diff --git a/code/api.php b/code/api.php index b499c80..3c47638 100644 --- a/code/api.php +++ b/code/api.php @@ -26,7 +26,7 @@ if (isset($_MGM['user']) && $_MGM['user']['level']==1 && $_MGM['path'][1]=="user $level = "Moderator"; if ($result['level']==3) $level = "Tagger"; - ?> - "> + "> - "> + "> =%s AND time<=%s ORDER BY time ASC LIMIT %d,%d", $startTime, $endTime, $offset, $limit); + } else { + $results = databaseQuery("SELECT * FROM images WHERE images MATCH %s LIMIT %d,%d", $filter, $offset, $limit); + } +} else { $results = databaseQuery("SELECT * FROM images ORDER BY time DESC LIMIT %d,%d", $offset, $limit); +} ?>
- ">" width="" height="" /> + ">" width="" height="" /> \n"; if (!file_exists($file)) { echo "Error: File does not exist."; - unlink($file); exit(); } $allowedExtensions = array("png", "jpg", "jpeg", "gif", "tif", "tiff", "bmp"); @@ -133,7 +132,7 @@ if ($_MGM['path'][1]=="complete") { rename($file, $newFile); echo "Moved Original.
\n"; - databaseQuery("INSERT INTO images (user_id,hash,extension,name,file_size,width,height,thumb_file_size,thumb_width,thumb_height,tags,external_data,ocr,time) VALUES (%s,%s,%s,%s,%d,%d,%d,%d,%d,%d,%s,%s,%s,%d)", $_MGM['user']['docid'], $hash, $extension, $filename, $fileSize, $width, $height, filesize($thumbFile), $newWidth, $newHeight, implode(" ", $tags), $external_data, $ocr, $_MGM['time']); + databaseQuery("INSERT INTO images (user_id,hash,extension,name,file_size,width,height,thumb_file_size,thumb_width,thumb_height,tags,external_data,ocr,time) VALUES (%s,%s,%s,%s,%d,%d,%d,%d,%d,%d,%s,%s,%s,%d)", $_MGM['user']['docid'], $hash, $extension, $filename, $fileSize, $width, $height, filesize($thumbFile), $newWidth, $newHeight, implode(" ", $tags), $external_data, $ocr, filemtime($newFile)); echo "Complete.
\n"; exit(); } diff --git a/header.php b/header.php index f8415f6..1af53b2 100644 --- a/header.php +++ b/header.php @@ -62,7 +62,7 @@
diff --git a/readme.md b/readme.md index 534b313..492e753 100644 --- a/readme.md +++ b/readme.md @@ -76,6 +76,6 @@ if (isset($received['result']['tags'])) { You have access to many variables about the file being processed including it's name and extension. Just look at code/upload.php to see what is available. #Known Problems -There is going to be issues with people who add tags or other user fields that contains a quotation mark or anything else which could interrupt the HTML code (not an sql injection). I was too lazy and didn't want to look up my code for preventing these sorts of issues. So for now, just use it as a personal database. There isn't a public registration module anyway. Maybe when I get time, I'll fix these possible issues. +There isn't any error reporting in the API and there isn't anyway for the user to know that such an error such as network issues or database issues occured. -There isn't any error reporting in the API and there isn't anyway for the user to know that such an error such as network issues or database issues occured. \ No newline at end of file +There isn't a way for users to to sign up. If I were to implement one... The admin would be able to choose rather to allow signups or not. \ No newline at end of file