Browse Source

Removed unnecessary unlink from uploader and changed date for the uploads to be based on file time. This allows you to copy files to the server preserving the time it was made and go to /upload/complete to have them processed. Fixed me being lazy so that users can enter a quotation mark without having issues of the HTML code being outputted wrong. Fixed the search field so that it also corrects the HTML output rather than outputting raw data. Added the ability to search by date. Enter a date or a "to: from:" query and it will search the database by that date range.

master
GRMrGecko 11 years ago
parent
commit
255c090a5f
  1. 29
      code/api.php
  2. 3
      code/upload.php
  3. 2
      header.php
  4. 4
      readme.md

29
code/api.php

@ -26,7 +26,7 @@ if (isset($_MGM['user']) && $_MGM['user']['level']==1 && $_MGM['path'][1]=="user
$level = "Moderator";
if ($result['level']==3)
$level = "Tagger";
?><tr><td class="id"><?=$result['docid']?></td><td class="email"><?=$result['email']?></td><td class="level" value="<?=$result['level']?>"><?=$level?></td></tr><?
?><tr><td class="id"><?=htmlspecialchars($result['docid'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?></td><td class="email"><?=htmlspecialchars($result['email'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?></td><td class="level" value="<?=htmlspecialchars($result['level'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>"><?=$level?></td></tr><?
}
}
if ($_MGM['path'][2]=="update") {
@ -92,7 +92,7 @@ if (isset($_MGM['user']) && $_MGM['path'][1]=="tagless") {
$result = databaseFetchAssoc($results);
if ($result!=NULL) {
?>
<span id="image" hash="<?=$result['hash']?>" user="<?=$result['user_id']?>" extension="<?=$result['extension']?>" tags="<?=$result['tags']?>" image_width="<?=$result['width']?>" image_height="<?=$result['height']?>" file_size="<?=$result['file_size']?>" time="<?=$result['time']?>" original="<?=generateURL("data/".$result['hash'].".".$result['extension'])?>"></span>
<span id="image" hash="<?=htmlspecialchars($result['hash'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" user="<?=htmlspecialchars($result['user_id'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" extension="<?=htmlspecialchars($result['extension'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" tags="<?=htmlspecialchars($result['tags'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" image_width="<?=htmlspecialchars($result['width'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" image_height="<?=htmlspecialchars($result['height'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" file_size="<?=htmlspecialchars($result['file_size'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" time="<?=htmlspecialchars($result['time'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" original="<?=generateURL("data/".htmlspecialchars($result['hash'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true).".".htmlspecialchars($result['extension'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true))?>"></span>
<?
}
exit();
@ -102,7 +102,7 @@ if ($_MGM['path'][1]=="hash") {
$result = databaseFetchAssoc($results);
if ($result!=NULL) {
?>
<span id="image" hash="<?=$result['hash']?>" user="<?=$result['user_id']?>" extension="<?=$result['extension']?>" tags="<?=$result['tags']?>" image_width="<?=$result['width']?>" image_height="<?=$result['height']?>" file_size="<?=$result['file_size']?>" time="<?=$result['time']?>" original="<?=generateURL("data/".$result['hash'].".".$result['extension'])?>"></span>
<span id="image" hash="<?=htmlspecialchars($result['hash'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" user="<?=htmlspecialchars($result['user_id'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" extension="<?=htmlspecialchars($result['extension'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" tags="<?=htmlspecialchars($result['tags'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" image_width="<?=htmlspecialchars($result['width'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" image_height="<?=htmlspecialchars($result['height'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" file_size="<?=htmlspecialchars($result['file_size'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" time="<?=htmlspecialchars($result['time'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" original="<?=generateURL("data/".htmlspecialchars($result['hash'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true).".".htmlspecialchars($result['extension'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true))?>"></span>
<?
}
exit();
@ -113,15 +113,30 @@ $offset = $limit*$page;
$filter = (isset($_REQUEST['filter']) ? trim($_REQUEST['filter']) : "");
$results = NULL;
if (!empty($filter))
$results = databaseQuery("SELECT * FROM images WHERE images MATCH %s LIMIT %d,%d", $filter, $offset, $limit);
else
if (!empty($filter)) {
$startTime = 0;
$endTime = 0;
if (preg_match("/(?:[0-9]{4}(?:\s|-)[0-9]{2}(?:\s|-)[0-9]{2}|[0-9]{1,2}\/[0-9]{1,2}\/[0-9]{2,4}|yesterday|today)$/", $filter)) {
$startTime = strtotime($filter);
$endTime = strtotime($filter." 23:59:59");
}
if (preg_match("/From:(?:|\s)([a-z0-9\/\s-:]+)\sTo:(?:|\s)([a-z0-9\/\s-:]+)/i", $filter, $matches)) {
$startTime = strtotime($matches[1]);
$endTime = strtotime($matches[2]);
}
if ($startTime!=0 && $endTime!=0) {
$results = databaseQuery("SELECT * FROM images WHERE time>=%s AND time<=%s ORDER BY time ASC LIMIT %d,%d", $startTime, $endTime, $offset, $limit);
} else {
$results = databaseQuery("SELECT * FROM images WHERE images MATCH %s LIMIT %d,%d", $filter, $offset, $limit);
}
} else {
$results = databaseQuery("SELECT * FROM images ORDER BY time DESC LIMIT %d,%d", $offset, $limit);
}
?><div id="content"><?
$count = 0;
while ($result = databaseFetchAssoc($results)) {
?>
<span class="image" hash="<?=$result['hash']?>" user="<?=$result['user_id']?>" extension="<?=$result['extension']?>" tags="<?=$result['tags']?>" image_width="<?=$result['width']?>" image_height="<?=$result['height']?>" file_size="<?=$result['file_size']?>" time="<?=$result['time']?>" original="<?=generateURL("data/".$result['hash'].".".$result['extension'])?>"><img src="<?=generateURL("thumbs/".$result['hash'].".".$result['extension'])?>" width="<?=$result['thumb_width']?>" height="<?=$result['thumb_height']?>" /></span>
<span class="image" hash="<?=htmlspecialchars($result['hash'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" user="<?=htmlspecialchars($result['user_id'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" extension="<?=htmlspecialchars($result['extension'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" tags="<?=htmlspecialchars($result['tags'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" image_width="<?=htmlspecialchars($result['width'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" image_height="<?=htmlspecialchars($result['height'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" file_size="<?=htmlspecialchars($result['file_size'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" time="<?=htmlspecialchars($result['time'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" original="<?=generateURL("data/".htmlspecialchars($result['hash'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true).".".htmlspecialchars($result['extension'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true))?>"><img src="<?=generateURL("thumbs/".htmlspecialchars($result['hash'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true).".".htmlspecialchars($result['extension'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true))?>" width="<?=htmlspecialchars($result['thumb_width'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" height="<?=htmlspecialchars($result['thumb_height'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" /></span>
<?
$count++;
}

3
code/upload.php

@ -21,7 +21,6 @@ if ($_MGM['path'][1]=="complete") {
echo "Processing ".basename($file)."<br />\n";
if (!file_exists($file)) {
echo "Error: <span style=\"color: #ff0000;\">File does not exist.</span>";
unlink($file);
exit();
}
$allowedExtensions = array("png", "jpg", "jpeg", "gif", "tif", "tiff", "bmp");
@ -133,7 +132,7 @@ if ($_MGM['path'][1]=="complete") {
rename($file, $newFile);
echo "Moved Original.<br />\n";
databaseQuery("INSERT INTO images (user_id,hash,extension,name,file_size,width,height,thumb_file_size,thumb_width,thumb_height,tags,external_data,ocr,time) VALUES (%s,%s,%s,%s,%d,%d,%d,%d,%d,%d,%s,%s,%s,%d)", $_MGM['user']['docid'], $hash, $extension, $filename, $fileSize, $width, $height, filesize($thumbFile), $newWidth, $newHeight, implode(" ", $tags), $external_data, $ocr, $_MGM['time']);
databaseQuery("INSERT INTO images (user_id,hash,extension,name,file_size,width,height,thumb_file_size,thumb_width,thumb_height,tags,external_data,ocr,time) VALUES (%s,%s,%s,%s,%d,%d,%d,%d,%d,%d,%s,%s,%s,%d)", $_MGM['user']['docid'], $hash, $extension, $filename, $fileSize, $width, $height, filesize($thumbFile), $newWidth, $newHeight, implode(" ", $tags), $external_data, $ocr, filemtime($newFile));
echo "Complete.<br />\n";
exit();
}

2
header.php

@ -62,7 +62,7 @@
</ul>
<?if ($_MGM['path'][0]=="") {?>
<form class="navbar-form pull-right" id="filter_form">
<input class="search-query" type="text" placeholder="Filter" id="filter_field" name="filter" value="<?=$_REQUEST['filter']?>" />
<input class="search-query" type="text" placeholder="Filter" id="filter_field" name="filter" value="<?=htmlspecialchars($_REQUEST['filter'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" />
</form>
<?}?>
</div>

4
readme.md

@ -76,6 +76,6 @@ if (isset($received['result']['tags'])) {
You have access to many variables about the file being processed including it's name and extension. Just look at code/upload.php to see what is available.
#Known Problems
There is going to be issues with people who add tags or other user fields that contains a quotation mark or anything else which could interrupt the HTML code (not an sql injection). I was too lazy and didn't want to look up my code for preventing these sorts of issues. So for now, just use it as a personal database. There isn't a public registration module anyway. Maybe when I get time, I'll fix these possible issues.
There isn't any error reporting in the API and there isn't anyway for the user to know that such an error such as network issues or database issues occured.
There isn't any error reporting in the API and there isn't anyway for the user to know that such an error such as network issues or database issues occured.
There isn't a way for users to to sign up. If I were to implement one... The admin would be able to choose rather to allow signups or not.
Loading…
Cancel
Save