--- /dev/null
+<?php
+
+/*
+
+Jappix - An open social platform
+This is the Jappix microblog file attaching script
+
+-------------------------------------------------
+
+License: AGPL
+Author: Vanaryon
+Last revision: 14/01/12
+
+*/
+
+// PHP base
+define('JAPPIX_BASE', '..');
+
+// Get the needed files
+require_once('./functions.php');
+require_once('./read-main.php');
+require_once('./read-hosts.php');
+
+// Optimize the page rendering
+hideErrors();
+compressThis();
+
+// Not allowed for a special node
+if(isStatic() || isUpload())
+ exit;
+
+// Set a special XML header
+header('Content-Type: text/xml; charset=utf-8');
+
+// Everything is okay
+if((isset($_FILES['file']) && !empty($_FILES['file'])) && (isset($_POST['user']) && !empty($_POST['user'])) && (isset($_POST['location']) && !empty($_POST['location']))) {
+ // Get the user name
+ $user = $_POST['user'];
+
+ // Get the file name
+ $tmp_filename = $_FILES['file']['tmp_name'];
+ $filename = $_FILES['file']['name'];
+
+ // Get the location
+ if(HOST_UPLOAD)
+ $location = HOST_UPLOAD;
+ else
+ $location = $_POST['location'];
+
+ // Get the file new name
+ $ext = getFileExt($filename);
+ $new_name = preg_replace('/(^)(.+)(\.)(.+)($)/i', '$2', $filename);
+
+ // Define some vars
+ $content_dir = JAPPIX_BASE.'/store/share/'.$user;
+ $security_file = $content_dir.'/index.html';
+ $name = sha1(time().$filename);
+ $path = $content_dir.'/'.$name.'.'.$ext;
+ $thumb_xml = '';
+
+ // Forbidden file?
+ if(!isSafe($filename) || !isSafe($name.'.'.$ext)) {
+ exit(
+'<jappix xmlns=\'jappix:file:post\'>
+ <error>forbidden-type</error>
+</jappix>'
+ );
+ }
+
+ // Create the user directory
+ if(!is_dir($content_dir)) {
+ mkdir($content_dir, 0777, true);
+ chmod($content_dir, 0777);
+ }
+
+ // Create (or re-create) the security file
+ if(!file_exists($security_file))
+ file_put_contents($security_file, securityHTML());
+
+ // File upload error?
+ if(!is_uploaded_file($tmp_filename) || !move_uploaded_file($tmp_filename, $path)) {
+ exit(
+'<jappix xmlns=\'jappix:file:post\'>
+ <error>move-error</error>
+</jappix>'
+ );
+ }
+
+ // Resize and compress if this is a JPEG file
+ if(preg_match('/^(jpg|jpeg|png|gif)$/i', $ext)) {
+ // Resize the image
+ resizeImage($path, $ext, 1024, 1024);
+
+ // Copy the image
+ $thumb = $content_dir.'/'.$name.'_thumb.'.$ext;
+ copy($path, $thumb);
+
+ // Create the thumbnail
+ if(resizeImage($thumb, $ext, 140, 105))
+ $thumb_xml = '<thumb>'.htmlspecialchars($location.'store/share/'.$user.'/'.$name.'_thumb.'.$ext).'</thumb>';
+ }
+
+ // Return the path to the file
+ exit(
+'<jappix xmlns=\'jappix:file:post\'>
+ <href>'.htmlspecialchars($location.'store/share/'.$user.'/'.$name.'.'.$ext).'</href>
+ <title>'.htmlspecialchars($new_name).'</title>
+ <type>'.htmlspecialchars(getFileMIME($path)).'</type>
+ <length>'.htmlspecialchars(filesize($path)).'</length>
+ '.$thumb_xml.'
+</jappix>'
+ );
+}
+
+// Bad request error!
+exit(
+'<jappix xmlns=\'jappix:file:post\'>
+ <error>bad-request</error>
+</jappix>'
+);
+
+?>