e949/api/post/create.php

<?php // Create new post

// Includes
require_once("../_auth.php");
require_once("../_utils.php");
require_once("../_types.php");
require_once("../user/index.php");



/*
 * FUNCTION
 * Check if image size properties are valid
 */
function ImageSizeIsValid ($x, $y) {
	global $Config;

	return ($x <= $Config["media"]["max_pic_res"]["x"])
		&& ($y <= $Config["media"]["max_pic_res"]["y"])
		&& (GetRatio($x, $y) <= $Config["media"]["max_pic_res"]["ratio"]);
}

/*
 * FUNCTION
 * Create preview version of image
 */
function Post_CreatePreviewFromImage ($src, $dst) {
	$img = null;

	// Reading image from source path
	switch (mime_content_type($src)) {
		case "image/jpeg":
			$img = imagecreatefromjpeg($src);
			break;
		case "image/png":
			$img = imagecreatefrompng($src);
			break;
		default:
			throw new Exception("invalid mime type");
	}

	// Saving it as LQ JPEG
	imagejpeg($img, $dst, 30);
}

/*
 * FUNCTION
 * Store image
 */
function Post_StoreImage ($path, $preview = true) {
	global $Config;

	// Paths
	$ext = strtolower(pathinfo($path, PATHINFO_EXTENSION));
	$fileName = strval(time()) . "_" . GenerateRandomString(4);
	$targetDir = "../../" . $Config["media"]["pics_path"];
	$targetPath = JoinPaths($targetDir, $fileName . "." . $ext);

	// Creating preview file
	if ($Config["media"]["previews_enabled"] && $preview) {
		$previewDir = "../../" . $Config["media"]["prevs_path"];
		$previewPath = JoinPaths($previewDir, $fileName . ".jpg");
		Post_CreatePreviewFromImage($path, $previewPath);
	}

	move_uploaded_file($path, $targetPath);
}



/*
 * METHOD
 * Create single publication
 */
function Post_Create ($author, $tags, $pic_path, $title = null, $prev_path = null, $comms_enabled = false, $edit_lock = false): ReturnT {
	global $db;

	$result = null;

	// Check post params
	// Author ID should exist
	if (!User_IDExist($author))
		// TODO

	// Performing SQL query
	$s = $db->prepare("INSERT INTO posts (author_id,comment_section_id,tags,title,pic_path,preview_path,comments_enabled,edit_lock) VALUES (?,?,?,?,?,?,?,?)");
	$s->bind_param("ssssssss", $author, null, $tags, $title, $pic_path, $prev_path, $comms_enabled, $edit_lock);

	if ($s->execute() !== true) {
		return new ReturnT(null, 601, "failed to create post record in DB");
	}

	return new ReturnT($result);
}



if (ThisFileIsRequested(__FILE__)) {
	require_once("../_json.php");

	// Check if there are necessary input
	if (!(isset($_POST["tags"]) && isset($_FILES["pic"])))
		ReturnJSONError($Err_RDP_InvalidArgs, "not enough arguments");

	// TODO: add rate-limiting, instead of this
	// Check user privs
	if (User_HasRole($THIS_USER, "newbie"))
		ReturnJSONError($Err_DP_NotEnoughRole, "newbies cant create posts");

	// Check image properties

	// If size is too large
	if ($_FILES["pic"]["size"] > $Config["media"]["max_pic_size"])
		ReturnJSONError($Err_DP_FileTooLarge, "picture is too large");

	$TmpFilePath = $_FILES["pic"]["tmp_name"];
	$Ext = strtolower(pathinfo($TmpFilePath, PATHINFO_EXTENSION));

	// If file extension is not in list of allowed
	if (in_array($Ext, $Config["media"]["allowed_exts"]))
		ReturnJSONError($Err_DP_FileWrongType, "file extension is invalid");
	// If file mime type is not in list of allowed
	if (in_array(mime_content_type($TmpFilePath), $Config["media"]["allowed_mimetypes"]))
		ReturnJSONError($Err_DP_FileWrongType, "file mime type is invalid");

	// Check if resolution is bigger than allowed or have unacceptable aspect ratio
	list($SzX, $SzY, $Type, $Attr) = getimagesize($TmpFilePath);
	if (!Post_ImageIsValid($SzX, $SzY))
		ReturnJSONError($Err_DP_ImageWrongRes, "image with that resolution or aspect ratio cant be accepted");

	// TODO: delete image if unacceptable

	// Copy picture to storage folder
	Post_StoreImage($TmpFilePath, $Config)

	// Create post
	//$success = Post_Create(
}

?>