`, `image_size`) VALUES " .
 "(NULL, '{$image_last_id}', '{$image_dimensions}', '{$image_filesize}');")) {
 die('Database error');
 }
 
 $template_info[$index] = array('id' => $image_last_id);
 header('Location: ' . $conf['base_url'] . 'upload-success/' . base64_encode(serialize($template_info)));
 } else {
 die('Possible hacking attempt. Upload aborted.');
 }
 }
 }
 }
 } else {
 # Display the header
 fihDisplayHead();
 # Display the first column, which contains a login form and social networking tools
 fihDisplayFirstColumn();
 # Display the upload section
 fihDisplayUpload();
 # Footer
 fihDisplayFoot();
}
}

function fihHomeIndex() {
global $conf, $DBH;
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
 $prelim_check_errors = array();
 
 if (empty($_POST['adult'])) {
 array_push($prelim_check_errors, 'Please choose whether this image contains ADULT content or is family safe!');
 } elseif ($_POST['adult'] != 'yes' && $_POST['adult'] != 'no') {
 array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
 }
 
 if (isSpamIP($_SERVER['REMOTE_ADDR']) !== FALSE) {
 array_push($prelim_check_errors, 'Sorry, your IP is listed in one of the spammer lists we use, which aren\'t controlled by us. More information is available at <a href="http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '">http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '</a>.');
 }
 if (count($prelim_check_errors) >= 1) {
 fihRenderErrors($prelim_check_errors);
 } else {
 $upload_errors = array(); 
 $names = $_FILES['fihImageUpload']['name'];
 foreach ($names as $index => $name) {
 if ($_FILES['fihImageUpload']['error'][$index] == UPLOAD_ERR_NO_FILE) {
 unset($names[$index]);
 continue;
 }
 
 if (filesize($_FILES['fihImageUpload']['tmp_name'][$index]) > $conf['upload']['max_file_size']) {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' exceeds filesize limit.');
 unset($names[$index]);
 continue;
 }
 
 if (FALSE !== ($fileInfo = getimagesize($_FILES['fihImageUpload']['tmp_name'][$index]))) {
 if (strrchr($name, '.') == FALSE) {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is missing a file extension.');
 unset($names[$index]);
 continue;
 } elseif (! in_array(substr(strrchr($name, '.'), 1), $conf['upload']['file_types']) ||
 ! in_array($fileInfo['mime'], $conf['upload']['mime_types'])) {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
 unset($names[$index]);
 continue;
 }
 } else {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
 unset($names[$index]);
 continue;
 }
 }
 
 if (empty($names) || count($upload_errors) >= 1) {
 $error_m = empty($upload_errors) ? 'Please choose aleast file to upload!' : $upload_errors;
 fihRenderErrors($error_m);
 } else {
 foreach ($names as $index => $name) {
 $org_name = sanitize(explode('.', $name)[0]) . '.' . explode('.', $name)[1];
 $new_name = sanitize(explode('.', $name)[0], true) . '_' . time() . '.' . explode('.', $name)[1];
 
 if (move_uploaded_file($_FILES['fihImageUpload']['tmp_name'][$index], $conf['storage']['folder'] . 'full/' . $new_name)) {
 $image_info = getimagesize($conf['storage']['folder'] . 'full/' . $new_name);
 
 if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images` (`image_id`, `image_orig_filename`, `image_filename`, `image_adult`) VALUES " . 
 "(NULL, '{$org_name}', '{$new_name}', '{$_POST['adult']}');")) {
 die('Database error');
 }
 
 $image_last_id = $DBH->insert_id;
 $image_dimensions = $image_info[0] . 'x' . $image_info[1];
 $image_filesize = filesize($conf['storage']['folder'] . 'full/' . $new_name);
 
 createThumbnail($new_name, $conf['storage']['folder'] . 'thumb/', $conf['thumbnail']['width'], $conf['thumbnail']['height'], $image_last_id);
 
 if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images_meta` (`meta_id`, `image_id`, `image_ext`, `image_size`) VALUES " .
 "(NULL, '{$image_last_id}', '{$image_dimensions}', '{$image_filesize}');")) {
 die('Database error');
 }
 
 $template_info[$index] = array('id' => $image_last_id);
 header('Location: ' . $conf['base_url'] . 'upload-success/' . base64_encode(serialize($template_info)));
 } else {
 die('Possible hacking attempt. Upload aborted.');
 }
 }
 }
 }
} else {
 # Display the header
 fihDisplayHead();
 # Display the first column, which contains a login form and social networking tools
 fihDisplayFirstColumn();
 # Display the upload section
 fihDisplayUpload();
 # Footer
 fihDisplayFoot();
}
}

function fihHomeIndex() {
global $conf, $DBH;
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
 $prelim_check_errors = array();

 if (@$_POST['ss'] != $_SESSION['shared_secret']) {
 array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
 }
 
 if (empty($_POST['adult'])) {
 array_push($prelim_check_errors, 'Please choose whether this image contains ADULT content or is family safe!');
 } elseif ($_POST['adult'] != 'yes' && $_POST['adult'] != 'no') {
 array_push($prelim_check_errors, 'Possible hacking attempt. Upload aborted.');
 }
 
 if (isSpamIP($_SERVER['REMOTE_ADDR']) !== FALSE) {
 array_push($prelim_check_errors, 'Sorry, your IP is listed in one of the spammer lists we use, which aren\'t controlled by us. More information is available at <a href="http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '">http://www.dnsbl.info/dnsbl-database-check.php?IP=' . $_SERVER['REMOTE_ADDR'] . '</a>.');
 }
 if (count($prelim_check_errors) >= 1) {
 fihRenderErrors($prelim_check_errors);
 } else {
 $upload_errors = array(); 
 $names = $_FILES['fihImageUpload']['name'];
 foreach ($names as $index => $name) {
 if ($_FILES['fihImageUpload']['error'][$index] == UPLOAD_ERR_NO_FILE) {
 unset($names[$index]);
 continue;
 }
 
 if (filesize($_FILES['fihImageUpload']['tmp_name'][$index]) > $conf['upload']['max_file_size']) {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' exceeds filesize limit.');
 unset($names[$index]);
 continue;
 }
 
 if (FALSE !== ($fileInfo = getimagesize($_FILES['fihImageUpload']['tmp_name'][$index]))) {
 if (strrchr($name, '.') == FALSE) {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is missing a file extension.');
 unset($names[$index]);
 continue;
 } elseif (! in_array(substr(strrchr($name, '.'), 1), $conf['upload']['file_types']) ||
 ! in_array($fileInfo['mime'], $conf['upload']['mime_types'])) {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
 unset($names[$index]);
 continue;
 }
 } else {
 array_push($upload_errors, htmlspecialchars(strip_tags(utf8_decode($name))) . ' is not an image.');
 unset($names[$index]);
 continue;
 }
 }
 
 if (empty($names) || count($upload_errors) >= 1) {
 $error_m = empty($upload_errors) ? 'Please choose aleast file to upload!' : $upload_errors;
 fihRenderErrors($error_m);
 } else {
 foreach ($names as $index => $name) {
 $org_name = sanitize(explode('.', $name)[0]) . '.' . explode('.', $name)[1];
 $new_name = sanitize(explode('.', $name)[0], true) . '_' . time() . '.' . explode('.', $name)[1];
 
 if (move_uploaded_file($_FILES['fihImageUpload']['tmp_name'][$index], $conf['storage']['folder'] . 'full/' . $new_name)) {
 $image_info = getimagesize($conf['storage']['folder'] . 'full/' . $new_name);
 
 if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images` (`image_id`, `image_orig_filename`, `image_filename`, `image_adult`) VALUES " . 
 "(NULL, '{$org_name}', '{$new_name}', '{$_POST['adult']}');")) {
 die('Database error');
 }
 
 $image_last_id = $DBH->insert_id;
 $image_dimensions = $image_info[0] . 'x' . $image_info[1];
 $image_filesize = filesize($conf['storage']['folder'] . 'full/' . $new_name);
 
 createThumbnail($new_name, $conf['storage']['folder'] . 'thumb/', $conf['thumbnail']['width'], $conf['thumbnail']['height'], $image_last_id);
 
 if (! $DBH->query("INSERT INTO `{$conf['db']['table_prefix']}images_meta` (`meta_id`, `image_id`, `image_ext`, `image_size`) VALUES " .
 "(NULL, '{$image_last_id}', '{$image_dimensions}', '{$image_filesize}');")) {
 die('Database error');
 }
 
 $template_info[$index] = array('id' => $image_last_id);
 header('Location: ' . $conf['base_url'] . 'upload-success/' . base64_encode(serialize($template_info)));
 } else {
 die('Possible hacking attempt. Upload aborted.');
 }
 }
 }
 }
} else {
 # Display the header
 fihDisplayHead();
 # Display the first column, which contains a login form and social networking tools
 fihDisplayFirstColumn();
 # Display the upload section
 fihDisplayUpload();
 # Footer
 fihDisplayFoot();
}
}