From 255c090a5f5b289ae062b45e8df1e2b1d978fc14 Mon Sep 17 00:00:00 2001 From: GRMrGecko Date: Sat, 8 Jun 2013 10:14:54 -0500 Subject: [PATCH] Removed unnecessary unlink from uploader and changed date for the uploads to be based on file time. This allows you to copy files to the server preserving the time it was made and go to /upload/complete to have them processed. Fixed me being lazy so that users can enter a quotation mark without having issues of the HTML code being outputted wrong. Fixed the search field so that it also corrects the HTML output rather than outputting raw data. Added the ability to search by date. Enter a date or a "to: from:" query and it will search the database by that date range. --- code/api.php | 29 ++++++++++++++++++++++------- code/upload.php | 3 +-- header.php | 2 +- readme.md | 4 ++-- 4 files changed, 26 insertions(+), 12 deletions(-) diff --git a/code/api.php b/code/api.php index b499c80..3c47638 100644 --- a/code/api.php +++ b/code/api.php @@ -26,7 +26,7 @@ if (isset($_MGM['user']) && $_MGM['user']['level']==1 && $_MGM['path'][1]=="user $level = "Moderator"; if ($result['level']==3) $level = "Tagger"; - ?> - "> + "> - "> + "> =%s AND time<=%s ORDER BY time ASC LIMIT %d,%d", $startTime, $endTime, $offset, $limit); + } else { + $results = databaseQuery("SELECT * FROM images WHERE images MATCH %s LIMIT %d,%d", $filter, $offset, $limit); + } +} else { $results = databaseQuery("SELECT * FROM images ORDER BY time DESC LIMIT %d,%d", $offset, $limit); +} ?>
- ">" width="" height="" /> + ">" width="" height="" /> \n"; if (!file_exists($file)) { echo "Error: File does not exist."; - unlink($file); exit(); } $allowedExtensions = array("png", "jpg", "jpeg", "gif", "tif", "tiff", "bmp"); @@ -133,7 +132,7 @@ if ($_MGM['path'][1]=="complete") { rename($file, $newFile); echo "Moved Original.
\n"; - databaseQuery("INSERT INTO images (user_id,hash,extension,name,file_size,width,height,thumb_file_size,thumb_width,thumb_height,tags,external_data,ocr,time) VALUES (%s,%s,%s,%s,%d,%d,%d,%d,%d,%d,%s,%s,%s,%d)", $_MGM['user']['docid'], $hash, $extension, $filename, $fileSize, $width, $height, filesize($thumbFile), $newWidth, $newHeight, implode(" ", $tags), $external_data, $ocr, $_MGM['time']); + databaseQuery("INSERT INTO images (user_id,hash,extension,name,file_size,width,height,thumb_file_size,thumb_width,thumb_height,tags,external_data,ocr,time) VALUES (%s,%s,%s,%s,%d,%d,%d,%d,%d,%d,%s,%s,%s,%d)", $_MGM['user']['docid'], $hash, $extension, $filename, $fileSize, $width, $height, filesize($thumbFile), $newWidth, $newHeight, implode(" ", $tags), $external_data, $ocr, filemtime($newFile)); echo "Complete.
\n"; exit(); } diff --git a/header.php b/header.php index f8415f6..1af53b2 100644 --- a/header.php +++ b/header.php @@ -62,7 +62,7 @@
diff --git a/readme.md b/readme.md index 534b313..492e753 100644 --- a/readme.md +++ b/readme.md @@ -76,6 +76,6 @@ if (isset($received['result']['tags'])) { You have access to many variables about the file being processed including it's name and extension. Just look at code/upload.php to see what is available. #Known Problems -There is going to be issues with people who add tags or other user fields that contains a quotation mark or anything else which could interrupt the HTML code (not an sql injection). I was too lazy and didn't want to look up my code for preventing these sorts of issues. So for now, just use it as a personal database. There isn't a public registration module anyway. Maybe when I get time, I'll fix these possible issues. +There isn't any error reporting in the API and there isn't anyway for the user to know that such an error such as network issues or database issues occured. -There isn't any error reporting in the API and there isn't anyway for the user to know that such an error such as network issues or database issues occured. \ No newline at end of file +There isn't a way for users to to sign up. If I were to implement one... The admin would be able to choose rather to allow signups or not. \ No newline at end of file