prepare("INSERT INTO posts (author_id,comment_section_id,tags,title,pic_path,preview_path,comments_enabled,edit_lock) VALUES (?,?,?,?,?,?,?,?)"); $s->bind_param("ssssssss", $author, null, $tags, $title, $pic_path, $prev_path, $comms_enabled, $edit_lock); if ($s->execute() !== true) { return new ReturnT(null, 601, "failed to create post record in DB"); } return new ReturnT($result); } if (ThisFileIsRequested(__FILE__)) { require_once("../_json.php"); // Check if there are necessary input if (!(isset($_POST["tags"]) && isset($_FILES["pic"]))) ReturnJSONError($Err_RDP_InvalidArgs, "not enough arguments"); // TODO: add rate-limiting, instead of this // Check user privs if (User_HasRole($THIS_USER, "newbie")) ReturnJSONError($Err_DP_NotEnoughRole, "newbies cant create posts"); // Check image properties // If size is too large if ($_FILES["pic"]["size"] > $Config["media"]["max_pic_size"]) ReturnJSONError($Err_DP_FileTooLarge, "picture is too large"); $TmpFilePath = $_FILES["pic"]["tmp_name"]; $Ext = strtolower(pathinfo($TmpFilePath, PATHINFO_EXTENSION)); // If file extension is not in list of allowed if (in_array($Ext, $Config["media"]["allowed_exts"])) ReturnJSONError($Err_DP_FileWrongType, "file extension is invalid"); // If file mime type is not in list of allowed if (in_array(mime_content_type($TmpFilePath), $Config["media"]["allowed_mimetypes"])) ReturnJSONError($Err_DP_FileWrongType, "file mime type is invalid"); // Check if resolution is bigger than allowed or have unacceptable aspect ratio list($SzX, $SzY, $Type, $Attr) = getimagesize($TmpFilePath); if (!Post_ImageIsValid($SzX, $SzY)) ReturnJSONError($Err_DP_ImageWrongRes, "image with that resolution or aspect ratio cant be accepted"); // TODO: delete image if unacceptable // Copy picture to storage folder Post_StoreImage($TmpFilePath, $Config) // Create post //$success = Post_Create( } ?>