*/ class FileController extends Controller { /** * Possible modes. */ private const MODES = [ 'avatar', 'background', 'header', ]; /** * The base for serving a file. * @param string $data * @param string $mime * @param string $name * @return string */ private function serve(string $data, string $mime, string $name): string { header("Content-Disposition: inline; filename={$name}"); header("Content-Type: {$mime}"); return $data; } /** * Handles file uploads. * @param string $mode * @param array $file * @param User $user * @throws FileException */ private function upload(string $mode, array $file, User $user): void { // Handle errors switch ($file['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: throw new FileException("Your file was too large!"); case UPLOAD_ERR_PARTIAL: throw new FileException("The upload failed!"); case UPLOAD_ERR_NO_TMP_DIR: case UPLOAD_ERR_CANT_WRITE: throw new FileException("Wasn't able to save the file, contact a staff member!"); case UPLOAD_ERR_EXTENSION: default: throw new FileException("Something prevented the file upload!"); } // Get the temp filename $tmpName = $file['tmp_name']; // Get the image meta data $meta = getimagesize($tmpName); // Check if image if (!$meta || ( $meta[2] !== IMAGETYPE_GIF && $meta[2] !== IMAGETYPE_JPEG && $meta[2] !== IMAGETYPE_PNG ) ) { throw new FileException("Please upload a valid image!"); } // Check dimensions $maxWidth = config("file.{$mode}.max_width"); $maxHeight = config("file.{$mode}.max_height"); if ($meta[0] > $maxWidth || $meta[1] > $maxHeight) { throw new FileException("Your image can't be bigger than {$maxWidth}x{$maxHeight}" . ", yours was {$meta[0]}x{$meta[1]}!"); } // Check file size $maxFileSize = config("file.{$mode}.max_file_size"); if (filesize($tmpName) > $maxFileSize) { $maxSizeFmt = byte_symbol($maxFileSize); throw new FileException("Your image is not allowed to be larger than {$maxSizeFmt}!"); } $userId = $user->id; $ext = image_type_to_extension($meta[2]); $filename = "{$mode}_{$userId}{$ext}"; // Create the file $file = File::create(file_get_contents($tmpName), $filename, $user); // Delete the old file $this->delete($mode, $user); $column = "user_{$mode}"; // Save new avatar DB::table('users') ->where('user_id', $user->id) ->update([ $column => $file->id, ]); } /** * Deletes a file. * @param string $mode * @param User $user */ public function delete(string $mode, User $user): void { $fileId = $user->{$mode}; if ($fileId) { (new File($fileId))->delete(); } } /** * Catchall serve. * @param string $method * @param array $params * @return string */ public function __call(string $method, array $params): ?string { if (!in_array($method, self::MODES)) { throw new HttpRouteNotFoundException; } $user = User::construct($params[0] ?? 0); if (session_check()) { $perm_var = "change" . ucfirst(strtolower($method)); if (!CurrentSession::$user->perms->manageProfileImages && ($user->id !== CurrentSession::$user->id || !$user->perms->{$perm_var} || !$user->activated || $user->restricted) ) { throw new HttpMethodNotAllowedException; } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $error = null; try { $this->upload($method, $_FILES['file'] ?? null, $user); } catch (FileException $e) { $error = $e->getMessage(); } return $this->json(compact('error')); } elseif ($_SERVER['REQUEST_METHOD'] === 'DELETE') { $this->delete($method, $user); return null; } } $noFile = path('public/' . str_replace( '%tplname%', Template::$name, config("user.{$method}_none") )); $none = [ 'name' => basename($noFile), 'data' => file_get_contents($noFile), 'mime' => getimagesize($noFile)['mime'], ]; if (!$user->activated || $user->restricted || !$user->{$method}) { return $this->serve($none['data'], $none['mime'], $none['name']); } $serve = new File($user->{$method}); if (!$serve->id) { return $this->serve($none['data'], $none['mime'], $none['name']); } return $this->serve($serve->data, $serve->mime, $serve->name); } }