e949/api/post/create.php

61 lines
2.0 KiB
PHP

<?php // Create new post
require_once("../_auth.php");
require_once("../_utils.php");
require_once("../user/index.php");
// Create single publication
function Post_Create ($author, $tags, $pic_path, $title = null, $prev_path = null, $comms_enabled = false, $edit_lock = false) {
global $db;
// $s = $db->prepare("INSERT ...");
// $s->bind_param("s", $author);
// $s->execute();
// $d = $s->get_result()->fetch_assoc();
//
// if (!(bool)$d) {
// return null;
// }
return $result;
}
if (ThisFileIsRequested(__FILE__)) {
require_once("../_json.php");
// Check if there are necessary input
if (!(isset($_POST["tags"]) && isset($_FILES["pic"])))
ReturnJSONError($Err_RDP_InvalidArgs, "not enough arguments");
// TODO: add rate-limiting, instead of this
// Check user privs
if (User_HasRole($THIS_USER, "newbie"))
ReturnJSONError($Err_DP_NotEnoughRole, "newbies cant create posts");
// Check image properties
// If size is too large
if ($_FILES["pic"]["size"] > $Config["media"]["max_pic_size"])
ReturnJSONError($Err_DP_FileTooLarge, "picture is too large");
$TmpFilePath = $_FILES["pic"]["tmp_name"];
$Ext = strtolower(pathinfo($TmpFilePath, PATHINFO_EXTENSION));
// If file extension is not in list of allowed
if (in_array($Ext, $Config["media"]["allowed_exts"]))
ReturnJSONError($Err_DP_FileWrongType, "file extension is invalid");
// If file mime type is not in list of allowed
if (in_array(mime_content_type($TmpFilePath), $Config["media"]["allowed_mimetypes"]))
ReturnJSONError($Err_DP_FileWrongType, "file mime type is invalid");
// Check if resolution is bigger than allowed or have unacceptable aspect ratio
list($SzX, $SzY, $Type, $Attr) = getimagesize($TmpFilePath);
if ($SzX > $Config["media"]["max_pic_res"]["x"] || $SzY > $Config["media"]["max_pic_res"]["y"] || (GetAspectRatio($SzX, $SzY) > $Config["media"]["max_pic_res"]["ratio"]))
ReturnJSONError($Err_DP_ImageWrongRes, "image with that resolution or aspect ratio cant be accepted");
}
?>