diff --git a/backend.php b/backend.php index 1895ee5..e5a7707 100644 --- a/backend.php +++ b/backend.php @@ -20,6 +20,9 @@ include_once(ROOT.DS.'inc'.DS.'core.php'); $pm = new PictshareModel(); +if(UPLOAD_CODE!=false && !$pm->uploadCodeExists($_REQUEST['upload_code'])) + exit(json_encode(array('status'=>'ERR','reason'=>'Wrong upload code provided'))); + if($_REQUEST['getimage']) { $url = $_REQUEST['getimage']; diff --git a/inc/core.php b/inc/core.php index 81afdb9..40da10e 100644 --- a/inc/core.php +++ b/inc/core.php @@ -66,6 +66,9 @@ function whatToDo($url) $el = strtolower($el); if(!$el) continue; + if(IMAGE_CHANGE_CODE!=false && substr($el,0,10)=='changecode') + $changecode = substr($el,11); + if(isImage($el)) $data['hash']=$el; else if(isSize($el)) @@ -94,7 +97,7 @@ function whatToDo($url) render($vars); } else - renderImage($data); + renderImage($data,$changecode); } function isLegacyThumbnail($val) @@ -164,7 +167,7 @@ function renderLegacyResized($path) renderResizedImage($size,$hash); } -function renderImage($data) +function renderImage($data,$changecode) { $hash = $data['hash']; $pm = new PictshareModel(); @@ -190,8 +193,12 @@ function renderImage($data) $im = imagecreatefromjpeg($path); if(!$cached) { - changeImage($im,$data); - imagejpeg($im,$cachepath,95); + if($pm->changeCodeExists($changecode)) + { + changeImage($im,$data); + imagejpeg($im,$cachepath,95); + } + } imagejpeg($im); break; @@ -200,8 +207,11 @@ function renderImage($data) $im = imagecreatefrompng($path); if(!$cached) { - changeImage($im,$data); - imagepng($im,$cachepath,1); + if($pm->changeCodeExists($changecode)) + { + changeImage($im,$data); + imagepng($im,$cachepath,1); + } } imagepng($im); break; diff --git a/inc/example.config.inc.php b/inc/example.config.inc.php index 6e29c48..b0dc67a 100644 --- a/inc/example.config.inc.php +++ b/inc/example.config.inc.php @@ -1,5 +1,17 @@ '.$this->translate(20).':
'; + return '
'.$this->translate(0).': '.$maxfilesize.'MB / File
@@ -17,6 +21,7 @@ class PictshareModel extends Model

+ '.$upload_code_form.' '.$this->translate(4).':

@@ -125,9 +130,41 @@ class PictshareModel extends Model return array('status'=>'OK','type'=>$type,'hash'=>$hash,'url'=>DOMAINPATH.$hash,'domain'=>DOMAINPATH); } + + function uploadCodeExists($code) + { + if(strpos(UPLOAD_CODE,';')) + { + $codes = explode(';',UPLOAD_CODE); + foreach($codes as $ucode) + if($code==$ucode) return true; + } + + if($code==UPLOAD_CODE) return true; + + return false; + } + + function changeCodeExists($code) + { + if(IMAGE_CHANGE_CODE===false) return true; + if(strpos(IMAGE_CHANGE_CODE,';')) + { + $codes = explode(';',IMAGE_CHANGE_CODE); + foreach($codes as $ucode) + if($code==$ucode) return true; + } + + if($code==IMAGE_CHANGE_CODE) return true; + + return false; + } function ProcessUploads() { + if(UPLOAD_CODE!=false && !$this->uploadCodeExists($_REQUEST['upload_code'])) + return '' . $this->translate(21) . ''; + $im = new Image(); $i = 0; foreach ($_FILES["pic"]["error"] as $key => $error) @@ -142,7 +179,6 @@ class PictshareModel extends Model } } } - $html = new HTML(); return $o; } @@ -206,6 +242,8 @@ class PictshareModel extends Model $words[17] = 'Dieses Bild wurde '.$params[0].' mal von '.$params[1].' verschiedenen IPs gesehen und hat '.$params[2].' Traffic verursacht'; $words[18] = 'Dieses Bild wurde von folgenden Ländern aufgerufen: '; $words[19] = $params[0].' Aufrufe aus '.$params[1]; + $words[20] = 'Upload-Code'; + $words[21] = 'Falscher Upload Code eingegeben. Upload abgebrochen'; break; @@ -230,6 +268,8 @@ class PictshareModel extends Model $words[17] = 'Was seen '.$params[0].' times by '.$params[1].' unique IPs and produced '.$params[2].' traffic'; $words[18] = 'This picture was seen from the following countries: '; $words[19] = $params[0].' views from '.$params[1]; + $words[20] = 'Upload code'; + $words[21] = 'Invalid upload code provided'; } return $words[$index];