Improving image upload

Only login user can accesss the upload.php file.
2026-04-17 19:26:08 +05:30 · 2015-07-10 11:06:03 +07:00 · 2015-07-10 11:06:03 +07:00 · 4e16a36bd5
commit 4e16a36bd5
parent 34ff8ad95b
1 changed files with 41 additions and 28 deletions
--- a/upload.php
+++ b/upload.php
@ -1,5 +1,11 @@
 <?php

+require 'system/includes/dispatch.php';
+require 'system/includes/session.php';
+
+// Load the configuration file
+config('source', 'config/config.ini');
+
 $whitelist = array('jpg', 'jpeg', 'png', 'gif');
 $name      = null;
 $dir       = 'content/images/';
@ -7,39 +13,46 @@ $error     = null;
 $timestamp = date('YmdHis');
 $path      = null;

-if (is_dir($dir)) {
-} else {
-    mkdir($dir, 0755, true);
-}
+if (login()) {
+ 
+    if (is_dir($dir)) {
+    } else {
+        mkdir($dir, 0755, true);
+    }

-if (isset($_FILES)) {
-    if (isset($_FILES['file'])) {
-        $tmp_name = $_FILES['file']['tmp_name'];
-        $name     = basename($_FILES['file']['name']);
-        $error    = $_FILES['file']['error'];
-        $path     = $dir . $timestamp . '-' . $name;
+    if (isset($_FILES)) {
+        if (isset($_FILES['file'])) {
+            $tmp_name = $_FILES['file']['tmp_name'];
+            $name     = basename($_FILES['file']['name']);
+            $error    = $_FILES['file']['error'];
+            $path     = $dir . $timestamp . '-' . $name;
 		
-        $check = getimagesize($tmp_name);
+            $check = getimagesize($tmp_name);
 		
-        if($check !== false) {
-            if ($error === UPLOAD_ERR_OK) {
-                $extension = pathinfo($timestamp . '-' . $name, PATHINFO_EXTENSION);
-                if (!in_array($extension, $whitelist)) {
-                    $error = 'Invalid file type uploaded.';
-                } else {
-                    move_uploaded_file($tmp_name, $dir . $timestamp . '-' . $name);
+            if($check !== false) {
+                if ($error === UPLOAD_ERR_OK) {
+                    $extension = pathinfo($timestamp . '-' . $name, PATHINFO_EXTENSION);
+                    if (!in_array($extension, $whitelist)) {
+                        $error = 'Invalid file type uploaded.';
+                    } else {
+                        move_uploaded_file($tmp_name, $dir . $timestamp . '-' . $name);
+                    }
                }
+            } else {
+                $error = "File is not an image.";
            }
        }
-        else {
-            $error = "File is not an image.";
-        }
    }
-}

-echo json_encode(array(
-    'path' => $path,
-    'name'  => $name,
-    'error' => $error,
-));
-die();
+    echo json_encode(array(
+        'path' => $path,
+        'name'  => $name,
+        'error' => $error,
+    ));
+	
+    die();
+
+} else {
+    $login = site_url() . 'login';
+    header("location: $login");
+}