Добавил проверку изображения в апи постов и ещё по мелочи
This commit is contained in:
parent
9a4658f3ea
commit
e487ed79c4
5
TODO.md
5
TODO.md
@ -20,9 +20,8 @@
|
||||
- Айди приглашения
|
||||
- Роли
|
||||
- Новичок
|
||||
- Может оценивать посты, но не более n в день
|
||||
- Может создавать посты, но не более n в день и только с одобренными тегами
|
||||
- Может удалять свои посты
|
||||
- Может оценивать посты
|
||||
- Не может создавать посты
|
||||
- Может устанавливать себе аватарку
|
||||
- Проверенный
|
||||
- Нет лимитов на оценку постов
|
||||
|
||||
@ -23,6 +23,7 @@ function EndSession () {
|
||||
session_start();
|
||||
|
||||
$LOGGED_IN = false;
|
||||
$THIS_USER = null; // ID of logged in user
|
||||
|
||||
if (session_status() === PHP_SESSION_ACTIVE && isset($_SESSION["userid"])) { // If there are active session
|
||||
// Check if user still exist
|
||||
@ -35,6 +36,7 @@ if (session_status() === PHP_SESSION_ACTIVE && isset($_SESSION["userid"])) { //
|
||||
die("user id used in session does not exist");
|
||||
}
|
||||
$LOGGED_IN = true;
|
||||
$THIS_USER = $_SESSION["userid"];
|
||||
} elseif (session_status() === PHP_SESSION_DISABLED) { // If sessions are disabled
|
||||
die("ERROR: please enable sessions in php config");
|
||||
}
|
||||
|
||||
@ -13,4 +13,7 @@ $Err_DP_IDNotFound = "dp.idnotfound"; // Resource not found by request
|
||||
$Err_DP_AlreadyLoggedIn = "dp.alreadyloggedin"; // User already logged into account
|
||||
$Err_DP_RegClosed = "dp.regclosed"; // Registration is closed
|
||||
$Err_DP_NotEnoughRole = "dp.notenoughrole"; // Power level is not enough for performing action
|
||||
$Err_DP_FileTooLarge = "dp.filetoolarge"; // Size of file in request is too large
|
||||
$Err_DP_FileWrongType = "dp.filewrongtype"; // Type of file is invalid
|
||||
$Err_DP_ImageWrongRes = "dp.imagewrongres"; // Resolution of image is invalid
|
||||
?>
|
||||
@ -18,4 +18,11 @@ function GenerateRandomString (int $length, string $keyspace = "abcdefghijklmnop
|
||||
return implode('', $pieces);
|
||||
}
|
||||
|
||||
// Get aspect ratio from width and height
|
||||
function GetAspectRatio ($x, $y) {
|
||||
if ($x === $y)
|
||||
return 1;
|
||||
return max($x, $y) / min($x, $y);
|
||||
}
|
||||
|
||||
?>
|
||||
@ -2,6 +2,7 @@
|
||||
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../user/index.php");
|
||||
|
||||
|
||||
|
||||
@ -30,7 +31,31 @@ if (ThisFileIsRequested(__FILE__)) {
|
||||
if (!(isset($_POST["tags"]) && isset($_FILES["pic"])))
|
||||
ReturnJSONError($Err_RDP_InvalidArgs, "not enough arguments");
|
||||
|
||||
// TODO
|
||||
// TODO: add rate-limiting, instead of this
|
||||
// Check user privs
|
||||
if (User_HasRole($THIS_USER, "newbie"))
|
||||
ReturnJSONError($Err_DP_NotEnoughRole, "newbies cant create posts");
|
||||
|
||||
// Check image properties
|
||||
|
||||
// If size is too large
|
||||
if ($_FILES["pic"]["size"] > $Config["media"]["max_pic_size"])
|
||||
ReturnJSONError($Err_DP_FileTooLarge, "picture is too large");
|
||||
|
||||
$TmpFilePath = $_FILES["pic"]["tmp_name"];
|
||||
$Ext = strtolower(pathinfo($TmpFilePath, PATHINFO_EXTENSION));
|
||||
|
||||
// If file extension is not in list of allowed
|
||||
if (in_array($Ext, $Config["media"]["allowed_exts"]))
|
||||
ReturnJSONError($Err_DP_FileWrongType, "file extension is invalid");
|
||||
// If file mime type is not in list of allowed
|
||||
if (in_array(mime_content_type($TmpFilePath), $Config["media"]["allowed_mimetypes"]))
|
||||
ReturnJSONError($Err_DP_FileWrongType, "file mime type is invalid");
|
||||
|
||||
// Check if resolution is bigger than allowed or have unacceptable aspect ratio
|
||||
list($SzX, $SzY, $Type, $Attr) = getimagesize($TmpFilePath);
|
||||
if ($SzX > $Config["media"]["max_pic_res"]["x"] || $SzY > $Config["media"]["max_pic_res"]["y"] || (GetAspectRatio($SzX, $SzY) > $Config["media"]["max_pic_res"]["ratio"]))
|
||||
ReturnJSONError($Err_DP_ImageWrongRes, "image with that resolution or aspect ratio cant be accepted");
|
||||
}
|
||||
|
||||
?>
|
||||
@ -49,7 +49,7 @@ function Post_GetByID ($id) {
|
||||
$result["preview_path"] = $d["preview_path"];
|
||||
$result["edit_lock"] = $d["edit_lock"];
|
||||
|
||||
Post_AddView($id);
|
||||
Post_AddView($id); // TODO: add rate-limit or completely rework
|
||||
|
||||
return $result;
|
||||
}
|
||||
@ -67,8 +67,6 @@ if (ThisFileIsRequested(__FILE__)) {
|
||||
ReturnJSONError($Err_RDP_InvalidID, "id must be specified");
|
||||
}
|
||||
|
||||
// TODO: check permissions
|
||||
|
||||
$ResponseData = Post_GetByID($_REQUEST["id"]);
|
||||
if ($ResponseData)
|
||||
ReturnJSONData($ResponseData);
|
||||
|
||||
@ -54,7 +54,7 @@ function User_IsMod ($id) {
|
||||
|
||||
// Get user information from DB
|
||||
function User_GetInfoByID ($id) {
|
||||
global $db;
|
||||
global $db, $THIS_USER;
|
||||
|
||||
$result = array();
|
||||
|
||||
@ -73,7 +73,7 @@ function User_GetInfoByID ($id) {
|
||||
$result["avatar_path"] = $d["avatar_path"];
|
||||
$result["role"] = $d["role"];
|
||||
$result["banned"] = $d["banned"];
|
||||
if (($id === $_SESSION["userid"]) || User_IsMod($_SESSION["userid"])) { // User himself and mods can see additional info
|
||||
if (($id === $THIS_USER) || User_IsMod($THIS_USER)) { // User himself and mods can see additional info
|
||||
$result["email"] = $d["email"];
|
||||
$result["invite_id"] = $d["invite_id"];
|
||||
}
|
||||
@ -94,7 +94,7 @@ if (ThisFileIsRequested(__FILE__)) {
|
||||
$UserID = intval($_REQUEST["id"]);
|
||||
} else {
|
||||
if ($LOGGED_IN)
|
||||
$UserID = $_SESSION["userid"];
|
||||
$UserID = $THIS_USER;
|
||||
else
|
||||
ReturnJSONError($Err_RDP_InvalidID, "id must be specified or valid session must be provided");
|
||||
}
|
||||
|
||||
@ -17,6 +17,11 @@
|
||||
},
|
||||
"media": {
|
||||
"max_pic_size": 56623104,
|
||||
"max_pic_res": {
|
||||
"x": 8192,
|
||||
"y": 8192,
|
||||
"ratio": 20
|
||||
},
|
||||
"allowed_exts": [
|
||||
"jpg",
|
||||
"jpeg",
|
||||
|
||||
Loading…
Reference in New Issue
Block a user