-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsubmit.php
88 lines (71 loc) · 2.75 KB
/
submit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
/**
* @author new2net
*
* This script expects one argument:
* 1) $_POST['png_data'] - a VALID rendered PNG
*
* @todo If [these are] not present this script crash with an exception
* @todo reassert this is secure
*/
error_reporting(E_ALL | E_STRICT);
function __autoload($class_name) { require_once('./classes/' . $class_name . '.php'); }
function base64decodeFix($encoded) {
$decoded = '';
for ($i=0; $i < ceil(strlen($encoded)/256); $i++) $decoded .= base64_decode(substr($encoded,$i*256,256));
return $decoded;
}
function isBase64Encoded($encodedString) {
$length = strlen($encodedString);
for ($i = 0; $i < $length; ++$i) {
$c = $encodedString[$i];
if (($c < '0' || $c > '9') && ($c < 'a' || $c > 'z') &&
($c < 'A' || $c > 'Z') && ($c != '+') &&
($c != '/') && ($c != '=')) return false;
}
return true;
}
function getNewShortCode() {
$c = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
$insertStatement = DB::PDO()->prepare('INSERT INTO Painting(shortCode, booleanIsPublic) VALUES (?,1)');
do { #a potentially new random short code
for($_sc='';strlen($_sc)<6;$_sc.=$c[rand(0,61)]) continue;
try {
if($insertStatement->execute(array($_sc)) && $insertStatement->rowCount() == 1) return $_sc;
} catch (PDOException $e) {
if(DB::PDO()->errorCode() != '1062') throw $e; #duplicate key (ShortCode)
}
} while (1); #duplicate key (ShortCode)
}
if(isset($_POST['png_data'])) {
#clean up the argument
$inputPNGBase64 = str_replace('data:image/png;base64,','', $_POST['png_data']);
if(isBase64Encoded($inputPNGBase64)) {
#create a temporary file first (outside of web directory)
$tmpName = '/tmp/'.uniqid('paintbin_'); //@todo make this an ini setting
$fileData = base64decodeFix($inputPNGBase64);
$fileByteSize = file_put_contents($tmpName, $fileData);
if($fileByteSize) { #can not be empty
$imageMetaData = getimagesize($tmpName);
if(is_array($imageMetaData) && $imageMetaData['mime'] == 'image/png') {
$finalImage = imagecreatefrompng($tmpName);
if($finalImage) {
$shortCode = getNewShortCode();
rename($tmpName, "uploads/{$shortCode}.png") ?
die('<a href="'."$shortCode".'">Available Here</a>') :
die ('The file could not be moved!');
} else {
die('The Image data was not valid');
}
} else {
die('the data sent was not an image');
}
} else {
die('the png data was empty, thus invalid');
}
} else {
die('the png data was not encoded (as base64) correctly');
}
} else {
die('png_data was not set');
}