-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupload-image.php
More file actions
78 lines (65 loc) · 2 KB
/
upload-image.php
File metadata and controls
78 lines (65 loc) · 2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<?php
require __DIR__ . '/includes/bootstrap.php';
header('Content-Type: application/json; charset=UTF-8');
if (!is_logged_in()) {
http_response_code(401);
echo json_encode(['error' => 'unauthorized']);
exit;
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['error' => 'method_not_allowed']);
exit;
}
if (!isset($_FILES['image'])) {
http_response_code(400);
echo json_encode(['error' => 'no_file']);
exit;
}
$file = $_FILES['image'];
if (($file['error'] ?? UPLOAD_ERR_NO_FILE) !== UPLOAD_ERR_OK) {
http_response_code(400);
echo json_encode(['error' => 'upload_failed']);
exit;
}
$maxSize = 5 * 1024 * 1024;
if (($file['size'] ?? 0) > $maxSize) {
http_response_code(400);
echo json_encode(['error' => 'file_too_large']);
exit;
}
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $file['tmp_name']);
finfo_close($finfo);
$allowed = [
'image/jpeg' => 'jpg',
'image/png' => 'png',
'image/gif' => 'gif',
'image/webp' => 'webp',
];
if (!isset($allowed[$mime])) {
http_response_code(400);
echo json_encode(['error' => 'invalid_type']);
exit;
}
$uploadsDir = $config['app']['uploads_dir'] ?? (__DIR__ . '/uploads');
$targetDir = rtrim($uploadsDir, '/\\') . DIRECTORY_SEPARATOR . 'images';
if (!is_dir($targetDir)) {
mkdir($targetDir, 0755, true);
}
$ext = $allowed[$mime];
$filename = 'img_' . current_user_id() . '_' . time() . '_' . bin2hex(random_bytes(4)) . '.' . $ext;
$target = $targetDir . DIRECTORY_SEPARATOR . $filename;
if (!is_uploaded_file($file['tmp_name'] ?? '')) {
http_response_code(400);
echo json_encode(['error' => 'invalid_upload']);
exit;
}
if (!move_uploaded_file($file['tmp_name'], $target)) {
http_response_code(500);
echo json_encode(['error' => 'move_failed']);
exit;
}
$publicPath = 'uploads/images/' . $filename;
$publicUrl = function_exists('absolute_url') ? absolute_url($publicPath) : $publicPath;
echo json_encode(['url' => $publicUrl]);