Skip to content

Instantly share code, notes, and snippets.

@tobbez
Last active April 23, 2016 14:04
Show Gist options
  • Save tobbez/a64dac8b9ae80f85f016a268a915f631 to your computer and use it in GitHub Desktop.
Save tobbez/a64dac8b9ae80f85f016a268a915f631 to your computer and use it in GitHub Desktop.
API for Mihalism Multi Host
<?php
/*
* API for WhatIMG
* Copyright (c) 2013, tobbez
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
require_once "./source/includes/data.php";
require_once "{$mmhclass->info->root_path}source/language/upload.php";
/// Functions
function api_error($reason) {
die(json_encode(array('status' => 'failure', 'reason' => $reason)));
}
function api_success($data) {
die(json_encode(array('status' => 'success', 'result' => $data)));
}
function format_upload_response_data($filename) {
global $mmhclass;
$base_url = $mmhclass->info->base_url;
$upload_path = $mmhclass->info->config['upload_path'];
$thumbnail_filename = $mmhclass->image->thumbnail_name($filename);
$thumbnail = $base_url . $upload_path . $thumbnail_filename;
if ($mmhclass->funcs->is_file($thumbnail_filename, $mmhclass->info->root_path . $upload_path) == false) {
$thumbnail = $base_url . 'css/images/no_thumbnail.png';
}
$file_url = $base_url . $upload_path . $filename;
$viewer_url = $base_url . 'viewer.php?file=' . $filename;
return array(
'image' => $file_url,
'bbcode' => '[img]' . $file_url . '[/img]',
'bbcode-linked-thumbnail' => '[URL=' . $viewer_url . '][IMG]' . $thumbnail . '[/IMG][/URL]',
'thumbnail' => $thumbnail
);
}
/// Common code
header('Content-Type: application/json');
$allowed_hosts = array(
'https://what.cd',
'https://ssl.what.cd'
);
if(isset($_SERVER['HTTP_ORIGIN']) && in_array($_SERVER['HTTP_ORIGIN'], $allowed_hosts)) {
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
header('Access-Control-Allow-Credentials: true');
}
$supported_methods = array('upload-url', 'get-albums', 'is-logged-in');
$post_params = json_decode(file_get_contents('php://input'), true);
$method = $_GET['method'];
/// API methods
if(!in_array($method, $supported_methods)) {
api_error('UNSUPPORTED_METHOD');
} else if ($method == 'upload-url') {
if ($mmhclass->info->config['uploading_disabled'] == true && $mmhclass->info->is_admin == false) {
api_error('UPLOADING_DISABLED');
}
if ($mmhclass->info->config['useronly_uploading'] == true && $mmhclass->info->is_user == false) {
api_error('NOT_LOGGED_IN');
}
if (ini_get("allow_url_fopen") == false && USE_CURL_LIBRARY == false) {
api_error('Please enable allow_url_fopen or the curl extension.');
}
if (!isset($post_params['url'])) {
api_error('NO_URL_SPECIFIED');
}
$url = $post_params['url'];
$album_id = 0;
if (isset($post_params['album'])) {
$album_id = $post_params['album'];
}
$origname = $mmhclass->image->basename($url);
$filetitle = strip_tags((strlen($origname) > 20)
? sprintf("%s...", substr($origname, 0, 20))
: $origname);
$filename = sprintf("%s.%s",
$mmhclass->funcs->random_string(20, "0123456789"),
($extension = $mmhclass->image->file_extension($origname)));
$file_headers = $mmhclass->funcs->get_headers($url);
$file_content = NULL;
if (in_array('HTTP/1.0 200 OK', $file_headers) === true
|| in_array('HTTP/1.1 200 OK', $file_headers) === true) {
$file_content = $mmhclass->funcs->get_http_content($file_headers['Address'], 2);
}
if ($mmhclass->funcs->is_url($file_headers['Address']) == false) {
api_error('MALFORMED_SOURCE_URL');
}
if ($mmhclass->funcs->is_null($file_content) == true) {
api_error('HTTP_ERROR');
}
if (in_array($mmhclass->image->file_extension($origname), $mmhclass->info->config['file_extensions']) == false) {
api_error('FORBIDDEN_EXTENSION');
}
if (($filesize = strlen($file_content)) > $mmhclass->info->config['max_filesize']) {
api_error('FILE_TOO_LARGE');
}
if ($mmhclass->funcs->is_file($filename, $mmhclass->info->root_path . $mmhclass->info->config['upload_path']) == true) {
api_error('FILE_ALREADY_EXISTS');
}
if (fwrite(fopen($mmhclass->info->root_path . $mmhclass->info->config['upload_path'] . $filename, "wb"), $file_content) == false) {
api_error('DISK_WRITE_ERROR');
}
chmod($mmhclass->info->root_path . $mmhclass->info->config['upload_path'] . $filename, 0644);
$mmhclass->db->query("INSERT INTO `[1]` (`filename`, `is_private`, `gallery_id`, `file_title`, `album_id`) VALUES ('[2]', '[3]', '[4]', '[5]', '[6]'); ",
array(MYSQL_FILE_STORAGE_TABLE, $filename, 1, $mmhclass->info->user_data['user_id'], $filetitle, $album_id));
$mmhclass->db->query("INSERT INTO `[1]` (`filename`, `filesize`, `ip_address`, `user_agent`, `time_uploaded`, `gallery_id`, `is_private`, `original_filename`, `upload_type`) VALUES ('[2]', '[3]', '[4]', '[5]', '[6]', '[7]', '[8]', '[9]', 'url'); ",
array(MYSQL_FILE_LOGS_TABLE, $filename, $filesize, $mmhclass->input->server_vars['remote_addr'], $mmhclass->input->server_vars['http_user_agent'],
time(), $mmhclass->info->user_data['user_id'], 1, strip_tags($origname)));
$mmhclass->db->query("INSERT INTO `[1]` (`filename`, `total_rating`, `total_votes`, `voted_by`, `gallery_id`, `is_private`) VALUES ('[2]', '0', '0', '', '[3]', '[4]');",
array(MYSQL_FILE_RATINGS_TABLE, $filename, $mmhclass->info->user_data['user_id'], 1));
$mmhclass->image->create_thumbnail($filename);
api_success(format_upload_response_data($filename));
} else if ($method == 'get-albums') {
if (!$mmhclass->info->is_user) {
api_error('NOT_LOGGED_IN');
}
$db_res = $mmhclass->db->query("SELECT * FROM `[1]` WHERE `gallery_id` = '[2]';", array(MYSQL_GALLERY_ALBUMS_TABLE, $mmhclass->info->user_data['user_id']));
$albums = array(array('id' => 0, 'name' => 'Default album'));
while ($row = $mmhclass->db->fetch_array($db_res)) {
$albums[] = array('id' => intval($row['album_id']), 'name' => $row['album_title']);
}
api_success($albums);
} else if ($method == 'is-logged-in') {
api_success($mmhclass->info->is_user === true);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment