mirror/blessing-skin-server
2
0
Fork 1
mirror of https://github.com/bs-community/blessing-skin-server.git synced 2025-03-07 15:16:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

updated ajax.php, added file uploading check

Browse Source
This commit is contained in:
printempw 2016-01-17 12:14:19 +08:00
parent 5ee813d4c1
commit ef5b08752c
3 changed files with 72 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
ajax.php
View File

@ -3,7 +3,7 @@
* @Author: printempw * @Author: printempw
* @Date: 2016-01-16 23:01:33 * @Date: 2016-01-16 23:01:33
* @Last Modified by: prpr * @Last Modified by: prpr
* @Last Modified time: 2016-01-17 10:51:05 * @Last Modified time: 2016-01-17 12:10:44
* *
* All ajax requests will be handled here * All ajax requests will be handled here
*/ */
@ -20,33 +20,8 @@ $user = new user($_POST['uname']);
$action = $_GET['action']; $action = $_GET['action'];
$json = null; $json = null;
function checkInput($type = "login") {
global $json;
// generally check username
if (!$_POST['uname']) {
$json['errno'] = 1;
$json['msg'] = 'Empty username!';
return false;
}
if ($type == "login" || $type == "register") {
if (!$_POST['passwd']) {
$json['errno'] = 1;
$json['msg'] = "Empty password!";
return false;
}
return true;
} else if ($type == "upload") {
if (!($_FILES['skin_file'] || $_FILES['cape_file'])) {
$json['errno'] = 1;
$json['msg'] = "No input file selected.";
return false;
}
return true;
}
}
if ($action == "login") { if ($action == "login") {
if (checkInput($action)) { if (checkInput()) {
if (!$user -> is_registered) { if (!$user -> is_registered) {
$json['errno'] = 1; $json['errno'] = 1;
$json['msg'] = "Non-existent user."; $json['msg'] = "Non-existent user.";
@ -63,7 +38,7 @@ if ($action == "login") {
} }
} }
} elseif ($action == "register") { } elseif ($action == "register") {
if (checkInput($action)) { if (checkInput()) {
if (!$user -> is_registered) { if (!$user -> is_registered) {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) { if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP']; $ip = $_SERVER['HTTP_CLIENT_IP'];
@ -94,7 +69,7 @@ if ($action == "login") {
} }
} elseif ($action == "upload") { } elseif ($action == "upload") {
if ($_SESSION['token'] == $user -> getToken()) { if ($_SESSION['token'] == $user -> getToken()) {
if (checkInput($action)) { if (checkFile()) {
if ($file = $_FILES['skin_file']) { if ($file = $_FILES['skin_file']) {
if ($user -> setTexture('skin', $file)) { if ($user -> setTexture('skin', $file)) {
$json[0]['errno'] = 0; $json[0]['errno'] = 0;
@ -113,6 +88,8 @@ if ($action == "login") {
$json[1]['msg'] = "Uncaught error."; $json[1]['msg'] = "Uncaught error.";
} }
} }
} else {
echo "shit";
} }
} else { } else {
$json['errno'] = 1; $json['errno'] = 1;
@ -120,4 +97,67 @@ if ($action == "login") {
} }
} }
function checkInput() {
global $json;
if (!$_POST['uname']) {
$json['errno'] = 1;
$json['msg'] = 'Empty username!';
return false;
}
if (!$_POST['passwd']) {
$json['errno'] = 1;
$json['msg'] = "Empty password!";
return false;
}
return true;
}
function checkFile() {
global $json;
if (!$_POST['uname']) {
$json['errno'] = 1;
$json['msg'] = 'Empty username!';
return false;
}
if (!($_FILES['skin_file'] || $_FILES['cape_file'])) {
$json['errno'] = 1;
$json['msg'] = "No input file selected.";
return false;
}
/**
* Check for skin_file
*/
if (($_FILES["skin_file"]["type"] == "image/png") || ($_FILES["skin_file"]["type"] == "image/x-png")) {
// if error occured while uploading file
if ($_FILES["skin_file"]["error"] > 0) {
$json[0]['errno'] = 1;
$json[0]['msg'] = $_FILES["skin_file"]["error"];
return false;
}
} else {
$json[0]['errno'] = 1;
$json[0]['msg'] = 'Skin file type error.';
return false;
}
/**
* Check for cape_file
*/
if (($_FILES["cape_file"]["type"] == "image/png") || ($_FILES["cape_file"]["type"] == "image/x-png")) {
// if error occured while uploading file
if ($_FILES["cape_file"]["error"] > 0) {
$json[0]['errno'] = 1;
$json[0]['msg'] = $_FILES["cape_file"]["error"];
return false;
}
} else {
$json[0]['errno'] = 1;
$json[0]['msg'] = 'Cape file type error.';
return false;
}
return true;
}
echo json_encode($json); echo json_encode($json);

5
includes/user.class.php
View File

@ -3,7 +3,7 @@
* @Author: printempw * @Author: printempw
* @Date: 2016-01-16 23:01:33 * @Date: 2016-01-16 23:01:33
* @Last Modified by: prpr * @Last Modified by: prpr
* @Last Modified time: 2016-01-17 11:24:09 * @Last Modified time: 2016-01-17 12:02:23
*/ */
class user { class user {
@ -43,7 +43,8 @@ class user {
"uname" => $this -> uname, "uname" => $this -> uname,
"passwd" => $passwd, "passwd" => $passwd,
"ip" => $ip "ip" => $ip
)) { )))
{
return true; return true;
} else { } else {
return false; return false;

54
upload.php
View File

@ -1,54 +0,0 @@
<?php
require "./connect.php";
$uname = $_COOKIE['uname'];
$token = $_COOKIE['token'];
if ($uname && $token && ($token == getToken($uname))) {
if ($_FILES["skinFile"]) {
if (($_FILES["skinFile"]["type"] == "image/png")||($_FILES["skinFile"]["type"] == "image/x-png")) {
if ($_FILES["skinFile"]["error"] > 0) {
$arr1['success'] = 0;
$arr1['msg'] = $_FILES["skinFile"]["error"];
} else {
move_uploaded_file($_FILES["skinFile"]["tmp_name"],"uploads/skin/".$_COOKIE['uname'].'.png');
$arr1['success'] = 1;
$arr1['msg'] = 'Uploading succeed!';
}
} else {
$arr1['success'] = 0;
$arr1['msg'] = 'File type error.';
}
} else {
$arr1['success'] = 1;
$arr1['msg'] = 'No input file selected';
}
if ($_FILES["capeFile"]) {
if (($_FILES["capeFile"]["type"] == "image/png")||($_FILES["capeFile"]["type"] == "image/x-png")) {
if ($_FILES["capeFile"]["error"] > 0) {
$arr2['success'] = 0;
$arr['msg'] = $_FILES["capeFile"]["error"];
} else {
move_uploaded_file($_FILES["capeFile"]["tmp_name"],"uploads/cape/".$_COOKIE['uname'].'.png');
$arr2['success'] = 1;
$arr2['msg'] = 'Uploading succeed!';
}
} else {
$arr2['success'] = 0;
$arr2['msg'] = 'File type error.';
}
} else {
$arr2['success'] = 1;
$arr2['msg'] = 'No input file selected';
}
// if token is invaild
} else {
$arr1['success'] = 0;
$arr2['success'] = 0;
$arr2['msg'] = 'Illegal access, invaild token.\n'.$token;
}
echo "[".json_encode($arr1).",".json_encode($arr2)."]";
?>