Removed unnecessary unlink from uploader and changed date for the uploads to be based on file time. This allows you to copy files to the server preserving the time it was made and go to /upload/complete to have them processed. Fixed me being lazy so that users can enter a quotation mark without having issues of the HTML code being outputted wrong. Fixed the search field so that it also corrects the HTML output rather than outputting raw data. Added the ability to search by date. Enter a date or a "to: from:" query and it will search the database by that date range.

This commit is contained in:
GRMrGecko 2013-06-08 10:14:54 -05:00
parent e6c208abb1
commit 255c090a5f
4 changed files with 26 additions and 12 deletions

View File

@ -26,7 +26,7 @@ if (isset($_MGM['user']) && $_MGM['user']['level']==1 && $_MGM['path'][1]=="user
$level = "Moderator"; $level = "Moderator";
if ($result['level']==3) if ($result['level']==3)
$level = "Tagger"; $level = "Tagger";
?><tr><td class="id"><?=$result['docid']?></td><td class="email"><?=$result['email']?></td><td class="level" value="<?=$result['level']?>"><?=$level?></td></tr><? ?><tr><td class="id"><?=htmlspecialchars($result['docid'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?></td><td class="email"><?=htmlspecialchars($result['email'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?></td><td class="level" value="<?=htmlspecialchars($result['level'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>"><?=$level?></td></tr><?
} }
} }
if ($_MGM['path'][2]=="update") { if ($_MGM['path'][2]=="update") {
@ -92,7 +92,7 @@ if (isset($_MGM['user']) && $_MGM['path'][1]=="tagless") {
$result = databaseFetchAssoc($results); $result = databaseFetchAssoc($results);
if ($result!=NULL) { if ($result!=NULL) {
?> ?>
<span id="image" hash="<?=$result['hash']?>" user="<?=$result['user_id']?>" extension="<?=$result['extension']?>" tags="<?=$result['tags']?>" image_width="<?=$result['width']?>" image_height="<?=$result['height']?>" file_size="<?=$result['file_size']?>" time="<?=$result['time']?>" original="<?=generateURL("data/".$result['hash'].".".$result['extension'])?>"></span> <span id="image" hash="<?=htmlspecialchars($result['hash'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" user="<?=htmlspecialchars($result['user_id'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" extension="<?=htmlspecialchars($result['extension'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" tags="<?=htmlspecialchars($result['tags'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" image_width="<?=htmlspecialchars($result['width'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" image_height="<?=htmlspecialchars($result['height'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" file_size="<?=htmlspecialchars($result['file_size'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" time="<?=htmlspecialchars($result['time'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" original="<?=generateURL("data/".htmlspecialchars($result['hash'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true).".".htmlspecialchars($result['extension'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true))?>"></span>
<? <?
} }
exit(); exit();
@ -102,7 +102,7 @@ if ($_MGM['path'][1]=="hash") {
$result = databaseFetchAssoc($results); $result = databaseFetchAssoc($results);
if ($result!=NULL) { if ($result!=NULL) {
?> ?>
<span id="image" hash="<?=$result['hash']?>" user="<?=$result['user_id']?>" extension="<?=$result['extension']?>" tags="<?=$result['tags']?>" image_width="<?=$result['width']?>" image_height="<?=$result['height']?>" file_size="<?=$result['file_size']?>" time="<?=$result['time']?>" original="<?=generateURL("data/".$result['hash'].".".$result['extension'])?>"></span> <span id="image" hash="<?=htmlspecialchars($result['hash'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" user="<?=htmlspecialchars($result['user_id'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" extension="<?=htmlspecialchars($result['extension'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" tags="<?=htmlspecialchars($result['tags'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" image_width="<?=htmlspecialchars($result['width'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" image_height="<?=htmlspecialchars($result['height'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" file_size="<?=htmlspecialchars($result['file_size'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" time="<?=htmlspecialchars($result['time'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" original="<?=generateURL("data/".htmlspecialchars($result['hash'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true).".".htmlspecialchars($result['extension'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true))?>"></span>
<? <?
} }
exit(); exit();
@ -113,15 +113,30 @@ $offset = $limit*$page;
$filter = (isset($_REQUEST['filter']) ? trim($_REQUEST['filter']) : ""); $filter = (isset($_REQUEST['filter']) ? trim($_REQUEST['filter']) : "");
$results = NULL; $results = NULL;
if (!empty($filter)) if (!empty($filter)) {
$results = databaseQuery("SELECT * FROM images WHERE images MATCH %s LIMIT %d,%d", $filter, $offset, $limit); $startTime = 0;
else $endTime = 0;
if (preg_match("/(?:[0-9]{4}(?:\s|-)[0-9]{2}(?:\s|-)[0-9]{2}|[0-9]{1,2}\/[0-9]{1,2}\/[0-9]{2,4}|yesterday|today)$/", $filter)) {
$startTime = strtotime($filter);
$endTime = strtotime($filter." 23:59:59");
}
if (preg_match("/From:(?:|\s)([a-z0-9\/\s-:]+)\sTo:(?:|\s)([a-z0-9\/\s-:]+)/i", $filter, $matches)) {
$startTime = strtotime($matches[1]);
$endTime = strtotime($matches[2]);
}
if ($startTime!=0 && $endTime!=0) {
$results = databaseQuery("SELECT * FROM images WHERE time>=%s AND time<=%s ORDER BY time ASC LIMIT %d,%d", $startTime, $endTime, $offset, $limit);
} else {
$results = databaseQuery("SELECT * FROM images WHERE images MATCH %s LIMIT %d,%d", $filter, $offset, $limit);
}
} else {
$results = databaseQuery("SELECT * FROM images ORDER BY time DESC LIMIT %d,%d", $offset, $limit); $results = databaseQuery("SELECT * FROM images ORDER BY time DESC LIMIT %d,%d", $offset, $limit);
}
?><div id="content"><? ?><div id="content"><?
$count = 0; $count = 0;
while ($result = databaseFetchAssoc($results)) { while ($result = databaseFetchAssoc($results)) {
?> ?>
<span class="image" hash="<?=$result['hash']?>" user="<?=$result['user_id']?>" extension="<?=$result['extension']?>" tags="<?=$result['tags']?>" image_width="<?=$result['width']?>" image_height="<?=$result['height']?>" file_size="<?=$result['file_size']?>" time="<?=$result['time']?>" original="<?=generateURL("data/".$result['hash'].".".$result['extension'])?>"><img src="<?=generateURL("thumbs/".$result['hash'].".".$result['extension'])?>" width="<?=$result['thumb_width']?>" height="<?=$result['thumb_height']?>" /></span> <span class="image" hash="<?=htmlspecialchars($result['hash'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" user="<?=htmlspecialchars($result['user_id'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" extension="<?=htmlspecialchars($result['extension'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" tags="<?=htmlspecialchars($result['tags'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" image_width="<?=htmlspecialchars($result['width'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" image_height="<?=htmlspecialchars($result['height'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" file_size="<?=htmlspecialchars($result['file_size'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" time="<?=htmlspecialchars($result['time'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" original="<?=generateURL("data/".htmlspecialchars($result['hash'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true).".".htmlspecialchars($result['extension'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true))?>"><img src="<?=generateURL("thumbs/".htmlspecialchars($result['hash'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true).".".htmlspecialchars($result['extension'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true))?>" width="<?=htmlspecialchars($result['thumb_width'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" height="<?=htmlspecialchars($result['thumb_height'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" /></span>
<? <?
$count++; $count++;
} }

View File

@ -21,7 +21,6 @@ if ($_MGM['path'][1]=="complete") {
echo "Processing ".basename($file)."<br />\n"; echo "Processing ".basename($file)."<br />\n";
if (!file_exists($file)) { if (!file_exists($file)) {
echo "Error: <span style=\"color: #ff0000;\">File does not exist.</span>"; echo "Error: <span style=\"color: #ff0000;\">File does not exist.</span>";
unlink($file);
exit(); exit();
} }
$allowedExtensions = array("png", "jpg", "jpeg", "gif", "tif", "tiff", "bmp"); $allowedExtensions = array("png", "jpg", "jpeg", "gif", "tif", "tiff", "bmp");
@ -133,7 +132,7 @@ if ($_MGM['path'][1]=="complete") {
rename($file, $newFile); rename($file, $newFile);
echo "Moved Original.<br />\n"; echo "Moved Original.<br />\n";
databaseQuery("INSERT INTO images (user_id,hash,extension,name,file_size,width,height,thumb_file_size,thumb_width,thumb_height,tags,external_data,ocr,time) VALUES (%s,%s,%s,%s,%d,%d,%d,%d,%d,%d,%s,%s,%s,%d)", $_MGM['user']['docid'], $hash, $extension, $filename, $fileSize, $width, $height, filesize($thumbFile), $newWidth, $newHeight, implode(" ", $tags), $external_data, $ocr, $_MGM['time']); databaseQuery("INSERT INTO images (user_id,hash,extension,name,file_size,width,height,thumb_file_size,thumb_width,thumb_height,tags,external_data,ocr,time) VALUES (%s,%s,%s,%s,%d,%d,%d,%d,%d,%d,%s,%s,%s,%d)", $_MGM['user']['docid'], $hash, $extension, $filename, $fileSize, $width, $height, filesize($thumbFile), $newWidth, $newHeight, implode(" ", $tags), $external_data, $ocr, filemtime($newFile));
echo "Complete.<br />\n"; echo "Complete.<br />\n";
exit(); exit();
} }

View File

@ -62,7 +62,7 @@
</ul> </ul>
<?if ($_MGM['path'][0]=="") {?> <?if ($_MGM['path'][0]=="") {?>
<form class="navbar-form pull-right" id="filter_form"> <form class="navbar-form pull-right" id="filter_form">
<input class="search-query" type="text" placeholder="Filter" id="filter_field" name="filter" value="<?=$_REQUEST['filter']?>" /> <input class="search-query" type="text" placeholder="Filter" id="filter_field" name="filter" value="<?=htmlspecialchars($_REQUEST['filter'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" />
</form> </form>
<?}?> <?}?>
</div> </div>

View File

@ -76,6 +76,6 @@ if (isset($received['result']['tags'])) {
You have access to many variables about the file being processed including it's name and extension. Just look at code/upload.php to see what is available. You have access to many variables about the file being processed including it's name and extension. Just look at code/upload.php to see what is available.
#Known Problems #Known Problems
There is going to be issues with people who add tags or other user fields that contains a quotation mark or anything else which could interrupt the HTML code (not an sql injection). I was too lazy and didn't want to look up my code for preventing these sorts of issues. So for now, just use it as a personal database. There isn't a public registration module anyway. Maybe when I get time, I'll fix these possible issues. There isn't any error reporting in the API and there isn't anyway for the user to know that such an error such as network issues or database issues occured.
There isn't any error reporting in the API and there isn't anyway for the user to know that such an error such as network issues or database issues occured. There isn't a way for users to to sign up. If I were to implement one... The admin would be able to choose rather to allow signups or not.